diff -Nru ldb-2.2.0/debian/changelog ldb-2.2.0/debian/changelog --- ldb-2.2.0/debian/changelog 2021-06-21 21:50:03.000000000 +0000 +++ ldb-2.2.0/debian/changelog 2021-03-26 18:52:18.000000000 +0000 @@ -1,45 +1,16 @@ -ldb (2:2.2.0-3ubuntu3) impish; urgency=medium +ldb (2:2.2.0-3.1) unstable; urgency=medium - * No-change rebuild due to OpenLDAP soname bump. + * Non-maintainer upload. + * ldb_dn: avoid head corruption in ldb_dn_explode (CVE-2020-27840) + (Closes: #985936) + * pytests: move Dn.validate test to ldb + * ldb/attrib_handlers casefold: stay in bounds (CVE-2021-20277) + (Closes: #985935) + * ldb: add tests for ldb_wildcard_compare + * ldb tests: ldb_match tests with extra spaces + * ldb: Remove tests from ldb_match_test that do not pass - -- Sergio Durigan Junior Mon, 21 Jun 2021 17:50:03 -0400 - -ldb (2:2.2.0-3ubuntu2) hirsute; urgency=medium - - * SECURITY UPDATE: Heap corruption via crafted DN strings - - debian/patches/CVE-2020-27840-1.patch: avoid head corruption in - ldb_dn_explode in common/ldb_dn.c. - - debian/patches/CVE-2020-27840-2.patch: add Dn.validate test to ldb - in tests/python/crash.py, wscript. - - CVE-2020-27840 - * SECURITY UPDATE: Out of bounds read in AD DC LDAP server - - debian/patches/CVE-2021-20277-1.patch: add tests for - ldb_wildcard_compare in tests/ldb_match_test.c. - - debian/patches/CVE-2021-20277-2.patch: ldb_match tests with extra - spaces in tests/ldb_match_test.c. - - debian/patches/CVE-2021-20277-3.patch: remove tests from - ldb_match_test that do not pass in tests/ldb_match_test.c. - - debian/patches/CVE-2021-20277-4.patch: stay in bounds in - common/attrib_handlers.c. - - CVE-2021-20277 - - -- Marc Deslauriers Tue, 30 Mar 2021 13:00:36 -0400 - -ldb (2:2.2.0-3ubuntu1) hirsute; urgency=medium - - * Fix symbols generation (LP: #1920825). On hirsute, dh-exec is showing - different behavior based on the value of DEB_BUILD_PROFILES. This is - causing it to sometimes generate a file with the leading whitespace - removed, which is resulting in a bad symbols file. Set DEB_BUILD_PROFILES - to empty gives a good symbols file. - - -- Matthias Klose Tue, 30 Mar 2021 16:11:59 +0200 - -ldb (2:2.2.0-3build1) hirsute; urgency=medium - - * No-change rebuild to build with python3.9 as default. - - -- Matthias Klose Thu, 19 Nov 2020 20:19:08 +0100 + -- Salvatore Bonaccorso Fri, 26 Mar 2021 19:52:18 +0100 ldb (2:2.2.0-3) unstable; urgency=medium diff -Nru ldb-2.2.0/debian/control ldb-2.2.0/debian/control --- ldb-2.2.0/debian/control 2021-03-30 17:00:36.000000000 +0000 +++ ldb-2.2.0/debian/control 2021-03-26 12:25:48.000000000 +0000 @@ -1,8 +1,7 @@ Source: ldb Section: devel Priority: optional -Maintainer: Ubuntu Developers -XSBC-Original-Maintainer: Debian Samba Maintainers +Maintainer: Debian Samba Maintainers Uploaders: Jelmer Vernooij , Mathieu Parent Build-Depends: dh-exec, diff -Nru ldb-2.2.0/debian/patches/CVE-2020-27840-1.patch ldb-2.2.0/debian/patches/CVE-2020-27840-1.patch --- ldb-2.2.0/debian/patches/CVE-2020-27840-1.patch 2021-03-30 17:00:05.000000000 +0000 +++ ldb-2.2.0/debian/patches/CVE-2020-27840-1.patch 1970-01-01 00:00:00.000000000 +0000 @@ -1,104 +0,0 @@ -From e0b4b0b6ae46c70af4fa31d9baf6e2158a6da92e Mon Sep 17 00:00:00 2001 -From: Douglas Bagnall -Date: Fri, 11 Dec 2020 16:32:25 +1300 -Subject: [PATCH 2/3] CVE-2020-27840 ldb_dn: avoid head corruption in - ldb_dn_explode - -A DN string with lots of trailing space can cause ldb_dn_explode() to -put a zero byte in the wrong place in the heap. - -When a DN string has a value represented with trailing spaces, -like this - - "CN=foo ,DC=bar" - -the whitespace is supposed to be ignored. We keep track of this in the -`t` pointer, which is NULL when we are not walking through trailing -spaces, and points to the first space when we are. We are walking with -the `p` pointer, writing the value to `d`, and keeping the length in -`l`. - - "CN=foo ,DC= " ==> "foo " - ^ ^ ^ - t p d - --l--- - -The value is finished when we encounter a comma or the end of the -string. If `t` is not NULL at that point, we assume there are trailing -spaces and wind `d and `l` back by the correct amount. Then we switch -to expecting an attribute name (e.g. "CN"), until we get to an "=", -which puts us back into looking for a value. - -Unfortunately, we forget to immediately tell `t` that we'd finished -the last value, we can end up like this: - - "CN=foo ,DC= " ==> "" - ^ ^ ^ - t p d - l=0 - -where `p` is pointing to a new value that contains only spaces, while -`t` is still referring to the old value. `p` notices the value ends, -and we subtract `p - t` from `d`: - - "CN=foo ,DC= " ==> ? "" - ^ ^ ^ - t p d - l ~= SIZE_MAX - 8 - -At that point `d` wants to terminate its string with a '\0', but -instead it terminates someone else's byte. This does not crash if the -number of trailing spaces is small, as `d` will point into a previous -value (a copy of "foo" in this example). Corrupting that value will -ultimately not matter, as we will soon try to allocate a buffer `l` -long, which will be greater than the available memory and the whole -operation will fail properly. - -However, with more spaces, `d` will point into memory before the -beginning of the allocated buffer, with the exact offset depending on -the length of the earlier attributes and the number of spaces. - -What about a longer DN with more attributes? For example, -"CN=foo ,DC= ,DC=example,DC=com" -- since `d` has moved out of -bounds, won't we continue to use it and write more DN values into -mystery memory? Fortunately not, because the aforementioned allocation -of `l` bytes must happen first, and `l` is now huge. The allocation -happens in a talloc_memdup(), which is by default restricted to -allocating 256MB. - -So this allows a person who controls a string parsed by ldb_dn_explode -to corrupt heap memory by placing a single zero byte at a chosen -offset before the allocated buffer. - -An LDAP bind request can send a string DN as a username. This DN is -necessarily parsed before the password is checked, so an attacker does -not need proper credentials. The attacker can easily cause a denial of -service and we cannot rule out more subtle attacks. - -The immediate solution is to reset `t` to NULL when a comma is -encountered, indicating that we are no longer looking at trailing -whitespace. - -Found with the help of Honggfuzz. - -BUG: https://bugzilla.samba.org/show_bug.cgi?id=14595 - -Signed-off-by: Douglas Bagnall -Reviewed-by: Andrew Bartlett ---- - lib/ldb/common/ldb_dn.c | 1 + - selftest/knownfail.d/python-segfaults | 1 - - 2 files changed, 1 insertion(+), 1 deletion(-) - -diff --git a/common/ldb_dn.c b/common/ldb_dn.c -index 001fcad621f..cce5ad5b2ff 100644 ---- a/common/ldb_dn.c -+++ b/common/ldb_dn.c -@@ -570,6 +570,7 @@ static bool ldb_dn_explode(struct ldb_dn *dn) - /* trim back */ - d -= (p - t); - l -= (p - t); -+ t = NULL; - } - - in_attr = true; diff -Nru ldb-2.2.0/debian/patches/CVE-2020-27840-2.patch ldb-2.2.0/debian/patches/CVE-2020-27840-2.patch --- ldb-2.2.0/debian/patches/CVE-2020-27840-2.patch 2021-03-30 17:00:09.000000000 +0000 +++ ldb-2.2.0/debian/patches/CVE-2020-27840-2.patch 1970-01-01 00:00:00.000000000 +0000 @@ -1,79 +0,0 @@ -From 278124020baf50a297b988b143808f4045cb360b Mon Sep 17 00:00:00 2001 -From: Douglas Bagnall -Date: Thu, 11 Feb 2021 16:28:43 +1300 -Subject: [PATCH 3/3] CVE-2020-27840: pytests: move Dn.validate test to ldb - -We had the test in the Samba Python segfault suite because -a) the signal catching infrastructure was there, and -b) the ldb tests lack Samba's knownfail mechanism, which allowed us to - assert the failure. - -BUG: https://bugzilla.samba.org/show_bug.cgi?id=14595 - -Signed-off-by: Douglas Bagnall -Reviewed-by: Andrew Bartlett ---- - lib/ldb/tests/python/crash.py | 45 ++++++++++++++++++++++++++++++++++ - lib/ldb/wscript | 1 + - python/samba/tests/segfault.py | 6 ----- - 3 files changed, 46 insertions(+), 6 deletions(-) - create mode 100644 lib/ldb/tests/python/crash.py - ---- /dev/null -+++ b/tests/python/crash.py -@@ -0,0 +1,45 @@ -+#!/usr/bin/env python3 -+# -+# Tests for crashing functions -+ -+import os -+from unittest import TestCase -+import os -+import sys -+import traceback -+ -+import ldb -+ -+ -+def segfault_detector(f): -+ def wrapper(*args, **kwargs): -+ pid = os.fork() -+ if pid == 0: -+ # child, crashing? -+ try: -+ f(*args, **kwargs) -+ except Exception as e: -+ traceback.print_exc() -+ sys.stderr.flush() -+ sys.stdout.flush() -+ os._exit(0) -+ -+ # parent, waiting -+ pid2, status = os.waitpid(pid, 0) -+ if os.WIFSIGNALED(status): -+ signal = os.WTERMSIG(status) -+ raise AssertionError("Failed with signal %d" % signal) -+ -+ return wrapper -+ -+ -+class LdbDnCrashTests(TestCase): -+ @segfault_detector -+ def test_ldb_dn_explode_crash(self): -+ for i in range(106, 150): -+ dn = ldb.Dn(ldb.Ldb(), "a=b%s,c= " % (' ' * i)) -+ dn.validate() -+ -+if __name__ == '__main__': -+ import unittest -+ unittest.TestProgram() ---- a/wscript -+++ b/wscript -@@ -618,6 +618,7 @@ def test(ctx): - os.mkdir(tmp_dir) - pyret = samba_utils.RUN_PYTHON_TESTS( - ['tests/python/api.py', -+ 'tests/python/crash.py', - 'tests/python/index.py', - 'tests/python/repack.py'], - extra_env={'SELFTEST_PREFIX': test_prefix}) diff -Nru ldb-2.2.0/debian/patches/CVE-2020-27840-ldb_dn-avoid-head-corruption-in-ldb_d.patch ldb-2.2.0/debian/patches/CVE-2020-27840-ldb_dn-avoid-head-corruption-in-ldb_d.patch --- ldb-2.2.0/debian/patches/CVE-2020-27840-ldb_dn-avoid-head-corruption-in-ldb_d.patch 1970-01-01 00:00:00.000000000 +0000 +++ ldb-2.2.0/debian/patches/CVE-2020-27840-ldb_dn-avoid-head-corruption-in-ldb_d.patch 2021-03-26 12:47:14.000000000 +0000 @@ -0,0 +1,104 @@ +From: Douglas Bagnall +Date: Fri, 11 Dec 2020 16:32:25 +1300 +Subject: CVE-2020-27840 ldb_dn: avoid head corruption in ldb_dn_explode +Origin: https://git.samba.org/?p=samba.git;a=commitdiff;h=dbb3e65f7e382adf5fa6a6afb3d8684aca3f201a +Bug: https://bugzilla.samba.org/show_bug.cgi?id=14595 +Bug-Debian: https://bugs.debian.org/985936 +Bug-Debian-Security: https://security-tracker.debian.org/tracker/CVE-2020-27840 + +A DN string with lots of trailing space can cause ldb_dn_explode() to +put a zero byte in the wrong place in the heap. + +When a DN string has a value represented with trailing spaces, +like this + + "CN=foo ,DC=bar" + +the whitespace is supposed to be ignored. We keep track of this in the +`t` pointer, which is NULL when we are not walking through trailing +spaces, and points to the first space when we are. We are walking with +the `p` pointer, writing the value to `d`, and keeping the length in +`l`. + + "CN=foo ,DC= " ==> "foo " + ^ ^ ^ + t p d + --l--- + +The value is finished when we encounter a comma or the end of the +string. If `t` is not NULL at that point, we assume there are trailing +spaces and wind `d and `l` back by the correct amount. Then we switch +to expecting an attribute name (e.g. "CN"), until we get to an "=", +which puts us back into looking for a value. + +Unfortunately, we forget to immediately tell `t` that we'd finished +the last value, we can end up like this: + + "CN=foo ,DC= " ==> "" + ^ ^ ^ + t p d + l=0 + +where `p` is pointing to a new value that contains only spaces, while +`t` is still referring to the old value. `p` notices the value ends, +and we subtract `p - t` from `d`: + + "CN=foo ,DC= " ==> ? "" + ^ ^ ^ + t p d + l ~= SIZE_MAX - 8 + +At that point `d` wants to terminate its string with a '\0', but +instead it terminates someone else's byte. This does not crash if the +number of trailing spaces is small, as `d` will point into a previous +value (a copy of "foo" in this example). Corrupting that value will +ultimately not matter, as we will soon try to allocate a buffer `l` +long, which will be greater than the available memory and the whole +operation will fail properly. + +However, with more spaces, `d` will point into memory before the +beginning of the allocated buffer, with the exact offset depending on +the length of the earlier attributes and the number of spaces. + +What about a longer DN with more attributes? For example, +"CN=foo ,DC= ,DC=example,DC=com" -- since `d` has moved out of +bounds, won't we continue to use it and write more DN values into +mystery memory? Fortunately not, because the aforementioned allocation +of `l` bytes must happen first, and `l` is now huge. The allocation +happens in a talloc_memdup(), which is by default restricted to +allocating 256MB. + +So this allows a person who controls a string parsed by ldb_dn_explode +to corrupt heap memory by placing a single zero byte at a chosen +offset before the allocated buffer. + +An LDAP bind request can send a string DN as a username. This DN is +necessarily parsed before the password is checked, so an attacker does +not need proper credentials. The attacker can easily cause a denial of +service and we cannot rule out more subtle attacks. + +The immediate solution is to reset `t` to NULL when a comma is +encountered, indicating that we are no longer looking at trailing +whitespace. + +Found with the help of Honggfuzz. + +BUG: https://bugzilla.samba.org/show_bug.cgi?id=14595 + +Signed-off-by: Douglas Bagnall +Reviewed-by: Andrew Bartlett +--- + lib/ldb/common/ldb_dn.c | 1 + + selftest/knownfail.d/python-segfaults | 1 - + 2 files changed, 1 insertion(+), 1 deletion(-) + +--- a/common/ldb_dn.c ++++ b/common/ldb_dn.c +@@ -570,6 +570,7 @@ static bool ldb_dn_explode(struct ldb_dn + /* trim back */ + d -= (p - t); + l -= (p - t); ++ t = NULL; + } + + in_attr = true; diff -Nru ldb-2.2.0/debian/patches/CVE-2020-27840-pytests-move-Dn.validate-test-to-ldb.patch ldb-2.2.0/debian/patches/CVE-2020-27840-pytests-move-Dn.validate-test-to-ldb.patch --- ldb-2.2.0/debian/patches/CVE-2020-27840-pytests-move-Dn.validate-test-to-ldb.patch 1970-01-01 00:00:00.000000000 +0000 +++ ldb-2.2.0/debian/patches/CVE-2020-27840-pytests-move-Dn.validate-test-to-ldb.patch 2021-03-26 15:09:39.000000000 +0000 @@ -0,0 +1,79 @@ +From: Douglas Bagnall +Date: Thu, 11 Feb 2021 16:28:43 +1300 +Subject: CVE-2020-27840: pytests: move Dn.validate test to ldb +Origin: https://git.samba.org/?p=samba.git;a=commitdiff;h=9532c44baea130db74f866e1472cb871936cd3dd + +We had the test in the Samba Python segfault suite because +a) the signal catching infrastructure was there, and +b) the ldb tests lack Samba's knownfail mechanism, which allowed us to + assert the failure. + +BUG: https://bugzilla.samba.org/show_bug.cgi?id=14595 + +Signed-off-by: Douglas Bagnall +Reviewed-by: Andrew Bartlett +--- + lib/ldb/tests/python/crash.py | 45 ++++++++++++++++++++++++++++++++++ + lib/ldb/wscript | 1 + + python/samba/tests/segfault.py | 6 ----- + 3 files changed, 46 insertions(+), 6 deletions(-) + create mode 100644 lib/ldb/tests/python/crash.py + +--- /dev/null ++++ b/tests/python/crash.py +@@ -0,0 +1,45 @@ ++#!/usr/bin/env python3 ++# ++# Tests for crashing functions ++ ++import os ++from unittest import TestCase ++import os ++import sys ++import traceback ++ ++import ldb ++ ++ ++def segfault_detector(f): ++ def wrapper(*args, **kwargs): ++ pid = os.fork() ++ if pid == 0: ++ # child, crashing? ++ try: ++ f(*args, **kwargs) ++ except Exception as e: ++ traceback.print_exc() ++ sys.stderr.flush() ++ sys.stdout.flush() ++ os._exit(0) ++ ++ # parent, waiting ++ pid2, status = os.waitpid(pid, 0) ++ if os.WIFSIGNALED(status): ++ signal = os.WTERMSIG(status) ++ raise AssertionError("Failed with signal %d" % signal) ++ ++ return wrapper ++ ++ ++class LdbDnCrashTests(TestCase): ++ @segfault_detector ++ def test_ldb_dn_explode_crash(self): ++ for i in range(106, 150): ++ dn = ldb.Dn(ldb.Ldb(), "a=b%s,c= " % (' ' * i)) ++ dn.validate() ++ ++if __name__ == '__main__': ++ import unittest ++ unittest.TestProgram() +--- a/wscript ++++ b/wscript +@@ -618,6 +618,7 @@ def test(ctx): + os.mkdir(tmp_dir) + pyret = samba_utils.RUN_PYTHON_TESTS( + ['tests/python/api.py', ++ 'tests/python/crash.py', + 'tests/python/index.py', + 'tests/python/repack.py'], + extra_env={'SELFTEST_PREFIX': test_prefix}) diff -Nru ldb-2.2.0/debian/patches/CVE-2021-20277-1.patch ldb-2.2.0/debian/patches/CVE-2021-20277-1.patch --- ldb-2.2.0/debian/patches/CVE-2021-20277-1.patch 2021-03-30 17:00:16.000000000 +0000 +++ ldb-2.2.0/debian/patches/CVE-2021-20277-1.patch 1970-01-01 00:00:00.000000000 +0000 @@ -1,182 +0,0 @@ -From d4086c5b506d5802b0727225c9376dc5dc1627e1 Mon Sep 17 00:00:00 2001 -From: Douglas Bagnall -Date: Fri, 5 Mar 2021 15:47:56 +1300 -Subject: [PATCH 1/4] ldb: add tests for ldb_wildcard_compare -MIME-Version: 1.0 -Content-Type: text/plain; charset=UTF-8 -Content-Transfer-Encoding: 8bit - -BUG: https://bugzilla.samba.org/show_bug.cgi?id=14044 - -Signed-off-by: Douglas Bagnall -Reviewed-by: Björn Jacke -Reviewed-by: Andrew Bartlett - -(cherry-picked from commit 33a95a1e75b85e9795c4490b78ead2162e2a1f47) ---- - lib/ldb/tests/ldb_match_test.c | 134 ++++++++++++++++++++++++++++++--- - 1 file changed, 124 insertions(+), 10 deletions(-) - -diff --git a/tests/ldb_match_test.c b/tests/ldb_match_test.c -index e09f50c86ba..3028aed072c 100644 ---- a/tests/ldb_match_test.c -+++ b/tests/ldb_match_test.c -@@ -91,6 +91,33 @@ static int teardown(void **state) - return 0; - } - -+static void escape_string(uint8_t *buf, size_t buflen, -+ const uint8_t *s, size_t len) -+{ -+ size_t i; -+ size_t j = 0; -+ for (i = 0; i < len; i++) { -+ if (j == buflen - 1) { -+ goto fin; -+ } -+ if (s[i] >= 0x20) { -+ buf[j] = s[i]; -+ j++; -+ } else { -+ if (j >= buflen - 4) { -+ goto fin; -+ } -+ /* utf-8 control char representation */ -+ buf[j] = 0xE2; -+ buf[j + 1] = 0x90; -+ buf[j + 2] = 0x80 + s[i]; -+ j+= 3; -+ } -+ } -+fin: -+ buf[j] = 0; -+} -+ - - /* - * The wild card pattern "attribute=*" is parsed as an LDB_OP_PRESENT operation -@@ -122,23 +149,110 @@ static void test_wildcard_match_star(void **state) - * Test basic wild card matching - * - */ -+struct wildcard_test { -+ uint8_t *val; -+ size_t val_size; -+ const char *search; -+ bool should_match; -+ bool fold; -+}; -+ -+/* -+ * Q: Why this macro rather than plain struct values? -+ * A: So we can get the size of the const char[] value while it is still a -+ * true array, not a pointer. -+ * -+ * Q: but why not just use strlen? -+ * A: so values can contain '\0', which we supposedly allow. -+ */ -+ -+#define TEST_ENTRY(val, search, should_match, fold) \ -+ { \ -+ (uint8_t*)discard_const(val), \ -+ sizeof(val) - 1, \ -+ search, \ -+ should_match, \ -+ fold \ -+ } -+ - static void test_wildcard_match(void **state) - { - struct ldbtest_ctx *ctx = *state; -- bool matched = false; -- -- uint8_t value[] = "The value.......end"; -- struct ldb_val val = { -- .data = value, -- .length = (sizeof(value)) -+ size_t failed = 0; -+ size_t i; -+ struct wildcard_test tests[] = { -+ TEST_ENTRY("The value.......end", "*end", true, true), -+ TEST_ENTRY("The value.......end", "*fend", false, true), -+ TEST_ENTRY("The value.......end", "*eel", false, true), -+ TEST_ENTRY("The value.......end", "*d", true, true), -+ TEST_ENTRY("The value.......end", "*D*", true, true), -+ TEST_ENTRY("The value.......end", "*e*d*", true, true), -+ TEST_ENTRY("end", "*e*d*", true, true), -+ TEST_ENTRY("end", " *e*d*", true, true), -+ TEST_ENTRY("1.0.0.0.0.0.0.0aaaaaaaaaaaa", "*aaaaa", true, true), -+ TEST_ENTRY("1.0..0.0.0.0.0.0.0aAaaaAAAAAAA", "*a", true, true), -+ TEST_ENTRY("1.0.0.0.0.0.0.0.0.0.0aaaa", "*aaaaa", false, true), -+ TEST_ENTRY("1.0.0.0.0.0.0.0.0.0.0", "*0.0", true, true), -+ TEST_ENTRY("1.0.0.0.0.0.0.0.0.0.0", "*0.0.0", true, true), -+ TEST_ENTRY("1.0.0.0.0.0.0.0.0.0", "1*0*0*0*0*0*0*0*0*0", true, -+ true), -+ TEST_ENTRY("1.0.0.0.0.0.0.0.0", "1*0*0*0*0*0*0*0*0*0", false, -+ true), -+ TEST_ENTRY("1.0.0.0.000.0.0.0.0", "1*0*0*0*0*0*0*0*0*0", true, -+ true), -+ TEST_ENTRY("1\n0\r0\t000.0.0.0.0", "1*0*0*0*0*0*0*0*0", true, -+ true), -+ /* -+ * We allow NUL bytes in non-casefolding syntaxes. -+ */ -+ TEST_ENTRY("1\x00 x", "1*x", true, false), -+ TEST_ENTRY("1\x00 x", "*x", true, false), -+ TEST_ENTRY("1\x00 x", "*x*", true, false), -+ TEST_ENTRY("1\x00 x", "* *", true, false), -+ TEST_ENTRY("1\x00 x", "1*", true, false), -+ TEST_ENTRY("1\x00 b* x", "1*b*", true, false), -+ TEST_ENTRY("1.0..0.0.0.0.0.0.0aAaaaAAAAAAA", "*a", false, false), - }; -- struct ldb_parse_tree *tree = ldb_parse_tree(ctx, "objectClass=*end"); -- assert_non_null(tree); - -- ldb_wildcard_compare(ctx->ldb, tree, val, &matched); -- assert_true(matched); -+ for (i = 0; i < ARRAY_SIZE(tests); i++) { -+ bool matched; -+ int ret; -+ struct ldb_val val = { -+ .data = (uint8_t *)tests[i].val, -+ .length = tests[i].val_size -+ }; -+ const char *attr = tests[i].fold ? "objectclass" : "birthLocation"; -+ const char *s = talloc_asprintf(ctx, "%s=%s", -+ attr, tests[i].search); -+ struct ldb_parse_tree *tree = ldb_parse_tree(ctx, s); -+ assert_non_null(tree); -+ ret = ldb_wildcard_compare(ctx->ldb, tree, val, &matched); -+ if (ret != LDB_SUCCESS) { -+ uint8_t buf[100]; -+ escape_string(buf, sizeof(buf), -+ tests[i].val, tests[i].val_size); -+ print_error("%zu val: «%s», search «%s» FAILED with %d\n", -+ i, buf, tests[i].search, ret); -+ failed++; -+ } -+ if (matched != tests[i].should_match) { -+ uint8_t buf[100]; -+ escape_string(buf, sizeof(buf), -+ tests[i].val, tests[i].val_size); -+ print_error("%zu val: «%s», search «%s» should %s\n", -+ i, buf, tests[i].search, -+ matched ? "not match" : "match"); -+ failed++; -+ } -+ } -+ if (failed != 0) { -+ fail_msg("wrong results for %zu/%zu wildcard searches\n", -+ failed, ARRAY_SIZE(tests)); -+ } - } - -+#undef TEST_ENTRY -+ - - /* - * ldb_handler_copy and ldb_val_dup over allocate by one and add a trailing '\0' --- -2.25.1 - - diff -Nru ldb-2.2.0/debian/patches/CVE-2021-20277-2.patch ldb-2.2.0/debian/patches/CVE-2021-20277-2.patch --- ldb-2.2.0/debian/patches/CVE-2021-20277-2.patch 2021-03-30 17:00:19.000000000 +0000 +++ ldb-2.2.0/debian/patches/CVE-2021-20277-2.patch 1970-01-01 00:00:00.000000000 +0000 @@ -1,46 +0,0 @@ -From 0db93416ebb02c585436b90017f521c1460eef29 Mon Sep 17 00:00:00 2001 -From: Douglas Bagnall -Date: Fri, 5 Mar 2021 20:13:01 +1300 -Subject: [PATCH 2/4] CVE-2021-20277 ldb tests: ldb_match tests with extra - spaces - -BUG: https://bugzilla.samba.org/show_bug.cgi?id=14655 - -Signed-off-by: Douglas Bagnall -Reviewed-by: Andrew Bartlett -(cherry-picked from commit for master) ---- - lib/ldb/tests/ldb_match_test.c | 8 +++++++- - 1 file changed, 7 insertions(+), 1 deletion(-) - -diff --git a/tests/ldb_match_test.c b/tests/ldb_match_test.c -index 3028aed072c..ba6ea56be15 100644 ---- a/tests/ldb_match_test.c -+++ b/tests/ldb_match_test.c -@@ -181,6 +181,8 @@ static void test_wildcard_match(void **state) - size_t failed = 0; - size_t i; - struct wildcard_test tests[] = { -+ TEST_ENTRY(" 1 0", "1*0*", true, true), -+ TEST_ENTRY(" 1 0", "1 *0", true, true), - TEST_ENTRY("The value.......end", "*end", true, true), - TEST_ENTRY("The value.......end", "*fend", false, true), - TEST_ENTRY("The value.......end", "*eel", false, true), -@@ -203,8 +205,12 @@ static void test_wildcard_match(void **state) - TEST_ENTRY("1\n0\r0\t000.0.0.0.0", "1*0*0*0*0*0*0*0*0", true, - true), - /* -- * We allow NUL bytes in non-casefolding syntaxes. -+ * We allow NUL bytes and redundant spaces in non-casefolding -+ * syntaxes. - */ -+ TEST_ENTRY(" 1 0", "*1 0", true, false), -+ TEST_ENTRY(" 1 0", "*1 0", true, false), -+ TEST_ENTRY("1 0", "*1 0", false, false), - TEST_ENTRY("1\x00 x", "1*x", true, false), - TEST_ENTRY("1\x00 x", "*x", true, false), - TEST_ENTRY("1\x00 x", "*x*", true, false), --- -2.25.1 - - diff -Nru ldb-2.2.0/debian/patches/CVE-2021-20277-3.patch ldb-2.2.0/debian/patches/CVE-2021-20277-3.patch --- ldb-2.2.0/debian/patches/CVE-2021-20277-3.patch 2021-03-30 17:00:22.000000000 +0000 +++ ldb-2.2.0/debian/patches/CVE-2021-20277-3.patch 1970-01-01 00:00:00.000000000 +0000 @@ -1,40 +0,0 @@ -From 4e81074e3ce74d68fd4fd1b5206d1831f3293d50 Mon Sep 17 00:00:00 2001 -From: Andrew Bartlett -Date: Fri, 12 Mar 2021 11:51:56 +1300 -Subject: [PATCH 3/4] CVE-2021-20277 ldb: Remove tests from ldb_match_test that - do not pass - -This reverts some of the backport of 33a95a1e75b85e9795c4490b78ead2162e2a1f47 - -This is done here rather than squashed in the cherry-pick of the expanded testsuite -because it allows this commit to be simply reverted for the backport of bug 14044 -if this lands first, or to be dropped if bug 14044 lands first. - -BUG: https://bugzilla.samba.org/show_bug.cgi?id=14655 - -Signed-off-by: Andrew Bartlett -Reviewed-by: Douglas Bagnall ---- - lib/ldb/tests/ldb_match_test.c | 2 -- - 1 file changed, 2 deletions(-) - -diff --git a/tests/ldb_match_test.c b/tests/ldb_match_test.c -index ba6ea56be15..fbf4106fa78 100644 ---- a/tests/ldb_match_test.c -+++ b/tests/ldb_match_test.c -@@ -191,11 +191,9 @@ static void test_wildcard_match(void **state) - TEST_ENTRY("The value.......end", "*e*d*", true, true), - TEST_ENTRY("end", "*e*d*", true, true), - TEST_ENTRY("end", " *e*d*", true, true), -- TEST_ENTRY("1.0.0.0.0.0.0.0aaaaaaaaaaaa", "*aaaaa", true, true), - TEST_ENTRY("1.0..0.0.0.0.0.0.0aAaaaAAAAAAA", "*a", true, true), - TEST_ENTRY("1.0.0.0.0.0.0.0.0.0.0aaaa", "*aaaaa", false, true), - TEST_ENTRY("1.0.0.0.0.0.0.0.0.0.0", "*0.0", true, true), -- TEST_ENTRY("1.0.0.0.0.0.0.0.0.0.0", "*0.0.0", true, true), - TEST_ENTRY("1.0.0.0.0.0.0.0.0.0", "1*0*0*0*0*0*0*0*0*0", true, - true), - TEST_ENTRY("1.0.0.0.0.0.0.0.0", "1*0*0*0*0*0*0*0*0*0", false, --- -2.25.1 - - diff -Nru ldb-2.2.0/debian/patches/CVE-2021-20277-4.patch ldb-2.2.0/debian/patches/CVE-2021-20277-4.patch --- ldb-2.2.0/debian/patches/CVE-2021-20277-4.patch 2021-03-30 17:00:25.000000000 +0000 +++ ldb-2.2.0/debian/patches/CVE-2021-20277-4.patch 1970-01-01 00:00:00.000000000 +0000 @@ -1,35 +0,0 @@ -From f582524c356c1431ed5d268e44c4d164c15a7550 Mon Sep 17 00:00:00 2001 -From: Douglas Bagnall -Date: Tue, 8 Dec 2020 21:32:09 +1300 -Subject: [PATCH 4/4] CVE-2021-20277 ldb/attrib_handlers casefold: stay in - bounds - -For a string that had N spaces at the beginning, we would -try to move N bytes beyond the end of the string. - -BUG: https://bugzilla.samba.org/show_bug.cgi?id=14655 - -Signed-off-by: Douglas Bagnall -Reviewed-by: Andrew Bartlett - -(cherry-picked from commit for master) ---- - lib/ldb/common/attrib_handlers.c | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/common/attrib_handlers.c b/common/attrib_handlers.c -index b5212b73159..c6ef5ad477b 100644 ---- a/common/attrib_handlers.c -+++ b/common/attrib_handlers.c -@@ -76,7 +76,7 @@ int ldb_handler_fold(struct ldb_context *ldb, void *mem_ctx, - - /* remove leading spaces if any */ - if (*s == ' ') { -- for (t = s; *s == ' '; s++) ; -+ for (t = s; *s == ' '; s++, l--) ; - - /* remove leading spaces by moving down the string */ - memmove(t, s, l); --- -2.25.1 - diff -Nru ldb-2.2.0/debian/patches/CVE-2021-20277-ldb-attrib_handlers-casefold-stay-in-.patch ldb-2.2.0/debian/patches/CVE-2021-20277-ldb-attrib_handlers-casefold-stay-in-.patch --- ldb-2.2.0/debian/patches/CVE-2021-20277-ldb-attrib_handlers-casefold-stay-in-.patch 1970-01-01 00:00:00.000000000 +0000 +++ ldb-2.2.0/debian/patches/CVE-2021-20277-ldb-attrib_handlers-casefold-stay-in-.patch 2021-03-26 15:09:39.000000000 +0000 @@ -0,0 +1,30 @@ +From: Douglas Bagnall +Date: Tue, 8 Dec 2020 21:32:09 +1300 +Subject: CVE-2021-20277 ldb/attrib_handlers casefold: stay in bounds +Origin: https://git.samba.org/?p=samba.git;a=commitdiff;h=1fe8c790b2294fd10fe9c9c6254ecf2b6c00b709 +Bug-Debian-Security: https://security-tracker.debian.org/tracker/CVE-2021-20277 +Bug-Debian: https://bugs.debian.org/985935 +Bug: https://bugzilla.samba.org/show_bug.cgi?id=14655 + +For a string that had N spaces at the beginning, we would +try to move N bytes beyond the end of the string. + +BUG: https://bugzilla.samba.org/show_bug.cgi?id=14655 + +Signed-off-by: Douglas Bagnall +Reviewed-by: Andrew Bartlett +--- + lib/ldb/common/attrib_handlers.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +--- a/common/attrib_handlers.c ++++ b/common/attrib_handlers.c +@@ -76,7 +76,7 @@ int ldb_handler_fold(struct ldb_context + + /* remove leading spaces if any */ + if (*s == ' ') { +- for (t = s; *s == ' '; s++) ; ++ for (t = s; *s == ' '; s++, l--) ; + + /* remove leading spaces by moving down the string */ + memmove(t, s, l); diff -Nru ldb-2.2.0/debian/patches/CVE-2021-20277-ldb-tests-ldb_match-tests-with-extra-.patch ldb-2.2.0/debian/patches/CVE-2021-20277-ldb-tests-ldb_match-tests-with-extra-.patch --- ldb-2.2.0/debian/patches/CVE-2021-20277-ldb-tests-ldb_match-tests-with-extra-.patch 1970-01-01 00:00:00.000000000 +0000 +++ ldb-2.2.0/debian/patches/CVE-2021-20277-ldb-tests-ldb_match-tests-with-extra-.patch 2021-03-26 18:06:48.000000000 +0000 @@ -0,0 +1,43 @@ +From: Douglas Bagnall +Date: Fri, 5 Mar 2021 20:13:01 +1300 +Subject: CVE-2021-20277 ldb tests: ldb_match tests with extra spaces +Origin: https://git.samba.org/?p=samba.git;a=commitdiff;h=ea4bd2c437fbb5801fb82e2a038d9cdb5abea4c0 + +BUG: https://bugzilla.samba.org/show_bug.cgi?id=14655 + +Signed-off-by: Douglas Bagnall +Reviewed-by: Andrew Bartlett +--- + lib/ldb/tests/ldb_match_test.c | 8 +++++++- + 1 file changed, 7 insertions(+), 1 deletion(-) + +diff --git a/lib/ldb/tests/ldb_match_test.c b/lib/ldb/tests/ldb_match_test.c +index 3028aed072c6..ba6ea56be158 100644 +--- a/tests/ldb_match_test.c ++++ b/tests/ldb_match_test.c +@@ -181,6 +181,8 @@ static void test_wildcard_match(void **state) + size_t failed = 0; + size_t i; + struct wildcard_test tests[] = { ++ TEST_ENTRY(" 1 0", "1*0*", true, true), ++ TEST_ENTRY(" 1 0", "1 *0", true, true), + TEST_ENTRY("The value.......end", "*end", true, true), + TEST_ENTRY("The value.......end", "*fend", false, true), + TEST_ENTRY("The value.......end", "*eel", false, true), +@@ -203,8 +205,12 @@ static void test_wildcard_match(void **state) + TEST_ENTRY("1\n0\r0\t000.0.0.0.0", "1*0*0*0*0*0*0*0*0", true, + true), + /* +- * We allow NUL bytes in non-casefolding syntaxes. ++ * We allow NUL bytes and redundant spaces in non-casefolding ++ * syntaxes. + */ ++ TEST_ENTRY(" 1 0", "*1 0", true, false), ++ TEST_ENTRY(" 1 0", "*1 0", true, false), ++ TEST_ENTRY("1 0", "*1 0", false, false), + TEST_ENTRY("1\x00 x", "1*x", true, false), + TEST_ENTRY("1\x00 x", "*x", true, false), + TEST_ENTRY("1\x00 x", "*x*", true, false), +-- +2.20.1 + diff -Nru ldb-2.2.0/debian/patches/ldb-add-tests-for-ldb_wildcard_compare.patch ldb-2.2.0/debian/patches/ldb-add-tests-for-ldb_wildcard_compare.patch --- ldb-2.2.0/debian/patches/ldb-add-tests-for-ldb_wildcard_compare.patch 1970-01-01 00:00:00.000000000 +0000 +++ ldb-2.2.0/debian/patches/ldb-add-tests-for-ldb_wildcard_compare.patch 2021-03-26 18:06:48.000000000 +0000 @@ -0,0 +1,174 @@ +From: Douglas Bagnall +Date: Fri, 5 Mar 2021 15:47:56 +1300 +Subject: ldb: add tests for ldb_wildcard_compare +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit +Origin: https://git.samba.org/?p=samba.git;a=commitdiff;h=33a95a1e75b85e9795c4490b78ead2162e2a1f47 + +BUG: https://bugzilla.samba.org/show_bug.cgi?id=14044 + +Signed-off-by: Douglas Bagnall +Reviewed-by: Björn Jacke +Reviewed-by: Andrew Bartlett +--- + lib/ldb/tests/ldb_match_test.c | 134 ++++++++++++++++++++++++++++++--- + 1 file changed, 124 insertions(+), 10 deletions(-) + +--- a/tests/ldb_match_test.c ++++ b/tests/ldb_match_test.c +@@ -91,6 +91,33 @@ static int teardown(void **state) + return 0; + } + ++static void escape_string(uint8_t *buf, size_t buflen, ++ const uint8_t *s, size_t len) ++{ ++ size_t i; ++ size_t j = 0; ++ for (i = 0; i < len; i++) { ++ if (j == buflen - 1) { ++ goto fin; ++ } ++ if (s[i] >= 0x20) { ++ buf[j] = s[i]; ++ j++; ++ } else { ++ if (j >= buflen - 4) { ++ goto fin; ++ } ++ /* utf-8 control char representation */ ++ buf[j] = 0xE2; ++ buf[j + 1] = 0x90; ++ buf[j + 2] = 0x80 + s[i]; ++ j+= 3; ++ } ++ } ++fin: ++ buf[j] = 0; ++} ++ + + /* + * The wild card pattern "attribute=*" is parsed as an LDB_OP_PRESENT operation +@@ -122,23 +149,110 @@ static void test_wildcard_match_star(voi + * Test basic wild card matching + * + */ ++struct wildcard_test { ++ uint8_t *val; ++ size_t val_size; ++ const char *search; ++ bool should_match; ++ bool fold; ++}; ++ ++/* ++ * Q: Why this macro rather than plain struct values? ++ * A: So we can get the size of the const char[] value while it is still a ++ * true array, not a pointer. ++ * ++ * Q: but why not just use strlen? ++ * A: so values can contain '\0', which we supposedly allow. ++ */ ++ ++#define TEST_ENTRY(val, search, should_match, fold) \ ++ { \ ++ (uint8_t*)discard_const(val), \ ++ sizeof(val) - 1, \ ++ search, \ ++ should_match, \ ++ fold \ ++ } ++ + static void test_wildcard_match(void **state) + { + struct ldbtest_ctx *ctx = *state; +- bool matched = false; +- +- uint8_t value[] = "The value.......end"; +- struct ldb_val val = { +- .data = value, +- .length = (sizeof(value)) ++ size_t failed = 0; ++ size_t i; ++ struct wildcard_test tests[] = { ++ TEST_ENTRY("The value.......end", "*end", true, true), ++ TEST_ENTRY("The value.......end", "*fend", false, true), ++ TEST_ENTRY("The value.......end", "*eel", false, true), ++ TEST_ENTRY("The value.......end", "*d", true, true), ++ TEST_ENTRY("The value.......end", "*D*", true, true), ++ TEST_ENTRY("The value.......end", "*e*d*", true, true), ++ TEST_ENTRY("end", "*e*d*", true, true), ++ TEST_ENTRY("end", " *e*d*", true, true), ++ TEST_ENTRY("1.0.0.0.0.0.0.0aaaaaaaaaaaa", "*aaaaa", true, true), ++ TEST_ENTRY("1.0..0.0.0.0.0.0.0aAaaaAAAAAAA", "*a", true, true), ++ TEST_ENTRY("1.0.0.0.0.0.0.0.0.0.0aaaa", "*aaaaa", false, true), ++ TEST_ENTRY("1.0.0.0.0.0.0.0.0.0.0", "*0.0", true, true), ++ TEST_ENTRY("1.0.0.0.0.0.0.0.0.0.0", "*0.0.0", true, true), ++ TEST_ENTRY("1.0.0.0.0.0.0.0.0.0", "1*0*0*0*0*0*0*0*0*0", true, ++ true), ++ TEST_ENTRY("1.0.0.0.0.0.0.0.0", "1*0*0*0*0*0*0*0*0*0", false, ++ true), ++ TEST_ENTRY("1.0.0.0.000.0.0.0.0", "1*0*0*0*0*0*0*0*0*0", true, ++ true), ++ TEST_ENTRY("1\n0\r0\t000.0.0.0.0", "1*0*0*0*0*0*0*0*0", true, ++ true), ++ /* ++ * We allow NUL bytes in non-casefolding syntaxes. ++ */ ++ TEST_ENTRY("1\x00 x", "1*x", true, false), ++ TEST_ENTRY("1\x00 x", "*x", true, false), ++ TEST_ENTRY("1\x00 x", "*x*", true, false), ++ TEST_ENTRY("1\x00 x", "* *", true, false), ++ TEST_ENTRY("1\x00 x", "1*", true, false), ++ TEST_ENTRY("1\x00 b* x", "1*b*", true, false), ++ TEST_ENTRY("1.0..0.0.0.0.0.0.0aAaaaAAAAAAA", "*a", false, false), + }; +- struct ldb_parse_tree *tree = ldb_parse_tree(ctx, "objectClass=*end"); +- assert_non_null(tree); + +- ldb_wildcard_compare(ctx->ldb, tree, val, &matched); +- assert_true(matched); ++ for (i = 0; i < ARRAY_SIZE(tests); i++) { ++ bool matched; ++ int ret; ++ struct ldb_val val = { ++ .data = (uint8_t *)tests[i].val, ++ .length = tests[i].val_size ++ }; ++ const char *attr = tests[i].fold ? "objectclass" : "birthLocation"; ++ const char *s = talloc_asprintf(ctx, "%s=%s", ++ attr, tests[i].search); ++ struct ldb_parse_tree *tree = ldb_parse_tree(ctx, s); ++ assert_non_null(tree); ++ ret = ldb_wildcard_compare(ctx->ldb, tree, val, &matched); ++ if (ret != LDB_SUCCESS) { ++ uint8_t buf[100]; ++ escape_string(buf, sizeof(buf), ++ tests[i].val, tests[i].val_size); ++ print_error("%zu val: «%s», search «%s» FAILED with %d\n", ++ i, buf, tests[i].search, ret); ++ failed++; ++ } ++ if (matched != tests[i].should_match) { ++ uint8_t buf[100]; ++ escape_string(buf, sizeof(buf), ++ tests[i].val, tests[i].val_size); ++ print_error("%zu val: «%s», search «%s» should %s\n", ++ i, buf, tests[i].search, ++ matched ? "not match" : "match"); ++ failed++; ++ } ++ } ++ if (failed != 0) { ++ fail_msg("wrong results for %zu/%zu wildcard searches\n", ++ failed, ARRAY_SIZE(tests)); ++ } + } + ++#undef TEST_ENTRY ++ + + /* + * ldb_handler_copy and ldb_val_dup over allocate by one and add a trailing '\0' diff -Nru ldb-2.2.0/debian/patches/ldb-Remove-tests-from-ldb_match_test-that-do-not-pas.patch ldb-2.2.0/debian/patches/ldb-Remove-tests-from-ldb_match_test-that-do-not-pas.patch --- ldb-2.2.0/debian/patches/ldb-Remove-tests-from-ldb_match_test-that-do-not-pas.patch 1970-01-01 00:00:00.000000000 +0000 +++ ldb-2.2.0/debian/patches/ldb-Remove-tests-from-ldb_match_test-that-do-not-pas.patch 2021-03-26 18:06:48.000000000 +0000 @@ -0,0 +1,26 @@ +From 2712e2d68852bbca0809b034c95906d27d97045e Mon Sep 17 00:00:00 2001 +From: Salvatore Bonaccorso +Date: Fri, 26 Mar 2021 16:36:28 +0100 +Subject: ldb: Remove tests from ldb_match_test that do not pass + +Remove the failing thest that do not part because our version do not +contain the fixes for upstream bug +https://bugzilla.samba.org/show_bug.cgi?id=14044 +--- + lib/ldb/tests/ldb_match_test.c | 2 -- + 1 file changed, 2 deletions(-) + +--- a/tests/ldb_match_test.c ++++ b/tests/ldb_match_test.c +@@ -191,11 +191,9 @@ static void test_wildcard_match(void **s + TEST_ENTRY("The value.......end", "*e*d*", true, true), + TEST_ENTRY("end", "*e*d*", true, true), + TEST_ENTRY("end", " *e*d*", true, true), +- TEST_ENTRY("1.0.0.0.0.0.0.0aaaaaaaaaaaa", "*aaaaa", true, true), + TEST_ENTRY("1.0..0.0.0.0.0.0.0aAaaaAAAAAAA", "*a", true, true), + TEST_ENTRY("1.0.0.0.0.0.0.0.0.0.0aaaa", "*aaaaa", false, true), + TEST_ENTRY("1.0.0.0.0.0.0.0.0.0.0", "*0.0", true, true), +- TEST_ENTRY("1.0.0.0.0.0.0.0.0.0.0", "*0.0.0", true, true), + TEST_ENTRY("1.0.0.0.0.0.0.0.0.0", "1*0*0*0*0*0*0*0*0*0", true, + true), + TEST_ENTRY("1.0.0.0.0.0.0.0.0", "1*0*0*0*0*0*0*0*0*0", false, diff -Nru ldb-2.2.0/debian/patches/series ldb-2.2.0/debian/patches/series --- ldb-2.2.0/debian/patches/series 2021-03-30 17:00:25.000000000 +0000 +++ ldb-2.2.0/debian/patches/series 2021-03-26 18:06:48.000000000 +0000 @@ -3,9 +3,9 @@ Skip-test_guid_indexed_v1_db-on-mips64el-ppc64el-ia6.patch Fix-FTBFS-Increase-the-over-estimation-for-sparse-fi.patch Skip-ldb_lmdb_free_list_test-on-ppc64el-ppc64-and-sp.patch -CVE-2020-27840-1.patch -CVE-2020-27840-2.patch -CVE-2021-20277-1.patch -CVE-2021-20277-2.patch -CVE-2021-20277-3.patch -CVE-2021-20277-4.patch +CVE-2020-27840-ldb_dn-avoid-head-corruption-in-ldb_d.patch +CVE-2020-27840-pytests-move-Dn.validate-test-to-ldb.patch +CVE-2021-20277-ldb-attrib_handlers-casefold-stay-in-.patch +ldb-add-tests-for-ldb_wildcard_compare.patch +CVE-2021-20277-ldb-tests-ldb_match-tests-with-extra-.patch +ldb-Remove-tests-from-ldb_match_test-that-do-not-pas.patch diff -Nru ldb-2.2.0/debian/rules ldb-2.2.0/debian/rules --- ldb-2.2.0/debian/rules 2021-03-30 14:11:59.000000000 +0000 +++ ldb-2.2.0/debian/rules 2021-03-26 12:25:48.000000000 +0000 @@ -71,7 +71,6 @@ override_dh_makeshlibs: DEB_PY3_EXTENSION_SUFFIX=$(shell python3-config --extension-suffix | tr '_' '-') \ DEB_PY3_EXTENSION_UPCASE=$(shell python3-config --extension-suffix | sed 's/\.so$$//' | tr 'a-z-' 'A-Z_') \ - DEB_BUILD_PROFILES="" \ debian/python3-ldb.symbols.in > debian/python3-ldb.symbols dh_makeshlibs -Xldb. -ppython3-ldb -- -c4 rm debian/python3-ldb.symbols