Adolf Belka [Thu, 3 Feb 2022 21:53:04 +0000 (22:53 +0100)]
samba: Update to version 4.15.5
- Update from 4.14.6 to 4.15.5
- Update of rootfile
- Changelog is too long to include everything. Full details can be found in the
WHATSNEW.txt file in the source tarball. The following highlights those releases
that were security releases. The other releases had a range of bug fixes.
4.15.5 is a security release and includes the following CVE fixes
o CVE-2021-44141: UNIX extensions in SMB1 disclose whether the outside target
of a symlink exists.
https://www.samba.org/samba/security/CVE-2021-44141.html
o CVE-2021-44142: Out-of-Bound Read/Write on Samba vfs_fruit module.
https://www.samba.org/samba/security/CVE-2021-44142.html
o CVE-2022-0336: Re-adding an SPN skips subsequent SPN conflict checks.
https://www.samba.org/samba/security/CVE-2022-0336.html
4.15.2 was a security release and included the following CVE fixes
o CVE-2016-2124: SMB1 client connections can be downgraded to plaintext
authentication.
https://www.samba.org/samba/security/CVE-2016-2124.html
o CVE-2020-25717: A user on the domain can become root on domain members.
https://www.samba.org/samba/security/CVE-2020-25717.html
(PLEASE READ! There are important behaviour changes described)
o CVE-2020-25718: Samba AD DC did not correctly sandbox Kerberos tickets issued
by an RODC.
https://www.samba.org/samba/security/CVE-2020-25718.html
o CVE-2020-25719: Samba AD DC did not always rely on the SID and PAC in Kerberos
tickets.
https://www.samba.org/samba/security/CVE-2020-25719.html
o CVE-2020-25721: Kerberos acceptors need easy access to stable AD identifiers
(eg objectSid).
https://www.samba.org/samba/security/CVE-2020-25721.html
o CVE-2020-25722: Samba AD DC did not do suffienct access and conformance
checking of data stored.
https://www.samba.org/samba/security/CVE-2020-25722.html
o CVE-2021-3738: Use after free in Samba AD DC RPC server.
https://www.samba.org/samba/security/CVE-2021-3738.html
o CVE-2021-23192: Subsequent DCE/RPC fragment injection vulnerability.
https://www.samba.org/samba/security/CVE-2021-23192.html
4.14.12 was a security release and included the following CVE fixes
o CVE-2021-44142: Out-of-Bound Read/Write on Samba vfs_fruit module.
https://www.samba.org/samba/security/CVE-2021-44142.html
o CVE-2022-0336: Re-adding an SPN skips subsequent SPN conflict checks.
https://www.samba.org/samba/security/CVE-2022-0336.html
4.14.10 was a security release and included the following CVE fixes
o CVE-2016-2124: SMB1 client connections can be downgraded to plaintext
authentication.
https://www.samba.org/samba/security/CVE-2016-2124.html
o CVE-2020-25717: A user on the domain can become root on domain members.
https://www.samba.org/samba/security/CVE-2020-25717.html
(PLEASE READ! There are important behaviour changes described)
o CVE-2020-25718: Samba AD DC did not correctly sandbox Kerberos tickets issued
by an RODC.
https://www.samba.org/samba/security/CVE-2020-25718.html
o CVE-2020-25719: Samba AD DC did not always rely on the SID and PAC in Kerberos
tickets.
https://www.samba.org/samba/security/CVE-2020-25719.html
o CVE-2020-25721: Kerberos acceptors need easy access to stable AD identifiers
(eg objectSid).
https://www.samba.org/samba/security/CVE-2020-25721.html
o CVE-2020-25722: Samba AD DC did not do suffienct access and conformance
checking of data stored.
https://www.samba.org/samba/security/CVE-2020-25722.html
o CVE-2021-3738: Use after free in Samba AD DC RPC server.
https://www.samba.org/samba/security/CVE-2021-3738.html
o CVE-2021-23192: Subsequent DCE/RPC fragment injection vulnerability.
https://www.samba.org/samba/security/CVE-2021-23192.html
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Reviewed-by: Peter Müller <peter.mueller@ipfire.org>
Adolf Belka [Thu, 3 Feb 2022 21:53:25 +0000 (22:53 +0100)]
sdl2: Update to version 2.0.20
- Update from 2.0.18 to 2.0.20
- Update of rootfile
- Changelog
2.0.20:
General:
* SDL_RenderGeometryRaw() takes a pointer to SDL_Color, not int. You can cast color
data in SDL_PIXELFORMAT_RGBA32 format (SDL_PIXELFORMAT_ABGR8888 on little endian
systems) for this parameter.
* Improved accuracy of horizontal and vertical line drawing when using OpenGL or
OpenGLES
* Added the hint SDL_HINT_RENDER_LINE_METHOD to control the method of line drawing
used, to select speed, correctness, and compatibility.
Windows:
* Fixed size of custom cursors
Linux:
* Fixed hotplug controller detection, broken in 2.0.18
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Reviewed-by: Peter Müller <peter.mueller@ipfire.org>
Adolf Belka [Wed, 2 Feb 2022 13:09:24 +0000 (14:09 +0100)]
manualpages: Update to include addon help links for addons with menu entries
- Some addons have menu entries and currentlky these do not have any links to their
help pages
- Ran check_manualpages and confirmed that all links to wiki pages are existing.
- Tested for guardian and wio
Tested-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Reviewed-by: Peter Müller <peter.mueller@ipfire.org>
Adolf Belka [Fri, 28 Jan 2022 13:08:00 +0000 (14:08 +0100)]
p11-kit: Update to version 0.24.1
- Update from 0.24.0 to 0.24.1
- Update of rootfile not required
- Changelog
0.24.1 (stable)
* rpc: Support protocol version negotiation [PR#371, PR#385]
* proxy: Support copying attribute array recursively [PR#368]
* Link libp11-kit so that it cannot unload [PR#383]
* Translation improvements [PR#381]
* Build fixes [PR#372, PR#373, PR#375, PR#377, PR#384, PR#407]
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Reviewed-by: Peter Müller <peter.mueller@ipfire.org>
Adolf Belka [Fri, 28 Jan 2022 13:07:40 +0000 (14:07 +0100)]
mdadm: Update to version 4.2
- Update from 4.1 to 4.2
- Update of rootfile not required
- Changelog is no longer updated. The package directs you to the git commits to find
the changes. https://git.kernel.org/pub/scm/utils/mdadm/mdadm.git/log/
- Announcement of update says-
The release includes more than two years of development and bugfixes,
so it is difficult to remember everything. Highlights include
enhancements and bug fixes including for IMSM RAID, Partial Parity
Log, clustered RAID support, improved testing, and gcc-9 support.
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Reviewed-by: Peter Müller <peter.mueller@ipfire.org>
checkrootfiles: exclude some rust paks and fix armv6l
some new rust packages contain files with x86_64 or aarch64 on
all archictectures. They are now excluded from check.
also this fix the check for armv6l.
Michael Tremer [Mon, 31 Jan 2022 13:30:20 +0000 (14:30 +0100)]
rust-pyo3: New package.
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org> Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
projects / people / stevee / ipfire-2.x.git / log
