From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.1 (2015-04-28) on sa.local.altlinux.org X-Spam-Level: X-Spam-Status: No, score=-3.3 required=5.0 tests=BAYES_00,RP_MATCHES_RCVD autolearn=ham autolearn_force=no version=3.4.1 Date: Sat, 4 Dec 2021 00:18:18 +0000 From: QA Team Robot To: sisyphus-cybertalk@lists.altlinux.org Message-ID: Mail-Followup-To: sisyphus-cybertalk@lists.altlinux.org MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Subject: [cyber] I: p9/branch packages: +13 (18259) X-BeenThere: sisyphus-cybertalk@lists.altlinux.org X-Mailman-Version: 2.1.12 Precedence: list Reply-To: devel@lists.altlinux.org List-Id: ALT Linux Sisyphus cybertalk List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 04 Dec 2021 00:18:21 -0000 Archived-At: List-Archive: 13 UPDATED packages admc - AD editor * Wed Dec 01 2021 Dmitry Degtyarev 0.8.2-alt1 - Build for admc-0.8.2-alt1. * Thu Aug 05 2021 Dmitry Degtyarev 0.6.4-alt1 Note: changelog entry for 0.8.0-alt1 not found. kernel-image-rpi-def - The Linux kernel (the core of the Linux operating system) * Tue Nov 30 2021 Dmitry Terekhin 1:5.10.81-alt1 - Updated to 5.10.81 (still RPi-specific) - https://github.com/raspberrypi/linux.git rpi-5.10.y - commit e16e31540935728ce57f22a1de56e8b2da5dd33b - CONFIG_NF_TABLES=m - Add some NFT modules - (closes: 41084) - Build for armh is off * Thu Oct 07 2021 Dmitry Terekhin 1:5.10.63-alt1 libldb - A schema-less, ldap like, API and database * Sun Nov 07 2021 Evgeny Sinelnikov 2.3.2-alt1 - Update to the 2.3.2 with backported all C code changes from ldb-2.4.1 - Fix overflow timestring test for 32 bits platforms * Sun Nov 07 2021 Evgeny Sinelnikov 2.3.1-alt2 - Fix libtdb, libtalloc and libtevent requires for libldb * Tue Nov 02 2021 Evgeny Sinelnikov 2.3.1-alt1 - Update to the 2.3.1 for latest samba-4.14.9 security release * Wed Mar 24 2021 Evgeny Sinelnikov 2.3.0-alt1 netcmdplus - Extended samba-tool (netcmd) version * Sat Nov 13 2021 Evgeny Sinelnikov 0.1.2-alt2 - Add support samba-tool-plus alternatives for various samba-dc and samba-dc-mitkrb5 builds with Heimdal and MIT Kerberos respectively. * Wed Jul 21 2021 Evgeny Sinelnikov 0.1.2-alt1 pam_wrapper - A tool to test PAM applications and PAM modules * Mon Nov 01 2021 Evgeny Sinelnikov 1.1.4-alt1 - new version 1.1.4 * Wed Apr 28 2021 Arseny Maslennikov 1.1.3-alt1.1 - NMU: spec: adapted to new cmake macros. * Thu Aug 13 2020 Anton Farygin 1.1.3-alt1 postgresql10 - PostgreSQL client programs and libraries [13M] * Wed Nov 10 2021 Alexei Takaseev 10.19-alt0.M90P.1 - 10.19 (Fixes CVE-2021-23214, CVE-2021-23222) * Wed Aug 11 2021 Alexei Takaseev 10.18-alt0.M90P.1 postgresql11 - PostgreSQL client programs and libraries [13M] * Wed Nov 10 2021 Alexei Takaseev 11.14-alt0.M90P.1 - 11.14 (Fixes CVE-2021-23214, CVE-2021-23222) * Wed Aug 11 2021 Alexei Takaseev 11.13-alt0.M90P.1 postgresql12 - PostgreSQL client programs and libraries [14M] * Wed Nov 10 2021 Alexei Takaseev 12.9-alt0.M90P.1 - 12.9 (Fixes CVE-2021-23214, CVE-2021-23222) * Wed Aug 11 2021 Alexei Takaseev 12.8-alt0.M90P.1 postgresql12-1C - PostgreSQL client programs and libraries (edition for 1C 8.3.13 and later) [14M] * Wed Nov 10 2021 Alexei Takaseev 12.7-alt0.M90P.3 - Fixes CVE-2021-23214, CVE-2021-23222 * Wed Aug 11 2021 Alexei Takaseev 12.7-alt0.M90P.2 postgresql9.6 - PostgreSQL client programs and libraries [12M] * Wed Nov 10 2021 Alexei Takaseev 9.6.24-alt0.M90P.1 - 9.6.24 (Fixes CVE-2021-23214, CVE-2021-23222) * Wed Aug 11 2021 Alexei Takaseev 9.6.23-alt0.M90P.1 samba - The Samba4 CIFS and AD client and server suite [19M] * Sat Nov 13 2021 Evgeny Sinelnikov 4.14.10-alt2 - Add support samba-tool-plus alternative for samba-dc build with heimdal. * Sun Nov 07 2021 Evgeny Sinelnikov 4.14.10-alt1 - Update to latest security release of Samba 4.14 - Security fixes: + CVE-2016-2124: SMB1 client connections can be downgraded to plaintext authentication. https://www.samba.org/samba/security/CVE-2016-2124.html + CVE-2020-25717: A user on the domain can become root on domain members. https://www.samba.org/samba/security/CVE-2020-25717.html + CVE-2020-25718: Samba AD DC did not correctly sandbox Kerberos tickets issued by an RODC. https://www.samba.org/samba/security/CVE-2020-25718.html + CVE-2020-25719: Samba AD DC did not always rely on the SID and PAC in Kerberos tickets. https://www.samba.org/samba/security/CVE-2020-25719.html + CVE-2020-25721: Kerberos acceptors need easy access to stable AD identifiers (eg objectSid). https://www.samba.org/samba/security/CVE-2020-25721.html + CVE-2020-25722: Samba AD DC did not do suffienct access and conformance checking of data stored. https://www.samba.org/samba/security/CVE-2020-25722.html + CVE-2021-3738: Use after free in Samba AD DC RPC server. https://www.samba.org/samba/security/CVE-2021-3738.html + CVE-2021-23192: Subsequent DCE/RPC fragment injection vulnerability. https://www.samba.org/samba/security/CVE-2021-23192.html * Sun Nov 07 2021 Evgeny Sinelnikov 4.14.9-alt2 - Rebuild with updated ldb-2.3.2 with backported all C code changes from ldb-2.4.1 to be available for Samba 4.14.x. * Mon Nov 01 2021 Evgeny Sinelnikov 4.14.9-alt1 - Update to latest security release of Samba 4.14 - Backport bronze bit fixes, tests, and selftest improvements. Provide a fix for MS in Samba [SECURITY] 'Bronze bit' S4U2Proxy Constrained Delegation bypass in Samba with embedded Heimdal (Fixes: CVE-2020-17049). * Wed Oct 06 2021 Evgeny Sinelnikov 4.14.8-alt1 socket_wrapper - A library passing all socket communications through Unix sockets * Thu Jul 29 2021 Evgeny Sinelnikov 1.3.3-alt1 - Update to latest release with support for fd-passing via unix sockets - Add public libsocket_wrapper_noop library * Sun Feb 07 2021 Evgeny Sinelnikov 1.2.5-alt1 sssd - System Security Services Daemon * Mon Nov 15 2021 Evgeny Sinelnikov 2.6.1-alt2 - Revert reverted patch with change owner/permissions of user deskprofile path due it still needed. * Wed Nov 10 2021 Evgeny Sinelnikov 2.6.1-alt1 - Update to 2.6.1 stable release. - Revert "Don't change owner/permissions of user deskprofile path" patch due CAP_DAC_OVERRIDE was added to systemd configs in 2.4.2 release. * Sun Nov 07 2021 Evgeny Sinelnikov 2.6.0-alt1 - Update to 2.6.0 (with upstream fixes from master - 7bfdd3db8e4c). - Security issue in the sssctl command - shell command injection via the logs-fetch and cache-expire subcommands (fixes: CVE-2021-3621). - pam_sss: Allow offline authentication against non-ipa-desktopprofiles aware DC - Add filter for Active Directory trusted domains which are not trusted (one-way trust) or are from a different forest (direct trust). Both should be ignored because they are not trusted or can currently not be handled properly. * Fri Oct 29 2021 Andrew A. Vasilyev 2.5.2-alt2 - FTBFS: disable LTO * Thu Jul 29 2021 Evgeny Sinelnikov 2.5.2-alt1 - Update to 2.5.2: + auto_private_groups option can be set centrally through ID range setting in IPA (see ipa idrange commands family). + Default value of ldap_sudo_random_offset changed to 0 (disabled). + originalADgidNumber attribute in the SSSD cache is now indexed. + Add new config option fallback_to_nss. * Fri May 14 2021 Evgeny Sinelnikov 2.5.0-alt1 - Update to 2.5.0: + Deprecated support of secrets, local-provider, libwbclient, pcre1. + Added support for automatic renewal of renewable TGTs stored in KCM cache. + Backround sudo periodic tasks (smart and full refresh) periods are now extended by a random offset. + Completing a sudo full refresh now postpones the smart refresh by ldap_sudo_smart_refresh_interval value. + Besides trusted domains known by the forest root, trusted domains known by the local domain are used as well. + New configuration option offline_timeout_random_offset to control random factor in backend probing interval when SSSD is in offline mode. * Fri May 07 2021 Evgeny Sinelnikov 2.4.2-alt2 Total 18259 source packages.