kpriv/pkgsrc
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity
pkgsrc/net
History
taca d1eee7f719 Update samba to 2.2.0a as samba-2.2.0nb2. Quoting from WHATSNEW.txt: 
WHATS NEW IN Samba 2.2.0a:  23rd June 2001
              ==========================================

SECURITY FIX
============

This is a security bugfix release for Samba 2.2.0. This release provides the
following two changes *ONLY* from the 2.2.0 release.

1). Fix for the security hole discovered by Michal Zalewski (lcamtuf@bos.bindview.com)
    and described in the security advisory below.
2). Fix for the hosts allow/hosts deny parameters not being honoured.

No other changes are being made for this release to ensure a security fix only.
For new functionality (including these security fixes) download Samba 2.2.1
when it is available.

The security advisory follows :


                IMPORTANT: Security bugfix for Samba
                ------------------------------------

June 23rd 2001


Summary
-------

A serious security hole has been discovered in all versions of Samba
that allows an attacker to gain root access on the target machine for
certain types of common Samba configuration.

The immediate fix is to edit your smb.conf configuration file and
remove all occurances of the macro "%m". Replacing occurances of %m
with %I is probably the best solution for most sites.

Details
-------

A remote attacker can use a netbios name containing unix path
characters which will then be substituted into the %m macro wherever
it occurs in smb.conf. This can be used to cause Samba to create a log
file on top of an important system file, which in turn can be used to
compromise security on the server.

The most commonly used configuration option that can be vulnerable to
this attack is the "log file" option. The default value for this
option is VARDIR/log.smbd. If the default is used then Samba is not
vulnerable to this attack.

The security hole occurs when a log file option like the following is
used:

  log file = /var/log/samba/%m.log

In that case the attacker can use a locally created symbolic link to
overwrite any file on the system. This requires local access to the
server.

If your Samba configuration has something like the following:

  log file = /var/log/samba/%m

Then the attacker could successfully compromise your server remotely
as no symbolic link is required. This type of configuration is very
rare.

The most commonly used log file configuration containing %m is the
distributed in the sample configuration file that comes with Samba:

  log file = /var/log/samba/log.%m

in that case your machine is not vulnerable to this attack unless you
happen to have a subdirectory in /var/log/samba/ which starts with the
prefix "log."

Credit
------

Thanks to Michal Zalewski (lcamtuf@bos.bindview.com) for finding this
vulnerability.


New Release
-----------

While we recommend that vulnerable sites immediately change their
smb.conf configuration file to prevent the attack we will also be
making new releases of Samba within the next 24 hours to properly fix
the problem. Please see http://www.samba.org/ for the new releases.

Please report any attacks to the appropriate authority.

        The Samba Team
        security@samba.org
2001-06-24 07:55:22 +00:00
..
6to4 Add this pkg to README-IPv6.html 2001-04-09 00:15:34 +00:00
6tunnel Move to sha1 checksum, and/or add distfile sizes. 2001-04-21 11:23:08 +00:00
adns Move to sha1 checksum, and/or add distfile sizes. 2001-04-21 11:23:08 +00:00
airportbasestationconfig Move to sha1 checksum, and/or add distfile sizes. 2001-04-21 11:23:08 +00:00
archie Move to sha1 checksum, and/or add distfile sizes. 2001-04-21 11:23:08 +00:00
arla Move to sha1 checksum, and/or add distfile sizes. 2001-04-21 11:23:08 +00:00
arpd Move to sha1 checksum, and/or add distfile sizes. 2001-04-21 11:23:08 +00:00
arpwatch Move to sha1 checksum, and/or add distfile sizes. 2001-04-21 11:23:08 +00:00
batchftp Move to sha1 checksum, and/or add distfile sizes. 2001-04-21 11:23:08 +00:00
bind4 Move to sha1 checksum, and/or add distfile sizes. 2001-04-21 11:23:08 +00:00
bind8 upgrade to 8.2.4. 2001-05-17 18:56:03 +00:00
bind9 upgrade to 9.1.2. 2001-05-06 00:19:06 +00:00
bind9-current upgrade to 9.2.0a2. 2001-06-13 01:39:29 +00:00
bing Move to sha1 checksum, and/or add distfile sizes. 2001-04-21 11:23:08 +00:00
bounce Move to sha1 checksum, and/or add distfile sizes. 2001-04-21 11:23:08 +00:00
cftp Move to sha1 checksum, and/or add distfile sizes. 2001-04-21 11:23:08 +00:00
choparp Move to sha1 checksum, and/or add distfile sizes. 2001-04-21 11:23:08 +00:00
cia Move to sha1 checksum, and/or add distfile sizes. 2001-04-21 11:23:08 +00:00
citrix_ica use a common patches directory and distinfo file, but use 2001-05-08 23:58:44 +00:00
coda5_client Mark as USE_BUILDLINK_ONLY. 2001-06-19 03:47:31 +00:00
coda5_server Mark as USE_BUILDLINK_ONLY. 2001-06-19 03:47:31 +00:00
coda_client Move to sha1 checksum, and/or add distfile sizes. 2001-04-21 11:23:08 +00:00
coda_doc Move to sha1 checksum, and/or add distfile sizes. 2001-04-21 11:23:08 +00:00
coda_intro Move to sha1 checksum, and/or add distfile sizes. 2001-04-21 11:23:08 +00:00
coda_server Move to sha1 checksum, and/or add distfile sizes. 2001-04-21 11:23:08 +00:00
dante Move to sha1 checksum, and/or add distfile sizes. 2001-04-21 11:23:08 +00:00
ddclient Move to sha1 checksum, and/or add distfile sizes. 2001-04-21 11:23:08 +00:00
delegate Remove unneeded dependency on readline...delegate supplies its own readline 2001-05-28 16:32:01 +00:00
dhid Move to sha1 checksum, and/or add distfile sizes. 2001-04-21 11:23:08 +00:00
dhisd Import dhisd-5.0: DynDNS server 2001-06-05 23:39:27 +00:00
dip Move to sha1 checksum, and/or add distfile sizes. 2001-04-21 11:23:08 +00:00
djbdns Update distinfo because djbdns-1.05-man has been modified. 2001-06-14 13:30:17 +00:00
dlint Move to sha1 checksum, and/or add distfile sizes. 2001-04-21 11:23:08 +00:00
echoping Move to sha1 checksum, and/or add distfile sizes. 2001-04-21 11:23:08 +00:00
eggdrop Move to sha1 checksum, and/or add distfile sizes. 2001-04-21 11:23:08 +00:00
ethereal LIBS is automatically added to CONFIGURE_ENV by bsd.pkg.mk if 2001-06-12 20:33:00 +00:00
fair-identd Move to sha1 checksum, and/or add distfile sizes. 2001-04-21 11:23:08 +00:00
fping Move to sha1 checksum, and/or add distfile sizes. 2001-04-21 11:23:08 +00:00
freewais-sf Change build dependency from perl-5.* to perl>=${PERL5_REQD}. Also change 2001-04-30 04:16:08 +00:00
gated Move to sha1 checksum, and/or add distfile sizes. 2001-04-21 11:23:08 +00:00
gftp Add missing "USE_LIBINTL= YES" to avoid build problems on systems with 2001-05-16 20:23:40 +00:00
gnapfetch Move to sha1 checksum, and/or add distfile sizes. 2001-04-21 11:23:08 +00:00
gnapster Move to sha1 checksum, and/or add distfile sizes. 2001-04-21 11:23:08 +00:00
gnubile CPPFLAGS is now passed to MAKE_ENV and CONFIGURE_ENV by bsd.pkg.mk, so 2001-06-11 06:34:17 +00:00
gnut Move to sha1 checksum, and/or add distfile sizes. 2001-04-21 11:23:08 +00:00
gtk-gnutella Move to sha1 checksum, and/or add distfile sizes. 2001-04-21 11:23:08 +00:00
gtk_wicontrol Move to sha1 checksum, and/or add distfile sizes. 2001-04-21 11:23:08 +00:00
gtksamba Move to sha1 checksum, and/or add distfile sizes. 2001-04-21 11:23:08 +00:00
gtm Move to sha1 checksum, and/or add distfile sizes. 2001-04-21 11:23:08 +00:00
host Move to sha1 checksum, and/or add distfile sizes. 2001-04-21 11:23:08 +00:00
httptunnel Move to sha1 checksum, and/or add distfile sizes. 2001-04-21 11:23:08 +00:00
icsi-finger Move to sha1 checksum, and/or add distfile sizes. 2001-04-21 11:23:08 +00:00
ipcalc Initial import of ipcalc-0.33 - IP Calculator written in perl 2001-05-21 12:52:44 +00:00
ipv6calc Move to sha1 checksum, and/or add distfile sizes. 2001-04-21 11:23:08 +00:00
ipw No functional changes: 2001-06-13 14:37:32 +00:00
irrd CPPFLAGS is now passed to MAKE_ENV and CONFIGURE_ENV by bsd.pkg.mk, so 2001-06-11 06:34:17 +00:00
isic Move to sha1 checksum, and/or add distfile sizes. 2001-04-21 11:23:08 +00:00
ispman Move to sha1 checksum, and/or add distfile sizes. 2001-04-21 11:23:08 +00:00
jwhois Remove unnecessary patch to unconditionally place locale files under 2001-06-17 21:48:41 +00:00
kdenetwork Use wildcard dependence on "uulib" package. 2001-06-12 06:56:35 +00:00
kdenetwork2 Use wildcard dependence on "uulib" package. 2001-06-11 18:11:55 +00:00
kmap Move to sha1 checksum, and/or add distfile sizes. 2001-04-21 11:23:08 +00:00
lftp Document why GNU readline is required. 2001-05-22 06:13:22 +00:00
libnids Move to sha1 checksum, and/or add distfile sizes. 2001-04-21 11:23:08 +00:00
libpcap Move to sha1 checksum, and/or add distfile sizes. 2001-04-21 11:23:08 +00:00
libsscript Move to sha1 checksum, and/or add distfile sizes. 2001-04-21 11:23:08 +00:00
lopster Move to sha1 checksum, and/or add distfile sizes. 2001-04-21 11:23:08 +00:00
lukemftp Move to sha1 checksum, and/or add distfile sizes. 2001-04-21 11:23:08 +00:00
lukemftpd update to lukemftpd 1.1. user visible changes: 2001-05-09 02:13:41 +00:00
md-whois Change build dependency from perl-5.* to perl>=${PERL5_REQD}. Also change 2001-04-30 04:16:08 +00:00
mirror Move to sha1 checksum, and/or add distfile sizes. 2001-04-21 11:23:08 +00:00
mouse-pppoe Move to sha1 checksum, and/or add distfile sizes. 2001-04-21 11:23:08 +00:00
mrt Move to sha1 checksum, and/or add distfile sizes. 2001-04-21 11:23:08 +00:00
mrtg Make netstat2mrtg work also on interfaces without link-layer address 2001-06-21 16:44:35 +00:00
mtr Convert to use buildlink.mk files and mark as USE_BUILDLINK_ONLY. 2001-06-20 04:56:28 +00:00
nap CPPFLAGS is now passed to MAKE_ENV and CONFIGURE_ENV by bsd.pkg.mk, so 2001-06-11 06:34:17 +00:00
napshare Initial import of new "napshare" package: 2001-06-14 14:41:01 +00:00
ncftp2 CPPFLAGS is now passed to MAKE_ENV and CONFIGURE_ENV by bsd.pkg.mk, so 2001-06-11 06:34:17 +00:00
ncftp3 Update ncftp3 to version 3.0.3: 2001-04-24 20:39:37 +00:00
neat Initial import of neat-4.6, the Netsaint Easy Administration Tools, a set 2001-05-14 18:05:12 +00:00
netatalk Move to sha1 checksum, and/or add distfile sizes. 2001-04-21 11:23:08 +00:00
netatalk-asun If pkgdiff reports 'Cannot strip away RCS IDs, please handle manually!' 2001-05-24 17:00:57 +00:00
netcat Move to sha1 checksum, and/or add distfile sizes. 2001-04-21 11:23:08 +00:00
netname Move to sha1 checksum, and/or add distfile sizes. 2001-04-21 11:23:08 +00:00
netperf Remove FreeBSDism (NOPORTDOCS) 2001-04-22 22:06:19 +00:00
netsaint-base Move to sha1 checksum, and/or add distfile sizes. 2001-04-21 11:23:08 +00:00
netsaint-plugin-cluster Initial import of netsaint-plugin-cluster-20001207, a cluster checking 2001-05-16 08:03:26 +00:00
netsaint-plugin-snmp Move to sha1 checksum, and/or add distfile sizes. 2001-04-21 11:23:08 +00:00
netsaint-plugins Move to sha1 checksum, and/or add distfile sizes. 2001-04-21 11:23:08 +00:00
ngrep Move to sha1 checksum, and/or add distfile sizes. 2001-04-21 11:23:08 +00:00
nmap Move to sha1 checksum, and/or add distfile sizes. 2001-04-21 11:23:08 +00:00
nmapfe Move to sha1 checksum, and/or add distfile sizes. 2001-04-21 11:23:08 +00:00
nocol Move to sha1 checksum, and/or add distfile sizes. 2001-04-21 11:23:08 +00:00
nsca Initial import of nsca-1.1.0, the Netsaint Service Check Acceptor. 2001-05-14 18:01:22 +00:00
nslint Initial import of nslint-2.0.2, a name server consistency checker for BIND 2001-06-07 11:53:04 +00:00
ntop Convert to use buildlink.mk files for ncurses dependency and mark as 2001-06-20 04:50:23 +00:00
ntp4 LIBS is automatically added to CONFIGURE_ENV by bsd.pkg.mk if 2001-06-12 20:33:00 +00:00
openh323 Sync PLIST with reality, as pointed out by leftover list from last 2001-05-10 11:14:57 +00:00
ORBit Generalize how the dependency pattern may be specified. Instead of just 2001-06-23 19:26:48 +00:00
p5-ispman Move to sha1 checksum, and/or add distfile sizes. 2001-04-21 11:23:08 +00:00
p5-Net Fix the HOMEPAGE url. 2001-06-17 10:31:02 +00:00
p5-Net-Daemon Move to sha1 checksum, and/or add distfile sizes. 2001-04-21 11:23:08 +00:00
p5-Net-DNS Move to sha1 checksum, and/or add distfile sizes. 2001-04-21 11:23:08 +00:00
p5-Net-IRC Move to sha1 checksum, and/or add distfile sizes. 2001-04-21 11:23:08 +00:00
p5-Net-SNMP Move to sha1 checksum, and/or add distfile sizes. 2001-04-21 11:23:08 +00:00
p5-Net-Telnet Move to sha1 checksum, and/or add distfile sizes. 2001-04-21 11:23:08 +00:00
p5-Net-TFTP Move to sha1 checksum, and/or add distfile sizes. 2001-04-21 11:23:08 +00:00
p5-SNMP Move to sha1 checksum, and/or add distfile sizes. 2001-04-21 11:23:08 +00:00
p5-SNMP_Session Move to sha1 checksum, and/or add distfile sizes. 2001-04-21 11:23:08 +00:00
p5-Socket6 Move to sha1 checksum, and/or add distfile sizes. 2001-04-21 11:23:08 +00:00
p5-Wais Move to sha1 checksum, and/or add distfile sizes. 2001-04-21 11:23:08 +00:00
pchar Update to pchar-1.4: Multi-packet probes, TCP probes, kernel-level timestamps. 2001-06-13 19:18:24 +00:00
pconsole Initial import of pconsole-1.0. 2001-06-23 21:52:07 +00:00
pfnet Move to sha1 checksum, and/or add distfile sizes. 2001-04-21 11:23:08 +00:00
pim6dd we cannot define multiple item for LICENSES 2001-06-02 05:01:39 +00:00
pim6sd install mtrace6(8). 2001-06-07 23:53:18 +00:00
pload Move to sha1 checksum, and/or add distfile sizes. 2001-04-21 11:23:08 +00:00
poink Fix typo in COMMENT, noted while reading the 'Changes in the NetBSD 2001-05-02 19:34:54 +00:00
polsms Move to sha1 checksum, and/or add distfile sizes. 2001-04-21 11:23:08 +00:00
poptop Move to sha1 checksum, and/or add distfile sizes. 2001-04-21 11:23:08 +00:00
ppp Move to sha1 checksum, and/or add distfile sizes. 2001-04-21 11:23:08 +00:00
ppp-mppe Now using openssl 0.9.6, and move the openssl extraction earlier. 2001-04-22 19:48:52 +00:00
pptp Move to sha1 checksum, and/or add distfile sizes. 2001-04-21 11:23:08 +00:00
py-soaplib initial import of py-soaplib-0.8: 2001-05-19 12:52:18 +00:00
py-xmlrpclib initial import of py-xmlrpc-0.9.8: 2001-05-19 12:50:56 +00:00
ra-pna-proxy This package is now longer interactive. 2001-05-12 11:52:54 +00:00
ra-rtsp-proxy Update download application form URL. 2001-05-10 05:35:01 +00:00
radius Move to sha1 checksum, and/or add distfile sizes. 2001-04-21 11:23:08 +00:00
rdist6 Move to sha1 checksum, and/or add distfile sizes. 2001-04-21 11:23:08 +00:00
ripe-whois-tools Add HOMEPAGE 2001-05-18 11:56:00 +00:00
rp-pppoe Move to sha1 checksum, and/or add distfile sizes. 2001-04-21 11:23:08 +00:00
rsync Move to sha1 checksum, and/or add distfile sizes. 2001-04-21 11:23:08 +00:00
samba Update samba to 2.2.0a as samba-2.2.0nb2. Quoting from WHATSNEW.txt: 2001-06-24 07:55:22 +00:00
sdist Move to sha1 checksum, and/or add distfile sizes. 2001-04-21 11:23:08 +00:00
sendfile Move to sha1 checksum, and/or add distfile sizes. 2001-04-21 11:23:08 +00:00
sftp Move to sha1 checksum, and/or add distfile sizes. 2001-04-21 11:23:08 +00:00
sharity-light Move to sha1 checksum, and/or add distfile sizes. 2001-04-21 11:23:08 +00:00
sitescooper Move to sha1 checksum, and/or add distfile sizes. 2001-04-21 11:23:08 +00:00
smb2www Move to sha1 checksum, and/or add distfile sizes. 2001-04-21 11:23:08 +00:00
sniffit Move to sha1 checksum, and/or add distfile sizes. 2001-04-21 11:23:08 +00:00
snort Move to sha1 checksum, and/or add distfile sizes. 2001-04-21 11:23:08 +00:00
socks4 Move to sha1 checksum, and/or add distfile sizes. 2001-04-21 11:23:08 +00:00
socks5 LIBS is automatically added to CONFIGURE_ENV by bsd.pkg.mk if 2001-06-12 20:33:00 +00:00
speakfreely Move to sha1 checksum, and/or add distfile sizes. 2001-04-21 11:23:08 +00:00
spegla Move to sha1 checksum, and/or add distfile sizes. 2001-04-21 11:23:08 +00:00
srsh Move to sha1 checksum, and/or add distfile sizes. 2001-04-21 11:23:08 +00:00
ssync Move to sha1 checksum, and/or add distfile sizes. 2001-04-21 11:23:08 +00:00
stripes Works with CGI.pm 2.66 as well. 2001-05-31 19:18:18 +00:00
tacacs Move to sha1 checksum, and/or add distfile sizes. 2001-04-21 11:23:08 +00:00
tcl-scotty Move to sha1 checksum, and/or add distfile sizes. 2001-04-21 11:23:08 +00:00
tcpdmerge Move to sha1 checksum, and/or add distfile sizes. 2001-04-21 11:23:08 +00:00
tcpdpriv Move to sha1 checksum, and/or add distfile sizes. 2001-04-21 11:23:08 +00:00
tcpdstat Move to sha1 checksum, and/or add distfile sizes. 2001-04-21 11:23:08 +00:00
tcpdump Move to sha1 checksum, and/or add distfile sizes. 2001-04-21 11:23:08 +00:00
tcpillust Mechanical changes of tk DEPENDS: 2001-05-05 19:51:13 +00:00
tcptrace Move to sha1 checksum, and/or add distfile sizes. 2001-04-21 11:23:08 +00:00
tinyfugue Update to version 4.0s1 (4.0 stable 1), to pick up bug fixes. 2001-05-16 15:39:10 +00:00
tkined Mechanical changes of tk DEPENDS: 2001-05-05 19:51:13 +00:00
tn5250 Convert to use buildlink.mk files for ncurses dependency. Remove 2001-06-20 04:44:59 +00:00
tnftp/files Import of canonical tnftp 20030825 sources, 2001-04-13 15:23:17 +00:00
totd Move to sha1 checksum, and/or add distfile sizes. 2001-04-21 11:23:08 +00:00
trafshow CPPFLAGS is now passed to MAKE_ENV and CONFIGURE_ENV by bsd.pkg.mk, so 2001-06-11 06:34:17 +00:00
ttt Move to sha1 checksum, and/or add distfile sizes. 2001-04-21 11:23:08 +00:00
ucd-snmp Move to sha1 checksum, and/or add distfile sizes. 2001-04-21 11:23:08 +00:00
ucspi-tcp Update distinfo due to ucspi-tcp-0.88-man update, which fixed two typos 2001-06-14 13:38:13 +00:00
unison Move to sha1 checksum, and/or add distfile sizes. 2001-04-21 11:23:08 +00:00
upclient Add RCS Tag. 2001-06-21 13:57:18 +00:00
userppp Move to sha1 checksum, and/or add distfile sizes. 2001-04-21 11:23:08 +00:00
vnc Move to sha1 checksum, and/or add distfile sizes. 2001-04-21 11:23:08 +00:00
vncviewer Move to sha1 checksum, and/or add distfile sizes. 2001-04-21 11:23:08 +00:00
vsftpd Follow suggestion from Luke Mewburn and change it back to "an FTP" 2001-06-19 11:43:08 +00:00
vtun LIBS is automatically added to CONFIGURE_ENV by bsd.pkg.mk if 2001-06-12 20:33:00 +00:00
wakeup Move to sha1 checksum, and/or add distfile sizes. 2001-04-21 11:23:08 +00:00
wget Update to use newer IPv6 patch. 2001-05-14 15:07:54 +00:00
whatmask Initial import of whatmask-1.0 2001-05-21 13:14:36 +00:00
wminet Move to sha1 checksum, and/or add distfile sizes. 2001-04-21 11:23:08 +00:00
wmnet Move to sha1 checksum, and/or add distfile sizes. 2001-04-21 11:23:08 +00:00
wmpload Move to sha1 checksum, and/or add distfile sizes. 2001-04-21 11:23:08 +00:00
wu-ftpd Move to sha1 checksum, and/or add distfile sizes. 2001-04-21 11:23:08 +00:00
xarchie Move to sha1 checksum, and/or add distfile sizes. 2001-04-21 11:23:08 +00:00
xipdump LIBS is automatically added to CONFIGURE_ENV by bsd.pkg.mk if 2001-06-12 20:33:00 +00:00
xspeakfree Mechanical changes of tk DEPENDS: 2001-05-05 19:51:13 +00:00
xtraceroute Move to sha1 checksum, and/or add distfile sizes. 2001-04-21 11:23:08 +00:00
ytalk Move to sha1 checksum, and/or add distfile sizes. 2001-04-21 11:23:08 +00:00
ywho Move to sha1 checksum, and/or add distfile sizes. 2001-04-21 11:23:08 +00:00
zebra Reorder some lines so that GNU_CONFIGURE defintion precedes inclusion of 2001-06-21 02:27:12 +00:00
zephyr CPPFLAGS is now passed to MAKE_ENV and CONFIGURE_ENV by bsd.pkg.mk, so 2001-06-11 06:34:17 +00:00
Makefile Add pconsole. 2001-06-23 22:00:52 +00:00