Import from CS git

.gitignore

@@ -1,2 +1,2 @@
-SOURCES/ldb-2.2.0.tar.gz
+SOURCES/ldb-2.8.0.tar.gz
 SOURCES/ldb.keyring

.libldb.metadata

@@ -1,2 +1,2 @@
-7c6d0827a20195636fcd84d713eea278d39064d4 SOURCES/ldb-2.2.0.tar.gz
-8ac6d09878c4218fb8e365fcf5a877a621dd40f9 SOURCES/ldb.keyring
+cf5c3d8a15c0666cc980a8cf7227ae711664f5a3 SOURCES/ldb-2.8.0.tar.gz
+5d2957f5d63a72a6fc196af3e45242f3d321f6cf SOURCES/ldb.keyring

SOURCES/0001-PATCH-wafsamba-Fix-few-SyntaxWarnings-caused-by-regu.patch

@@ -1,195 +0,0 @@
-From d4e0a07a24c16b38de58c14a38b418c63106ad09 Mon Sep 17 00:00:00 2001
-From: Lukas Slebodnik <lslebodn@fedoraproject.org>
-Date: Sat, 24 Aug 2019 16:46:30 +0200
-Subject: [PATCH] [PATCH] wafsamba: Fix few SyntaxWarnings caused by regular 
- expressions
-
-./buildtools/wafsamba/samba_utils.py:258: SyntaxWarning: invalid escape sequence \$
-  lst = re.split('(\$\{\w+\})', string)
-./buildtools/wafsamba/samba_utils.py:261: SyntaxWarning: invalid escape sequence \$
-  if re.match('\$\{\w+\}', v):
-./buildtools/wafsamba/samba_cross.py:80: SyntaxWarning: invalid escape sequence \(
-  m = re.match('\(\s*(-?\d+)\s*,\s*\"(.*)\"\s*\)', ans)
-./buildtools/wafsamba/samba_conftests.py:400: SyntaxWarning: invalid escape sequence \s
-  m = re.search('MAN%sEXT\s+=\s+(\w+)' % section, man)
-./buildtools/wafsamba/samba_abi.py:24: SyntaxWarning: invalid escape sequence \$
-  sig = re.sub('^\$[0-9]+\s=\s\{(.+)\}$', r'\1', sig)
-./buildtools/wafsamba/samba_abi.py:25: SyntaxWarning: invalid escape sequence \$
-  sig = re.sub('^\$[0-9]+\s=\s\{(.+)\}(\s0x[0-9a-f]+\s<\w+>)+$', r'\1', sig)
-./buildtools/wafsamba/samba_abi.py:26: SyntaxWarning: invalid escape sequence \$
-  sig = re.sub('^\$[0-9]+\s=\s(0x[0-9a-f]+)\s?(<\w+>)?$', r'\1', sig)
-./buildtools/wafsamba/samba_abi.py:33: SyntaxWarning: invalid escape sequence \*
-  m = m.replace('*', '\*')
-./buildtools/wafsamba/samba_abi.py:44: SyntaxWarning: invalid escape sequence \s
-  sig = re.sub(',\s\.\.\.', '', sig)
-./buildtools/wafsamba/samba_headers.py:22: SyntaxWarning: invalid escape sequence \s
-  re_header = re.compile('^\s*#\s*include[ \t]*"([^"]+)"', re.I | re.M)
-./buildtools/wafsamba/symbols.py:122: SyntaxWarning: invalid escape sequence \[
-  re_sharedlib = re.compile(b'Shared library: \[(.*)\]')
-./buildtools/wafsamba/symbols.py:124: SyntaxWarning: invalid escape sequence \[
-  re_rpath     = re.compile(b'Library (rpath|runpath): \[(.*)\]')
-./buildtools/wafsamba/pkgconfig.py:12: SyntaxWarning: invalid escape sequence \w
-  a = re.split('(@\w+@)', s)
-./buildtools/wafsamba/pkgconfig.py:17: SyntaxWarning: invalid escape sequence \w
-  if re.match('@\w+@', v):
-./buildtools/wafsamba/configure_file.py:16: SyntaxWarning: invalid escape sequence \w
-  a = re.split('(@\w+@)', s)
-./buildtools/wafsamba/configure_file.py:19: SyntaxWarning: invalid escape sequence \w
-  if re.match('@\w+@', v):
----
- buildtools/wafsamba/configure_file.py  |  4 ++--
- buildtools/wafsamba/pkgconfig.py       |  4 ++--
- buildtools/wafsamba/samba_abi.py       | 12 ++++++------
- buildtools/wafsamba/samba_conftests.py |  2 +-
- buildtools/wafsamba/samba_cross.py     |  2 +-
- buildtools/wafsamba/samba_headers.py   |  2 +-
- buildtools/wafsamba/samba_utils.py     |  4 ++--
- buildtools/wafsamba/symbols.py         |  4 ++--
- 8 files changed, 17 insertions(+), 17 deletions(-)
-
-diff --git a/buildtools/wafsamba/configure_file.py b/buildtools/wafsamba/configure_file.py
-index 6ad43546249fba7b4c0a037035e8574e7a9d2753..98a58a4604513e3633317e73299c1c9280c250d2 100644
---- a/buildtools/wafsamba/configure_file.py
-+++ b/buildtools/wafsamba/configure_file.py
-@@ -13,10 +13,10 @@ def subst_at_vars(task):
-     s = task.inputs[0].read()
- 
-     # split on the vars
--    a = re.split('(@\w+@)', s)
-+    a = re.split(r'(@\w+@)', s)
-     out = []
-     for v in a:
--        if re.match('@\w+@', v):
-+        if re.match(r'@\w+@', v):
-             vname = v[1:-1]
-             if not vname in task.env and vname.upper() in task.env:
-                 vname = vname.upper()
-diff --git a/buildtools/wafsamba/pkgconfig.py b/buildtools/wafsamba/pkgconfig.py
-index b83d5f382a58352bb3318b594aa2b45fc02d87d5..b77bd618c8903789c7ba9e64a6972a4e080f1821 100644
---- a/buildtools/wafsamba/pkgconfig.py
-+++ b/buildtools/wafsamba/pkgconfig.py
-@@ -9,12 +9,12 @@ def subst_at_vars(task):
- 
-     s = task.inputs[0].read()
-     # split on the vars
--    a = re.split('(@\w+@)', s)
-+    a = re.split(r'(@\w+@)', s)
-     out = []
-     done_var = {}
-     back_sub = [ ('PREFIX', '${prefix}'), ('EXEC_PREFIX', '${exec_prefix}')]
-     for v in a:
--        if re.match('@\w+@', v):
-+        if re.match(r'@\w+@', v):
-             vname = v[1:-1]
-             if not vname in task.env and vname.upper() in task.env:
-                 vname = vname.upper()
-diff --git a/buildtools/wafsamba/samba_abi.py b/buildtools/wafsamba/samba_abi.py
-index 5e7686da3d68b1ebcd842b8a319a5997fa9cf600..761667fcfe1f3937be22c8261b45dcb3979ae4cd 100644
---- a/buildtools/wafsamba/samba_abi.py
-+++ b/buildtools/wafsamba/samba_abi.py
-@@ -21,16 +21,16 @@ version_key = lambda x: list(map(int, x.split(".")))
- def normalise_signature(sig):
-     '''normalise a signature from gdb'''
-     sig = sig.strip()
--    sig = re.sub('^\$[0-9]+\s=\s\{(.+)\}$', r'\1', sig)
--    sig = re.sub('^\$[0-9]+\s=\s\{(.+)\}(\s0x[0-9a-f]+\s<\w+>)+$', r'\1', sig)
--    sig = re.sub('^\$[0-9]+\s=\s(0x[0-9a-f]+)\s?(<\w+>)?$', r'\1', sig)
--    sig = re.sub('0x[0-9a-f]+', '0xXXXX', sig)
-+    sig = re.sub(r'^\$[0-9]+\s=\s\{(.+)\}$', r'\1', sig)
-+    sig = re.sub(r'^\$[0-9]+\s=\s\{(.+)\}(\s0x[0-9a-f]+\s<\w+>)+$', r'\1', sig)
-+    sig = re.sub(r'^\$[0-9]+\s=\s(0x[0-9a-f]+)\s?(<\w+>)?$', r'\1', sig)
-+    sig = re.sub(r'0x[0-9a-f]+', '0xXXXX', sig)
-     sig = re.sub('", <incomplete sequence (\\\\[a-z0-9]+)>', r'\1"', sig)
- 
-     for t in abi_type_maps:
-         # we need to cope with non-word characters in mapped types
-         m = t
--        m = m.replace('*', '\*')
-+        m = m.replace('*', r'\*')
-         if m[-1].isalnum() or m[-1] == '_':
-             m += '\\b'
-         if m[0].isalnum() or m[0] == '_':
-@@ -41,7 +41,7 @@ def normalise_signature(sig):
- 
- def normalise_varargs(sig):
-     '''cope with older versions of gdb'''
--    sig = re.sub(',\s\.\.\.', '', sig)
-+    sig = re.sub(r',\s\.\.\.', '', sig)
-     return sig
- 
- 
-diff --git a/buildtools/wafsamba/samba_conftests.py b/buildtools/wafsamba/samba_conftests.py
-index ef632ba903369e4211991f17a3b204bcd96c3a2f..63e50567860ff890b00b0ce6c7607c917b7329d1 100644
---- a/buildtools/wafsamba/samba_conftests.py
-+++ b/buildtools/wafsamba/samba_conftests.py
-@@ -397,7 +397,7 @@ WriteMakefile(
- 
-     if section:
-         man = Utils.readf(os.path.join(bdir,'Makefile'))
--        m = re.search('MAN%sEXT\s+=\s+(\w+)' % section, man)
-+        m = re.search(r'MAN%sEXT\s+=\s+(\w+)' % section, man)
-         if not m:
-             conf.end_msg('not found', color='YELLOW')
-             return
-diff --git a/buildtools/wafsamba/samba_cross.py b/buildtools/wafsamba/samba_cross.py
-index 8863c2c53e7d7dd9317c9233f0085ffd0eea6b2f..34793902fba884cf2d8358bf4315dc98027266b6 100644
---- a/buildtools/wafsamba/samba_cross.py
-+++ b/buildtools/wafsamba/samba_cross.py
-@@ -77,7 +77,7 @@ def cross_answer(ca_file, msg):
-                 f.close()
-                 return (0, ans.strip("'"))
-             else:
--                m = re.match('\(\s*(-?\d+)\s*,\s*\"(.*)\"\s*\)', ans)
-+                m = re.match(r'\(\s*(-?\d+)\s*,\s*\"(.*)\"\s*\)', ans)
-                 if m:
-                     f.close()
-                     return (int(m.group(1)), m.group(2))
-diff --git a/buildtools/wafsamba/samba_headers.py b/buildtools/wafsamba/samba_headers.py
-index a268c011c5d8e406e0d763554c55668cfb5388bc..c8bee19010978a04460b0637fcc8fd484a699ea8 100644
---- a/buildtools/wafsamba/samba_headers.py
-+++ b/buildtools/wafsamba/samba_headers.py
-@@ -19,7 +19,7 @@ def header_install_path(header, header_path):
-     return ''
- 
- 
--re_header = re.compile('^\s*#\s*include[ \t]*"([^"]+)"', re.I | re.M)
-+re_header = re.compile(r'^\s*#\s*include[ \t]*"([^"]+)"', re.I | re.M)
- 
- # a dictionary mapping source header paths to public header paths
- header_map = {}
-diff --git a/buildtools/wafsamba/samba_utils.py b/buildtools/wafsamba/samba_utils.py
-index ad97de1859ba24c4afd5106b4f9694b0dc855643..75c9794ec40f327ef8ccf9aa33fafd6ed6181e3b 100644
---- a/buildtools/wafsamba/samba_utils.py
-+++ b/buildtools/wafsamba/samba_utils.py
-@@ -255,10 +255,10 @@ def TO_LIST(str, delimiter=None):
- 
- def subst_vars_error(string, env):
-     '''substitute vars, throw an error if a variable is not defined'''
--    lst = re.split('(\$\{\w+\})', string)
-+    lst = re.split(r'(\$\{\w+\})', string)
-     out = []
-     for v in lst:
--        if re.match('\$\{\w+\}', v):
-+        if re.match(r'\$\{\w+\}', v):
-             vname = v[2:-1]
-             if not vname in env:
-                 raise KeyError("Failed to find variable %s in %s in env %s <%s>" % (vname, string, env.__class__, str(env)))
-diff --git a/buildtools/wafsamba/symbols.py b/buildtools/wafsamba/symbols.py
-index 3eca3d46bd71cf0780b3c8e36a26b96bd3aa3b83..73e8ca8ce53ef5d956ac58e14a2403dd49f01109 100644
---- a/buildtools/wafsamba/symbols.py
-+++ b/buildtools/wafsamba/symbols.py
-@@ -119,9 +119,9 @@ def find_ldd_path(bld, libname, binary):
- 
- 
- # some regular expressions for parsing readelf output
--re_sharedlib = re.compile(b'Shared library: \[(.*)\]')
-+re_sharedlib = re.compile(r'Shared library: \[(.*)\]')
- # output from readelf could be `Library rpath` or `Libray runpath`
--re_rpath     = re.compile(b'Library (rpath|runpath): \[(.*)\]')
-+re_rpath     = re.compile(r'Library (rpath|runpath): \[(.*)\]')
- 
- def get_libs(bld, binname):
-     '''find the list of linked libraries for any binary or library
--- 
-2.23.0.rc2
-

SOURCES/1420.patch

@@ -1,44 +0,0 @@
-From 0e4fd77c1e03fe6351d129f2161b0b3313f5fa3d Mon Sep 17 00:00:00 2001
-From: Mathieu Parent <math.parent@gmail.com>
-Date: Thu, 25 Jun 2020 09:48:04 +0200
-Subject: [PATCH] Fix FTBFS / Increase the over-estimation for sparse files
-
-BUG: https://bugzilla.samba.org/show_bug.cgi?id=14418
-Signed-off-by: Mathieu Parent <math.parent@gmail.com>
----
- tests/ldb_kv_ops_test.c | 10 ++++++++--
- 1 file changed, 8 insertions(+), 2 deletions(-)
-
-diff --git a/lib/ldb/tests/ldb_kv_ops_test.c b/lib/ldb/tests/ldb_kv_ops_test.c
-index 30adebf1952..9db2212895f 100644
---- a/tests/ldb_kv_ops_test.c
-+++ b/tests/ldb_kv_ops_test.c
-@@ -1717,8 +1717,11 @@ static void test_get_size(void **state)
- 	/*
- 	 * The tdb implementation of get_size over estimates for sparse files
- 	 * which is perfectly acceptable for it's intended use.
-+	 * mipsel, ia64: 9994
-+	 * ppc64el, powerpc, ppc64: 13369
-+	 * sparc64: 5046
- 	 */
--	assert_in_range(size, 2500, 5000);
-+	assert_in_range(size, 2500, 15000);
- #endif
- 
- 	/*
-@@ -1746,8 +1749,11 @@ static void test_get_size(void **state)
- 	/*
- 	 * The tdb implementation of get_size over estimates for sparse files
- 	 * which is perfectly acceptable for it's intended use.
-+	 * mipsel, ia64: 9994
-+	 * ppc64el, powerpc, ppc64: 13369
-+	 * sparc64: 5046
- 	 */
--	assert_in_range(size, 2500, 5000);
-+	assert_in_range(size, 2500, 15000);
- #endif
- 	talloc_free(tmp_ctx);
- }
--- 
-GitLab
-

SOURCES/CVE-2021-20277.patch

@@ -1,303 +0,0 @@
-From 3895ccd4de3fd5d900b7c1122d912f0a06c2b069 Mon Sep 17 00:00:00 2001
-From: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
-Date: Fri, 5 Mar 2021 15:47:56 +1300
-Subject: [PATCH 1/4] ldb: add tests for ldb_wildcard_compare
-MIME-Version: 1.0
-Content-Type: text/plain; charset=UTF-8
-Content-Transfer-Encoding: 8bit
-
-BUG: https://bugzilla.samba.org/show_bug.cgi?id=14044
-
-Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
-Reviewed-by: Björn Jacke <bjacke@samba.org>
-Reviewed-by: Andrew Bartlett <abartlet@samba.org>
-
-(cherry-picked from commit 33a95a1e75b85e9795c4490b78ead2162e2a1f47)
----
- lib/ldb/tests/ldb_match_test.c | 134 ++++++++++++++++++++++++++++++---
- 1 file changed, 124 insertions(+), 10 deletions(-)
-
-diff --git a/tests/ldb_match_test.c b/tests/ldb_match_test.c
-index e09f50c86ba..3028aed072c 100644
---- a/tests/ldb_match_test.c
-+++ b/tests/ldb_match_test.c
-@@ -91,6 +91,33 @@ static int teardown(void **state)
- 	return 0;
- }
- 
-+static void escape_string(uint8_t *buf, size_t buflen,
-+			  const uint8_t *s, size_t len)
-+{
-+	size_t i;
-+	size_t j = 0;
-+	for (i = 0; i < len; i++) {
-+		if (j == buflen - 1) {
-+			goto fin;
-+		}
-+		if (s[i] >= 0x20) {
-+			buf[j] = s[i];
-+			j++;
-+		} else {
-+			if (j >= buflen - 4) {
-+				goto fin;
-+			}
-+			/* utf-8 control char representation */
-+			buf[j] = 0xE2;
-+			buf[j + 1] = 0x90;
-+			buf[j + 2] = 0x80 + s[i];
-+			j+= 3;
-+		}
-+	}
-+fin:
-+	buf[j] = 0;
-+}
-+
- 
- /*
-  * The wild card pattern "attribute=*" is parsed as an LDB_OP_PRESENT operation
-@@ -122,23 +149,110 @@ static void test_wildcard_match_star(void **state)
-  * Test basic wild card matching
-  *
-  */
-+struct wildcard_test {
-+	uint8_t *val;
-+	size_t val_size;
-+	const char *search;
-+	bool should_match;
-+	bool fold;
-+};
-+
-+/*
-+ * Q: Why this macro rather than plain struct values?
-+ * A: So we can get the size of the const char[] value while it is still a
-+ * true array, not a pointer.
-+ *
-+ * Q: but why not just use strlen?
-+ * A: so values can contain '\0', which we supposedly allow.
-+ */
-+
-+#define TEST_ENTRY(val, search, should_match, fold)	\
-+	{						\
-+		(uint8_t*)discard_const(val),		\
-+		sizeof(val) - 1,			\
-+		search,					\
-+		should_match,				\
-+		fold					\
-+	 }
-+
- static void test_wildcard_match(void **state)
- {
- 	struct ldbtest_ctx *ctx = *state;
--	bool matched = false;
--
--	uint8_t value[] = "The value.......end";
--	struct ldb_val val = {
--		.data   = value,
--		.length = (sizeof(value))
-+	size_t failed = 0;
-+	size_t i;
-+	struct wildcard_test tests[] = {
-+		TEST_ENTRY("The value.......end", "*end", true, true),
-+		TEST_ENTRY("The value.......end", "*fend", false, true),
-+		TEST_ENTRY("The value.......end", "*eel", false, true),
-+		TEST_ENTRY("The value.......end", "*d", true, true),
-+		TEST_ENTRY("The value.......end", "*D*", true, true),
-+		TEST_ENTRY("The value.......end", "*e*d*", true, true),
-+		TEST_ENTRY("end", "*e*d*", true, true),
-+		TEST_ENTRY("end", "  *e*d*", true, true),
-+		TEST_ENTRY("1.0.0.0.0.0.0.0aaaaaaaaaaaa", "*aaaaa", true, true),
-+		TEST_ENTRY("1.0..0.0.0.0.0.0.0aAaaaAAAAAAA", "*a", true,  true),
-+		TEST_ENTRY("1.0.0.0.0.0.0.0.0.0.0aaaa", "*aaaaa", false, true),
-+		TEST_ENTRY("1.0.0.0.0.0.0.0.0.0.0", "*0.0", true, true),
-+		TEST_ENTRY("1.0.0.0.0.0.0.0.0.0.0", "*0.0.0", true, true),
-+		TEST_ENTRY("1.0.0.0.0.0.0.0.0.0", "1*0*0*0*0*0*0*0*0*0", true,
-+			   true),
-+		TEST_ENTRY("1.0.0.0.0.0.0.0.0", "1*0*0*0*0*0*0*0*0*0", false,
-+			   true),
-+		TEST_ENTRY("1.0.0.0.000.0.0.0.0", "1*0*0*0*0*0*0*0*0*0", true,
-+			   true),
-+		TEST_ENTRY("1\n0\r0\t000.0.0.0.0", "1*0*0*0*0*0*0*0*0", true,
-+			   true),
-+		/*
-+		 *  We allow NUL bytes in non-casefolding syntaxes.
-+		 */
-+		TEST_ENTRY("1\x00 x", "1*x", true, false),
-+		TEST_ENTRY("1\x00 x", "*x", true, false),
-+		TEST_ENTRY("1\x00 x", "*x*", true, false),
-+		TEST_ENTRY("1\x00 x", "* *", true, false),
-+		TEST_ENTRY("1\x00 x", "1*", true, false),
-+		TEST_ENTRY("1\x00 b* x", "1*b*", true, false),
-+		TEST_ENTRY("1.0..0.0.0.0.0.0.0aAaaaAAAAAAA", "*a", false,  false),
- 	};
--	struct ldb_parse_tree *tree = ldb_parse_tree(ctx, "objectClass=*end");
--	assert_non_null(tree);
- 
--	ldb_wildcard_compare(ctx->ldb, tree, val, &matched);
--	assert_true(matched);
-+	for (i = 0; i < ARRAY_SIZE(tests); i++) {
-+		bool matched;
-+		int ret;
-+		struct ldb_val val = {
-+			.data   = (uint8_t *)tests[i].val,
-+			.length = tests[i].val_size
-+		};
-+		const char *attr = tests[i].fold ? "objectclass" : "birthLocation";
-+		const char *s = talloc_asprintf(ctx, "%s=%s",
-+						attr, tests[i].search);
-+		struct ldb_parse_tree *tree = ldb_parse_tree(ctx, s);
-+		assert_non_null(tree);
-+		ret = ldb_wildcard_compare(ctx->ldb, tree, val, &matched);
-+		if (ret != LDB_SUCCESS) {
-+			uint8_t buf[100];
-+			escape_string(buf, sizeof(buf),
-+				      tests[i].val, tests[i].val_size);
-+			print_error("%zu val: «%s», search «%s» FAILED with %d\n",
-+				    i, buf, tests[i].search, ret);
-+			failed++;
-+		}
-+		if (matched != tests[i].should_match) {
-+			uint8_t buf[100];
-+			escape_string(buf, sizeof(buf),
-+				      tests[i].val, tests[i].val_size);
-+			print_error("%zu val: «%s», search «%s» should %s\n",
-+				    i, buf, tests[i].search,
-+				    matched ? "not match" : "match");
-+			failed++;
-+		}
-+	}
-+	if (failed != 0) {
-+		fail_msg("wrong results for %zu/%zu wildcard searches\n",
-+			 failed, ARRAY_SIZE(tests));
-+	}
- }
- 
-+#undef TEST_ENTRY
-+
- 
- /*
-  * ldb_handler_copy and ldb_val_dup over allocate by one and add a trailing '\0'
--- 
-2.25.1
-
-
-From 984842f9881e7e72b1bcd032ad0245d08f79888d Mon Sep 17 00:00:00 2001
-From: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
-Date: Fri, 5 Mar 2021 20:13:01 +1300
-Subject: [PATCH 2/4] CVE-2021-20277 ldb tests: ldb_match tests with extra
- spaces
-
-BUG: https://bugzilla.samba.org/show_bug.cgi?id=14655
-
-Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
-Reviewed-by: Andrew Bartlett <abartlet@samba.org>
-(cherry-picked from commit for master)
----
- lib/ldb/tests/ldb_match_test.c | 8 +++++++-
- 1 file changed, 7 insertions(+), 1 deletion(-)
-
-diff --git a/tests/ldb_match_test.c b/tests/ldb_match_test.c
-index 3028aed072c..ba6ea56be15 100644
---- a/tests/ldb_match_test.c
-+++ b/tests/ldb_match_test.c
-@@ -181,6 +181,8 @@ static void test_wildcard_match(void **state)
- 	size_t failed = 0;
- 	size_t i;
- 	struct wildcard_test tests[] = {
-+		TEST_ENTRY("                     1  0", "1*0*", true, true),
-+		TEST_ENTRY("                     1  0", "1 *0", true, true),
- 		TEST_ENTRY("The value.......end", "*end", true, true),
- 		TEST_ENTRY("The value.......end", "*fend", false, true),
- 		TEST_ENTRY("The value.......end", "*eel", false, true),
-@@ -203,8 +205,12 @@ static void test_wildcard_match(void **state)
- 		TEST_ENTRY("1\n0\r0\t000.0.0.0.0", "1*0*0*0*0*0*0*0*0", true,
- 			   true),
- 		/*
--		 *  We allow NUL bytes in non-casefolding syntaxes.
-+		 *  We allow NUL bytes and redundant spaces in non-casefolding
-+		 *  syntaxes.
- 		 */
-+		TEST_ENTRY("                  1  0", "*1  0", true, false),
-+		TEST_ENTRY("                  1  0", "*1  0", true, false),
-+		TEST_ENTRY("1    0", "*1 0", false, false),
- 		TEST_ENTRY("1\x00 x", "1*x", true, false),
- 		TEST_ENTRY("1\x00 x", "*x", true, false),
- 		TEST_ENTRY("1\x00 x", "*x*", true, false),
--- 
-2.25.1
-
-
-From a3ea9b5cfd98e9c62d99b42e7ebd4af1549a0d26 Mon Sep 17 00:00:00 2001
-From: Andrew Bartlett <abartlet@samba.org>
-Date: Fri, 12 Mar 2021 11:51:56 +1300
-Subject: [PATCH 3/4] CVE-2021-20277 ldb: Remove tests from ldb_match_test that
- do not pass
-
-This reverts some of the backport of 33a95a1e75b85e9795c4490b78ead2162e2a1f47
-
-This is done here rather than squashed in the cherry-pick of the expanded testsuite
-because it allows this commit to be simply reverted for the backport of bug 14044
-if this lands first, or to be dropped if bug 14044 lands first.
-
-BUG: https://bugzilla.samba.org/show_bug.cgi?id=14655
-
-Signed-off-by: Andrew Bartlett <abartlet@samba.org>
-Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
----
- lib/ldb/tests/ldb_match_test.c | 2 --
- 1 file changed, 2 deletions(-)
-
-diff --git a/tests/ldb_match_test.c b/tests/ldb_match_test.c
-index ba6ea56be15..fbf4106fa78 100644
---- a/tests/ldb_match_test.c
-+++ b/tests/ldb_match_test.c
-@@ -191,11 +191,9 @@ static void test_wildcard_match(void **state)
- 		TEST_ENTRY("The value.......end", "*e*d*", true, true),
- 		TEST_ENTRY("end", "*e*d*", true, true),
- 		TEST_ENTRY("end", "  *e*d*", true, true),
--		TEST_ENTRY("1.0.0.0.0.0.0.0aaaaaaaaaaaa", "*aaaaa", true, true),
- 		TEST_ENTRY("1.0..0.0.0.0.0.0.0aAaaaAAAAAAA", "*a", true,  true),
- 		TEST_ENTRY("1.0.0.0.0.0.0.0.0.0.0aaaa", "*aaaaa", false, true),
- 		TEST_ENTRY("1.0.0.0.0.0.0.0.0.0.0", "*0.0", true, true),
--		TEST_ENTRY("1.0.0.0.0.0.0.0.0.0.0", "*0.0.0", true, true),
- 		TEST_ENTRY("1.0.0.0.0.0.0.0.0.0", "1*0*0*0*0*0*0*0*0*0", true,
- 			   true),
- 		TEST_ENTRY("1.0.0.0.0.0.0.0.0", "1*0*0*0*0*0*0*0*0*0", false,
--- 
-2.25.1
-
-
-From 8fc0753ae7e2a2101c52574886e975ec8e90aee1 Mon Sep 17 00:00:00 2001
-From: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
-Date: Tue, 8 Dec 2020 21:32:09 +1300
-Subject: [PATCH 4/4] CVE-2021-20277 ldb/attrib_handlers casefold: stay in
- bounds
-
-For a string that had N spaces at the beginning, we would
-try to move N bytes beyond the end of the string.
-
-BUG: https://bugzilla.samba.org/show_bug.cgi?id=14655
-
-Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
-Reviewed-by: Andrew Bartlett <abartlet@samba.org>
-
-(cherry-picked from commit for master)
----
- lib/ldb/common/attrib_handlers.c | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/common/attrib_handlers.c b/common/attrib_handlers.c
-index b5212b73159..c6ef5ad477b 100644
---- a/common/attrib_handlers.c
-+++ b/common/attrib_handlers.c
-@@ -76,7 +76,7 @@ int ldb_handler_fold(struct ldb_context *ldb, void *mem_ctx,
- 	
- 	/* remove leading spaces if any */
- 	if (*s == ' ') {
--		for (t = s; *s == ' '; s++) ;
-+		for (t = s; *s == ' '; s++, l--) ;
- 
- 		/* remove leading spaces by moving down the string */
- 		memmove(t, s, l);
--- 
-2.25.1
-

SOURCES/ldb-2.2.0.tar.asc

@@ -1,11 +0,0 @@
------BEGIN PGP SIGNATURE-----
-
-iQFJBAABCgAzFiEEkUejOXGVGO6QEby1R5ORYRMIQCUFAl8HCQwVHHNhbWJhLWJ1
-Z3NAc2FtYmEub3JnAAoJEEeTkWETCEAlrwkH/A/MJM5E0Pyz6HNdctHSrA97FB6Q
-JI1MnsyXerZXfDulcUFmyrNPp66gLGeNGG2X9eoxvWrZk3hPnYe9YPE6UiwCKxZu
-1CSp2JuwaVB6EoUxUIuh63DFlF9Th/ZEhPsBrP3tQHvZyGpTDOQq3qhV7FLsrIwO
-RstK5CJIqmgwy84oJmKanWLWfTqdp/HBvVsZw0/kZ0Kr+3DUcM9MaY7hifMpcSOV
-8HTMgIpEoPbKkNOMj2lkDiYcx3tLWtdMYQdN31Cng3X9n5XmLX0GQlfCjfediSkT
-vK2RGlIp/hlEXOSyIG2mJync+u4NCOv7r8EEcVhjHDYOflIvfOiwbITtWMg=
-=/f7o
------END PGP SIGNATURE-----

SOURCES/ldb-2.8.0.tar.asc

@@ -0,0 +1,11 @@
+-----BEGIN PGP SIGNATURE-----
+
+iQEzBAABCgAdFiEEkUejOXGVGO6QEby1R5ORYRMIQCUFAmTDr+oACgkQR5ORYRMI
+QCXfwgf/cAqWCgnnKIT3hvUdL2i2F9edDXTOkBDZ1vxQ8hLO+T8JtWO9F40hEZjH
+F5R5B2pxBP6T2Nd9NHVbHUqlIpjqqesweTXtabuW60oz5PZ13owpGDWWQKortH5/
+j49v/ZKHD0NBjVN09AylRgoKQ4kRDtd0rMOAS951aRUcRTFRjK86hnaHPgvQeexy
+SizGRtHlifnwM/lbgJlLkTDUDNA+7RwXRAv0pvLwYReGFoS8vyUbMOYt1lnoiNas
+6cz+6yTKknGO7KSE6bjviDahv7Xg04Qy02eI/HYEZ8NG3aJqNsOqPchP4y/JgVv+
+90FZR2cdZNpTdlZ5TPfihL2/zldXKQ==
+=H6+4
+-----END PGP SIGNATURE-----

SOURCES/libldb-fix-indexes-performance.patch

@@ -0,0 +1,221 @@
+From 1944fcf4b7e5ab4cf580e17031918ba5f441902b Mon Sep 17 00:00:00 2001
+From: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
+Date: Wed, 26 Jun 2024 11:05:49 +1200
+Subject: [PATCH 1/2] ldb_kv_index: dn_list load sub transaction can re-use
+ keys
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+We don't want to modify the original list, but we can reuse the keys
+if we treat them as immutable and don't free them. That makes it a lot
+quicker if there are many keys (i.e. where an index is useful) and may
+sub-transactions. In particular, it avoids O(n²) talloc_memdups.
+
+A removed comment that says "We have to free the top level index
+memory otherwise we would leak", and this will be addressed in the
+next commit.
+
+BUG: https://bugzilla.samba.org/show_bug.cgi?id=15590
+
+Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
+Reviewed-by: Stefan Metzmacher <metze@samba.org>
+(cherry picked from commit 5f0198d69843c864f2b98a7c0c6305ad789a68a0)
+---
+ lib/ldb/ldb_key_value/ldb_kv_index.c | 96 +++++++++++++++++-----------
+ 1 file changed, 57 insertions(+), 39 deletions(-)
+
+diff --git a/lib/ldb/ldb_key_value/ldb_kv_index.c b/lib/ldb/ldb_key_value/ldb_kv_index.c
+index 3f1a847f2b6..fed1033f492 100644
+--- a/lib/ldb/ldb_key_value/ldb_kv_index.c
++++ b/lib/ldb/ldb_key_value/ldb_kv_index.c
+@@ -446,34 +446,39 @@ static int ldb_kv_dn_list_load(struct ldb_module *module,
+ 	 * There is an active index sub transaction, and the record was
+ 	 * found in the primary index transaction cache.  A copy of the
+ 	 * record needs be taken to prevent the original entry being
+-	 * altered, until the index sub transaction is committed.
++	 * altered, until the index sub transaction is committed, but we
++	 * don't copy the actual values, just the array of struct ldb_val
++	 * that points to the values (which are offsets into a GUID array).
++	 *
++	 * As a reminder, our primary cache is an in-memory tdb that
++	 * maps attributes to struct dn_list objects, which point to
++	 * the actual index, which is an array of struct ldb_val, the
++	 * contents of which are {.data = <binary GUID>, .length =
++	 * 16}. The array is sorted by GUID data, and these GUIDs are
++	 * used to look up index entries in the main database. There
++	 * are more layers of indirection than necessary, but what
++	 * makes the index useful is we can use a binary search to
++	 * find if the array contains a GUID.
++	 *
++	 * What we do in a sub-transaction is make a copy of the struct
++	 * dn_list and the array of struct ldb_val, but *not* of the
++	 * .data that they point to. This copy is put into a new
++	 * in-memory tdb which masks the primary cache for the duration
++	 * of the sub-transaction.
++	 *
++	 * In an add operation in a sub-transaction, the new ldb_val
++	 * is a child of the sub-transaction dn_list, which will
++	 * become the main dn_list if the transaction succeeds.
++	 *
++	 * These acrobatics do not affect read-only operations.
+ 	 */
+-
+-	{
+-		struct ldb_val *dns = NULL;
+-		size_t x = 0;
+-
+-		dns = talloc_array(
+-			list,
+-			struct ldb_val,
+-			list2->count);
+-		if (dns == NULL) {
+-			return LDB_ERR_OPERATIONS_ERROR;
+-		}
+-		for (x = 0; x < list2->count; x++) {
+-			dns[x].length = list2->dn[x].length;
+-			dns[x].data = talloc_memdup(
+-				dns,
+-				list2->dn[x].data,
+-				list2->dn[x].length);
+-			if (dns[x].data == NULL) {
+-				TALLOC_FREE(dns);
+-				return LDB_ERR_OPERATIONS_ERROR;
+-			}
+-		}
+-		list->dn = dns;
+-		list->count = list2->count;
++	list->dn = talloc_memdup(list,
++				 list2->dn,
++				 talloc_get_size(list2->dn));
++	if (list->dn == NULL) {
++		return LDB_ERR_OPERATIONS_ERROR;
+ 	}
++	list->count = list2->count;
+ 	return LDB_SUCCESS;
+ 
+ 	/*
+@@ -3852,9 +3857,7 @@ int ldb_kv_reindex(struct ldb_module *module)
+  * Copy the contents of the nested transaction index cache record to the
+  * transaction index cache.
+  *
+- * During this 'commit' of the subtransaction to the main transaction
+- * (cache), care must be taken to free any existing index at the top
+- * level because otherwise we would leak memory.
++ * This is a 'commit' of the subtransaction to the main transaction cache.
+  */
+ static int ldb_kv_sub_transaction_traverse(
+ 	struct tdb_context *tdb,
+@@ -3883,8 +3886,7 @@ static int ldb_kv_sub_transaction_traverse(
+ 
+ 	/*
+ 	 * Do we already have an entry in the primary transaction cache
+-	 * If so free it's dn_list and replace it with the dn_list from
+-	 * the secondary cache
++	 * If so replace dn_list with the one from the subtransaction.
+ 	 *
+ 	 * The TDB and so the fetched rec contains NO DATA, just a
+ 	 * pointer to data held in memory.
+@@ -3897,21 +3899,37 @@ static int ldb_kv_sub_transaction_traverse(
+ 			abort();
+ 		}
+ 		/*
+-		 * We had this key at the top level.  However we made a copy
+-		 * at the sub-transaction level so that we could possibly
+-		 * roll back.  We have to free the top level index memory
+-		 * otherwise we would leak
++		 * We had this key at the top level, and made a copy
++		 * of the dn list for this sub-transaction level that
++		 * borrowed the top level GUID data. We can't free the
++		 * original dn list just yet.
++		 *
++		 * In this diagram, ... is the C pointer structure
++		 * and --- is the talloc structure (::: is both).
++		 *
++		 *   index_in_top_level ::: dn orig ..............
++		 *	|			|		  :
++		 *	|			`--GUID array	  :
++		 *	|				   |----- val1 data
++		 * ldb_kv				   `----- val2 data
++		 *	|					  :
++		 *   index_in_subtransaction :: dn copy ..........:
++		 *				|		  :
++		 *				`------------ new val3 data
++		 *
++		 * So we don't free the index_in_top_level dn list yet,
++		 * because we are (probably) borrowing most of its
++		 * children.
+ 		 */
+-		if (index_in_top_level->count > 0) {
+-			TALLOC_FREE(index_in_top_level->dn);
+-		}
+ 		index_in_top_level->dn
+ 			= talloc_steal(index_in_top_level,
+ 				       index_in_subtransaction->dn);
+ 		index_in_top_level->count = index_in_subtransaction->count;
+ 		return 0;
+ 	}
+-
++	/*
++	 * We found no top level index in the cache, so we put one in.
++	 */
+ 	index_in_top_level = talloc(ldb_kv->idxptr, struct dn_list);
+ 	if (index_in_top_level == NULL) {
+ 		ldb_kv->idxptr->error = LDB_ERR_OPERATIONS_ERROR;
+-- 
+2.46.0
+
+
+From 70d8b1b2f87cbb16b671d334e46244ba001fbd31 Mon Sep 17 00:00:00 2001
+From: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
+Date: Mon, 22 Jul 2024 22:22:15 +1200
+Subject: [PATCH 2/2] ldb:kv_index: realloc away old dn list
+
+We can't just free it, because has the GUID index list as a child, and
+these are shared by the new dn list (from the subtransaction we are
+committing). But if the dn list is long and the main transaction is
+long-lived, we can save a lot of memory by turning this dn list into
+an almost empty node in the talloc tree. This returns us to roughly
+the situation we had prior to the last commit.
+
+For example, with the repro.sh script on bug 15590 in indexes mode
+with 10000 rules, The last 3 commits use this much memory at the end
+of an unusually large transaction:
+
+full talloc report on 'struct ldb_context' (total 4012222 bytes in 90058 blocks)
+full talloc report on 'struct ldb_context' (total 2405482219 bytes in 90058 blocks)
+full talloc report on 'struct ldb_context' (total 4282195 bytes in 90058 blocks)
+
+That is, the last commit increased usage 500 fold, and this commit
+brings it back to normal.
+
+BUG: https://bugzilla.samba.org/show_bug.cgi?id=15590
+
+Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
+Reviewed-by: Stefan Metzmacher <metze@samba.org>
+(cherry picked from commit 1bf9ede94f0a6b41fb18e880e59a8e390f8c21d3)
+---
+ lib/ldb/ldb_key_value/ldb_kv_index.c | 6 +++++-
+ 1 file changed, 5 insertions(+), 1 deletion(-)
+
+diff --git a/lib/ldb/ldb_key_value/ldb_kv_index.c b/lib/ldb/ldb_key_value/ldb_kv_index.c
+index fed1033f492..11bdf00dc08 100644
+--- a/lib/ldb/ldb_key_value/ldb_kv_index.c
++++ b/lib/ldb/ldb_key_value/ldb_kv_index.c
+@@ -3919,8 +3919,12 @@ static int ldb_kv_sub_transaction_traverse(
+ 		 *
+ 		 * So we don't free the index_in_top_level dn list yet,
+ 		 * because we are (probably) borrowing most of its
+-		 * children.
++		 * children. But we can save memory by discarding the
++		 * values and keeping it as an almost empty talloc
++		 * node.
+ 		 */
++		talloc_realloc(index_in_top_level,
++			       index_in_top_level->dn, struct ldb_val *, 1);
+ 		index_in_top_level->dn
+ 			= talloc_steal(index_in_top_level,
+ 				       index_in_subtransaction->dn);
+-- 
+2.46.0
+

SPECS/libldb.spec

@@ -1,8 +1,7 @@
 %if ((0%{?fedora} || 0%{?rhel} > 7 || 0%{?epel} > 6))
 
 # lmdb is not supported on 32 bit architectures
-# also disabled on aarch64 for now, due to #1897082
-%ifarch s390x x86_64
+%ifarch aarch64 ppc64le s390x x86_64
 %bcond_without lmdb
 %else
 %bcond_with lmdb
@@ -20,18 +19,18 @@
 %bcond_with python3
 %endif
 
-%global talloc_version 2.3.1
-%global tdb_version 1.4.3
-%global tevent_version 0.10.2
+%global talloc_version 2.4.1
+%global tdb_version 1.4.9
+%global tevent_version 0.15.0
 
 Name: libldb
-Version: 2.2.0
-Release: 2%{?dist}
+Version: 2.8.0
+Release: 1%{?dist}
 Summary: A schema-less, ldap like, API and database
 Requires: libtalloc%{?_isa} >= %{talloc_version}
 Requires: libtdb%{?_isa} >= %{tdb_version}
 Requires: libtevent%{?_isa} >= %{tevent_version}
-License: LGPLv3+
+License: LGPL-3.0-or-later
 URL: http://ldb.samba.org/
 Source0: https://www.samba.org/ftp/ldb/ldb-%{version}.tar.gz
 Source1: https://www.samba.org/ftp/ldb/ldb-%{version}.tar.asc
@@ -39,10 +38,7 @@ Source1: https://www.samba.org/ftp/ldb/ldb-%{version}.tar.asc
 Source2: ldb.keyring
 
 # Patches
-Patch0001: 0001-PATCH-wafsamba-Fix-few-SyntaxWarnings-caused-by-regu.patch
-# Fix FTBFS / Increase the over-estimation for sparse files
-Patch0002: 1420.patch
-Patch0003: CVE-2021-20277.patch
+Patch0:         libldb-fix-indexes-performance.patch
 
 BuildRequires: gcc
 BuildRequires: libtalloc-devel >= %{talloc_version}
@@ -65,12 +61,13 @@ BuildRequires: doxygen
 BuildRequires: openldap-devel
 BuildRequires: libcmocka-devel
 BuildRequires: gnupg2
+BuildRequires: make
 
 Provides: bundled(libreplace)
+Obsoletes: python2-ldb < 2.0.5-1
+Obsoletes: python2-ldb-devel < 2.0.5-1
+Obsoletes: pyldb < 1.1.26-2
 
-Obsoletes: python2-ldb < %{version}-%{release}
-Obsoletes: python2-ldb-devel < %{version}-%{release}
-Obsoletes: python2-ldb-debuginfo < %{version}-%{release}
 
 %description
 An extensible library that implements an LDAP like API to access remote LDAP
@@ -89,11 +86,20 @@ Requires: libldb%{?_isa} = %{version}-%{release}
 Requires: libtdb-devel%{?_isa} >= %{tdb_version}
 Requires: libtalloc-devel%{?_isa} >= %{talloc_version}
 Requires: libtevent-devel%{?_isa} >= %{tevent_version}
-Requires: pkgconfig
 
 %description devel
 Header files needed to develop programs that link against the LDB library.
 
+%package -n python-ldb-devel-common
+Summary: Common development files for the Python bindings for the LDB library
+
+Provides: pyldb-devel%{?_isa} = %{version}-%{release}
+%{?python_provide:%python_provide python2-ldb-devel}
+
+%description -n python-ldb-devel-common
+Development files for the Python bindings for the LDB library.
+This package includes files that aren't specific to a Python version.
+
 %if %{with python3}
 %package -n python3-ldb
 Summary: Python bindings for the LDB library
@@ -108,7 +114,7 @@ Python bindings for the LDB library
 %package -n python3-ldb-devel
 Summary: Development files for the Python bindings for the LDB library
 Requires: python3-ldb%{?_isa} = %{version}-%{release}
-Obsoletes: python-ldb-devel-common < %{version}-%{release}
+Requires: python-ldb-devel-common%{?_isa} = %{version}-%{release}
 
 %{?python_provide:%python_provide python3-ldb-devel}
 
@@ -118,11 +124,10 @@ Development files for the Python bindings for the LDB library
 %endif
 
 %prep
-%autosetup -n ldb-%{version} -p1
+zcat %{SOURCE0} | gpgv2 --quiet --keyring %{SOURCE2} %{SOURCE1} -
+%autosetup -n ldb-%{version} -p3
 
 %build
-zcat %{SOURCE0} | gpgv2 --quiet --keyring %{SOURCE2} %{SOURCE1} -
-
 # workaround for https://bugzilla.redhat.com/show_bug.cgi?id=1217376
 export python_LDFLAGS=""
 
@@ -197,6 +202,10 @@ rm -f $RPM_BUILD_ROOT/%{_mandir}/man3/_*
 %{_mandir}/man3/ldb*.gz
 %{_mandir}/man3/ldif*.gz
 
+%files -n python-ldb-devel-common
+%{_includedir}/pyldb.h
+%{_mandir}/man*/Py*.gz
+
 %if %{with python3}
 %files -n python3-ldb
 %{python3_sitearch}/ldb.cpython-*.so
@@ -207,16 +216,55 @@ rm -f $RPM_BUILD_ROOT/%{_mandir}/man3/_*
 %files -n python3-ldb-devel
 %{_libdir}/libpyldb-util.cpython-*.so
 %{_libdir}/pkgconfig/pyldb-util.cpython-*.pc
-%{_includedir}/pyldb.h
-%{_mandir}/man*/Py*.gz
 
 %ldconfig_scriptlets -n python3-ldb
 #endif with python
 %endif
 
 %changelog
+* Tue Aug 13 2024 Andreas Schneider <asn@redhat.com> - 2.8.0-1
+- resolves: RHEL-12109 - Fix performance regression with indexes
+
+* Fri Nov 17 2023 Pavel Filipenský <pfilipen@redhat.com> - 2.8.0-0
+- resolves: RHEL-16509 - Update to libldb-2.8.0 
+
+* Tue Jun 06 2023 Pavel Filipenský <pfilipen@redhat.com> - 2.7.2-3
+- resolves: rhbz#2190427 - Rebuild to trigger distrobaker sync
+
+* Wed May 24 2023 Pavel Filipenský <pfilipen@redhat.com> - 2.7.2-2
+- resolves: rhbz#2190427 - Add missing tests to fix osci.brew-build.tier0.functional
+
+* Thu May 18 2023 Pavel Filipenský <pfilipen@redhat.com> - 2.7.2-1
+- resolves: rhbz#2190427 - Update to version 2.7.2
+
+* Mon Oct 24 2022 Andreas Schneider <asn@redhat.com> - 2.6.1-1
+- resolves: rhbz#2132052 - Update to version 2.6.1
+
+* Thu Aug 11 2022 Andreas Schneider <asn@redhat.com> - 2.5.2-2
+- resolves: rhbz#2108998 - Rebuild to include python3-ldb-devel in CRB
+
+* Wed Jul 27 2022 Andreas Schneider <asn@redhat.com> - 2.5.2-1
+- Rebase to version 2.5.2
+- resolves: rhbz#2109016 - Fix CVE-2022-32746
+
+* Mon Jun 13 2022 Pavel Filipenský <pfilipen@redhat.com> - 2.5.1-1
+- related: rhbz#2077484 - Rebase to version 2.5.1
+
+* Mon May 02 2022 Pavel Filipenský <pfilipen@redhat.com> - 2.5.0-1
+- resolves: rhbz#2077484 - Rebase to version 2.5.0
+
+* Thu Nov 25 2021 Pavel Filipenský <pfilipen@redhat.com> - 2.4.1-1
+- resolves: rhbz#2013605 - Rebase to version 2.4.1
+
+* Tue May 25 2021 Andreas Schneider <asn@redhat.com> - 2.3.0-2
+- related: rhbz#1897082 - Fix libldb tests on ppc64le
+
+* Tue May 11 2021 Andreas Schneider <asn@redhat.com> - 2.3.0-1
+- resolves: rhbz#1945021 - Update to version 2.3.0
+- resolves: rhbz#1897082 - Fix libldb tests on aarch64
+
 * Wed Mar 24 2021 Andreas Schneider <asn@redhat.com> - 2.2.0-2
-* resolves: rhbz#1941515 - Fixed CVE-2021-20277
+* resolves: rhbz#1941516 - Fixed CVE-2021-20277
 
 * Mon Nov 9 2020 Isaac Boukris <iboukris@redhat.com> - 2.2.0-1
 - Resolves: rhbz#1878114 - Rebase libldb to the version required by Samba