==============================
Release Notes for Samba 4.13.7
March 24, 2021
==============================
This is a follow-up release to depend on the correct ldb version. This is only
needed when building against a system ldb library.
This is a security release in order to address the following defects:
o CVE-2020-27840: Heap corruption via crafted DN strings.
o CVE-2021-20277: Out of bounds read in AD DC LDAP server.
=======
Details
=======
o CVE-2020-27840:
An anonymous attacker can crash the Samba AD DC LDAP server by sending easily
crafted DNs as part of a bind request. More serious heap corruption is likely
also possible.
o CVE-2021-20277:
User-controlled LDAP filter strings against the AD DC LDAP server may crash
the LDAP server.
For more details, please refer to the security advisories.
Changes since 4.13.6
--------------------
o Release with dependency on ldb version 2.2.1.
installed, anyway, resulting in a PLIST error.
ldb's snazzy little build system has no official configuration option
for this, so we reach in and flick the switch by hand.
pkglint -r --network --only "migrate"
As a side-effect of migrating the homepages, pkglint also fixed a few
indentations in unrelated lines. These and the new homepages have been
checked manually.
ldb is a LDAP-like embedded database. It is not at all LDAP standards
compliant, so if you want a standards compliant database then please see the
excellent OpenLDAP project.
What ldb does is provide a fast database with an LDAP-like API designed to be
used within an application. In some ways it can be seen as a intermediate
solution between key-value pair databases and a real LDAP database.
ldb is the database engine used in Samba4.
Features:
* The main features that separate ldb from other solutions are:
* Safe multi-reader, multi-writer, using byte range locking
* LDAP-like API
* fast operation
* choice of local tdb or remote LDAP backends
* integration with talloc
* schema-less operation, for trivial setup
* modules for extensions (such as schema support)
* easy setup of indexes and attribute properties
* LDIF for import/export
* ldbedit tool for database (via LDIF) editing (reminiscent of 'vipw')
