Maintainer Evgeny Sinelnikov in the c9f2 branch: Information
Maintainer name: Evgeny Sinelnikov (sin)
Built source packages in this branch: 125
Last changes
Nov 15, 2024, 08:05 PM
#360615 sent by Evgeny Sinelnikov
samba-4.16_and_freeipa-4.8_security_update
A trivial database system
A schema-less, ldap like, API and database
May 24, 2024 Evgeny Sinelnikov:
- Build to branch c9 for update samba to latest supported security release 4.16
The Samba4 CIFS and AD client and server suite
May 20, 2024 Evgeny Sinelnikov:
- Backport security fixes from Samba 4.17 - Security fixes (Samba#15422, Samba#15424, Samba#15439, Samba#15473, Samba#15474): + CVE-2023-3961: Unsanitized pipe names allow SMB clients to connect as root to existing unix domain sockets on the file system. CVE-2023-3961.html" target="_blank">https://www.samba.org/samba/security/CVE-2023-3961.html + CVE-2023-4091: SMB client can truncate files to 0 bytes by opening files with OVERWRITE disposition when using the acl_xattr Samba VFS module with the smb.conf setting "acl_xattr:ignore system acls = yes" CVE-2023-4091.html" target="_blank">https://www.samba.org/samba/security/CVE-2023-4091.html + CVE-2023-4154: An RODC and a user with the GET_CHANGES right can view all attributes, including secrets and passwords. Additionally, the access check fails open on error conditions. CVE-2023-4154.html" target="_blank">https://www.samba.org/samba/security/CVE-2023-4154.html + CVE-2023-42669: Calls to the rpcecho server on the AD DC can request that the server block for a user-defined amount of time, denying service. CVE-2023-42669.html" target="_blank">https://www.samba.org/samba/security/CVE-2023-42669.html + CVE-2023-42670: Samba can be made to start multiple incompatible RPC listeners, disrupting service on the AD DC. CVE-2023-42670.htm" target="_blank">https://www.samba.org/samba/security/CVE-2023-42670.htm
Group policy editorrebuild sssd-2.9.4-alt1System Security Services DaemonThe Identity, Policy and Audit systemOct. 25, 2024 Evgeny Sinelnikov:- Backport updates to ipaserver/dcerpc, ipasam, rpcserver and trust-add mudules. - Apply separated patch for CVE-2023-5455.Oct 29, 2024, 06:03 PM#360442 sent by Evgeny Sinelnikov
Update_from_p10_redmine_issue_136801rebuild jose-10-alt1C-language implementation of Javascript Object Signing and EncryptionSystem Security Services DaemonJan. 17, 2024 Evgeny Sinelnikov:- Update to latest 2.9 major release in long-term maintenance (LTM) phase. - Fixes from upstream: + A crash when PAM passkey processing incorrectly handles non-passkey data. + A workaround was implemented to handle gracefully misbehaving applications that destroy internal state of SSSD client librarires. + An error when rotating KCM's logs was fixed. + Group membership handling when members are coming from different forest domains and using ldap token groups is prohibited. + Files provider was erroneously taking into consideration local_auth_policy config option, thus breaking smartcard authentication of local user in setups that didn't explicitly specify this option.Sep 5, 2022, 05:50 PM#306007 sent by Evgeny Sinelnikov
Update_to_security_releaseUtilities for doing and managing mounts of the Linux CIFS filesystemAug. 31, 2022 Evgeny Sinelnikov:- Update to stable release 6.15 (Samba#15025, Samba#15026) - mount.cifs: fix length check for ip option parsing (fixes: CVE-2022-27239) - mount.cifs: fix verbose messages on option parsing (fixes: CVE-2022-29869)Nov 18, 2021, 07:38 PM#289286 sent by Evgeny Sinelnikov
Security_releases_of_samba_and_sssdA library passing all socket communications through Unix socketsJuly 29, 2021 Evgeny Sinelnikov:- Update to latest release with support for fd-passing via unix sockets - Add public libsocket_wrapper_noop library
A tool to test PAM applications and PAM modulesA schema-less, ldap like, API and databaseNov. 7, 2021 Evgeny Sinelnikov:- Update to the 2.3.2 with backported all C code changes from ldb-2.4.1 - Fix overflow timestring test for 32 bits platforms
The Samba4 CIFS and AD client and server suiteNov. 13, 2021 Evgeny Sinelnikov:- Add support samba-tool-plus alternative for samba-dc build with heimdal.
System Security Services DaemonNov. 15, 2021 Evgeny Sinelnikov:- Revert reverted patch with change owner/permissions of user deskprofile path due it still needed.
Extended samba-tool (netcmd) versionNov. 13, 2021 Evgeny Sinelnikov:- Add support samba-tool-plus alternatives for various samba-dc and samba-dc-mitkrb5 builds with Heimdal and MIT Kerberos respectively.Oct 28, 2021, 01:05 PM#285075 sent by Evgeny Sinelnikov
New_release_with_multiple_fixes_and_improvements.The Kerberos network authentication systemPython interface for smbclientALT Local policiesSept. 14, 2021 Evgeny Sinelnikov:- Adjust local policy templates - Add control system-policy for gpupdate
BaseALT-specific ADMX policy templatesOct. 22, 2021 Evgeny Sinelnikov:- Fixed typo in screensaver setting in Russian translations - Improve English translation of gsettings strings - Fix authetication method bug for gsetting oprtion: org.gnome.Vino.authentication-methods
GPT applierOct. 25, 2021 Evgeny Sinelnikov:- Added exception for org.gnome.Vino authentication-methods - Fixed bug for alternative-port in org.gnome.Vino
The Samba4 CIFS and AD client and server suiteOct. 6, 2021 Evgeny Sinelnikov:- Update to latest security release of Samba 4.14 - Fix performance regressions in lsa_LookupSids3/LookupNames4 since Samba 4.9 by using an explicit database handle cache and address a signifcant in database access in the AD DC since Samba 4.12. - Fix an unuthenticated user can crash the AD DC KDC by omitting the server name in a TGS-REQ (Fixes: CVE-2021-3671).
PolicyKit Authorization FrameworkSept. 16, 2021 Evgeny Sinelnikov:- Fix the ability to add user_of_subject to user_identities - Refactoring the addition_to_user_identities_user_of_subject function
Sep 22, 2021, 06:16 AM#285315 sent by Evgeny Sinelnikov
Fix polkit chalenge for domain users.PolicyKit Authorization FrameworkSept. 16, 2021 Evgeny Sinelnikov:- Fix the ability to add user_of_subject to user_identities - Refactoring the addition_to_user_identities_user_of_subject functionJul 26, 2021, 05:04 PM#279736 sent by Evgeny Sinelnikov
Update to latest samba stack releasesFirefox-specific ADMX policy templatesJuly 18, 2021 Evgeny Sinelnikov:- Update to new release - Add admx-lint check with special workaround: https://github.com/altlinux/admx-lint/issues/1
Chromium-specific ADMX policy templatesJuly 18, 2021 Evgeny Sinelnikov:- Update to latest release 91.0-4472.164 - Add admx-lint check with special workaround: https://github.com/altlinux/admx-lint/issues/1 - Convert UTF-16 chrome.adm files to UTF-8
BaseALT-specific ADMX policy templatesJuly 18, 2021 Evgeny Sinelnikov:- Add new categories and policies: + SSHD and Systemd categories + Windows policies mapping support (applied for GSettings only yet) - Add admx and adml files checking via admx-lint
GPT applierJuly 18, 2021 Evgeny Sinelnikov:- Fix GSettings applier user part support - Add support additional firefox appliers - Add new windows policies mapping capability feature ruled by: Software\BaseALT\Policies\GPUpdate\WindowsPoliciesMapping - Improve drop privileges mechanism with fork and dbus session
ADMX msi file downloader and extractorThe Samba4 CIFS and AD client and server suiteJuly 19, 2021 Evgeny Sinelnikov:- Update to latest release of Samba 4.14 with smbd and samba-tool fixesJul 22, 2021, 03:01 PM#279903 sent by Evgeny Sinelnikov
Fix regression with samba 4.14Extended samba-tool (netcmd) versionJuly 21, 2021 Evgeny Sinelnikov:- Fix using obsoleted in samba-4.14 cmd_user_create class with renamed cmd_user_add class (closes: 40557) - Add conflicts with old samba package provided python3(samba.netcmd.user)Jun 29, 2021, 01:22 AM#271795 sent by Evgeny Sinelnikov
Update to latest security releaseThe Kerberos network authentication systemA library passing all socket communications through Unix socketsA wrapper for privilege separationA wrapper for the user, group and hosts NSS APIA wrapper for dns name resolving or dns fakingA schema-less, ldap like, API and databaseThe Samba4 CIFS and AD client and server suiteJune 4, 2021 Evgeny Sinelnikov:- Update to latest release of Samba 4.14 with ensure POSIX default ACL is mapped into returned Windows ACL for directory handles and fix uninitialized memory read in process_symlink_open() when used with vfs_shadow_copy2() for smbd.
ALT Local policiesMarch 5, 2021 Evgeny Sinelnikov:- Add sssd-drop-privileges control - Fix sssd-ad-gpo-access-control with more appropriate designations
System Security Services DaemonMay 7, 2021 Evgeny Sinelnikov:- Apply internal, domain and service fixes from upstream. - Add compatibility support of unprivileged mode with "user = _sssd" due from sssd-2.4.2 default user is set to root.
Firefox-specific ADMX policy templatesMay 7, 2021 Evgeny Sinelnikov:- Update to new release with russian translation - Set right URL of upstream project
Chromium-specific ADMX policy templatesMay 7, 2021 Evgeny Sinelnikov:- Update to latest release - Fix installation to /usr/share/PolicyDefinitions - Set right License and URL of upstream project
The Identity, Policy and Audit systemNov. 25, 2020 Anton V. Boyarshinov:- add obsoletes to python-module-freeipa to help apt update freeipa-client