Subject: CVS commit: pkgsrc
From: Adam Ciarcinski
Date: 2021-03-24 17:33:46
Message id: 20210324163346.D330AFA95@cvs.NetBSD.org

Log Message:
ldb: updated to 2.2.1; samba: updated to 4.13.7

                   ==============================
                   Release Notes for Samba 4.13.7
                           March 24, 2021
                   ==============================

This is a follow-up release to depend on the correct ldb version. This is only
needed when building against a system ldb library.

This is a security release in order to address the following defects:

o CVE-2020-27840: Heap corruption via crafted DN strings.
o CVE-2021-20277: Out of bounds read in AD DC LDAP server.

=======
Details
=======

o  CVE-2020-27840:
   An anonymous attacker can crash the Samba AD DC LDAP server by sending easily
   crafted DNs as part of a bind request. More serious heap corruption is likely
   also possible.

o  CVE-2021-20277:
   User-controlled LDAP filter strings against the AD DC LDAP server may crash
   the LDAP server.

For more details, please refer to the security advisories.

Changes since 4.13.6
--------------------

o  Release with dependency on ldb version 2.2.1.

Files:
RevisionActionfile
1.20modifypkgsrc/databases/ldb/Makefile
1.11modifypkgsrc/databases/ldb/distinfo
1.117modifypkgsrc/net/samba4/Makefile
1.58modifypkgsrc/net/samba4/distinfo