- this releases fixes the following major security issues: CVE-2021-31439, CVE-2022-23121, CVE-2022-23122, CVE-2022-23123, CVE-2022-23124, CVE-2022-23125 and CVE-2022-0194. - FIX: afpd: make a variable declaration a definition - UPD: Remove bundled libevent
Signed-off-by: Jon Murphy jon.murphy@ipfire.org --- lfs/netatalk | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-)
diff --git a/lfs/netatalk b/lfs/netatalk index ef75c89fe..7a91fa948 100644 --- a/lfs/netatalk +++ b/lfs/netatalk @@ -1,7 +1,7 @@ ############################################################################### # # # IPFire.org - A linux based firewall # -# Copyright (C) 2007-2018 IPFire Team info@ipfire.org # +# Copyright (C) 2007-2022 IPFire Team info@ipfire.org # # # # This program is free software: you can redistribute it and/or modify # # it under the terms of the GNU General Public License as published by # @@ -26,7 +26,7 @@ include Config
SUMMARY = AppleShare file server
-VER = 3.1.12 +VER = 3.1.13
THISAPP = netatalk-$(VER) DL_FILE = $(THISAPP).tar.gz @@ -34,7 +34,7 @@ DL_FROM = $(URL_IPFIRE) DIR_APP = $(DIR_SRC)/$(THISAPP) TARGET = $(DIR_INFO)/$(THISAPP) PROG = netatalk -PAK_VER = 3 +PAK_VER = 4
DEPS = avahi dbus
@@ -50,7 +50,7 @@ objects = $(DL_FILE)
$(DL_FILE) = $(DL_FROM)/$(DL_FILE)
-$(DL_FILE)_BLAKE2 = 912bb85045952202becc42899f87ada33427ded987de6c7a6b56c061c1eb6d1a96d95a1700522bfe2119c6db8bbec94eeb4c64c480f59ff7d406542390705efc +$(DL_FILE)_BLAKE2 = 2849e2a5b436f9965e0dd2aedf5078c560c78f45c1c86fbdea39228266b8fbcc096a3a62a08bd626b8b700fde4dd65d99f71f04478e129f6ec61c2ed7184780d
install : $(TARGET)
Reviewed-by: Peter Müller peter.mueller@ipfire.org
- this releases fixes the following major security issues: CVE-2021-31439, CVE-2022-23121, CVE-2022-23122, CVE-2022-23123, CVE-2022-23124, CVE-2022-23125 and CVE-2022-0194.
- FIX: afpd: make a variable declaration a definition
- UPD: Remove bundled libevent
Signed-off-by: Jon Murphy jon.murphy@ipfire.org
lfs/netatalk | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-)
diff --git a/lfs/netatalk b/lfs/netatalk index ef75c89fe..7a91fa948 100644 --- a/lfs/netatalk +++ b/lfs/netatalk @@ -1,7 +1,7 @@ ############################################################################### # # # IPFire.org - A linux based firewall # -# Copyright (C) 2007-2018 IPFire Team info@ipfire.org # +# Copyright (C) 2007-2022 IPFire Team info@ipfire.org # # # # This program is free software: you can redistribute it and/or modify # # it under the terms of the GNU General Public License as published by # @@ -26,7 +26,7 @@ include Config
SUMMARY = AppleShare file server
-VER = 3.1.12 +VER = 3.1.13
THISAPP = netatalk-$(VER) DL_FILE = $(THISAPP).tar.gz @@ -34,7 +34,7 @@ DL_FROM = $(URL_IPFIRE) DIR_APP = $(DIR_SRC)/$(THISAPP) TARGET = $(DIR_INFO)/$(THISAPP) PROG = netatalk -PAK_VER = 3 +PAK_VER = 4
DEPS = avahi dbus
@@ -50,7 +50,7 @@ objects = $(DL_FILE)
$(DL_FILE) = $(DL_FROM)/$(DL_FILE)
-$(DL_FILE)_BLAKE2 = 912bb85045952202becc42899f87ada33427ded987de6c7a6b56c061c1eb6d1a96d95a1700522bfe2119c6db8bbec94eeb4c64c480f59ff7d406542390705efc +$(DL_FILE)_BLAKE2 = 2849e2a5b436f9965e0dd2aedf5078c560c78f45c1c86fbdea39228266b8fbcc096a3a62a08bd626b8b700fde4dd65d99f71f04478e129f6ec61c2ed7184780d
install : $(TARGET)
Hey Peter!
Please revert this patch.
During my testing of CU 170 (master/ef7d41ef) I stumbled across this netatalk issue:
``` [root@ipfireAPU ~]# cat /var/log/afpd.log Aug 16 17:06:22.314909 afpd[12975] {fault.c:123} (severe:Default): =============================================================== Aug 16 17:06:22.314995 afpd[12975] {fault.c:124} (severe:Default): INTERNAL ERROR: Signal 11 in pid 12975 (3.1.13) Aug 16 17:06:22.315032 afpd[12975] {fault.c:125} (severe:Default): =============================================================== Aug 16 17:06:22.316206 afpd[12975] {fault.c:96} (severe:Default): PANIC: internal error Aug 16 17:06:22.316252 afpd[12975] {fault.c:97} (severe:Default): BACKTRACE: 13 stack frames: Aug 16 17:06:22.316288 afpd[12975] {fault.c:103} (severe:Default): #0 /usr/lib/libatalk.so.18(netatalk_panic+0x39) [0x794f2d563639] Aug 16 17:06:22.316326 afpd[12975] {fault.c:103} (severe:Default): #1 /usr/lib/libatalk.so.18(+0x3a78e) [0x794f2d56378e] Aug 16 17:06:22.316380 afpd[12975] {fault.c:103} (severe:Default): #2 /lib/libc.so.6(+0x3e680) [0x794f2ccbd680] Aug 16 17:06:22.316426 afpd[12975] {fault.c:103} (severe:Default): #3 /usr/lib/libatalk.so.18(+0x1d195) [0x794f2d546195] Aug 16 17:06:22.316462 afpd[12975] {fault.c:103} (severe:Default): #4 /usr/lib/libatalk.so.18(ad_open+0x4ba) [0x794f2d54768a] Aug 16 17:06:22.316498 afpd[12975] {fault.c:103} (severe:Default): #5 /usr/sbin/afpd() [0x43093f] Aug 16 17:06:22.316533 afpd[12975] {fault.c:103} (severe:Default): #6 /usr/sbin/afpd() [0x4316a1] Aug 16 17:06:22.316567 afpd[12975] {fault.c:103} (severe:Default): #7 /usr/sbin/afpd(afp_openvol+0x354) [0x431d34] Aug 16 17:06:22.316628 afpd[12975] {fault.c:103} (severe:Default): #8 /usr/sbin/afpd(afp_over_dsi+0x698) [0x40f448] Aug 16 17:06:22.316664 afpd[12975] {fault.c:103} (severe:Default): #9 /usr/sbin/afpd(main+0x9d5) [0x40d255] Aug 16 17:06:22.316699 afpd[12975] {fault.c:103} (severe:Default): #10 /lib/libc.so.6(+0x29590) [0x794f2cca8590] Aug 16 17:06:22.316734 afpd[12975] {fault.c:103} (severe:Default): #11 /lib/libc.so.6(__libc_start_main+0x80) [0x794f2cca8640] Aug 16 17:06:22.316770 afpd[12975] {fault.c:103} (severe:Default): #12 /usr/sbin/afpd(_start+0x25) [0x40d5b5] . . . ```
Adolf found it was a known bug. https://sourceforge.net/p/netatalk/bugs/670/ https://sourceforge.net/p/netatalk/bugs/670/
But it doesn’t seem like it has been fixed by the Netatalk team yet.
Thank you! Jon
On Aug 5, 2022, at 4:08 AM, Peter Müller peter.mueller@ipfire.org wrote:
Reviewed-by: Peter Müller peter.mueller@ipfire.org
- this releases fixes the following major security issues: CVE-2021-31439, CVE-2022-23121, CVE-2022-23122, CVE-2022-23123, CVE-2022-23124, CVE-2022-23125 and CVE-2022-0194.
- FIX: afpd: make a variable declaration a definition
- UPD: Remove bundled libevent
Signed-off-by: Jon Murphy jon.murphy@ipfire.org
lfs/netatalk | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-)
diff --git a/lfs/netatalk b/lfs/netatalk index ef75c89fe..7a91fa948 100644 --- a/lfs/netatalk +++ b/lfs/netatalk @@ -1,7 +1,7 @@ ############################################################################### # # # IPFire.org - A linux based firewall # -# Copyright (C) 2007-2018 IPFire Team info@ipfire.org # +# Copyright (C) 2007-2022 IPFire Team info@ipfire.org # # # # This program is free software: you can redistribute it and/or modify # # it under the terms of the GNU General Public License as published by # @@ -26,7 +26,7 @@ include Config
SUMMARY = AppleShare file server
-VER = 3.1.12 +VER = 3.1.13
THISAPP = netatalk-$(VER) DL_FILE = $(THISAPP).tar.gz @@ -34,7 +34,7 @@ DL_FROM = $(URL_IPFIRE) DIR_APP = $(DIR_SRC)/$(THISAPP) TARGET = $(DIR_INFO)/$(THISAPP) PROG = netatalk -PAK_VER = 3 +PAK_VER = 4
DEPS = avahi dbus
@@ -50,7 +50,7 @@ objects = $(DL_FILE)
$(DL_FILE) = $(DL_FROM)/$(DL_FILE)
-$(DL_FILE)_BLAKE2 = 912bb85045952202becc42899f87ada33427ded987de6c7a6b56c061c1eb6d1a96d95a1700522bfe2119c6db8bbec94eeb4c64c480f59ff7d406542390705efc +$(DL_FILE)_BLAKE2 = 2849e2a5b436f9965e0dd2aedf5078c560c78f45c1c86fbdea39228266b8fbcc096a3a62a08bd626b8b700fde4dd65d99f71f04478e129f6ec61c2ed7184780d
install : $(TARGET)
Hello Jon,
thank you for testing this and reporting back.
I have just reverted your patch (https://git.ipfire.org/?p=ipfire-2.x.git;a=commit;h=0e8a17b2d1a7e61ebb1e25b3...), and will update the changelog for Core Update 170 in due course.
All the best, Peter Müller
Hey Peter!
Please revert this patch.
During my testing of CU 170 (master/ef7d41ef) I stumbled across this netatalk issue:
[root@ipfireAPU ~]# cat /var/log/afpd.log Aug 16 17:06:22.314909 afpd[12975] {fault.c:123} (severe:Default): =============================================================== Aug 16 17:06:22.314995 afpd[12975] {fault.c:124} (severe:Default): INTERNAL ERROR: Signal 11 in pid 12975 (3.1.13) Aug 16 17:06:22.315032 afpd[12975] {fault.c:125} (severe:Default): =============================================================== Aug 16 17:06:22.316206 afpd[12975] {fault.c:96} (severe:Default): PANIC: internal error Aug 16 17:06:22.316252 afpd[12975] {fault.c:97} (severe:Default): BACKTRACE: 13 stack frames: Aug 16 17:06:22.316288 afpd[12975] {fault.c:103} (severe:Default): #0 /usr/lib/libatalk.so.18(netatalk_panic+0x39) [0x794f2d563639] Aug 16 17:06:22.316326 afpd[12975] {fault.c:103} (severe:Default): #1 /usr/lib/libatalk.so.18(+0x3a78e) [0x794f2d56378e] Aug 16 17:06:22.316380 afpd[12975] {fault.c:103} (severe:Default): #2 /lib/libc.so.6(+0x3e680) [0x794f2ccbd680] Aug 16 17:06:22.316426 afpd[12975] {fault.c:103} (severe:Default): #3 /usr/lib/libatalk.so.18(+0x1d195) [0x794f2d546195] Aug 16 17:06:22.316462 afpd[12975] {fault.c:103} (severe:Default): #4 /usr/lib/libatalk.so.18(ad_open+0x4ba) [0x794f2d54768a] Aug 16 17:06:22.316498 afpd[12975] {fault.c:103} (severe:Default): #5 /usr/sbin/afpd() [0x43093f] Aug 16 17:06:22.316533 afpd[12975] {fault.c:103} (severe:Default): #6 /usr/sbin/afpd() [0x4316a1] Aug 16 17:06:22.316567 afpd[12975] {fault.c:103} (severe:Default): #7 /usr/sbin/afpd(afp_openvol+0x354) [0x431d34] Aug 16 17:06:22.316628 afpd[12975] {fault.c:103} (severe:Default): #8 /usr/sbin/afpd(afp_over_dsi+0x698) [0x40f448] Aug 16 17:06:22.316664 afpd[12975] {fault.c:103} (severe:Default): #9 /usr/sbin/afpd(main+0x9d5) [0x40d255] Aug 16 17:06:22.316699 afpd[12975] {fault.c:103} (severe:Default): #10 /lib/libc.so.6(+0x29590) [0x794f2cca8590] Aug 16 17:06:22.316734 afpd[12975] {fault.c:103} (severe:Default): #11 /lib/libc.so.6(__libc_start_main+0x80) [0x794f2cca8640] Aug 16 17:06:22.316770 afpd[12975] {fault.c:103} (severe:Default): #12 /usr/sbin/afpd(_start+0x25) [0x40d5b5] . . .Adolf found it was a known bug. https://sourceforge.net/p/netatalk/bugs/670/ https://sourceforge.net/p/netatalk/bugs/670/
But it doesn’t seem like it has been fixed by the Netatalk team yet.
Thank you! Jon
On Aug 5, 2022, at 4:08 AM, Peter Müller peter.mueller@ipfire.org wrote:
Reviewed-by: Peter Müller peter.mueller@ipfire.org
- this releases fixes the following major security issues: CVE-2021-31439, CVE-2022-23121, CVE-2022-23122, CVE-2022-23123, CVE-2022-23124, CVE-2022-23125 and CVE-2022-0194.
- FIX: afpd: make a variable declaration a definition
- UPD: Remove bundled libevent
Signed-off-by: Jon Murphy jon.murphy@ipfire.org
lfs/netatalk | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-)
diff --git a/lfs/netatalk b/lfs/netatalk index ef75c89fe..7a91fa948 100644 --- a/lfs/netatalk +++ b/lfs/netatalk @@ -1,7 +1,7 @@ ############################################################################### # # # IPFire.org - A linux based firewall # -# Copyright (C) 2007-2018 IPFire Team info@ipfire.org # +# Copyright (C) 2007-2022 IPFire Team info@ipfire.org # # # # This program is free software: you can redistribute it and/or modify # # it under the terms of the GNU General Public License as published by # @@ -26,7 +26,7 @@ include Config
SUMMARY = AppleShare file server
-VER = 3.1.12 +VER = 3.1.13
THISAPP = netatalk-$(VER) DL_FILE = $(THISAPP).tar.gz @@ -34,7 +34,7 @@ DL_FROM = $(URL_IPFIRE) DIR_APP = $(DIR_SRC)/$(THISAPP) TARGET = $(DIR_INFO)/$(THISAPP) PROG = netatalk -PAK_VER = 3 +PAK_VER = 4
DEPS = avahi dbus
@@ -50,7 +50,7 @@ objects = $(DL_FILE)
$(DL_FILE) = $(DL_FROM)/$(DL_FILE)
-$(DL_FILE)_BLAKE2 = 912bb85045952202becc42899f87ada33427ded987de6c7a6b56c061c1eb6d1a96d95a1700522bfe2119c6db8bbec94eeb4c64c480f59ff7d406542390705efc +$(DL_FILE)_BLAKE2 = 2849e2a5b436f9965e0dd2aedf5078c560c78f45c1c86fbdea39228266b8fbcc096a3a62a08bd626b8b700fde4dd65d99f71f04478e129f6ec61c2ed7184780d
install : $(TARGET)
Hello Peter,
If you revert a patch like this, you would have to increase PAK_VER and not decrease it.
That way, people will “update” back to the old version because PAK_VER is everything that Pakfire checks.
There is a patch that should fix this available here:
https://cgit.freebsd.org/ports/tree/net/netatalk3/files/patch-libatalk_adoub...
Is anyone happy to give it a try?
-Michael
On 22 Aug 2022, at 07:18, Peter Müller peter.mueller@ipfire.org wrote:
Hello Jon,
thank you for testing this and reporting back.
I have just reverted your patch (https://git.ipfire.org/?p=ipfire-2.x.git;a=commit;h=0e8a17b2d1a7e61ebb1e25b3...), and will update the changelog for Core Update 170 in due course.
All the best, Peter Müller
Hey Peter!
Please revert this patch.
During my testing of CU 170 (master/ef7d41ef) I stumbled across this netatalk issue:
[root@ipfireAPU ~]# cat /var/log/afpd.log Aug 16 17:06:22.314909 afpd[12975] {fault.c:123} (severe:Default): =============================================================== Aug 16 17:06:22.314995 afpd[12975] {fault.c:124} (severe:Default): INTERNAL ERROR: Signal 11 in pid 12975 (3.1.13) Aug 16 17:06:22.315032 afpd[12975] {fault.c:125} (severe:Default): =============================================================== Aug 16 17:06:22.316206 afpd[12975] {fault.c:96} (severe:Default): PANIC: internal error Aug 16 17:06:22.316252 afpd[12975] {fault.c:97} (severe:Default): BACKTRACE: 13 stack frames: Aug 16 17:06:22.316288 afpd[12975] {fault.c:103} (severe:Default): #0 /usr/lib/libatalk.so.18(netatalk_panic+0x39) [0x794f2d563639] Aug 16 17:06:22.316326 afpd[12975] {fault.c:103} (severe:Default): #1 /usr/lib/libatalk.so.18(+0x3a78e) [0x794f2d56378e] Aug 16 17:06:22.316380 afpd[12975] {fault.c:103} (severe:Default): #2 /lib/libc.so.6(+0x3e680) [0x794f2ccbd680] Aug 16 17:06:22.316426 afpd[12975] {fault.c:103} (severe:Default): #3 /usr/lib/libatalk.so.18(+0x1d195) [0x794f2d546195] Aug 16 17:06:22.316462 afpd[12975] {fault.c:103} (severe:Default): #4 /usr/lib/libatalk.so.18(ad_open+0x4ba) [0x794f2d54768a] Aug 16 17:06:22.316498 afpd[12975] {fault.c:103} (severe:Default): #5 /usr/sbin/afpd() [0x43093f] Aug 16 17:06:22.316533 afpd[12975] {fault.c:103} (severe:Default): #6 /usr/sbin/afpd() [0x4316a1] Aug 16 17:06:22.316567 afpd[12975] {fault.c:103} (severe:Default): #7 /usr/sbin/afpd(afp_openvol+0x354) [0x431d34] Aug 16 17:06:22.316628 afpd[12975] {fault.c:103} (severe:Default): #8 /usr/sbin/afpd(afp_over_dsi+0x698) [0x40f448] Aug 16 17:06:22.316664 afpd[12975] {fault.c:103} (severe:Default): #9 /usr/sbin/afpd(main+0x9d5) [0x40d255] Aug 16 17:06:22.316699 afpd[12975] {fault.c:103} (severe:Default): #10 /lib/libc.so.6(+0x29590) [0x794f2cca8590] Aug 16 17:06:22.316734 afpd[12975] {fault.c:103} (severe:Default): #11 /lib/libc.so.6(__libc_start_main+0x80) [0x794f2cca8640] Aug 16 17:06:22.316770 afpd[12975] {fault.c:103} (severe:Default): #12 /usr/sbin/afpd(_start+0x25) [0x40d5b5] . . .Adolf found it was a known bug. https://sourceforge.net/p/netatalk/bugs/670/ https://sourceforge.net/p/netatalk/bugs/670/
But it doesn’t seem like it has been fixed by the Netatalk team yet.
Thank you! Jon
On Aug 5, 2022, at 4:08 AM, Peter Müller peter.mueller@ipfire.org wrote:
Reviewed-by: Peter Müller peter.mueller@ipfire.org
- this releases fixes the following major security issues:
CVE-2021-31439, CVE-2022-23121, CVE-2022-23122, CVE-2022-23123, CVE-2022-23124, CVE-2022-23125 and CVE-2022-0194.
- FIX: afpd: make a variable declaration a definition
- UPD: Remove bundled libevent
Signed-off-by: Jon Murphy jon.murphy@ipfire.org
lfs/netatalk | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-)
diff --git a/lfs/netatalk b/lfs/netatalk index ef75c89fe..7a91fa948 100644 --- a/lfs/netatalk +++ b/lfs/netatalk @@ -1,7 +1,7 @@ ############################################################################### # # # IPFire.org - A linux based firewall # -# Copyright (C) 2007-2018 IPFire Team info@ipfire.org # +# Copyright (C) 2007-2022 IPFire Team info@ipfire.org # # # # This program is free software: you can redistribute it and/or modify # # it under the terms of the GNU General Public License as published by # @@ -26,7 +26,7 @@ include Config
SUMMARY = AppleShare file server
-VER = 3.1.12 +VER = 3.1.13
THISAPP = netatalk-$(VER) DL_FILE = $(THISAPP).tar.gz @@ -34,7 +34,7 @@ DL_FROM = $(URL_IPFIRE) DIR_APP = $(DIR_SRC)/$(THISAPP) TARGET = $(DIR_INFO)/$(THISAPP) PROG = netatalk -PAK_VER = 3 +PAK_VER = 4
DEPS = avahi dbus
@@ -50,7 +50,7 @@ objects = $(DL_FILE)
$(DL_FILE) = $(DL_FROM)/$(DL_FILE)
-$(DL_FILE)_BLAKE2 = 912bb85045952202becc42899f87ada33427ded987de6c7a6b56c061c1eb6d1a96d95a1700522bfe2119c6db8bbec94eeb4c64c480f59ff7d406542390705efc +$(DL_FILE)_BLAKE2 = 2849e2a5b436f9965e0dd2aedf5078c560c78f45c1c86fbdea39228266b8fbcc096a3a62a08bd626b8b700fde4dd65d99f71f04478e129f6ec61c2ed7184780d
install : $(TARGET)
Hi All,
On 22/08/2022 10:45, Michael Tremer wrote:
Hello Peter,
If you revert a patch like this, you would have to increase PAK_VER and not decrease it.
That way, people will “update” back to the old version because PAK_VER is everything that Pakfire checks.
There is a patch that should fix this available here:
https://cgit.freebsd.org/ports/tree/net/netatalk3/files/patch-libatalk_adoub...
Is anyone happy to give it a try?
Jon already tried that out but he got a different set of errors with the patched version. Also in the BSD bug report, although it is closed there was a report at the end of it of errors in the patched version.
Not clear how bad the new errors are but it seemed better to revert back until the new errors were also fixed.
Regards,
Adolf.
-Michael
On 22 Aug 2022, at 07:18, Peter Müller peter.mueller@ipfire.org wrote:
Hello Jon,
thank you for testing this and reporting back.
I have just reverted your patch (https://git.ipfire.org/?p=ipfire-2.x.git;a=commit;h=0e8a17b2d1a7e61ebb1e25b3...), and will update the changelog for Core Update 170 in due course.
All the best, Peter Müller
Hey Peter!
Please revert this patch.
During my testing of CU 170 (master/ef7d41ef) I stumbled across this netatalk issue:
[root@ipfireAPU ~]# cat /var/log/afpd.log Aug 16 17:06:22.314909 afpd[12975] {fault.c:123} (severe:Default): =============================================================== Aug 16 17:06:22.314995 afpd[12975] {fault.c:124} (severe:Default): INTERNAL ERROR: Signal 11 in pid 12975 (3.1.13) Aug 16 17:06:22.315032 afpd[12975] {fault.c:125} (severe:Default): =============================================================== Aug 16 17:06:22.316206 afpd[12975] {fault.c:96} (severe:Default): PANIC: internal error Aug 16 17:06:22.316252 afpd[12975] {fault.c:97} (severe:Default): BACKTRACE: 13 stack frames: Aug 16 17:06:22.316288 afpd[12975] {fault.c:103} (severe:Default): #0 /usr/lib/libatalk.so.18(netatalk_panic+0x39) [0x794f2d563639] Aug 16 17:06:22.316326 afpd[12975] {fault.c:103} (severe:Default): #1 /usr/lib/libatalk.so.18(+0x3a78e) [0x794f2d56378e] Aug 16 17:06:22.316380 afpd[12975] {fault.c:103} (severe:Default): #2 /lib/libc.so.6(+0x3e680) [0x794f2ccbd680] Aug 16 17:06:22.316426 afpd[12975] {fault.c:103} (severe:Default): #3 /usr/lib/libatalk.so.18(+0x1d195) [0x794f2d546195] Aug 16 17:06:22.316462 afpd[12975] {fault.c:103} (severe:Default): #4 /usr/lib/libatalk.so.18(ad_open+0x4ba) [0x794f2d54768a] Aug 16 17:06:22.316498 afpd[12975] {fault.c:103} (severe:Default): #5 /usr/sbin/afpd() [0x43093f] Aug 16 17:06:22.316533 afpd[12975] {fault.c:103} (severe:Default): #6 /usr/sbin/afpd() [0x4316a1] Aug 16 17:06:22.316567 afpd[12975] {fault.c:103} (severe:Default): #7 /usr/sbin/afpd(afp_openvol+0x354) [0x431d34] Aug 16 17:06:22.316628 afpd[12975] {fault.c:103} (severe:Default): #8 /usr/sbin/afpd(afp_over_dsi+0x698) [0x40f448] Aug 16 17:06:22.316664 afpd[12975] {fault.c:103} (severe:Default): #9 /usr/sbin/afpd(main+0x9d5) [0x40d255] Aug 16 17:06:22.316699 afpd[12975] {fault.c:103} (severe:Default): #10 /lib/libc.so.6(+0x29590) [0x794f2cca8590] Aug 16 17:06:22.316734 afpd[12975] {fault.c:103} (severe:Default): #11 /lib/libc.so.6(__libc_start_main+0x80) [0x794f2cca8640] Aug 16 17:06:22.316770 afpd[12975] {fault.c:103} (severe:Default): #12 /usr/sbin/afpd(_start+0x25) [0x40d5b5] . . .Adolf found it was a known bug. https://sourceforge.net/p/netatalk/bugs/670/ https://sourceforge.net/p/netatalk/bugs/670/
But it doesn’t seem like it has been fixed by the Netatalk team yet.
Thank you! Jon
On Aug 5, 2022, at 4:08 AM, Peter Müller peter.mueller@ipfire.org wrote:
Reviewed-by: Peter Müller peter.mueller@ipfire.org
- this releases fixes the following major security issues:
CVE-2021-31439, CVE-2022-23121, CVE-2022-23122, CVE-2022-23123, CVE-2022-23124, CVE-2022-23125 and CVE-2022-0194.
- FIX: afpd: make a variable declaration a definition
- UPD: Remove bundled libevent
Signed-off-by: Jon Murphy jon.murphy@ipfire.org
lfs/netatalk | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-)
diff --git a/lfs/netatalk b/lfs/netatalk index ef75c89fe..7a91fa948 100644 --- a/lfs/netatalk +++ b/lfs/netatalk @@ -1,7 +1,7 @@ ############################################################################### # # # IPFire.org - A linux based firewall # -# Copyright (C) 2007-2018 IPFire Team info@ipfire.org # +# Copyright (C) 2007-2022 IPFire Team info@ipfire.org # # # # This program is free software: you can redistribute it and/or modify # # it under the terms of the GNU General Public License as published by # @@ -26,7 +26,7 @@ include Config
SUMMARY = AppleShare file server
-VER = 3.1.12 +VER = 3.1.13
THISAPP = netatalk-$(VER) DL_FILE = $(THISAPP).tar.gz @@ -34,7 +34,7 @@ DL_FROM = $(URL_IPFIRE) DIR_APP = $(DIR_SRC)/$(THISAPP) TARGET = $(DIR_INFO)/$(THISAPP) PROG = netatalk -PAK_VER = 3 +PAK_VER = 4
DEPS = avahi dbus
@@ -50,7 +50,7 @@ objects = $(DL_FILE)
$(DL_FILE) = $(DL_FROM)/$(DL_FILE)
-$(DL_FILE)_BLAKE2 = 912bb85045952202becc42899f87ada33427ded987de6c7a6b56c061c1eb6d1a96d95a1700522bfe2119c6db8bbec94eeb4c64c480f59ff7d406542390705efc +$(DL_FILE)_BLAKE2 = 2849e2a5b436f9965e0dd2aedf5078c560c78f45c1c86fbdea39228266b8fbcc096a3a62a08bd626b8b700fde4dd65d99f71f04478e129f6ec61c2ed7184780d
install : $(TARGET)
Hello Adolf,
Okay. I can live with that - although there were a couple of CVEs fixed in this release and it would be nice to have them fixed sooner rather than later.
Looks like we will have to wait for upstream. Thanks for looking into this though.
All the best, -Michael
On 22 Aug 2022, at 10:05, Adolf Belka adolf.belka@ipfire.org wrote:
Hi All,
On 22/08/2022 10:45, Michael Tremer wrote:
Hello Peter,
If you revert a patch like this, you would have to increase PAK_VER and not decrease it.
That way, people will “update” back to the old version because PAK_VER is everything that Pakfire checks.
There is a patch that should fix this available here:
https://cgit.freebsd.org/ports/tree/net/netatalk3/files/patch-libatalk_adoub...
Is anyone happy to give it a try?
Jon already tried that out but he got a different set of errors with the patched version. Also in the BSD bug report, although it is closed there was a report at the end of it of errors in the patched version.
Not clear how bad the new errors are but it seemed better to revert back until the new errors were also fixed.
Regards,
Adolf.
-Michael
On 22 Aug 2022, at 07:18, Peter Müller peter.mueller@ipfire.org wrote:
Hello Jon,
thank you for testing this and reporting back.
I have just reverted your patch (https://git.ipfire.org/?p=ipfire-2.x.git;a=commit;h=0e8a17b2d1a7e61ebb1e25b3...), and will update the changelog for Core Update 170 in due course.
All the best, Peter Müller
Hey Peter!
Please revert this patch.
During my testing of CU 170 (master/ef7d41ef) I stumbled across this netatalk issue:
[root@ipfireAPU ~]# cat /var/log/afpd.log Aug 16 17:06:22.314909 afpd[12975] {fault.c:123} (severe:Default): =============================================================== Aug 16 17:06:22.314995 afpd[12975] {fault.c:124} (severe:Default): INTERNAL ERROR: Signal 11 in pid 12975 (3.1.13) Aug 16 17:06:22.315032 afpd[12975] {fault.c:125} (severe:Default): =============================================================== Aug 16 17:06:22.316206 afpd[12975] {fault.c:96} (severe:Default): PANIC: internal error Aug 16 17:06:22.316252 afpd[12975] {fault.c:97} (severe:Default): BACKTRACE: 13 stack frames: Aug 16 17:06:22.316288 afpd[12975] {fault.c:103} (severe:Default): #0 /usr/lib/libatalk.so.18(netatalk_panic+0x39) [0x794f2d563639] Aug 16 17:06:22.316326 afpd[12975] {fault.c:103} (severe:Default): #1 /usr/lib/libatalk.so.18(+0x3a78e) [0x794f2d56378e] Aug 16 17:06:22.316380 afpd[12975] {fault.c:103} (severe:Default): #2 /lib/libc.so.6(+0x3e680) [0x794f2ccbd680] Aug 16 17:06:22.316426 afpd[12975] {fault.c:103} (severe:Default): #3 /usr/lib/libatalk.so.18(+0x1d195) [0x794f2d546195] Aug 16 17:06:22.316462 afpd[12975] {fault.c:103} (severe:Default): #4 /usr/lib/libatalk.so.18(ad_open+0x4ba) [0x794f2d54768a] Aug 16 17:06:22.316498 afpd[12975] {fault.c:103} (severe:Default): #5 /usr/sbin/afpd() [0x43093f] Aug 16 17:06:22.316533 afpd[12975] {fault.c:103} (severe:Default): #6 /usr/sbin/afpd() [0x4316a1] Aug 16 17:06:22.316567 afpd[12975] {fault.c:103} (severe:Default): #7 /usr/sbin/afpd(afp_openvol+0x354) [0x431d34] Aug 16 17:06:22.316628 afpd[12975] {fault.c:103} (severe:Default): #8 /usr/sbin/afpd(afp_over_dsi+0x698) [0x40f448] Aug 16 17:06:22.316664 afpd[12975] {fault.c:103} (severe:Default): #9 /usr/sbin/afpd(main+0x9d5) [0x40d255] Aug 16 17:06:22.316699 afpd[12975] {fault.c:103} (severe:Default): #10 /lib/libc.so.6(+0x29590) [0x794f2cca8590] Aug 16 17:06:22.316734 afpd[12975] {fault.c:103} (severe:Default): #11 /lib/libc.so.6(__libc_start_main+0x80) [0x794f2cca8640] Aug 16 17:06:22.316770 afpd[12975] {fault.c:103} (severe:Default): #12 /usr/sbin/afpd(_start+0x25) [0x40d5b5] . . .Adolf found it was a known bug. https://sourceforge.net/p/netatalk/bugs/670/ https://sourceforge.net/p/netatalk/bugs/670/
But it doesn’t seem like it has been fixed by the Netatalk team yet.
Thank you! Jon
On Aug 5, 2022, at 4:08 AM, Peter Müller peter.mueller@ipfire.org wrote:
Reviewed-by: Peter Müller peter.mueller@ipfire.org
- this releases fixes the following major security issues:
CVE-2021-31439, CVE-2022-23121, CVE-2022-23122, CVE-2022-23123, CVE-2022-23124, CVE-2022-23125 and CVE-2022-0194.
- FIX: afpd: make a variable declaration a definition
- UPD: Remove bundled libevent
Signed-off-by: Jon Murphy jon.murphy@ipfire.org
lfs/netatalk | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-)
diff --git a/lfs/netatalk b/lfs/netatalk index ef75c89fe..7a91fa948 100644 --- a/lfs/netatalk +++ b/lfs/netatalk @@ -1,7 +1,7 @@ ############################################################################### # # # IPFire.org - A linux based firewall # -# Copyright (C) 2007-2018 IPFire Team info@ipfire.org # +# Copyright (C) 2007-2022 IPFire Team info@ipfire.org # # # # This program is free software: you can redistribute it and/or modify # # it under the terms of the GNU General Public License as published by # @@ -26,7 +26,7 @@ include Config
SUMMARY = AppleShare file server
-VER = 3.1.12 +VER = 3.1.13
THISAPP = netatalk-$(VER) DL_FILE = $(THISAPP).tar.gz @@ -34,7 +34,7 @@ DL_FROM = $(URL_IPFIRE) DIR_APP = $(DIR_SRC)/$(THISAPP) TARGET = $(DIR_INFO)/$(THISAPP) PROG = netatalk -PAK_VER = 3 +PAK_VER = 4
DEPS = avahi dbus
@@ -50,7 +50,7 @@ objects = $(DL_FILE)
$(DL_FILE) = $(DL_FROM)/$(DL_FILE)
-$(DL_FILE)_BLAKE2 = 912bb85045952202becc42899f87ada33427ded987de6c7a6b56c061c1eb6d1a96d95a1700522bfe2119c6db8bbec94eeb4c64c480f59ff7d406542390705efc +$(DL_FILE)_BLAKE2 = 2849e2a5b436f9965e0dd2aedf5078c560c78f45c1c86fbdea39228266b8fbcc096a3a62a08bd626b8b700fde4dd65d99f71f04478e129f6ec61c2ed7184780d
install : $(TARGET)
-- Sent from my laptop
Hello Michael,
indeed, thank you for flagging this. I just fixed it in "next".
All the best, Peter Müller
Hello Peter,
If you revert a patch like this, you would have to increase PAK_VER and not decrease it.
That way, people will “update” back to the old version because PAK_VER is everything that Pakfire checks.
There is a patch that should fix this available here:
https://cgit.freebsd.org/ports/tree/net/netatalk3/files/patch-libatalk_adoub...
Is anyone happy to give it a try?
-Michael
On 22 Aug 2022, at 07:18, Peter Müller peter.mueller@ipfire.org wrote:
Hello Jon,
thank you for testing this and reporting back.
I have just reverted your patch (https://git.ipfire.org/?p=ipfire-2.x.git;a=commit;h=0e8a17b2d1a7e61ebb1e25b3...), and will update the changelog for Core Update 170 in due course.
All the best, Peter Müller
Hey Peter!
Please revert this patch.
During my testing of CU 170 (master/ef7d41ef) I stumbled across this netatalk issue:
[root@ipfireAPU ~]# cat /var/log/afpd.log Aug 16 17:06:22.314909 afpd[12975] {fault.c:123} (severe:Default): =============================================================== Aug 16 17:06:22.314995 afpd[12975] {fault.c:124} (severe:Default): INTERNAL ERROR: Signal 11 in pid 12975 (3.1.13) Aug 16 17:06:22.315032 afpd[12975] {fault.c:125} (severe:Default): =============================================================== Aug 16 17:06:22.316206 afpd[12975] {fault.c:96} (severe:Default): PANIC: internal error Aug 16 17:06:22.316252 afpd[12975] {fault.c:97} (severe:Default): BACKTRACE: 13 stack frames: Aug 16 17:06:22.316288 afpd[12975] {fault.c:103} (severe:Default): #0 /usr/lib/libatalk.so.18(netatalk_panic+0x39) [0x794f2d563639] Aug 16 17:06:22.316326 afpd[12975] {fault.c:103} (severe:Default): #1 /usr/lib/libatalk.so.18(+0x3a78e) [0x794f2d56378e] Aug 16 17:06:22.316380 afpd[12975] {fault.c:103} (severe:Default): #2 /lib/libc.so.6(+0x3e680) [0x794f2ccbd680] Aug 16 17:06:22.316426 afpd[12975] {fault.c:103} (severe:Default): #3 /usr/lib/libatalk.so.18(+0x1d195) [0x794f2d546195] Aug 16 17:06:22.316462 afpd[12975] {fault.c:103} (severe:Default): #4 /usr/lib/libatalk.so.18(ad_open+0x4ba) [0x794f2d54768a] Aug 16 17:06:22.316498 afpd[12975] {fault.c:103} (severe:Default): #5 /usr/sbin/afpd() [0x43093f] Aug 16 17:06:22.316533 afpd[12975] {fault.c:103} (severe:Default): #6 /usr/sbin/afpd() [0x4316a1] Aug 16 17:06:22.316567 afpd[12975] {fault.c:103} (severe:Default): #7 /usr/sbin/afpd(afp_openvol+0x354) [0x431d34] Aug 16 17:06:22.316628 afpd[12975] {fault.c:103} (severe:Default): #8 /usr/sbin/afpd(afp_over_dsi+0x698) [0x40f448] Aug 16 17:06:22.316664 afpd[12975] {fault.c:103} (severe:Default): #9 /usr/sbin/afpd(main+0x9d5) [0x40d255] Aug 16 17:06:22.316699 afpd[12975] {fault.c:103} (severe:Default): #10 /lib/libc.so.6(+0x29590) [0x794f2cca8590] Aug 16 17:06:22.316734 afpd[12975] {fault.c:103} (severe:Default): #11 /lib/libc.so.6(__libc_start_main+0x80) [0x794f2cca8640] Aug 16 17:06:22.316770 afpd[12975] {fault.c:103} (severe:Default): #12 /usr/sbin/afpd(_start+0x25) [0x40d5b5] . . .Adolf found it was a known bug. https://sourceforge.net/p/netatalk/bugs/670/ https://sourceforge.net/p/netatalk/bugs/670/
But it doesn’t seem like it has been fixed by the Netatalk team yet.
Thank you! Jon
On Aug 5, 2022, at 4:08 AM, Peter Müller peter.mueller@ipfire.org wrote:
Reviewed-by: Peter Müller peter.mueller@ipfire.org
- this releases fixes the following major security issues:
CVE-2021-31439, CVE-2022-23121, CVE-2022-23122, CVE-2022-23123, CVE-2022-23124, CVE-2022-23125 and CVE-2022-0194.
- FIX: afpd: make a variable declaration a definition
- UPD: Remove bundled libevent
Signed-off-by: Jon Murphy jon.murphy@ipfire.org
lfs/netatalk | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-)
diff --git a/lfs/netatalk b/lfs/netatalk index ef75c89fe..7a91fa948 100644 --- a/lfs/netatalk +++ b/lfs/netatalk @@ -1,7 +1,7 @@ ############################################################################### # # # IPFire.org - A linux based firewall # -# Copyright (C) 2007-2018 IPFire Team info@ipfire.org # +# Copyright (C) 2007-2022 IPFire Team info@ipfire.org # # # # This program is free software: you can redistribute it and/or modify # # it under the terms of the GNU General Public License as published by # @@ -26,7 +26,7 @@ include Config
SUMMARY = AppleShare file server
-VER = 3.1.12 +VER = 3.1.13
THISAPP = netatalk-$(VER) DL_FILE = $(THISAPP).tar.gz @@ -34,7 +34,7 @@ DL_FROM = $(URL_IPFIRE) DIR_APP = $(DIR_SRC)/$(THISAPP) TARGET = $(DIR_INFO)/$(THISAPP) PROG = netatalk -PAK_VER = 3 +PAK_VER = 4
DEPS = avahi dbus
@@ -50,7 +50,7 @@ objects = $(DL_FILE)
$(DL_FILE) = $(DL_FROM)/$(DL_FILE)
-$(DL_FILE)_BLAKE2 = 912bb85045952202becc42899f87ada33427ded987de6c7a6b56c061c1eb6d1a96d95a1700522bfe2119c6db8bbec94eeb4c64c480f59ff7d406542390705efc +$(DL_FILE)_BLAKE2 = 2849e2a5b436f9965e0dd2aedf5078c560c78f45c1c86fbdea39228266b8fbcc096a3a62a08bd626b8b700fde4dd65d99f71f04478e129f6ec61c2ed7184780d
install : $(TARGET)
-
Adolf Belka -
Jon Murphy -
Jon Murphy -
Michael Tremer -
Peter Müller