diff --git a/backport-0001-CVE-2022-1615-util-genrand-don-t-ignore-errors-in-random-number-ge.patch b/backport-0001-CVE-2022-1615-util-genrand-don-t-ignore-errors-in-random-number-ge.patch new file mode 100644 index 0000000000000000000000000000000000000000..fd5ded77f3d3ca2e29c89b6cc49e640b12f164f2 --- /dev/null +++ b/backport-0001-CVE-2022-1615-util-genrand-don-t-ignore-errors-in-random-number-ge.patch @@ -0,0 +1,94 @@ +From 9849e7440e30853c61a80ce1f11b7b244ed766fe Mon Sep 17 00:00:00 2001 +From: Douglas Bagnall +Date: Mon, 5 Aug 2019 00:10:53 +1200 +Subject: [PATCH] util/genrand: don't ignore errors in random number generation + +In this case it is probably better to crash out. + +BUG: https://bugzilla.samba.org/show_bug.cgi?id=15103 + +Signed-off-by: Douglas Bagnall +Reviewed-by: Andreas Schneider +--- + lib/util/genrand.c | 29 ++++++++++++++++++++++++++--- + lib/util/wscript_build | 2 +- + 2 files changed, 27 insertions(+), 4 deletions(-) + +diff --git a/lib/util/genrand.c b/lib/util/genrand.c +index 18ffa0d..fd6f457 100644 +--- a/lib/util/genrand.c ++++ b/lib/util/genrand.c +@@ -20,6 +20,7 @@ + */ + + #include "replace.h" ++#include "lib/util/fault.h" + #include "lib/util/genrand.h" + + #include +@@ -31,10 +32,26 @@ + * https://nikmav.blogspot.com/2017/03/improving-by-simplifying-gnutls-prng.html + */ + ++ ++_NORETURN_ static void genrand_panic(int err, ++ const char *location, ++ const char *func) ++{ ++ char buf[200]; ++ snprintf(buf, sizeof(buf), ++ "%s:%s: GnuTLS could not generate a random buffer: %s [%d]\n", ++ location, func, gnutls_strerror_name(err), err); ++ smb_panic(buf); ++} ++ ++ + _PUBLIC_ void generate_random_buffer(uint8_t *out, int len) + { + /* Random number generator for temporary keys. */ +- gnutls_rnd(GNUTLS_RND_RANDOM, out, len); ++ int ret = gnutls_rnd(GNUTLS_RND_RANDOM, out, len); ++ if (ret != 0) { ++ genrand_panic(ret, __location__, __func__); ++ } + } + + _PUBLIC_ void generate_secret_buffer(uint8_t *out, int len) +@@ -48,7 +65,10 @@ _PUBLIC_ void generate_secret_buffer(uint8_t *out, int len) + * the limit for a re-seed. For its re-seed it mixes mixes data obtained + * from the OS random device with the previous key. + */ +- gnutls_rnd(GNUTLS_RND_KEY, out, len); ++ int ret = gnutls_rnd(GNUTLS_RND_KEY, out, len); ++ if (ret != 0) { ++ genrand_panic(ret, __location__, __func__); ++ } + } + + _PUBLIC_ void generate_nonce_buffer(uint8_t *out, int len) +@@ -60,5 +80,8 @@ _PUBLIC_ void generate_nonce_buffer(uint8_t *out, int len) + * bytes (typically few megabytes), or after few hours of operation + * without reaching the limit has passed. + */ +- gnutls_rnd(GNUTLS_RND_NONCE, out, len); ++ int ret = gnutls_rnd(GNUTLS_RND_NONCE, out, len); ++ if (ret != 0) { ++ genrand_panic(ret, __location__, __func__); ++ } + } +diff --git a/lib/util/wscript_build b/lib/util/wscript_build +index df235c1..d26aa4e 100644 +--- a/lib/util/wscript_build ++++ b/lib/util/wscript_build +@@ -143,7 +143,7 @@ bld.SAMBA_LIBRARY('msghdr', + + bld.SAMBA_LIBRARY('genrand', + source='genrand.c', +- deps='replace gnutls', ++ deps='replace gnutls smb-panic', + local_include=False, + private_library=True) + +-- +1.8.3.1 + diff --git a/backport-0002-CVE-2022-1615-py-uptodateness-more-details-in-missing-dn-report.patch b/backport-0002-CVE-2022-1615-py-uptodateness-more-details-in-missing-dn-report.patch new file mode 100644 index 0000000000000000000000000000000000000000..ff42ca71cd4deaf2474bb7d038244a0f38b554f3 --- /dev/null +++ b/backport-0002-CVE-2022-1615-py-uptodateness-more-details-in-missing-dn-report.patch @@ -0,0 +1,34 @@ +From ffa84f2e5d335626b5f7311af8d2a7056b3e5c6f Mon Sep 17 00:00:00 2001 +From: Douglas Bagnall +Date: Mon, 11 Jul 2022 12:06:54 +1200 +Subject: [PATCH] py/uptodateness: more details in missing dn report + +This does not fix bug 15127, but it improves reporting. + +https://bugzilla.samba.org/show_bug.cgi?id=15127 + +Signed-off-by: Douglas Bagnall +Reviewed-by: Andreas Schneider + +Autobuild-User(master): Andreas Schneider +Autobuild-Date(master): Thu Jul 28 06:18:43 UTC 2022 on sn-devel-184 +--- + python/samba/uptodateness.py | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/python/samba/uptodateness.py b/python/samba/uptodateness.py +index db1ba53..49c984a 100644 +--- a/python/samba/uptodateness.py ++++ b/python/samba/uptodateness.py +@@ -147,7 +147,7 @@ def get_utdv_distances(utdv_edges, dsas): + dist = peak - utdv_edges[dn2][dn1] + d[dn2] = dist + else: +- print("Missing dn %s from UTD vector" % dn1, ++ print(f"Missing dn {dn1} from UTD vector for dsa {dn2}", + file=sys.stderr) + else: + print("missing dn %s from UTD vector list" % dn2, +-- +1.8.3.1 + diff --git a/samba.spec b/samba.spec index 47a2b74bdd594b5faf95dffe5c6f53f0fecccb96..2269301450cdf15c8c3ed2e7bef588f5003137cd 100644 --- a/samba.spec +++ b/samba.spec @@ -49,7 +49,7 @@ Name: samba Version: 4.15.3 -Release: 9 +Release: 10 Summary: A suite for Linux to interoperate with Windows License: GPLv3+ and LGPLv3+ @@ -93,6 +93,8 @@ Patch23: 0012-CVE-2022-32743-dsdb-modules-acl-Account-for-sAMAccou.patch Patch24: 0013-CVE-2022-32743-dsdb-modules-acl-Allow-simultaneous-s.patch Patch25: 0014-CVE-2022-32743-s4-rpc_server-common-Add-dcesrv_samdb.patch Patch26: 0015-CVE-2022-32743-s4-rpc_server-netlogon-Reconnect-to-s.patch +Patch27: backport-0001-CVE-2022-1615-util-genrand-don-t-ignore-errors-in-random-number-ge.patch +Patch28: backport-0002-CVE-2022-1615-py-uptodateness-more-details-in-missing-dn-report.patch BuildRequires: avahi-devel bison dbus-devel docbook-style-xsl e2fsprogs-devel flex gawk gnupg2 gnutls-devel >= 3.4.7 gpgme-devel BuildRequires: jansson-devel krb5-devel >= %{required_mit_krb5} libacl-devel libaio-devel libarchive-devel libattr-devel @@ -3416,6 +3418,12 @@ fi %endif %changelog +* Wed Aug 31 2022 zhouyihang - 4.15.3-10 +- Type:cves +- ID:CVE-2022-1615 +- SUG:NA +- DESC:fix CVE-2022-1615 + * Fri Aug 26 2022 zhouyihang - 4.15.3-9 - Type:cves - ID:CVE-2022-32743