diff --git a/backport-001-CVE-2022-32746.patch b/backport-001-CVE-2022-32746.patch deleted file mode 100644 index 66484ad6ff0798efc9c8227476aee9185a4a7c27..0000000000000000000000000000000000000000 --- a/backport-001-CVE-2022-32746.patch +++ /dev/null @@ -1,104 +0,0 @@ -From 0a3aa5f908e351201dc9c4d4807b09ed9eedff77 Mon Sep 17 00:00:00 2001 -From: Joseph Sutton -Date: Mon, 21 Feb 2022 16:27:37 +1300 -Subject: [PATCH] CVE-2022-32746 ldb: Make use of functions for appending to an - ldb_message - -This aims to minimise usage of the error-prone pattern of searching for -a just-added message element in order to make modifications to it (and -potentially finding the wrong element). - -BUG: https://bugzilla.samba.org/show_bug.cgi?id=15009 - -Signed-off-by: Joseph Sutton ---- - ldb_map/ldb_map.c | 5 +- - ldb_map/ldb_map_inbound.c | 9 +- - modules/rdn_name.c | 22 +--- - 3 files changed, 28 insertions(+), 8 deletions(-) - -diff --git a/ldb_map/ldb_map.c b/ldb_map/ldb_map.c -index b453dff80d25..c7b0c2286311 100644 ---- a/ldb_map/ldb_map.c -+++ b/ldb_map/ldb_map.c -@@ -946,10 +946,7 @@ struct ldb_request *map_build_fixup_req(struct map_context *ac, - if ( ! dn || ! ldb_dn_validate(msg->dn)) { - goto failed; - } -- if (ldb_msg_add_empty(msg, IS_MAPPED, LDB_FLAG_MOD_REPLACE, NULL) != 0) { -- goto failed; -- } -- if (ldb_msg_add_string(msg, IS_MAPPED, dn) != 0) { -+ if (ldb_msg_append_string(msg, IS_MAPPED, dn, LDB_FLAG_MOD_REPLACE) != 0) { - goto failed; - } - -diff --git a/ldb_map/ldb_map_inbound.c b/ldb_map/ldb_map_inbound.c -index 324295737da1..50b9427c26c5 100644 ---- a/ldb_map/ldb_map_inbound.c -+++ b/ldb_map/ldb_map_inbound.c -@@ -569,12 +569,9 @@ static int map_modify_do_local(struct map_context *ac) - /* No local record present, add it instead */ - /* Add local 'IS_MAPPED' */ - /* TODO: use GUIDs here instead */ -- if (ldb_msg_add_empty(ac->local_msg, IS_MAPPED, -- LDB_FLAG_MOD_ADD, NULL) != 0) { -- return LDB_ERR_OPERATIONS_ERROR; -- } -- ret = ldb_msg_add_linearized_dn(ac->local_msg, IS_MAPPED, -- ac->remote_req->op.mod.message->dn); -+ ret = ldb_msg_append_linearized_dn(ac->local_msg, IS_MAPPED, -+ ac->remote_req->op.mod.message->dn, -+ LDB_FLAG_MOD_ADD); - if (ret != 0) { - return LDB_ERR_OPERATIONS_ERROR; - } -diff --git a/modules/rdn_name.c b/modules/rdn_name.c -index 25cffe07591a..3cb62bf567bd 100644 ---- a/modules/rdn_name.c -+++ b/modules/rdn_name.c -@@ -308,16 +308,10 @@ static int rdn_rename_callback(struct ldb_request *req, struct ldb_reply *ares) - } - rdn_val = ldb_val_dup(msg, rdn_val_p); - -- if (ldb_msg_add_empty(msg, rdn_name, LDB_FLAG_MOD_REPLACE, NULL) != 0) { -+ if (ldb_msg_append_value(msg, rdn_name, &rdn_val, LDB_FLAG_MOD_REPLACE) != 0) { - goto error; - } -- if (ldb_msg_add_value(msg, rdn_name, &rdn_val, NULL) != 0) { -- goto error; -- } -- if (ldb_msg_add_empty(msg, "name", LDB_FLAG_MOD_REPLACE, NULL) != 0) { -- goto error; -- } -- if (ldb_msg_add_value(msg, "name", &rdn_val, NULL) != 0) { -+ if (ldb_msg_append_value(msg, "name", &rdn_val, LDB_FLAG_MOD_REPLACE) != 0) { - goto error; - } - -@@ -466,11 +460,7 @@ static int rdn_name_modify(struct ldb_module *module, struct ldb_request *req) - if (ret != 0) { - return ldb_module_oom(module); - } -- ret = ldb_msg_add_empty(msg, rdn_name, LDB_FLAG_MOD_ADD, NULL); -- if (ret != 0) { -- return ldb_module_oom(module); -- } -- ret = ldb_msg_add_value(msg, rdn_name, &rdn_val, NULL); -+ ret = ldb_msg_append_value(msg, rdn_name, &rdn_val, LDB_FLAG_MOD_ADD); - if (ret != 0) { - return ldb_module_oom(module); - } -@@ -479,11 +469,7 @@ static int rdn_name_modify(struct ldb_module *module, struct ldb_request *req) - if (ret != 0) { - return ldb_module_oom(module); - } -- ret = ldb_msg_add_empty(msg, "name", LDB_FLAG_MOD_ADD, NULL); -- if (ret != 0) { -- return ldb_module_oom(module); -- } -- ret = ldb_msg_add_value(msg, "name", &rdn_val, NULL); -+ ret = ldb_msg_append_value(msg, "name", &rdn_val, LDB_FLAG_MOD_ADD); - if (ret != 0) { - return ldb_module_oom(module); - } diff --git a/backport-002-CVE-2022-32746.patch b/backport-002-CVE-2022-32746.patch deleted file mode 100644 index 5fc201a68458b61983a8468234c21f4acb93a128..0000000000000000000000000000000000000000 --- a/backport-002-CVE-2022-32746.patch +++ /dev/null @@ -1,28 +0,0 @@ -From 41b1fe6d4ae1f547b2f1a0ef8d1aee284b4ef93b Mon Sep 17 00:00:00 2001 -From: Joseph Sutton -Date: Wed, 16 Feb 2022 12:43:52 +1300 -Subject: [PATCH] CVE-2022-32746 ldb:rdn_name: Use LDB_FLAG_MOD_TYPE() for - flags equality check - -Now unrelated flags will no longer affect the result. - -BUG: https://bugzilla.samba.org/show_bug.cgi?id=15009 - -Signed-off-by: Joseph Sutton ---- - lib/ldb/modules/rdn_name.c | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/modules/rdn_name.c b/modules/rdn_name.c -index e69ad9315aec..25cffe07591a 100644 ---- a/modules/rdn_name.c -+++ b/modules/rdn_name.c -@@ -545,7 +545,7 @@ static int rdn_name_modify(struct ldb_module *module, struct ldb_request *req) - if (e != NULL) { - ldb_asprintf_errstring(ldb, "Modify of 'distinguishedName' on %s not permitted, must use 'rename' operation instead", - ldb_dn_get_linearized(req->op.mod.message->dn)); -- if (e->flags == LDB_FLAG_MOD_REPLACE) { -+ if (LDB_FLAG_MOD_TYPE(e->flags) == LDB_FLAG_MOD_REPLACE) { - return LDB_ERR_CONSTRAINT_VIOLATION; - } else { - return LDB_ERR_UNWILLING_TO_PERFORM; diff --git a/backport-003-CVE-2022-32746.patch b/backport-003-CVE-2022-32746.patch deleted file mode 100644 index dd77047acf2a76e4b8ec4768d92738b21b8d4b39..0000000000000000000000000000000000000000 --- a/backport-003-CVE-2022-32746.patch +++ /dev/null @@ -1,112 +0,0 @@ -From 7efe8182c165fbf17d2f88c173527a7a554e214b Mon Sep 17 00:00:00 2001 -From: Joseph Sutton -Date: Mon, 21 Feb 2022 16:10:32 +1300 -Subject: [PATCH] CVE-2022-32746 ldb: Add flag to mark message element values - as shared - -When making a shallow copy of an ldb message, mark the message elements -of the copy as sharing their values with the message elements in the -original message. - -This flag value will be heeded in the next commit. - -BUG: https://bugzilla.samba.org/show_bug.cgi?id=15009 - -Signed-off-by: Joseph Sutton ---- - common/ldb_msg.c | 43 +++++++++++++++++++++++++++++++----- - include/ldb_module.h | 6 +++++ - 2 files changed, 43 insertions(+), 6 deletions(-) - -diff --git a/common/ldb_msg.c b/common/ldb_msg.c -index 57dfc5a04c2b..2a9ce384bb98 100644 ---- a/common/ldb_msg.c -+++ b/common/ldb_msg.c -@@ -833,11 +833,7 @@ void ldb_msg_sort_elements(struct ldb_message *msg) - ldb_msg_element_compare_name); - } - --/* -- shallow copy a message - copying only the elements array so that the caller -- can safely add new elements without changing the message --*/ --struct ldb_message *ldb_msg_copy_shallow(TALLOC_CTX *mem_ctx, -+static struct ldb_message *ldb_msg_copy_shallow_impl(TALLOC_CTX *mem_ctx, - const struct ldb_message *msg) - { - struct ldb_message *msg2; -@@ -863,6 +859,35 @@ struct ldb_message *ldb_msg_copy_shallow(TALLOC_CTX *mem_ctx, - return NULL; - } - -+/* -+ shallow copy a message - copying only the elements array so that the caller -+ can safely add new elements without changing the message -+*/ -+struct ldb_message *ldb_msg_copy_shallow(TALLOC_CTX *mem_ctx, -+ const struct ldb_message *msg) -+{ -+ struct ldb_message *msg2; -+ unsigned int i; -+ -+ msg2 = ldb_msg_copy_shallow_impl(mem_ctx, msg); -+ if (msg2 == NULL) { -+ return NULL; -+ } -+ -+ for (i = 0; i < msg2->num_elements; ++i) { -+ /* -+ * Mark this message's elements as sharing their values with the -+ * original message, so that we don't inadvertently modify or -+ * free them. We don't mark the original message element as -+ * shared, so the original message element should not be -+ * modified or freed while the shallow copy lives. -+ */ -+ struct ldb_message_element *el = &msg2->elements[i]; -+ el->flags |= LDB_FLAG_INTERNAL_SHARED_VALUES; -+ } -+ -+ return msg2; -+} - - /* - copy a message, allocating new memory for all parts -@@ -873,7 +898,7 @@ struct ldb_message *ldb_msg_copy(TALLOC_CTX *mem_ctx, - struct ldb_message *msg2; - unsigned int i, j; - -- msg2 = ldb_msg_copy_shallow(mem_ctx, msg); -+ msg2 = ldb_msg_copy_shallow_impl(mem_ctx, msg); - if (msg2 == NULL) return NULL; - - if (msg2->dn != NULL) { -@@ -894,6 +919,12 @@ struct ldb_message *ldb_msg_copy(TALLOC_CTX *mem_ctx, - goto failed; - } - } -+ -+ /* -+ * Since we copied this element's values, we can mark them as -+ * not shared. -+ */ -+ el->flags &= ~LDB_FLAG_INTERNAL_SHARED_VALUES; - } - - return msg2; -diff --git a/include/ldb_module.h b/include/ldb_module.h -index 8c1e5ee7936c..4c7c85a17f00 100644 ---- a/include/ldb_module.h -+++ b/include/ldb_module.h -@@ -96,6 +96,12 @@ struct ldb_module; - */ - #define LDB_FLAG_INTERNAL_FORCE_UNIQUE_INDEX 0x100 - -+/* -+ * indicates that this element's values are shared with another element (for -+ * example, in a shallow copy of an ldb_message) and should not be freed -+ */ -+#define LDB_FLAG_INTERNAL_SHARED_VALUES 0x200 -+ - /* an extended match rule that always fails to match */ - #define SAMBA_LDAP_MATCH_ALWAYS_FALSE "1.3.6.1.4.1.7165.4.5.1" - diff --git a/backport-004-CVE-2022-32746.patch b/backport-004-CVE-2022-32746.patch deleted file mode 100644 index b588ff87de4c5ea38db1837a23f956a478e88e5e..0000000000000000000000000000000000000000 --- a/backport-004-CVE-2022-32746.patch +++ /dev/null @@ -1,121 +0,0 @@ -From a2bb5beee82fd9c4c29decc07024057febeaf1b5 Mon Sep 17 00:00:00 2001 -From: Joseph Sutton -Date: Wed, 16 Feb 2022 12:35:13 +1300 -Subject: [PATCH] CVE-2022-32746 ldb: Ensure shallow copy modifications do not - affect original message - -Using the newly added ldb flag, we can now detect when a message has -been shallow-copied so that its elements share their values with the -original message elements. Then when adding values to the copied -message, we now make a copy of the shared values array first. - -This should prevent a use-after-free that occurred in LDB modules when -new values were added to a shallow copy of a message by calling -talloc_realloc() on the original values array, invalidating the 'values' -pointer in the original message element. The original values pointer can -later be used in the database audit logging module which logs database -requests, and potentially cause a crash. - -BUG: https://bugzilla.samba.org/show_bug.cgi?id=15009 - -Signed-off-by: Joseph Sutton ---- - common/ldb_msg.c | 52 ++++++++++++++++++++++++++++++++------ - include/ldb.h | 6 +++++ - 2 files changed, 56 insertions(+), 22 deletions(-) - -diff --git a/common/ldb_msg.c b/common/ldb_msg.c -index 2a9ce384bb98..44d3b29e9a72 100644 ---- a/common/ldb_msg.c -+++ b/common/ldb_msg.c -@@ -417,6 +417,47 @@ int ldb_msg_add(struct ldb_message *msg, - return LDB_SUCCESS; - } - -+/* -+ * add a value to a message element -+ */ -+int ldb_msg_element_add_value(TALLOC_CTX *mem_ctx, -+ struct ldb_message_element *el, -+ const struct ldb_val *val) -+{ -+ struct ldb_val *vals; -+ -+ if (el->flags & LDB_FLAG_INTERNAL_SHARED_VALUES) { -+ /* -+ * Another message is using this message element's values array, -+ * so we don't want to make any modifications to the original -+ * message, or potentially invalidate its own values by calling -+ * talloc_realloc(). Make a copy instead. -+ */ -+ el->flags &= ~LDB_FLAG_INTERNAL_SHARED_VALUES; -+ -+ vals = talloc_array(mem_ctx, struct ldb_val, -+ el->num_values + 1); -+ if (vals == NULL) { -+ return LDB_ERR_OPERATIONS_ERROR; -+ } -+ -+ if (el->values != NULL) { -+ memcpy(vals, el->values, el->num_values * sizeof(struct ldb_val)); -+ } -+ } else { -+ vals = talloc_realloc(mem_ctx, el->values, struct ldb_val, -+ el->num_values + 1); -+ if (vals == NULL) { -+ return LDB_ERR_OPERATIONS_ERROR; -+ } -+ } -+ el->values = vals; -+ el->values[el->num_values] = *val; -+ el->num_values++; -+ -+ return LDB_SUCCESS; -+} -+ - /* - add a value to a message - */ -@@ -426,7 +467,6 @@ int ldb_msg_add_value(struct ldb_message *msg, - struct ldb_message_element **return_el) - { - struct ldb_message_element *el; -- struct ldb_val *vals; - int ret; - - el = ldb_msg_find_element(msg, attr_name); -@@ -437,14 +477,10 @@ int ldb_msg_add_value(struct ldb_message *msg, - } - } - -- vals = talloc_realloc(msg->elements, el->values, struct ldb_val, -- el->num_values+1); -- if (!vals) { -- return LDB_ERR_OPERATIONS_ERROR; -+ ret = ldb_msg_element_add_value(msg->elements, el, val); -+ if (ret != LDB_SUCCESS) { -+ return ret; - } -- el->values = vals; -- el->values[el->num_values] = *val; -- el->num_values++; - - if (return_el) { - *return_el = el; -diff --git a/include/ldb.h b/include/ldb.h -index bc44157eaf47..129beefeaf56 100644 ---- a/include/ldb.h -+++ b/include/ldb.h -@@ -1981,6 +1981,12 @@ int ldb_msg_add_empty(struct ldb_message *msg, - int flags, - struct ldb_message_element **return_el); - -+/** -+ add a value to a message element -+*/ -+int ldb_msg_element_add_value(TALLOC_CTX *mem_ctx, -+ struct ldb_message_element *el, -+ const struct ldb_val *val); - /** - add a element to a ldb_message - */ diff --git a/backport-005-CVE-2022-32746.patch b/backport-005-CVE-2022-32746.patch deleted file mode 100644 index f68e164f55ada55f3aecfd4bed91ebb3b8dd04f0..0000000000000000000000000000000000000000 --- a/backport-005-CVE-2022-32746.patch +++ /dev/null @@ -1,274 +0,0 @@ -From df487eb2d713e817660dd3b56bb26ba715fadfea Mon Sep 17 00:00:00 2001 -From: Joseph Sutton -Date: Wed, 16 Feb 2022 16:30:03 +1300 -Subject: [PATCH] CVE-2022-32746 ldb: Add functions for appending to an - ldb_message - -Currently, there are many places where we use ldb_msg_add_empty() to add -an empty element to a message, and then call ldb_msg_add_value() or -similar to add values to that element. However, this performs an -unnecessary search of the message's elements to locate the new element. -Moreover, if an element with the same attribute name already exists -earlier in the message, the values will be added to that element, -instead of to the intended newly added element. - -A similar pattern exists where we add values to a message, and then call -ldb_msg_find_element() to locate that message element and sets its flags -to (e.g.) LDB_FLAG_MOD_REPLACE. This also performs an unnecessary -search, and may locate the wrong message element for setting the flags. - -To avoid these problems, add functions for appending a value to a -message, so that a particular value can be added to the end of a message -in a single operation. - -For ADD requests, it is important that no two message elements share the -same attribute name, otherwise things will break. (Normally, -ldb_msg_normalize() is called before processing the request to help -ensure this.) Thus, we must be careful not to append an attribute to an -ADD message, unless we are sure (e.g. through ldb_msg_find_element()) -that an existing element for that attribute is not present. - -These functions will be used in the next commit. - -BUG: https://bugzilla.samba.org/show_bug.cgi?id=15009 - -Signed-off-by: Joseph Sutton ---- - common/ldb_msg.c | 165 ++++++++++++++++++++++++++++++++++++++- - include/ldb.h | 24 ++++++ - 2 files changed, 185 insertions(+), 4 deletions(-) - -diff --git a/common/ldb_msg.c b/common/ldb_msg.c -index 44d3b29e9a7..9cd7998e21c 100644 ---- a/common/ldb_msg.c -+++ b/common/ldb_msg.c -@@ -509,12 +509,15 @@ int ldb_msg_add_steal_value(struct ldb_message *msg, - - - /* -- add a string element to a message -+ add a string element to a message, specifying flags - */ --int ldb_msg_add_string(struct ldb_message *msg, -- const char *attr_name, const char *str) -+int ldb_msg_add_string_flags(struct ldb_message *msg, -+ const char *attr_name, const char *str, -+ int flags) - { - struct ldb_val val; -+ int ret; -+ struct ldb_message_element *el = NULL; - - val.data = discard_const_p(uint8_t, str); - val.length = strlen(str); -@@ -524,7 +527,25 @@ int ldb_msg_add_string(struct ldb_message *msg, - return LDB_SUCCESS; - } - -- return ldb_msg_add_value(msg, attr_name, &val, NULL); -+ ret = ldb_msg_add_value(msg, attr_name, &val, &el); -+ if (ret != LDB_SUCCESS) { -+ return ret; -+ } -+ -+ if (flags != 0) { -+ el->flags = flags; -+ } -+ -+ return LDB_SUCCESS; -+} -+ -+/* -+ add a string element to a message -+*/ -+int ldb_msg_add_string(struct ldb_message *msg, -+ const char *attr_name, const char *str) -+{ -+ return ldb_msg_add_string_flags(msg, attr_name, str, 0); - } - - /* -@@ -586,6 +607,142 @@ int ldb_msg_add_fmt(struct ldb_message *msg, - return ldb_msg_add_steal_value(msg, attr_name, &val); - } - -+static int ldb_msg_append_value_impl(struct ldb_message *msg, -+ const char *attr_name, -+ const struct ldb_val *val, -+ int flags, -+ struct ldb_message_element **return_el) -+{ -+ struct ldb_message_element *el = NULL; -+ int ret; -+ -+ ret = ldb_msg_add_empty(msg, attr_name, flags, &el); -+ if (ret != LDB_SUCCESS) { -+ return ret; -+ } -+ -+ ret = ldb_msg_element_add_value(msg->elements, el, val); -+ if (ret != LDB_SUCCESS) { -+ return ret; -+ } -+ -+ if (return_el != NULL) { -+ *return_el = el; -+ } -+ -+ return LDB_SUCCESS; -+} -+ -+/* -+ append a value to a message -+*/ -+int ldb_msg_append_value(struct ldb_message *msg, -+ const char *attr_name, -+ const struct ldb_val *val, -+ int flags) -+{ -+ return ldb_msg_append_value_impl(msg, attr_name, val, flags, NULL); -+} -+ -+/* -+ append a value to a message, stealing it into the 'right' place -+*/ -+int ldb_msg_append_steal_value(struct ldb_message *msg, -+ const char *attr_name, -+ struct ldb_val *val, -+ int flags) -+{ -+ int ret; -+ struct ldb_message_element *el = NULL; -+ -+ ret = ldb_msg_append_value_impl(msg, attr_name, val, flags, &el); -+ if (ret == LDB_SUCCESS) { -+ talloc_steal(el->values, val->data); -+ } -+ return ret; -+} -+ -+/* -+ append a string element to a message, stealing it into the 'right' place -+*/ -+int ldb_msg_append_steal_string(struct ldb_message *msg, -+ const char *attr_name, char *str, -+ int flags) -+{ -+ struct ldb_val val; -+ -+ val.data = (uint8_t *)str; -+ val.length = strlen(str); -+ -+ if (val.length == 0) { -+ /* allow empty strings as non-existent attributes */ -+ return LDB_SUCCESS; -+ } -+ -+ return ldb_msg_append_steal_value(msg, attr_name, &val, flags); -+} -+ -+/* -+ append a string element to a message -+*/ -+int ldb_msg_append_string(struct ldb_message *msg, -+ const char *attr_name, const char *str, int flags) -+{ -+ struct ldb_val val; -+ -+ val.data = discard_const_p(uint8_t, str); -+ val.length = strlen(str); -+ -+ if (val.length == 0) { -+ /* allow empty strings as non-existent attributes */ -+ return LDB_SUCCESS; -+ } -+ -+ return ldb_msg_append_value(msg, attr_name, &val, flags); -+} -+ -+/* -+ append a DN element to a message -+ WARNING: this uses the linearized string from the dn, and does not -+ copy the string. -+*/ -+int ldb_msg_append_linearized_dn(struct ldb_message *msg, const char *attr_name, -+ struct ldb_dn *dn, int flags) -+{ -+ char *str = ldb_dn_alloc_linearized(msg, dn); -+ -+ if (str == NULL) { -+ /* we don't want to have unknown DNs added */ -+ return LDB_ERR_OPERATIONS_ERROR; -+ } -+ -+ return ldb_msg_append_steal_string(msg, attr_name, str, flags); -+} -+ -+/* -+ append a printf formatted element to a message -+*/ -+int ldb_msg_append_fmt(struct ldb_message *msg, int flags, -+ const char *attr_name, const char *fmt, ...) -+{ -+ struct ldb_val val; -+ va_list ap; -+ char *str = NULL; -+ -+ va_start(ap, fmt); -+ str = talloc_vasprintf(msg, fmt, ap); -+ va_end(ap); -+ -+ if (str == NULL) { -+ return LDB_ERR_OPERATIONS_ERROR; -+ } -+ -+ val.data = (uint8_t *)str; -+ val.length = strlen(str); -+ -+ return ldb_msg_append_steal_value(msg, attr_name, &val, flags); -+} -+ - /* - compare two ldb_message_element structures - assumes case sensitive comparison -diff --git a/include/ldb.h b/include/ldb.h -index 129beefeaf5..63d8aedd672 100644 ---- a/include/ldb.h -+++ b/include/ldb.h -@@ -2002,12 +2002,36 @@ int ldb_msg_add_steal_value(struct ldb_message *msg, - struct ldb_val *val); - int ldb_msg_add_steal_string(struct ldb_message *msg, - const char *attr_name, char *str); -+int ldb_msg_add_string_flags(struct ldb_message *msg, -+ const char *attr_name, const char *str, -+ int flags); - int ldb_msg_add_string(struct ldb_message *msg, - const char *attr_name, const char *str); - int ldb_msg_add_linearized_dn(struct ldb_message *msg, const char *attr_name, - struct ldb_dn *dn); - int ldb_msg_add_fmt(struct ldb_message *msg, - const char *attr_name, const char *fmt, ...) PRINTF_ATTRIBUTE(3,4); -+/** -+ append a element to a ldb_message -+*/ -+int ldb_msg_append_value(struct ldb_message *msg, -+ const char *attr_name, -+ const struct ldb_val *val, -+ int flags); -+int ldb_msg_append_steal_value(struct ldb_message *msg, -+ const char *attr_name, -+ struct ldb_val *val, -+ int flags); -+int ldb_msg_append_steal_string(struct ldb_message *msg, -+ const char *attr_name, char *str, -+ int flags); -+int ldb_msg_append_string(struct ldb_message *msg, -+ const char *attr_name, const char *str, -+ int flags); -+int ldb_msg_append_linearized_dn(struct ldb_message *msg, const char *attr_name, -+ struct ldb_dn *dn, int flags); -+int ldb_msg_append_fmt(struct ldb_message *msg, int flags, -+ const char *attr_name, const char *fmt, ...) PRINTF_ATTRIBUTE(4,5); - - /** - compare two message elements - return 0 on match diff --git a/ldb-2.4.1.tar.asc b/ldb-2.4.1.tar.asc deleted file mode 100644 index ddb5750ac5dabc2ace69698bdeb123616769a343..0000000000000000000000000000000000000000 --- a/ldb-2.4.1.tar.asc +++ /dev/null @@ -1,11 +0,0 @@ ------BEGIN PGP SIGNATURE----- - -iQEzBAABCgAdFiEEkUejOXGVGO6QEby1R5ORYRMIQCUFAmF5NesACgkQR5ORYRMI -QCW4Mwf9F08o0VWPyvCrYdqnpOT6D5HFsrJwwuisMptoflDLfH4a+MRBPlcRBhMT -Ss6DSFb36bmjcNlSJeLdHtqp9LxaoQA4xOw4mWhxnrzQimrIass1h24FOwv5RpCu -EXmNCbRwp22e/e8ntFeKd7wiYBcoOHqM39jMjGbfhksbglemhMpyL92zjyzuHXPD -QeHibpPIZYlCy89LHQgHcUyyLzYN06lRQ5MKKojrerQ7LlsyvGM+EHS0X81683CM -lW2CkQKjFCKRS6tjXCEX1NEj3Xw4gltI3MiaH96ZnecftlINp8vIloqi1NkOK7hl -QylusnpzRqOXL2hr514wJr9F21Mslg== -=RW3H ------END PGP SIGNATURE----- diff --git a/ldb-2.4.1.tar.gz b/ldb-2.4.1.tar.gz deleted file mode 100644 index 0e422b76ea2cb1f12bd36d43b135ed9a09e16255..0000000000000000000000000000000000000000 Binary files a/ldb-2.4.1.tar.gz and /dev/null differ diff --git a/ldb-2.6.1.tar.asc b/ldb-2.6.1.tar.asc new file mode 100644 index 0000000000000000000000000000000000000000..4fd13fd51ccf62c132b4738b927983e7799db967 --- /dev/null +++ b/ldb-2.6.1.tar.asc @@ -0,0 +1,11 @@ +-----BEGIN PGP SIGNATURE----- + +iQEzBAABCgAdFiEEkUejOXGVGO6QEby1R5ORYRMIQCUFAmLhN68ACgkQR5ORYRMI +QCWqKAgAswqnQft1oEc4c2DIJIF9jcXfLeOz4czUndBu5st6h3KVqZDCWjUAdPdX +BrYV+6cLTtDSjH0nQocnvtwm3AbVPxwukBglVtEuq0DU4fk8DptzRJvyLy2vU5VP +sKQQ+uwgYSWnKeds0PjPNMxpompeurDbQ1n4XgW4BzRQpK4Gvg6ZXBGg+q5nKht2 ++PfQTVuaPi4O6gUWfxDbLBBPNDf97gz21Sa8pS1K3sspcPQJzMNumXs/d9LBhU1G +BaDanganpN1Ru724J18jvZ8NEogldHuSk29DljreHiiWY2hEVlp5rZDTgrlYOP50 +b9kfHAnpBcHhQZlLf2/hponIccDo6A== +=ccfS +-----END PGP SIGNATURE----- diff --git a/ldb-2.6.1.tar.gz b/ldb-2.6.1.tar.gz new file mode 100644 index 0000000000000000000000000000000000000000..806074e5ffd18b36d1314b983c5afa21090f58e7 Binary files /dev/null and b/ldb-2.6.1.tar.gz differ diff --git a/libldb.spec b/libldb.spec index 9942862865c1256d1646ceb8bbd25949d485babd..4022df92a8d0390e4dddff4413f70f121f5a0520 100644 --- a/libldb.spec +++ b/libldb.spec @@ -1,12 +1,12 @@ %global with_lmdb 1 %global with_python3 1 -%global talloc_version 2.3.3 -%global tdb_version 1.4.4 -%global tevent_version 0.11.0 +%global talloc_version 2.3.4 +%global tdb_version 1.4.7 +%global tevent_version 0.13.0 Name: libldb -Version: 2.4.1 -Release: 2 +Version: 2.6.1 +Release: 1 Summary: A schema-less, ldap like, API and database Requires: libtalloc%{?_isa} >= %{talloc_version} Requires: libtdb%{?_isa} >= %{tdb_version} @@ -17,11 +17,6 @@ Source0: http://samba.org/ftp/ldb/ldb-%{version}.tar.gz Source1: http://samba.org/ftp/ldb/ldb-%{version}.tar.asc Patch0: backport-Skip-ldb_lmdb_free_list_test-on-ppc64el-ppc64-and-sp.patch -Patch1: backport-001-CVE-2022-32746.patch -Patch2: backport-002-CVE-2022-32746.patch -Patch3: backport-003-CVE-2022-32746.patch -Patch4: backport-004-CVE-2022-32746.patch -Patch5: backport-005-CVE-2022-32746.patch BuildRequires: gcc libtalloc-devel >= %{talloc_version} libtdb-devel >= %{tdb_version} BuildRequires: libtevent-devel >= %{tevent_version} lmdb-devel >= 0.9.16 popt-devel @@ -175,6 +170,12 @@ echo "%{_libdir}/ldb" > %{buildroot}/etc/ld.so.conf.d/%{name}-%{_arch}.conf %{_mandir}/man1/ldbsearch.1.* %changelog +* Fri Nov 04 2022 yanglu - 2.6.1-1 +- Type:requirement +- ID:NA +- SUG:NA +- DESC:update libldb version to 2.6.1 + * Mon Aug 01 2022 gaihuiying - 2.4.1-2 - Type:CVE - ID:CVE-2022-32746