| Age | Commit message (Collapse) | Author | Files | Lines |
|---|
|
This is a security release in order to address CVE-2009-2813, CVE-2009-2948
and CVE-2009-2906.
Please note that Samba 3.0 is not maintained any longer. This security
release is shipped on a voluntary basis.
o CVE-2009-2813:
In all versions of Samba later than 3.0.11, connecting to the home
share of a user will use the root of the filesystem
as the home directory if this user is misconfigured to have
an empty home directory in /etc/passwd.
o CVE-2009-2948:
If mount.cifs is installed as a setuid program, a user can pass it a
credential or password path to which he or she does not have access and
then use the --verbose option to view the first line of that file.
o CVE-2009-2906:
Specially crafted SMB requests on authenticated SMB connections can
send smbd into a 100% CPU loop, causing a DoS on the Samba server.
|
|
|
|
|
|
|
|
Changelog:
* Changing directories at the same time an upload finishes no longer disturbs synchronized browsing
* *nix: Ensure dialogs can be closed using escape key
* *nix: Fix height of settings dialog
* Remember last used search conditions
* Display link overlay on icons of links in remote file list
* Display of average transfer speed should converge faster to overall average
* Simplify default file exists action dialogs
* Apply decimal places size formatting option also to total queue size
* MSW: Reduce number of needed user interactions in installer if update started from within FileZilla
* MSW: Check that there are no running instances of FileZilla before installing
* Fix handling of remote directory names with leading or trailing spaces
* *nix: Fix memory leaks in D-Bus session management and power management inhibitor client code
* *nix: Fall back to org.gnome.SessionManager if org.freedesktop.PowerManagment does not exit to inhibit idle sleep during transfers
* Increase default size of SO_RCVBUF (TCP advertised window) to fix performance issues on high-latency connections
* MSW: Fix displaying list of shares on local network resources
* MSW: Remote file editing no longer gets confused if two filenames only differ in character case
* Fix dialog line wrapping issues
* Ensure width of site manager is large enough to fit all tabs
* Better guard against filename columns being moved or hidden
* *nix, OS X: Handle filesystems without advisory file locking instead of falsely warning about site manager being opened in a different instance of FileZilla
|
|
|
|
in CVE-2009-3095.
|
|
|
|
* Use case ignore match for detecting encoded header. This is
language independent problem.
* Improve handling of file name of attachment in Japanese environment.
These fixes make squirrelmail usable after remove of japaneses patch.
Bump PKGREVISION.
|
|
verified in macppc though.
|
|
|
|
(reported by Geoff Wing <gcw@pobox.com>)
|
|
|
|
Security fixes in this version:
MFSA 2009-43 Heap overflow in certificate regexp parsing
MFSA 2009-42 Compromise of SSL-protected communication
For more info, see http://www.mozilla.com/en-US/thunderbird/2.0.0.23/releasenotes/
|
|
increased to distinguish.
|
|
Now with the patch actually committed.
|
|
|
|
|
|
e.g.: mkcomposecache, xscope, windowswmproto
+ MesaLib-7.6.0, asymptote-1.88, calibre-0.6.16, clive-2.2.7,
cln-1.3.1, compositeproto-0.4.1, conserver-8.1.17, db4-4.8.24,
dbxml-2.5.13, delegate-9.9.5, f-spot-0.6.1.3, fontcacheproto-0.1.3,
glib2-2.22.1 [GNOME 2.28], gnome-bluetooth-2.28.1 [GNOME 2.28],
gnome-menus-2.28.0.1 [GNOME 2.28], gtk2-2.18.1 [GNOME 2.28],
gtksourceview2-2.8.1 [GNOME 2.28], inputproto-2.0, java-db3-3.87,
libX11-1.3, libXext-1.1, libXi-1.3, libXinerama-1.1, libXrender-0.9.5,
libgee-0.5.0, libssh2-1.2.1, libusb-1.0, luit-1.0.4, mDNSResponder-212.1,
modular-xorg-server-1.7.0, mp3diags-0.99.06.040, nut-15.0,
py-bsddb3-4.8.0, py-usb-0.4.2, qt4-libs-4.5.3, recordproto-1.14,
saxon-9.2, tea-26.0.0, totem-2.28.1 [GNOME 2.28], totem-pl-parser-2.28.1
[GNOME 2.28], vte-0.22.2 [GNOME 2.28], windowlab-1.36,
xf86dgaproto-2.1, xf86vidmodeproto-2.3, xineramaproto-1.2,
xkeyboard-config-1.7, xterm-249.
|
|
|
|
|
|
|
|
|
|
OKed during freeze by wiz and agc
|
|
OKed during freeze by wiz and agc
|
|
OKed during freeze by wiz and agc
|
|
OKed during freeze by wiz and agc
|
|
|
|
OKed during freeze by wiz and agc
|
|
|
|
OKed during freeze by wiz and agc
|
|
|
|
OKed during freeze by wiz and agc
|
|
|
|
OKed during freeze by wiz and agc
|
|
|
|
OKed during freeze by wiz and agc
|
|
OKed during freeze by wiz and agc
|
|
|
|
OKed during freeze by wiz and agc
|
|
|
|
OKed during freeze by wiz and agc
|
|
OKed during freeze by wiz and agc
|
|
OKed during freeze by wiz and agc
|
|
mktemp(1) to avoid symlink vulnerabilities in tmp file/directory
creation/removal (mitre.org CVE-2008-4936). Named 1.1.36nb1 to
emphasize difference from upstream.
Commit ok'd by agc@.
|
|
OKed during freeze by wiz and agc
|
|
|
|
oRTP - a Real-time Transport Protocol (RFC3550) stack under LGPL
Features:
* Written in C, works under Linux (and probably any Unix) and Windows.
* Implement the RFC3550 (RTP) with a easy to use API with high and low level
access.
* Includes support for multiples profiles, AV profile (RFC3551) being the
one by default.
* Includes a packet scheduler for to send and recv packet "on time",
according to their timestamp. Scheduling is optional, rtp sessions can
remain not scheduled.
* Supports mutiplexing IO, so that hundreds of RTP sessions can be scheduled
by a single thread.
* Features an adaptive jitter algorithm for a receiver to adapt to the
clockrate of the sender.
* Supports part of RFC2833 for telephone events over RTP.
* The API is well documented using gtk-doc.
* Licensed under the Lesser Gnu Public License.
* RTCP messages sent periodically since 0.7.0 (compound packet including
sender report or receiver report + SDES)
* Includes an API to parse incoming RTCP packets.
OKed during freeze by wiz and agc.
|
|
|
|
${PREFIX}/lib/xulrunner/plugins. Bump PKGREVISION.
|
