From 65e099b17d99136686ac3ce2299b1f68cc72bb9c Mon Sep 17 00:00:00 2001 From: CentOS Sources Date: Jul 14 2020 01:31:30 +0000 Subject: import libldb-2.1.3-2.el8 --- diff --git a/.gitignore b/.gitignore index f89096c..34df9ff 100644 --- a/.gitignore +++ b/.gitignore @@ -1 +1 @@ -SOURCES/ldb-2.0.7.tar.gz +SOURCES/ldb-2.1.3.tar.gz diff --git a/.libldb.metadata b/.libldb.metadata index bbbfa05..d0974dd 100644 --- a/.libldb.metadata +++ b/.libldb.metadata @@ -1 +1 @@ -f80b43fd7461fccfd14d9f81eb83c3bd1543940f SOURCES/ldb-2.0.7.tar.gz +06d1c8457e56b2df26cec16253a62acc789aa6fb SOURCES/ldb-2.1.3.tar.gz diff --git a/SOURCES/CVE-2020-10730.patch b/SOURCES/CVE-2020-10730.patch new file mode 100644 index 0000000..cd6e8f4 --- /dev/null +++ b/SOURCES/CVE-2020-10730.patch @@ -0,0 +1,48 @@ +From 3bdc110e167d7e0f20022dea48ec51b1f46369cb Mon Sep 17 00:00:00 2001 +From: Gary Lockyer +Date: Wed, 13 May 2020 10:56:56 +1200 +Subject: [PATCH 10/11] CVE-2020-10730: lib ldb: Check if + ldb_lock_backend_callback called twice + +Prevent use after free issues if ldb_lock_backend_callback is called +twice, usually due to ldb_module_done being called twice. This can happen if a +module ignores the return value from function a function that calls +ldb_module_done as part of it's error handling. + +BUG: https://bugzilla.samba.org/show_bug.cgi?id=14364 + +Signed-off-by: Gary Lockyer +Reviewed-by: Andrew Bartlett +--- + lib/ldb/common/ldb.c | 9 ++++++++- + 1 file changed, 8 insertions(+), 1 deletion(-) + +diff --git a/lib/ldb/common/ldb.c b/lib/ldb/common/ldb.c +index 44a487ba987..090d41dde69 100644 +--- a/lib/ldb/common/ldb.c ++++ b/lib/ldb/common/ldb.c +@@ -1009,6 +1009,13 @@ static int ldb_lock_backend_callback(struct ldb_request *req, + struct ldb_db_lock_context *lock_context; + int ret; + ++ if (req->context == NULL) { ++ /* ++ * The usual way to get here is to ignore the return codes ++ * and continuing processing after an error. ++ */ ++ abort(); ++ } + lock_context = talloc_get_type(req->context, + struct ldb_db_lock_context); + +@@ -1023,7 +1030,7 @@ static int ldb_lock_backend_callback(struct ldb_request *req, + * If this is a LDB_REPLY_DONE or an error, unlock the + * DB by calling the destructor on this context + */ +- talloc_free(lock_context); ++ TALLOC_FREE(req->context); + return ret; + } + +-- +2.17.1 diff --git a/SPECS/libldb.spec b/SPECS/libldb.spec index 594277f..79fb76c 100644 --- a/SPECS/libldb.spec +++ b/SPECS/libldb.spec @@ -1,10 +1,10 @@ -%global talloc_version 2.2.0 -%global tdb_version 1.4.2 -%global tevent_version 0.10.0 +%global talloc_version 2.3.1 +%global tdb_version 1.4.3 +%global tevent_version 0.10.2 Name: libldb -Version: 2.0.7 -Release: 3%{?dist} +Version: 2.1.3 +Release: 2%{?dist} Summary: A schema-less, ldap like, API and database Requires: libtalloc%{?_isa} >= %{talloc_version} Requires: libtdb%{?_isa} >= %{tdb_version} @@ -42,6 +42,8 @@ Obsoletes: python2-ldb-debuginfo < %{version}-%{release} # Patches +Patch0001: CVE-2020-10730.patch + %description An extensible library that implements an LDAP like API to access remote LDAP servers, or use local tdb databases. @@ -85,7 +87,7 @@ Obsoletes: python-ldb-devel-common < %{version}-%{release} Development files for the Python bindings for the LDB library %prep -%autosetup -n ldb-%{version} -p1 +%autosetup -n ldb-%{version} -p3 %build %configure --disable-rpath \ @@ -178,6 +180,12 @@ rm -f $RPM_BUILD_ROOT/%{_mandir}/man3/_* %ldconfig_scriptlets -n python3-ldb %changelog +* Wed Jun 24 2020 Isaac Boukris - 2.1.3-2 +- Resolves: rhbz#1849615 - Fix CVE-2020-10730 use-after-free + +* Tue Jun 2 2020 Isaac Boukris - 2.1.3-1 +- Resolves: rhbz#1817567 - Rebase libldb to 2.1.3 for samba + * Tue Nov 26 2019 Isaac Boukris - 2.0.7-3 - Resolves: rhbz#1754423 - Rebase libldb to 2.0.7 version for samba - Related: rhbz#1754423 - Fix sssd tests (ldb)