diff --git a/backport-python-Safely-clear-structure-members.patch b/backport-python-Safely-clear-structure-members.patch new file mode 100644 index 0000000000000000000000000000000000000000..0a281c9201132b0958654c1169b557a60ffe9db2 --- /dev/null +++ b/backport-python-Safely-clear-structure-members.patch @@ -0,0 +1,33 @@ +From f573177c352c2df89c7d5ffd425a37b46b12166c Mon Sep 17 00:00:00 2001 +From: Joseph Sutton +Date: Mon, 24 Apr 2023 10:42:39 +1200 +Subject: [PATCH] python: Safely clear structure members + +Using Py_CLEAR() ensures that these structures are observed in a +consistent state by any Python code that may run during deconstruction. + +Signed-off-by: Joseph Sutton +Reviewed-by: Andrew Bartlett + +Reference:https://github.com/samba-team/samba/commit/f573177c352c2df89c7d5ffd425a37b46b12166c +Conflict:only change pytdb.c, other files do not belong to the libtdb package. +--- + pytdb.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/pytdb.c b/pytdb.c +index e2f8ace..d47d933 100644 +--- a/pytdb.c ++++ b/pytdb.c +@@ -474,7 +474,7 @@ static PyObject *tdb_iter_next(PyTdbIteratorObject *self) + + static void tdb_iter_dealloc(PyTdbIteratorObject *self) + { +- Py_DECREF(self->iteratee); ++ Py_CLEAR(self->iteratee); + PyObject_Del(self); + } + +-- +2.33.0 + diff --git a/backport-tdb-Do-not-pass-non-null-terminated-strings-to-strcm.patch b/backport-tdb-Do-not-pass-non-null-terminated-strings-to-strcm.patch new file mode 100644 index 0000000000000000000000000000000000000000..a635c0533de96c53f5a250b8773072efbf87b95b --- /dev/null +++ b/backport-tdb-Do-not-pass-non-null-terminated-strings-to-strcm.patch @@ -0,0 +1,40 @@ +From 757cd49b8445f22c2c19380e948e7aba5a76399a Mon Sep 17 00:00:00 2001 +From: Joseph Sutton +Date: Fri, 6 Oct 2023 13:54:02 +1300 +Subject: [PATCH] =?UTF-8?q?tdb:=20Do=20not=20pass=20non=E2=80=93null?= + =?UTF-8?q?=E2=80=90terminated=20strings=20to=20strcmp()=20(CID=201449485)?= +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +Signed-off-by: Joseph Sutton +Reviewed-by: Andrew Bartlett + +Reference:https://github.com/samba-team/samba/commit/757cd49b8445f22c2c19380e948e7aba5a76399a +Conflict:NA +--- + common/open.c | 8 +++++++- + 1 file changed, 7 insertions(+), 1 deletion(-) + +diff --git a/common/open.c b/common/open.c +index f7f65b0..4e138c6 100644 +--- a/common/open.c ++++ b/common/open.c +@@ -513,7 +513,13 @@ _PUBLIC_ struct tdb_context *tdb_open_ex(const char *name, int hash_size, int td + + errno = 0; + if (read(tdb->fd, &header, sizeof(header)) != sizeof(header) +- || strcmp(header.magic_food, TDB_MAGIC_FOOD) != 0) { ++ /* ++ * Call strncmp() rather than strcmp() in case header.magic_food is ++ * not zero‐terminated. We’re still checking the full string for ++ * equality, as tdb_header::magic_food is larger than ++ * TDB_MAGIC_FOOD. ++ */ ++ || strncmp(header.magic_food, TDB_MAGIC_FOOD, sizeof(header.magic_food)) != 0) { + if (!(open_flags & O_CREAT) || + tdb_new_database(tdb, &header, hash_size) == -1) { + if (errno == 0) { +-- +2.33.0 + diff --git a/libtdb.spec b/libtdb.spec index b0ad2cda499dd53cff07cf91866840fe3d447e63..52debfffa6f5a44c9306ead7d1b2a88a08afb77b 100644 --- a/libtdb.spec +++ b/libtdb.spec @@ -1,11 +1,14 @@ Name: libtdb Version: 1.4.5 -Release: 2 +Release: 3 Summary: The Tdb library License: LGPLv3+ URL: http://tdb.samba.org/ Source: http://samba.org/ftp/tdb/tdb-%{version}.tar.gz +Patch6000: backport-python-Safely-clear-structure-members.patch +Patch6001: backport-tdb-Do-not-pass-non-null-terminated-strings-to-strcm.patch + BuildRequires: gcc libxslt docbook-style-xsl BuildRequires: python3-devel Provides: bundled(libreplace) @@ -89,6 +92,13 @@ make %{?_smp_mflags} check %ldconfig_scriptlets %changelog +* Wed May 08 2024 wangjiang - 1.4.5-3 +- Type:bugfix +- CVE:NA +- SUG:NA +- DESC:tdb: Do not pass non–null‐terminated strings to strcmp() + python: Safely clear structure members + * Mon May 9 2022 mylee - 1.4.5-2 - fix spec changelog date