[Pkg-samba-maint] Bug#985936: Actual debdiff
Salvatore Bonaccorso
carnil at debian.org
Fri Mar 26 19:00:23 GMT 2021
Hi
The correct debdiff is attached.
Regards,
Salvatore
-------------- next part --------------
diff -Nru ldb-2.2.0/debian/changelog ldb-2.2.0/debian/changelog
--- ldb-2.2.0/debian/changelog 2020-11-18 20:33:02.000000000 +0100
+++ ldb-2.2.0/debian/changelog 2021-03-26 19:52:18.000000000 +0100
@@ -1,3 +1,17 @@
+ldb (2:2.2.0-3.1) unstable; urgency=medium
+
+ * Non-maintainer upload.
+ * ldb_dn: avoid head corruption in ldb_dn_explode (CVE-2020-27840)
+ (Closes: #985936)
+ * pytests: move Dn.validate test to ldb
+ * ldb/attrib_handlers casefold: stay in bounds (CVE-2021-20277)
+ (Closes: #985935)
+ * ldb: add tests for ldb_wildcard_compare
+ * ldb tests: ldb_match tests with extra spaces
+ * ldb: Remove tests from ldb_match_test that do not pass
+
+ -- Salvatore Bonaccorso <carnil at debian.org> Fri, 26 Mar 2021 19:52:18 +0100
+
ldb (2:2.2.0-3) unstable; urgency=medium
* Upload to unstable
diff -Nru ldb-2.2.0/debian/patches/CVE-2020-27840-ldb_dn-avoid-head-corruption-in-ldb_d.patch ldb-2.2.0/debian/patches/CVE-2020-27840-ldb_dn-avoid-head-corruption-in-ldb_d.patch
--- ldb-2.2.0/debian/patches/CVE-2020-27840-ldb_dn-avoid-head-corruption-in-ldb_d.patch 1970-01-01 01:00:00.000000000 +0100
+++ ldb-2.2.0/debian/patches/CVE-2020-27840-ldb_dn-avoid-head-corruption-in-ldb_d.patch 2021-03-26 13:47:14.000000000 +0100
@@ -0,0 +1,104 @@
+From: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
+Date: Fri, 11 Dec 2020 16:32:25 +1300
+Subject: CVE-2020-27840 ldb_dn: avoid head corruption in ldb_dn_explode
+Origin: https://git.samba.org/?p=samba.git;a=commitdiff;h=dbb3e65f7e382adf5fa6a6afb3d8684aca3f201a
+Bug: https://bugzilla.samba.org/show_bug.cgi?id=14595
+Bug-Debian: https://bugs.debian.org/985936
+Bug-Debian-Security: https://security-tracker.debian.org/tracker/CVE-2020-27840
+
+A DN string with lots of trailing space can cause ldb_dn_explode() to
+put a zero byte in the wrong place in the heap.
+
+When a DN string has a value represented with trailing spaces,
+like this
+
+ "CN=foo ,DC=bar"
+
+the whitespace is supposed to be ignored. We keep track of this in the
+`t` pointer, which is NULL when we are not walking through trailing
+spaces, and points to the first space when we are. We are walking with
+the `p` pointer, writing the value to `d`, and keeping the length in
+`l`.
+
+ "CN=foo ,DC= " ==> "foo "
+ ^ ^ ^
+ t p d
+ --l---
+
+The value is finished when we encounter a comma or the end of the
+string. If `t` is not NULL at that point, we assume there are trailing
+spaces and wind `d and `l` back by the correct amount. Then we switch
+to expecting an attribute name (e.g. "CN"), until we get to an "=",
+which puts us back into looking for a value.
+
+Unfortunately, we forget to immediately tell `t` that we'd finished
+the last value, we can end up like this:
+
+ "CN=foo ,DC= " ==> ""
+ ^ ^ ^
+ t p d
+ l=0
+
+where `p` is pointing to a new value that contains only spaces, while
+`t` is still referring to the old value. `p` notices the value ends,
+and we subtract `p - t` from `d`:
+
+ "CN=foo ,DC= " ==> ? ""
+ ^ ^ ^
+ t p d
+ l ~= SIZE_MAX - 8
+
+At that point `d` wants to terminate its string with a '\0', but
+instead it terminates someone else's byte. This does not crash if the
+number of trailing spaces is small, as `d` will point into a previous
+value (a copy of "foo" in this example). Corrupting that value will
+ultimately not matter, as we will soon try to allocate a buffer `l`
+long, which will be greater than the available memory and the whole
+operation will fail properly.
+
+However, with more spaces, `d` will point into memory before the
+beginning of the allocated buffer, with the exact offset depending on
+the length of the earlier attributes and the number of spaces.
+
+What about a longer DN with more attributes? For example,
+"CN=foo ,DC= ,DC=example,DC=com" -- since `d` has moved out of
+bounds, won't we continue to use it and write more DN values into
+mystery memory? Fortunately not, because the aforementioned allocation
+of `l` bytes must happen first, and `l` is now huge. The allocation
+happens in a talloc_memdup(), which is by default restricted to
+allocating 256MB.
+
+So this allows a person who controls a string parsed by ldb_dn_explode
+to corrupt heap memory by placing a single zero byte at a chosen
+offset before the allocated buffer.
+
+An LDAP bind request can send a string DN as a username. This DN is
+necessarily parsed before the password is checked, so an attacker does
+not need proper credentials. The attacker can easily cause a denial of
+service and we cannot rule out more subtle attacks.
+
+The immediate solution is to reset `t` to NULL when a comma is
+encountered, indicating that we are no longer looking at trailing
+whitespace.
+
+Found with the help of Honggfuzz.
+
+BUG: https://bugzilla.samba.org/show_bug.cgi?id=14595
+
+Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
+Reviewed-by: Andrew Bartlett <abartlet at samba.org>
+---
+ lib/ldb/common/ldb_dn.c | 1 +
+ selftest/knownfail.d/python-segfaults | 1 -
+ 2 files changed, 1 insertion(+), 1 deletion(-)
+
+--- a/common/ldb_dn.c
++++ b/common/ldb_dn.c
+@@ -570,6 +570,7 @@ static bool ldb_dn_explode(struct ldb_dn
+ /* trim back */
+ d -= (p - t);
+ l -= (p - t);
++ t = NULL;
+ }
+
+ in_attr = true;
diff -Nru ldb-2.2.0/debian/patches/CVE-2020-27840-pytests-move-Dn.validate-test-to-ldb.patch ldb-2.2.0/debian/patches/CVE-2020-27840-pytests-move-Dn.validate-test-to-ldb.patch
--- ldb-2.2.0/debian/patches/CVE-2020-27840-pytests-move-Dn.validate-test-to-ldb.patch 1970-01-01 01:00:00.000000000 +0100
+++ ldb-2.2.0/debian/patches/CVE-2020-27840-pytests-move-Dn.validate-test-to-ldb.patch 2021-03-26 16:09:39.000000000 +0100
@@ -0,0 +1,79 @@
+From: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
+Date: Thu, 11 Feb 2021 16:28:43 +1300
+Subject: CVE-2020-27840: pytests: move Dn.validate test to ldb
+Origin: https://git.samba.org/?p=samba.git;a=commitdiff;h=9532c44baea130db74f866e1472cb871936cd3dd
+
+We had the test in the Samba Python segfault suite because
+a) the signal catching infrastructure was there, and
+b) the ldb tests lack Samba's knownfail mechanism, which allowed us to
+ assert the failure.
+
+BUG: https://bugzilla.samba.org/show_bug.cgi?id=14595
+
+Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
+Reviewed-by: Andrew Bartlett <abartlet at samba.org>
+---
+ lib/ldb/tests/python/crash.py | 45 ++++++++++++++++++++++++++++++++++
+ lib/ldb/wscript | 1 +
+ python/samba/tests/segfault.py | 6 -----
+ 3 files changed, 46 insertions(+), 6 deletions(-)
+ create mode 100644 lib/ldb/tests/python/crash.py
+
+--- /dev/null
++++ b/tests/python/crash.py
+@@ -0,0 +1,45 @@
++#!/usr/bin/env python3
++#
++# Tests for crashing functions
++
++import os
++from unittest import TestCase
++import os
++import sys
++import traceback
++
++import ldb
++
++
++def segfault_detector(f):
++ def wrapper(*args, **kwargs):
++ pid = os.fork()
++ if pid == 0:
++ # child, crashing?
++ try:
++ f(*args, **kwargs)
++ except Exception as e:
++ traceback.print_exc()
++ sys.stderr.flush()
++ sys.stdout.flush()
++ os._exit(0)
++
++ # parent, waiting
++ pid2, status = os.waitpid(pid, 0)
++ if os.WIFSIGNALED(status):
++ signal = os.WTERMSIG(status)
++ raise AssertionError("Failed with signal %d" % signal)
++
++ return wrapper
++
++
++class LdbDnCrashTests(TestCase):
++ @segfault_detector
++ def test_ldb_dn_explode_crash(self):
++ for i in range(106, 150):
++ dn = ldb.Dn(ldb.Ldb(), "a=b%s,c= " % (' ' * i))
++ dn.validate()
++
++if __name__ == '__main__':
++ import unittest
++ unittest.TestProgram()
+--- a/wscript
++++ b/wscript
+@@ -618,6 +618,7 @@ def test(ctx):
+ os.mkdir(tmp_dir)
+ pyret = samba_utils.RUN_PYTHON_TESTS(
+ ['tests/python/api.py',
++ 'tests/python/crash.py',
+ 'tests/python/index.py',
+ 'tests/python/repack.py'],
+ extra_env={'SELFTEST_PREFIX': test_prefix})
diff -Nru ldb-2.2.0/debian/patches/CVE-2021-20277-ldb-attrib_handlers-casefold-stay-in-.patch ldb-2.2.0/debian/patches/CVE-2021-20277-ldb-attrib_handlers-casefold-stay-in-.patch
--- ldb-2.2.0/debian/patches/CVE-2021-20277-ldb-attrib_handlers-casefold-stay-in-.patch 1970-01-01 01:00:00.000000000 +0100
+++ ldb-2.2.0/debian/patches/CVE-2021-20277-ldb-attrib_handlers-casefold-stay-in-.patch 2021-03-26 16:09:39.000000000 +0100
@@ -0,0 +1,30 @@
+From: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
+Date: Tue, 8 Dec 2020 21:32:09 +1300
+Subject: CVE-2021-20277 ldb/attrib_handlers casefold: stay in bounds
+Origin: https://git.samba.org/?p=samba.git;a=commitdiff;h=1fe8c790b2294fd10fe9c9c6254ecf2b6c00b709
+Bug-Debian-Security: https://security-tracker.debian.org/tracker/CVE-2021-20277
+Bug-Debian: https://bugs.debian.org/985935
+Bug: https://bugzilla.samba.org/show_bug.cgi?id=14655
+
+For a string that had N spaces at the beginning, we would
+try to move N bytes beyond the end of the string.
+
+BUG: https://bugzilla.samba.org/show_bug.cgi?id=14655
+
+Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
+Reviewed-by: Andrew Bartlett <abartlet at samba.org>
+---
+ lib/ldb/common/attrib_handlers.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+--- a/common/attrib_handlers.c
++++ b/common/attrib_handlers.c
+@@ -76,7 +76,7 @@ int ldb_handler_fold(struct ldb_context
+
+ /* remove leading spaces if any */
+ if (*s == ' ') {
+- for (t = s; *s == ' '; s++) ;
++ for (t = s; *s == ' '; s++, l--) ;
+
+ /* remove leading spaces by moving down the string */
+ memmove(t, s, l);
diff -Nru ldb-2.2.0/debian/patches/CVE-2021-20277-ldb-tests-ldb_match-tests-with-extra-.patch ldb-2.2.0/debian/patches/CVE-2021-20277-ldb-tests-ldb_match-tests-with-extra-.patch
--- ldb-2.2.0/debian/patches/CVE-2021-20277-ldb-tests-ldb_match-tests-with-extra-.patch 1970-01-01 01:00:00.000000000 +0100
+++ ldb-2.2.0/debian/patches/CVE-2021-20277-ldb-tests-ldb_match-tests-with-extra-.patch 2021-03-26 19:06:48.000000000 +0100
@@ -0,0 +1,43 @@
+From: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
+Date: Fri, 5 Mar 2021 20:13:01 +1300
+Subject: CVE-2021-20277 ldb tests: ldb_match tests with extra spaces
+Origin: https://git.samba.org/?p=samba.git;a=commitdiff;h=ea4bd2c437fbb5801fb82e2a038d9cdb5abea4c0
+
+BUG: https://bugzilla.samba.org/show_bug.cgi?id=14655
+
+Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
+Reviewed-by: Andrew Bartlett <abartlet at samba.org>
+---
+ lib/ldb/tests/ldb_match_test.c | 8 +++++++-
+ 1 file changed, 7 insertions(+), 1 deletion(-)
+
+diff --git a/lib/ldb/tests/ldb_match_test.c b/lib/ldb/tests/ldb_match_test.c
+index 3028aed072c6..ba6ea56be158 100644
+--- a/tests/ldb_match_test.c
++++ b/tests/ldb_match_test.c
+@@ -181,6 +181,8 @@ static void test_wildcard_match(void **state)
+ size_t failed = 0;
+ size_t i;
+ struct wildcard_test tests[] = {
++ TEST_ENTRY(" 1 0", "1*0*", true, true),
++ TEST_ENTRY(" 1 0", "1 *0", true, true),
+ TEST_ENTRY("The value.......end", "*end", true, true),
+ TEST_ENTRY("The value.......end", "*fend", false, true),
+ TEST_ENTRY("The value.......end", "*eel", false, true),
+@@ -203,8 +205,12 @@ static void test_wildcard_match(void **state)
+ TEST_ENTRY("1\n0\r0\t000.0.0.0.0", "1*0*0*0*0*0*0*0*0", true,
+ true),
+ /*
+- * We allow NUL bytes in non-casefolding syntaxes.
++ * We allow NUL bytes and redundant spaces in non-casefolding
++ * syntaxes.
+ */
++ TEST_ENTRY(" 1 0", "*1 0", true, false),
++ TEST_ENTRY(" 1 0", "*1 0", true, false),
++ TEST_ENTRY("1 0", "*1 0", false, false),
+ TEST_ENTRY("1\x00 x", "1*x", true, false),
+ TEST_ENTRY("1\x00 x", "*x", true, false),
+ TEST_ENTRY("1\x00 x", "*x*", true, false),
+--
+2.20.1
+
diff -Nru ldb-2.2.0/debian/patches/ldb-Remove-tests-from-ldb_match_test-that-do-not-pas.patch ldb-2.2.0/debian/patches/ldb-Remove-tests-from-ldb_match_test-that-do-not-pas.patch
--- ldb-2.2.0/debian/patches/ldb-Remove-tests-from-ldb_match_test-that-do-not-pas.patch 1970-01-01 01:00:00.000000000 +0100
+++ ldb-2.2.0/debian/patches/ldb-Remove-tests-from-ldb_match_test-that-do-not-pas.patch 2021-03-26 19:06:48.000000000 +0100
@@ -0,0 +1,26 @@
+From 2712e2d68852bbca0809b034c95906d27d97045e Mon Sep 17 00:00:00 2001
+From: Salvatore Bonaccorso <carnil at debian.org>
+Date: Fri, 26 Mar 2021 16:36:28 +0100
+Subject: ldb: Remove tests from ldb_match_test that do not pass
+
+Remove the failing thest that do not part because our version do not
+contain the fixes for upstream bug
+https://bugzilla.samba.org/show_bug.cgi?id=14044
+---
+ lib/ldb/tests/ldb_match_test.c | 2 --
+ 1 file changed, 2 deletions(-)
+
+--- a/tests/ldb_match_test.c
++++ b/tests/ldb_match_test.c
+@@ -191,11 +191,9 @@ static void test_wildcard_match(void **s
+ TEST_ENTRY("The value.......end", "*e*d*", true, true),
+ TEST_ENTRY("end", "*e*d*", true, true),
+ TEST_ENTRY("end", " *e*d*", true, true),
+- TEST_ENTRY("1.0.0.0.0.0.0.0aaaaaaaaaaaa", "*aaaaa", true, true),
+ TEST_ENTRY("1.0..0.0.0.0.0.0.0aAaaaAAAAAAA", "*a", true, true),
+ TEST_ENTRY("1.0.0.0.0.0.0.0.0.0.0aaaa", "*aaaaa", false, true),
+ TEST_ENTRY("1.0.0.0.0.0.0.0.0.0.0", "*0.0", true, true),
+- TEST_ENTRY("1.0.0.0.0.0.0.0.0.0.0", "*0.0.0", true, true),
+ TEST_ENTRY("1.0.0.0.0.0.0.0.0.0", "1*0*0*0*0*0*0*0*0*0", true,
+ true),
+ TEST_ENTRY("1.0.0.0.0.0.0.0.0", "1*0*0*0*0*0*0*0*0*0", false,
diff -Nru ldb-2.2.0/debian/patches/ldb-add-tests-for-ldb_wildcard_compare.patch ldb-2.2.0/debian/patches/ldb-add-tests-for-ldb_wildcard_compare.patch
--- ldb-2.2.0/debian/patches/ldb-add-tests-for-ldb_wildcard_compare.patch 1970-01-01 01:00:00.000000000 +0100
+++ ldb-2.2.0/debian/patches/ldb-add-tests-for-ldb_wildcard_compare.patch 2021-03-26 19:06:48.000000000 +0100
@@ -0,0 +1,174 @@
+From: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
+Date: Fri, 5 Mar 2021 15:47:56 +1300
+Subject: ldb: add tests for ldb_wildcard_compare
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+Origin: https://git.samba.org/?p=samba.git;a=commitdiff;h=33a95a1e75b85e9795c4490b78ead2162e2a1f47
+
+BUG: https://bugzilla.samba.org/show_bug.cgi?id=14044
+
+Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
+Reviewed-by: Bj??rn Jacke <bjacke at samba.org>
+Reviewed-by: Andrew Bartlett <abartlet at samba.org>
+---
+ lib/ldb/tests/ldb_match_test.c | 134 ++++++++++++++++++++++++++++++---
+ 1 file changed, 124 insertions(+), 10 deletions(-)
+
+--- a/tests/ldb_match_test.c
++++ b/tests/ldb_match_test.c
+@@ -91,6 +91,33 @@ static int teardown(void **state)
+ return 0;
+ }
+
++static void escape_string(uint8_t *buf, size_t buflen,
++ const uint8_t *s, size_t len)
++{
++ size_t i;
++ size_t j = 0;
++ for (i = 0; i < len; i++) {
++ if (j == buflen - 1) {
++ goto fin;
++ }
++ if (s[i] >= 0x20) {
++ buf[j] = s[i];
++ j++;
++ } else {
++ if (j >= buflen - 4) {
++ goto fin;
++ }
++ /* utf-8 control char representation */
++ buf[j] = 0xE2;
++ buf[j + 1] = 0x90;
++ buf[j + 2] = 0x80 + s[i];
++ j+= 3;
++ }
++ }
++fin:
++ buf[j] = 0;
++}
++
+
+ /*
+ * The wild card pattern "attribute=*" is parsed as an LDB_OP_PRESENT operation
+@@ -122,23 +149,110 @@ static void test_wildcard_match_star(voi
+ * Test basic wild card matching
+ *
+ */
++struct wildcard_test {
++ uint8_t *val;
++ size_t val_size;
++ const char *search;
++ bool should_match;
++ bool fold;
++};
++
++/*
++ * Q: Why this macro rather than plain struct values?
++ * A: So we can get the size of the const char[] value while it is still a
++ * true array, not a pointer.
++ *
++ * Q: but why not just use strlen?
++ * A: so values can contain '\0', which we supposedly allow.
++ */
++
++#define TEST_ENTRY(val, search, should_match, fold) \
++ { \
++ (uint8_t*)discard_const(val), \
++ sizeof(val) - 1, \
++ search, \
++ should_match, \
++ fold \
++ }
++
+ static void test_wildcard_match(void **state)
+ {
+ struct ldbtest_ctx *ctx = *state;
+- bool matched = false;
+-
+- uint8_t value[] = "The value.......end";
+- struct ldb_val val = {
+- .data = value,
+- .length = (sizeof(value))
++ size_t failed = 0;
++ size_t i;
++ struct wildcard_test tests[] = {
++ TEST_ENTRY("The value.......end", "*end", true, true),
++ TEST_ENTRY("The value.......end", "*fend", false, true),
++ TEST_ENTRY("The value.......end", "*eel", false, true),
++ TEST_ENTRY("The value.......end", "*d", true, true),
++ TEST_ENTRY("The value.......end", "*D*", true, true),
++ TEST_ENTRY("The value.......end", "*e*d*", true, true),
++ TEST_ENTRY("end", "*e*d*", true, true),
++ TEST_ENTRY("end", " *e*d*", true, true),
++ TEST_ENTRY("1.0.0.0.0.0.0.0aaaaaaaaaaaa", "*aaaaa", true, true),
++ TEST_ENTRY("1.0..0.0.0.0.0.0.0aAaaaAAAAAAA", "*a", true, true),
++ TEST_ENTRY("1.0.0.0.0.0.0.0.0.0.0aaaa", "*aaaaa", false, true),
++ TEST_ENTRY("1.0.0.0.0.0.0.0.0.0.0", "*0.0", true, true),
++ TEST_ENTRY("1.0.0.0.0.0.0.0.0.0.0", "*0.0.0", true, true),
++ TEST_ENTRY("1.0.0.0.0.0.0.0.0.0", "1*0*0*0*0*0*0*0*0*0", true,
++ true),
++ TEST_ENTRY("1.0.0.0.0.0.0.0.0", "1*0*0*0*0*0*0*0*0*0", false,
++ true),
++ TEST_ENTRY("1.0.0.0.000.0.0.0.0", "1*0*0*0*0*0*0*0*0*0", true,
++ true),
++ TEST_ENTRY("1\n0\r0\t000.0.0.0.0", "1*0*0*0*0*0*0*0*0", true,
++ true),
++ /*
++ * We allow NUL bytes in non-casefolding syntaxes.
++ */
++ TEST_ENTRY("1\x00 x", "1*x", true, false),
++ TEST_ENTRY("1\x00 x", "*x", true, false),
++ TEST_ENTRY("1\x00 x", "*x*", true, false),
++ TEST_ENTRY("1\x00 x", "* *", true, false),
++ TEST_ENTRY("1\x00 x", "1*", true, false),
++ TEST_ENTRY("1\x00 b* x", "1*b*", true, false),
++ TEST_ENTRY("1.0..0.0.0.0.0.0.0aAaaaAAAAAAA", "*a", false, false),
+ };
+- struct ldb_parse_tree *tree = ldb_parse_tree(ctx, "objectClass=*end");
+- assert_non_null(tree);
+
+- ldb_wildcard_compare(ctx->ldb, tree, val, &matched);
+- assert_true(matched);
++ for (i = 0; i < ARRAY_SIZE(tests); i++) {
++ bool matched;
++ int ret;
++ struct ldb_val val = {
++ .data = (uint8_t *)tests[i].val,
++ .length = tests[i].val_size
++ };
++ const char *attr = tests[i].fold ? "objectclass" : "birthLocation";
++ const char *s = talloc_asprintf(ctx, "%s=%s",
++ attr, tests[i].search);
++ struct ldb_parse_tree *tree = ldb_parse_tree(ctx, s);
++ assert_non_null(tree);
++ ret = ldb_wildcard_compare(ctx->ldb, tree, val, &matched);
++ if (ret != LDB_SUCCESS) {
++ uint8_t buf[100];
++ escape_string(buf, sizeof(buf),
++ tests[i].val, tests[i].val_size);
++ print_error("%zu val: ??%s??, search ??%s?? FAILED with %d\n",
++ i, buf, tests[i].search, ret);
++ failed++;
++ }
++ if (matched != tests[i].should_match) {
++ uint8_t buf[100];
++ escape_string(buf, sizeof(buf),
++ tests[i].val, tests[i].val_size);
++ print_error("%zu val: ??%s??, search ??%s?? should %s\n",
++ i, buf, tests[i].search,
++ matched ? "not match" : "match");
++ failed++;
++ }
++ }
++ if (failed != 0) {
++ fail_msg("wrong results for %zu/%zu wildcard searches\n",
++ failed, ARRAY_SIZE(tests));
++ }
+ }
+
++#undef TEST_ENTRY
++
+
+ /*
+ * ldb_handler_copy and ldb_val_dup over allocate by one and add a trailing '\0'
diff -Nru ldb-2.2.0/debian/patches/series ldb-2.2.0/debian/patches/series
--- ldb-2.2.0/debian/patches/series 2020-11-10 16:47:43.000000000 +0100
+++ ldb-2.2.0/debian/patches/series 2021-03-26 19:06:48.000000000 +0100
@@ -3,3 +3,9 @@
Skip-test_guid_indexed_v1_db-on-mips64el-ppc64el-ia6.patch
Fix-FTBFS-Increase-the-over-estimation-for-sparse-fi.patch
Skip-ldb_lmdb_free_list_test-on-ppc64el-ppc64-and-sp.patch
+CVE-2020-27840-ldb_dn-avoid-head-corruption-in-ldb_d.patch
+CVE-2020-27840-pytests-move-Dn.validate-test-to-ldb.patch
+CVE-2021-20277-ldb-attrib_handlers-casefold-stay-in-.patch
+ldb-add-tests-for-ldb_wildcard_compare.patch
+CVE-2021-20277-ldb-tests-ldb_match-tests-with-extra-.patch
+ldb-Remove-tests-from-ldb_match_test-that-do-not-pas.patch
More information about the Pkg-samba-maint
mailing list