Update for DirectFB, DirectFB.3723, GraphicsMagi... security important

Security update for samba, ldb, talloc, tdb, tevent

This update for ldb, samba, talloc, tdb, tevent fixes the following issues:

ldb was updated to 1.1.24.

+ Fix ldap \00 search expression attack dos; cve-2015-3223; (bso#11325)
+ Fix remote read memory exploit in ldb; cve-2015-5330; (bso#11599)
+ Move ldb_(un)pack_data into ldb_module.h for testing
+ Fix installation of _ldb_text.py
+ Fix propagation of ldb errors through tdb
+ Fix bug triggered by having an empty message in database during search
+ Test improvements
+ Improved python bindings
+ Validate_ldb of string(generalized-time) does not accept millisecond format ".000Z"; (bso#9810)
+ Fix logic in ldb_val_to_time()
+ Allow to register extended match rules
+ Fixes for segfaults in pyldb
+ Documentation fixes
+ Build system improvements
+ Fix a typo in the comment, ldb_flags_mod_xxx -> ldb_flag_mod_xxx
+ Fix check for third_party
+ Make the successful ldb_transaction_start() message clearer
+ Ldb-samba: fix a memory leak in ldif_canonicalise_objectcategory()
+ Ldb-samba: move pyldb-utils dependency to python_samba__ldb
+ Build: improve detection of srcdir

Samba was updated to 4.1.22.
+ Malicious request can cause samba ldap server to hang, spinning using cpu;
CVE-2015-3223; (bso#11325); (boo#958581).
+ Remote read memory exploit in ldb; cve-2015-5330; (bso#11599);
+ Insufficient symlink verification (file access outside the share);
CVE-2015-5252; (bso#11395); (boo#958582).
+ No man in the middle protection when forcing smb encryption on the client
side; CVE-2015-5296; (bso#11536); (boo#958584).
+ Currently the snapshot browsing is not secure thru windows previous version
(shadow_copy2); CVE-2015-5299; (bso#11529); (boo#958583).
+ Fix microsoft ms15-096 to prevent machine accounts from being changed into
user accounts; CVE-2015-8467; (bso#11552); (boo#958585).
+ Fix remote dos in samba (ad) ldap server; cve-2015-7540; (bso#9187);
+ Ensure attempt to ssh into locked account triggers
"Your account is disabled....." to the console; (boo#953382).
+ Prevent null pointer access in samlogon fallback when security
credentials are null; (boo#949022).

talloc was updated to 2.1.5; (boo#954658).
+ Minor build fixes
+ Point ld_library_path to the just-built libraries while calling make test.
+ Disable rpath-install and silent-rules while configure.
+ Update to 2.1.4; (boo#951660).
+ Test that talloc magic differs between processes.
+ Increment minor version due to added talloc_test_get_magic.
+ Provide tests access to talloc_magic.
+ Test magic protection measures.
+ Update the samba library distribution key file 'talloc.keyring'; (bso#945116).
+ Update to 2.1.3; (boo#939051).
+ Improved python3 bindings
+ Documentation fixes regarding talloc_reference() and talloc_unlink()

tdb was updated to version 1.3.8; (boo#954658).
+ Fix broken build with --disable-python
+ Minor build fixes
+ Disable rpath-install and silent-rules while configure.
+ Update the samba library distribution key file 'tdb.keyring'; (bso#945116).
+ Update to version 1.3.7.
+ First fix deadlock in the interaction between fcntl and mutex locking; (bso#11381)
+ Improved python3 bindings
+ Update to version 1.3.6.
+ Fix runtime detection for robust mutexes in the standalone build; (bso#11326).
+ Possible fix for the build with robust mutexes on solaris 11; (bso#11319).
+ Update to version 1.3.5.
+ Abi change: tdb_chainlock_read_nonblock() has been added, a nonblock
variant of tdb_chainlock_read()
+ Do not build test binaries if it's not a standalone build
+ Fix cid 1034842 resource leak
+ Fix cid 1034841 resource leak
+ Don't let tdb_wrap_open() segfault with name==null
+ Update to version 1.3.4.
+ Toos: allow transactions with tdb_mutex_locking
+ Test: add tdb1-run-mutex-transaction1 test
+ Allow transactions on on tdb's with tdb_mutex_locking
+ Update to version 1.3.3.
+ Test: tdb_clear_if_first | tdb_mutex_locking, o_rdonly is a valid
+ Update to version 1.3.2.
+ Allow tdb_open_ex() with o_rdonly of tdb_feature_flag_mutex tdbs.
+ Fix a comment
+ Fix tdb_runtime_check_for_robust_mutexes()
+ Improve wording in a comment
+ Tdb.h needs bool type; obsoletes include_stdbool_bso10625.patch
+ Tdb_wrap: make mutexes easier to use
+ Tdb_wrap: only pull in samba-debug
+ Tdb_wrap: standalone compile without includes.h
+ Tdb_wrap: tdb_wrap.h doesn't need struct loadparm_context
- Update to version 1.3.1.
+ Tools: fix a compiler warning
+ Defragment the freelist in tdb_allocate_from_freelist()
+ Add "freelist_size" sub-command to tdbtool
+ Use tdb_freelist_merge_adjacent in tdb_freelist_size()
+ Add tdb_freelist_merge_adjacent()
+ Add utility function check_merge_ptr_with_left_record()
+ Simplify tdb_free() using check_merge_with_left_record()
+ Add utility function check_merge_with_left_record()
+ Improve comments for tdb_free().
+ Factor merge_with_left_record() out of tdb_free()
+ Fix debug message in tdb_free()
+ Reduce indentation in tdb_free() for merging left
+ Increase readability of read_record_on_left()
+ Factor read_record_on_left() out of tdb_free()
+ Build: improve detection of srcdir.

tevent was update to version 0.9.26; (boo#954658).
+ New tevent_thread_proxy api
+ Minor build fixes
+ Update the samba library distribution key file 'tevent.keyring'; (bso#945116).
+ Update to 0.9.25.
+ Fix compile error in solaris ports backend.
+ Fix access after free in tevent_common_check_signal(); (bso#11308).
+ Improve pytevent bindings.
+ Testsuite fixes.
+ Improve the documentation of the tevent_add_fd() assumtions. it must be
talloc_free'ed before closing the fd! (bso##11141); (bso#11316).
+ Update to 0.9.24.
+ Ignore unexpected signal events in the same way the epoll backend does.
+ Update to 0.9.23.
+ Update the tevent_data.dox tutrial stuff to fix some errors, including
white space problems.
+ Use tevent_req_simple_recv_unix in a few places.
+ Update to 0.9.22.
+ Remove unused exit_code in tevent_select.c
+ Remove unused exit_code in tevent_poll.c
+ Build: improve detection of srcdir
+ Lib: tevent: make tevent_sig_increment atomic.
+ Update flags in tevent pkgconfig file
+ Utilize doxygen to generate the api documentation and package it.

Fixed bugs
openSUSE comes with ldb 1.1.20 while 1.1.21 is available
openSUSE comes with talloc 2.1.2 while 2.1.3 is available
samba: winbind crash -> netlogon_creds_client_authenticator
openSUSE comes with talloc 2.1.3 while 2.1.4 is available
VUL-0: CVE-2015-8467: samba: Microsoft MS15-096 / CVE-2015-2535 needs matching fix in Samba
VUL-0: CVE-2015-5296: samba: No man in the middle protection when forcing smb encryption on the client side
VUL-0: CVE-2015-5330: samba: Remote read memory exploit in LDB
samba+ssh: no failure message on login try if account is disabled in AD
VUL-0: CVE-2015-7540: samba: Bogus LDAP request cause samba to use all the memory and be ookilled
VUL-0: CVE-2015-5299: samba: Currently the snapshot browsing is not secure thru windows previous version (shadow_copy2)
VUL-0: CVE-2015-5252: samba: Insufficient symlink verification (file access outside the share)
VUL-0: CVE-2015-3223: samba: LDAP \00 search expression attack DoS in Samba 4.x
ldb, talloc, tdb, and/ or tevent need to be updated
Selected Binaries
openSUSE Build Service is sponsored by