LedgerSMB

This post is about the dangers in writing user defined functions in untrusted languages, but it is also specifically about how to avoid CVE-2016-1238-related problems when writing PL/PerlU functions.  The fix is simple and straight-forward and it is ... [More] important for it to be in pl/perlU stored procedures and user defined functions for reasons I will discuss.  This discusses actual exploits and the severity of being able to inject abritrary Perl code into the running database backend is a good reason to be disciplined and careful about the use of this language.It is worth saying at the outset that I have been impressed by how well sensible design choices in PostgreSQL generally mitigate problems like this.  In essence you have to be working in an environment where a significant number of security measures have been bypassed either intentionally or not.  This speaks volumes on the security of PostgreSQL's design since it is highly unlikely that this particular attack vector was an explicit concern.  In other words these decisions make many attacks even against untrusted languages far more difficult than they would be otherwise.The potential consequences are severe enough, however, that secure coding is particularly important in this environment even with the help of the secure design.  And in any language it is easy to code yourself into corners where you aren't aware you are introducing security problems until they bite you.The current implementation, we will see, already has a fair bit of real depth of defense behind it.  PostgreSQL is not, by default, vulnerable to the problems in the CVE noted in the title.  However, with a little recklessness, it is possible to open the door to the possibility of real problems and it is possible for these problems to be hidden from the code reviewer by error rather than actual malice.  Given the seriousness of what can happen if you can run arbitrary code in the PostgreSQL back-end, my view is that all applicable means should be employed to prevent problems.PL/PerlU can be used in vulnerable ways, but PL/Perl (without the U) is by design safe.  Even with PL/PerlU it is worth noting that multiple safety measures have to be bypassed before vulnerability becomes a concern.  This is not about any vulnerabilities in PostgreSQL, but what vulnerabilities can be added through carelessly writing stored procedures or user-defined functions.There are two lessons I would  like people to take away from this.  The first is how much care has been taken with regard to PostgreSQL regarding security in design.  The second is how easily one can accidentally code oneself into a corner.  PL/PerlU often is the right solution for many problem domains and it can be used safely but some very basic rules need to be followed to stay out of trouble.Extending SQL in PostgreSQL using Arbitrary LanguagesPostgreSQL has a language handler system that allows user defined functions and stored procedures to be written in many different languages.  Out of the box, Python, TCL, C, and Perl come supported out of the box.  Perl and TCL come in trusted and untrusted variants (see below), while Python and C are always untrusted.There are large numbers of external language handlers as well, and it is possible to write ones own.  Consequently, PostgreSQL allows, effectively, SQL to be extended by plugins written in any language.  The focus here will be on untrusted Perl, or PL/perlU.  Untrusted languages have certain inherent risks in their usage and these become important, as here, when there is concern about specific attack vectors.Trusted vs Untrusted Languages, and what PL/Perl and PL/PerlU can doPostgreSQL allows languages to be marked as 'trusted' or 'untrusted' by the RDBMS.  Trusted languages are made available for anyone to write functions for while untrusted languages are restricted to database superusers.  Trusted languages are certified by the developers not to interact with file handles, not to engage in any other activity other than manipulating data in the database.There is no way to 'use' or 'require' a Perl module in pl/perl (trusted) and therefore it is largely irrelevant for our discussion.  However PL/PerlU can access anything else on the system and it does so with the same permissions as the database manager itself.  Untrusted languages, like PL/PerlU make it possible to extend SQL in arbitrary ways by injecting (with the database superuser's permission!) code into SQL queries written in whatever langauges one wants.  Untrusted languages make PostgreSQL one of the most programmable relational databases in the world, but they also complicate database security in important ways which are well beyond the responsibility of PostgreSQL as a project.Like test harnesses, untrusted languages are insecure by design (i.e. they allow arbitrary code injection into the database backend) and this issue is as heavily mitigated as possible, making PostgreSQL one of the most security-aware databases in the market.To define a function  in an untrusted language, one must be a database superuser, so the PostgeSQL community places primary trust in the database administration team not to do anything stupid, which is generally a good policy.  This article is largely in order to help that policy be effective.Paths, Permissions, and CVE-2016-1238The CVE referenced in the title of this article and section is one which allows attackers to inject code into a running Perl routine by placing it in the current working directory of a Perl process. If an optional dependency of a dependency is placed i the current working directory, it may be included in the current Perl interpreter without the understanding of the user.  This is a problem primarily because Perl programs are sufficiently complex that people rarely understand the full dependency tree of what they are running.If the current working directory ends up being one which includes user-writeable data of arbitrary forms, the problem exists.  If not, then one is safe.The problem however is that changing directories changes the include path.  You can demonstrate this by doing as follows:In ./test.pl create a file that contains:use test;use test2;./test.pm is:chdir test;\test/test2.pm is:warn 'haxored again';What happens is that the use test statement includes ./test.pm which changes directory, so when you use test2, you are including from test/test2.pm.   This means that if any period during this cycle of the Perl interpreter's life you are in a world-writable directory, and including or requring files, you are asking for trouble.Usual Cases for PL/PerlUThe usual use case of PL/PerlU is where you need a CPAN module to process or handle information..  For example you may want to return json using JSON.pm, or you may want to write to a (non-transactional log).For example, the most recent PL/PerlU function I wrote used basic regular expressions to parse a public document record stored in a database to extract information relating to patents awarded on protein sequences.  It was trivial but was easier to use JSON than to write json serialization inline (and yes, performed well enough given the data sizes operate on).Are usual cases safe?  Deceptively so!Here are a few pl/perlU functions which show the relevant environment that PL/PerlU functions run in by default:postgres=# create or replace function show_me_inc() returns setof text language plperlu as$$return \@INC;$$;CREATE FUNCTIONpostgres=# select show_me_inc();         show_me_inc          ------------------------------ /usr/local/lib64/perl5 /usr/local/share/perl5 /usr/lib64/perl5/vendor_perl /usr/share/perl5/vendor_perl /usr/lib64/perl5 /usr/share/perl5 .(7 rows)postgres=# create or replace function get_cwd() returns text language plperlu aspostgres-# $$postgres$# use Cwd;postgres$# return getcwd();postgres$# $$;CREATE FUNCTIONpostgres=# select get_cwd();       get_cwd       --------------------- /var/lib/pgsql/data(1 row)Wow.  I did not expect such a sensible, secure implementation.  PostgreSQL usually refuses to start if non-superusers of the system have write access to the data directory.  So this is, by default, a very secure configuration right up until the first chdir() operation......Now, in the normal use case of a user defined function using PL/PerlU, you are going to have no problems.  The reason is that most of the time, if you are doing sane things, you are going to want to write immutable functions which have no side effects and maybe use helpers like JSON.pm to format data.  Whether or not there are vulnerabilities exploitable via JSON.pm, they cannot be exploited in this manner.However, sometimes people do the wrong things in the database and here, particularly, trouble can occur.What gets you into trouble?To have an exploit in pl/perlU code, several things have to happen: Either a previous exploit must exist which has written files to the PostgreSQL data directory, or one must change directories After changing directories, a vulnerable module must be loaded while in a directory the attacker has write access to. It is possible, though unlikely, for the first to occur behind your back.  But people ask me all the time how to send email from the database backend and so you cannot always guarantee people are thinking through the consequences of their actions.So vulnerabilities can occur when people are thinking tactically and coding in undisciplined ways.  This is true everywhere but here the problems are especially subtle and they are as dangerous as they are rare.An attack scenario.So suppose company A receives a text file via an anonymous ftp drop box in X12 format (the specific format is not relevant, just that it comes in with contents and a file name that are specified by the external user).  A complex format like X12 means they are highly unlikely to do the parsing themselves so they implement a module loader in PostgreSQL.  The module loader operates on a file handle as such:On import, the module loader changes directories to the incoming directory.  In the actual call to get_handle, it opens a file handle, and creates an iterator based on that, and returns it.  Nobody notices that the directory is not changed back because this is then loaded into the db and no other file access is done here.  I have seen design problems of this magnitude go undetected for an extended period, so coding defensively means assuming they will exist.Now, next, this is re-implemented in the database as such:CREATE OR REPLACE FUNCTION load_incoming_file(fiilename text) RETURNS intlanguage plperlu as$$use CompanyFileLoader '/var/incoming'; # oops, we left the data directoryuse CompanyConfig 'our_format'; # oops optional dependency that falls back to .                                                    # in terms of exploit, the rest is irrelevant                                                    # for a proof of concept you could just return 1 hereuse strict;use warnings;my $filename = shift;my $records = CompanyFileLoader->get_handle($filename);while ($r = $records->next){    # logic to insert into the db omitted}return $records->count;$$;The relevant poart of CompanyFileLoader.pm is (the rest could be replaced with stubs for a proof of concept):package CompanyFileLoader;use strict;use warnings;my @dirstack;sub import {    my $dir = pop;    push @dirstack, $dir;    chdir $dir;}Now, in a real-world published module, this would cause problems but in a company's internal operations it might not pose discovered problems in a timely fashion.The relevant part of CompanyConfig is:package CompanyConfig;use strict;use warnings;eval { require 'SupplementalConfig' };Now, if a SupplementalConfig.pm is loaded into the same directory as the text files, it will get loaded and run as part of the pl/perlU function.Now to exploit this someone with knowledge of the system has to place this in that directory.  It could be someone internal due to failure to secure the inbound web service properly.  It could be someone external who has inside knowledge (a former employee for example).  Or a more standard exploit could be tried on the basis that some other shared module might have a shared dependency.The level of inside knowledge required to pull that off is large but the consequences are actually pretty dire.  When loaded, the perl module interacts with the database with the same permissions as the rest of the function, but it also has filesystem access as the database server.  This means it could do any of the following: Write perl modules to exploit this vulnerability in other contexts to the Pg data directory delete or corrupt database files possibly alter log files depending on setup. Many other really bad things. These risks are inherent with the use of untrusted languages, that you can write vulnerable code and introduce security problems into your database.  This is one example of that and I think the PostgreSQL team has done an extremely good job of making the platform secure.Disciplined coding to prevent problemsThe danger can be effectively prevented by following some basic rules:All user defined functions and stored procedures in PL/PerlU should include the line:no lib '.';It is possible that modules could add this back in behind your back, but for published modules this is extremely unlikely.  So local development projects should not use lib '.' in order to prevent this.Secondly, never use chdir in a pl/perl function.  Remember you can always do file operations with absolute paths.   Without chdir, no initial exploit against the current working directory is possible through pl/perlu.  Use of chdir circumvents important safety protections in PostgreSQL.Thirdly it is important that one sticks to well maintained modules.  Dangling chdir's in a module's load logic are far more likely to be found and fixed when lots of other people are using a module, and a dangling chdir is a near requirement to accidental vulnerability.  For internal modules, they need to be reviewed both for optional dependencies usage and dangling chdir's in the module load logic. [Less]

Because I have lost confidence in the approach taken by those in charge of fixing this problem, I have decided to do a full disclosure series on CVE-2016-1238.  As mentioned in a previous post, the proposed fixes for the minor versions don't even ... [More] remotely fix the problem  and at most can provide a false sense of security.  For this reason it is extremely important that sysadmins understand how these exploits work and how to secure their systems.A lot of the information here is not specific to this CVE but concerns security regarding running tests generally.  For this reason while this CVE is used as an example, the same basic concepts apply to PostgreSQL db testing, and much more.As I mentioned in a previous post, prove cannot currently be run safely in any directory that is world writeable, and the current approach of making this a module problem make this far worse, not better.  Moreover this is not something which can be patched in prove without breaking the basic guarantee that it tests the application as it would run on the current system's Perl interpreter and if you break that, all bets are off.All the exploits I cover in this series are exploitable on fully patched systems.  However they can be prevented by good system administration.  In every case, we will look at how system administration best practices can prevent the problem.One key problem with the current approach is that it fails to differentiate between unknowing inclusion and user errors brought on simply by not understanding the issues.  The latter has been totally disregarded by the people attempting stop-gap patches.Test harnesses generally are insecure by design.  The whole point is to execute arbitrary code and see what happens and with this comes a series of inherent risks.  We accept those risks because they are important to the guarantees we usually want to make that our software will perform in the real world as expected.  Moreover even the security risks inherent in test harnesses are good because it is better to find problems in an environment that is somewhat sandboxed than it is in your production environment.So testing frameworks should be considered to be code injection frameworks and they can be vectors by which code can be injected into a tested application with system security implications.Understood this way, testing frameworks are not only insecure by design but this is desirable since you don't want a testing framework to hide a problem from you that could bite you in production.This is a generic problem of course.  A database testing framework would (and should) allow sql injection that could happen in the tested code so that these can be tested against.  So whether you working with Perl, Python, PostgreSQL, or anything else, the testing framework itself has to be properly secured.  And in each platform this means specific things.In PostgreSQL, this means you need to pay close attention to certain things, such as the fact that the database tests should probably not run as a superuser for example since a superuser can do things like create functions wit system access.In Perl, one of the most important things to consider is the inclusion of modules from the current working directory and the possibility that someone could do bad things there.What Prove GuaranteesProve guarantees that your perl code will run, in its current configuration, in accordance with your test cases.  This necessarily requires arbitrary code execution and arbitrary dependency requirements resolved in the way Perl would resolve them on your system.Prove guarantees that the guarantees you specify in your test cases are met by your current Perl configuration.  It therefore cannot safely do any extra sandboxing for you.How Prove WorksThe basic architecture of prove is that it wraps a test harness which runs a specified program (via the shebang line) parses its output assuming it to be in the test-anything protocol, and generates a report from the rest.  For example if you create a file test.t:#!/bin/bashecho 'ok 1';echo 'ok 2';echo '1..2';and run prove test.tYou will get a report like the following:$ prove test.t test.t .. ok   All tests successful.What prove has done is invoke /bin/bash, run the file on it, parse the output, check that 2 tests were run, and that both printed ok (it is a little more complex than this but....), and let you know it worked.Of course, usually we run perl, not bash.An Attack ScenarioThe most obvious attach scenarios would occur with automated test environment that are poorly secured.  In this case, if prove runs from a directory containing material more than one user might submit, user A may be able to inject code into user B's test runs.Suppose user A has a hook for customization as follows:eval { require 'custom.pl' };Now this is intended to run a custom.pl file, at most once, when the code is run, and it checks the current @INC paths.  If this doesn't exist it falls back to the current working directory, i.e. the directory the shell was working in when prove was run.  If this directory shares information between users, user b can write a custom.pl file into that directory which will run when user A's scheduled tests are run.The code would then run with the permissions of the test run and any misbehavior would tie back to user A's test run (it is harder to tie the behavior to user B).  In the event where user A's test run operates with more system permissions than user B's, the situation is quite a bit worse.  Or maybe user B doesn't even have tests run anymore for some reason.Now, it has been proposed that prove prune its own @INC but that doesn't address this attack because prove has to run perl separately.  Additionally separation of concerns dictates that this is not prove's problem.Behavior Considered Reasonably SafeAs we have seen, there are inherent risks to test frameworks and these have to be properly secured against the very real fact that one is often running untrusted code on them.  However, there are a few things that really should be considered safe.  These include: Running tests during installation of trusted software as root.  If you don't trust the software, you should not be installing it. Running tests from directories which store only information from a single user (subdirectories of a user's home directory for example). Recommendations for Test SystemsSeveral basic rules for test systems apply: Understand that test systems run arbitrary code and avoid running test cases for automated build and test systems as privileged users. Properly secure all working directories to prevent users from unknowingly sharing data or test logic Running as root is only permitted as part of a process installing trusted software. [Less]

A cardinal rule of software security is that, when faced with a problem, make sure you fully understand it before implementing a fix.  A cardinal rule of general library design is that heuristic approaches to deciding whether something is a problem ... [More] really should be disfavored.  These lessons were driven home when I ended up spending a lot of time debugging problems caused by a recent Debian fix for the CVE in the title.  Sure everyone messes up sometimes, and so this isn't really condemnation of Debian as a project but their handling of this particular CVE is a pretty good example of what not to do.In this article I am going to discuss actual exploits.  Full disclosure has been a part of the LedgerSMB security culture since we started and discussion of exploits in this case provide administrators with real chances to secure their systems, as well as distro maintainers, Perl developers etc to write more secure software.  Recommendations will be further given at the end regarding improving the security of Perl as a programming language.Part of the problem in this case is that the CVE is poorly scoped but CVE's are often poorly scoped and it is important for developers to work with security researchers to understand a problem, understand the implications of different approaches to fix it and so forth.  It is very easy to get in a view that "this must be fixed right now" but all too often (as here) a shallow fix does not completely resolve an issue and causes more problems than it resolves.The Problem (with exploits)Perl's system of module inclusion (and other operations) looks for Perl modules in the current directory after exhausting other directories.  Technically this is optional but most UNIX and Linux distributions have this behavior.  On the whole it is bad practice as well, which is why it is not by the default behavior of shells like bash.  But a lot of software depends on this (with some legitimate use cases) and so changing it is problematic.Perl programs are also often complex and have optional dependencies which may or may not exist on a system.  If those do not otherwise exist in the system Perl directories but exist in the current working directory, then these may be loaded from the current working directory.  Note that this is not actually limited to the current working directory, and Perl could load the files from all kinds of places, users-specified or not.So when one is running a Perl program in a world-writeable location, there is the opportunity for another user to put code there that may be picked up by the Perl interpreter and executed.  While the CVE is limited to implicit inclusion of the current working directory, the problem is actually quite a bit broader than that.  Include paths can be specified on the command line and if any of them are world-writeable, then variations of the same attacks are possible.Some programs, of course, are intended to run arbitrary Perl code.  The test harness programs are good examples of this.  Special attention will be given to the ways test harness programs can be exploited here.These features come together to create opportunities for exploits in multi-user systems which administrators need to be aware of and take immediate steps to prevent.  In my view there are a few important and needed features in Perl as well.A simple exploit:Create the following files in a safe directory:t/01-security.t, contents:use Test::More;require bar;eval { require foo };plan skip_all => 'nothing to do';lib/bar.pm contents:use 5.010;warn "this is ok";./foo.pm, contents:use 5.010;warn "Haxored!";now run:prove -Ilib t/01-security.tNow, what happens here is that the optional requirement of foo.pm in the test script gets resolved to the one that happens to be in your current working directory.  If that directory were world writeable, then someone could add that file and it would be run when you run your test cases.Now, it turns out that this is not a vulnerability with prove.  Because prove runs Perl in a separate process and parses the output, eliminating the resolution inside prove itself has no effect.  What this means is that the directory where you run something like prove can really matter and if you happen to be in a world writeable directory when you run it (or other Perl programs) you run the risk of including unintended code supplied by other users.  Not good.  None of the proposed fixes address the full scope of this problem either.  Note that if any directory in @INC is world-writeable, a security problem exists.  And because these can be specified in the Perl command line, this is far more of a root problem than the mere inclusion of the current working directory.Security Considerations for System Administrators and Software DevelopersAll exploits of this sort can be prevented even without the recommendations being followed in the proper fixes section.  System administrators should: Make sure that all directories in @INC other than the current working directory are properly secured against write access (this is a no brainer, but is worth repeating) Programs such as test harnesses which execute arbitrary Perl code should ONLY be run in properly secured directories, and the only time prove should ever be run as root is when installing (as root) modules from cpan. Scripts intended to be run in untrusted directories should be audited and one should ensure (and add if it is missing) the following line:  no lib '.'; Software developers should: think carefully about where a script might be executed.  If it is intended to be run on directories of user-supplied files, then include the  no lib '.';  (This does not apply to test harnesses and other programs which execute arbitrary Perl programs). Module maintainers should probably avoid using optional config modules to do configuration.  These optional configuration modules provide standard points of attack.  Use non-executable configuration files instead or modules which contain interfaces for a programmer to change the configuration. What is wrong with the proposed fixesThe approach recommended by the reporter of the problem is to make modules exclude an implicit current working directory when loading optional dependencies.  This, as I will show, raises very serious separation of concerns problems and in Debian's case includes one serious bug which is not obvious from outside.  Moreover it doesn't address the problems caused by running test harnesses and the like in untrusted directories.  So one gets a *serious* problem with very little real security benefit.If you are reading through the diff linked to above, you will note it is basically boilerplate that localizes @INC and removes the last entry if it is equal to a single dot.  This breaks base.pm badly because inheritance in Perl no longer follows @INC the way use does.  Without this patch the following are almost equivalent with the exception that the latter also runs the module's import() routine:use base 'Myclass';anduse Myclass;use base 'Myclass';But with this patch, the latter works and the former does not unless you specify -MMyclass in the Perl command line.  This occurs because someone is thinking technically about an issue without comprehending that this isn't an optional dependency in base and therefore the problem doesn't apply there.  But the problem is not quickly evident in the diff, nor is it evident when trying to fix this in this way on the module level.  It breaks the software contract badly, and does so for no benefit.As a general rule, modules should be expected to act sanely when it comes to their own internal structure, but playing with @INC violates basic separation of concerns and a system that cannot be readily understood cannot be readily secured (which is why this is a real issue in the first place -- nobody understands all the optional dependencies of all the dependencies of every script on their system).Recommendations for proper fixesThere are several things that Perl and Linux distros can do to provide proper fixes to this sort of problem.  These approaches do not violate the issues of separation of concerns.  The first and most important is to provide an option to globally remove '.' from @INC on a per-system basis.  This is one of the things that Debian did right in their reaction to this.  Providing tools for administrators to secure their systems is a good thing.A second thing is that Perl already has a number of enhanced modes for dealing with security concerns and adding another would be a good idea.  In fact, this could probably be done as a pragma which would: On load, check to see that directories in @INC are not world-writeable -- if they are, remove them from @INC and warn, and when using lib, check to see if the directory is world-writeable and if it is die hard. But making this a module's responsibility to care what @INC says?  That's a recipe for problems and not of solutions both security and otherwise. [Less]

1.5.0-rc1 Released Download 1.5.0-rc1 ehu Sat, 07/30/2016 - 14:54 The LedgerSMB development team is happy to announce yet another newversion of its open source ERP and accounting application. This ... [More] releasecontains countless fixes and improvements based on developer and real-lifetesting.  Please test and provide feedback for this this release in the issue tracker onGitHub and on the developers mailing list. The tarbal has been uploaded toSourceForge for download at:  https://sourceforge.net/These are the sha256 checksums of the uploaded files:ffdcc0b2d178f1152dc50e365301f1a11bd1b759ace81480941c0d65f46e2add  ledgersmb-1.5.0-rc1.tar.gz91c6319a49507587b73dde71f0e6afa35b0779aa51088a59dfdaefd4f38dddd0  ledgersmb-1.5.0-rc1.tar.gz.asc Release 1.5 Security release Off Release candidate On [Less]

Download:  1.5.0-rc1 The LedgerSMB development team is happy to announce yet another newversion of its open source ERP and accounting application. This releasecontains countless fixes and improvements based on developer and real-lifetesting.  ... [More] Please test and provide feedback for this this release in the issue tracker onGitHub and on the developers mailing list. The tarbal has been uploaded toSourceForge for download at:  https://sourceforge.net/These are the sha256 checksums of the uploaded files:ffdcc0b2d178f1152dc50e365301f1 Release:  1.5 Security release:  No Release candidate:  Yes [Less]

Download:  1.5.0-rc1 The LedgerSMB development team is happy to announce yet another newversion of its open source ERP and accounting application. This releasecontains countless fixes and improvements based on developer and real-lifetesting.  ... [More] Please test and provide feedback for this this release in the issue tracker onGitHub and on the developers mailing list. The tarbal has been uploaded toSourceForge for download at:  https://sourceforge.net/These are the sha256 checksums of the uploaded files:ffdcc0b2d178f1152dc50e365301f1a11bd1b759ace81480941c0d65f46e2add  ledgersmb-1.5.0-rc1.tar.gz91c6319a49507587b73dde71f0e6afa35b0779aa51088a59dfdaefd4f38dddd0  ledgersmb-1.5.0-rc1.tar.gz.asc Release:  1.5 Security release:  No Release candidate:  Yes [Less]

1.3.48 Released Download 1.3.48 ehu Sat, 07/30/2016 - 11:53 The LedgerSMB development team is happy to announce yet another newversion of its open source ERP and accounting application. This ... [More] releasecontains the following fixes and improvements: Adding current directory explicitly to include path for Debian (Chris T and Erik H) Please note that this release quickly follows a security update of the baseDebian Perl package, as the security release broke LedgerSMB's operation,resulting in HTTP 500 (Internal server error) being thrown on every request. Chris T is Chris TraversErik H is Erik Huelsmann The release can be downloaded from sourceforge athttps://sourceforge.net/projects/ledger-smb/files/Releases/1.3.48/ These are the sha256 checksums of the uploaded files:5702167e37d8fe2a80bb748f7b749325dffa6c8be4e2d13fd8156afe8bb69f64 ledgersmb-1.3.48.tar.gz081a44abd9c504ce53950c00df7625a82baef67ad9b8c56b4b3d8b4772458bbe ledgersmb-1.3.48.tar.gz.asc Release 1.3 Security release Off Release candidate Off [Less]

Download:  1.3.48 The LedgerSMB development team is happy to announce yet another newversion of its open source ERP and accounting application. This releasecontains the following fixes and improvements: Adding current directory explicitly to ... [More] include path for Debian (Chris T and Erik H) Please note that this release quickly follows a security update of the baseDebian Perl package, as the security release broke LedgerSMB's operation,resulting in HTTP 500 (Internal server error) being thrown on every request. Chris T is Chris TraversErik H is Erik Huelsmann The release can be downloaded from sourceforge athttps://sourceforge.net/projects/ledger-smb/files/Releases/1.3.48/ These are the sha256 checksums of the uploaded files:5702167e37d8fe2a80bb748f7b749325dffa6c8be4e2d13fd8156afe8bb69f64 ledgersmb-1.3.48.tar.gz081a44abd9c504ce53950c00df7625a82baef67ad9b8c56b4b3d8b4772458bbe ledgersmb-1.3.48.tar.gz.asc Release:  1.3 Security release:  No Release candidate:  No [Less]

1.3.48 Released Download 1.3.48 ehu Sat, 07/30/2016 - 11:53 The LedgerSMB development team is happy to announce yet another newversion of its open source ERP and accounting application. This ... [More] releasecontains the following fixes and improvements: Adding current directory explicitly to include path for Debian (Chris T and Erik H) Please note that this release quickly follows a security update of the baseDebian Perl package, as the security release broke LedgerSMB's operation,resulting in HTTP 500 (Internal server error) being thrown on every request. Chris T is Chris TraversErik H is Erik Huelsmann The release can be downloaded from sourceforge athttps://sourceforge.net/projects/ledger-smb/files/Releases/1.3.48/ These are the sha256 checksums of the uploaded files:5702167e37d8fe2a80bb748f7b749325dffa6c8be4e2d13fd8156afe8bb69f64 ledgersmb-1.3.48.tar.gz081a44abd9c504ce53950c00df7625a82baef67ad9b8c56b4b3d8b4772458bbe ledgersmb-1.3.48.tar.gz.asc Release 1.3 Security release Off Release candidate Off [Less]

1.4.31 Released Download 1.4.31 ehu Sat, 07/30/2016 - 10:40 The LedgerSMB development team is happy to announce yet another newversion of its open source ERP and accounting application. This ... [More] releasecontains the following fixes and improvements: Fixed user with contact all privileges can't create contacts (Chris T #1219) Fixed new user with manage users can't see employee (Chris T #1841) Fixed Can't upload html templates (Chris T, #1179) Fixed can't log into companies with & in their names (Chris T, #1004) Added NZ chart of accounts (Kiwi) Fixed can't create checkpoints before transactions (Chris T, #1704) Fixed contact_all insufficient to create contacts (Chris T, #1219) Fixed internal server errors on debian following upgrade (Chris T and Erik H) Please note that this release quickly follows a security update of the base Debian Perlpackage, as the security release broke LedgerSMB's operation, resulting in HTTP 500(Internal server error) being thrown on every request. The release can be downloaded from sourceforge athttps://sourceforge.net/projects/ledger-smb/files/Releases/1.4.31/ These are the sha256 checksums of the uploaded files:4fc6d4829f4b961c9e88351946e978ca73c63bf7c93db15287511b8289180122 ledgersmb-1.4.31.tar.gzeb31b6d6b318d60f916ed27b210961c6ba6a9e8c4461e487b5893578fa710607 ledgersmb-1.4.31.tar.gz.asc Release 1.4 Security release Off Release candidate Off [Less]