Maintainer Evgeny Sinelnikov in the p10 branch: Information
Maintainer name: Evgeny Sinelnikov (sin)
Built source packages in this branch: 123
-
- @mono
- @kernel
- @qa_p10
- @python
Last changes
Feb 20, 2024, 08:56 PM
#335987 sent by Evgeny Sinelnikov
Update_samba_to_latest_release
The talloc library
A trivial database system
A library passing all socket communications through Unix sockets
Oct. 20, 2023 Evgeny Sinelnikov:
- Fixed LFS issues on 32bit platforms - Fixed issue with fnctl() on 32bit - Added openat64() to detect stale fds
A wrapper for the user, group and hosts NSS API
A wrapper for dns name resolving or dns faking
A wrapper for privilege separation
A schema-less, ldap like, API and database
The Samba4 CIFS and AD client and server suite
Jan. 16, 2024 Evgeny Sinelnikov:
- Update to stable release of Samba 4.19 - Fixes from upstream: + net changesecretpw cannot set the machine account password if secrets.tdb is empty (Samba#13577). + Following intermediate abolute share-local symlinks is broken (Samba#15505). ctdb RELEASE_IP causes a crash in release_ip if a connection to a non-public address disconnects first (Samba#15523). + shadow_copy2 broken when current fileset's directories are removed (Samba#15544). + 'force user = localunixuser' doesn't work if 'allow trusted domains = no' is set (Samba#15469). + smbget: debug logging doesn't work (Samba#15525), username in the smburl and interactive password entry doesn't work (Samba#15532), auth function doesn't set values for password prompt correctly (Samba#15538). + Unable to copy and write files from clients to Ceph cluster via SMB Linux gateway with Ceph VFS module (Samba#15440). + Multichannel refresh network information (Samba#15547).
System Security Services Daemon
Jan. 17, 2024 Evgeny Sinelnikov:
- Update to latest 2.9 major release in long-term maintenance (LTM) phase. - Fixes from upstream: + A crash when PAM passkey processing incorrectly handles non-passkey data. + A workaround was implemented to handle gracefully misbehaving applications that destroy internal state of SSSD client librarires. + An error when rotating KCM's logs was fixed. + Group membership handling when members are coming from different forest domains and using ldap token groups is prohibited. + Files provider was erroneously taking into consideration local_auth_policy config option, thus breaking smartcard authentication of local user in setups that didn't explicitly specify this option.
rebuild admc-0.15.2-alt1
Active Directory Management Center
rebuild gpui-0.2.40-alt1
Group policy editor
rebuild freeipa-4.9.14-alt0.p10.1
The Identity, Policy and Audit system
Extended samba-tool (netcmd) version
Feb. 19, 2024 Evgeny Sinelnikov:
- Add compatibility with stable releases of samba-4.18 and later (closes: 49404). - Replace python3 build to new pyproject_build process.
Dec 15, 2023, 07:58 PM
#336289 sent by Evgeny Sinelnikov
fixed_samba_regression_with_obey_pam_restrictions
The Samba4 CIFS and AD client and server suite
Dec. 12, 2023 Evgeny Sinelnikov:
- Replace samba service pam config to samba-common due regression with password authentication in security = user mode with obey pam restrictions = yes.
Dec 14, 2023, 07:14 PM
#335986 sent by Evgeny Sinelnikov
Update_to_latest_release
System Security Services Daemon
Nov. 20, 2023 Evgeny Sinelnikov:
- Update to latest 2.9 major release. + KCM: provide mechanism to purge expired credentials. + Default hardening - id_provider channel defaults unencrypted with starttls. + sssd-sudo missing debug statement in its .service file. + SSSD goes offline during initgroups of trusted user if a group is missing SID. + Incorrect handling of reverse IPv6 update results in update failure. + sssd-2.9.2 breaks smart card authentication (on el8). - The proxy provider is now able to handle certificate mapping and matching rules and users handled by the proxy provider can be configured for local Smartcard authentication. - Passkey doesn't fail when using FreeIPA server-side authentication and require-user-verification=false. - When adding a new credential to KCM and the user has already reached their limit, the oldest expired credential will be removed to free some space.
Dec 6, 2023, 10:26 PM
#332201 sent by Evgeny Sinelnikov
Rebuild_with_latest_samba_security_release
A trivial database system
The talloc library
The tevent library
A library passing all socket communications through Unix sockets
March 24, 2023 Evgeny Sinelnikov:
- Split and place libsocket_wrapper_noop library and it's development files to separate subpackages.
A wrapper for the user, group and hosts NSS API
Sept. 17, 2022 Evgeny Sinelnikov:
- Fixed possible crash in getaddrinfo() - Fixed issues with processes closing all fds when forking - Fixed issues with setgrent() and endpwent() nss module support
A schema-less, ldap like, API and database
The Samba4 CIFS and AD client and server suite
Dec. 5, 2023 Evgeny Sinelnikov:
- Security update of Samba 4.17 with fixes of the Samba CVE for Deleted Object tombstones visible in AD LDAP to normal users (CVE-2018-14628). - Security fixes: + CVE-2018-14628: Wrong ntSecurityDescriptor values for "CN=Deleted Objects" allow read of object tombstones over LDAP (Administrator action required!) https://www.samba.org/samba/security/CVE-2018-14628.html
System Security Services Daemon
Oct. 6, 2023 Evgeny Sinelnikov:
- Update to latest 2.9 major release. - sss_simpleifp library removed due it deprecated. - "Files provider" removed due it deprecated, using "Proxy provider" with proxy_lib_name = files instead. - New passkey functionality, which will allow the use of FIDO2 compliant devices to authenticate a centrally managed user locally. - Default value of cache_first option was changed to true. - sssctl cert-show and cert-show cert-eval-rule can now be run as non-root user. - certmap: Handle type change of x400Address (due to CVE-2023-0286). - New option local_auth_policy is added to control which offline authentication methods will be enabled by SSSD. - SSSD can be configured not to perform a DNS search during DNS name resolution. This behavior is governed by the new dns_resolver_use_search_list in the domain section. Default value is true (follows the system settings).
rebuild freeipa-4.9.11-alt0.p10.1
The Identity, Policy and Audit system
rebuild admc-0.14.0-alt1
Active Directory Management Center
rebuild gpui-0.2.34-alt1
Group policy editor
A GSSAPI/SPNEGO authentication handler for python-requests
Certificate Enrollment through CEP/CES
March 21, 2023 Evgeny Sinelnikov:
- Add support the openssl security level
Dec 6, 2023, 09:56 AM
#333866 sent by Evgeny Sinelnikov
security_update
Allows command execution as another user
Nov. 8, 2023 Evgeny Sinelnikov:
- Update to latest stable bugfix and security release (fixes: CVE-2023-42465): + The sudoers plugin has been modified to make it more resilient to ROWHAMMER attacks on authentication and policy matching. + The sudoers plugin now constructs the user time stamp file path name using the user-ID instead of the user name. This avoids a potential problem with user names that contain a path separator ('/') being interpreted as part of the path name. A similar issue in sudo-rs has been assigned CVE-2023-42456. - Fixes in behavior: + The visudo utility will no longer create an empty file when the specified sudoers file does not exist and the user exits the editor without making any changes (GitHub#294). + Fixed a bug where output could go to the wrong terminal if "use_pty" is enabled (the default) and the standard input, output or error is redirected to a different terminal. Bug #1056. + A path separator ('/') in a user, group or host name is now replaced with an underbar character ('_') when expanding escapes in @include and @includedir directives as well as the "iolog_file" and "iolog_dir" sudoers Default settings. - Fixes in user output: + Running "sudo -ll command" now produces verbose output that includes matching rule as well as the path to the sudoers file the matching rule came from. + Changes to terminal settings are now performed atomically, where possible. If the command is being run in a pseudo-terminal and the user's terminal is already in raw mode, sudo will not change the user's terminal settings. This prevents concurrent sudo processes from restoring the terminal settings to the wrong values (GitHub#312). + Better log message when rejecting a command if the "intercept" option is enabled and the "intercept_allow_setid" option is disabled. Previously, "command not allowed" would be logged and the user had no way of knowing what the actual problem was. - Fixes in logging: + The sudoers source is now logged in the JSON event log. This makes it possible to tell which rule resulted in a match. + Sudo will now log the invoking user's environment as "submitenv" in the JSON logs. The command's environment ("runenv") is no longer logged for commands rejected by the sudoers file or an approval plugin. + The sudo_logsrvd server will now raise its open file descriptor limit to the maximum allowed value when it starts up. Each connection can require up to nine open file descriptors so the default soft limit may be too low. - Fixed regressions: + Fixed the warning message for "sudo -l command" when the command is not permitted. There was a missing space between "list" and the actual command due to changes in sudo 1.9.14. + The "intercept_verify" sudoers option is now only applied when the "intercept" option is set in sudoers. Previously, it was also applied when "log_subcmds" was enabled. Sudo 1.9.14 contained an incorrect fix for this. + Reverted a change from sudo 1.9.4 that resulted in PAM session modules being called with the environment of the command to be run instead of the environment of the invoking user (GitHub#318).
Nov 3, 2023, 09:51 AM
#332214 sent by Evgeny Sinelnikov
Update_for_current_firefox_releases
Firefox-specific ADMX policy templates
Oct. 20, 2023 Evgeny Sinelnikov:
- Update Policy templates for Firefox 114 and Firefox ESR 102.12
Sep 25, 2023, 10:13 PM
#329662 sent by Evgeny Sinelnikov
fix_systemd-networkd
alterator module for tcp/ip connections configuration
Sept. 15, 2023 Evgeny Sinelnikov:
- Fix systemd-networkd cache initialization
Aug 25, 2023, 04:51 PM
#327269 sent by Evgeny Sinelnikov
New_package_with_licenses
Texts of various distribution licenses
Aug. 17, 2023 Anton Midyukov:
- ALT_Regular_License: clean STATUS, adjust variables to be clear, add p10 branch
Jul 28, 2023, 09:20 PM
#325414 sent by Evgeny Sinelnikov
compatibility_update
The Samba4 CIFS and AD client and server suite
July 23, 2023 Evgeny Sinelnikov:
- Add check with admx-lint for group policy templates validation.
Jul 18, 2023, 09:10 PM
#324836 sent by Evgeny Sinelnikov
Update_to_new_release
Allows command execution as another user
July 14, 2023 Evgeny Sinelnikov:
- Disable build of shared libutil. - Enable build with static sudoers.
Jul 7, 2023, 05:46 PM
#324183 sent by Evgeny Sinelnikov
New_PAM_compatibility_module
PAM module that uses login name configured through NSS
July 4, 2023 Evgeny Sinelnikov:
- Initial build for Sisyphus.
Jun 15, 2023, 04:47 PM
#322110 sent by Evgeny Sinelnikov
Update_to_new_release
Allows command execution as another user
April 17, 2023 Evgeny Sinelnikov:
- Update to latest stable release with regressions. - Fixed a bug that could cause sudo to hang when running a command in a pseudo-terminal when there is still input buffered after a command has exited. - Fixed regressions in sudo 1.9.13: + Fixed a bug introduced in sudo 1.9.13 that caused a syntax error when "list" was used as a user or host name (GitHub #246). + Fixed "sudo -U otheruser -l command" (GitHub #248). + Fixed "sudo -l command args" when matching a command in sudoers with command line arguments (GitHub #249).
Apr 14, 2023, 06:47 PM
#317735 sent by Evgeny Sinelnikov
Security_update
A schema-less, ldap like, API and database
The Samba4 CIFS and AD client and server suite
March 29, 2023 Evgeny Sinelnikov:
- Update to security release of Samba 4.16 with update libldb to 2.5.3: + ldb wildcard matching makes excessive allocations (Samba#15331). - Security fixes (Samba#15270, Samba#15315): + CVE-2023-0922: The Samba AD DC administration tool, when operating against a remote LDAP server, will by default send new or reset passwords over a signed-only connection. https://www.samba.org/samba/security/CVE-2023-0922.html + CVE-2023-0614: The fix in 4.6.16, 4.7.9, 4.8.4 and 4.9.7 for CVE-2018-10919 Confidential attribute disclosure via LDAP filters was insufficient and an attacker may be able to obtain confidential BitLocker recovery keys from a Samba AD DC. Installations with such secrets in their Samba AD should assume they have been obtained and need replacing. https://www.samba.org/samba/security/CVE-2023-0614.html
rebuild sssd-2.8.1-alt1
System Security Services Daemon
Apr 13, 2023, 07:34 PM
#317242 sent by Evgeny Sinelnikov
Update_to_new_release
Active Directory Management Center
March 22, 2023 Evgeny Sinelnikov:
- Indents at selected OU's widget with policies list are minimized. - Ellipsis for too long names in description bar is added. Label is located to the right of the tree with chosen object. Tool tip for that label is added. Tool tip contains full object name. - Attribute groupType display and edit are changed from decimal to hexadecimal. Attribute value also contains flag names that were set. - Error dialog after critical policy selection is removed. Error is displayed in log now. Dialog error messages after critical policy deletion attempt are clarified. - Russian language is removed from english logs and vice versa. - Block inheritance indicator is added to OU's icon from group policy objects. - Enforced link indicator is added to policy icon from group policy objects. - Disabled policies appearence changing is added to policies from group policy objects. Policy item icon changes appearance (fades) after group policy link disabling. - Policy link indicator is added to policy icon from group policy objects. Indicator is located in left bottom policy icon corner. - Policies that are linked to domain is visible in group policy objects now. - Group policy objects order is changed. Policies is placed higher than OUs now.
Mar 27, 2023, 03:16 PM
#317035 sent by Evgeny Sinelnikov
Fix_works_with_pam_winbind
The graphical tool for changing password
March 20, 2023 Evgeny Sinelnikov:
- Support for pam_winbind (aka NT password) (Closes: #45513) - Update russian translation, reconvert it to UTF-8
Mar 15, 2023, 10:53 PM
#315989 sent by Evgeny Sinelnikov
Revert_with_security_fixes
PostgreSQL client programs and libraries (edition for 1C 8.3.13 and later)
March 7, 2023 Evgeny Sinelnikov:
- Add conflicts to another postgresql versions subpackages with same major version (closes: 45507).
Mar 15, 2023, 10:40 PM
#315936 sent by Evgeny Sinelnikov
update_to_new_release
Allows command execution as another user
Feb. 27, 2023 Evgeny Sinelnikov:
- Update to latest stable release. - Fix run_time message validation in logsrvd. - Fixed a potential double-free bug when matching a sudoers rule that contains a per-command chroot directive (CHROOT=dir).
Mar 2, 2023, 03:43 AM
#315490 sent by Evgeny Sinelnikov
security_update
The Samba4 CIFS and AD client and server suite
Feb. 20, 2023 Evgeny Sinelnikov:
- Update to maintenance release of Samba 4.16 - Security fixes: + CVE-2022-38023: Samba should refuse RC4 (aka md5) based SChannel on NETLOGON (Samba#15240). - Major fixes: + smbc_getxattr() return value is incorrect (Samba#14808). + samba-tool gpo listall fails IPv6 only - finddcs() fails to find DC when there is only an AAAA record for the DC in DNS (Samba#15226). + smbd crashes if an FSCTL request is done on a stream handle (Samba#15236). + auth3_generate_session_info_pac leaks wbcAuthUserInfo (Samba#15286). + Leak in wbcCtxPingDc2 (Samba#15164). + irpc_destructor may crash during shutdown (Samba#15280). - Share enumeration (netshareenum) fixes: + %U for include directive doesn't work for share listing (Samba#15243). + Shares missing from netshareenum response in samba 4.17.4 (Samba#15266). + Access based share enum does not work in Samba 4.16+ (Samba#15265). + Crash during share enumeration (Samba#15267).
Jan 28, 2023, 12:36 PM
#313932 sent by Evgeny Sinelnikov
Latest_security_release
Allows command execution as another user
Jan. 22, 2023 Evgeny Sinelnikov:
- Update to latest stable bugfix and security release (closes: 44965). - Fixed a compilation error on Linux/aarch64 (GitHub#197). - Fixed a potential crash introduced in the fix for (GitHub#134): + If a user's sudoers entry did not have any RunAs user's set, running "sudo -U otheruser -l" would dereference a NULL pointer. - Fixed a bug introduced in sudo 1.9.12 that could prevent sudo from creating a I/O files when the "iolog_file" sudoers setting contains six or more Xs. - Fixed security issue (fixes: CVE-2023-22809), a flaw in sudo's -e option (aka sudoedit) that could allow a malicious user with sudoedit privileges to edit arbitrary files.
Jan 12, 2023, 11:11 PM
#313093 sent by Evgeny Sinelnikov
Update_to_new_release
Active Directory Management Center
Jan. 10, 2023 Evgeny Sinelnikov:
- Fix race condition problems with AdInterface.
Dec 30, 2022, 04:25 PM
#311557 sent by Evgeny Sinelnikov
Update_to_new_release
BaseALT-specific ADMX policy templates
Dec. 29, 2022 Evgeny Sinelnikov:
- Add user policies for drive maps symlinks in home directory. - Add warning when disabling network manager. - Fix correction of option name open ldap tls connections in russian. - Fix typo in cups.service
YandexBrowser-specific ADMX policy templates
Chromium-specific ADMX policy templates
Firefox-specific ADMX policy templates
Oct. 25, 2022 Evgeny Sinelnikov:
- Update Policy templates for Firefox 106 and Firefox ESR 102.4 - This release contains some typo fixes and new Russian translations thanks to lepata@
Dec 23, 2022, 04:32 PM
#311661 sent by Evgeny Sinelnikov
Update_to_new_release
BaseALT-specific ADMX policy templates
Dec. 13, 2022 Evgeny Sinelnikov:
- Add control for Yandex Browser group policies mechanism. - Improve group policies mechanisms display names and help descriptions.
Dec 22, 2022, 02:32 PM
#311615 sent by Evgeny Sinelnikov
Update_to_new_release
Active Directory Management Center
Dec. 13, 2022 Evgeny Sinelnikov:
- Action menu: Block inheritance feature is added to organizational unit context menu. Also limited group policy tab is returned. - Console: Bug with empty group policy object crushing is fixed. - Console: Non-deletable group policy containers dont dissapear from GUI after deletion attempt now. Warning message popups instead of error log dialog. - Misc: "Order" column is added to policy organizational unit results. Sort is performed with this column by default. - Console: Fix crash in policy tree after changing properties for organizational units. - Misc: Fix description bar squishing scope pane, when selected item's name is too long and description bar needs to display it. - Toolbar: Fix icons for "create" actions for organizational units, users and groups in toolbar. - Misc: Add trimming to full name autofill. - Misc: Add trimming to attribute sAMAccountName edit in create dialog for computers. - Misc: Add "find gpo" action to policy tree. It implements group policy objects search functional. - Misc: Improve "Import Query" action. So it's possible to import multiple queries at the same time.
Dec 14, 2022, 05:48 PM
#311076 sent by Evgeny Sinelnikov
Avoid_cycle_dependencies
The Samba4 CIFS and AD client and server suite
Dec. 12, 2022 Evgeny Sinelnikov:
- Update text of summary for role-usershares and smb-conf-usershares. - Update default usershare prefix allow and deny lists: + usershare prefix deny list = /etc /dev /sys /proc + usershare prefix allow list = /home /srv /mnt /media /var - Add new controls for samba-usershares: + smb-conf-usershare-allow-list + smb-conf-usershare-deny-list + smb-conf-usershare-owner-only + smb-conf-usershare-allow-guests
Dec 7, 2022, 07:35 PM
#310866 sent by Evgeny Sinelnikov
Update_with_usershares_fix
The Samba4 CIFS and AD client and server suite
Nov. 29, 2022 Evgeny Sinelnikov:
- Add role-usershares control allow or disallow for group users using of samba usershares as privilege. - Add compatibility support for sambashare group as common privilege assigned to usershares group (Closes: #44379).
default configs for alterator modules
Nov. 22, 2022 Evgeny Sinelnikov:
- Update samba defaults from samba-4.16.6-alt1 release. - Update restore script with default configuration files actually placed in default directory as in the user's system.
Dec 1, 2022, 08:35 PM
#309178 sent by Evgeny Sinelnikov
Fix_latest_upsteam_regression
System Security Services Daemon
Nov. 7, 2022 Evgeny Sinelnikov:
- Update to latest 2.8 major release. - Important fixes: + A regression when running sss_cache when no SSSD domain is enabled would produce a syslog critical message was fixed. + Several fixes in D-Bus infopipe functions: ListByName(), Groups.ListByName() and Groups.ListByDomainAndName().
Nov 10, 2022, 10:01 PM
#309086 sent by Evgeny Sinelnikov
security_update
The Samba4 CIFS and AD client and server suite
Nov. 7, 2022 Evgeny Sinelnikov:
- Don't treat a missing include file as an error in handle_include(). This behavior differs between the source3 and source4 parts of Samba. So, it should be the same and just not an error (Closes #44214).
Nov 2, 2022, 06:54 PM
#309177 sent by Evgeny Sinelnikov
compatibility_update
System Security Services Daemon
Oct. 29, 2022 Evgeny Sinelnikov:
- Redesign become_user patch to should assign supplementary groups for server part of code only (due race condition in krb5_child, for example).
Oct 20, 2022, 07:17 PM
#308586 sent by Evgeny Sinelnikov
Update_to_latest_release
System Security Services Daemon
Oct. 15, 2022 Evgeny Sinelnikov:
- AD GPO: Fix support processing referrals for hostname - New features + Introduced the dbus function org.freedesktop.sssd.infopipe.Users.ListByAttr(attr, value, limit) listing upto limit users matching the filter attr=value. + sssctl is now able to create, list and delete indexes on the local caches. Indexes are useful for the new D-Bus ListByAttr() function. + sssctl is now able to read and set each component's debug level independently. - Important fixes + domains option in [sssd] section can now be completely omitted if domains are enabled via domains/enabled option. - New options: + core_dumpable, ldap_enumeration_refresh_offset, subdomain_refresh_interval_offset, dyndns_refresh_interval_offset refresh_expired_interval_offset, ldap_purge_cache_offset. - Configuration changes: + Option 'ad_machine_account_password_renewal_opts' now accepts an optional third part as the maximum deviation in the provided period (first part) and initial delay (second part). If the period and initial delay are provided but not the offset, the offset is assumed to be 0. If no part is provided, the default is 86400:750:300. + override_homedir now recognizes the %h template which is replaced by the original home directory retrieved from the identity provider, but in lower case.
Active Directory enrollment
Oct. 17, 2022 Evgeny Sinelnikov:
- Add support LDAP add/mod operation to set/change password: + fix unable to join to active directory after KB5008380/CVE-2021-42287 with option '--ldap-passwd'; + https://gitlab.freedesktop.org/realmd/adcli/-/issues/27 - Add support fall back to LDAPS if CLDAP ping was not successful + If the --use-ldaps option is used and there is no reply on the CLDAP 389/udp port adcli will try to send the request to the LDAPS port 636/tcp. - Fix write SID before secret to Samba's db looks like 'net changesecretpw' - Add passwd-user sub-command for (re)set a user password. - Add dont-expire-password option for computer.
Oct 17, 2022, 06:11 PM
#306001 sent by Evgeny Sinelnikov
Update_to_new_group_policy_relese
ALT Local Policies Default templates
Aug. 26, 2022 Evgeny Sinelnikov:
- New directory /etc/local-policy-system with Local Group Policy Template (GPT) - Add control local-policy-system-access
BaseALT-specific ADMX policy templates
Firefox-specific ADMX policy templates
Sept. 14, 2022 Evgeny Sinelnikov:
- Update Policy templates for Firefox 103 and Firefox ESR 102.1 - While these templates will work for Firefox ESR 91, they contain new policies that are not in Firefox ESR 91: + ExemptDomainFileTypePairsFromFileTypeDownloadWarnings + StartDownloadsInTempDirectory + UseSystemPrintDialog
Chromium-specific ADMX policy templates
GPT applier
Sept. 30, 2022 Valery Sinelnikov:
- Fixed formation of the correct path for creating a user directory
Group policy editor
Sept. 29, 2022 Vladimir Rubanov:
- Fixes: + #84127 Fix invalid types for list enums. + #76835 Fix message on policy state change.
Sep 26, 2022, 08:24 PM
#306744 sent by Evgeny Sinelnikov
Update_with_latest_releases_for_samba_dc
A trivial database system
A schema-less, ldap like, API and database
The Samba4 CIFS and AD client and server suite
Sept. 12, 2022 Evgeny Sinelnikov:
- Update to latest stable release of Samba 4.16 - Major fixes: + Possible use after free of connection_struct when iterating smbd_server_connection->connections (Samba#15128). + Spotlight RPC service returns wrong response when Spotlight is disabled on a share (Samba#15086). + acl_xattr VFS module may unintentionally use filesystem permissions instead of ACL from xattr (Samba#15126). + Missing SMB2-GETINFO access checks from MS-SMB2 3.3.5.20.1. assert failed: !is_named_stream(smb_fname)") at ../../lib/util/fault.c:197 (Samba#15153). + Missing READ_LEASE break could cause data corruption (Samba#15148). + rpcclient can crash using setuserinfo(2) (Samba#15124). + Samba fails to build with glibc 2.36 caused by including <sys/mount.h> in libreplace (Samba#15132). + SMB1 negotiation can fail to handle connection errors (Samba#15152). + samba-tool domain join segfault when joining a samba ad domain (Samba#15078).
System Security Services Daemon
Sept. 7, 2022 Evgeny Sinelnikov:
- Update to latest 2.7 major release. - Lock-free client support will be only built if libc provides pthread_key_create() and pthread_once(). For glibc this means version 2.34+ - Add requirement of adcli to sssd-ad.
Active Directory Management Center
rebuild freeipa-4.9.10-alt0.p10.1
The Identity, Policy and Audit system
Sep 7, 2022, 04:05 PM
#306006 sent by Evgeny Sinelnikov
Update_to_security_release
Utilities for doing and managing mounts of the Linux CIFS filesystem
Aug. 31, 2022 Evgeny Sinelnikov:
- Update to stable release 6.15 (Samba#15025, Samba#15026) - mount.cifs: fix length check for ip option parsing (fixes: CVE-2022-27239) - mount.cifs: fix verbose messages on option parsing (fixes: CVE-2022-29869)
Aug 15, 2022, 10:04 PM
#302667 sent by Evgeny Sinelnikov
Update_to_latest_maintaince_release
A trivial database system
March 6, 2022 Evgeny Sinelnikov:
- Apply patch libtdb-revert-breaking-tdb.h.patch from fedora (resolved sssd#5793 on github, rhbz#1983011)
The talloc library
The tevent library
A schema-less, ldap like, API and database
The Samba4 CIFS and AD client and server suite
July 31, 2022 Evgeny Sinelnikov:
- Update to security release of Samba 4.15 - Security fixes: + CVE-2022-2031: Samba AD users can bypass certain restrictions associated with changing passwords (Samba#15047). + CVE-2022-32744: Samba AD users can forge password change requests for any user (Samba#15074). + CVE-2022-32745: Samba AD users can crash the server process with an LDAP add or modify request (Samba#15008). + CVE-2022-32746: Samba AD users can induce a use-after-free in the server process with an LDAP add or modify request (Samba#15009). + CVE-2022-32742: Server memory information leak via SMB1 (Samba#15085).
C-language implementation of Javascript Object Signing and Encryption
System Security Services Daemon
July 15, 2022 Evgeny Sinelnikov:
- Update to latest 2.7 major release: + CLIENT: use thread local storage for socket to a.void the need for a lock. + SSS_CLIENT: got rid of code duplication. + SSS_CLIENT: mem-cache: fixed missing error code. + PAM P11: fixed minor mem-leak.
rebuild freeipa-4.9.7-alt1
The Identity, Policy and Audit system
rebuild admc-0.9.0-alt1
AD editor
Aug 1, 2022, 06:13 PM
#304143 sent by Evgeny Sinelnikov
Fix_running_application
A free interior design application, with a 3D preview
July 22, 2022 Evgeny Sinelnikov:
- update to new version - add JAVA_HOME to run script (closed: 43326)
Jul 20, 2022, 02:43 PM
#303677 sent by Evgeny Sinelnikov
Fix_checking_Well-known_SIDs_and_update_the_computer_account_password
Alterator module for system wide auth settings
July 12, 2022 Evgeny Sinelnikov:
- task-auth-ad-sssd: add requires for sssd-tools and adcli for machine password
Jul 11, 2022, 07:08 PM
#302743 sent by Evgeny Sinelnikov
Fix_backup_restore
The Samba4 CIFS and AD client and server suite
June 28, 2022 Evgeny Sinelnikov:
- Fix samba-tool domain backup DC with forced local samdb.
Jun 28, 2022, 05:22 PM
#302317 sent by Evgeny Sinelnikov
Update_to_latest_stable_release
C-language implementation of Javascript Object Signing and Encryption
System Security Services Daemon
June 18, 2022 Evgeny Sinelnikov:
- Update russian translations (by Elena Mishina <lepata@basealt.ru>)
Jun 22, 2022, 04:23 PM
#297975 sent by Evgeny Sinelnikov
Update to latest bugfix release
A schema-less, ldap like, API and database
The Samba4 CIFS and AD client and server suite
April 5, 2022 Evgeny Sinelnikov:
- Update to latest bugfix release of Samba 4.14 - Fixes: + Renaming file on DFS root fails with NT_STATUS_OBJECT_PATH_NOT_FOUND. + Samba does not response STATUS_INVALID_PARAMETER when opening 2 objects with same lease key. + NT error code is not set when overwriting a file during rename in libsmbclient. + net ads info shows LDAP Server: 0.0.0.0 depending on contacted server. + wbinfo -a doesn't work reliable with upn names. + Problem when winbind renews Kerberos. + NT_STATUS_ACCESS_DENIED translates into EPERM instead of EACCES in SMBC_server_internal. + Multpile RODC fixes: - Simple bind doesn't work against an RODC (with non-preloaded users). - Crash of winbind on RODC. - Uncached logon on RODC always fails once. - Changing the machine password against an RODC likely destroys the domain join. - Simple bind doesn't work against an RODC (with non-preloaded users). + Avoid mixing the main krbtgt account keys with an RODC if the msDS-KeyVersionNumber is larger than 65535 (set 16 upper bits to zero). + Use Heimdal 8.0 (pre) rather than an earlier snapshot. + LDAP simple binds should honour "old password allowed period". + Fix ldap simple bind with TLS auditing. + "password hash userPassword schemes = CryptSHA256" does not seem to work with samba-tool.
System Security Services Daemon
Jan. 27, 2022 Evgeny Sinelnikov:
- AD Domain in the AD Forest Missing after sssd latest update - sdap_idmap.c/sssd_idmap.c incorrectly calculates rangesize from upper/lower - Regression on rawhide with ssh auth using password - sssd-ad broken in 2.6.2, 389 used as kerberos port - sssd error triggers backtrace: write_krb5info_file_from_fo_server
Jun 14, 2022, 05:55 PM
#301368 sent by Evgeny Sinelnikov
Fix_work_with_newest_versions_of_samba
The GNOME virtual filesystem libraries
June 13, 2022 Evgeny Sinelnikov:
- Update to latest 1.48 bugfix release (thanks to Ondrej Holy): + smb: Rework anonymous handling to avoid EINVAL + smb: Ignore EINVAL for kerberos/ccache login + sftp: Adapt on new OpenSSH password prompts + Translation updates
Apr 20, 2022, 06:13 PM
#298675 sent by Evgeny Sinelnikov
Update_with_rtmps_support_for_telegram_translations
Free and open source software for video recording and live streaming
April 19, 2022 Evgeny Sinelnikov:
- new version 27.2.4 - build with rtmps support
Mar 25, 2022, 09:38 AM
#296769 sent by Evgeny Sinelnikov
Fix_bug_with_darken_screen_and_not_available_desktop_ALT#42152
Mar 15, 2022, 03:51 AM
#293575 sent by Evgeny Sinelnikov
Security_update_with_apply_support_s4u
A schema-less, ldap like, API and database
Dec. 13, 2021 Evgeny Sinelnikov:
- Update to latest regression fixes for samba-4.14.10: + CVE-2021-3670 ldb: Confirm the request has not yet timed out
The Samba4 CIFS and AD client and server suite
March 3, 2022 Evgeny Sinelnikov:
- Fix linking of some libraries (libsmbldap.so.2.1.0, libpopt-samba3-samba4.so, libsamba-modules-samba4.so, winbind_krb5_locator.so and smbpasswd.so): + find-requires: ERROR: /usr/lib/rpm/lib.req failed.
System Security Services Daemon
Jan. 27, 2022 Evgeny Sinelnikov:
- AD Domain in the AD Forest Missing after sssd latest update - sdap_idmap.c/sssd_idmap.c incorrectly calculates rangesize from upper/lower - Regression on rawhide with ssh auth using password - sssd-ad broken in 2.6.2, 389 used as kerberos port - sssd error triggers backtrace: write_krb5info_file_from_fo_server
Feb 22, 2022, 05:12 PM
#295055 sent by Evgeny Sinelnikov
Update_to_latest_release
System Security Services Daemon
Jan. 27, 2022 Evgeny Sinelnikov:
- AD Domain in the AD Forest Missing after sssd latest update - sdap_idmap.c/sssd_idmap.c incorrectly calculates rangesize from upper/lower - Regression on rawhide with ssh auth using password - sssd-ad broken in 2.6.2, 389 used as kerberos port - sssd error triggers backtrace: write_krb5info_file_from_fo_server
Nov 23, 2021, 11:14 AM
#288704 sent by Evgeny Sinelnikov
Update_to_latest_security_release
A tool to test PAM applications and PAM modules
A schema-less, ldap like, API and database
Nov. 7, 2021 Evgeny Sinelnikov:
- Update to the 2.3.2 with backported all C code changes from ldb-2.4.1 - Fix overflow timestring test for 32 bits platforms
The Samba4 CIFS and AD client and server suite
Nov. 13, 2021 Evgeny Sinelnikov:
- Add support samba-tool-plus alternative for samba-dc build with heimdal.
System Security Services Daemon
Nov. 15, 2021 Evgeny Sinelnikov:
- Revert reverted patch with change owner/permissions of user deskprofile path due it still needed.
Extended samba-tool (netcmd) version
Nov. 13, 2021 Evgeny Sinelnikov:
- Add support samba-tool-plus alternatives for various samba-dc and samba-dc-mitkrb5 builds with Heimdal and MIT Kerberos respectively.
Nov 18, 2021, 05:46 PM
#288829 sent by Evgeny Sinelnikov
Add_support_systemd-networkd
helpers for etcnet administration
alterator module for tcp/ip connections configuration
Oct. 29, 2021 Evgeny Sinelnikov:
- Add systemd-networkd control mode
Oct 28, 2021, 07:09 PM
#284676 sent by Evgeny Sinelnikov
New release with multiple fixes and improvements.
Python interface for smbclient
BaseALT-specific ADMX policy templates
Oct. 22, 2021 Evgeny Sinelnikov:
- Fixed typo in screensaver setting in Russian translations - Improve English translation of gsettings strings - Fix authetication method bug for gsetting oprtion: org.gnome.Vino.authentication-methods
ALT Local policies
Sept. 14, 2021 Evgeny Sinelnikov:
- Adjust local policy templates - Add control system-policy for gpupdate
GPT applier
Oct. 25, 2021 Evgeny Sinelnikov:
- Added exception for org.gnome.Vino authentication-methods - Fixed bug for alternative-port in org.gnome.Vino
Oct 21, 2021, 06:48 PM
#286568 sent by Evgeny Sinelnikov
Update_to_latest_release
NSS API library and admin tools for roles and privilegies
Oct. 8, 2021 Evgeny Sinelnikov:
- Add mutual exclusion for show system role (-S or --system) and show role in additional file option (-f or --file) options.
Oct 20, 2021, 07:48 PM
#286522 sent by Evgeny Sinelnikov
Update_to_latest_release_with_regression_fixes
The Samba4 CIFS and AD client and server suite
Oct. 6, 2021 Evgeny Sinelnikov:
- Update to latest security release of Samba 4.14 - Fix performance regressions in lsa_LookupSids3/LookupNames4 since Samba 4.9 by using an explicit database handle cache and address a signifcant in database access in the AD DC since Samba 4.12. - Fix an unuthenticated user can crash the AD DC KDC by omitting the server name in a TGS-REQ (Fixes: CVE-2021-3671).
Sep 23, 2021, 07:55 PM
#285317 sent by Evgeny Sinelnikov
Fix_polkit_chalenge_for_domain_users.
PolicyKit Authorization Framework
Sept. 16, 2021 Evgeny Sinelnikov:
- Fix the ability to add user_of_subject to user_identities - Refactoring the addition_to_user_identities_user_of_subject function