Maintainer Evgeny Sinelnikov in the c9f2 branch: Information

- Update to release for samba-4.16
- New version for samba-4.16
- Build to branch c9 for update samba to latest supported security release 4.16
- Backport security fixes from Samba 4.17
- Security fixes (Samba#15422, Samba#15424, Samba#15439, Samba#15473, Samba#15474):
 + CVE-2023-3961:  Unsanitized pipe names allow SMB clients to connect as root
                   to existing unix domain sockets on the file system.
                   https://www.samba.org/samba/security/CVE-2023-3961.html

 + CVE-2023-4091:  SMB client can truncate files to 0 bytes by opening files
                   with OVERWRITE disposition when using the acl_xattr Samba VFS
                   module with the smb.conf setting
                   "acl_xattr:ignore system acls = yes"
                   https://www.samba.org/samba/security/CVE-2023-4091.html

 + CVE-2023-4154:  An RODC and a user with the GET_CHANGES right can view all
                   attributes, including secrets and passwords.  Additionally,
                   the access check fails open on error conditions.
                   https://www.samba.org/samba/security/CVE-2023-4154.html

 + CVE-2023-42669: Calls to the rpcecho server on the AD DC can request that the
                   server block for a user-defined amount of time, denying
                   service.
                   https://www.samba.org/samba/security/CVE-2023-42669.html

 + CVE-2023-42670: Samba can be made to start multiple incompatible RPC
                   listeners, disrupting service on the AD DC.
                   https://www.samba.org/samba/security/CVE-2023-42670.htm
- 0.9.0 (See CHANGELOG.txt for details)
- Fixes:
  + Vesioning improved.
  + Fixed build on e2k platform.
- Backport updates to ipaserver/dcerpc, ipasam, rpcserver and trust-add mudules.
- Apply separated patch for CVE-2023-5455.
- Update to latest 2.9 major release in long-term maintenance (LTM) phase.
- Fixes from upstream:
  + A crash when PAM passkey processing incorrectly handles non-passkey data.
  + A workaround was implemented to handle gracefully misbehaving applications
    that destroy internal state of SSSD client librarires.
  + An error when rotating KCM's logs was fixed.
  + Group membership handling when members are coming from different forest
    domains and using ldap token groups is prohibited.
  + Files provider was erroneously taking into consideration local_auth_policy
    config option, thus breaking smartcard authentication of local user in
    setups that didn't explicitly specify this option.
- Update to stable release 6.15 (Samba#15025, Samba#15026)
- mount.cifs: fix length check for ip option parsing (fixes: CVE-2022-27239)
- mount.cifs: fix verbose messages on option parsing (fixes: CVE-2022-29869)
- Update to latest release with support for fd-passing via unix sockets
- Add public libsocket_wrapper_noop library
- new version 1.1.4
- Update to the 2.3.2 with backported all C code changes from ldb-2.4.1
- Fix overflow timestring test for 32 bits platforms
- Add support samba-tool-plus alternative for samba-dc build with heimdal.
- Revert reverted patch with change owner/permissions of user deskprofile path
  due it still needed.
- Add support samba-tool-plus alternatives for various samba-dc and
  samba-dc-mitkrb5 builds with Heimdal and MIT Kerberos respectively.
- Backport fixes from 1.18.4 (Fixes: CVE-2021-36222)
- Added support for Kerberos authentication via use_kerberos.patch
- Adjust local policy templates
- Add control system-policy for gpupdate
- Fixed typo in screensaver setting in Russian translations
- Improve English translation of gsettings strings
- Fix authetication method bug for gsetting oprtion:
  org.gnome.Vino.authentication-methods
- Added exception for org.gnome.Vino authentication-methods
- Fixed bug for alternative-port in org.gnome.Vino
- Update to latest security release of Samba 4.14
- Fix performance regressions in lsa_LookupSids3/LookupNames4 since Samba 4.9 by
  using an explicit database handle cache and address a signifcant in database
  access in the AD DC since Samba 4.12.
- Fix an unuthenticated user can crash the AD DC KDC by omitting the server name
  in a TGS-REQ (Fixes: CVE-2021-3671).
- Fix the ability to add user_of_subject to user_identities
- Refactoring the addition_to_user_identities_user_of_subject function
- Build for admc-0.7.1-alt1.
- Fix the ability to add user_of_subject to user_identities
- Refactoring the addition_to_user_identities_user_of_subject function
- Initial build
- Update to new release
- Add admx-lint check with special workaround:
  https://github.com/altlinux/admx-lint/issues/1
- Update to latest release 91.0-4472.164
- Add admx-lint check with special workaround:
  https://github.com/altlinux/admx-lint/issues/1
- Convert UTF-16 chrome.adm files to UTF-8
- Add new categories and policies:
 + SSHD and Systemd categories
 + Windows policies mapping support (applied for GSettings only yet)
- Add admx and adml files checking via admx-lint
- Fix GSettings applier user part support
- Add support additional firefox appliers
- Add new windows policies mapping capability feature ruled by:
  Software\BaseALT\Policies\GPUpdate\WindowsPoliciesMapping
- Improve drop privileges mechanism with fork and dbus session
- Don't stop with error if DESTDIR already exists
- Update to latest release of Samba 4.14 with smbd and samba-tool fixes
- Fix using obsoleted in samba-4.14 cmd_user_create class with renamed
  cmd_user_add class (closes: 40557)
- Add conflicts with old samba package provided python3(samba.netcmd.user)
- 1.17.2 (Fixes: CVE-2020-28196)
- Update to latest release
- Update to latest release
- Update to latest release.
- Initial build for ALT Sisyphus
- Update to latest release
- Update to the 2.3.0 for latest samba-4.14.2 security release
- Update to latest release of Samba 4.14 with ensure POSIX default ACL
  is mapped into returned Windows ACL for directory handles and fix
  uninitialized memory read in process_symlink_open() when used with
  vfs_shadow_copy2() for smbd.
- Add sssd-drop-privileges control
- Fix sssd-ad-gpo-access-control with more appropriate designations
- Apply internal, domain and service fixes from upstream.
- Add compatibility support of unprivileged mode with "user = _sssd"
  due from sssd-2.4.2 default user is set to root.
- Update to new release with russian translation
- Set right URL of upstream project
- Update to latest release
- Fix installation to /usr/share/PolicyDefinitions
- Set right License and URL of upstream project
- add obsoletes to python-module-freeipa to help apt update freeipa-client

Maintainer Evgeny Sinelnikov in the c9f2 branch: Information

Last changes

#360615 sent by Evgeny Sinelnikov

#360442 sent by Evgeny Sinelnikov

#306007 sent by Evgeny Sinelnikov

#289286 sent by Evgeny Sinelnikov

#285075 sent by Evgeny Sinelnikov

#285315 sent by Evgeny Sinelnikov

#279736 sent by Evgeny Sinelnikov

#279903 sent by Evgeny Sinelnikov

#271795 sent by Evgeny Sinelnikov