fix CVE-2022-1615

(cherry picked from commit 3a2b98b6e5ec42ffbcd90305ad6dfea94e0eb7d9)

backport-0001-CVE-2022-1615-util-genrand-don-t-ignore-errors-in-random-number-ge.patch

@@ -0,0 +1,94 @@
+From 9849e7440e30853c61a80ce1f11b7b244ed766fe Mon Sep 17 00:00:00 2001
+From: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
+Date: Mon, 5 Aug 2019 00:10:53 +1200
+Subject: [PATCH] util/genrand: don't ignore errors in random number generation
+
+In this case it is probably better to crash out.
+
+BUG: https://bugzilla.samba.org/show_bug.cgi?id=15103
+
+Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
+Reviewed-by: Andreas Schneider <asn@samba.org>
+---
+ lib/util/genrand.c     | 29 ++++++++++++++++++++++++++---
+ lib/util/wscript_build |  2 +-
+ 2 files changed, 27 insertions(+), 4 deletions(-)
+
+diff --git a/lib/util/genrand.c b/lib/util/genrand.c
+index 18ffa0d..fd6f457 100644
+--- a/lib/util/genrand.c
++++ b/lib/util/genrand.c
+@@ -20,6 +20,7 @@
+ */
+ 
+ #include "replace.h"
++#include "lib/util/fault.h"
+ #include "lib/util/genrand.h"
+ 
+ #include <gnutls/gnutls.h>
+@@ -31,10 +32,26 @@
+  * https://nikmav.blogspot.com/2017/03/improving-by-simplifying-gnutls-prng.html
+  */
+ 
++
++_NORETURN_ static void genrand_panic(int err,
++				     const char *location,
++				     const char *func)
++{
++	char buf[200];
++	snprintf(buf, sizeof(buf),
++		 "%s:%s: GnuTLS could not generate a random buffer: %s [%d]\n",
++		 location, func, gnutls_strerror_name(err), err);
++	smb_panic(buf);
++}
++
++
+ _PUBLIC_ void generate_random_buffer(uint8_t *out, int len)
+ {
+ 	/* Random number generator for temporary keys. */
+-	gnutls_rnd(GNUTLS_RND_RANDOM, out, len);
++	int ret = gnutls_rnd(GNUTLS_RND_RANDOM, out, len);
++	if (ret != 0) {
++		genrand_panic(ret, __location__, __func__);
++	}
+ }
+ 
+ _PUBLIC_ void generate_secret_buffer(uint8_t *out, int len)
+@@ -48,7 +65,10 @@ _PUBLIC_ void generate_secret_buffer(uint8_t *out, int len)
+ 	 * the limit for a re-seed. For its re-seed it mixes mixes data obtained
+ 	 * from the OS random device with the previous key.
+ 	 */
+-	gnutls_rnd(GNUTLS_RND_KEY, out, len);
++	int ret = gnutls_rnd(GNUTLS_RND_KEY, out, len);
++	if (ret != 0) {
++		genrand_panic(ret, __location__, __func__);
++	}
+ }
+ 
+ _PUBLIC_ void generate_nonce_buffer(uint8_t *out, int len)
+@@ -60,5 +80,8 @@ _PUBLIC_ void generate_nonce_buffer(uint8_t *out, int len)
+ 	 * bytes (typically few megabytes), or after few hours of operation
+ 	 * without reaching the limit has passed.
+ 	 */
+-	gnutls_rnd(GNUTLS_RND_NONCE, out, len);
++	int ret = gnutls_rnd(GNUTLS_RND_NONCE, out, len);
++	if (ret != 0) {
++		genrand_panic(ret, __location__, __func__);
++	}
+ }
+diff --git a/lib/util/wscript_build b/lib/util/wscript_build
+index df235c1..d26aa4e 100644
+--- a/lib/util/wscript_build
++++ b/lib/util/wscript_build
+@@ -143,7 +143,7 @@ bld.SAMBA_LIBRARY('msghdr',
+ 
+ bld.SAMBA_LIBRARY('genrand',
+                   source='genrand.c',
+-                  deps='replace gnutls',
++                  deps='replace gnutls smb-panic',
+                   local_include=False,
+                   private_library=True)
+ 
+-- 
+1.8.3.1
+

backport-0002-CVE-2022-1615-py-uptodateness-more-details-in-missing-dn-report.patch

@@ -0,0 +1,34 @@
+From ffa84f2e5d335626b5f7311af8d2a7056b3e5c6f Mon Sep 17 00:00:00 2001
+From: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
+Date: Mon, 11 Jul 2022 12:06:54 +1200
+Subject: [PATCH] py/uptodateness: more details in missing dn report
+
+This does not fix bug 15127, but it improves reporting.
+
+https://bugzilla.samba.org/show_bug.cgi?id=15127
+
+Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
+Reviewed-by: Andreas Schneider <asn@samba.org>
+
+Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
+Autobuild-Date(master): Thu Jul 28 06:18:43 UTC 2022 on sn-devel-184
+---
+ python/samba/uptodateness.py | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/python/samba/uptodateness.py b/python/samba/uptodateness.py
+index db1ba53..49c984a 100644
+--- a/python/samba/uptodateness.py
++++ b/python/samba/uptodateness.py
+@@ -147,7 +147,7 @@ def get_utdv_distances(utdv_edges, dsas):
+                     dist = peak - utdv_edges[dn2][dn1]
+                     d[dn2] = dist
+                 else:
+-                    print("Missing dn %s from UTD vector" % dn1,
++                    print(f"Missing dn {dn1} from UTD vector for dsa {dn2}",
+                           file=sys.stderr)
+             else:
+                 print("missing dn %s from UTD vector list" % dn2,
+-- 
+1.8.3.1
+

samba.spec

@@ -49,7 +49,7 @@
 
 Name:           samba
 Version:        4.15.3
-Release:        9
+Release:        10
 
 Summary:        A suite for Linux to interoperate with Windows
 License:        GPLv3+ and LGPLv3+
@@ -93,6 +93,8 @@ Patch23:        0012-CVE-2022-32743-dsdb-modules-acl-Account-for-sAMAccou.patch
 Patch24:        0013-CVE-2022-32743-dsdb-modules-acl-Allow-simultaneous-s.patch
 Patch25:        0014-CVE-2022-32743-s4-rpc_server-common-Add-dcesrv_samdb.patch
 Patch26:        0015-CVE-2022-32743-s4-rpc_server-netlogon-Reconnect-to-s.patch
+Patch27:        backport-0001-CVE-2022-1615-util-genrand-don-t-ignore-errors-in-random-number-ge.patch
+Patch28:        backport-0002-CVE-2022-1615-py-uptodateness-more-details-in-missing-dn-report.patch
 
 BuildRequires: avahi-devel bison dbus-devel docbook-style-xsl e2fsprogs-devel flex gawk gnupg2 gnutls-devel >= 3.4.7 gpgme-devel
 BuildRequires: jansson-devel krb5-devel >= %{required_mit_krb5} libacl-devel libaio-devel libarchive-devel libattr-devel 
@@ -3416,6 +3418,12 @@ fi
 %endif
 
 %changelog
+* Wed Aug 31 2022 zhouyihang <zhouyihang3@h-partners.com> - 4.15.3-10
+- Type:cves
+- ID:CVE-2022-1615
+- SUG:NA
+- DESC:fix CVE-2022-1615
+
 * Fri Aug 26 2022 zhouyihang <zhouyihang3@h-partners.com> - 4.15.3-9
 - Type:cves
 - ID:CVE-2022-32743