dpkg (1.16.17) wheezy-security; urgency=high
[ Guillem Jover ]
* Fix an off-by-one write access in dpkg-deb when parsing the .deb magic.
Reported by Jacek Wielemborek <d33tah@gmail.com>. Closes: #798324
* Fix an off-by-one write access in dpkg-deb when parsing the old format
.deb control member size. Thanks to Hanno Böck <hanno@hboeck.de>.
Fixes CVE-2015-0860.
* Fix an off-by-one read access in dpkg-deb when parsing ar member names.
Thanks to Hanno Böck <hanno@hboeck.de>.
[ Updated programs translations ]
* Catalan (Jordi Mallach).
[ Updated man page translations ]
* Fix incorrect translation in German (Helge Kreutzmann)
-- Guillem Jover <guillem@debian.org> Wed, 25 Nov 2015 22:34:58 +0100
dpkg (1.16.16) wheezy-security; urgency=high
[ Guillem Jover ]
* Do not leak long tar names on bogus or truncated archives.
* Do not leak the filepackages iterator when a directory is used by other
packages.
* Do not leak color string on «dselect --color».
* Fix memory leaks when parsing alternatives.
* Fix memory leaks in buffer_copy() on error conditions.
* Fix possible out of bounds buffer read access in the error output on
bogus ar member sizes.
* Fix file triggers/Unincorp descriptor leak on subprocesses. Regression
introduced with the initial triggers implementation in dpkg 1.14.17.
Closes: #751021
* Fix a descriptor leak on dselect subprocesses when --debug is used.
* Do not run qsort() over the scandir() list in libcompat if it is NULL.
* Fix off-by-one stack buffer overrun in start-stop-daemon on GNU/Linux and
GNU/kFreeBSD if the executable pathname is longer than _POSIX_PATH_MAX.
Although this should not have security implications as the buffer is
surrounded by two arrays (so those catch accesses even if the stack
grows up or down), and we are compiling with -fstack-protector anyway.
* Add a workaround to start-stop-daemon for bogus OpenVZ Linux kernels that
prepend, instead of appending, the " (deleted)" marker in /proc/PID/exe.
Closes: #731530
* Fix off-by-one error in libdpkg command argv size calculation.
Based on a patch by Bálint Réczey <balint@balintreczey.hu>. Closes: #760690
* Escape package and architecture names on control file parsing warning,
as those get injected into a variable that is used as a format string,
and they come from the package fields, which are under user control.
Regression introduced in dpkg 1.16.0. Fixes CVE-2014-8625. Closes: #768485
Reported by Joshua Rogers <megamansec@gmail.com>.
* Do not match partial field names in control files. Closes: #769119
Regression introduced in dpkg 1.10.
* Fix out-of-bounds buffer read accesses when parsing field and trigger
names or checking package ownership of conffiles and directories.
Reported by Joshua Rogers <megamansec@gmail.com>.
* Add powerpcel support to cputable. Thanks to Jae Junh <jaejunh@embian.com>.
* Fix OpenPGP Armor Header Line parsing in Dpkg::Control::Hash. We should
only accept [\r\t ] as trailing whitespace, although RFC4880 does not
clarify what whitespace really maps to, we should really match the GnuPG
implementation anyway, as that's what we use to verify the signatures.
Reported by Jann Horn <jann@thejh.net>. Fixes CVE-2015-0840.
[ Raphaël Hertzog ]
* Drop myself from Uploaders.
[ Updated scripts translations ]
* Fix typos in German (Helge Kreutzmann)
* Swedish (Peter Krefting).
[ Updated man page translations ]
* Fix typos in German (Helge Kreutzmann)
* Swedish (Peter Krefting).
-- Guillem Jover <guillem@debian.org> Thu, 09 Apr 2015 08:45:47 +0200
dpkg (1.16.15) wheezy-security; urgency=high
[ Guillem Jover ]
* Test suite:
- Add test cases for Dpkg::Source::Patch CVE-2014-0471 and CVE-2014-3127.
- Add test case for patch disabling hunks; not security sensitive.
* Correctly parse patch headers in Dpkg::Source::Patch, to avoid directory
traversal attempts from hostile source packages when unpacking them.
Reported by Javier Serrano Polo <javier@jasp.net> as an unspecified
directory traversal; meanwhile also independently found by me both
#749183 and what was supposed to be #746498, which was later on published
and ended up being just a subset of the other non-reported issue.
Fixes CVE-2014-3864 and CVE-2014-3865. Closes: #746498, #749183
[ Updated programs translations ]
* Merge translated strings from master.
[ Updated scripts translations ]
* German (Helge Kreutzmann).
[ Updated man page translations ]
* Merge translated strings from master.
* Unfuzzy or update trivial translations (Guillem Jover).
-- Guillem Jover <guillem@debian.org> Thu, 05 Jun 2014 22:24:36 +0200
dpkg (1.16.14) wheezy-security; urgency=high
[ Guillem Jover ]
* Do not allow patch files with C-style encoded filenames. Closes: #746306
Fixes CVE-2014-3127 and unconditionally fixes CVE-2014-0471.
Reported by Javier Serrano Polo <javier@jasp.net>.
[ Updated scripts translations ]
* German (Helge Kreutzmann).
[ Updated man page translations ]
* German (Helge Kreutzmann).
-- Guillem Jover <guillem@debian.org> Wed, 30 Apr 2014 08:14:16 +0200
dpkg (1.16.13) wheezy-security; urgency=high
[ Guillem Jover ]
* Do not NULL-terminate the list in the compat scandir(), as this might
cause a segfault in case the function returns 0 entries.
* Do not generate perl warnings on undef versions in
Dpkg::Deps::deps_compare(). See: #737731
* Do not overwrite triplet mappings with latter matches in Dpkg::Arch.
Required for the new mipsn32(el) and mips64(el) architecture entries.
* Add support for mipsn32(el) and mips64(el) to arch tables.
Thanks to YunQiang Su <wzssyqa@gmail.com>. Closes: #685096, #707323
* Add ppc64el support to cputable. Closes: #718945
Thanks to Jeff Bailey <jeffbailey@google.com>.
* Add OpenRISC or1k support to cputable.
Thanks to Christian Svensson <christian@cmd.nu>. Closes: #736717
* Clarify that dpkg --set-selections needs an up-to-date available db,
by documenting it on the dpkg(1) man page, and warning whenever dpkg
finds unknown packages while setting the selections. Closes: #703092
* Improve documentation on how to update the available database before
setting package selections. Suggested by Klaus Ita <koki.eml@gmail.com>.
* Recognize «start-stop-daemon -C» as documented. Closes: #719746
Reported by Brian S. Julin <bri@abrij.org>.
* Correctly parse C-style diff filenames in Dpkg::Source::Patch, to avoid
directory traversal attempts from hostile source packages when unpacking
them. Reported by Jakub Wilk <jwilk@debian.org>. Fixes CVE-2014-0471.
[ Updated scripts translations ]
* Fix a typo in the German scripts translation.
[ Updated man page translations ]
* Fix and unify translation in German man pages.
-- Guillem Jover <guillem@debian.org> Fri, 25 Apr 2014 04:38:33 +0200
dpkg (1.16.12) stable; urgency=low
* Fix value caching in Dpkg::Arch by not shadowing the variables.
Closes: #724949
-- Guillem Jover <guillem@debian.org> Mon, 30 Sep 2013 16:52:37 +0200
dpkg (1.16.11) stable; urgency=low
[ Raphaël Hertzog ]
* Fix usage of non-existent _() function in multiple places of the Perl
code. Thanks to Lincoln Myers <lincoln@netapp.com> for the patch.
Closes: #708607
[ Guillem Jover ]
* Fix chmod() arguments order in Dpkg::Source::Quilt. Closes: #710265
Thanks to Pablo Oliveira <pablo@sifflez.org>.
* Only ignore older packages if the existing version is informative. This
allows any program using libdpkg to parse the available file to see again
packages with versions lesser than 0-0 (like 0~0-0). Closes: #676664
* Fix use after free in dpkg_arch_load_list() on libdpkg.
Reported by Pedro Ribeiro <pedrib@gmail.com>.
[ Updated programs translations ]
* Vietnamese (Trần Ngọc Quân). Closes: #715334
[ Added man page translations ]
* Italian (Beatrice Torracca). Closes: #711647
[ Updated man page translations ]
* Japanese (TAKAHASHI Motonobu). Closes: #704240
-- Guillem Jover <guillem@debian.org> Mon, 23 Sep 2013 16:51:18 +0200
2.010 2015-12-15T07:35:57Z
* Sync latest dependencies in build and module files
* Promote to a developer release
2.09_02 - Mon Aug 31 02:24:10 2015
* Have a simple fallback for parsing XML if Mojo::DOM isn't there
2.09_01 2015-08-31T05:59:56Z
* Fix for new xISBN responses that have whitespace inside the
opening tag.
* Use Mojo::DOM to parse XML and Mojo::UserAgent to fetch xISBN.
* You can still use LWP::UserAgent to fetch data.
Overview of Changes from GTK+ 2.24.28 to 2.24.29
================================================
* OS X:
- Partial aspect ratio support
* Bug fixes:
345345 PrintOperation::paginate is not emitted for class handler
745127 Changing order of file in "Places" crashes the application
749507 gtk-2.0.m4 fails to detect a prefixed pkg-config
752638 notebook tab dragging doesn't work on Quartz (patches...
753644 Switching from Multipress input method to None immedi...
753691 make install -j2 fails when building for MinGW
753992 im-quartz discard_preedit segmentation fault
754046 annotate gtk_color_button_get_color
* Translation updates:
Occitan
This license is catalogued as a free software license by FSF compatible
with GPL.
There is a warning on 'attacking the program with a patent'.
https://www.gnu.org/licenses/license-list.html#CeCILL
Discussed with pkgsrc-pmc@.
libvisio 0.1.4
- Implement overriding of colour of lines and of text from layer
properties (tdf#50309, tdf#68392) and the visibility and/or
printability of a layer.
- Fix incorrect handling of stencil text (tdf#90154).
- Basic initial implementation of hatch fill (tdf#44552, tdf#76835).
- Implement support of bullets/lists (tdf#92349)
- Implement support of default tab-stops and custom tab-sets in
paragraph properties.
- Fix for reading of names of pages if present.
- Fix build with boost 1.59.
- Instead of line-break, spit out a new paragraph when a paragraph break
is found
libcdr 0.1.2
* Fix various crashes and hangs when reading broken files found with the
help of american-fuzzy-lop.
* Fix build with boost 1.59. (rhbz#1258127)
* Fix various problems detected by Coverity.
* Do not drop empty text lines. (tdf#67873)
* Make --help output of all command line tools more help2man-friendly.
* Several other small improvements.
4.0.6 Removed a file x.py accidentally entered in the tarball (2015/12/11)
4.0.5 Documented a quirk signaled by David Goldstein when writing decorators
for functions with keyword arguments. Avoided copying the globals,
as signaled by Benjamin Peterson (2015/12/09)
4.0.4 Included a patch from Zev Benjamin: now decorated functions play well
with cProfile (2015/09/25)
4.0.3 Added a warning about the memoize example, as requested by Robert
Buchholz (2015/09/25)
2.47
New Features
* A new tool to easily export and import all calibre data -- books,
settings and plugins
* Get Books: Add plugins for Amazon Australia and Amazon India.
Also restore the Amazon EU plugins.
Bug Fixes
* PDF Input: Fix conversion of PDF documents that contain ASCII
control codes in their outlines not working.
* Edit book: Fix image compression utilities opening a new console
per invocation on windows
* Image compression: If the compression tools return a zero byte
image ignore it and use the original image
* Fix a regression that caused book titles in the Book Details
panel to become clickable
2.46
New Features
PDF Input: Add support for PDF outlines (bookmarks), if present, they are used as the metadata Table of Contents.
Book polishing: Add tool to losslessly compress images in the book in order to reduce its filesize, without affecting image quality
Edit Book: Add a new tool to compress images in the book losslessly, accessed from the Tools menu
Kobo driver: add support for new Kobo firmware
Bulk metadata edit dialog: Allow entering fractional numbers into the series number start with control.
Speed up moving libraries by using hardlinks instead of file copies when moving to a location on the same filesystem
Get Books: Disable the Amazon EU stores, at Amazon's request
Bug Fixes
Fix moving libraries via calibre leaving behind a copy of the metadata_db_prefs_backup.json file in the original library folder
MOBI Input: Warn about corrupted trailing data entries, instead of aborting. Getting some, even partially corrupted text is better than no text.
Book details: Fix single value custom text column not clickable.
Saving to disk: Fix custom date column being rendered in GMT instead of the local time zone when used in a save to disk template.
=============================
Release Notes for Samba 4.3.3
December 16, 2015
=============================
This is a security release in order to address the following CVEs:
o CVE-2015-3223 (Denial of service in Samba Active Directory
server)
o CVE-2015-5252 (Insufficient symlink verification in smbd)
o CVE-2015-5299 (Missing access control check in shadow copy
code)
o CVE-2015-5296 (Samba client requesting encryption vulnerable
to downgrade attack)
o CVE-2015-8467 (Denial of service attack against Windows
Active Directory server)
o CVE-2015-5330 (Remote memory read in Samba LDAP server)
Please note that if building against a system libldb, the required
version has been bumped to ldb-1.1.24. This is needed to ensure
we build against a system ldb library that contains the fixes
for CVE-2015-5330 and CVE-2015-3223.
=======
Details
=======
o CVE-2015-3223:
All versions of Samba from 4.0.0 to 4.3.2 inclusive (resp. all
ldb versions up to 1.1.23 inclusive) are vulnerable to
a denial of service attack in the samba daemon LDAP server.
A malicious client can send packets that cause the LDAP server in the
samba daemon process to become unresponsive, preventing the server
from servicing any other requests.
This flaw is not exploitable beyond causing the code to loop expending
CPU resources.
o CVE-2015-5252:
All versions of Samba from 3.0.0 to 4.3.2 inclusive are vulnerable to
a bug in symlink verification, which under certain circumstances could
allow client access to files outside the exported share path.
If a Samba share is configured with a path that shares a common path
prefix with another directory on the file system, the smbd daemon may
allow the client to follow a symlink pointing to a file or directory
in that other directory, even if the share parameter "wide links" is
set to "no" (the default).
o CVE-2015-5299:
All versions of Samba from 3.2.0 to 4.3.2 inclusive are vulnerable to
a missing access control check in the vfs_shadow_copy2 module. When
looking for the shadow copy directory under the share path the current
accessing user should have DIRECTORY_LIST access rights in order to
view the current snapshots.
This was not being checked in the affected versions of Samba.
o CVE-2015-5296:
Versions of Samba from 3.2.0 to 4.3.2 inclusive do not ensure that
signing is negotiated when creating an encrypted client connection to
a server.
Without this a man-in-the-middle attack could downgrade the connection
and connect using the supplied credentials as an unsigned, unencrypted
connection.
o CVE-2015-8467:
Samba, operating as an AD DC, is sometimes operated in a domain with a
mix of Samba and Windows Active Directory Domain Controllers.
All versions of Samba from 4.0.0 to 4.3.2 inclusive, when deployed as
an AD DC in the same domain with Windows DCs, could be used to
override the protection against the MS15-096 / CVE-2015-2535 security
issue in Windows.
Prior to MS16-096 it was possible to bypass the quota of machine
accounts a non-administrative user could create. Pure Samba domains
are not impacted, as Samba does not implement the
SeMachineAccountPrivilege functionality to allow non-administrator
users to create new computer objects.
o CVE-2015-5330:
All versions of Samba from 4.0.0 to 4.3.2 inclusive (resp. all
ldb versions up to 1.1.23 inclusive) are vulnerable to
a remote memory read attack in the samba daemon LDAP server.
A malicious client can send packets that cause the LDAP server in the
samba daemon process to return heap memory beyond the length of the
requested value.
This memory may contain data that the client should not be allowed to
see, allowing compromise of the server.
The memory may either be returned to the client in an error string, or
stored in the database by a suitabily privileged user. If untrusted
users can create objects in your database, please confirm that all DN
and name attributes are reasonable.
Changes since 4.3.2:
--------------------
o Andrew Bartlett <abartlet@samba.org>
* BUG 11552: CVE-2015-8467: samdb: Match MS15-096 behaviour for
userAccountControl.
o Jeremy Allison <jra@samba.org>
* BUG 11325: CVE-2015-3223: Fix LDAP \00 search expression attack DoS.
* BUG 11395: CVE-2015-5252: Fix insufficient symlink verification (file
access outside the share).
* BUG 11529: CVE-2015-5299: s3-shadow-copy2: Fix missing access check on
snapdir.
o Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
* BUG 11599: CVE-2015-5330: Fix remote read memory exploit in LDB.
o Stefan Metzmacher <metze@samba.org>
* BUG 11536: CVE-2015-5296: Add man in the middle protection when forcing
smb encryption on the client side.
Fri Dec 18 15:54:50 CET 2015
Releasing libmicrohttpd 0.9.48. -CG
Tue Dec 15 18:35:55 CET 2015
Improved compatibility with VS2010 and other older
compilers. -EG
Tue Dec 8 21:48:44 CET 2015
Default backlog size for listen socket was changed from
32 to SOMAXCONN, added new option MHD_OPTION_LISTEN_BACKLOG_SIZE
to override default backlog size.
If not all connections can be handled by MHD_select() than
at least some of connections will be processed instead of
failing without any processing.
Fixed redefenition of FD_SETSIZE on W32 so select() will
work with 2000 connections instead of 64.
Better handled redefenition of FD_SETSIZE on all
platforms. -EG
Sat Dec 5 17:30:45 CET 2015
Close sockets more aggressively in multi-threaded
mode (possibly relevant for idle servers). -CG
