Сопровождающий Evgeny Sinelnikov в ветке p10: Информация
Имя сопровождающего: Evgeny Sinelnikov (sin)
Собрано source пакетов в данной ветке: 121
-
- @mono
- @kernel
- @qa_p10
- @python
Последние изменения
15 января 2025 г. 17:21
#366703 отправлено Evgeny Sinelnikov
fix_winbind_for_keytab
The Samba4 CIFS and AD client and server suite
27 декабря 2024 г. Evgeny Sinelnikov:
- gse_krb5: gain root privilege during get server keytab (thx Ivan Volchenko). Fix PAM Winbind kerberos auth requires user access to keytab (Samba#12491).
9 января 2025 г. 16:08
#363898 отправлено Evgeny Sinelnikov
new_security_release
System Security Services Daemon
10 декабря 2024 г. Evgeny Sinelnikov:
- Fix typo in sss_ec_get_key() for OpenSSL older than 3.0.
22 декабря 2024 г. 23:30
#364080 отправлено Evgeny Sinelnikov
ntlmv2_no_password
The Samba4 CIFS and AD client and server suite
4 декабря 2024 г. Evgeny Sinelnikov:
- auth: Don't fallback to NTLMv1 in anonymous connections (thx Ivan Volchenko). Disable "not doing NTLM2 without a password" in function cli_credentials_get_ntlm_response().
7 ноября 2024 г. 17:53
#359574 отправлено Evgeny Sinelnikov
with_cldap_ping_support
Utilities for doing and managing mounts of the Linux CIFS filesystem
12 октября 2024 г. Evgeny Sinelnikov:
- Update to latest stable release supported latest kernel 6.11. - Major fixes from upstream: + LDAP Ping capability (to find the closest site); + smbinfo adds gettconinfo command (allowed dumping session and tcon id); + Various improvements to man pages. - Backport bash completion support for smbinfo (with filestreaminfo, keys, gettconinfo) from Fedora.
6 ноября 2024 г. 14:54
#359561 отправлено Evgeny Sinelnikov
with_pam_canonicalize_user_support
Systemwide PAM config files for Linux-PAM
3 сентября 2024 г. Evgeny Sinelnikov:
5 ноября 2024 г. 16:18
#358067 отправлено Evgeny Sinelnikov
fix_upgrade
NSS API library and admin tools for roles and privilegies
19 сентября 2024 г. Evgeny Sinelnikov:
- Fix control support with various role module using. - Fix not standart setup of libnss-role during upgrade (closes #50704).
1 ноября 2024 г. 0:17
#360140 отправлено Evgeny Sinelnikov
new_samba-4.19-security_release
Обёртка для разделения полномочий
14 июля 2024 г. Evgeny Sinelnikov:
- Updated to new version 1.3.1 (released 2024-06-12) - Fixes from upstream: + Added support to find libc via LIBC_SO define + Fixed uid_wrapper running with jemalloc compiled binaries + Fixed socket_wrapper interaction test + Fixed thread sanitizer on modern Linux Kernels
A library passing all socket communications through Unix sockets
14 июля 2024 г. Evgeny Sinelnikov:
- Updates to new version 1.4.3 (released 2024-06-12) - Fixes from upstream: + Fixed socket_wrapper running with jemalloc compiled binaries + Fixed thread sanitizer on modern Linux Kernels + Fixed swrap_fake_uid_wrapper test
A schema-less, ldap like, API and database
The Samba4 CIFS and AD client and server suite
18 октября 2024 г. Evgeny Sinelnikov:
- Update to security release of Samba 4.19 - Major fixes from upstream (Samba#15590, Samba#15624, Samba#15699, Samba#15280, Samba#15696, Samba#15700): + libldb: performance issue with indexes (ldb 2.8.2 is already released). + DH reconnect error handling can lead to stale sharemode entries. + Incorrect FSCTL_QUERY_ALLOCATED_RANGES response when truncated. + irpc_destructor may crash during shutdown. + Compound SMB2 requests don't return NT_STATUS_NETWORK_SESSION_EXPIRED for all requests, confuses MacOSX clients. + Crash when readlinkat fails.
пересобрано sssd-2.9.4-alt1
System Security Services Daemon
5 октября 2024 г. 8:56
#357991 отправлено Evgeny Sinelnikov
Major_sasl_fix
Active Directory Management Center
21 августа 2024 г. Semyon Knyazev:
- Add password settings object's creation/deletion/edition. Password Settings Container contains these objects and located in the System container (objects tree). - Fix empty parentheses display in the domain info widget for undefined domain controller's version. - Add the ability to view which groups a group is a member of.
20 августа 2024 г. 22:39
#354188 отправлено Evgeny Sinelnikov
Latest_fixes_for_customers
The Samba4 CIFS and AD client and server suite
2 августа 2024 г. Evgeny Sinelnikov:
- Backport from stable release of Samba 4.20 + Samba does not parse SDDL found in defaultSecurityDescriptor in AD_DS_Classes_Windows_Server_v1903.ldf
24 июля 2024 г. 19:02
#351939 отправлено Evgeny Sinelnikov
rebuild_with_new_samba_release
A schema-less, ldap like, API and database
The Samba4 CIFS and AD client and server suite
15 июня 2024 г. Evgeny Sinelnikov:
- Update to maintenance release of Samba 4.19 - Fixes from upstream (Samba#15569, Samba#15625, Samba#14981, Samba#15412, Samba#14981, Samba#15642, Samba#15636, Samba#15611): + ldb qsort might r/w out of bounds with an intransitive compare function (ldb 2.8.1 is already released). + Many qsort() comparison functions are non-transitive, which can lead to out-of-bounds access in some circumstances (ldb 2.8.1 released). + netr_LogonSamLogonEx returns NR_STATUS_ACCESS_DENIED with SysvolReady=0. + Anonymous smb3 signing/encryption should be allowed (similar to Windows Server 2022). + Panic in dreplsrv_op_pull_source_apply_changes_trigger. + winbindd, net ads join and other things don't work on an ipv6 only host. + Smbcacls incorrectly propagates inheritance with Inherit-Only flag. + http library doesn't support 'chunked transfer encoding'.
пересобрано sssd-2.9.4-alt1
System Security Services Daemon
4 июля 2024 г. 22:50
#349474 отправлено Evgeny Sinelnikov
Fix_memory_clean_in_additional_option_implementation
The Samba4 CIFS and AD client and server suite
27 мая 2024 г. Evgeny Sinelnikov:
- Fix clean memory for force dns canonicalize destination hostname option.
15 мая 2024 г. 19:45
#347771 отправлено Evgeny Sinelnikov
Update_for_alt-domain_development
The Samba4 CIFS and AD client and server suite
10 мая 2024 г. Evgeny Sinelnikov:
- Add support separate builds generated with samba-pidl. - Backport latest fixes to maintenance release of Samba 4.19 + Smbcacls incorrectly propagates inheritance with Inherit-Only flag (Samba#15636). + http library doesn't support 'chunked transfer encoding' (Samba#15611).
26 апреля 2024 г. 19:36
#343787 отправлено Evgeny Sinelnikov
update_fixes_and_implement_new_parameter_for_libsmb_client
The Samba4 CIFS and AD client and server suite
9 апреля 2024 г. Evgeny Sinelnikov:
- Update to maintenance release of Samba 4.19 - Fixes from upstream (Samba#15580): + Packet marshalling push support missing for CTDB_CONTROL_TCP_CLIENT_DISCONNECTED and CTDB_CONTROL_TCP_CLIENT_PASSED.
20 февраля 2024 г. 20:56
#335987 отправлено Evgeny Sinelnikov
Update_samba_to_latest_release
The talloc library
A trivial database system
The tevent library
A library passing all socket communications through Unix sockets
20 октября 2023 г. Evgeny Sinelnikov:
- Fixed LFS issues on 32bit platforms - Fixed issue with fnctl() on 32bit - Added openat64() to detect stale fds
A wrapper for the user, group and hosts NSS API
A wrapper for dns name resolving or dns faking
Обёртка для разделения полномочий
A schema-less, ldap like, API and database
The Samba4 CIFS and AD client and server suite
16 января 2024 г. Evgeny Sinelnikov:
- Update to stable release of Samba 4.19 - Fixes from upstream: + net changesecretpw cannot set the machine account password if secrets.tdb is empty (Samba#13577). + Following intermediate abolute share-local symlinks is broken (Samba#15505). ctdb RELEASE_IP causes a crash in release_ip if a connection to a non-public address disconnects first (Samba#15523). + shadow_copy2 broken when current fileset's directories are removed (Samba#15544). + 'force user = localunixuser' doesn't work if 'allow trusted domains = no' is set (Samba#15469). + smbget: debug logging doesn't work (Samba#15525), username in the smburl and interactive password entry doesn't work (Samba#15532), auth function doesn't set values for password prompt correctly (Samba#15538). + Unable to copy and write files from clients to Ceph cluster via SMB Linux gateway with Ceph VFS module (Samba#15440). + Multichannel refresh network information (Samba#15547).
System Security Services Daemon
17 января 2024 г. Evgeny Sinelnikov:
- Update to latest 2.9 major release in long-term maintenance (LTM) phase. - Fixes from upstream: + A crash when PAM passkey processing incorrectly handles non-passkey data. + A workaround was implemented to handle gracefully misbehaving applications that destroy internal state of SSSD client librarires. + An error when rotating KCM's logs was fixed. + Group membership handling when members are coming from different forest domains and using ldap token groups is prohibited. + Files provider was erroneously taking into consideration local_auth_policy config option, thus breaking smartcard authentication of local user in setups that didn't explicitly specify this option.
пересобрано admc-0.15.2-alt1
Active Directory Management Center
пересобрано gpui-0.2.40-alt1
Group policy editor
пересобрано freeipa-4.9.14-alt0.p10.1
The Identity, Policy and Audit system
Extended samba-tool (netcmd) version
19 февраля 2024 г. Evgeny Sinelnikov:
- Add compatibility with stable releases of samba-4.18 and later (closes: 49404). - Replace python3 build to new pyproject_build process.
15 декабря 2023 г. 19:58
#336289 отправлено Evgeny Sinelnikov
fixed_samba_regression_with_obey_pam_restrictions
The Samba4 CIFS and AD client and server suite
12 декабря 2023 г. Evgeny Sinelnikov:
- Replace samba service pam config to samba-common due regression with password authentication in security = user mode with obey pam restrictions = yes.
14 декабря 2023 г. 19:14
#335986 отправлено Evgeny Sinelnikov
Update_to_latest_release
System Security Services Daemon
20 ноября 2023 г. Evgeny Sinelnikov:
- Update to latest 2.9 major release. + KCM: provide mechanism to purge expired credentials. + Default hardening - id_provider channel defaults unencrypted with starttls. + sssd-sudo missing debug statement in its .service file. + SSSD goes offline during initgroups of trusted user if a group is missing SID. + Incorrect handling of reverse IPv6 update results in update failure. + sssd-2.9.2 breaks smart card authentication (on el8). - The proxy provider is now able to handle certificate mapping and matching rules and users handled by the proxy provider can be configured for local Smartcard authentication. - Passkey doesn't fail when using FreeIPA server-side authentication and require-user-verification=false. - When adding a new credential to KCM and the user has already reached their limit, the oldest expired credential will be removed to free some space.
6 декабря 2023 г. 22:26
#332201 отправлено Evgeny Sinelnikov
Rebuild_with_latest_samba_security_release
A trivial database system
The talloc library
The tevent library
A library passing all socket communications through Unix sockets
24 марта 2023 г. Evgeny Sinelnikov:
- Split and place libsocket_wrapper_noop library and it's development files to separate subpackages.
A wrapper for the user, group and hosts NSS API
17 сентября 2022 г. Evgeny Sinelnikov:
- Fixed possible crash in getaddrinfo() - Fixed issues with processes closing all fds when forking - Fixed issues with setgrent() and endpwent() nss module support
A schema-less, ldap like, API and database
The Samba4 CIFS and AD client and server suite
5 декабря 2023 г. Evgeny Sinelnikov:
- Security update of Samba 4.17 with fixes of the Samba CVE for Deleted Object tombstones visible in AD LDAP to normal users (CVE-2018-14628). - Security fixes: + CVE-2018-14628: Wrong ntSecurityDescriptor values for "CN=Deleted Objects" allow read of object tombstones over LDAP (Administrator action required!) CVE-2018-14628.html" target="_blank">https://www.samba.org/samba/security/CVE-2018-14628.html
System Security Services Daemon6 октября 2023 г. Evgeny Sinelnikov:- Update to latest 2.9 major release. - sss_simpleifp library removed due it deprecated. - "Files provider" removed due it deprecated, using "Proxy provider" with proxy_lib_name = files instead. - New passkey functionality, which will allow the use of FIDO2 compliant devices to authenticate a centrally managed user locally. - Default value of cache_first option was changed to true. - sssctl cert-show and cert-show cert-eval-rule can now be run as non-root user. - certmap: Handle type change of x400Address (due to CVE-2023-0286). - New option local_auth_policy is added to control which offline authentication methods will be enabled by SSSD. - SSSD can be configured not to perform a DNS search during DNS name resolution. This behavior is governed by the new dns_resolver_use_search_list in the domain section. Default value is true (follows the system settings).
пересобрано freeipa-4.9.11-alt0.p10.1The Identity, Policy and Audit systemпересобрано admc-0.14.0-alt1Active Directory Management Centerпересобрано gpui-0.2.34-alt1Group policy editorA GSSAPI/SPNEGO authentication handler for python-requestsCertificate Enrollment through CEP/CES21 марта 2023 г. Evgeny Sinelnikov:- Add support the openssl security level6 декабря 2023 г. 9:56#333866 отправлено Evgeny Sinelnikov
security_updateAllows command execution as another user8 ноября 2023 г. Evgeny Sinelnikov:- Update to latest stable bugfix and security release (fixes: CVE-2023-42465): + The sudoers plugin has been modified to make it more resilient to ROWHAMMER attacks on authentication and policy matching. + The sudoers plugin now constructs the user time stamp file path name using the user-ID instead of the user name. This avoids a potential problem with user names that contain a path separator ('/') being interpreted as part of the path name. A similar issue in sudo-rs has been assigned CVE-2023-42456. - Fixes in behavior: + The visudo utility will no longer create an empty file when the specified sudoers file does not exist and the user exits the editor without making any changes (GitHub#294). + Fixed a bug where output could go to the wrong terminal if "use_pty" is enabled (the default) and the standard input, output or error is redirected to a different terminal. Bug #1056. + A path separator ('/') in a user, group or host name is now replaced with an underbar character ('_') when expanding escapes in @include and @includedir directives as well as the "iolog_file" and "iolog_dir" sudoers Default settings. - Fixes in user output: + Running "sudo -ll command" now produces verbose output that includes matching rule as well as the path to the sudoers file the matching rule came from. + Changes to terminal settings are now performed atomically, where possible. If the command is being run in a pseudo-terminal and the user's terminal is already in raw mode, sudo will not change the user's terminal settings. This prevents concurrent sudo processes from restoring the terminal settings to the wrong values (GitHub#312). + Better log message when rejecting a command if the "intercept" option is enabled and the "intercept_allow_setid" option is disabled. Previously, "command not allowed" would be logged and the user had no way of knowing what the actual problem was. - Fixes in logging: + The sudoers source is now logged in the JSON event log. This makes it possible to tell which rule resulted in a match. + Sudo will now log the invoking user's environment as "submitenv" in the JSON logs. The command's environment ("runenv") is no longer logged for commands rejected by the sudoers file or an approval plugin. + The sudo_logsrvd server will now raise its open file descriptor limit to the maximum allowed value when it starts up. Each connection can require up to nine open file descriptors so the default soft limit may be too low. - Fixed regressions: + Fixed the warning message for "sudo -l command" when the command is not permitted. There was a missing space between "list" and the actual command due to changes in sudo 1.9.14. + The "intercept_verify" sudoers option is now only applied when the "intercept" option is set in sudoers. Previously, it was also applied when "log_subcmds" was enabled. Sudo 1.9.14 contained an incorrect fix for this. + Reverted a change from sudo 1.9.4 that resulted in PAM session modules being called with the environment of the command to be run instead of the environment of the invoking user (GitHub#318).3 ноября 2023 г. 9:51#332214 отправлено Evgeny Sinelnikov
Update_for_current_firefox_releasesFirefox-specific ADMX policy templates20 октября 2023 г. Evgeny Sinelnikov:- Update Policy templates for Firefox 114 and Firefox ESR 102.1225 сентября 2023 г. 22:13#329662 отправлено Evgeny Sinelnikov
fix_systemd-networkdalterator module for tcp/ip connections configuration15 сентября 2023 г. Evgeny Sinelnikov:- Fix systemd-networkd cache initialization25 августа 2023 г. 16:51#327269 отправлено Evgeny Sinelnikov
New_package_with_licensesTexts of various distribution licenses17 августа 2023 г. Anton Midyukov:- ALT_Regular_License: clean STATUS, adjust variables to be clear, add p10 branch28 июля 2023 г. 21:20#325414 отправлено Evgeny Sinelnikov
compatibility_updateThe Samba4 CIFS and AD client and server suite23 июля 2023 г. Evgeny Sinelnikov:- Add check with admx-lint for group policy templates validation.18 июля 2023 г. 21:10#324836 отправлено Evgeny Sinelnikov
Update_to_new_releaseAllows command execution as another user14 июля 2023 г. Evgeny Sinelnikov:- Disable build of shared libutil. - Enable build with static sudoers.7 июля 2023 г. 17:46#324183 отправлено Evgeny Sinelnikov
New_PAM_compatibility_modulePAM module that uses login name configured through NSS4 июля 2023 г. Evgeny Sinelnikov:- Initial build for Sisyphus.15 июня 2023 г. 16:47#322110 отправлено Evgeny Sinelnikov
Update_to_new_releaseAllows command execution as another user17 апреля 2023 г. Evgeny Sinelnikov:- Update to latest stable release with regressions. - Fixed a bug that could cause sudo to hang when running a command in a pseudo-terminal when there is still input buffered after a command has exited. - Fixed regressions in sudo 1.9.13: + Fixed a bug introduced in sudo 1.9.13 that caused a syntax error when "list" was used as a user or host name (GitHub #246). + Fixed "sudo -U otheruser -l command" (GitHub #248). + Fixed "sudo -l command args" when matching a command in sudoers with command line arguments (GitHub #249).14 апреля 2023 г. 18:47#317735 отправлено Evgeny Sinelnikov
Security_updateA schema-less, ldap like, API and databaseThe Samba4 CIFS and AD client and server suite29 марта 2023 г. Evgeny Sinelnikov:- Update to security release of Samba 4.16 with update libldb to 2.5.3: + ldb wildcard matching makes excessive allocations (Samba#15331). - Security fixes (Samba#15270, Samba#15315): + CVE-2023-0922: The Samba AD DC administration tool, when operating against a remote LDAP server, will by default send new or reset passwords over a signed-only connection. CVE-2023-0922.html" target="_blank">https://www.samba.org/samba/security/CVE-2023-0922.html + CVE-2023-0614: The fix in 4.6.16, 4.7.9, 4.8.4 and 4.9.7 for CVE-2018-10919 Confidential attribute disclosure via LDAP filters was insufficient and an attacker may be able to obtain confidential BitLocker recovery keys from a Samba AD DC. Installations with such secrets in their Samba AD should assume they have been obtained and need replacing. CVE-2023-0614.html" target="_blank">https://www.samba.org/samba/security/CVE-2023-0614.html
пересобрано sssd-2.8.1-alt1System Security Services Daemon13 апреля 2023 г. 19:34#317242 отправлено Evgeny Sinelnikov
Update_to_new_releaseActive Directory Management Center22 марта 2023 г. Evgeny Sinelnikov:- Indents at selected OU's widget with policies list are minimized. - Ellipsis for too long names in description bar is added. Label is located to the right of the tree with chosen object. Tool tip for that label is added. Tool tip contains full object name. - Attribute groupType display and edit are changed from decimal to hexadecimal. Attribute value also contains flag names that were set. - Error dialog after critical policy selection is removed. Error is displayed in log now. Dialog error messages after critical policy deletion attempt are clarified. - Russian language is removed from english logs and vice versa. - Block inheritance indicator is added to OU's icon from group policy objects. - Enforced link indicator is added to policy icon from group policy objects. - Disabled policies appearence changing is added to policies from group policy objects. Policy item icon changes appearance (fades) after group policy link disabling. - Policy link indicator is added to policy icon from group policy objects. Indicator is located in left bottom policy icon corner. - Policies that are linked to domain is visible in group policy objects now. - Group policy objects order is changed. Policies is placed higher than OUs now.27 марта 2023 г. 15:16#317035 отправлено Evgeny Sinelnikov
Fix_works_with_pam_winbindГрафическая утилита для смены пароля20 марта 2023 г. Evgeny Sinelnikov:- Support for pam_winbind (aka NT password) (Closes: #45513) - Update russian translation, reconvert it to UTF-815 марта 2023 г. 22:53#315989 отправлено Evgeny Sinelnikov
Revert_with_security_fixesPostgreSQL client programs and libraries (edition for 1C 8.3.13 and later)7 марта 2023 г. Evgeny Sinelnikov:- Add conflicts to another postgresql versions subpackages with same major version (closes: 45507).15 марта 2023 г. 22:40#315936 отправлено Evgeny Sinelnikov
update_to_new_releaseAllows command execution as another user27 февраля 2023 г. Evgeny Sinelnikov:- Update to latest stable release. - Fix run_time message validation in logsrvd. - Fixed a potential double-free bug when matching a sudoers rule that contains a per-command chroot directive (CHROOT=dir).2 марта 2023 г. 3:43#315490 отправлено Evgeny Sinelnikov
security_updateThe Samba4 CIFS and AD client and server suite20 февраля 2023 г. Evgeny Sinelnikov:- Update to maintenance release of Samba 4.16 - Security fixes: + CVE-2022-38023: Samba should refuse RC4 (aka md5) based SChannel on NETLOGON (Samba#15240). - Major fixes: + smbc_getxattr() return value is incorrect (Samba#14808). + samba-tool gpo listall fails IPv6 only - finddcs() fails to find DC when there is only an AAAA record for the DC in DNS (Samba#15226). + smbd crashes if an FSCTL request is done on a stream handle (Samba#15236). + auth3_generate_session_info_pac leaks wbcAuthUserInfo (Samba#15286). + Leak in wbcCtxPingDc2 (Samba#15164). + irpc_destructor may crash during shutdown (Samba#15280). - Share enumeration (netshareenum) fixes: + %U for include directive doesn't work for share listing (Samba#15243). + Shares missing from netshareenum response in samba 4.17.4 (Samba#15266). + Access based share enum does not work in Samba 4.16+ (Samba#15265). + Crash during share enumeration (Samba#15267).28 января 2023 г. 12:36#313932 отправлено Evgeny Sinelnikov
Latest_security_releaseAllows command execution as another user22 января 2023 г. Evgeny Sinelnikov:- Update to latest stable bugfix and security release (closes: 44965). - Fixed a compilation error on Linux/aarch64 (GitHub#197). - Fixed a potential crash introduced in the fix for (GitHub#134): + If a user's sudoers entry did not have any RunAs user's set, running "sudo -U otheruser -l" would dereference a NULL pointer. - Fixed a bug introduced in sudo 1.9.12 that could prevent sudo from creating a I/O files when the "iolog_file" sudoers setting contains six or more Xs. - Fixed security issue (fixes: CVE-2023-22809), a flaw in sudo's -e option (aka sudoedit) that could allow a malicious user with sudoedit privileges to edit arbitrary files.12 января 2023 г. 23:11#313093 отправлено Evgeny Sinelnikov
Update_to_new_releaseActive Directory Management Center10 января 2023 г. Evgeny Sinelnikov:- Fix race condition problems with AdInterface.30 декабря 2022 г. 16:25#311557 отправлено Evgeny Sinelnikov
Update_to_new_releaseGPT applierBaseALT-specific ADMX policy templates29 декабря 2022 г. Evgeny Sinelnikov:- Add user policies for drive maps symlinks in home directory. - Add warning when disabling network manager. - Fix correction of option name open ldap tls connections in russian. - Fix typo in cups.service
YandexBrowser-specific ADMX policy templatesChromium-specific ADMX policy templatesFirefox-specific ADMX policy templates25 октября 2022 г. Evgeny Sinelnikov:- Update Policy templates for Firefox 106 and Firefox ESR 102.4 - This release contains some typo fixes and new Russian translations thanks to lepata@23 декабря 2022 г. 16:32#311661 отправлено Evgeny Sinelnikov
Update_to_new_releaseBaseALT-specific ADMX policy templates13 декабря 2022 г. Evgeny Sinelnikov:- Add control for Yandex Browser group policies mechanism. - Improve group policies mechanisms display names and help descriptions.22 декабря 2022 г. 14:32#311615 отправлено Evgeny Sinelnikov
Update_to_new_releaseActive Directory Management Center13 декабря 2022 г. Evgeny Sinelnikov:- Action menu: Block inheritance feature is added to organizational unit context menu. Also limited group policy tab is returned. - Console: Bug with empty group policy object crushing is fixed. - Console: Non-deletable group policy containers dont dissapear from GUI after deletion attempt now. Warning message popups instead of error log dialog. - Misc: "Order" column is added to policy organizational unit results. Sort is performed with this column by default. - Console: Fix crash in policy tree after changing properties for organizational units. - Misc: Fix description bar squishing scope pane, when selected item's name is too long and description bar needs to display it. - Toolbar: Fix icons for "create" actions for organizational units, users and groups in toolbar. - Misc: Add trimming to full name autofill. - Misc: Add trimming to attribute sAMAccountName edit in create dialog for computers. - Misc: Add "find gpo" action to policy tree. It implements group policy objects search functional. - Misc: Improve "Import Query" action. So it's possible to import multiple queries at the same time.14 декабря 2022 г. 17:48#311076 отправлено Evgeny Sinelnikov
Avoid_cycle_dependenciesThe Samba4 CIFS and AD client and server suite12 декабря 2022 г. Evgeny Sinelnikov:- Update text of summary for role-usershares and smb-conf-usershares. - Update default usershare prefix allow and deny lists: + usershare prefix deny list = /etc /dev /sys /proc + usershare prefix allow list = /home /srv /mnt /media /var - Add new controls for samba-usershares: + smb-conf-usershare-allow-list + smb-conf-usershare-deny-list + smb-conf-usershare-owner-only + smb-conf-usershare-allow-guests7 декабря 2022 г. 19:35#310866 отправлено Evgeny Sinelnikov
Update_with_usershares_fixThe Samba4 CIFS and AD client and server suite29 ноября 2022 г. Evgeny Sinelnikov:- Add role-usershares control allow or disallow for group users using of samba usershares as privilege. - Add compatibility support for sambashare group as common privilege assigned to usershares group (Closes: #44379).
default configs for alterator modules22 ноября 2022 г. Evgeny Sinelnikov:- Update samba defaults from samba-4.16.6-alt1 release. - Update restore script with default configuration files actually placed in default directory as in the user's system.1 декабря 2022 г. 20:35#309178 отправлено Evgeny Sinelnikov
Fix_latest_upsteam_regressionSystem Security Services Daemon7 ноября 2022 г. Evgeny Sinelnikov:- Update to latest 2.8 major release. - Important fixes: + A regression when running sss_cache when no SSSD domain is enabled would produce a syslog critical message was fixed. + Several fixes in D-Bus infopipe functions: ListByName(), Groups.ListByName() and Groups.ListByDomainAndName().10 ноября 2022 г. 22:01#309086 отправлено Evgeny Sinelnikov
security_updateThe Samba4 CIFS and AD client and server suite7 ноября 2022 г. Evgeny Sinelnikov:- Don't treat a missing include file as an error in handle_include(). This behavior differs between the source3 and source4 parts of Samba. So, it should be the same and just not an error (Closes #44214).2 ноября 2022 г. 18:54#309177 отправлено Evgeny Sinelnikov
compatibility_updateSystem Security Services Daemon29 октября 2022 г. Evgeny Sinelnikov:- Redesign become_user patch to should assign supplementary groups for server part of code only (due race condition in krb5_child, for example).20 октября 2022 г. 19:17#308586 отправлено Evgeny Sinelnikov
Update_to_latest_releaseSystem Security Services Daemon15 октября 2022 г. Evgeny Sinelnikov:- AD GPO: Fix support processing referrals for hostname - New features + Introduced the dbus function org.freedesktop.sssd.infopipe.Users.ListByAttr(attr, value, limit) listing upto limit users matching the filter attr=value. + sssctl is now able to create, list and delete indexes on the local caches. Indexes are useful for the new D-Bus ListByAttr() function. + sssctl is now able to read and set each component's debug level independently. - Important fixes + domains option in [sssd] section can now be completely omitted if domains are enabled via domains/enabled option. - New options: + core_dumpable, ldap_enumeration_refresh_offset, subdomain_refresh_interval_offset, dyndns_refresh_interval_offset refresh_expired_interval_offset, ldap_purge_cache_offset. - Configuration changes: + Option 'ad_machine_account_password_renewal_opts' now accepts an optional third part as the maximum deviation in the provided period (first part) and initial delay (second part). If the period and initial delay are provided but not the offset, the offset is assumed to be 0. If no part is provided, the default is 86400:750:300. + override_homedir now recognizes the %h template which is replaced by the original home directory retrieved from the identity provider, but in lower case.
Active Directory enrollment17 октября 2022 г. Evgeny Sinelnikov:- Add support LDAP add/mod operation to set/change password: + fix unable to join to active directory after KB5008380/CVE-2021-42287 with option '--ldap-passwd'; + https://gitlab.freedesktop.org/realmd/adcli/-/issues/27 - Add support fall back to LDAPS if CLDAP ping was not successful + If the --use-ldaps option is used and there is no reply on the CLDAP 389/udp port adcli will try to send the request to the LDAPS port 636/tcp. - Fix write SID before secret to Samba's db looks like 'net changesecretpw' - Add passwd-user sub-command for (re)set a user password. - Add dont-expire-password option for computer.17 октября 2022 г. 18:11#306001 отправлено Evgeny Sinelnikov
Update_to_new_group_policy_releseALT Local Policies Default templates26 августа 2022 г. Evgeny Sinelnikov:- New directory /etc/local-policy-system with Local Group Policy Template (GPT) - Add control local-policy-system-access
BaseALT-specific ADMX policy templatesFirefox-specific ADMX policy templates14 сентября 2022 г. Evgeny Sinelnikov:- Update Policy templates for Firefox 103 and Firefox ESR 102.1 - While these templates will work for Firefox ESR 91, they contain new policies that are not in Firefox ESR 91: + ExemptDomainFileTypePairsFromFileTypeDownloadWarnings + StartDownloadsInTempDirectory + UseSystemPrintDialog
Chromium-specific ADMX policy templatesGPT applier30 сентября 2022 г. Valery Sinelnikov:- Fixed formation of the correct path for creating a user directory
Group policy editor29 сентября 2022 г. Vladimir Rubanov:- Fixes: + #84127 Fix invalid types for list enums. + #76835 Fix message on policy state change.26 сентября 2022 г. 20:24#306744 отправлено Evgeny Sinelnikov
Update_with_latest_releases_for_samba_dcA trivial database systemThe tevent libraryA schema-less, ldap like, API and databaseThe Samba4 CIFS and AD client and server suite12 сентября 2022 г. Evgeny Sinelnikov:- Update to latest stable release of Samba 4.16 - Major fixes: + Possible use after free of connection_struct when iterating smbd_server_connection->connections (Samba#15128). + Spotlight RPC service returns wrong response when Spotlight is disabled on a share (Samba#15086). + acl_xattr VFS module may unintentionally use filesystem permissions instead of ACL from xattr (Samba#15126). + Missing SMB2-GETINFO access checks from MS-SMB2 3.3.5.20.1. assert failed: !is_named_stream(smb_fname)") at ../../lib/util/fault.c:197 (Samba#15153). + Missing READ_LEASE break could cause data corruption (Samba#15148). + rpcclient can crash using setuserinfo(2) (Samba#15124). + Samba fails to build with glibc 2.36 caused by including <sys/mount.h> in libreplace (Samba#15132). + SMB1 negotiation can fail to handle connection errors (Samba#15152). + samba-tool domain join segfault when joining a samba ad domain (Samba#15078).
System Security Services Daemon7 сентября 2022 г. Evgeny Sinelnikov:- Update to latest 2.7 major release. - Lock-free client support will be only built if libc provides pthread_key_create() and pthread_once(). For glibc this means version 2.34+ - Add requirement of adcli to sssd-ad.
Active Directory Management Centerпересобрано freeipa-4.9.10-alt0.p10.1The Identity, Policy and Audit system7 сентября 2022 г. 16:05#306006 отправлено Evgeny Sinelnikov
Update_to_security_releaseUtilities for doing and managing mounts of the Linux CIFS filesystem31 августа 2022 г. Evgeny Sinelnikov:- Update to stable release 6.15 (Samba#15025, Samba#15026) - mount.cifs: fix length check for ip option parsing (fixes: CVE-2022-27239) - mount.cifs: fix verbose messages on option parsing (fixes: CVE-2022-29869)15 августа 2022 г. 22:04#302667 отправлено Evgeny Sinelnikov
Update_to_latest_maintaince_releaseA trivial database system6 марта 2022 г. Evgeny Sinelnikov:- Apply patch libtdb-revert-breaking-tdb.h.patch from fedora (resolved sssd#5793 on github, rhbz#1983011)
The talloc libraryThe tevent libraryA schema-less, ldap like, API and databaseThe Samba4 CIFS and AD client and server suite31 июля 2022 г. Evgeny Sinelnikov:- Update to security release of Samba 4.15 - Security fixes: + CVE-2022-2031: Samba AD users can bypass certain restrictions associated with changing passwords (Samba#15047). + CVE-2022-32744: Samba AD users can forge password change requests for any user (Samba#15074). + CVE-2022-32745: Samba AD users can crash the server process with an LDAP add or modify request (Samba#15008). + CVE-2022-32746: Samba AD users can induce a use-after-free in the server process with an LDAP add or modify request (Samba#15009). + CVE-2022-32742: Server memory information leak via SMB1 (Samba#15085).
C-language implementation of Javascript Object Signing and EncryptionSystem Security Services Daemon15 июля 2022 г. Evgeny Sinelnikov:- Update to latest 2.7 major release: + CLIENT: use thread local storage for socket to a.void the need for a lock. + SSS_CLIENT: got rid of code duplication. + SSS_CLIENT: mem-cache: fixed missing error code. + PAM P11: fixed minor mem-leak.
пересобрано freeipa-4.9.7-alt1The Identity, Policy and Audit systemпересобрано admc-0.9.0-alt1AD editor1 августа 2022 г. 18:13#304143 отправлено Evgeny Sinelnikov
Fix_running_applicationA free interior design application, with a 3D preview22 июля 2022 г. Evgeny Sinelnikov:- update to new version - add JAVA_HOME to run script (closed: 43326)20 июля 2022 г. 14:43#303677 отправлено Evgeny Sinelnikov
Fix_checking_Well-known_SIDs_and_update_the_computer_account_passwordAlterator module for system wide auth settings12 июля 2022 г. Evgeny Sinelnikov:- task-auth-ad-sssd: add requires for sssd-tools and adcli for machine password19 июля 2022 г. 17:54#303843 отправлено Evgeny Sinelnikov
Fix_libcryptopp_regressionaMule - eMule client.26 апреля 2022 г. Anton Midyukov:- build with stable wxGTK3.011 июля 2022 г. 19:08#302743 отправлено Evgeny Sinelnikov
Fix_backup_restoreThe Samba4 CIFS and AD client and server suite28 июня 2022 г. Evgeny Sinelnikov:- Fix samba-tool domain backup DC with forced local samdb.