Navigation:
Browse pkgsrc
(this page)| 2017-11-12 17:03:37 by Pierre Pronchery | Files touched by this commit (35) |
Log message: Bump PKGREVISION on packages depending on CUPS This should be the last part of the renaming operation for print/cups to print/cups-base. Rationale: packages depending on CUPS but not relying on a functional printing setup only need to depend on print/cups-base (equivalent to the former print/cups). The new print/cups now depends on print/cups-base and on print/cups-filters, thus directly providing a functional printing setup. This bump reflects this change of dependency. As discussed on tech-pkg@ |
| 2017-11-12 16:37:00 by Pierre Pronchery | Files touched by this commit (38) |
Log message: Update dependencies on print/cups to print/cups-base This is with the notable exception of meta-pkgs/desktop-gnome, which I believe implies a fully functional cups. This is still missing revision bumps - I'll be right there (first time I am doing this on so many packages at a time). As discussed on tech-pkg@ |
| 2017-11-11 02:32:47 by John Klos | Files touched by this commit (2) |
Log message: Fixes PR # 52711. Allows installation of package in /usr/local LOCALBASE. |
2017-09-20 17:14:30 by Takahiro Kambe | Files touched by this commit (2) |  |
Log message:
net/samba4: update to 4.6.8, security fix
=============================
Release Notes for Samba 4.6.8
September 20, 2017
=============================
This is a security release in order to address the following defects:
o CVE-2017-12150 (SMB1/2/3 connections may not require signing where they
should)
o CVE-2017-12151 (SMB3 connections don't keep encryption across DFS redirects)
o CVE-2017-12163 (Server memory information leak over SMB1)
=======
Details
=======
o CVE-2017-12150:
A man in the middle attack may hijack client connections.
o CVE-2017-12151:
A man in the middle attack can read and may alter confidential
documents transferred via a client connection, which are reached
via DFS redirect when the original connection used SMB3.
o CVE-2017-12163:
Client with write access to a share can cause server memory contents to be
written into a file or printer.
For more details and workarounds, please see the security advisories:
o https://www.samba.org/samba/security/CVE-2017-12150.html
o https://www.samba.org/samba/security/CVE-2017-12151.html
o https://www.samba.org/samba/security/CVE-2017-12163.html
Changes since 4.6.7:
--------------------
o Jeremy Allison <jra@samba.org>
* BUG 12836: s3: smbd: Fix a read after free if a chained SMB1 call goes
async.
* BUG 13020: CVE-2017-12163: s3:smbd: Prevent client short SMB1 write from
writing server memory to file.
o Ralph Boehme <slow@samba.org>
* BUG 12885: s3/smbd: Let non_widelink_open() chdir() to directories
directly.
o Stefan Metzmacher <metze@samba.org>
* BUG 12996: CVE-2017-12151: Keep required encryption across SMB3 dfs
redirects.
* BUG 12997: CVE-2017-12150: Some code path don't enforce smb signing
when they should.
|
| 2017-09-18 08:41:46 by Takahiro Kambe | Files touched by this commit (2) | |
Log message:
net/samba4: update to 4.6.7
4.6.7 (2017/08/09): the latest stable release of the Samba 4.6 release series.
Changes since 4.6.6
---------------------
o Jeremy Allison <jra@samba.org>
* BUG 12836: s3: smbd: Fix a read after free if a chained SMB1 call goes async.
o Andrew Bartlett <abartlet@samba.org>
* BUG 11392: s4-cldap/netlogon: Match Windows 2012R2 and return
NETLOGON_NT_VERSION_5 when version unspecified.
o Ralph Boehme <slow@samba.org>
* BUG 12885: s3/smbd: Let non_widelink_open() chdir() to directories directly.
* BUG 12910: s3/notifyd: Ensure notifyd doesn't return from
smbd_notifyd_init.
o Günther Deschner <gd@samba.org>
* BUG 12840: vfs_fruit: Add fruit:model = <modelname> parametric option.
o David Disseldorp <ddiss@samba.org>
* BUG 12911: vfs_ceph: Fix cephwrap_chdir().
o Dustin L. Howett
* BUG 12720: idmap_ad: Retry query_user exactly once if we get
TLDAP_SERVER_DOWN.
o Thomas Jarosch <thomas.jarosch@intra2net.com>
* BUG 12927: s3: libsmb: Fix use-after-free when accessing pointer *p.
o Volker Lendecke <vl@samba.org>
* BUG 12925: smbd: Fix a connection run-down race condition.
o Stefan Metzmacher <metze@samba.org>
* BUG 12782: winbindd changes the local password and gets
NT_STATUS_WRONG_PASSWORD for the remote change.
* BUG 12890: s3:smbd: consistently use talloc_tos() memory for
rpc_pipe_open_interface().
o Noel Power <noel.power@suse.com>
* BUG 12937: smbcacls: Don't fail against a directory on Windows using SMB2.
o Arvid Requate <requate@univention.de>
* BUG 11392: s4-dsdb/netlogon: Allow missing ntver in cldap ping.
o Garming Sam <garming@catalyst.net.nz>
* BUG 12813: dnsserver: Stop dns_name_equal doing OOB read.
o Andreas Schneider <asn@samba.org>
* BUG 12886: s3:client: The smbspool krb5 wrapper needs negotiate for
authentication.
o Martin Schwenke <martin@meltin.net>
* BUG 12898: ctdb-common: Set close-on-exec when creating PID file.
4.6.6 (2017/07/12): security release in order to address the following defect:
o CVE-2017-11103 (Orpheus' Lyre mutual authentication validation bypass)
Changes since 4.6.5:
---------------------
o Jeffrey Altman <jaltman@secure-endpoints.com>
* BUG 12894: CVE-2017-11103: Orpheus' Lyre KDC-REP service name validation
4.6.5 (2017/06/06): the latest stable release of the Samba 4.6 release series.
Changes since 4.6.4:
---------------------
o Jeremy Allison <jra@samba.org>
* BUG 12804: s3: VFS: Catia: Ensure path name is also converted.
o Christian Ambach <ambi@samba.org>
* BUG 12765: s3:smbcacls add prompt for password.
o Ralph Boehme <slow@samba.org>
* BUG 12562: vfs_acl_xattr|tdb: Ensure create mask is at least 0666 if
ignore_system_acls is set.
* BUG 12702: Wrong sid->uid mapping for SIDs residing in sIDHistory.
* BUG 12749: vfs_fruit: lp_case_sensitive() does not return a bool.
* BUG 12766: s3/smbd: Update exclusive oplock optimisation to the lease area.
* BUG 12798: s3/smbd: Fix exclusive lease optimisation.
o Alexander Bokovoy <ab@samba.org>
* BUG 12751: Allow passing trusted domain password as plain-text to PASSDB
layer.
* BUG 12764: systemd: Fix detection of libsystemd.
o Amitay Isaacs <amitay@gmail.com>
* BUG 12697: ctdb-readonly: Avoid a tight loop waiting for revoke to
complete.
* BUG 12770: ctdb-logging: Initialize DEBUGLEVEL before changing the value.
o Shilpa Krishnareddy <skrishnareddy@panzura.com>
* BUG 12756: notify: Fix ordering of events in notifyd.
o Volker Lendecke <vl@samba.org>
* BUG 12757: idmap_rfc2307: Lookup of more than two SIDs fails.
o Stefan Metzmacher <metze@samba.org>
* BUG 12767: samba-tool: Let 'samba-tool user syncpasswords' report deletions
immediately.
o Doug Nazar <nazard@nazar.ca>
* BUG 12760: s3: smbd: inotify_map_mask_to_filter incorrectly indexes an
array.
o Andreas Schneider <asn@samba.org>
* BUG 12687: vfs_expand_msdfs tries to open the remote address as a file
path.
o Martin Schwenke <martin@meltin.net>
* BUG 12802: 'ctdb nodestatus' incorrectly displays status for all nodes with
wrong exit code.
* BUG 12814: ctdb-common: Fix crash in logging initialisation.
|
| 2017-06-27 15:37:16 by Filip Hajny | Files touched by this commit (3) |
Log message: Substitute SYSCONFDIR assumed by the embedded Heimdal code properly. Fixes calls to e.g. krb5.keytab that were hardcoded to /etc. PKGREVISION++ |
| 2017-06-11 07:26:45 by Tom Spindler | Files touched by this commit (1) |
Log message: if winbindd is enabled, install rc.d script. |
| 2017-06-01 15:30:26 by Johnny C. Lam | Files touched by this commit (21) |
Log message: Use public SHLIB_TYPE instead of private _OPSYS_SHLIB_TYPE. |
| 2017-05-29 02:24:19 by Sebastian Wiedenroth | Files touched by this commit (1) |
Log message: add workaround for https://bugzilla.samba.org/show_bug.cgi?id=12502 fixes build on sunos |
| 2017-05-24 17:51:32 by Havard Eidnes | Files touched by this commit (3) |
Log message:
Update samba4 to version 4.6.4.
Pkgsrc changes:
* Adapt PLIST, new .so installed.
Upstream changes:
Changes since 4.6.3:
---------------------
o Volker Lendecke <vl@samba.org>
* BUG 12780: CVE-2017-7494: Avoid remote code execution from a writable
share.
Changes since 4.6.2:
--------------------
o Michael Adam <obnox@samba.org>
* BUG 12743: s3:vfs:shadow_copy2: vfs_shadow_copy2 fails to list snapshots
from shares with GlusterFS backend.
o Jeremy Allison <jra@samba.org>
* BUG 12559: Fix for Solaris C compiler.
* BUG 12628: s3: locking: Update oplock optimization for the leases era.
* BUG 12693: Make the Solaris C compiler happy.
* BUG 12695: s3: libgpo: Allow skipping GPO objects that don't have the
expected LDAP attributes.
* BUG 12747: Fix buffer overflow caused by wrong use of getgroups.
o Hanno Boeck <hanno@hboeck.de>
* BUG 12746: lib: debug: Avoid negative array access.
* BUG 12748: cleanupdb: Fix a memory read error.
o Ralph Boehme <slow@samba.org>
* BUG 7537: streams_xattr and kernel oplocks results in
NT_STATUS_NETWORK_BUSY.
* BUG 11961: winbindd: idmap_autorid allocates ids for unknown SIDs from
other backends.
* BUG 12565: vfs_fruit: Resource fork open request with
flags=O_CREAT|O_RDONLY.
* BUG 12615: manpages/vfs_fruit: Document global options.
* BUG 12624: lib/pthreadpool: Fix a memory leak.
* BUG 12727: Lookup-domain for well-known SIDs on a DC.
* BUG 12728: winbindd: Fix error handling in rpc_lookup_sids().
* BUG 12729: winbindd: Trigger possible passdb_dsdb initialisation.
o Alexander Bokovoy <ab@samba.org>
* BUG 12611: credentials_krb5: use gss_acquire_cred for client-side GSSAPI
use case.
* BUG 12690: lib/crypto: Implement samba.crypto Python module for RC4.
o Amitay Isaacs <amitay@gmail.com>
* BUG 12697: ctdb-readonly: Avoid a tight loop waiting for revoke to
complete.
* BUG 12723: ctdb_event monitor command crashes if event is not specified.
* BUG 12733: ctdb-docs: Fix documentation of "-n" option to 'ctdb tool'.
o Volker Lendecke <vl@samba.org>
* BUG 12558: smbd: Fix smb1 findfirst with DFS.
* BUG 12610: smbd: Do an early exit on negprot failure.
* BUG 12699: winbindd: Fix substitution for 'template homedir'.
o Stefan Metzmacher <metze@samba.org>
* BUG 12554: s4:kdc: Disable principal based autodetected referral detection.
* BUG 12613: idmap_autorid: Allocate new domain range if the callers knows
the sid is valid.
* BUG 12724: LINKFLAGS_PYEMBED should not contain -L/some/path.
* BUG 12725: PAM auth with WBFLAG_PAM_GET_PWD_POLICY returns wrong policy for
trusted domain.
* BUG 12731: rpcclient: Allow -U'OTHERDOMAIN\user' again.
o Christof Schmitt <cs@samba.org>
* BUG 12725: winbindd: Fix password policy for pam authentication.
o Andreas Schneider <asn@samba.org>
* BUG 12554: s3:gse: Correctly handle external trusts with MIT.
* BUG 12611: auth/credentials: Always set the realm if we set the principal
from the ccache.
* BUG 12686: replace: Include sysmacros.h.
* BUG 12687: s3:vfs_expand_msdfs: Do not open the remote address as a file.
* BUG 12704: s3:libsmb: Only print error message if kerberos use is forced.
* BUG 12708: winbindd: Child process crashes when kerberos-authenticating
a user with wrong password.
o Uri Simchoni <uri@samba.org>
* BUG 12715: vfs_fruit: Office document opens as read-only on macOS due to
CNID semantics.
* BUG 12737: vfs_acl_xattr: Fix failure to get ACL on Linux if memory is
fragmented.
|
New packages: