From 9f82cdb1f8a804b52ab28f6dfb42b08b90e1197c Mon Sep 17 00:00:00 2001
From: Arne Fitzenreiter <arne_f@ipfire.org>
Date: Wed, 2 May 2012 10:10:07 +0200
Subject: [PATCH 1/2] samba: security update to 3.5.15. (CVE-2012-2111).

This security release addresses CVE-2012-2111 (incorrect permission checks when
granting/removing privileges could compromise file server security).
---
 html/cgi-bin/samba.cgi | 4 ++--
 lfs/samba              | 8 ++++----
 2 files changed, 6 insertions(+), 6 deletions(-)

diff --git a/html/cgi-bin/samba.cgi b/html/cgi-bin/samba.cgi
index 57970db08..27856cab9 100644
--- a/html/cgi-bin/samba.cgi
+++ b/html/cgi-bin/samba.cgi
@@ -2,7 +2,7 @@
 ###############################################################################
 #                                                                             #
 # IPFire.org - A linux based firewall                                         #
-# Copyright (C) 2005-2010  IPFire Team                                        #
+# Copyright (C) 2005-2012  IPFire Team  <info@ipfire.org>                     #
 #                                                                             #
 # This program is free software: you can redistribute it and/or modify        #
 # it under the terms of the GNU General Public License as published by        #
@@ -77,7 +77,7 @@ my %servicenames = ('SMB Daemon' => 'smbd','NetBIOS Nameserver' => 'nmbd');
 
 $sambasettings{'WORKGRP'} = 'homeip.net';
 $sambasettings{'NETBIOSNAME'} = 'IPFire';
-$sambasettings{'SRVSTRING'} = 'Samba running on IPFire 2.9';
+$sambasettings{'SRVSTRING'} = 'Samba running on IPFire 2.x';
 $sambasettings{'INTERFACES'} = '';
 $sambasettings{'SECURITY'} = 'share';
 $sambasettings{'OSLEVEL'} = '33';
diff --git a/lfs/samba b/lfs/samba
index 9708a9abe..e27ee08da 100644
--- a/lfs/samba
+++ b/lfs/samba
@@ -1,7 +1,7 @@
 ###############################################################################
 #                                                                             #
 # IPFire.org - A linux based firewall                                         #
-# Copyright (C) 2007-2011  IPFire Team  <info@ipfire.org>                     #
+# Copyright (C) 2007-2012  IPFire Team  <info@ipfire.org>                     #
 #                                                                             #
 # This program is free software: you can redistribute it and/or modify        #
 # it under the terms of the GNU General Public License as published by        #
@@ -24,7 +24,7 @@
 
 include Config
 
-VER        = 3.5.14
+VER        = 3.5.15
 
 THISAPP    = samba-$(VER)
 DL_FILE    = $(THISAPP).tar.gz
@@ -32,7 +32,7 @@ DL_FROM    = $(URL_IPFIRE)
 DIR_APP    = $(DIR_SRC)/$(THISAPP)
 TARGET     = $(DIR_INFO)/$(THISAPP)
 PROG       = samba
-PAK_VER    = 39
+PAK_VER    = 40
 
 DEPS       = "cups"
 
@@ -44,7 +44,7 @@ objects = $(DL_FILE)
 
 $(DL_FILE) = $(DL_FROM)/$(DL_FILE)
 
-$(DL_FILE)_MD5 = a97f5647face6e9214d5c42903412474
+$(DL_FILE)_MD5 = 2d72c044bdfd854ee2ab736326da3afd
 
 install : $(TARGET)
 

From 8f17b54f9686052a7bc5708ad9eb96fe99463363 Mon Sep 17 00:00:00 2001
From: Arne Fitzenreiter <arne_f@ipfire.org>
Date: Wed, 2 May 2012 19:42:02 +0200
Subject: [PATCH 2/2] openssl: security update to 0.9.8w. (CVE-2012-2131).

SN1 BIO incomplete fix (CVE-2012-2131)
=======================================

It was discovered that the fix for CVE-2012-2110 released on 19 Apr
2012 was not sufficient to correct the issue for OpenSSL 0.9.8.

Please see http://www.openssl.org/news/secadv_20120419.txt for details
of that vulnerability.

This issue only affects OpenSSL 0.9.8v.  OpenSSL 1.0.1a and 1.0.0i
already contain a patch sufficient to correct CVE-2012-2110.

Thanks to Red Hat for discovering and fixing this issue.

Affected users should upgrade to 0.9.8w.

References
==========

URL for this Security Advisory:
http://www.openssl.org/news/secadv_20120424.txt
---
 config/rootfiles/common/openssl | 2 +-
 lfs/openssl                     | 4 ++--
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/config/rootfiles/common/openssl b/config/rootfiles/common/openssl
index bc1ac49f0..02e4c1cdd 100644
--- a/config/rootfiles/common/openssl
+++ b/config/rootfiles/common/openssl
@@ -1116,7 +1116,6 @@ usr/lib/libssl.so.0.9.8
 #usr/share/man/man3/dsa.3
 #usr/share/man/man3/ecdsa.3
 #usr/share/man/man3/engine.3
-#usr/share/man/man3/err.3
 #usr/share/man/man3/evp.3
 #usr/share/man/man3/hmac.3
 #usr/share/man/man3/i2d_ASN1_OBJECT.3
@@ -1164,6 +1163,7 @@ usr/lib/libssl.so.0.9.8
 #usr/share/man/man3/md5.3
 #usr/share/man/man3/mdc2.3
 #usr/share/man/man3/pem.3
+#usr/share/man/man3/rand.3
 #usr/share/man/man3/rc4.3
 #usr/share/man/man3/ripemd.3
 #usr/share/man/man3/rsa.3
diff --git a/lfs/openssl b/lfs/openssl
index 9d559e154..c58c0487f 100644
--- a/lfs/openssl
+++ b/lfs/openssl
@@ -24,7 +24,7 @@
 
 include Config
 
-VER        = 0.9.8u
+VER        = 0.9.8w
 
 THISAPP    = openssl-$(VER)
 DL_FILE    = $(THISAPP).tar.gz
@@ -40,7 +40,7 @@ objects = $(DL_FILE)
 
 $(DL_FILE) = $(DL_FROM)/$(DL_FILE)
 
-$(DL_FILE)_MD5 = cb41e94f762ed63e41d1cca2b8430ede
+$(DL_FILE)_MD5 = 4ceb7d570e42c094b360cc7b8e848a0b
 
 install : $(TARGET)