Performing substitutions during post-patch breaks tools such as mkpatches,
making it very difficult to regenerate correct patches after making changes,
and often leading to substituted string replacements being committed.
This should be the last part of the renaming operation for print/cups to
print/cups-base.
Rationale: packages depending on CUPS but not relying on a functional
printing setup only need to depend on print/cups-base (equivalent to the
former print/cups). The new print/cups now depends on print/cups-base
and on print/cups-filters, thus directly providing a functional printing
setup. This bump reflects this change of dependency.
As discussed on tech-pkg@
This is with the notable exception of meta-pkgs/desktop-gnome, which I
believe implies a fully functional cups.
This is still missing revision bumps - I'll be right there (first time I
am doing this on so many packages at a time).
As discussed on tech-pkg@
NetBSD's libc and Samba both proide SHA2 function with the same
protoype, but with different private context structures. The
Samba version must not override the libc version, otherwise they
are used when using LDAP/SSL, through libldap/libssl/libcrypto
but libcrtypo expect to use the libc flavor.
Without this fix, Samba cannot connect to a LDAP directory that
has a SHA2-signed certificate. This rather cryptic error is raised
in smbd logs:
error:0D0C5006:asn1 encoding routines:ASN1_item_verify:EVP lib
==============================
Release Notes for Samba 3.6.25
February 23, 2015
==============================
This is a security release in order to address CVE-2015-0240 (Unexpected
code execution in smbd).
o CVE-2015-0240:
All versions of Samba from 3.5.0 to 4.2.0rc4 are vulnerable to an
unexpected code execution vulnerability in the smbd file server
daemon.
A malicious client could send packets that may set up the stack in
such a way that the freeing of memory in a subsequent anonymous
netlogon packet could allow execution of arbitrary code. This code
would execute with root privileges.
o CVE-2014-0178:
In preparing a response to an authenticated FSCTL_GET_SHADOW_COPY_DATA
or FSCTL_SRV_ENUMERATE_SNAPSHOTS client request, affected versions of
Samba do not initialize 8 bytes of the 16 byte SRV_SNAPSHOT_ARRAY
response field. The uninitialized buffer is sent back to the client.
A non-default VFS module providing the get_shadow_copy_data_fn() hook
must be explicitly enabled for Samba to process the aforementioned
client requests. Therefore, only configurations with "shadow_copy" or
"shadow_copy2" specified for the "vfs objects" parameter are vulnerable.
==============================
Release Notes for Samba 3.6.24
June 23, 2014
==============================
This is a security release in order to address
CVE-2014-0244 (Denial of service - CPU loop) and
CVE-2014-3493 (Denial of service - Server crash/memory corruption).
o CVE-2014-0244:
All current released versions of Samba are vulnerable to a denial of
service on the nmbd NetBIOS name services daemon. A malformed packet
can cause the nmbd server to loop the CPU and prevent any further
NetBIOS name service.
This flaw is not exploitable beyond causing the code to loop expending
CPU resources.
o CVE-2014-3493:
All current released versions of Samba are affected by a denial of service
crash involving overwriting memory on an authenticated connection to the
smbd file server.
Do it for all packages that
* mention perl, or
* have a directory name starting with p5-*, or
* depend on a package starting with p5-
like last time, for 5.18, where this didn't lead to complaints.
Let me know if you have any this time.
