Bug#1005642: marked as done (possible gross file corruption due to windows client cache poisoning)

[Debian Bug Tracking System]

Your message dated Sun, 29 May 2022 18:02:22 +0000
with message-id <e1nvnf8-000izt...@fasolo.debian.org>
and subject line Bug#1005642: fixed in samba 2:4.13.13+dfsg-1~deb11u4
has caused the Debian Bug report #1005642,
regarding possible gross file corruption due to windows client cache poisoning
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
1005642: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1005642
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

--- Begin Message ---

Package: samba
Version: 2:4.13.13+dfsg-1~deb11u2
Severity: critical
Tags: patch upstream

Please see https://lists.samba.org/archive/samba/2022-February/239548.html and
https://lists.samba.org/archive/samba/2022-February/239577.html for the
description of the problem and how serious can it be, this bugreport:
https://bugzilla.samba.org/show_bug.cgi?id=14928
for the actual bug and the fixes.

3 patches mentioned at the end of the samba.org bugreport are needed for
bullseye version of samba to fix this (not counting first patch which
modifies the tests, and the last patch which just fixes comments - I
mean the actual code changes needed for the fix). First code fix has
a chunk for tests/ which also needs to be deleted for 4.13.

With these 3 patches, and adding
 nt_time_to_unix_timespec_raw@SAMBA_UTIL_0.0.1
to d/libwbclient0.symbols, our problem with windows profile corruption
immediately went away.

Gosh, that was gross...

Thanks,

/mjt

--- End Message ---

--- Begin Message ---

Source: samba
Source-Version: 2:4.13.13+dfsg-1~deb11u4
Done: Michael Tokarev <m...@tls.msk.ru>

We believe that the bug you reported is fixed in the latest version of
samba, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 1005...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Michael Tokarev <m...@tls.msk.ru> (supplier of updated samba package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Format: 1.8
Date: Sat, 28 May 2022 22:52:59 +0300
Source: samba
Architecture: source
Version: 2:4.13.13+dfsg-1~deb11u4
Distribution: bullseye-proposed-updates
Urgency: medium
Maintainer: Debian Samba Maintainers <pkg-samba-ma...@lists.alioth.debian.org>
Changed-By: Michael Tokarev <m...@tls.msk.ru>
Closes: 953530 998423 999876 1001053 1004691 1005642 1006935 1009855
Changes:
 samba (2:4.13.13+dfsg-1~deb11u4) bullseye-proposed-updates; urgency=medium
 .
   * fix the order of everything during build by exporting PYTHONHASHSEED=1
     for waf.  This should fix the broken i386 build of the last security
     upload. Closes: #1006935, #1009855
   * Import the left-over patches from 4.13.17 upstream stable branch:
    - s3-winbindd-fix-allow-trusted-domains-no-regression.patch
      https://bugzilla.samba.org/show_bug.cgi?id=14899
      Closes: #999876, winbind fails to start with `allow trusted domains: no`
    - IPA-DC-add-missing-checks.patch
      https://bugzilla.samba.org/show_bug.cgi?id=14903
    - CVE-2020-25717-s3-auth-fix-MIT-Realm-regression.patch
      https://bugzilla.samba.org/show_bug.cgi?id=14922
      Closes: #1001053, MIT-kerberos auth broken after 4.13.13+dfsg-1~deb11u2
    - dsdb-Use-DSDB_SEARCH_SHOW_EXTENDED_DN-when-searching.patch
      https://bugzilla.samba.org/show_bug.cgi?id=14656
      https://bugzilla.samba.org/show_bug.cgi?id=14902
    - s3-smbd-Fix-mkdir-race-condition-allows-share-escape.patch
      https://bugzilla.samba.org/show_bug.cgi?id=13979
      Closes: #1004691, CVE-2021-43566: mkdir race condition allows share escape
   * 4 patches from upstream to fix possible serious data corruption issue
     with windows client cache poisoning, Closes: #1005642
     https://bugzilla.samba.org/show_bug.cgi?id=14928
   * two patches from upstream to fix coredump when connecting to shares
     with var substitutions, Closes: #998423
     https://bugzilla.samba.org/show_bug.cgi?id=14809
   * samba-common-bin.postinst: mkdir /run/samba before invoking samba binaries
     Closes: #953530
   * remove file creation+deletion from previously applied combined patches
     CVE-2021-23192-only-4.13-v2.patch & CVE-2021-3738-dsdb-crash-4.13-v03.patch
     to make patch deapply happy (quilt does not notice this situation)
   * d/salsa-ci.yml: target bullseye
Checksums-Sha1:
 0ca51aa2da29720bbd031f3312a2cd9b1510e2e1 4034 samba_4.13.13+dfsg-1~deb11u4.dsc
 3a47efcafa28d4822f1255a013a5f6e969c08fd9 473752 
samba_4.13.13+dfsg-1~deb11u4.debian.tar.xz
 5fdee37732717fb03c62f3a1192e362e33d9dfd1 8990 
samba_4.13.13+dfsg-1~deb11u4_source.buildinfo
Checksums-Sha256:
 8a73f505c06f019493f5f072849883f91225d153dc04cf29b0c842db95f2f122 4034 
samba_4.13.13+dfsg-1~deb11u4.dsc
 400ee978570b9e4660504dd78134cc48c49976f7779c0d91d50759194fdb577b 473752 
samba_4.13.13+dfsg-1~deb11u4.debian.tar.xz
 acd609e8ea1a52aae286c1b4c8627786fc8e942318ab37aaf1647441929933e9 8990 
samba_4.13.13+dfsg-1~deb11u4_source.buildinfo
Files:
 a6145bfa833244fe4cb634424a6788a0 4034 net optional 
samba_4.13.13+dfsg-1~deb11u4.dsc
 608b6314448bc0d7caf365567f1ceade 473752 net optional 
samba_4.13.13+dfsg-1~deb11u4.debian.tar.xz
 a91c6e2d38554116a6032357bb70bcdd 8990 net optional 
samba_4.13.13+dfsg-1~deb11u4_source.buildinfo

-----BEGIN PGP SIGNATURE-----

iQFDBAEBCAAtFiEEe3O61ovnosKJMUsicBtPaxppPlkFAmKSfjIPHG1qdEB0bHMu
bXNrLnJ1AAoJEHAbT2saaT5ZNgUH/0jEPHRjiCZG3HXAYsOvT4W8c++knegy0qEM
GWJen2oFCCNQQCGcxzATDPOk2YuzFjgWBnvxsTKDqPXtZCZxIomzr/rAmf5UmIc6
y2Qlbl9CnrgTlQbfUiUEEuvd306VDg3zff0ttsEAkiSp/PmBPpTqA2dnXZuPfnZo
l/3xfq936EdjeTaHAsZkerH5+4W34W8ZM2PqGJ2gjWGCfWaK450UAWJIMEFK6hFB
8SdmE4M8PmK3eEhe8bSt1IRoYS0/juTRdpaZnP5dJ9qSiDy9Rf5zk4YQjFTAoTJP
+giD8JgtrzCcoQ1GSy2N6TuulsG1ipafxSpYg9he/J6FT79qS8U=
=ssEN
-----END PGP SIGNATURE-----

--- End Message ---