[Samba] libldb for security patch 4.12 backport?

Andrew Bartlett abartlet at samba.org
Thu Jul 28 18:27:04 UTC 2022 

On Thu, 2022-07-28 at 18:12 +0100, Rowland Penny via samba wrote:
> On Thu, 2022-07-28 at 16:37 +0000, Sri Nagasubramanian via samba
> wrote:
> > Hello,
> > 
> > I'm trying to build the 4.12 version of the new security patches
> > that
> > were kindly provided (for CVE-2022-2031<
> > https://www.samba.org/samba/security/CVE-2022-2031.html
> > >;, CVE-2022-
> > 32742<
> > https://www.samba.org/samba/security/CVE-2022-32742.html
> > >;,
> > CVE-2022-32744<
> > https://www.samba.org/samba/security/CVE-2022-32744.html
> > >;, CVE-2022-
> > 32745<
> > https://www.samba.org/samba/security/CVE-2022-32745.html
> > > and
> > CVE-2022-32746<
> > https://www.samba.org/samba/security/CVE-2022-32746.html
> > >
> > ), but am not able to use my usual build procedure because the
> > patches require libldb 2.1.6 and I haven't been able to locate the
> > source code for that.  I do see a reference that Andrew Bartlett
> > made
> > against one of the related Bugzilla cases (15096) that says that
> > the
> > 4.12-related ldb release is unofficial and not been released
> > upstream
> > - which would explain why I can't find it in my usual places.  Am I
> > misunderstanding how to proceed with the 4.12 patches (or perhaps
> > I'm
> > out of luck for now)?
> > 
> > Thanks,
> > Sri
> 
> It sounds like you are trying to build Samba 4.12.x with the new
> Patches, the supplied patches are for 4.14.14, 4.15.9 and 4.16.4,
> they
> may not apply to your version and will, as you have found out,
> require
> other packages to be updated.

In this case it is more that if building Samba to use a 'system ldb',
you would also need to build ldb from within the Samba tree, install
that, then build against it.

There isn't an ldb 2.1.6 tarball, but one could be created with the
'make dist' in lib/ldb of the patched tree if needed, but it might be
better to instead have Samba use an 'internal' ldb.

This reinforces why I think ldb should not be being released as a
distinct tarball, it just causes too much trouble at security release
time.

Andrew Bartlett


-- 
Andrew Bartlett (he/him)       https://samba.org/~abartlet/
Samba Team Member (since 2001) https://samba.org
Samba Team Lead, Catalyst IT   https://catalyst.net.nz/services/samba

Samba Development and Support, Catalyst IT - Expert Open Source
Solutions

More information about the samba mailing list