Sri Nagasubramanian
2022-Jul-28 16:37 UTC
[Samba] libldb for security patch 4.12 backport?
Hello, I'm trying to build the 4.12 version of the new security patches that were kindly provided (for CVE-2022-2031<https://www.samba.org/samba/security/CVE-2022-2031.html>, CVE-2022-32742<https://www.samba.org/samba/security/CVE-2022-32742.html>, CVE-2022-32744<https://www.samba.org/samba/security/CVE-2022-32744.html>, CVE-2022-32745<https://www.samba.org/samba/security/CVE-2022-32745.html> and CVE-2022-32746<https://www.samba.org/samba/security/CVE-2022-32746.html> ), but am not able to use my usual build procedure because the patches require libldb 2.1.6 and I haven't been able to locate the source code for that. I do see a reference that Andrew Bartlett made against one of the related Bugzilla cases (15096) that says that the 4.12-related ldb release is unofficial and not been released upstream - which would explain why I can't find it in my usual places. Am I misunderstanding how to proceed with the 4.12 patches (or perhaps I'm out of luck for now)? Thanks, Sri This e-mail message and all attachments transmitted with it may contain privileged and/or confidential information intended solely for the use of the addressee(s). If the reader of this message is not the intended recipient, you are hereby notified that any reading, dissemination, distribution, copying, forwarding or other use of this message or its attachments is strictly prohibited. If you have received this message in error, please notify the sender immediately and delete this message, all attachments and all copies and backups thereof.
On Thu, 2022-07-28 at 16:37 +0000, Sri Nagasubramanian via samba wrote:> Hello, > > I'm trying to build the 4.12 version of the new security patches that > were kindly provided (for CVE-2022-2031< > https://www.samba.org/samba/security/CVE-2022-2031.html>;, CVE-2022- > 32742<https://www.samba.org/samba/security/CVE-2022-32742.html>;, > CVE-2022-32744< > https://www.samba.org/samba/security/CVE-2022-32744.html>;, CVE-2022- > 32745<https://www.samba.org/samba/security/CVE-2022-32745.html> and > CVE-2022-32746< > https://www.samba.org/samba/security/CVE-2022-32746.html> > ), but am not able to use my usual build procedure because the > patches require libldb 2.1.6 and I haven't been able to locate the > source code for that. I do see a reference that Andrew Bartlett made > against one of the related Bugzilla cases (15096) that says that the > 4.12-related ldb release is unofficial and not been released upstream > - which would explain why I can't find it in my usual places. Am I > misunderstanding how to proceed with the 4.12 patches (or perhaps I'm > out of luck for now)? > > Thanks, > SriIt sounds like you are trying to build Samba 4.12.x with the new Patches, the supplied patches are for 4.14.14, 4.15.9 and 4.16.4, they may not apply to your version and will, as you have found out, require other packages to be updated. You do not say what OS you are using, but I suggest you contact your distro to see what plans they have for the security releases. Rowland
On Thu, 2022-07-28 at 16:37 +0000, Sri Nagasubramanian via samba wrote:> Hello, > I'm trying to build the 4.12 version of the new security patches that > were kindly provided (for CVE-2022-2031< > https://www.samba.org/samba/security/CVE-2022-2031.html>;, CVE-2022- > 32742<https://www.samba.org/samba/security/CVE-2022-32742.html>;, > CVE-2022-32744< > https://www.samba.org/samba/security/CVE-2022-32744.html>;, CVE-2022- > 32745<https://www.samba.org/samba/security/CVE-2022-32745.html> and > CVE-2022-32746< > https://www.samba.org/samba/security/CVE-2022-32746.html>;), but am > not able to use my usual build procedure because the patches require > libldb 2.1.6 and I haven't been able to locate the source code for > that. I do see a reference that Andrew Bartlett made against one of > the related Bugzilla cases (15096) that says that the 4.12-related > ldb release is unofficial and not been released upstream - which > would explain why I can't find it in my usual places. Am I > misunderstanding how to proceed with the 4.12 patches (or perhaps I'm > out of luck for now)? > Thanks,SriThanks, I should have clarified on the bug, as we had a similar question from the client we prepared those for: The Samba 4.12 patches are on top of this tag: https://gitlab.com/catalyst-samba/samba/-/tags/catalyst-4.12-backports-2022-02 You can download that tarball or extract the patches from git. Andrew Bartlett -- Andrew Bartlett (he/him) https://samba.org/~abartlet/Samba Team Member (since 2001) https://samba.orgSamba Team Lead, Catalyst IT https://catalyst.net.nz/services/samba Samba Development and Support, Catalyst IT - Expert Open SourceSolutions