--- Begin Message ---
Package: release.debian.org
Severity: normal
User: release.debian.org@packages.debian.org
Usertags: unblock
X-Debbugs-Cc: samba@packages.debian.org, pkg-samba-maint@lists.alioth.debian.org
Control: affects -1 + src:samba
Please unblock package samba
[ Reason ]
This is an easy one. There's a single patch from upstream applied
to -2 debian release of samba package. Its only purpose is to
rename a single internal-to-samba function which also exists in
named. The prob is that when samba DLZ pluging is loaded into
named, named crashes with high probability. There are 2 bug
reports open about this, with high severity: #1036587, #927747.
It's been too long, upstream identified this issue quite some
time too, but the fix were fogotten. Now we have a chance to
have working DNS with samba and the only real supported nameserver.
[ Impact ]
If the unblock isn't granted, we'll have non-working DNS with
named as we had before. It is probably not a huge deal since it
was broken for a very long time, but it is definitely worth to
fix. Either way this fix will be in next upstream stable/bugfix
release, and I'll push it to stable-proposed-updates, - so it
is not exactly necessary to unblock this release.
[ Tests ]
This release passes usual samba testsuite (run locally).
[ Risks ]
I don't expect any breakage here since the whole thing is a
global search-n-replace of one internally used symbol to
another, and I verified there's no other usages of this
symbol left.
[ Checklist ]
[x] all changes are documented in the d/changelog
[x] I reviewed all changes and I approve them
[x] attach debdiff against the package in testing
unblock samba/2:4.17.8+dfsg-2
diff -Nru samba-4.17.8+dfsg/debian/changelog samba-4.17.8+dfsg/debian/changelog
--- samba-4.17.8+dfsg/debian/changelog 2023-05-11 10:52:40.000000000 +0300
+++ samba-4.17.8+dfsg/debian/changelog 2023-05-24 22:54:43.000000000 +0300
@@ -1,3 +1,16 @@
+samba (2:4.17.8+dfsg-2) unstable; urgency=medium
+
+ * dnsserver-rename-dns_name_equal.patch
+ (forgotten) patch from upstream targetting next stable
+ Fixes crashes of named with samba DLZ plugin due to
+ symbol name conflict (dns_name_equal() function).
+ There's no resulting code changes, just a symbol
+ rename.
+ https://bugzilla.samba.org/show_bug.cgi?id=14030
+ Closes: #1036587, #927747
+
+ -- Michael Tokarev <mjt@tls.msk.ru> Wed, 24 May 2023 22:54:43 +0300
+
samba (2:4.17.8+dfsg-1) unstable; urgency=medium
* upstream stable/security/bugfix release, fixing the following issues:
diff -Nru samba-4.17.8+dfsg/debian/patches/dnsserver-rename-dns_name_equal.patch samba-4.17.8+dfsg/debian/patches/dnsserver-rename-dns_name_equal.patch
--- samba-4.17.8+dfsg/debian/patches/dnsserver-rename-dns_name_equal.patch 1970-01-01 03:00:00.000000000 +0300
+++ samba-4.17.8+dfsg/debian/patches/dnsserver-rename-dns_name_equal.patch 2023-05-24 22:54:43.000000000 +0300
@@ -0,0 +1,255 @@
+Commit-Id: fcecdfa8e5c651d4a27f8fcd5df6e9bce37ed8a7
+From: Samuel Cabrero <scabrero@samba.org>
+Date: Wed, 18 Jan 2023 17:25:29 +0100
+Subject: s4:dnsserver: Rename dns_name_equal() to samba_dns_name_equal()
+Bug-Debian: https://bugs.debian.org/1036587
+Bug-Debian: https://bugs.debian.org/927747
+Bug: https://bugzilla.samba.org/show_bug.cgi?id=14030
+
+This function already exists in bind9 but takes different arguments, so when
+the DLZ is loaded and this function is called bind crashes:
+
+ named[1523]: samba_dlz: allowing update of signer=DESKTOP-8BUKMBK\$\@AFOREST.AD name=118.101.168.192.in-addr.arpa tcpaddr=192.168.101.118 type=PTR key=1264-ms-7.1-2ac9.9ef238e1-9747-11ed-9f95-525400dc6981/159/0
+ named[1523]: samba_dlz: allowing update of signer=DESKTOP-8BUKMBK\$\@AFOREST.AD name=118.101.168.192.in-addr.arpa tcpaddr=192.168.101.118 type=PTR key=1264-ms-7.1-2ac9.9ef238e1-9747-11ed-9f95-525400dc6981/159/0
+ named[1523]: client @0x7f26caa90f68 192.168.101.118#58223/key DESKTOP-8BUKMBK\$\@AFOREST.AD: updating zone '101.168.192.in-addr.arpa/NONE': deleting rrset at '118.101.168.192.in-addr.ar
+ named[1523]: name.c:664: REQUIRE(((name1) != ((void *)0) && ((const isc__magic_t *)(name1))->magic == ((('D') << 24 | ('N') << 16 | ('S') << 8 | ('n'))))) failed, back trace
+
+Backtrace:
+
+ #0 0x00007f2716c957ec in __pthread_kill_implementation () from /lib64/libc.so.6
+ #1 0x00007f2716c42816 in raise () from /lib64/libc.so.6
+ #2 0x00007f2716c2b81c in abort () from /lib64/libc.so.6
+ #3 0x000055d4de847995 in assertion_failed (file=<optimized out>, line=<optimized out>,
+ type=<optimized out>, cond=<optimized out>) at /usr/src/debug/bind-9.18.10/bin/named/main.c:237
+ #4 0x00007f27176388fc in isc_assertion_failed (file=file@entry=0x7f27173b0df6 "name.c",
+ line=line@entry=664, type=type@entry=isc_assertiontype_require,
+ cond=cond@entry=0x7f27173b0268 "((name1) != ((void *)0) && ((const isc__magic_t *)(name1))->magic == ((('D') << 24 | ('N') << 16 | ('S') << 8 | ('n'))))")
+ at /usr/src/debug/bind-9.18.10/lib/isc/assertions.c:48
+ #5 0x00007f27172946f9 in dns_name_equal (name1=<optimized out>, name2=<optimized out>)
+ at /usr/src/debug/bind-9.18.10/lib/dns/name.c:664
+
+ **** Here bind's dns_name_equal() is called instead of samba's dns_name_equal() ****
+
+ #6 0x00007f27077ad6f2 in dns_record_match (rec1=0x7f26f8042d70, rec2=0x7f26f8044d10)
+ at ../../source4/dns_server/dnsserver_common.c:1346
+ #7 0x00007f271404732c in b9_record_match (rec1=0x7f26f8042d70, rec2=0x7f26f8044d10)
+ at ../../source4/dns_server/dlz_bind9.c:1830
+ #8 0x00007f2714047daa in dlz_subrdataset (name=0x7f2706ff82f0 "118.101.168.192.in-addr.arpa",
+ rdatastr=0x7f26c9c10000 "118.101.168.192.in-addr.arpa.\t1200\tIN\tPTR\tDESKTOP-8BUKMBK.aforest.ad.",
+ dbdata=0x7f271003d300, version=0x7f26f8044b20) at ../../source4/dns_server/dlz_bind9.c:2077
+ #9 0x000055d4de84afb4 in dlopen_dlz_subrdataset (name=0x7f2706ff82f0 "118.101.168.192.in-addr.arpa",
+ rdatastr=<optimized out>, driverarg=<optimized out>, dbdata=0x7f270430f680, version=<optimized out>)
+ at /usr/src/debug/bind-9.18.10/bin/named/dlz_dlopen_driver.c:483
+ #10 0x00007f271738e734 in modrdataset.constprop.0 (db=0x7f2704291740, node=0x7f26c9c006e0,
+ version=0x7f26f8044b20, rdataset=0x7f2706ff8830,
+ mod_function=0x55d4de84af80 <dlopen_dlz_subrdataset>, options=<optimized out>)
+ at /usr/src/debug/bind-9.18.10/lib/dns/sdlz.c:1107
+ #11 0x00007f2717251855 in diff_apply (diff=diff@entry=0x7f2706ff8df0, db=db@entry=0x7f2704291740,
+ ver=ver@entry=0x7f26f8044b20, warn=warn@entry=true) at /usr/src/debug/bind-9.18.10/lib/dns/diff.c:370
+ #12 0x00007f2717251c8a in dns_diff_apply (diff=diff@entry=0x7f2706ff8df0, db=db@entry=0x7f2704291740,
+ ver=ver@entry=0x7f26f8044b20) at /usr/src/debug/bind-9.18.10/lib/dns/diff.c:465
+ #13 0x00007f2717d105aa in do_one_tuple (tuple=tuple@entry=0x7f2706ff8e50, db=db@entry=0x7f2704291740,
+ ver=ver@entry=0x7f26f8044b20, diff=diff@entry=0x7f2706ff9400)
+ at /usr/src/debug/bind-9.18.10/lib/ns/update.c:454
+ #14 0x00007f2717d10fff in update_one_rr (rdata=0x7f2706ff8ee8, ttl=<optimized out>,
+ name=<optimized out>, op=DNS_DIFFOP_DEL, diff=0x7f2706ff9400, ver=0x7f26f8044b20, db=0x7f2704291740)
+ at /usr/src/debug/bind-9.18.10/lib/ns/update.c:505
+ #15 delete_if_action (data=<optimized out>, rr=0x7f2706ff8ee0)
+ at /usr/src/debug/bind-9.18.10/lib/ns/update.c:1427
+ #16 0x00007f2717d10ccd in foreach_rr (db=0x7f2704291740, ver=<optimized out>, name=0x7f26caa61d00,
+ type=<optimized out>, covers=<optimized out>,
+ rr_action=rr_action@entry=0x7f2717d10f60 <delete_if_action>, rr_action_data=0x7f2706ff9280)
+ at /usr/src/debug/bind-9.18.10/lib/ns/update.c:736
+ #17 0x00007f2717d10e76 in delete_if (predicate=predicate@entry=0x7f2717d0fb10 <true_p>,
+ db=<optimized out>, ver=<optimized out>, name=<optimized out>, type=<optimized out>,
+ covers=<optimized out>, update_rr=0x7f2706ff94b0, diff=0x7f2706ff9400)
+ at /usr/src/debug/bind-9.18.10/lib/ns/update.c:1454
+ #18 0x00007f2717d1bccd in update_action (task=<optimized out>, event=<optimized out>)
+ at /usr/src/debug/bind-9.18.10/lib/ns/update.c:3299
+ #19 0x00007f271765eb4c in task_run (task=0x7f27155ccf00)
+ at /usr/src/debug/bind-9.18.10/lib/isc/task.c:823
+ #20 isc_task_run (task=0x7f27155ccf00) at /usr/src/debug/bind-9.18.10/lib/isc/task.c:904
+ #21 0x00007f271762cb12 in isc__nm_async_task (worker=0x7f2716236560, ev0=0x7f26caa07000)
+ at netmgr/netmgr.c:840
+ #22 process_netievent (worker=worker@entry=0x7f2716236560, ievent=0x7f26caa07000) at netmgr/netmgr.c:918
+ #23 0x00007f271762d197 in process_queue (worker=worker@entry=0x7f2716236560,
+ type=type@entry=NETIEVENT_TASK) at netmgr/netmgr.c:1011
+ #24 0x00007f271762d3b3 in process_all_queues (worker=0x7f2716236560) at netmgr/netmgr.c:765
+ #25 async_cb (handle=0x7f27162368c0) at netmgr/netmgr.c:794
+ #26 0x00007f2717c4cb0d in uv__async_io (loop=0x7f2716236570, w=<optimized out>, events=<optimized out>)
+ at src/unix/async.c:163
+ #27 0x00007f2717c6825d in uv__io_poll (loop=0x7f2716236570, timeout=<optimized out>)
+ at src/unix/epoll.c:374
+ #28 0x00007f2717c5247a in uv__io_poll (timeout=<optimized out>, loop=0x7f2716236570)
+ at src/unix/udp.c:122
+ #29 uv_run (loop=loop@entry=0x7f2716236570, mode=mode@entry=UV_RUN_DEFAULT) at src/unix/core.c:406
+ #30 0x00007f271762d834 in nm_thread (worker0=0x7f2716236560) at netmgr/netmgr.c:696
+ #31 0x00007f27176627f5 in isc__trampoline_run (arg=0x55d4dfe3ad70)
+ at /usr/src/debug/bind-9.18.10/lib/isc/trampoline.c:189
+ #32 0x00007f2716c9398d in start_thread () from /lib64/libc.so.6
+ #33 0x00007f2716d19344 in clone () from /lib64/libc.so.6
+
+BUG: https://bugzilla.samba.org/show_bug.cgi?id=14030
+
+Signed-off-by: Samuel Cabrero <scabrero@samba.org>
+Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
+
+Autobuild-User(master): Samuel Cabrero <scabrero@samba.org>
+Autobuild-Date(master): Thu Jan 19 10:20:27 UTC 2023 on atb-devel-224
+---
+ source4/dns_server/dns_crypto.c | 2 +-
+ source4/dns_server/dns_update.c | 4 ++--
+ source4/dns_server/dnsserver_common.c | 21 +++++++++++++--------
+ source4/dns_server/dnsserver_common.h | 2 +-
+ source4/rpc_server/dnsserver/dnsutils.c | 2 +-
+ source4/torture/dns/dlz_bind9.c | 8 ++++----
+ 6 files changed, 22 insertions(+), 17 deletions(-)
+
+diff --git a/source4/dns_server/dns_crypto.c b/source4/dns_server/dns_crypto.c
+index 6d2b8648757..b38eb8b13bb 100644
+--- a/source4/dns_server/dns_crypto.c
++++ b/source4/dns_server/dns_crypto.c
+@@ -81,7 +81,7 @@ struct dns_server_tkey *dns_find_tkey(struct dns_server_tkey_store *store,
+ if (tmp_key == NULL) {
+ continue;
+ }
+- if (dns_name_equal(name, tmp_key->name)) {
++ if (samba_dns_name_equal(name, tmp_key->name)) {
+ tkey = tmp_key;
+ break;
+ }
+diff --git a/source4/dns_server/dns_update.c b/source4/dns_server/dns_update.c
+index 2d5f353671e..7b87dc6c6e3 100644
+--- a/source4/dns_server/dns_update.c
++++ b/source4/dns_server/dns_update.c
+@@ -593,7 +593,7 @@ static WERROR handle_one_update(struct dns_server *dns,
+ * work out if the node as a whole needs tombstoning.
+ */
+ if (update->rr_type == DNS_QTYPE_ALL) {
+- if (dns_name_equal(update->name, zone->name)) {
++ if (samba_dns_name_equal(update->name, zone->name)) {
+ for (i = first; i < rcount; i++) {
+
+ if (recs[i].wType == DNS_TYPE_SOA) {
+@@ -617,7 +617,7 @@ static WERROR handle_one_update(struct dns_server *dns,
+ }
+ }
+
+- } else if (dns_name_equal(update->name, zone->name)) {
++ } else if (samba_dns_name_equal(update->name, zone->name)) {
+
+ if (update->rr_type == DNS_QTYPE_SOA) {
+ return WERR_OK;
+diff --git a/source4/dns_server/dnsserver_common.c b/source4/dns_server/dnsserver_common.c
+index 03f76d4a871..0481b0715c7 100644
+--- a/source4/dns_server/dnsserver_common.c
++++ b/source4/dns_server/dnsserver_common.c
+@@ -1331,7 +1331,8 @@ bool dns_record_match(struct dnsp_DnssrvRpcRecord *rec1,
+ return memcmp(&rec1_in_addr6, &rec2_in_addr6, sizeof(rec1_in_addr6)) == 0;
+ }
+ case DNS_TYPE_CNAME:
+- return dns_name_equal(rec1->data.cname, rec2->data.cname);
++ return samba_dns_name_equal(rec1->data.cname,
++ rec2->data.cname);
+ case DNS_TYPE_TXT:
+ if (rec1->data.txt.count != rec2->data.txt.count) {
+ return false;
+@@ -1343,23 +1344,27 @@ bool dns_record_match(struct dnsp_DnssrvRpcRecord *rec1,
+ }
+ return true;
+ case DNS_TYPE_PTR:
+- return dns_name_equal(rec1->data.ptr, rec2->data.ptr);
++ return samba_dns_name_equal(rec1->data.ptr, rec2->data.ptr);
+ case DNS_TYPE_NS:
+- return dns_name_equal(rec1->data.ns, rec2->data.ns);
++ return samba_dns_name_equal(rec1->data.ns, rec2->data.ns);
+
+ case DNS_TYPE_SRV:
+ return rec1->data.srv.wPriority == rec2->data.srv.wPriority &&
+ rec1->data.srv.wWeight == rec2->data.srv.wWeight &&
+ rec1->data.srv.wPort == rec2->data.srv.wPort &&
+- dns_name_equal(rec1->data.srv.nameTarget, rec2->data.srv.nameTarget);
++ samba_dns_name_equal(rec1->data.srv.nameTarget,
++ rec2->data.srv.nameTarget);
+
+ case DNS_TYPE_MX:
+ return rec1->data.mx.wPriority == rec2->data.mx.wPriority &&
+- dns_name_equal(rec1->data.mx.nameTarget, rec2->data.mx.nameTarget);
++ samba_dns_name_equal(rec1->data.mx.nameTarget,
++ rec2->data.mx.nameTarget);
+
+ case DNS_TYPE_SOA:
+- return dns_name_equal(rec1->data.soa.mname, rec2->data.soa.mname) &&
+- dns_name_equal(rec1->data.soa.rname, rec2->data.soa.rname) &&
++ return samba_dns_name_equal(rec1->data.soa.mname,
++ rec2->data.soa.mname) &&
++ samba_dns_name_equal(rec1->data.soa.rname,
++ rec2->data.soa.rname) &&
+ rec1->data.soa.serial == rec2->data.soa.serial &&
+ rec1->data.soa.refresh == rec2->data.soa.refresh &&
+ rec1->data.soa.retry == rec2->data.soa.retry &&
+@@ -1485,7 +1490,7 @@ exit:
+ /*
+ see if two DNS names are the same
+ */
+-bool dns_name_equal(const char *name1, const char *name2)
++bool samba_dns_name_equal(const char *name1, const char *name2)
+ {
+ size_t len1 = strlen(name1);
+ size_t len2 = strlen(name2);
+diff --git a/source4/dns_server/dnsserver_common.h b/source4/dns_server/dnsserver_common.h
+index c3ba369e3bf..a0c1065ae58 100644
+--- a/source4/dns_server/dnsserver_common.h
++++ b/source4/dns_server/dnsserver_common.h
+@@ -76,7 +76,7 @@ WERROR dns_common_name2dn(struct ldb_context *samdb,
+ TALLOC_CTX *mem_ctx,
+ const char *name,
+ struct ldb_dn **_dn);
+-bool dns_name_equal(const char *name1, const char *name2);
++bool samba_dns_name_equal(const char *name1, const char *name2);
+
+ bool dns_record_match(struct dnsp_DnssrvRpcRecord *rec1,
+ struct dnsp_DnssrvRpcRecord *rec2);
+diff --git a/source4/rpc_server/dnsserver/dnsutils.c b/source4/rpc_server/dnsserver/dnsutils.c
+index 56b2690aa95..2c56946b0f6 100644
+--- a/source4/rpc_server/dnsserver/dnsutils.c
++++ b/source4/rpc_server/dnsserver/dnsutils.c
+@@ -311,7 +311,7 @@ struct dnsserver_zone *dnsserver_find_zone(struct dnsserver_zone *zones, const c
+ struct dnsserver_zone *z = NULL;
+
+ for (z = zones; z; z = z->next) {
+- if (dns_name_equal(zone_name, z->name)) {
++ if (samba_dns_name_equal(zone_name, z->name)) {
+ break;
+ }
+ }
+diff --git a/source4/torture/dns/dlz_bind9.c b/source4/torture/dns/dlz_bind9.c
+index 1f330106a98..f15671e370c 100644
+--- a/source4/torture/dns/dlz_bind9.c
++++ b/source4/torture/dns/dlz_bind9.c
+@@ -414,18 +414,18 @@ static bool dlz_bind9_putnamedrr_torture_hook(struct test_expected_rr *expected,
+ } else if (strcmp(type, "cname") == 0 ||
+ strcmp(type, "ptr") == 0 ||
+ strcmp(type, "ns") == 0) {
+- if (! dns_name_equal(data, data2)) {
++ if (!samba_dns_name_equal(data, data2)) {
+ continue;
+ }
+ } else if (strcmp(type, "mx") == 0) {
+ /*
+- * dns_name_equal works for MX records because
+- * the space in "10 example.com." is
++ * samba_dns_name_equal works for MX records
++ * because the space in "10 example.com." is
+ * theoretically OK as a DNS character. And we
+ * need it because dlz will add the trailing
+ * dot.
+ */
+- if (! dns_name_equal(data, data2)) {
++ if (!samba_dns_name_equal(data, data2)) {
+ continue;
+ }
+ } else if (strcmp(data, data2) != 0) {
+--
+2.39.2
+
diff -Nru samba-4.17.8+dfsg/debian/patches/series samba-4.17.8+dfsg/debian/patches/series
--- samba-4.17.8+dfsg/debian/patches/series 2023-05-11 10:47:39.000000000 +0300
+++ samba-4.17.8+dfsg/debian/patches/series 2023-05-24 22:53:18.000000000 +0300
@@ -23,3 +23,4 @@
meaningful-error-if-no-samba-ad-provision.patch
meaningful-error-if-no-python3-markdown.patch
ctdb-use-run-instead-of-var-run.patch
+dnsserver-rename-dns_name_equal.patch
--- End Message ---