The branch, v4-23-test has been updated
via c4349b4d3a4 pytest: safe_tarfile: accept NotADirectoryError as bad
path rejection
via 4cb72d2c15f selftest: Do not use wrappers for samba.tests.docs
via eb9a6f40d14 printing: Fix an uninitialized read
via 8a85326c716 s4:torture: Fix stack buffer overflow in
test_dirlease_oplocks()
from 5bbb682b0fc s3:net: Pass down the server from cmdline to
sync_pw2keytabs()
https://git.samba.org/?p=samba.git;a=shortlog;h=v4-23-test
- Log -----------------------------------------------------------------
commit c4349b4d3a4fee1881d41bfdbc8f83efdfdf366f
Author: Douglas Bagnall <[email protected]>
Date: Fri Aug 22 15:24:34 2025 +1200
pytest: safe_tarfile: accept NotADirectoryError as bad path rejection
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15911
After recent upstream Python fixes for various path escape and symlink
CVEs in tarfile, in particular this commit:
commit 3612d8f51741b11f36f8fb0494d79086bac9390a
Author: Łukasz Langa <[email protected]>
Date: Tue Jun 3 12:42:11 2025 +0200
gh-135034: Normalize link targets in tarfile, add
`os.path.realpath(strict='allow_missing')` (#135037)
Addresses CVEs 2024-12718, 2025-4138, 2025-4330, and 2025-4517.
Signed-off-by: Łukasz Langa <[email protected]>
Reviewed-by: Jennifer Sutton <[email protected]>
Co-authored-by: Petr Viktorin <[email protected]>
Co-authored-by: Seth Michael Larson <[email protected]>
Co-authored-by: Adam Turner <[email protected]>
Co-authored-by: Serhiy Storchaka <[email protected]>
our ../../ test that looks for a tarfile.OutsideDestinationError now
meets a NotADirectoryError in recent Python versions (this from 3.13,
Fedora 42):
UNEXPECTED(error):
samba.tests.safe_tarfile.samba.tests.safe_tarfile.SafeTarFileTestCase.test_dots(none)
REASON: Exception: Exception: Traceback (most recent call last):
File
"/tmp/samba-testbase/b1/samba-o3/bin/python/samba/tests/safe_tarfile.py", line
48, in test_dots
self.assertRaises(tarfile.OutsideDestinationError,
~~~~~~~~~~~~~~~~~^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
stf.extractall,
^^^^^^^^^^^^^^^
tarname)
^^^^^^^^
File "/usr/lib64/python3.13/unittest/case.py", line 795, in assertRaises
return context.handle('assertRaises', args, kwargs)
~~~~~~~~~~~~~~^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/usr/lib64/python3.13/unittest/case.py", line 238, in handle
callable_obj(*args, **kwargs)
~~~~~~~~~~~~^^^^^^^^^^^^^^^^^
File "/usr/lib64/python3.13/tarfile.py", line 2343, in extractall
tarinfo, unfiltered = self._get_extract_tarinfo(
~~~~~~~~~~~~~~~~~~~~~~~~~^
member, filter_function, path)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/usr/lib64/python3.13/tarfile.py", line 2432, in
_get_extract_tarinfo
self._handle_fatal_error(e)
~~~~~~~~~~~~~~~~~~~~~~~~^^^
File "/usr/lib64/python3.13/tarfile.py", line 2430, in
_get_extract_tarinfo
filtered = filter_function(unfiltered, path)
File "/usr/lib64/python3.13/tarfile.py", line 842, in tar_filter
new_attrs = _get_filtered_attrs(member, dest_path, False)
File "/usr/lib64/python3.13/tarfile.py", line 783, in _get_filtered_attrs
target_path = os.path.realpath(os.path.join(dest_path, name),
strict=os.path.ALLOW_MISSING)
File "<frozen posixpath>", line 457, in realpath
NotADirectoryError: [Errno 20] Not a directory:
'/tmp/samba-testbase/b1/samba-o3/bin/ab/tmp/tmpbn6e69ci/tar.tar'
In this commit, we say that a NotADirectoryError is OK.
When we started safe_tarfile we were acting in advance of upstream
Python, but now they are well ahead of us. If we trust their work in
recent versions and accept the error conditions they choose, we can
more easily get rid of our safe_tarfile when the time is right.
For the moment we still support as far back as Python 3.6 for some old
enterprise distros, and it is for those that we continue to maintain
safe_tarfile. In versions before 3.11 we will see
tarfile.ExtractError, and the test for that is unaffected by this
change.
Signed-off-by: Douglas Bagnall <[email protected]>
Reviewed-by: Andreas Schneider <[email protected]>
(cherry picked from commit 7a5b22e4221ea2a0960a26cf79339168f0899d0c)
Autobuild-User(v4-23-test): Jule Anger <[email protected]>
Autobuild-Date(v4-23-test): Thu Sep 11 10:18:00 UTC 2025 on atb-devel-224
commit 4cb72d2c15fc697289a55ef199b810a07f279a4c
Author: Andreas Schneider <[email protected]>
Date: Wed Sep 10 13:31:11 2025 +0200
selftest: Do not use wrappers for samba.tests.docs
We will run into issues with Python 3.14 passing sockets for
concurrently running tasks.
https://bugzilla.samba.org/show_bug.cgi?id=15910
Signed-off-by: Andreas Schneider <[email protected]>
Reviewed-by: Anoop C S <[email protected]>
Autobuild-User(master): Anoop C S <[email protected]>
Autobuild-Date(master): Wed Sep 10 19:21:55 UTC 2025 on atb-devel-224
(cherry picked from commit 6cf1bf540e7f433e05a0a4119cff4bdaa608359e)
commit eb9a6f40d14da11c94ef5debf047eb95ed74f328
Author: Volker Lendecke <[email protected]>
Date: Mon Sep 8 18:19:01 2025 +0200
printing: Fix an uninitialized read
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15908
Signed-off-by: Volker Lendecke <[email protected]>
Reviewed-by: Björn Baumbach <[email protected]>
Autobuild-User(master): Björn Baumbach <[email protected]>
Autobuild-Date(master): Tue Sep 9 11:06:34 UTC 2025 on atb-devel-224
(cherry picked from commit a6dcf78483d7ae492e695d30c5c783df8e7879d8)
commit 8a85326c716bec807c6ab20523d8d5d352a36395
Author: Andreas Schneider <[email protected]>
Date: Tue Sep 9 09:24:47 2025 +0200
s4:torture: Fix stack buffer overflow in test_dirlease_oplocks()
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15907
Signed-off-by: Andreas Schneider <[email protected]>
Reviewed-by: Volker Lendecke <[email protected]>
Autobuild-User(master): Volker Lendecke <[email protected]>
Autobuild-Date(master): Tue Sep 9 09:27:33 UTC 2025 on atb-devel-224
(cherry picked from commit c5c238a879182a2dfe528ae49f97da75e242afe7)
-----------------------------------------------------------------------
Summary of changes:
python/samba/tests/safe_tarfile.py | 3 ++-
selftest/tests.py | 9 ++++++++-
source3/printing/print_generic.c | 2 +-
source4/torture/smb2/lease.c | 2 +-
4 files changed, 12 insertions(+), 4 deletions(-)
Changeset truncated at 500 lines:
diff --git a/python/samba/tests/safe_tarfile.py
b/python/samba/tests/safe_tarfile.py
index 1f2cb03aeb4..6dc2a6e3355 100644
--- a/python/samba/tests/safe_tarfile.py
+++ b/python/samba/tests/safe_tarfile.py
@@ -45,7 +45,8 @@ class SafeTarFileTestCase(TestCaseInTempDir):
# If we have data_filter, we have a patched python to address
# CVE-2007-4559.
if hasattr(tarfile, "data_filter"):
- self.assertRaises(tarfile.OutsideDestinationError,
+ self.assertRaises((tarfile.OutsideDestinationError,
+ NotADirectoryError),
stf.extractall,
tarname)
else:
diff --git a/selftest/tests.py b/selftest/tests.py
index 49fe5e6426b..104fa65f672 100644
--- a/selftest/tests.py
+++ b/selftest/tests.py
@@ -57,7 +57,14 @@ planpythontestsuite("none", "samba.tests.source")
planpythontestsuite("none", "samba.tests.source_chars")
if have_man_pages_support:
- planpythontestsuite("none", "samba.tests.docs")
+ # This is a unit test which doesn't need any wrappers. We unset LD_PRELOAD
+ # as it is causing issues with Python >= 3.14 passing sockets around if a
+ # task is running concurrently.
+ planpythontestsuite(
+ "none",
+ "samba.tests.docs",
+ environ={'LD_PRELOAD': ''}
+ )
try:
import testscenarios
diff --git a/source3/printing/print_generic.c b/source3/printing/print_generic.c
index d5bfa9ea527..7c7a14de045 100644
--- a/source3/printing/print_generic.c
+++ b/source3/printing/print_generic.c
@@ -161,7 +161,7 @@ static int generic_queue_get(const char *printer_name,
print_status_struct *status)
{
char **qlines;
- int fd;
+ int fd = -1;
int numlines, i, qcount;
print_queue_struct *queue = NULL;
diff --git a/source4/torture/smb2/lease.c b/source4/torture/smb2/lease.c
index c2bcda1d887..a28129344f0 100644
--- a/source4/torture/smb2/lease.c
+++ b/source4/torture/smb2/lease.c
@@ -1516,7 +1516,7 @@ static bool test_dirlease_oplocks(struct torture_context
*tctx,
smb2_deltree(tree, dname);
- for (i = 0; i < sizeof(levels); i++) {
+ for (i = 0; i < ARRAY_SIZE(levels); i++) {
c = (struct smb2_create) {
.in.oplock_level = levels[i],
.in.desired_access = SEC_RIGHTS_DIR_READ,
--
Samba Shared Repository
