Univention Bugzilla – Full Text Bug Listing |
Summary: | samba: Multiple issues (5.0) | ||
---|---|---|---|
Product: | UCS | Reporter: | Arvid Requate <requate> |
Component: | Security updates | Assignee: | Arvid Requate <requate> |
Status: | CLOSED FIXED | QA Contact: | Philipp Hahn <hahn> |
Severity: | normal | ||
Priority: | P5 | CC: | damrose, turfeld |
Version: | UCS 5.0 | ||
Target Milestone: | UCS 5.0-2-errata | ||
Hardware: | Other | ||
OS: | Linux | ||
URL: | https://bugzilla.samba.org/show_bug.cgi?id=15109 | ||
What kind of report is it?: | Security Issue | What type of bug is this?: | --- |
Who will be affected by this bug?: | --- | How will those affected feel about the bug?: | --- |
User Pain: | Enterprise Customer affected?: | ||
School Customer affected?: | ISV affected?: | ||
Waiting Support: | Flags outvoted (downgraded) after PO Review: | ||
Ticket number: | Bug group (optional): | ||
Max CVSS v3 score: | 8.8 (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H) | ||
Bug Depends on: | 48947 | ||
Bug Blocks: | 54995 |
Comment 1
Arvid Requate
2022-07-18 21:06:52 CEST
Package update failed with
> samba-dsdb-modules : Hängt ab von: libldb2 (> 2:2.5.2~) aber 2:2.5.1-1A~5.0.0.202206171844 soll installiert werden
So I've merged the svn patches into the source package and updated the debian/changelog version accordingly.
I've imported the new source package and built it:
Package: ldb
Version: 2:2.5.2-1A~5.0.0.202207191717
Branch: ucs_5.0-0
Scope: errata5.0-2
to be sure I've rebuilt samba again, too:
Package: samba
Version: 2:4.16.2-1A~5.0.0.202207191731
Branch: ucs_5.0-0
Scope: errata5.0-2
c216d4b0a4 | Advisory update
I've also cherrypicked and rebuilt univention-ldb-modules:
Package: univention-ldb-modules
Version: 8.0.0-7A~5.0.0.202207191820
Branch: ucs_5.0-0
Scope: errata5.0-2
180fcd59f5 | Advisory
We need a specific dependency for "newer or equal than latest" for the samba-dsdb-modules package, otherwise the installation of the latest samba4 app packages fails (i.e. u-samba4 and u-s4-connector) 7b61aedf7c Bug #54994: Add dependency on specific samba-dsdb-modules version 6a3cbd0f4d Bug #54994: yaml univention-samba4 9.0.8-3A~5.0.0.202207251614 As discussed, there is one ucs-test failing on UCS 5 53_samba-common/38_printer_special_chars But it only fails if the complete samba-common section is executed, it cannot be reproduced when executing the test on its own. But after it has failed once, it fails even when run on its own. Might be a missing cleanup from a test before that, or regression in samba itself, because the test fails only with the latest samba version. Reopen, to * re-check the test * there are still no advisories QA results so far: Patches for the issues are okay and have been applied 98_CVE-2022-2031+32744.quilt 98_CVE-2022-32742.quilt 98_CVE-2022-32745+32746.quilt samba 2:4.16.2-1A~5.0.0.202207191731 ldb 2:2.5.2-1A~5.0.0.202207191717 univention-ldb-modules 8.0.0-7A~5.0.0.202207191820 > 53_samba-common/38_printer_special_chars That test is terribly flaky, as observed before: https://forge.univention.org/bugzilla/show_bug.cgi?id=48947#c1 Via that bug Florian added a section to 38_printer_special_chars where printing is done without samba, just directly using lp against cups. Even that fails sometimes with "CUPS: Nothing has been printed to the output file.", because previous tests (like 36_printer) don't clean up their netcat-helper process if they fail. I've analyzed the issue and adjusted 38_printer_special_chars and 36_printer a bit so that it worked significantly better in my tests. The main trick seems to be to wait a bit in 38_printer_special_chars *before* doing the first attempt, otherwise there seems to be a negative cache that has a ttl of about 5 minutes. 6f67ce578c | Fix 38_printer_special_chars Package: ucs-test Version: 10.0.7-8A~5.0.0.202207262233 Branch: ucs_5.0-0 Scope: errata5.0-2 I tried to use http://jenkins2022.knut.univention.de/job/PublishUCS5Testing/ but it seems to ignore my request to "build now". So I ran /usr/sbin/update_ucs5_testing_mirror.sh manually, but I don't know if it was early enough for the tests. My adjustment to `ucs-test/tests/53_samba-common/38_printer_special_chars` didn't make it into last nights tests. Amongst other things (`nc` processes used for printer mocking not getting terminated on failure) the main fix seems to be that it now takes longer for Samba to make available a printershare with a "`very long share name with spaces`" (Bug 48947 Comment 1) and when the test attempts to print to that share before it is ready, then it seems to get some kind of negative cache entry (or at least a stuck data structure, error message: "NT_STATUS_HARDWARE_MEMORY_ERROR opening remote file") for about 5 minutes, before printing on that share starts to work. Simply inserting a 5 second wait before attempting to print was enough on my system to stabilize the test. In ucs-test I've put 10 seconds to be sure. One of the new Samba patches fixes a server memory disclosure via share access, so maybe that changed the timing behavior. From my perspective this depth of analysis is enough for that and I'll not dig further. 71c07a703a | Advisories OK: errata-announce -V --only samba.yaml OK: samba.yaml OK: errata-announce -V --only ldb.yaml OK: ldb.yaml OK: errata-announce -V --only univention-ldb-modules.yaml OK: univention-ldb-modules.yaml OK: https://jenkins2022.knut.univention.de/job/UCS-5.0/job/UCS-5.0-2/job/AutotestJoin/lastCompletedBuild/testReport/ ~OK: https://jenkins2022.knut.univention.de/job/UCS-5.0/job/UCS-5.0-2/job/AutotestUpgrade/lastCompletedBuild/testReport/ OK: https://jenkins2022.knut.univention.de/job/UCS-5.0/job/UCS-5.0-2/job/AutotestJoinReleased/ IGN: https://jenkins2022.knut.univention.de/job/UCS-5.0/job/UCS-5.0-2/job/Installation%20Tests/lastCompletedBuild/testReport/ OK: dpkg-query -W python\*-samba samba\* libunivention-ldb-modules\* ldb-tools libldb\* python\*-ldb OK: univention-app install samba4 OK: univention-run-diagnostic-checks OK: systemctl status OK: less /var/log/samba/log.* <https://errata.software-univention.de/#/?erratum=5.0x367> <https://errata.software-univention.de/#/?erratum=5.0x368> <https://errata.software-univention.de/#/?erratum=5.0x369> |