mirror of
git://slackware.nl/current.git
synced 2024-12-28 09:59:53 +01:00
4657194ae3
Several ELF objects were found to have rpaths pointing into /tmp, a world
writable directory. This could have allowed a local attacker to launch denial
of service attacks or execute arbitrary code when the affected binaries are
run by placing crafted ELF objects in the /tmp rpath location. All rpaths with
an embedded /tmp path have been scrubbed from the binaries, and makepkg has
gained a lint feature to detect these so that they won't creep back in.
extra/llvm-17.0.6-x86_64-2_slack15.0.txz: Rebuilt.
Remove rpaths from binaries.
(* Security fix *)
patches/packages/cryfs-0.10.3-x86_64-5_slack15.0.txz: Rebuilt.
Remove rpaths from binaries.
(* Security fix *)
patches/packages/cups-filters-1.28.17-x86_64-2_slack15.0.txz: Rebuilt.
Mitigate security issue that could lead to a denial of service or
the execution of arbitrary code.
Rebuilt with --with-browseremoteprotocols=none to disable incoming
connections, since this daemon has been shown to be insecure. If you
actually use cups-browsed, be sure to install the new
/etc/cups/cups-browsed.conf.new containing this line:
BrowseRemoteProtocols none
For more information, see:
https://www.cve.org/CVERecord?id=CVE-2024-47176
(* Security fix *)
patches/packages/espeak-ng-1.50-x86_64-4_slack15.0.txz: Rebuilt.
Remove rpaths from binaries.
(* Security fix *)
patches/packages/libvncserver-0.9.13-x86_64-4_slack15.0.txz: Rebuilt.
Remove rpaths from binaries.
(* Security fix *)
patches/packages/marisa-0.2.6-x86_64-5_slack15.0.txz: Rebuilt.
Remove rpaths from binaries.
(* Security fix *)
patches/packages/mlt-7.4.0-x86_64-2_slack15.0.txz: Rebuilt.
Remove rpaths from binaries.
(* Security fix *)
patches/packages/mozilla-firefox-115.16.0esr-x86_64-1_slack15.0.txz: Upgraded.
This update contains security fixes and improvements.
For more information, see:
https://www.mozilla.org/en-US/firefox/115.16.0/releasenotes/
https://www.mozilla.org/security/advisories/mfsa2024-48
https://www.cve.org/CVERecord?id=CVE-2024-9392
https://www.cve.org/CVERecord?id=CVE-2024-9393
https://www.cve.org/CVERecord?id=CVE-2024-9394
https://www.cve.org/CVERecord?id=CVE-2024-9401
(* Security fix *)
patches/packages/openobex-1.7.2-x86_64-6_slack15.0.txz: Rebuilt.
Remove rpaths from binaries.
(* Security fix *)
patches/packages/pkgtools-15.0-noarch-44_slack15.0.txz: Rebuilt.
makepkg: when looking for ELF objects with --remove-rpaths or
--remove-tmp-rpaths, avoid false hits on files containing 'ELF' as part
of the directory or filename.
Also warn about /tmp rpaths after the package is built.
patches/packages/spirv-llvm-translator-13.0.0-x86_64-2_slack15.0.txz: Rebuilt.
Remove rpaths from binaries.
(* Security fix *)
testing/packages/llvm-18.1.8-x86_64-2_slack15.0.txz: Rebuilt.
Remove rpaths from binaries.
(* Security fix *)
223 lines
7.7 KiB
Text
223 lines
7.7 KiB
Text
# This is the main Samba configuration file. You should read the
|
|
# smb.conf(5) manual page in order to understand the options listed
|
|
# here. Samba has a huge number of configurable options (perhaps too
|
|
# many!) most of which are not shown in this example
|
|
#
|
|
# For a step to step guide on installing, configuring and using samba,
|
|
# read the Samba-HOWTO-Collection. This may be obtained from:
|
|
# http://www.samba.org/samba/docs/Samba-HOWTO-Collection.pdf
|
|
#
|
|
# Many working examples of smb.conf files can be found in the
|
|
# Samba-Guide which is generated daily and can be downloaded from:
|
|
# http://www.samba.org/samba/docs/Samba-Guide.pdf
|
|
#
|
|
# Any line which starts with a ; (semi-colon) or a # (hash)
|
|
# is a comment and is ignored. In this example we will use a #
|
|
# for commentry and a ; for parts of the config file that you
|
|
# may wish to enable
|
|
#
|
|
# NOTE: Whenever you modify this file you should run the command "testparm"
|
|
# to check that you have not made any basic syntactic errors.
|
|
#
|
|
#======================= Global Settings =====================================
|
|
[global]
|
|
|
|
# workgroup = NT-Domain-Name or Workgroup-Name, eg: MIDEARTH
|
|
workgroup = MYGROUP
|
|
|
|
# server string is the equivalent of the NT Description field
|
|
server string = Samba Server
|
|
|
|
# Server role. Defines in which mode Samba will operate. Possible
|
|
# values are "standalone server", "member server", "classic primary
|
|
# domain controller", "classic backup domain controller", "active
|
|
# directory domain controller".
|
|
#
|
|
# Most people will want "standalone server" or "member server".
|
|
# Running as "active directory domain controller" will require first
|
|
# running "samba-tool domain provision" to wipe databases and create a
|
|
# new domain.
|
|
server role = standalone server
|
|
|
|
# This option is important for security. It allows you to restrict
|
|
# connections to machines which are on your local network. The
|
|
# following example restricts access to two C class networks and
|
|
# the "loopback" interface. For more examples of the syntax see
|
|
# the smb.conf man page
|
|
; hosts allow = 192.168.1. 192.168.2. 127.
|
|
|
|
# Uncomment this if you want a guest account, you must add this to /etc/passwd
|
|
# otherwise the user "nobody" is used
|
|
; guest account = pcguest
|
|
|
|
# this tells Samba to use a separate log file for each machine
|
|
# that connects
|
|
log file = /usr/local/samba/var/log.%m
|
|
|
|
# Put a capping on the size of the log files (in Kb).
|
|
max log size = 50
|
|
|
|
# Specifies the Kerberos or Active Directory realm the host is part of
|
|
; realm = MY_REALM
|
|
|
|
# Backend to store user information in. New installations should
|
|
# use either tdbsam or ldapsam. smbpasswd is available for backwards
|
|
# compatibility. tdbsam requires no further configuration.
|
|
; passdb backend = tdbsam
|
|
|
|
# Using the following line enables you to customise your configuration
|
|
# on a per machine basis. The %m gets replaced with the netbios name
|
|
# of the machine that is connecting.
|
|
# Note: Consider carefully the location in the configuration file of
|
|
# this line. The included file is read at that point.
|
|
; include = /usr/local/samba/lib/smb.conf.%m
|
|
|
|
# Configure Samba to use multiple interfaces
|
|
# If you have multiple network interfaces then you must list them
|
|
# here. See the man page for details.
|
|
; interfaces = 192.168.12.2/24 192.168.13.2/24
|
|
|
|
# Where to store roving profiles (only for Win95 and WinNT)
|
|
# %L substitutes for this servers netbios name, %U is username
|
|
# You must uncomment the [Profiles] share below
|
|
; logon path = \\%L\Profiles\%U
|
|
|
|
# Windows Internet Name Serving Support Section:
|
|
# WINS Support - Tells the NMBD component of Samba to enable it's WINS Server
|
|
; wins support = yes
|
|
|
|
# WINS Server - Tells the NMBD components of Samba to be a WINS Client
|
|
# Note: Samba can be either a WINS Server, or a WINS Client, but NOT both
|
|
; wins server = w.x.y.z
|
|
|
|
# WINS Proxy - Tells Samba to answer name resolution queries on
|
|
# behalf of a non WINS capable client, for this to work there must be
|
|
# at least one WINS Server on the network. The default is NO.
|
|
; wins proxy = yes
|
|
|
|
# DNS Proxy - tells Samba whether or not to try to resolve NetBIOS names
|
|
# via DNS nslookups. The default is NO.
|
|
dns proxy = no
|
|
|
|
# These scripts are used on a domain controller or stand-alone
|
|
# machine to add or delete corresponding unix accounts
|
|
; add user script = /usr/sbin/useradd %u
|
|
; add group script = /usr/sbin/groupadd %g
|
|
; add machine script = /usr/sbin/adduser -n -g machines -c Machine -d /dev/null -s /bin/false %u
|
|
; delete user script = /usr/sbin/userdel %u
|
|
; delete user from group script = /usr/sbin/deluser %u %g
|
|
; delete group script = /usr/sbin/groupdel %g
|
|
|
|
|
|
#============================ Share Definitions ==============================
|
|
[homes]
|
|
comment = Home Directories
|
|
browseable = no
|
|
writable = yes
|
|
|
|
# Un-comment the following and create the netlogon directory for Domain Logons
|
|
; [netlogon]
|
|
; comment = Network Logon Service
|
|
; path = /usr/local/samba/lib/netlogon
|
|
; guest ok = yes
|
|
; writable = no
|
|
; share modes = no
|
|
|
|
|
|
# Un-comment the following to provide a specific roving profile share
|
|
# the default is to use the user's home directory
|
|
;[Profiles]
|
|
; path = /usr/local/samba/profiles
|
|
; browseable = no
|
|
; guest ok = yes
|
|
|
|
|
|
# NOTE: If you have a BSD-style print system there is no need to
|
|
# specifically define each individual printer
|
|
[printers]
|
|
comment = All Printers
|
|
path = /usr/spool/samba
|
|
browseable = no
|
|
# Set public = yes to allow user 'guest account' to print
|
|
guest ok = no
|
|
writable = no
|
|
printable = yes
|
|
|
|
# This one is useful for people to share files
|
|
;[tmp]
|
|
; comment = Temporary file space
|
|
; path = /tmp
|
|
; read only = no
|
|
; public = yes
|
|
|
|
# A publicly accessible directory, but read only, except for people in
|
|
# the "staff" group
|
|
;[public]
|
|
; comment = Public Stuff
|
|
; path = /home/samba
|
|
; public = yes
|
|
; writable = no
|
|
; printable = no
|
|
; write list = @staff
|
|
|
|
# Other examples.
|
|
#
|
|
# A private printer, usable only by fred. Spool data will be placed in fred's
|
|
# home directory. Note that fred must have write access to the spool directory,
|
|
# wherever it is.
|
|
;[fredsprn]
|
|
; comment = Fred's Printer
|
|
; valid users = fred
|
|
; path = /homes/fred
|
|
; printer = freds_printer
|
|
; public = no
|
|
; writable = no
|
|
; printable = yes
|
|
|
|
# A private directory, usable only by fred. Note that fred requires write
|
|
# access to the directory.
|
|
;[fredsdir]
|
|
; comment = Fred's Service
|
|
; path = /usr/somewhere/private
|
|
; valid users = fred
|
|
; public = no
|
|
; writable = yes
|
|
; printable = no
|
|
|
|
# a service which has a different directory for each machine that connects
|
|
# this allows you to tailor configurations to incoming machines. You could
|
|
# also use the %U option to tailor it by user name.
|
|
# The %m gets replaced with the machine name that is connecting.
|
|
;[pchome]
|
|
; comment = PC Directories
|
|
; path = /usr/pc/%m
|
|
; public = no
|
|
; writable = yes
|
|
|
|
# A publicly accessible directory, read/write to all users. Note that all files
|
|
# created in the directory by users will be owned by the default user, so
|
|
# any user with access can delete any other user's files. Obviously this
|
|
# directory must be writable by the default user. Another user could of course
|
|
# be specified, in which case all files would be owned by that user instead.
|
|
;[public]
|
|
; path = /usr/somewhere/else/public
|
|
; public = yes
|
|
; only guest = yes
|
|
; writable = yes
|
|
; printable = no
|
|
|
|
# The following two entries demonstrate how to share a directory so that two
|
|
# users can place files there that will be owned by the specific users. In this
|
|
# setup, the directory should be writable by both users and should have the
|
|
# sticky bit set on it to prevent abuse. Obviously this could be extended to
|
|
# as many users as required.
|
|
;[myshare]
|
|
; comment = Mary's and Fred's stuff
|
|
; path = /usr/somewhere/shared
|
|
; valid users = mary fred
|
|
; public = no
|
|
; writable = yes
|
|
; printable = no
|
|
; create mask = 0765
|
|
|
|
|