Maintainer Evgeny Sinelnikov in the sisyphus branch: Information

- Apply s4u support patch for samba-4.15 (due already updated kdb code base):
  + basic local realm S4U support
  + enable S4U client support for MIT build
  + wip: for canonicalization with new MIT kdc code

- Fix build with closefrom() from newest unistd.h
- Adjust license to GPLv2 and LGPLv2 for library

- Update to latest regression fixes for samba-4.14.10:
  + CVE-2021-3670 ldb: Confirm the request has not yet timed out

- Update to latest maintenance release of Samba 4.14.
- Fix broken of recursive directory delete with veto files.
- Fix directory containing dangling symlinks cannot be deleted by
  SMB2 alone when they are the only entry in the directory.

- Update with latest libldb-2.3.2-alt2 fixes.
- Backport newest fixes from upstream:
  + utils: ignore systemd and sd-pam process in get_active_uid_linux()
  + cldap: use dns_resolver_server_timeout timeout for cldap ping
  + ad: only send cldap-ping to our local domain
  + ad: make ad_srv_plugin_ctx_switch_site() public
  + ad: use already discovered forest name

- Always use AC_LINK_ELSEIF when testing against assembler
  (autoconf assembler checks and -flto)
- Build with system llvm on armh and aarch64

- Revert reverted patch with change owner/permissions of user deskprofile path
  due it still needed.

- Add support samba-tool-plus alternative for samba-dc build with heimdal.

- Add support samba-tool-plus alternatives for various samba-dc and
  samba-dc-mitkrb5 builds with Heimdal and MIT Kerberos respectively.

- Update to 2.6.1 stable release.
- Revert "Don't change owner/permissions of user deskprofile path" patch
  due CAP_DAC_OVERRIDE was added to systemd configs in 2.4.2 release.

- Update to the 2.3.2 with backported all C code changes from ldb-2.4.1
- Fix overflow timestring test for 32 bits platforms

- Update to latest security release of Samba 4.14
- Security fixes:
  + CVE-2016-2124:  SMB1 client connections can be downgraded to plaintext
                    authentication.
                    https://www.samba.org/samba/security/CVE-2016-2124.html
  + CVE-2020-25717: A user on the domain can become root on domain members.
                    https://www.samba.org/samba/security/CVE-2020-25717.html
  + CVE-2020-25718: Samba AD DC did not correctly sandbox Kerberos tickets
                    issued by an RODC.
                    https://www.samba.org/samba/security/CVE-2020-25718.html
  + CVE-2020-25719: Samba AD DC did not always rely on the SID and PAC in
                    Kerberos tickets.
                    https://www.samba.org/samba/security/CVE-2020-25719.html
  + CVE-2020-25721: Kerberos acceptors need easy access to stable AD identifiers
                    (eg objectSid).
                    https://www.samba.org/samba/security/CVE-2020-25721.html
  + CVE-2020-25722: Samba AD DC did not do suffienct access and conformance
                    checking of data stored.
                    https://www.samba.org/samba/security/CVE-2020-25722.html
  + CVE-2021-3738:  Use after free in Samba AD DC RPC server.
                    https://www.samba.org/samba/security/CVE-2021-3738.html
  + CVE-2021-23192: Subsequent DCE/RPC fragment injection vulnerability.
                    https://www.samba.org/samba/security/CVE-2021-23192.html

- Fixed minor troubles and regressions.

- Fix libtdb, libtalloc and libtevent requires for libldb

- new version 1.1.4

- Update to the 2.3.1 for latest samba-4.14.9 security release

- Update to latest security release of Samba 4.14
- Backport bronze bit fixes, tests, and selftest improvements. Provide a fix
  for MS in Samba [SECURITY] 'Bronze bit' S4U2Proxy Constrained Delegation
  bypass in Samba with embedded Heimdal (Fixes: CVE-2020-17049).

- Add support systemd-networkd iface control functions

- Add systemd-networkd control mode

- Fixed typo in screensaver setting in Russian translations
- Improve English translation of gsettings strings
- Fix authetication method bug for gsetting oprtion:
  org.gnome.Vino.authentication-methods

- Added exception for org.gnome.Vino authentication-methods
- Fixed bug for alternative-port in org.gnome.Vino

- Add mutual exclusion for show system role (-S or --system) and
  show role in additional file option (-f or --file) options.

- Update to latest security release of Samba 4.14
- Fix performance regressions in lsa_LookupSids3/LookupNames4 since Samba 4.9 by
  using an explicit database handle cache and address a signifcant in database
  access in the AD DC since Samba 4.12.
- Fix an unuthenticated user can crash the AD DC KDC by omitting the server name
  in a TGS-REQ (Fixes: CVE-2021-3671).

- Fix typos in Russian translations

- Fix regression with kestroy for user credential cache
- Update system-policy-gpupdate PAM-rules to ignore applying group policies
  for local users and system users with uid less than 500
- Add control facilities to rule system-policy-gpupdate rules:
  + gpupdate-group-users
  + gpupdate-localusers
  + gpupdate-system-uids

- Add noreplace to global config files (closes: 41020)

- Added remote settings category and Vino settngs:
 + authentication-methods and vnc-password;
 + use-alternative-port and alternative-port;
 + view-only, prompt-enabled, icon-visibility and enabled.

- Add support changed GPO List Processing for '**DelVals.' value name

- Fix the ability to add user_of_subject to user_identities
- Refactoring the addition_to_user_identities_user_of_subject function

- Adjust local policy templates
- Add control system-policy for gpupdate

- Refix local policy path detection
- gpupdate-setup: revert settings to default when disabled

- Fix kerberos mount regression in commit e461afd (Arch).
  This is the fix for CVE-2021-20208 (Closes: 40887)

- Update to latest stable release with bugfixes and improvements:
 + Sudo now can handle the getgroups() function returning a different
   number of groups for subsequent invocations.

- Use NetBIOS name for Kerberos authentification
- Add support actions (create, update, delete, replace) for Shortcuts
- Add support GSettings with locks feature
- Add support file cache for special GSettings policy:
  Software\BaseALT\Policies\GSettings\org.mate.background.picture-filename
  (requires python smbc module with use_kerberos option support)

- Added new categories and policies for Mate settings:
 + background;
 + screensaver;
 + user restrictions.

- Fix net ads join segmentation fault problem if ldap SRV host record not found.

- Add dependency lmdb-utils to samba-dc-common due it is necessary
  for mdb store backend permits database sizes greater than 4Gb

- Update to latest release of Samba 4.14 with smbd fixes

- Rebuild with explicitly enabled man pages and other build options
- Added rst2man.py3 to configure search list for compatibility with branch p9

- Update to 2.5.2:
  + auto_private_groups option can be set centrally through ID range setting
    in IPA (see ipa idrange commands family).
  + Default value of ldap_sudo_random_offset changed to 0 (disabled).
  + originalADgidNumber attribute in the SSSD cache is now indexed.
  + Add new config option fallback_to_nss.

- Update to latest release with support for fd-passing via unix sockets
- Add public libsocket_wrapper_noop library

- Fix Shortcuts applier double running in user context
- Add LogonUser variable to expand_windows_var() function
- Add support of path variable expansion to Shortcuts applier

- Fix using obsoleted in samba-4.14 cmd_user_create class with renamed
  cmd_user_add class (closes: 40557)
- Add conflicts with old samba package provided python3(samba.netcmd.user)

- Update to latest release of Samba 4.14 with smbd and samba-tool fixes

- Don't stop with error if DESTDIR already exists

- Initial build

- Update to new release
- Add admx-lint check with special workaround:
  https://github.com/altlinux/admx-lint/issues/1

- Update to latest release 91.0-4472.164
- Add admx-lint check with special workaround:
  https://github.com/altlinux/admx-lint/issues/1
- Convert UTF-16 chrome.adm files to UTF-8

- Add new categories and policies:
 + SSHD and Systemd categories
 + Windows policies mapping support (applied for GSettings only yet)
- Add admx and adml files checking via admx-lint

- Build as noarch
- Replace renamed project to github.com/altlinux projects

- Fix GSettings applier user part support
- Add support additional firefox appliers
- Add new windows policies mapping capability feature ruled by:
  Software\BaseALT\Policies\GPUpdate\WindowsPoliciesMapping
- Improve drop privileges mechanism with fork and dbus session

- Update to latest stable branch 1.3.x

- updated to 1.0.23

- Change policies.json location for Firefox
- Set GSettings, Chromium and Firefox appliers
  not experimental and enabled by default

- Initial build

- Update to latest release supported cifs.upcall trying to use container
  ipc/uts/net/pid/mnt/user namespaces

- Fix build with configuration error in docs/users_guide/conf.py
- Apply patches to avoid haddock warnings from Fedora
- Set right license name in spec file
- Build with llvm-11.0 on armh and aarch64

- Update to latest release of Samba 4.14 with ensure POSIX default ACL
  is mapped into returned Windows ACL for directory handles and fix
  uninitialized memory read in process_symlink_open() when used with
  vfs_shadow_copy2() for smbd.

- Update to latest release

- winbindd: Fix a startup race with allocate_gid (Samba#14678)

- Update to latest relase with regression fixes

- Build for kernel-image-std-def-5.10.35-alt1.

- Build for kernel-image-un-def-5.11.21-alt1.

- Build for kernel-image-std-def-5.10.35-alt1.

- Build for kernel-image-un-def-5.11.21-alt1.

- 0.17.1

- Rebuild with python3 only

- Update with latest fixes (Samba#14695, Samba#14696)

- Build for kernel-image-std-def-5.10.35-alt1.

- Build for kernel-image-un-def-5.11.21-alt1.

- Update to latest stable release

- Fix backward compatibility to fixed version of libldb with CVE-2021-20254.
- Replace auth and vfs libraries from samba-libs to samba-dc-libs and samba packages.
- Build without separated libnetapi private library.

- Apply internal, domain and service fixes from upstream.
- Add compatibility support of unprivileged mode with "user = _sssd"
  due from sssd-2.4.2 default user is set to root.