Wed Mar 24 16:33:46 2021 UTC ()
ldb: updated to 2.2.1; samba: updated to 4.13.7

                   ==============================
                   Release Notes for Samba 4.13.7
                           March 24, 2021
                   ==============================

This is a follow-up release to depend on the correct ldb version. This is only
needed when building against a system ldb library.

This is a security release in order to address the following defects:

o CVE-2020-27840: Heap corruption via crafted DN strings.
o CVE-2021-20277: Out of bounds read in AD DC LDAP server.

=======
Details
=======

o  CVE-2020-27840:
   An anonymous attacker can crash the Samba AD DC LDAP server by sending easily
   crafted DNs as part of a bind request. More serious heap corruption is likely
   also possible.

o  CVE-2021-20277:
   User-controlled LDAP filter strings against the AD DC LDAP server may crash
   the LDAP server.

For more details, please refer to the security advisories.

Changes since 4.13.6
--------------------

o  Release with dependency on ldb version 2.2.1.


(adam)
diff -r1.19 -r1.20 pkgsrc/databases/ldb/Makefile
diff -r1.10 -r1.11 pkgsrc/databases/ldb/distinfo
diff -r1.116 -r1.117 pkgsrc/net/samba4/Makefile
diff -r1.57 -r1.58 pkgsrc/net/samba4/distinfo
cvs diff -r1.19 -r1.20 pkgsrc/databases/ldb/Makefile (expand / switch to unified diff)

--- pkgsrc/databases/ldb/Makefile 2020/12/04 20:45:04 1.19
+++ pkgsrc/databases/ldb/Makefile 2021/03/24 16:33:46 1.20
@@ -1,18 +1,17 @@ @@ -1,18 +1,17 @@
1# $NetBSD: Makefile,v 1.19 2020/12/04 20:45:04 nia Exp $ 1# $NetBSD: Makefile,v 1.20 2021/03/24 16:33:46 adam Exp $
2 2
3# Before updating, make sure net/samba4 supports the newer version. 3# Before updating, make sure net/samba4 supports the newer version.
4DISTNAME= ldb-2.2.0 4DISTNAME= ldb-2.2.1
5PKGREVISION= 1 
6CATEGORIES= databases 5CATEGORIES= databases
7MASTER_SITES= http://www.samba.org/ftp/ldb/ 6MASTER_SITES= http://www.samba.org/ftp/ldb/
8 7
9MAINTAINER= pkgsrc-users@NetBSD.org 8MAINTAINER= pkgsrc-users@NetBSD.org
10HOMEPAGE= https://ldb.samba.org/ 9HOMEPAGE= https://ldb.samba.org/
11COMMENT= LDAP-like embedded database 10COMMENT= LDAP-like embedded database
12LICENSE= gnu-gpl-v3 11LICENSE= gnu-gpl-v3
13 12
14BUILD_DEPENDS+= libxslt-[0-9]*:../../textproc/libxslt 13BUILD_DEPENDS+= libxslt-[0-9]*:../../textproc/libxslt
15BUILD_DEPENDS+= docbook-xsl-[0-9]*:../../textproc/docbook-xsl 14BUILD_DEPENDS+= docbook-xsl-[0-9]*:../../textproc/docbook-xsl
16 15
17PYTHON_VERSIONS_INCOMPATIBLE= 27 16PYTHON_VERSIONS_INCOMPATIBLE= 27
18 17
cvs diff -r1.10 -r1.11 pkgsrc/databases/ldb/distinfo (expand / switch to unified diff)

--- pkgsrc/databases/ldb/distinfo 2020/11/12 06:26:57 1.10
+++ pkgsrc/databases/ldb/distinfo 2021/03/24 16:33:46 1.11
@@ -1,9 +1,9 @@ @@ -1,9 +1,9 @@
1$NetBSD: distinfo,v 1.10 2020/11/12 06:26:57 adam Exp $ 1$NetBSD: distinfo,v 1.11 2021/03/24 16:33:46 adam Exp $
2 2
3SHA1 (ldb-2.2.0.tar.gz) = 7c6d0827a20195636fcd84d713eea278d39064d4 3SHA1 (ldb-2.2.1.tar.gz) = c334d5a398b7a61c003d3cefbdb5736c49f0013c
4RMD160 (ldb-2.2.0.tar.gz) = 17a28ffab01db86619fe28917b184d104863af20 4RMD160 (ldb-2.2.1.tar.gz) = 0949458a58ca2c9905574a8f9626501d37e13c2f
5SHA512 (ldb-2.2.0.tar.gz) = 3814078a51d2110eeda291ac859c0027df88475812bd6b5f2ce8f8f50aba9c84faced97c37aa1f45e406783a8df97c60ae778df897bb0e89ba3ac8568acced69 5SHA512 (ldb-2.2.1.tar.gz) = a2b1598869e3d9f17c5b82fc2b7289f1f08a7378a1d72609af5ed5cc91fb571ac67d3a8c22d64dad5dcc9fe32520baccd5cc37d5b4fc5f1b00a7064902296344
6Size (ldb-2.2.0.tar.gz) = 1676551 bytes 6Size (ldb-2.2.1.tar.gz) = 1676819 bytes
7SHA1 (patch-buildtools_wafsamba_samba__conftests.py) = 813c639e404e3b301444decae318c702c87f0cc1 7SHA1 (patch-buildtools_wafsamba_samba__conftests.py) = 813c639e404e3b301444decae318c702c87f0cc1
8SHA1 (patch-buildtools_wafsamba_samba__install.py) = d801340617da325e3bb70a90350e45cc8e383c2d 8SHA1 (patch-buildtools_wafsamba_samba__install.py) = d801340617da325e3bb70a90350e45cc8e383c2d
9SHA1 (patch-buildtools_wafsamba_samba__utils.py) = 0a587421870c1974175fadbb02dde215f35938f2 9SHA1 (patch-buildtools_wafsamba_samba__utils.py) = 0a587421870c1974175fadbb02dde215f35938f2
cvs diff -r1.116 -r1.117 pkgsrc/net/samba4/Makefile (expand / switch to unified diff)

--- pkgsrc/net/samba4/Makefile 2021/03/20 19:27:35 1.116
+++ pkgsrc/net/samba4/Makefile 2021/03/24 16:33:46 1.117
@@ -1,16 +1,16 @@ @@ -1,16 +1,16 @@
1# $NetBSD: Makefile,v 1.116 2021/03/20 19:27:35 adam Exp $ 1# $NetBSD: Makefile,v 1.117 2021/03/24 16:33:46 adam Exp $
2 2
3DISTNAME= samba-4.13.5 3DISTNAME= samba-4.13.7
4CATEGORIES= net 4CATEGORIES= net
5MASTER_SITES= https://download.samba.org/pub/samba/stable/ 5MASTER_SITES= https://download.samba.org/pub/samba/stable/
6 6
7MAINTAINER= pkgsrc-users@NetBSD.org 7MAINTAINER= pkgsrc-users@NetBSD.org
8HOMEPAGE= https://www.samba.org/ 8HOMEPAGE= https://www.samba.org/
9COMMENT= SMB/CIFS protocol server suite 9COMMENT= SMB/CIFS protocol server suite
10LICENSE= gnu-gpl-v3 10LICENSE= gnu-gpl-v3
11 11
12CONFLICTS+= ja-samba-[0-9]* winbind-[0-9]* 12CONFLICTS+= ja-samba-[0-9]* winbind-[0-9]*
13 13
14PYTHON_VERSIONS_INCOMPATIBLE= 27 14PYTHON_VERSIONS_INCOMPATIBLE= 27
15 15
16GCC_REQD+= 4.4 16GCC_REQD+= 4.4
@@ -196,27 +196,27 @@ REPLACE_PERL+= script/*.pl @@ -196,27 +196,27 @@ REPLACE_PERL+= script/*.pl
196REPLACE_PERL+= source3/script/*.pl 196REPLACE_PERL+= source3/script/*.pl
197REPLACE_PERL+= source4/build/pasn1/pasn1.pl 197REPLACE_PERL+= source4/build/pasn1/pasn1.pl
198REPLACE_PERL+= source4/script/*.pl 198REPLACE_PERL+= source4/script/*.pl
199REPLACE_PERL+= third_party/nss_wrapper/nss_wrapper.pl 199REPLACE_PERL+= third_party/nss_wrapper/nss_wrapper.pl
200REPLACE_PYTHON+= buildtools/bin/waf 200REPLACE_PYTHON+= buildtools/bin/waf
201REPLACE_PYTHON+= source4/setup/wscript_build 201REPLACE_PYTHON+= source4/setup/wscript_build
202REPLACE_PYTHON+= source4/scripting/bin/* 202REPLACE_PYTHON+= source4/scripting/bin/*
203 203
204.if "${OPSYS}" == "Linux" 204.if "${OPSYS}" == "Linux"
205.include "../../devel/libuuid/buildlink3.mk" 205.include "../../devel/libuuid/buildlink3.mk"
206.endif 206.endif
207.include "../../archivers/libarchive/buildlink3.mk" 207.include "../../archivers/libarchive/buildlink3.mk"
208.include "../../converters/libiconv/buildlink3.mk" 208.include "../../converters/libiconv/buildlink3.mk"
209BUILDLINK_API_DEPENDS.ldb+= ldb>=2.2.0 209BUILDLINK_API_DEPENDS.ldb+= ldb>=2.2.1
210.include "../../databases/ldb/buildlink3.mk" 210.include "../../databases/ldb/buildlink3.mk"
211.include "../../databases/lmdb/buildlink3.mk" 211.include "../../databases/lmdb/buildlink3.mk"
212.include "../../devel/cmocka/buildlink3.mk" 212.include "../../devel/cmocka/buildlink3.mk"
213.include "../../devel/gettext-lib/buildlink3.mk" 213.include "../../devel/gettext-lib/buildlink3.mk"
214.include "../../devel/popt/buildlink3.mk" 214.include "../../devel/popt/buildlink3.mk"
215.include "../../devel/readline/buildlink3.mk" 215.include "../../devel/readline/buildlink3.mk"
216BUILDLINK_API_DEPENDS.talloc+= talloc>=2.2.0 216BUILDLINK_API_DEPENDS.talloc+= talloc>=2.2.0
217.include "../../devel/talloc/buildlink3.mk" 217.include "../../devel/talloc/buildlink3.mk"
218.include "../../devel/tevent/buildlink3.mk" 218.include "../../devel/tevent/buildlink3.mk"
219.include "../../devel/zlib/buildlink3.mk" 219.include "../../devel/zlib/buildlink3.mk"
220.include "../../lang/python/application.mk" 220.include "../../lang/python/application.mk"
221.include "../../lang/python/extension.mk" 221.include "../../lang/python/extension.mk"
222.include "../../security/gnutls/buildlink3.mk" 222.include "../../security/gnutls/buildlink3.mk"
cvs diff -r1.57 -r1.58 pkgsrc/net/samba4/distinfo (expand / switch to unified diff)

--- pkgsrc/net/samba4/distinfo 2021/03/20 19:27:35 1.57
+++ pkgsrc/net/samba4/distinfo 2021/03/24 16:33:46 1.58
@@ -1,19 +1,19 @@ @@ -1,19 +1,19 @@
1$NetBSD: distinfo,v 1.57 2021/03/20 19:27:35 adam Exp $ 1$NetBSD: distinfo,v 1.58 2021/03/24 16:33:46 adam Exp $
2 2
3SHA1 (samba-4.13.5.tar.gz) = abdfc52c7326e30508a6167d5e3e9256e17e1980 3SHA1 (samba-4.13.7.tar.gz) = c9c2238b04cc2e93054628fcdf82335c6ca51967
4RMD160 (samba-4.13.5.tar.gz) = 8148c4debd7c56693676b405970306ce7cf8b695 4RMD160 (samba-4.13.7.tar.gz) = e1baf0f450814cece012c00514f8abe2d9e35cb6
5SHA512 (samba-4.13.5.tar.gz) = 4187337fecf60fa133c6e81e894634f36028d34ccc521e5e856a5736a4f58fc2ad2cd136a206d141f17f7bc519a6168a27e83705fb2d38559667a60b24ad1c1f 5SHA512 (samba-4.13.7.tar.gz) = eac0c0b60d50591ecd8e730bd6f24ec3d5731a9dd4172640259d841cca988f20265e5a57967a070713ab7b4bd95766a21247cc8e6b32177b79eb766520a3288a
6Size (samba-4.13.5.tar.gz) = 18426722 bytes 6Size (samba-4.13.7.tar.gz) = 18432921 bytes
7SHA1 (patch-buildtools_wafsamba_samba__conftests.py) = d927db17124d2bb5b382885e70a41f84c3929926 7SHA1 (patch-buildtools_wafsamba_samba__conftests.py) = d927db17124d2bb5b382885e70a41f84c3929926
8SHA1 (patch-buildtools_wafsamba_samba__install.py) = d801340617da325e3bb70a90350e45cc8e383c2d 8SHA1 (patch-buildtools_wafsamba_samba__install.py) = d801340617da325e3bb70a90350e45cc8e383c2d
9SHA1 (patch-buildtools_wafsamba_samba__pidl.py) = e4c0ed3dacfcf5613a5b397b3c6cf88509497da7 9SHA1 (patch-buildtools_wafsamba_samba__pidl.py) = e4c0ed3dacfcf5613a5b397b3c6cf88509497da7
10SHA1 (patch-buildtools_wafsamba_samba__utils.py) = 0a587421870c1974175fadbb02dde215f35938f2 10SHA1 (patch-buildtools_wafsamba_samba__utils.py) = 0a587421870c1974175fadbb02dde215f35938f2
11SHA1 (patch-buildtools_wafsamba_wscript) = 0ca4c3a9d2e07f9165784e495f6f6b2b21db2758 11SHA1 (patch-buildtools_wafsamba_wscript) = 0ca4c3a9d2e07f9165784e495f6f6b2b21db2758
12SHA1 (patch-dynconfig_wscript) = 1858e5fcca913f21aa3e7868d9760b9c40c9f5c4 12SHA1 (patch-dynconfig_wscript) = 1858e5fcca913f21aa3e7868d9760b9c40c9f5c4
13SHA1 (patch-lib_param_loadparm.h) = 0216b69d33d1e17260a446e11bee764116c52b18 13SHA1 (patch-lib_param_loadparm.h) = 0216b69d33d1e17260a446e11bee764116c52b18
14SHA1 (patch-lib_pthreadpool_pthreadpool.c) = c29490473063d6bdbe5c50780a21bf2869ae959f 14SHA1 (patch-lib_pthreadpool_pthreadpool.c) = c29490473063d6bdbe5c50780a21bf2869ae959f
15SHA1 (patch-lib_replace_system_passwd.h) = 652be067b2560310ce3a4bbf37c24cb2fa8eb82d 15SHA1 (patch-lib_replace_system_passwd.h) = 652be067b2560310ce3a4bbf37c24cb2fa8eb82d
16SHA1 (patch-lib_replace_wscript) = 2a754e7310850b376d5881b82a8467041284fce9 16SHA1 (patch-lib_replace_wscript) = 2a754e7310850b376d5881b82a8467041284fce9
17SHA1 (patch-lib_tdb_common_mutex.c) = 12dbcf870e6ba17ef7f92a8ce7f0b7462f820232 17SHA1 (patch-lib_tdb_common_mutex.c) = 12dbcf870e6ba17ef7f92a8ce7f0b7462f820232
18SHA1 (patch-lib_tevent_tevent.c) = 4a20506e2bfbab85bad664299b884575326e73fd 18SHA1 (patch-lib_tevent_tevent.c) = 4a20506e2bfbab85bad664299b884575326e73fd
19SHA1 (patch-lib_tevent_tevent__threads.c) = 14867888dd0b7c4613914752ab368c39bfdbb943 19SHA1 (patch-lib_tevent_tevent__threads.c) = 14867888dd0b7c4613914752ab368c39bfdbb943