Your message dated Fri, 27 Jan 2023 08:38:30 +0000 with message-id <[email protected]> and subject line Bug#1023606: fixed in samba 2:4.17.5+dfsg-1 has caused the Debian Bug report #1023606, regarding samba: IPv6 only samba-tool gpo listall does not work, can't find DC to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact [email protected] immediately.) -- 1023606: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1023606 Debian Bug Tracking System Contact [email protected] with problems
--- Begin Message ---Package: samba Version: 4.16.5 Severity: important Tags: patch upstream ipv6 X-Debbugs-Cc: [email protected] This is reported upstream as Samba bug https://bugzilla.samba.org/show_bug.cgi?id=15226 Bug in central Samba DNS resolution code in IPv6 only environment. This one probably also affects domain sign up and join code, as well as samba-tool gpo funcionality. finddcs() does not resolve SRV records when there are only AAAA records in the DNS for the AD DC servers. Patch attached. Please merge with Debian Samba packages. -- System Information: Debian Release: 11.5 APT prefers stable-updates APT policy: (500, 'stable-updates'), (500, 'stable-security'), (500, 'stable') Architecture: amd64 (x86_64) Kernel: Linux 5.15.75-amd64-mag-lts (SMP w/4 CPU threads) Kernel taint flags: TAINT_PROPRIETARY_MODULE, TAINT_OOT_MODULE Locale: LANG=en_NZ.UTF-8, LC_CTYPE=en_NZ.UTF-8 (charmap=UTF-8), LANGUAGE not set Shell: /bin/sh linked to /usr/bin/dash Init: systemd (via /run/systemd/system) LSM: AppArmor: enabled Versions of packages samba depends on: ii adduser 3.118 ii dpkg 1.20.12 ii init-system-helpers 1.60 ii libbsd0 0.11.3-1 ii libc6 2.31-13+deb11u5 ii libcups2 2.3.3op2-3+deb11u2 ii libgnutls30 3.7.1-5+deb11u2 ii libldap-2.4-2 2.4.57+dfsg-3+deb11u1 hi libldb2 2:2.4.1+mag-1 ii libpam-modules 1.4.0-9+deb11u1 ii libpam-runtime 1.4.0-9+deb11u1 ii libpopt0 1.18-2 pn libpython3.7 <none> ii libpython3.9 3.9.2-1 ii libtalloc2 2.3.3+mag-1~0mag0 ii libtasn1-6 4.16.0-2 ii libtdb1 1.4.6+mag-1 ii libtevent0 0.11.0+mag-1~0mag0 ii libwbclient0 2:4.16.5+mag-2 ii lsb-base 11.1.0 ii procps 2:3.3.17-5 ii python3 3.9.2-3 ii python3-dnspython 2.0.0-1 pn python3-samba <none> pn samba-common <none> pn samba-common-bin <none> pn samba-libs <none> ii tdb-tools 1.4.6+mag-1 Versions of packages samba recommends: ii attr 1:2.4.48-6 ii logrotate 3.18.0-2+deb11u1 ii python3-markdown 3.3.4-1 pn samba-dsdb-modules <none> pn samba-vfs-modules <none> Versions of packages samba suggests: pn bind9 <none> ii bind9-utils [bind9utils] 1:9.16.33-1~deb11u1 ii bind9utils 1:9.16.33-1~deb11u1 ii chrony 4.0-8+deb11u2 pn ctdb <none> ii ldb-tools 2:2.5.2+samba4.16.5+mag-2 ii smbldap-tools 0.9.11-2 pn ufw <none> pn winbind <none>diff --git a/source4/libcli/resolve/dns_ex.c b/source4/libcli/resolve/dns_ex.c index 0bb3ba02287..0525d0d019a 100644 --- a/source4/libcli/resolve/dns_ex.c +++ b/source4/libcli/resolve/dns_ex.c @@ -81,7 +81,7 @@ struct dns_records_container { uint32_t count; }; -static int reply_to_addrs(TALLOC_CTX *mem_ctx, uint32_t *a_num, +static int reply_to_addrs(TALLOC_CTX *mem_ctx, uint32_t *addr_num, char ***cur_addrs, uint32_t total, struct dns_request *reply, int port) { @@ -151,8 +151,8 @@ static int reply_to_addrs(TALLOC_CTX *mem_ctx, uint32_t *a_num, rr->name->pLabelList->label); if (addrs[total]) { total++; - if (rr->type == QTYPE_A) { - (*a_num)++; + if (rr->type == QTYPE_A || rr->type == QTYPE_AAAA) { + (*addr_num)++; } } } @@ -211,7 +211,7 @@ static struct dns_records_container get_a_aaaa_records(TALLOC_CTX *mem_ctx, struct dns_request *reply; struct dns_records_container ret; char **addrs = NULL; - uint32_t a_num, total; + uint32_t addr_num, total; uint16_t qtype; TALLOC_CTX *tmp_ctx; DNS_ERROR err; @@ -236,12 +236,13 @@ static struct dns_records_container get_a_aaaa_records(TALLOC_CTX *mem_ctx, } } - a_num = total = 0; - total = reply_to_addrs(tmp_ctx, &a_num, &addrs, total, reply, port); + addr_num = total = 0; + total = reply_to_addrs(tmp_ctx, &addr_num, &addrs, total, reply, port); - if (qtype == QTYPE_AAAA && a_num == 0) { + if (qtype == QTYPE_AAAA && addr_num == 0) { /* - * DNS server didn't returned A when asked for AAAA records. + * DNS server didn't returned A when asked for AAAA records, + * and no AAAA record returned either * Most of the server do it, let's ask for A specificaly. */ err = dns_lookup(tmp_ctx, name, QTYPE_A, &reply); @@ -249,7 +250,7 @@ static struct dns_records_container get_a_aaaa_records(TALLOC_CTX *mem_ctx, goto done; } - total = reply_to_addrs(tmp_ctx, &a_num, &addrs, total, + total = reply_to_addrs(tmp_ctx, &addr_num, &addrs, total, reply, port); }diff --git a/source4/libcli/resolve/dns_ex.c b/source4/libcli/resolve/dns_ex.c index 0bb3ba02287..0525d0d019a 100644 --- a/source4/libcli/resolve/dns_ex.c +++ b/source4/libcli/resolve/dns_ex.c @@ -81,7 +81,7 @@ struct dns_records_container { uint32_t count; }; -static int reply_to_addrs(TALLOC_CTX *mem_ctx, uint32_t *a_num, +static int reply_to_addrs(TALLOC_CTX *mem_ctx, uint32_t *addr_num, char ***cur_addrs, uint32_t total, struct dns_request *reply, int port) { @@ -151,8 +151,8 @@ static int reply_to_addrs(TALLOC_CTX *mem_ctx, uint32_t *a_num, rr->name->pLabelList->label); if (addrs[total]) { total++; - if (rr->type == QTYPE_A) { - (*a_num)++; + if (rr->type == QTYPE_A || rr->type == QTYPE_AAAA) { + (*addr_num)++; } } } @@ -211,7 +211,7 @@ static struct dns_records_container get_a_aaaa_records(TALLOC_CTX *mem_ctx, struct dns_request *reply; struct dns_records_container ret; char **addrs = NULL; - uint32_t a_num, total; + uint32_t addr_num, total; uint16_t qtype; TALLOC_CTX *tmp_ctx; DNS_ERROR err; @@ -236,12 +236,13 @@ static struct dns_records_container get_a_aaaa_records(TALLOC_CTX *mem_ctx, } } - a_num = total = 0; - total = reply_to_addrs(tmp_ctx, &a_num, &addrs, total, reply, port); + addr_num = total = 0; + total = reply_to_addrs(tmp_ctx, &addr_num, &addrs, total, reply, port); - if (qtype == QTYPE_AAAA && a_num == 0) { + if (qtype == QTYPE_AAAA && addr_num == 0) { /* - * DNS server didn't returned A when asked for AAAA records. + * DNS server didn't returned A when asked for AAAA records, + * and no AAAA record returned either * Most of the server do it, let's ask for A specificaly. */ err = dns_lookup(tmp_ctx, name, QTYPE_A, &reply); @@ -249,7 +250,7 @@ static struct dns_records_container get_a_aaaa_records(TALLOC_CTX *mem_ctx, goto done; } - total = reply_to_addrs(tmp_ctx, &a_num, &addrs, total, + total = reply_to_addrs(tmp_ctx, &addr_num, &addrs, total, reply, port); }
--- End Message ---
--- Begin Message ---Source: samba Source-Version: 2:4.17.5+dfsg-1 Done: Michael Tokarev <[email protected]> We believe that the bug you reported is fixed in the latest version of samba, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to [email protected], and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Michael Tokarev <[email protected]> (supplier of updated samba package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing [email protected]) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Format: 1.8 Date: Fri, 27 Jan 2023 11:15:01 +0300 Source: samba Architecture: source Version: 2:4.17.5+dfsg-1 Distribution: unstable Urgency: medium Maintainer: Debian Samba Maintainers <[email protected]> Changed-By: Michael Tokarev <[email protected]> Closes: 1023606 Changes: samba (2:4.17.5+dfsg-1) unstable; urgency=medium . * new upstream stable/bugfix release. From WHATSNEW.txt: * BUG 14808: smbc_getxattr() return value is incorrect. * BUG 15172: Compound SMB2 FLUSH+CLOSE requests from MacOSX are not handled correctly. * BUG 15210: synthetic_pathref AFP_AfpInfo failed errors. * BUG 15226: samba-tool gpo listall fails IPv6 only - finddcs() fails to find DC when there is only an AAAA record for the DC in DNS (Closes: #1023606). * BUG 15236: smbd crashes if an FSCTL request is done on a stream handle. * BUG 15277: DFS links don't work anymore on Mac clients since 4.17. * BUG 15283: vfs_virusfilter segfault on access, directory edgecase (accessing NULL value). * BUG 15240: CVE-2022-38023 [SECURITY] Samba should refuse RC4 (aka md5) based SChannel on NETLOGON (additional changes). * BUG 15243: %U for include directive doesn't work for share listing (netshareenum) (the fix was in debian before). * BUG 15266: Shares missing from netshareenum response in samba 4.17.4 (the fix was in debian before). * BUG 15269: ctdb: use-after-free in run_proc. * BUG 15280: irpc_destructor may crash during shutdown. * BUG 15286: auth3_generate_session_info_pac leaks wbcAuthUserInfo. * BUG 15268: smbclient segfaults with use after free on an optimized build * BUG 15282: smbstatus leaking files in msg.sock and msg.lock. * BUG 15164: Leak in wbcCtxPingDc2. * BUG 15265: Access based share enum does not work in Samba 4.16+. * BUG 15267: Crash during share enumeration. * BUG 15271: rep_listxattr on FreeBSD does not properly check for reads off end of returned buffer. * BUG 15281: Avoid relying on C89 features in a few places. * remove patches applied upstream: - reload-registry-shares-after-reloading-services.patch - rpc_server_srvsvc-retrieve_share_ACL_via_root_context.patch * d/control: Standards-Version: 4.6.2 (no changes) * d/control: put all doc-generating build-deps into one line * little prep for cross-compilation - build-depend on python3:any and python3-dev:any - build-depend on libpython3-dev for actual module building, and use arch-specific python3-config from there - set and export _PYTHON_SYSCONFIGDATA_NAME to get foreign-arch values provided by libpython3-dev (also helps when python itself is foreign) - depend on perl:any not just perl - export CC/CPP/LD/PKGCONFIG for ./configure (buildtools.mk) * d/gbp.conf: unignore branch * d/control: samba, ctdb, winbind: do not depend on lsb-base (the script is in sysvinit-utils now) * d/control: drop unused build-dep on libncurses5-dev Checksums-Sha1: 1f00ac6787ee5c10a52f452874790595c2b23dd3 4397 samba_4.17.5+dfsg-1.dsc 9e0a01759c8fbc4b8b2257e1bbb46534bf6dc2f6 18421936 samba_4.17.5+dfsg.orig.tar.xz 164797f3da3f9a303de0cd3172554a5dd456530d 267556 samba_4.17.5+dfsg-1.debian.tar.xz deefef73933b5a300624ced9fb1ca87787b4baff 5991 samba_4.17.5+dfsg-1_source.buildinfo Checksums-Sha256: a1daeef815c551f62d0d19af97026fbf7272d33916a6bcb811d12019e9bcb05b 4397 samba_4.17.5+dfsg-1.dsc dd80e994a367b17fe9823494ad55ac36a9027857c7132653d730351327546cfd 18421936 samba_4.17.5+dfsg.orig.tar.xz e392b8133c103b26a2944a59b8cc4df16a3771e2784a2da28521edc41c7ef871 267556 samba_4.17.5+dfsg-1.debian.tar.xz e10229bc8f03d29dce89eca6c5b2dbe3241e0a46873b8233bde16e8b96900339 5991 samba_4.17.5+dfsg-1_source.buildinfo Files: 7aa6c6bc2f13d144a9375972fa02b12f 4397 net optional samba_4.17.5+dfsg-1.dsc bafc00114421c479883dd2b003d28cfa 18421936 net optional samba_4.17.5+dfsg.orig.tar.xz 6795c05b19d7089c324dd3d4b601337b 267556 net optional samba_4.17.5+dfsg-1.debian.tar.xz 81768d3f6a2b65e46c24963f96288be8 5991 net optional samba_4.17.5+dfsg-1_source.buildinfo -----BEGIN PGP SIGNATURE----- iQFDBAEBCAAtFiEEe3O61ovnosKJMUsicBtPaxppPlkFAmPTiEoPHG1qdEB0bHMu bXNrLnJ1AAoJEHAbT2saaT5ZI8MIAIGE5ar+H8r77TZzZp6kO4fj9J0gQJzI/dm7 7NRnZVBxkdXQHP7oCb/Rj0OFUvqYWxkBr8tiITN7/A7o1pmvvD/ruy/CrWPwY8vW AlwlNuW0ogYRHQnw38DJn8NSReTFCEOdde9Qu9nd+PyKoRLFHclYjPcEmTf+lA5a vbetAJxo9FM1wPy2M0NxQqh8bTLKzmegXfY4W0i+mKoKzHQxiWeRv7TxqxlRWDKv tWQpQpa+d5w/xQw48DapxL8mKUnbME2Y2fzA2lucYdudfcCAAVsvaHx67p3qX7ax 0IweTX7VSkUQUBIEp5izz34eo4wLrhXV5um1KxJ3HuUxU2/m+dE= =C352 -----END PGP SIGNATURE-----
--- End Message ---
