Maintainer Evgeny Sinelnikov in the sisyphus branch: Information
Maintainer name: Evgeny Sinelnikov (sin)
Built source packages in this branch: 123
-
- @qa
- @python
- @kernel
- @mono
Last changes
May 10, 2024, 11:13 PM
#347779 sent by Evgeny Sinelnikov
YandexBrowser-specific ADMX policy templates
May 11, 2024 Evgeny Sinelnikov:
- Update policy templates to release 120.0.6099.234
May 10, 2024, 10:53 PM
#347777 sent by Evgeny Sinelnikov
ADMX msi file downloader and extractor
May 10, 2024 Evgeny Sinelnikov:
- Update Administrative Templates (.admx) default source URL: Windows 10 October 2020 Update -> Windows 10 2022 Update (22H2).
May 10, 2024, 10:20 PM
#347776 sent by Evgeny Sinelnikov
Chromium-specific ADMX policy templates
May 10, 2024 Evgeny Sinelnikov:
- Update to latest release 124.0-6367.202
May 10, 2024, 10:10 PM
#347775 sent by Evgeny Sinelnikov
Firefox-specific ADMX policy templates
May 10, 2024 Evgeny Sinelnikov:
- Update Policy templates for Firefox 125 and Firefox ESR 115.10
May 10, 2024, 09:36 PM
#347772 sent by Evgeny Sinelnikov
The Samba4 CIFS and AD client and server suite
May 10, 2024 Evgeny Sinelnikov:
- Update to stable release of Samba 4.20 - Add support separate builds generated with samba-pidl. - Major changes from upstream: + dns update debug message is too noisy (Samba#15630). + Do not fail PAC validation for RFC8009 checksums types (Samba#15635). + Improve performance of lookup_groupmem() in idmap_ad (Samba#15605). + Smbcacls incorrectly propagates inheritance with Inherit-Only flag (Samba#15636). + http library doesn't support 'chunked transfer encoding' (Samba#15611). + Provide a systemd service file for the background queue daemon (Samba#15600).
May 3, 2024, 11:28 PM
#342425 sent by Evgeny Sinelnikov
update_to_latest_rc_of_samba_4.20
A trivial database system
The talloc library
The tevent library
A schema-less, ldap like, API and database
The Samba4 CIFS and AD client and server suite
April 9, 2024 Evgeny Sinelnikov:
- Update to stable release of Samba 4.20 - Major changes from upstream: + The password access tool "samba-tool user getpassword" and the password sync tool "samba-tool user syncpasswords" allow attributes to be chosen for output. + samba-tool has been extended to provide client-side support for Group Managed Service accounts (reading the current and previous gMSA password and writing a Kerberos Ticket Granting Ticket (TGT) to a local credentials cache). + Windows Search Protocol (WSP) experimental command line client "wspsearch". + 'smbcacls' has been extended to allow DACLs to be saved and restored to/from a file (in interchangeable format with windows cmd line tool 'icacls.exe'). + samba-tool now allows users to be associated with claims, the creation and management of authentication policies and silos. + AD DC support for Authentication Silos and Authentication Policies with (functional level must be set to 2012_R2 or later / 2016 latest supported). + Support of Conditional ACEs, Resource Attribute ACEs and the Security Descriptor Definition Language (SDDL) extensions for conditional ACEs and resource attribute ACEs. + The Workstation Service Remote Protocol [MS-WKST] calls NetWkstaGetInfo and NetWkstaEnumUsers) returns the list of locally logged on users, which getting the list from utmp, is not Y2038 safe and has been removed.
System Security Services Daemon
March 15, 2024 Evgeny Sinelnikov:
- Update 2.9 major release with fixes from upstream: + Fix the build with Samba 4.20. + IFP: don't trigger backtrace in case of ACL check fail. + krb5_child: fix order of calloc arguments. + pam: fix SC auth with multiple certs and missing login name.
Active Directory Management Center
April 16, 2024 Semyon Knyazev:
- Fixed policy link deletion: OU's child link items are deleted from tree after removal from policy widget. (closes: 49670) - Update backend files for Samba 4.20 compatibility. - Fix admin domain definition method. - Fix crash after optional attributes load. - Fix optional attribute display bugs with enabled LAPS. - Fix crashing after domain object properties apply changes.
rebuild gpui-0.2.44-alt1
Group policy editor
The Identity, Policy and Audit system
April 17, 2024 Evgeny Sinelnikov:
- Fixed compatibility with Samba 4.20 (closes: #50065).
May 1, 2024, 01:24 AM
#347221 sent by Evgeny Sinelnikov
DjVu viewers, encoders and utilities (QT4 based version)
May 1, 2024 Evgeny Sinelnikov:
- Removed obsolete deps from selinux-policy-alt.
Apr 9, 2024, 06:13 PM
#344760 sent by Evgeny Sinelnikov
The Samba4 CIFS and AD client and server suite
April 9, 2024 Evgeny Sinelnikov:
- Update to maintenance release of Samba 4.19 - Fixes from upstream (Samba#15580): + Packet marshalling push support missing for CTDB_CONTROL_TCP_CLIENT_DISCONNECTED and CTDB_CONTROL_TCP_CLIENT_PASSED.
Mar 28, 2024, 07:02 AM
#343786 sent by Evgeny Sinelnikov
The Samba4 CIFS and AD client and server suite
March 28, 2024 Evgeny Sinelnikov:
- Add support 'client force dns canonicalize hostname' global parameter, enables client library tries to resolve canonical name. This feature allows to communicate via kerberos to services using CNAME records without adding SPNs. - Fixes updated from upstream for smbd: + If we fail to close file_handle ensure we should reset the fd (Samba#15527). + simplify handling of failing fstat() after unlinking file (Samba#15527). - Fixes updated from upstream for gpo: + libgpo: Do not segfault if we don't have a valid security descriptor (Samba#15599). + python:gp: Implement client site lookup in site_dn_for_machine() (Samba#15588). + librpc:idl: Make netlogon_samlogon_response public (Samba#15588).
Mar 15, 2024, 05:06 AM
#342749 sent by Evgeny Sinelnikov
System Security Services Daemon
March 15, 2024 Evgeny Sinelnikov:
- Update 2.9 major release with fixes from upstream: + Fix the build with Samba 4.20. + IFP: don't trigger backtrace in case of ACL check fail. + krb5_child: fix order of calloc arguments. + pam: fix SC auth with multiple certs and missing login name.
Mar 15, 2024, 12:52 AM
#342747 sent by Evgeny Sinelnikov
Certificate Enrollment through CEP/CES
March 15, 2024 Evgeny Sinelnikov:
- Update to latest release, which includes spnego changes.
Mar 11, 2024, 06:01 AM
#342426 sent by Evgeny Sinelnikov
Symas Lightning Memory-Mapped Database
March 11, 2024 Evgeny Sinelnikov:
- Updated to 0.9.32. - Add lmdb.pc pkg-config file from Fedora to development subpackages.
Mar 11, 2024, 05:54 AM
#342424 sent by Evgeny Sinelnikov
The Samba4 CIFS and AD client and server suite
March 11, 2024 Evgeny Sinelnikov:
- Update to stable release of Samba 4.19 - Fixes from upstream: + Windows 2016 fails to restore previous version of a file from a shadow_copy2 snapshot (Samba#13688). + smbd fixes (Samba#12421, Samba#15550). + samba-gpupdate fixes (Samba#15548, Samba#15557, Samba#15552, Samba#15558). + smbpasswd reset permissions only if not 0600 (Samba#15555).
Feb 29, 2024, 02:05 AM
#341643 sent by Evgeny Sinelnikov
ALT Local Policies Default templates
Feb. 29, 2024 Evgeny Sinelnikov:
- Improve oddjob-gpupdate-dbus-timeout control. - Initial support build for debian.
Feb 19, 2024, 08:29 AM
#341032 sent by Evgeny Sinelnikov
Extended samba-tool (netcmd) version
Feb. 19, 2024 Evgeny Sinelnikov:
- Add compatibility with stable releases of samba-4.18 and later (closes: 49404). - Replace python3 build to new pyproject_build process.
Jan 29, 2024, 08:43 AM
#339237 sent by Evgeny Sinelnikov
Local applications interface for alterator browser.
Categories interface for alterator browser.
Alterator manager backends generator for support the old alterator modules.
Revised alterator
Jan. 28, 2024 Evgeny Sinelnikov:
- first build for Sisyphus
Jan 22, 2024, 06:35 AM
#338344 sent by Evgeny Sinelnikov
The Samba4 CIFS and AD client and server suite
Jan. 16, 2024 Evgeny Sinelnikov:
- Update to stable release of Samba 4.19 - Fixes from upstream: + net changesecretpw cannot set the machine account password if secrets.tdb is empty (Samba#13577). + Following intermediate abolute share-local symlinks is broken (Samba#15505). ctdb RELEASE_IP causes a crash in release_ip if a connection to a non-public address disconnects first (Samba#15523). + shadow_copy2 broken when current fileset's directories are removed (Samba#15544). + 'force user = localunixuser' doesn't work if 'allow trusted domains = no' is set (Samba#15469). + smbget: debug logging doesn't work (Samba#15525), username in the smburl and interactive password entry doesn't work (Samba#15532), auth function doesn't set values for password prompt correctly (Samba#15538). + Unable to copy and write files from clients to Ceph cluster via SMB Linux gateway with Ceph VFS module (Samba#15440). + Multichannel refresh network information (Samba#15547).
Jan 21, 2024, 10:45 PM
#338343 sent by Evgeny Sinelnikov
System Security Services Daemon
Jan. 17, 2024 Evgeny Sinelnikov:
- Update to latest 2.9 major release in long-term maintenance (LTM) phase. - Fixes from upstream: + A crash when PAM passkey processing incorrectly handles non-passkey data. + A workaround was implemented to handle gracefully misbehaving applications that destroy internal state of SSSD client librarires. + An error when rotating KCM's logs was fixed. + Group membership handling when members are coming from different forest domains and using ldap token groups is prohibited. + Files provider was erroneously taking into consideration local_auth_policy config option, thus breaking smartcard authentication of local user in setups that didn't explicitly specify this option.
Jan 19, 2024, 08:03 AM
#337671 sent by Evgeny Sinelnikov
Allows command execution as another user
Jan. 4, 2024 Evgeny Sinelnikov:
- Update to latest stable bugfix release: + Fixed evaluation of the "lecture", "listpw", "verifypw", and "fdexec" sudoers Defaults settings when used without an explicit value. + Sudo will now transparently rename a user's lecture file from the older name-based path to the newer user-ID-based path. + Memory allocation failure if sysconf(_SC_LOGIN_NAME_MAX) fails.
Dec 24, 2023, 11:52 PM
#337130 sent by Evgeny Sinelnikov
Chromium-specific ADMX policy templates
Dec. 25, 2023 Evgeny Sinelnikov:
- Update to latest release 120.0-6099.130
Dec 18, 2023, 07:31 AM
#336633 sent by Evgeny Sinelnikov
An oddjob helper which applies group policy objects
Dec. 18, 2023 Evgeny Sinelnikov:
- Add debug and dbus_timeout options to pam_oddjob_gpupdate (thx liannnix@)
Dec 14, 2023, 09:14 PM
#336481 sent by Evgeny Sinelnikov
Allows command execution as another user
Dec. 14, 2023 Evgeny Sinelnikov:
- Update to stable release with fixing regressions to changes in sudo 1.9.15.
Dec 13, 2023, 10:20 AM
#336385 sent by Evgeny Sinelnikov
ALT Local Policies Default templates
Dec. 13, 2023 Evgeny Sinelnikov:
- Fix krb5-conf-ccache control: * Incorrect file presence check when option not found has been fixed. * Avoid grep warning with 'stray \ before /' pattern (ALT#47648).
Dec 13, 2023, 10:09 AM
#336384 sent by Evgeny Sinelnikov
PAM module that uses login name configured through NSS
Dec. 13, 2023 Evgeny Sinelnikov:
- Add control pam_propperpwnam for support module in system authentication (ALT#47713).
Dec 13, 2023, 01:39 AM
#336370 sent by Evgeny Sinelnikov
Library providing support for "XML Signature" and "XML Encryption" standards
Dec. 13, 2023 Evgeny Sinelnikov:
- new version 1.2.38
Dec 13, 2023, 01:30 AM
#336369 sent by Evgeny Sinelnikov
Toolkit for one-time password authentication systems
Dec. 13, 2023 Evgeny Sinelnikov:
- Update to release 2.6.9 with mutliple fixes and improved libxmlsec compatibility. - Enable build check tests.
Dec 12, 2023, 04:30 AM
#336288 sent by Evgeny Sinelnikov
The Samba4 CIFS and AD client and server suite
Dec. 12, 2023 Evgeny Sinelnikov:
- Replace samba service pam config to samba-common due regression with password authentication in security = user mode with obey pam restrictions = yes.
Dec 12, 2023, 03:36 AM
#336291 sent by Evgeny Sinelnikov
A tool to test PAM applications and PAM modules
Dec. 12, 2023 Evgeny Sinelnikov:
- Fixed building with Python 3.12
Dec 12, 2023, 03:20 AM
#336290 sent by Evgeny Sinelnikov
YandexBrowser-specific ADMX policy templates
Dec. 12, 2023 Evgeny Sinelnikov:
- Update policy templates to release 116.0.5845.228
Dec 7, 2023, 06:39 AM
#335768 sent by Evgeny Sinelnikov
The Samba4 CIFS and AD client and server suite
Dec. 5, 2023 Evgeny Sinelnikov:
- Update to stable release of Samba 4.19 with fixes of the Samba CVE for Deleted Object tombstones visible in AD LDAP to normal users (CVE-2018-14628). - Security fixes: + CVE-2018-14628: Wrong ntSecurityDescriptor values for "CN=Deleted Objects" allow read of object tombstones over LDAP (Administrator action required!) https://www.samba.org/samba/security/CVE-2018-14628.html
Nov 23, 2023, 10:06 AM
#333680 sent by Evgeny Sinelnikov
Rebuild_wirh_new_major_samba_release
The talloc library
A trivial database system
A schema-less, ldap like, API and database
The Samba4 CIFS and AD client and server suite
Nov. 6, 2023 Evgeny Sinelnikov:
- Update to stable release of Samba 4.19 with latest bugfixes and new features: + Migrated smbget to use common command line parser. This has some advantages as you get all the feature it provides like Kerberos authentication. The support for smbgetrc has been removed. + gpupdate changes: The libgpo.get_gpo_list function has been deprecated in favor of an implementation written in python, connects to Active Directory using the SamDB module, instead of ADS (which is what libgpo uses). + Improved winbind logging and a new tool for parsing the winbind logs. Winbind logs (if smb.conf 'winbind debug traceid = yes' is set) contain new trace header fields 'traceid' and 'depth'. + AD database prepared to Functional Level 2016 standards for new domains. While Samba still provides only Functional Level 2008R2 by default, Samba as an AD DC will now, in provision ensure that the blank database is already prepared for Functional Level 2016, with AD Schema 2019. + Kerberos Claims, Authentication Silos and NTLM authentication policies. The primary limitation is that while Samba can read and write claims in the directory, and populate the PAC, Samba does not yet use them for access control decisions. + Improved KDC Auditing now provides Samba-style JSON audit logging of all issued Kerberos tickets, including if they would fail a policy that is not yet enforced. Additionally most failures are audited. + Kerberos Armoring (FAST) Support for Windows clients. In domains where the domain controller functional level is set to 2012, 2012_R2 or 2016, Windows clients will, if configured via GPO, use FAST to protect user passwords between (in particular) a workstation and the KDC on the AD DC. This is a significant security improvement, as weak passwords in an AS-REQ are no longer available for offline attack. + Claims compression in the AD PAC. Samba as an AD DC will compress "AD claims" using the same compression algorithm as Microsoft Windows. + Resource SID compression in the AD PAC. Samba as an AD DC will now correctly populate the various PAC group membership buffers, splitting global and local groups correctly. + Resource Based Constrained Delegation (RBCD) support in both MIT and Heimdal. Samba 4.17 added to samba-tool delegation the 'add-principal' and 'del-principal' subcommands in order to manage RBCD, and the database changes made by these tools are now honoured by the Heimdal KDC once Samba is upgraded. + New samba-tool support for silos, claims, sites and subnets. samba-tool can now list, show, add and manipulate Authentication Silos (silos) and Active Directory Authentication Claims (claims). + Updated Heimdal import. Samba's Heimdal branch (known as lorikeet-heimdal) has been updated to the current pre-8.0 (master) tree from upstream Heimdal, ensuring that this vendored copy, included in our release remains as close as possible to the current upstream code. + Revocation support in Heimdal KDC for PKINIT certificates. Samba will now correctly honour the revocation of 'smart card' certificates used for PKINIT Kerberos authentication. + Require encrypted connection to modify unicodePwd on the AD DC. + Samba AD TLS Certificates can be reloaded. The TLS certificates used for Samba's AD DC LDAP server were previously only read on startup, and this meant that when then expired it was required to restart Samba, disrupting service to other users (smbcontrol ldap_server reload-certs).
System Security Services Daemon
Nov. 20, 2023 Evgeny Sinelnikov:
- Update to latest 2.9 major release. + KCM: provide mechanism to purge expired credentials. + Default hardening - id_provider channel defaults unencrypted with starttls. + sssd-sudo missing debug statement in its .service file. + SSSD goes offline during initgroups of trusted user if a group is missing SID. + Incorrect handling of reverse IPv6 update results in update failure. + sssd-2.9.2 breaks smart card authentication (on el8). - The proxy provider is now able to handle certificate mapping and matching rules and users handled by the proxy provider can be configured for local Smartcard authentication. - Passkey doesn't fail when using FreeIPA server-side authentication and require-user-verification=false. - When adding a new credential to KCM and the user has already reached their limit, the oldest expired credential will be removed to free some space.
rebuild admc-0.14.0-alt1
Active Directory Management Center
rebuild gpui-0.2.38-alt1
Group policy editor
rebuild freeipa-4.9.12-alt1
The Identity, Policy and Audit system
Nov 23, 2023, 07:14 AM
#334932 sent by Evgeny Sinelnikov
Firefox-specific ADMX policy templates
Nov. 23, 2023 Evgeny Sinelnikov:
- Update Policy templates for Firefox 120 and Firefox ESR 115.5 - Add "Enable or disable printing" policy support
Nov 23, 2023, 07:05 AM
#334931 sent by Evgeny Sinelnikov
Chromium-specific ADMX policy templates
Nov. 23, 2023 Evgeny Sinelnikov:
- Update to latest release 119.0-6045.160
Nov 21, 2023, 11:10 AM
#334706 sent by Evgeny Sinelnikov
System Security Services Daemon
Nov. 20, 2023 Evgeny Sinelnikov:
- Update to latest 2.9 major release. + KCM: provide mechanism to purge expired credentials. + Default hardening - id_provider channel defaults unencrypted with starttls. + sssd-sudo missing debug statement in its .service file. + SSSD goes offline during initgroups of trusted user if a group is missing SID. + Incorrect handling of reverse IPv6 update results in update failure. + sssd-2.9.2 breaks smart card authentication (on el8). - The proxy provider is now able to handle certificate mapping and matching rules and users handled by the proxy provider can be configured for local Smartcard authentication. - Passkey doesn't fail when using FreeIPA server-side authentication and require-user-verification=false. - When adding a new credential to KCM and the user has already reached their limit, the oldest expired credential will be removed to free some space.
Nov 21, 2023, 08:48 AM
#334774 sent by Evgeny Sinelnikov
Common files for [Alterator Entry] specification
Nov. 21, 2023 Evgeny Sinelnikov:
- alterator-entry: fix version printing.
Nov 21, 2023, 07:38 AM
#334771 sent by Evgeny Sinelnikov
Common files for [Alterator Entry] specification
Nov. 21, 2023 Evgeny Sinelnikov:
- Initial build for Sisyphus.
Nov 13, 2023, 03:22 AM
#334282 sent by Evgeny Sinelnikov
A fast text processor and publishing toolchain for converting AsciiDoc content to different formats
Nov. 13, 2023 Evgeny Sinelnikov:
- ^ 2.0.18 -> 2.0.20
Nov 8, 2023, 11:07 PM
#333865 sent by Evgeny Sinelnikov
Allows command execution as another user
Nov. 8, 2023 Evgeny Sinelnikov:
- Update to latest stable bugfix and security release (fixes: CVE-2023-42465): + The sudoers plugin has been modified to make it more resilient to ROWHAMMER attacks on authentication and policy matching. + The sudoers plugin now constructs the user time stamp file path name using the user-ID instead of the user name. This avoids a potential problem with user names that contain a path separator ('/') being interpreted as part of the path name. A similar issue in sudo-rs has been assigned CVE-2023-42456. - Fixes in behavior: + The visudo utility will no longer create an empty file when the specified sudoers file does not exist and the user exits the editor without making any changes (GitHub#294). + Fixed a bug where output could go to the wrong terminal if "use_pty" is enabled (the default) and the standard input, output or error is redirected to a different terminal. Bug #1056. + A path separator ('/') in a user, group or host name is now replaced with an underbar character ('_') when expanding escapes in @include and @includedir directives as well as the "iolog_file" and "iolog_dir" sudoers Default settings. - Fixes in user output: + Running "sudo -ll command" now produces verbose output that includes matching rule as well as the path to the sudoers file the matching rule came from. + Changes to terminal settings are now performed atomically, where possible. If the command is being run in a pseudo-terminal and the user's terminal is already in raw mode, sudo will not change the user's terminal settings. This prevents concurrent sudo processes from restoring the terminal settings to the wrong values (GitHub#312). + Better log message when rejecting a command if the "intercept" option is enabled and the "intercept_allow_setid" option is disabled. Previously, "command not allowed" would be logged and the user had no way of knowing what the actual problem was. - Fixes in logging: + The sudoers source is now logged in the JSON event log. This makes it possible to tell which rule resulted in a match. + Sudo will now log the invoking user's environment as "submitenv" in the JSON logs. The command's environment ("runenv") is no longer logged for commands rejected by the sudoers file or an approval plugin. + The sudo_logsrvd server will now raise its open file descriptor limit to the maximum allowed value when it starts up. Each connection can require up to nine open file descriptors so the default soft limit may be too low. - Fixed regressions: + Fixed the warning message for "sudo -l command" when the command is not permitted. There was a missing space between "list" and the actual command due to changes in sudo 1.9.14. + The "intercept_verify" sudoers option is now only applied when the "intercept" option is set in sudoers. Previously, it was also applied when "log_subcmds" was enabled. Sudo 1.9.14 contained an incorrect fix for this. + Reverted a change from sudo 1.9.4 that resulted in PAM session modules being called with the environment of the command to be run instead of the environment of the invoking user (GitHub#318).
Nov 4, 2023, 04:35 AM
#333295 sent by Evgeny Sinelnikov
New_major_release_of_samba
A schema-less, ldap like, API and database
The Samba4 CIFS and AD client and server suite
Nov. 1, 2023 Evgeny Sinelnikov:
- Update to stable release of Samba 4.18 with latest bugfixes and new features: + SMB Server performance improvements. The locking overhead for contended path based operations is reduced by an additional factor of ~ 3 compared to 4.17. + More succinct samba-tool error messages. + Accessing the old samba-tool messages with full Python stack trace by using the argument '-d3'. + New samba-tool dsacl subcommand for deleting ACES + Colour output with samba-tool --color and + No colour with NO_COLOR environment variable + New wbinfo option --change-secret-at which forces the trust account password to be changed at a specified domain controller. + New option acl_xattr:security_acl_name to change the NT ACL default protected location security.NTACL not accessible from normal users outside of Samba. + New option server addresses as per-share parameter to limit share visibility and accessibility to specific server IP addresses. This option can offer a different set of shares per interface. + Azure Active Directory / Office365 synchronisation improvements with the Azure AD Connect cloud sync tool which now supported for password hash synchronisation, allowing Samba AD Domains to synchronise passwords with this popular cloud environment.
rebuild sssd-2.9.2-alt1
System Security Services Daemon
rebuild admc-0.14.0-alt1
Active Directory Management Center
rebuild gpui-0.2.37-alt1
Group policy editor
rebuild freeipa-4.9.12-alt1
The Identity, Policy and Audit system
Nov 4, 2023, 12:03 AM
#333337 sent by Evgeny Sinelnikov
Utilities for doing and managing mounts of the Linux CIFS filesystem
Nov. 4, 2023 Evgeny Sinelnikov:
- Latest stable release with gssproxy support
Oct 22, 2023, 05:04 PM
#332448 sent by Evgeny Sinelnikov
The Samba4 CIFS and AD client and server suite
Oct. 22, 2023 Evgeny Sinelnikov:
- Revert services type from forking to notify.
Oct 20, 2023, 07:58 AM
#332209 sent by Evgeny Sinelnikov
Glasgow Haskell Compilation system
Aug. 29, 2023 Evgeny Sinelnikov:
- Bootstrap from version 8.10.7 to 9.2.8 - Disabled LTO on armh and aarch64 due link problems with llvm: "-latomic is needed for sub-word-sized atomic operations... failed." - Disabled overriding the default linker use by gcc on armh and aarch64 due problems with debugedit "Cannot handle 8-byte build ID" (based on GHC#21570) - Avoid cycle dependency between basic and common packages - Backport users-guide compatibility fixes (GHC#23807, GHC#23818) - Backport update of rdt-theme to latest upstream version (GHC#23444) - Add work around of haddock build trouble due locale encoding (GHC#8118) - Fix debugedit problem with 'Cannot handle 8-byte build ID' on armh and aarch64
Oct 20, 2023, 06:13 AM
#332216 sent by Evgeny Sinelnikov
Chromium-specific ADMX policy templates
Oct. 20, 2023 Evgeny Sinelnikov:
- Update to latest release 118.0-5993.89
Oct 20, 2023, 06:09 AM
#332213 sent by Evgeny Sinelnikov
Firefox-specific ADMX policy templates
Oct. 20, 2023 Evgeny Sinelnikov:
- Update Policy templates for Firefox 118 and Firefox ESR 115.3
Oct 20, 2023, 06:00 AM
#332212 sent by Evgeny Sinelnikov
Firefox-specific ADMX policy templates
Oct. 20, 2023 Evgeny Sinelnikov:
- Update Policy templates for Firefox 114 and Firefox ESR 102.12
Oct 20, 2023, 03:08 AM
#332204 sent by Evgeny Sinelnikov
A library passing all socket communications through Unix sockets
Oct. 20, 2023 Evgeny Sinelnikov:
- Fixed LFS issues on 32bit platforms - Fixed issue with fnctl() on 32bit - Added openat64() to detect stale fds
Oct 18, 2023, 09:56 AM
#332020 sent by Evgeny Sinelnikov
The Samba4 CIFS and AD client and server suite
Oct. 17, 2023 Evgeny Sinelnikov:
- Update to security release of Samba 4.17 - Security fixes (Samba#15422, Samba#15424, Samba#15439, Samba#15473, Samba#15474): + CVE-2023-3961: Unsanitized pipe names allow SMB clients to connect as root to existing unix domain sockets on the file system. https://www.samba.org/samba/security/CVE-2023-3961.html + CVE-2023-4091: SMB client can truncate files to 0 bytes by opening files with OVERWRITE disposition when using the acl_xattr Samba VFS module with the smb.conf setting "acl_xattr:ignore system acls = yes" https://www.samba.org/samba/security/CVE-2023-4091.html + CVE-2023-4154: An RODC and a user with the GET_CHANGES right can view all attributes, including secrets and passwords. Additionally, the access check fails open on error conditions. https://www.samba.org/samba/security/CVE-2023-4154.html + CVE-2023-42669: Calls to the rpcecho server on the AD DC can request that the server block for a user-defined amount of time, denying service. https://www.samba.org/samba/security/CVE-2023-42669.html + CVE-2023-42670: Samba can be made to start multiple incompatible RPC listeners, disrupting service on the AD DC. https://www.samba.org/samba/security/CVE-2023-42670.html
Oct 18, 2023, 07:58 AM
#331153 sent by Evgeny Sinelnikov
The Samba4 CIFS and AD client and server suite
Oct. 7, 2023 Evgeny Sinelnikov:
- New build scheme with separate upstream, altlinux and sisyphus branches.
Oct 17, 2023, 07:40 PM
#331148 sent by Evgeny Sinelnikov
System Security Services Daemon
Oct. 6, 2023 Evgeny Sinelnikov:
- Update to latest 2.9 major release. - sss_simpleifp library removed due it deprecated. - "Files provider" removed due it deprecated, using "Proxy provider" with proxy_lib_name = files instead. - New passkey functionality, which will allow the use of FIDO2 compliant devices to authenticate a centrally managed user locally. - Default value of cache_first option was changed to true. - sssctl cert-show and cert-show cert-eval-rule can now be run as non-root user. - certmap: Handle type change of x400Address (due to CVE-2023-0286). - New option local_auth_policy is added to control which offline authentication methods will be enabled by SSSD. - SSSD can be configured not to perform a DNS search during DNS name resolution. This behavior is governed by the new dns_resolver_use_search_list in the domain section. Default value is true (follows the system settings).
Oct 6, 2023, 10:20 PM
#330225 sent by Evgeny Sinelnikov
Allows command execution as another user
Sept. 23, 2023 Evgeny Sinelnikov:
- Update to latest stable release with regressions fixes. - Fixed a bug introduced in sudo 1.9.14 that affects matching sudoers rules containing a Runas_Spec with an empty Runas user. - Fixed a problem with "stair-stepped" output when piping or redirecting the output of a sudo command that takes user input. - Fixed a crash introduced in version 1.9.14 when running a command with a NULL argv[0] if "log_subcmds" or "intercept" is enabled in sudoers. - Adapted the sudo Python plugin test output to match Python 3.12.