| Summary: | netatalk new security issue CVE-2022-22995 | ||
|---|---|---|---|
| Product: | Mageia | Reporter: | Nicolas Salguero <nicolas.salguero> |
| Component: | Security | Assignee: | QA Team <qa-bugs> |
| Status: | RESOLVED FIXED | QA Contact: | Sec team <security> |
| Severity: | normal | ||
| Priority: | Normal | CC: | andrewsfarm, geiger.david68210, sysadmin-bugs |
| Version: | 9 | Keywords: | advisory, validated_update |
| Target Milestone: | --- | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Whiteboard: | MGA9-64-OK | ||
| Source RPM: | netatalk-3.1.14-2.mga9.src.rpm | CVE: | CVE-2022-22995 |
| Status comment: | Packages in comment #10 | ||
|
Description
Nicolas Salguero
2024-05-28 15:30:04 CEST
Nicolas Salguero
2024-05-28 15:30:37 CEST
CVE:
(none) =>
CVE-2022-22995 For Mageia 9, there was no problem building netatalk-3.1.14-2.1.mga9, that contains the patch. For Cauldron, the build fails with: """ checking for 64 bit off_t... no checking if large file support is available... no configure: error: AFP 3.x support requires Large File Support. """ Cauldron fixed updating to latest 3.1.18 release! Version:
Cauldron =>
9 Would be good if at less provide the package list when assign to QA Packages in 9/core/updates_testing i586: libnetatalk-devel-3.1.14-2.1.mga9.i586.rpm libnetatalk18-3.1.14-2.1.mga9.i586.rpm netatalk-3.1.14-2.1.mga9.i586.rpm # Packages: 3 x86_64: lib64netatalk-devel-3.1.14-2.1.mga9.x86_64.rpm lib64netatalk18-3.1.14-2.1.mga9.x86_64.rpm netatalk-3.1.14-2.1.mga9.x86_64.rpm # Packages: 3 SRPM: netatalk-3.1.14-2.1.mga9.src.rpm
katnatek
2024-05-29 03:26:16 CEST
Keywords:
(none) =>
advisory RH mageia 9 x86_64
Again I not have the current version on my system
LC_ALL=C urpmi /home/katnatek/qa-testing/x86_64/*.rpmTo satisfy dependencies, the following packages are going to be installed:
Package Version Release Arch
(medium "Core Release (distrib1)")
lib64acl-devel 2.3.1 2.mga9 x86_64
lib64nsl-devel 1.3.0 3.mga9 x86_64
lib64tdb-devel 1.4.7 2.mga9 x86_64
lib64tirpc-devel 1.3.3 1.mga9 x86_64
lib64wrap-devel 7.6 53.mga9 x86_64
(command line)
lib64netatalk-devel 3.1.14 2.1.mga9 x86_64
lib64netatalk18 3.1.14 2.1.mga9 x86_64
netatalk 3.1.14 2.1.mga9 x86_64
2.7MB of additional disk space will be used.
957KB of packages will be retrieved.
Proceed with the installation of the 8 packages? (Y/n) Y
https://mirror.math.princeton.edu/pub/mageia/distrib/9/x86_64/media/core/release/lib64tirpc-devel-1.3.3-1.mga9.x86_64.rpm
https://mirror.math.princeton.edu/pub/mageia/distrib/9/x86_64/media/core/release/lib64tdb-devel-1.4.7-2.mga9.x86_64.rpm
https://mirror.math.princeton.edu/pub/mageia/distrib/9/x86_64/media/core/release/lib64wrap-devel-7.6-53.mga9.x86_64.rpm
https://mirror.math.princeton.edu/pub/mageia/distrib/9/x86_64/media/core/release/lib64nsl-devel-1.3.0-3.mga9.x86_64.rpm
https://mirror.math.princeton.edu/pub/mageia/distrib/9/x86_64/media/core/release/lib64acl-devel-2.3.1-2.mga9.x86_64.rpm
installing /home/katnatek/qa-testing/x86_64/netatalk-3.1.14-2.1.mga9.x86_64.rpm
/home/katnatek/qa-testing/x86_64/lib64netatalk18-3.1.14-2.1.mga9.x86_64.rpm
/var/cache/urpmi/rpms/lib64acl-devel-2.3.1-2.mga9.x86_64.rpm
/var/cache/urpmi/rpms/lib64wrap-devel-7.6-53.mga9.x86_64.rpm
/var/cache/urpmi/rpms/lib64nsl-devel-1.3.0-3.mga9.x86_64.rpm
/home/katnatek/qa-testing/x86_64/lib64netatalk-devel-3.1.14-2.1.mga9.x86_64.rpm
/var/cache/urpmi/rpms/lib64tirpc-devel-1.3.3-1.mga9.x86_64.rpm
/var/cache/urpmi/rpms/lib64tdb-devel-1.4.7-2.mga9.x86_64.rpm
Preparing... ##################################################################################################
1/8: lib64netatalk18 ##################################################################################################
2/8: lib64tdb-devel ##################################################################################################
3/8: lib64tirpc-devel ##################################################################################################
4/8: lib64nsl-devel ##################################################################################################
5/8: lib64wrap-devel ##################################################################################################
6/8: lib64acl-devel ##################################################################################################
7/8: lib64netatalk-devel ##################################################################################################
8/8: netatalk ##################################################################################################
Produce a fail that is not in previous round bug#31255 comment#7
systemctl start netatalk
systemctl -l status netatalk
● netatalk.service - Netatalk AFP fileserver for Macintosh clients
Loaded: loaded (/usr/lib/systemd/system/netatalk.service; disabled; preset: disabled)
Active: active (running) since Tue 2024-05-28 19:31:53 CST; 10s ago
Docs: man:afp.conf(5)
man:netatalk(8)
man:afpd(8)
man:cnid_metad(8)
man:cnid_dbd(8)
http://netatalk.sourceforge.net/
Process: 136117 ExecStartPre=/usr/bin/systemd-tmpfiles --create /usr/lib/tmpfiles.d/netatalk.conf (code=exited, status=1/FAILURE)
Process: 136118 ExecStart=/usr/sbin/netatalk (code=exited, status=0/SUCCESS)
Main PID: 136120 (netatalk)
Tasks: 4 (limit: 6904)
Memory: 3.8M
CPU: 398ms
CGroup: /system.slice/netatalk.service
├─136120 /usr/sbin/netatalk
├─136121 /usr/sbin/afpd -d -F /etc/netatalk/afp.conf
└─136122 /usr/sbin/cnid_metad -d -F /etc/netatalk/afp.conf
may 28 19:31:53 phoenix systemd[1]: Starting netatalk.service...
may 28 19:31:53 phoenix systemd-tmpfiles[136117]: Failed to open '/usr/lib/tmpfiles.d/netatalk.conf': No such file or directory
may 28 19:31:53 phoenix systemd[1]: netatalk.service: Can't open PID file /var/lock/netatalk (yet?) after start: No such file or dir>
may 28 19:31:53 phoenix netatalk[136120]: Netatalk AFP server starting
may 28 19:31:53 phoenix systemd[1]: Started netatalk.service.
may 28 19:31:53 phoenix cnid_metad[136122]: CNID Server listening on localhost:4700
may 28 19:31:53 phoenix netatalk[136120]: Registered with Zeroconf
may 28 19:31:53 phoenix afpd[136121]: Netatalk AFP/TCP listening on fe80::e269:95ff:fedd:cd47:548Keywords:
(none) =>
feedback Hi, When netatalk-3.1.14-2.2.mga9 is built, could you try to see if it solves the problem, please? Best regards, Nico.
Nicolas Salguero
2024-05-29 14:10:49 CEST
Status:
NEW =>
ASSIGNED RH mageia 9 x86_64
LC_ALL=C urpmi /home/katnatek/qa-testing/x86_64/*.rpm
To satisfy dependencies, the following packages are going to be installed:
Package Version Release Arch
(medium "Core Release (distrib1)")
lib64acl-devel 2.3.1 2.mga9 x86_64
lib64nsl-devel 1.3.0 3.mga9 x86_64
lib64tdb-devel 1.4.7 2.mga9 x86_64
lib64tirpc-devel 1.3.3 1.mga9 x86_64
lib64wrap-devel 7.6 53.mga9 x86_64
(command line)
lib64netatalk-devel 3.1.14 2.2.mga9 x86_64
lib64netatalk18 3.1.14 2.2.mga9 x86_64
netatalk 3.1.14 2.2.mga9 x86_64
2.7MB of additional disk space will be used.
957KB of packages will be retrieved.
Proceed with the installation of the 8 packages? (Y/n) y
https://mirror.math.princeton.edu/pub/mageia/distrib/9/x86_64/media/core/release/lib64tdb-devel-1.4.7-2.mga9.x86_64.rpm
https://mirror.math.princeton.edu/pub/mageia/distrib/9/x86_64/media/core/release/lib64tirpc-devel-1.3.3-1.mga9.x86_64.rpm
https://mirror.math.princeton.edu/pub/mageia/distrib/9/x86_64/media/core/release/lib64wrap-devel-7.6-53.mga9.x86_64.rpm
https://mirror.math.princeton.edu/pub/mageia/distrib/9/x86_64/media/core/release/lib64nsl-devel-1.3.0-3.mga9.x86_64.rpm
https://mirror.math.princeton.edu/pub/mageia/distrib/9/x86_64/media/core/release/lib64acl-devel-2.3.1-2.mga9.x86_64.rpm
installing /var/cache/urpmi/rpms/lib64tirpc-devel-1.3.3-1.mga9.x86_64.rpm
/var/cache/urpmi/rpms/lib64tdb-devel-1.4.7-2.mga9.x86_64.rpm
/home/katnatek/qa-testing/x86_64/lib64netatalk-devel-3.1.14-2.2.mga9.x86_64.rpm
/home/katnatek/qa-testing/x86_64/netatalk-3.1.14-2.2.mga9.x86_64.rpm
/var/cache/urpmi/rpms/lib64acl-devel-2.3.1-2.mga9.x86_64.rpm
/var/cache/urpmi/rpms/lib64wrap-devel-7.6-53.mga9.x86_64.rpm
/home/katnatek/qa-testing/x86_64/lib64netatalk18-3.1.14-2.2.mga9.x86_64.rpm
/var/cache/urpmi/rpms/lib64nsl-devel-1.3.0-3.mga9.x86_64.rpm
Preparing... ##################################################################################################
1/8: lib64netatalk18 ##################################################################################################
2/8: lib64acl-devel ##################################################################################################
3/8: lib64tdb-devel ##################################################################################################
4/8: lib64tirpc-devel ##################################################################################################
5/8: lib64nsl-devel ##################################################################################################
6/8: lib64wrap-devel ##################################################################################################
7/8: lib64netatalk-devel ##################################################################################################
8/8: netatalk ##################################################################################################
systemctl start netatalk
Job for netatalk.service failed because a timeout was exceeded.
See "systemctl status netatalk.service" and "journalctl -xeu netatalk.service" for details.
systemctl -l status netatalk
● netatalk.service - Netatalk AFP fileserver for Macintosh clients
Loaded: loaded (/usr/lib/systemd/system/netatalk.service; disabled; preset: disabled)
Active: activating (start) since Wed 2024-05-29 12:16:04 CST; 9s ago
Docs: man:afp.conf(5)
man:netatalk(8)
man:afpd(8)
man:cnid_metad(8)
man:cnid_dbd(8)
http://netatalk.sourceforge.net/
Process: 321661 ExecStartPre=/usr/bin/systemd-tmpfiles --create /usr/lib/tmpfiles.d/netatalk.conf (code=exited, status=0/SUCCESS)
Process: 321662 ExecStart=/usr/sbin/netatalk (code=exited, status=0/SUCCESS)
Tasks: 0 (limit: 6904)
Memory: 8.0K
CPU: 14ms
CGroup: /system.slice/netatalk.service
may 29 12:16:04 phoenix systemd[1]: Starting netatalk.service...
may 29 12:16:04 phoenix systemd[1]: netatalk.service: Can't convert PID files /var/lock/netatalk O_PATH file descriptor to proper fi>
may 29 12:16:04 phoenix systemd[1]: netatalk.service: Can't convert PID files /var/lock/netatalk O_PATH file descriptor to proper fi>
lines 1-19/19 (END)
Looks that still have some issues
Hi, netatalk-3.1.14-2.3.mga9 should really fix the problem (and netatalk-3.1.18-2.mga10 too). Best regards, Nico. RH mageia 9 x86_64
LC_ALL=C urpmi /home/katnatek/qa-testing/x86_64/*.rpm
To satisfy dependencies, the following packages are going to be installed:
Package Version Release Arch
(medium "Core Release (distrib1)")
lib64nsl-devel 1.3.0 3.mga9 x86_64
lib64tdb-devel 1.4.7 2.mga9 x86_64
lib64tirpc-devel 1.3.3 1.mga9 x86_64
lib64wrap-devel 7.6 53.mga9 x86_64
(command line)
lib64netatalk-devel 3.1.14 2.3.mga9 x86_64
lib64netatalk18 3.1.14 2.3.mga9 x86_64
netatalk 3.1.14 2.3.mga9 x86_64
2.2MB of additional disk space will be used.
825KB of packages will be retrieved.
Proceed with the installation of the 7 packages? (Y/n) y
https://mirror.math.princeton.edu/pub/mageia/distrib/9/x86_64/media/core/release/lib64tdb-devel-1.4.7-2.mga9.x86_64.rpm
https://mirror.math.princeton.edu/pub/mageia/distrib/9/x86_64/media/core/release/lib64wrap-devel-7.6-53.mga9.x86_64.rpm
https://mirror.math.princeton.edu/pub/mageia/distrib/9/x86_64/media/core/release/lib64nsl-devel-1.3.0-3.mga9.x86_64.rpm
https://mirror.math.princeton.edu/pub/mageia/distrib/9/x86_64/media/core/release/lib64tirpc-devel-1.3.3-1.mga9.x86_64.rpm
installing /home/katnatek/qa-testing/x86_64/lib64netatalk18-3.1.14-2.3.mga9.x86_64.rpm
/home/katnatek/qa-testing/x86_64/netatalk-3.1.14-2.3.mga9.x86_64.rpm
/var/cache/urpmi/rpms/lib64tdb-devel-1.4.7-2.mga9.x86_64.rpm
/var/cache/urpmi/rpms/lib64wrap-devel-7.6-53.mga9.x86_64.rpm
/home/katnatek/qa-testing/x86_64/lib64netatalk-devel-3.1.14-2.3.mga9.x86_64.rpm
/var/cache/urpmi/rpms/lib64nsl-devel-1.3.0-3.mga9.x86_64.rpm
/var/cache/urpmi/rpms/lib64tirpc-devel-1.3.3-1.mga9.x86_64.rpm
Preparing... ##################################################################################################
1/7: lib64netatalk18 ##################################################################################################
2/7: lib64tirpc-devel ##################################################################################################
3/7: lib64nsl-devel ##################################################################################################
4/7: lib64wrap-devel ##################################################################################################
5/7: lib64tdb-devel ##################################################################################################
6/7: lib64netatalk-devel ##################################################################################################
systemctl start netatalk
ystemctl -l status netatalk
● netatalk.service - Netatalk AFP fileserver for Macintosh clients
Loaded: loaded (/usr/lib/systemd/system/netatalk.service; disabled; preset: disabled)
Active: active (running) since Thu 2024-05-30 11:20:41 CST; 14s ago
Docs: man:afp.conf(5)
man:netatalk(8)
man:afpd(8)
man:cnid_metad(8)
man:cnid_dbd(8)
http://netatalk.sourceforge.net/
Process: 94830 ExecStartPre=/usr/bin/systemd-tmpfiles --create /usr/lib/tmpfiles.d/netatalk.conf (code=exited, status=0/SUCCESS)
Process: 94833 ExecStart=/usr/sbin/netatalk (code=exited, status=0/SUCCESS)
Main PID: 94842 (netatalk)
Tasks: 4 (limit: 6904)
Memory: 4.0M
CPU: 575ms
CGroup: /system.slice/netatalk.service
├─94842 /usr/sbin/netatalk
├─94843 /usr/sbin/afpd -d -F /etc/netatalk/afp.conf
└─94844 /usr/sbin/cnid_metad -d -F /etc/netatalk/afp.conf
may 30 11:20:41 phoenix systemd[1]: Starting netatalk.service...
may 30 11:20:41 phoenix systemd[1]: netatalk.service: Can't open PID file /run/lock/netatalk/netatalk (yet?) after start: No such fi>
may 30 11:20:41 phoenix netatalk[94842]: Netatalk AFP server starting
may 30 11:20:41 phoenix systemd[1]: Started netatalk.service.
may 30 11:20:41 phoenix cnid_metad[94844]: CNID Server listening on localhost:4700
may 30 11:20:41 phoenix netatalk[94842]: Registered with Zeroconf
may 30 11:20:42 phoenix afpd[94843]: Netatalk AFP/TCP listening on fe80::e269:95ff:fedd:cd47:548
Reun the pea.py script in Bug#30287 comment#5
This time all looks consistent with bug#31255 comment#7
Hope this is good enoughKeywords:
feedback =>
(none) Advisory updated Packages in 9/core/updates_testing i586: libnetatalk-devel-3.1.14-2.3.mga9.i586.rpm libnetatalk18-3.1.14-2.3.mga9.i586.rpm netatalk-3.1.14-2.3.mga9.i586.rpm # Packages: 3 x86_64: lib64netatalk-devel-3.1.14-2.3.mga9.x86_64.rpm lib64netatalk18-3.1.14-2.3.mga9.x86_64.rpm netatalk-3.1.14-2.3.mga9.x86_64.rpm # Packages: 3 SRPM: netatalk-3.1.14-2.3.mga9.src.rpm
katnatek
2024-05-30 19:35:28 CEST
Status comment:
(none) =>
Packages in comment #10 Looks good enough to me. Validating. CC:
(none) =>
sysadmin-bugs An update for this issue has been pushed to the Mageia Updates repository. https://advisories.mageia.org/MGASA-2024-0201.html Status:
ASSIGNED =>
RESOLVED |