From mboxrd@z Thu Jan  1 00:00:00 1970
From: Michael Tremer <michael.tremer@ipfire.org>
To: development@lists.ipfire.org
Subject: Re: [PATCH] netatalk: update to 3.1.13
Date: Mon, 22 Aug 2022 10:19:27 +0100
Message-ID: <B1AC3A25-9226-447A-A262-EA5796B0B580@ipfire.org>
In-Reply-To: <b03adad8-49d1-bf6a-b715-2c751edbb9a2@ipfire.org>
MIME-Version: 1.0
Content-Type: multipart/mixed; boundary="===============1022847756260563487=="
List-Id: <development.lists.ipfire.org>

--===============1022847756260563487==
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: quoted-printable

Hello Adolf,

Okay. I can live with that - although there were a couple of CVEs fixed in th=
is release and it would be nice to have them fixed sooner rather than later.

Looks like we will have to wait for upstream. Thanks for looking into this th=
ough.

All the best,
-Michael

> On 22 Aug 2022, at 10:05, Adolf Belka <adolf.belka(a)ipfire.org> wrote:
>=20
> Hi All,
>=20
> On 22/08/2022 10:45, Michael Tremer wrote:
>> Hello Peter,
>>=20
>> If you revert a patch like this, you would have to increase PAK_VER and no=
t decrease it.
>>=20
>> That way, people will =E2=80=9Cupdate=E2=80=9D back to the old version bec=
ause PAK_VER is everything that Pakfire checks.
>>=20
>> There is a patch that should fix this available here:
>>=20
>> https://cgit.freebsd.org/ports/tree/net/netatalk3/files/patch-libatalk_ado=
uble_ad__open.c?id=3Dad0b2e636d9ebf0bdcfdb30933fa0658fa657b17
>>=20
>> Is anyone happy to give it a try?
> Jon already tried that out but he got a different set of errors with the pa=
tched version. Also in the BSD bug report, although it is closed there was a =
report at the end of it of errors in the patched version.
>=20
> Not clear how bad the new errors are but it seemed better to revert back un=
til the new errors were also fixed.
>=20
> Regards,
>=20
> Adolf.
>> -Michael
>>=20
>>> On 22 Aug 2022, at 07:18, Peter M=C3=BCller <peter.mueller(a)ipfire.org> =
wrote:
>>>=20
>>> Hello Jon,
>>>=20
>>> thank you for testing this and reporting back.
>>>=20
>>> I have just reverted your patch (https://git.ipfire.org/?p=3Dipfire-2.x.g=
it;a=3Dcommit;h=3D0e8a17b2d1a7e61ebb1e25b384526c44acc1f7a0),
>>> and will update the changelog for Core Update 170 in due course.
>>>=20
>>> All the best,
>>> Peter M=C3=BCller
>>>=20
>>>=20
>>>> Hey Peter!
>>>>=20
>>>> Please revert this patch.
>>>>=20
>>>> During my testing of CU 170 (master/ef7d41ef) I stumbled across this net=
atalk issue:
>>>>=20
>>>> ```
>>>> [root(a)ipfireAPU ~]# cat /var/log/afpd.log
>>>> Aug 16 17:06:22.314909 afpd[12975] {fault.c:123} (severe:Default): =3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D
>>>> Aug 16 17:06:22.314995 afpd[12975] {fault.c:124} (severe:Default): INTER=
NAL ERROR: Signal 11 in pid 12975 (3.1.13)
>>>> Aug 16 17:06:22.315032 afpd[12975] {fault.c:125} (severe:Default): =3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D
>>>> Aug 16 17:06:22.316206 afpd[12975] {fault.c:96} (severe:Default): PANIC:=
 internal error
>>>> Aug 16 17:06:22.316252 afpd[12975] {fault.c:97} (severe:Default): BACKTR=
ACE: 13 stack frames:
>>>> Aug 16 17:06:22.316288 afpd[12975] {fault.c:103} (severe:Default): #0 /u=
sr/lib/libatalk.so.18(netatalk_panic+0x39) [0x794f2d563639]
>>>> Aug 16 17:06:22.316326 afpd[12975] {fault.c:103} (severe:Default): #1 /u=
sr/lib/libatalk.so.18(+0x3a78e) [0x794f2d56378e]
>>>> Aug 16 17:06:22.316380 afpd[12975] {fault.c:103} (severe:Default): #2 /l=
ib/libc.so.6(+0x3e680) [0x794f2ccbd680]
>>>> Aug 16 17:06:22.316426 afpd[12975] {fault.c:103} (severe:Default): #3 /u=
sr/lib/libatalk.so.18(+0x1d195) [0x794f2d546195]
>>>> Aug 16 17:06:22.316462 afpd[12975] {fault.c:103} (severe:Default): #4 /u=
sr/lib/libatalk.so.18(ad_open+0x4ba) [0x794f2d54768a]
>>>> Aug 16 17:06:22.316498 afpd[12975] {fault.c:103} (severe:Default): #5 /u=
sr/sbin/afpd() [0x43093f]
>>>> Aug 16 17:06:22.316533 afpd[12975] {fault.c:103} (severe:Default): #6 /u=
sr/sbin/afpd() [0x4316a1]
>>>> Aug 16 17:06:22.316567 afpd[12975] {fault.c:103} (severe:Default): #7 /u=
sr/sbin/afpd(afp_openvol+0x354) [0x431d34]
>>>> Aug 16 17:06:22.316628 afpd[12975] {fault.c:103} (severe:Default): #8 /u=
sr/sbin/afpd(afp_over_dsi+0x698) [0x40f448]
>>>> Aug 16 17:06:22.316664 afpd[12975] {fault.c:103} (severe:Default): #9 /u=
sr/sbin/afpd(main+0x9d5) [0x40d255]
>>>> Aug 16 17:06:22.316699 afpd[12975] {fault.c:103} (severe:Default): #10 /=
lib/libc.so.6(+0x29590) [0x794f2cca8590]
>>>> Aug 16 17:06:22.316734 afpd[12975] {fault.c:103} (severe:Default): #11 /=
lib/libc.so.6(__libc_start_main+0x80) [0x794f2cca8640]
>>>> Aug 16 17:06:22.316770 afpd[12975] {fault.c:103} (severe:Default): #12 /=
usr/sbin/afpd(_start+0x25) [0x40d5b5]
>>>> . . .
>>>> ```
>>>>=20
>>>> Adolf found it was a known bug.
>>>> https://sourceforge.net/p/netatalk/bugs/670/ <https://sourceforge.net/p/=
netatalk/bugs/670/>
>>>>=20
>>>> But it doesn=E2=80=99t seem like it has been fixed by the Netatalk team =
yet.
>>>>=20
>>>> Thank you!
>>>> Jon
>>>>=20
>>>>=20
>>>>> On Aug 5, 2022, at 4:08 AM, Peter M=C3=BCller <peter.mueller(a)ipfire.o=
rg> wrote:
>>>>>=20
>>>>> Reviewed-by: Peter M=C3=BCller <peter.mueller(a)ipfire.org>
>>>>>=20
>>>>>> - this releases fixes the following major security issues:
>>>>>> CVE-2021-31439, CVE-2022-23121, CVE-2022-23122, CVE-2022-23123,
>>>>>> CVE-2022-23124, CVE-2022-23125 and CVE-2022-0194.
>>>>>> - FIX: afpd: make a variable declaration a definition
>>>>>> - UPD: Remove bundled libevent
>>>>>>=20
>>>>>> Signed-off-by: Jon Murphy <jon.murphy(a)ipfire.org>
>>>>>> ---
>>>>>> lfs/netatalk | 8 ++++----
>>>>>> 1 file changed, 4 insertions(+), 4 deletions(-)
>>>>>>=20
>>>>>> diff --git a/lfs/netatalk b/lfs/netatalk
>>>>>> index ef75c89fe..7a91fa948 100644
>>>>>> --- a/lfs/netatalk
>>>>>> +++ b/lfs/netatalk
>>>>>> @@ -1,7 +1,7 @@
>>>>>> ######################################################################=
#########
>>>>>> # #
>>>>>> # IPFire.org - A linux based firewall #
>>>>>> -# Copyright (C) 2007-2018 IPFire Team <info(a)ipfire.org> #
>>>>>> +# Copyright (C) 2007-2022 IPFire Team <info(a)ipfire.org> #
>>>>>> # #
>>>>>> # This program is free software: you can redistribute it and/or modify=
 #
>>>>>> # it under the terms of the GNU General Public License as published by=
 #
>>>>>> @@ -26,7 +26,7 @@ include Config
>>>>>>=20
>>>>>> SUMMARY =3D AppleShare file server
>>>>>>=20
>>>>>> -VER =3D 3.1.12
>>>>>> +VER =3D 3.1.13
>>>>>>=20
>>>>>> THISAPP =3D netatalk-$(VER)
>>>>>> DL_FILE =3D $(THISAPP).tar.gz
>>>>>> @@ -34,7 +34,7 @@ DL_FROM =3D $(URL_IPFIRE)
>>>>>> DIR_APP =3D $(DIR_SRC)/$(THISAPP)
>>>>>> TARGET =3D $(DIR_INFO)/$(THISAPP)
>>>>>> PROG =3D netatalk
>>>>>> -PAK_VER =3D 3
>>>>>> +PAK_VER =3D 4
>>>>>>=20
>>>>>> DEPS =3D avahi dbus
>>>>>>=20
>>>>>> @@ -50,7 +50,7 @@ objects =3D $(DL_FILE)
>>>>>>=20
>>>>>> $(DL_FILE) =3D $(DL_FROM)/$(DL_FILE)
>>>>>>=20
>>>>>> -$(DL_FILE)_BLAKE2 =3D 912bb85045952202becc42899f87ada33427ded987de6c7=
a6b56c061c1eb6d1a96d95a1700522bfe2119c6db8bbec94eeb4c64c480f59ff7d40654239070=
5efc
>>>>>> +$(DL_FILE)_BLAKE2 =3D 2849e2a5b436f9965e0dd2aedf5078c560c78f45c1c86fb=
dea39228266b8fbcc096a3a62a08bd626b8b700fde4dd65d99f71f04478e129f6ec61c2ed7184=
780d
>>>>>>=20
>>>>>> install : $(TARGET)
>=20
> --=20
> Sent from my laptop


--===============1022847756260563487==--