big enough, resulting into overwriting of stack variables making wmnet
core dump because of segfault. Increase buffer size to avoid that.
Bump to 1.06nb2.
so remove it from package Makefiles. Also move the inclusion of the
buildlink.mk files to the end of the Makefile to just before bsd.pkg.mk
to ensure that any Makefile settings occur before the buildlink.mk files.
This is quite a different package from pkgsrc/devel/p5-LDAP; this one
doesn't require the mozilla ldapsdk, and also seems to be the 'standard'
LDAP interface these days.
WHATS NEW IN Samba 2.2.0a: 23rd June 2001
==========================================
SECURITY FIX
============
This is a security bugfix release for Samba 2.2.0. This release provides the
following two changes *ONLY* from the 2.2.0 release.
1). Fix for the security hole discovered by Michal Zalewski (lcamtuf@bos.bindview.com)
and described in the security advisory below.
2). Fix for the hosts allow/hosts deny parameters not being honoured.
No other changes are being made for this release to ensure a security fix only.
For new functionality (including these security fixes) download Samba 2.2.1
when it is available.
The security advisory follows :
IMPORTANT: Security bugfix for Samba
------------------------------------
June 23rd 2001
Summary
-------
A serious security hole has been discovered in all versions of Samba
that allows an attacker to gain root access on the target machine for
certain types of common Samba configuration.
The immediate fix is to edit your smb.conf configuration file and
remove all occurances of the macro "%m". Replacing occurances of %m
with %I is probably the best solution for most sites.
Details
-------
A remote attacker can use a netbios name containing unix path
characters which will then be substituted into the %m macro wherever
it occurs in smb.conf. This can be used to cause Samba to create a log
file on top of an important system file, which in turn can be used to
compromise security on the server.
The most commonly used configuration option that can be vulnerable to
this attack is the "log file" option. The default value for this
option is VARDIR/log.smbd. If the default is used then Samba is not
vulnerable to this attack.
The security hole occurs when a log file option like the following is
used:
log file = /var/log/samba/%m.log
In that case the attacker can use a locally created symbolic link to
overwrite any file on the system. This requires local access to the
server.
If your Samba configuration has something like the following:
log file = /var/log/samba/%m
Then the attacker could successfully compromise your server remotely
as no symbolic link is required. This type of configuration is very
rare.
The most commonly used log file configuration containing %m is the
distributed in the sample configuration file that comes with Samba:
log file = /var/log/samba/log.%m
in that case your machine is not vulnerable to this attack unless you
happen to have a subdirectory in /var/log/samba/ which starts with the
prefix "log."
Credit
------
Thanks to Michal Zalewski (lcamtuf@bos.bindview.com) for finding this
vulnerability.
New Release
-----------
While we recommend that vulnerable sites immediately change their
smb.conf configuration file to prevent the attack we will also be
making new releases of Samba within the next 24 hours to properly fix
the problem. Please see http://www.samba.org/ for the new releases.
Please report any attacks to the appropriate authority.
The Samba Team
security@samba.org
This is pconsole, the parallel console tool. pconsole was meant as an
interactive administrative shell tool for clusters.
pconsole allows you to connect to each node of your cluster simultaneously,
and you can type your administrative commands in a specialized window that
'multiplies' the input to each of the connections you have opened.
pconsole is best run from within X Windows, although it is possible to
employ it without X (in console mode) as well.
You need to install pconsole on only 1 machine in the cluster, this would
usually be your central administrative node.
pconsole makes use of ssh if possible.
FOO_REQD=1.0 being converted to foo>=1.0, one can now directly specify
the dependency pattern as FOO_DEPENDS=foo>=1.0. This allows things like
JPEG_DEPENDS=jpeg-6b, or fancier expressions like for postgresql-lib.
Change existing FOO_REQD definitions in Makefiles to FOO_DEPENDS.
Changes include:
4.2.1.23, Released Sunday 17 June 2001, changes:
Fixed compilation error in stats-sol.c
4.2.1.22, Released Saturday 16 June 2001, changes:
Darwin / MacOS X support
BeOS support
Improved Irix support
BSD idle-time-submit(tm) support
New SendCPULevel option (BSD, Solaris & Irix only)
Debian init.d script
Alternative to the upchk script added
Fixed compilating error when using the NR_LINUX_UPTIME_WRAPAROUNDS
That's all folks!
Notable changes in reverse order (newest on top):
* mrtg_lib had broken scanning for Ip tables in populateconfcache
this caused reference by IP to break
* new option for mrtg --logging replaces $main::debugfile from 2.9.13.
It can be set to a file which will take all mrtg output. On Win32 it can
also be set to 'eventlog' which will make all mrtg output go to the
eventlog.
* snmpv2 regexp did not match in cfgmaker
* fix for indexmakers extension feature
* improved mrtg logfile format description
* require perl 5.005 for mrtg_lib
* populateconfcache steps across non existing tables gracefully
* in mrtg, handle bigint more carefully and remove excess + from results
as some perls seem to crash on them ...
* check if gd was linked with jpeg and even freetype ...
* if $main::debugfile is set to a writeable filename, all output form mrtg
will go there (Firedeamon Suggenstion)
* SNMP_Session 0.86 added ... lenient_source_port_matching replaces the ad hoc
only_ip_address_matching from mrtg 2.9.11 ... AS/400 folks beware
* added --section=portname to indexmaker
* try to fix IsCounterBroken test in cfgmaker ... just cant find any broken
coutners to test this :-(
* fix for broken --dns-domain in cfgmaker
* fix for broken RouterUptime[] configurable
* fix for broken snmp with returns negative numbers for counters ...
* integrated my SNMP_utils changes into the real thing.
* make sure cfgmaker puts now raw < or > into the PageTop tag
* properly integrated ytics support in rateup
* properly deal with target math resulting in non integer data even when
logging to rateup which can not deal with floats.
* cleanup of rateup.c and some new options -b -a -o -i
* new options for mrtg noborder, noarrow, noi, noo, nobanner and nolegend
check reference.pod for docs.
* generator meta tag to html pages
* add 'only_ip_address_matching' feature to SNMP_Session. We are
more libaral when accepting snmp responses now.
* be more tolerant with external scripts input
* added feature to SNMP_utils: If first snmp var name is a HASH pointer,
the hash contents is used to set snmp options on the connection
* handle descriptions with & in cfgmaker
* added SnmpOptions: command to mrtg.cfg lanuage ... It allows
to set Snmp Options as available in SNMP_Session. Check the reference.txt file.
* test for availability of ifHCInOctets when running cfgmaker for v2 targets
* fixed indexmake image path for situations with Directories
* added option --prefix to indexmaker for people keeping thier index
somewhere else than default.
* honor background option in cfg file for indexmaker pages
* fixed warning in indexmaker (Use of uninitialized value in concatenation <.>
at indexmaker line 174)
* when the integer option was specified, there was still a .x printed in the summary area ...
* mrtg will now timestamp any warning and error message it emits
* fixed threshold processing ... IT REALY WORKS NOW! ...
**** Incompatible CHANGE ****************
ThreshProgOK now gets the same
commandline arguments as the normal ThreshProg ...
**** Incompatible CHANGE ****************
* configurable confcache (.ok) file location
* add <meta http-equiv="Cache-Control" content="no-cache">
to html files as this seems to be more understandable than "Pragma" content="no-cache"
vsftpd is an FTP server, or daemon. The "vs" stands for Very Secure. Obviously
this is not a guarantee, but a reflection that I have written the entire
codebase with security in mind, and carefully designed the program to be
resilient to attack.
Recent evidence suggests that vsftpd is also extremely fast (and this is
before any explicit performance tuning!) In tests against wu-ftpd, vsftpd
was always faster, supporting over twice as many users in some tests.
Package provided by Jacek Latos <vaneth@krasnik.org> in pkg/13208;
minor modifications by me.
entry to prevent finding libncurses and unnecessary patches to configure
script to handle SSL location and probing libcups. Also use FILES_SUBST
instead of repeating a sed script throughout the Makefile.
