Hi The correct debdiff is attached.
Regards, Salvatore
diff -Nru ldb-2.2.0/debian/changelog ldb-2.2.0/debian/changelog --- ldb-2.2.0/debian/changelog 2020-11-18 20:33:02.000000000 +0100 +++ ldb-2.2.0/debian/changelog 2021-03-26 19:52:18.000000000 +0100 @@ -1,3 +1,17 @@ +ldb (2:2.2.0-3.1) unstable; urgency=medium + + * Non-maintainer upload. + * ldb_dn: avoid head corruption in ldb_dn_explode (CVE-2020-27840) + (Closes: #985936) + * pytests: move Dn.validate test to ldb + * ldb/attrib_handlers casefold: stay in bounds (CVE-2021-20277) + (Closes: #985935) + * ldb: add tests for ldb_wildcard_compare + * ldb tests: ldb_match tests with extra spaces + * ldb: Remove tests from ldb_match_test that do not pass + + -- Salvatore Bonaccorso <car...@debian.org> Fri, 26 Mar 2021 19:52:18 +0100 + ldb (2:2.2.0-3) unstable; urgency=medium * Upload to unstable diff -Nru ldb-2.2.0/debian/patches/CVE-2020-27840-ldb_dn-avoid-head-corruption-in-ldb_d.patch ldb-2.2.0/debian/patches/CVE-2020-27840-ldb_dn-avoid-head-corruption-in-ldb_d.patch --- ldb-2.2.0/debian/patches/CVE-2020-27840-ldb_dn-avoid-head-corruption-in-ldb_d.patch 1970-01-01 01:00:00.000000000 +0100 +++ ldb-2.2.0/debian/patches/CVE-2020-27840-ldb_dn-avoid-head-corruption-in-ldb_d.patch 2021-03-26 13:47:14.000000000 +0100 @@ -0,0 +1,104 @@ +From: Douglas Bagnall <douglas.bagn...@catalyst.net.nz> +Date: Fri, 11 Dec 2020 16:32:25 +1300 +Subject: CVE-2020-27840 ldb_dn: avoid head corruption in ldb_dn_explode +Origin: https://git.samba.org/?p=samba.git;a=commitdiff;h=dbb3e65f7e382adf5fa6a6afb3d8684aca3f201a +Bug: https://bugzilla.samba.org/show_bug.cgi?id=14595 +Bug-Debian: https://bugs.debian.org/985936 +Bug-Debian-Security: https://security-tracker.debian.org/tracker/CVE-2020-27840 + +A DN string with lots of trailing space can cause ldb_dn_explode() to +put a zero byte in the wrong place in the heap. + +When a DN string has a value represented with trailing spaces, +like this + + "CN=foo ,DC=bar" + +the whitespace is supposed to be ignored. We keep track of this in the +`t` pointer, which is NULL when we are not walking through trailing +spaces, and points to the first space when we are. We are walking with +the `p` pointer, writing the value to `d`, and keeping the length in +`l`. + + "CN=foo ,DC= " ==> "foo " + ^ ^ ^ + t p d + --l--- + +The value is finished when we encounter a comma or the end of the +string. If `t` is not NULL at that point, we assume there are trailing +spaces and wind `d and `l` back by the correct amount. Then we switch +to expecting an attribute name (e.g. "CN"), until we get to an "=", +which puts us back into looking for a value. + +Unfortunately, we forget to immediately tell `t` that we'd finished +the last value, we can end up like this: + + "CN=foo ,DC= " ==> "" + ^ ^ ^ + t p d + l=0 + +where `p` is pointing to a new value that contains only spaces, while +`t` is still referring to the old value. `p` notices the value ends, +and we subtract `p - t` from `d`: + + "CN=foo ,DC= " ==> ? "" + ^ ^ ^ + t p d + l ~= SIZE_MAX - 8 + +At that point `d` wants to terminate its string with a '\0', but +instead it terminates someone else's byte. This does not crash if the +number of trailing spaces is small, as `d` will point into a previous +value (a copy of "foo" in this example). Corrupting that value will +ultimately not matter, as we will soon try to allocate a buffer `l` +long, which will be greater than the available memory and the whole +operation will fail properly. + +However, with more spaces, `d` will point into memory before the +beginning of the allocated buffer, with the exact offset depending on +the length of the earlier attributes and the number of spaces. + +What about a longer DN with more attributes? For example, +"CN=foo ,DC= ,DC=example,DC=com" -- since `d` has moved out of +bounds, won't we continue to use it and write more DN values into +mystery memory? Fortunately not, because the aforementioned allocation +of `l` bytes must happen first, and `l` is now huge. The allocation +happens in a talloc_memdup(), which is by default restricted to +allocating 256MB. + +So this allows a person who controls a string parsed by ldb_dn_explode +to corrupt heap memory by placing a single zero byte at a chosen +offset before the allocated buffer. + +An LDAP bind request can send a string DN as a username. This DN is +necessarily parsed before the password is checked, so an attacker does +not need proper credentials. The attacker can easily cause a denial of +service and we cannot rule out more subtle attacks. + +The immediate solution is to reset `t` to NULL when a comma is +encountered, indicating that we are no longer looking at trailing +whitespace. + +Found with the help of Honggfuzz. + +BUG: https://bugzilla.samba.org/show_bug.cgi?id=14595 + +Signed-off-by: Douglas Bagnall <douglas.bagn...@catalyst.net.nz> +Reviewed-by: Andrew Bartlett <abart...@samba.org> +--- + lib/ldb/common/ldb_dn.c | 1 + + selftest/knownfail.d/python-segfaults | 1 - + 2 files changed, 1 insertion(+), 1 deletion(-) + +--- a/common/ldb_dn.c ++++ b/common/ldb_dn.c +@@ -570,6 +570,7 @@ static bool ldb_dn_explode(struct ldb_dn + /* trim back */ + d -= (p - t); + l -= (p - t); ++ t = NULL; + } + + in_attr = true; diff -Nru ldb-2.2.0/debian/patches/CVE-2020-27840-pytests-move-Dn.validate-test-to-ldb.patch ldb-2.2.0/debian/patches/CVE-2020-27840-pytests-move-Dn.validate-test-to-ldb.patch --- ldb-2.2.0/debian/patches/CVE-2020-27840-pytests-move-Dn.validate-test-to-ldb.patch 1970-01-01 01:00:00.000000000 +0100 +++ ldb-2.2.0/debian/patches/CVE-2020-27840-pytests-move-Dn.validate-test-to-ldb.patch 2021-03-26 16:09:39.000000000 +0100 @@ -0,0 +1,79 @@ +From: Douglas Bagnall <douglas.bagn...@catalyst.net.nz> +Date: Thu, 11 Feb 2021 16:28:43 +1300 +Subject: CVE-2020-27840: pytests: move Dn.validate test to ldb +Origin: https://git.samba.org/?p=samba.git;a=commitdiff;h=9532c44baea130db74f866e1472cb871936cd3dd + +We had the test in the Samba Python segfault suite because +a) the signal catching infrastructure was there, and +b) the ldb tests lack Samba's knownfail mechanism, which allowed us to + assert the failure. + +BUG: https://bugzilla.samba.org/show_bug.cgi?id=14595 + +Signed-off-by: Douglas Bagnall <douglas.bagn...@catalyst.net.nz> +Reviewed-by: Andrew Bartlett <abart...@samba.org> +--- + lib/ldb/tests/python/crash.py | 45 ++++++++++++++++++++++++++++++++++ + lib/ldb/wscript | 1 + + python/samba/tests/segfault.py | 6 ----- + 3 files changed, 46 insertions(+), 6 deletions(-) + create mode 100644 lib/ldb/tests/python/crash.py + +--- /dev/null ++++ b/tests/python/crash.py +@@ -0,0 +1,45 @@ ++#!/usr/bin/env python3 ++# ++# Tests for crashing functions ++ ++import os ++from unittest import TestCase ++import os ++import sys ++import traceback ++ ++import ldb ++ ++ ++def segfault_detector(f): ++ def wrapper(*args, **kwargs): ++ pid = os.fork() ++ if pid == 0: ++ # child, crashing? ++ try: ++ f(*args, **kwargs) ++ except Exception as e: ++ traceback.print_exc() ++ sys.stderr.flush() ++ sys.stdout.flush() ++ os._exit(0) ++ ++ # parent, waiting ++ pid2, status = os.waitpid(pid, 0) ++ if os.WIFSIGNALED(status): ++ signal = os.WTERMSIG(status) ++ raise AssertionError("Failed with signal %d" % signal) ++ ++ return wrapper ++ ++ ++class LdbDnCrashTests(TestCase): ++ @segfault_detector ++ def test_ldb_dn_explode_crash(self): ++ for i in range(106, 150): ++ dn = ldb.Dn(ldb.Ldb(), "a=b%s,c= " % (' ' * i)) ++ dn.validate() ++ ++if __name__ == '__main__': ++ import unittest ++ unittest.TestProgram() +--- a/wscript ++++ b/wscript +@@ -618,6 +618,7 @@ def test(ctx): + os.mkdir(tmp_dir) + pyret = samba_utils.RUN_PYTHON_TESTS( + ['tests/python/api.py', ++ 'tests/python/crash.py', + 'tests/python/index.py', + 'tests/python/repack.py'], + extra_env={'SELFTEST_PREFIX': test_prefix}) diff -Nru ldb-2.2.0/debian/patches/CVE-2021-20277-ldb-attrib_handlers-casefold-stay-in-.patch ldb-2.2.0/debian/patches/CVE-2021-20277-ldb-attrib_handlers-casefold-stay-in-.patch --- ldb-2.2.0/debian/patches/CVE-2021-20277-ldb-attrib_handlers-casefold-stay-in-.patch 1970-01-01 01:00:00.000000000 +0100 +++ ldb-2.2.0/debian/patches/CVE-2021-20277-ldb-attrib_handlers-casefold-stay-in-.patch 2021-03-26 16:09:39.000000000 +0100 @@ -0,0 +1,30 @@ +From: Douglas Bagnall <douglas.bagn...@catalyst.net.nz> +Date: Tue, 8 Dec 2020 21:32:09 +1300 +Subject: CVE-2021-20277 ldb/attrib_handlers casefold: stay in bounds +Origin: https://git.samba.org/?p=samba.git;a=commitdiff;h=1fe8c790b2294fd10fe9c9c6254ecf2b6c00b709 +Bug-Debian-Security: https://security-tracker.debian.org/tracker/CVE-2021-20277 +Bug-Debian: https://bugs.debian.org/985935 +Bug: https://bugzilla.samba.org/show_bug.cgi?id=14655 + +For a string that had N spaces at the beginning, we would +try to move N bytes beyond the end of the string. + +BUG: https://bugzilla.samba.org/show_bug.cgi?id=14655 + +Signed-off-by: Douglas Bagnall <douglas.bagn...@catalyst.net.nz> +Reviewed-by: Andrew Bartlett <abart...@samba.org> +--- + lib/ldb/common/attrib_handlers.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +--- a/common/attrib_handlers.c ++++ b/common/attrib_handlers.c +@@ -76,7 +76,7 @@ int ldb_handler_fold(struct ldb_context + + /* remove leading spaces if any */ + if (*s == ' ') { +- for (t = s; *s == ' '; s++) ; ++ for (t = s; *s == ' '; s++, l--) ; + + /* remove leading spaces by moving down the string */ + memmove(t, s, l); diff -Nru ldb-2.2.0/debian/patches/CVE-2021-20277-ldb-tests-ldb_match-tests-with-extra-.patch ldb-2.2.0/debian/patches/CVE-2021-20277-ldb-tests-ldb_match-tests-with-extra-.patch --- ldb-2.2.0/debian/patches/CVE-2021-20277-ldb-tests-ldb_match-tests-with-extra-.patch 1970-01-01 01:00:00.000000000 +0100 +++ ldb-2.2.0/debian/patches/CVE-2021-20277-ldb-tests-ldb_match-tests-with-extra-.patch 2021-03-26 19:06:48.000000000 +0100 @@ -0,0 +1,43 @@ +From: Douglas Bagnall <douglas.bagn...@catalyst.net.nz> +Date: Fri, 5 Mar 2021 20:13:01 +1300 +Subject: CVE-2021-20277 ldb tests: ldb_match tests with extra spaces +Origin: https://git.samba.org/?p=samba.git;a=commitdiff;h=ea4bd2c437fbb5801fb82e2a038d9cdb5abea4c0 + +BUG: https://bugzilla.samba.org/show_bug.cgi?id=14655 + +Signed-off-by: Douglas Bagnall <douglas.bagn...@catalyst.net.nz> +Reviewed-by: Andrew Bartlett <abart...@samba.org> +--- + lib/ldb/tests/ldb_match_test.c | 8 +++++++- + 1 file changed, 7 insertions(+), 1 deletion(-) + +diff --git a/lib/ldb/tests/ldb_match_test.c b/lib/ldb/tests/ldb_match_test.c +index 3028aed072c6..ba6ea56be158 100644 +--- a/tests/ldb_match_test.c ++++ b/tests/ldb_match_test.c +@@ -181,6 +181,8 @@ static void test_wildcard_match(void **state) + size_t failed = 0; + size_t i; + struct wildcard_test tests[] = { ++ TEST_ENTRY(" 1 0", "1*0*", true, true), ++ TEST_ENTRY(" 1 0", "1 *0", true, true), + TEST_ENTRY("The value.......end", "*end", true, true), + TEST_ENTRY("The value.......end", "*fend", false, true), + TEST_ENTRY("The value.......end", "*eel", false, true), +@@ -203,8 +205,12 @@ static void test_wildcard_match(void **state) + TEST_ENTRY("1\n0\r0\t000.0.0.0.0", "1*0*0*0*0*0*0*0*0", true, + true), + /* +- * We allow NUL bytes in non-casefolding syntaxes. ++ * We allow NUL bytes and redundant spaces in non-casefolding ++ * syntaxes. + */ ++ TEST_ENTRY(" 1 0", "*1 0", true, false), ++ TEST_ENTRY(" 1 0", "*1 0", true, false), ++ TEST_ENTRY("1 0", "*1 0", false, false), + TEST_ENTRY("1\x00 x", "1*x", true, false), + TEST_ENTRY("1\x00 x", "*x", true, false), + TEST_ENTRY("1\x00 x", "*x*", true, false), +-- +2.20.1 + diff -Nru ldb-2.2.0/debian/patches/ldb-Remove-tests-from-ldb_match_test-that-do-not-pas.patch ldb-2.2.0/debian/patches/ldb-Remove-tests-from-ldb_match_test-that-do-not-pas.patch --- ldb-2.2.0/debian/patches/ldb-Remove-tests-from-ldb_match_test-that-do-not-pas.patch 1970-01-01 01:00:00.000000000 +0100 +++ ldb-2.2.0/debian/patches/ldb-Remove-tests-from-ldb_match_test-that-do-not-pas.patch 2021-03-26 19:06:48.000000000 +0100 @@ -0,0 +1,26 @@ +From 2712e2d68852bbca0809b034c95906d27d97045e Mon Sep 17 00:00:00 2001 +From: Salvatore Bonaccorso <car...@debian.org> +Date: Fri, 26 Mar 2021 16:36:28 +0100 +Subject: ldb: Remove tests from ldb_match_test that do not pass + +Remove the failing thest that do not part because our version do not +contain the fixes for upstream bug +https://bugzilla.samba.org/show_bug.cgi?id=14044 +--- + lib/ldb/tests/ldb_match_test.c | 2 -- + 1 file changed, 2 deletions(-) + +--- a/tests/ldb_match_test.c ++++ b/tests/ldb_match_test.c +@@ -191,11 +191,9 @@ static void test_wildcard_match(void **s + TEST_ENTRY("The value.......end", "*e*d*", true, true), + TEST_ENTRY("end", "*e*d*", true, true), + TEST_ENTRY("end", " *e*d*", true, true), +- TEST_ENTRY("1.0.0.0.0.0.0.0aaaaaaaaaaaa", "*aaaaa", true, true), + TEST_ENTRY("1.0..0.0.0.0.0.0.0aAaaaAAAAAAA", "*a", true, true), + TEST_ENTRY("1.0.0.0.0.0.0.0.0.0.0aaaa", "*aaaaa", false, true), + TEST_ENTRY("1.0.0.0.0.0.0.0.0.0.0", "*0.0", true, true), +- TEST_ENTRY("1.0.0.0.0.0.0.0.0.0.0", "*0.0.0", true, true), + TEST_ENTRY("1.0.0.0.0.0.0.0.0.0", "1*0*0*0*0*0*0*0*0*0", true, + true), + TEST_ENTRY("1.0.0.0.0.0.0.0.0", "1*0*0*0*0*0*0*0*0*0", false, diff -Nru ldb-2.2.0/debian/patches/ldb-add-tests-for-ldb_wildcard_compare.patch ldb-2.2.0/debian/patches/ldb-add-tests-for-ldb_wildcard_compare.patch --- ldb-2.2.0/debian/patches/ldb-add-tests-for-ldb_wildcard_compare.patch 1970-01-01 01:00:00.000000000 +0100 +++ ldb-2.2.0/debian/patches/ldb-add-tests-for-ldb_wildcard_compare.patch 2021-03-26 19:06:48.000000000 +0100 @@ -0,0 +1,174 @@ +From: Douglas Bagnall <douglas.bagn...@catalyst.net.nz> +Date: Fri, 5 Mar 2021 15:47:56 +1300 +Subject: ldb: add tests for ldb_wildcard_compare +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit +Origin: https://git.samba.org/?p=samba.git;a=commitdiff;h=33a95a1e75b85e9795c4490b78ead2162e2a1f47 + +BUG: https://bugzilla.samba.org/show_bug.cgi?id=14044 + +Signed-off-by: Douglas Bagnall <douglas.bagn...@catalyst.net.nz> +Reviewed-by: Bj??rn Jacke <bja...@samba.org> +Reviewed-by: Andrew Bartlett <abart...@samba.org> +--- + lib/ldb/tests/ldb_match_test.c | 134 ++++++++++++++++++++++++++++++--- + 1 file changed, 124 insertions(+), 10 deletions(-) + +--- a/tests/ldb_match_test.c ++++ b/tests/ldb_match_test.c +@@ -91,6 +91,33 @@ static int teardown(void **state) + return 0; + } + ++static void escape_string(uint8_t *buf, size_t buflen, ++ const uint8_t *s, size_t len) ++{ ++ size_t i; ++ size_t j = 0; ++ for (i = 0; i < len; i++) { ++ if (j == buflen - 1) { ++ goto fin; ++ } ++ if (s[i] >= 0x20) { ++ buf[j] = s[i]; ++ j++; ++ } else { ++ if (j >= buflen - 4) { ++ goto fin; ++ } ++ /* utf-8 control char representation */ ++ buf[j] = 0xE2; ++ buf[j + 1] = 0x90; ++ buf[j + 2] = 0x80 + s[i]; ++ j+= 3; ++ } ++ } ++fin: ++ buf[j] = 0; ++} ++ + + /* + * The wild card pattern "attribute=*" is parsed as an LDB_OP_PRESENT operation +@@ -122,23 +149,110 @@ static void test_wildcard_match_star(voi + * Test basic wild card matching + * + */ ++struct wildcard_test { ++ uint8_t *val; ++ size_t val_size; ++ const char *search; ++ bool should_match; ++ bool fold; ++}; ++ ++/* ++ * Q: Why this macro rather than plain struct values? ++ * A: So we can get the size of the const char[] value while it is still a ++ * true array, not a pointer. ++ * ++ * Q: but why not just use strlen? ++ * A: so values can contain '\0', which we supposedly allow. ++ */ ++ ++#define TEST_ENTRY(val, search, should_match, fold) \ ++ { \ ++ (uint8_t*)discard_const(val), \ ++ sizeof(val) - 1, \ ++ search, \ ++ should_match, \ ++ fold \ ++ } ++ + static void test_wildcard_match(void **state) + { + struct ldbtest_ctx *ctx = *state; +- bool matched = false; +- +- uint8_t value[] = "The value.......end"; +- struct ldb_val val = { +- .data = value, +- .length = (sizeof(value)) ++ size_t failed = 0; ++ size_t i; ++ struct wildcard_test tests[] = { ++ TEST_ENTRY("The value.......end", "*end", true, true), ++ TEST_ENTRY("The value.......end", "*fend", false, true), ++ TEST_ENTRY("The value.......end", "*eel", false, true), ++ TEST_ENTRY("The value.......end", "*d", true, true), ++ TEST_ENTRY("The value.......end", "*D*", true, true), ++ TEST_ENTRY("The value.......end", "*e*d*", true, true), ++ TEST_ENTRY("end", "*e*d*", true, true), ++ TEST_ENTRY("end", " *e*d*", true, true), ++ TEST_ENTRY("1.0.0.0.0.0.0.0aaaaaaaaaaaa", "*aaaaa", true, true), ++ TEST_ENTRY("1.0..0.0.0.0.0.0.0aAaaaAAAAAAA", "*a", true, true), ++ TEST_ENTRY("1.0.0.0.0.0.0.0.0.0.0aaaa", "*aaaaa", false, true), ++ TEST_ENTRY("1.0.0.0.0.0.0.0.0.0.0", "*0.0", true, true), ++ TEST_ENTRY("1.0.0.0.0.0.0.0.0.0.0", "*0.0.0", true, true), ++ TEST_ENTRY("1.0.0.0.0.0.0.0.0.0", "1*0*0*0*0*0*0*0*0*0", true, ++ true), ++ TEST_ENTRY("1.0.0.0.0.0.0.0.0", "1*0*0*0*0*0*0*0*0*0", false, ++ true), ++ TEST_ENTRY("1.0.0.0.000.0.0.0.0", "1*0*0*0*0*0*0*0*0*0", true, ++ true), ++ TEST_ENTRY("1\n0\r0\t000.0.0.0.0", "1*0*0*0*0*0*0*0*0", true, ++ true), ++ /* ++ * We allow NUL bytes in non-casefolding syntaxes. ++ */ ++ TEST_ENTRY("1\x00 x", "1*x", true, false), ++ TEST_ENTRY("1\x00 x", "*x", true, false), ++ TEST_ENTRY("1\x00 x", "*x*", true, false), ++ TEST_ENTRY("1\x00 x", "* *", true, false), ++ TEST_ENTRY("1\x00 x", "1*", true, false), ++ TEST_ENTRY("1\x00 b* x", "1*b*", true, false), ++ TEST_ENTRY("1.0..0.0.0.0.0.0.0aAaaaAAAAAAA", "*a", false, false), + }; +- struct ldb_parse_tree *tree = ldb_parse_tree(ctx, "objectClass=*end"); +- assert_non_null(tree); + +- ldb_wildcard_compare(ctx->ldb, tree, val, &matched); +- assert_true(matched); ++ for (i = 0; i < ARRAY_SIZE(tests); i++) { ++ bool matched; ++ int ret; ++ struct ldb_val val = { ++ .data = (uint8_t *)tests[i].val, ++ .length = tests[i].val_size ++ }; ++ const char *attr = tests[i].fold ? "objectclass" : "birthLocation"; ++ const char *s = talloc_asprintf(ctx, "%s=%s", ++ attr, tests[i].search); ++ struct ldb_parse_tree *tree = ldb_parse_tree(ctx, s); ++ assert_non_null(tree); ++ ret = ldb_wildcard_compare(ctx->ldb, tree, val, &matched); ++ if (ret != LDB_SUCCESS) { ++ uint8_t buf[100]; ++ escape_string(buf, sizeof(buf), ++ tests[i].val, tests[i].val_size); ++ print_error("%zu val: ??%s??, search ??%s?? FAILED with %d\n", ++ i, buf, tests[i].search, ret); ++ failed++; ++ } ++ if (matched != tests[i].should_match) { ++ uint8_t buf[100]; ++ escape_string(buf, sizeof(buf), ++ tests[i].val, tests[i].val_size); ++ print_error("%zu val: ??%s??, search ??%s?? should %s\n", ++ i, buf, tests[i].search, ++ matched ? "not match" : "match"); ++ failed++; ++ } ++ } ++ if (failed != 0) { ++ fail_msg("wrong results for %zu/%zu wildcard searches\n", ++ failed, ARRAY_SIZE(tests)); ++ } + } + ++#undef TEST_ENTRY ++ + + /* + * ldb_handler_copy and ldb_val_dup over allocate by one and add a trailing '\0' diff -Nru ldb-2.2.0/debian/patches/series ldb-2.2.0/debian/patches/series --- ldb-2.2.0/debian/patches/series 2020-11-10 16:47:43.000000000 +0100 +++ ldb-2.2.0/debian/patches/series 2021-03-26 19:06:48.000000000 +0100 @@ -3,3 +3,9 @@ Skip-test_guid_indexed_v1_db-on-mips64el-ppc64el-ia6.patch Fix-FTBFS-Increase-the-over-estimation-for-sparse-fi.patch Skip-ldb_lmdb_free_list_test-on-ppc64el-ppc64-and-sp.patch +CVE-2020-27840-ldb_dn-avoid-head-corruption-in-ldb_d.patch +CVE-2020-27840-pytests-move-Dn.validate-test-to-ldb.patch +CVE-2021-20277-ldb-attrib_handlers-casefold-stay-in-.patch +ldb-add-tests-for-ldb_wildcard_compare.patch +CVE-2021-20277-ldb-tests-ldb_match-tests-with-extra-.patch +ldb-Remove-tests-from-ldb_match_test-that-do-not-pas.patch
