From: QA Team Robot <qa@altlinux.org> To: sisyphus-cybertalk@lists.altlinux.org Subject: [cyber] I: p10/branch packages: -1 +18 (18722) Date: Wed, 21 Feb 2024 00:16:55 +0000 Message-ID: <ZdVA932ft7beRGT/@beehive.mskdc.altlinux.org> (raw) 1 REMOVED package telegram-desktop 3.2.5-alt1.1 18 UPDATED packages bind - ISC BIND - DNS server * Tue Feb 13 2024 Stanislav Levin <slev@altlinux> 9.16.48-alt1 - 9.16.44 -> 9.16.48. * Wed Sep 20 2023 Stanislav Levin <slev@altlinux> 9.16.44-alt1 bind-dyndb-ldap - LDAP back-end plug-in for BIND * Wed Feb 14 2024 Stanislav Levin <slev@altlinux> 11.10-alt5 - Fixed build with bind 9.18.24. * Tue Oct 24 2023 Stanislav Levin <slev@altlinux> 11.10-alt4 - Fixed build with bind 9.18.19. * Mon Jan 16 2023 Stanislav Levin <slev@altlinux> 11.10-alt3 branding-alt-workstation - System/Base * Wed Feb 14 2024 Mikhail Efremov <sem@altlinux> 10.2-alt1 - slideshow: Fix Telegram link. - indexhtml: Fix Telegram link. - indexhtml: Add mail lists link. * Tue Dec 26 2023 Mikhail Efremov <sem@altlinux> 10.1.990-alt1 glpi - IT and asset management software [55M] * Fri Feb 02 2024 Pavel Zilke <zidex@altlinux> 10.0.12-alt1 - New version 10.0.12 - This release fixes a security issue that has been recently discovered. Update is recommended! - Security fixes: + CVE-2024-23645 : Reflected XSS in reports pages + CVE-2023-51446 : LDAP Injection during authentication () * Tue Dec 19 2023 Pavel Zilke <zidex@altlinux> 10.0.11-alt2 libldb - A schema-less, ldap like, API and database * Mon Nov 06 2023 Evgeny Sinelnikov <sin@altlinux> 2.8.0-alt1 - Update to the 2.8.0 for samba-4.19.x releases * Tue Jul 11 2023 Evgeny Sinelnikov <sin@altlinux> 2.7.2-alt1 - Update to the 2.7.2 for samba-4.18.x releases * Wed Mar 29 2023 Evgeny Sinelnikov <sin@altlinux> 2.6.2-alt1 libtalloc - The talloc library * Mon Nov 06 2023 Evgeny Sinelnikov <sin@altlinux> 1:2.4.1-alt1 - Update to latest release for samba-4.19 * Tue Sep 26 2023 Ivan A. Melnikov <iv@altlinux> 1:2.4.0-alt1.1 - NMU: drop python2 from BR * Mon May 29 2023 Grigory Ustinov <grenka@altlinux> 1:2.4.0-alt1 - Build new version for python3.11 (release for samba-4.18). * Sat Sep 17 2022 Evgeny Sinelnikov <sin@altlinux> 1:2.3.4-alt1 libtdb - A trivial database system * Mon Nov 06 2023 Evgeny Sinelnikov <sin@altlinux> 1.4.9-alt1 - Update to release for samba-4.19 * Mon May 29 2023 Grigory Ustinov <grenka@altlinux> 1.4.8-alt1 - Build new version for python3.11 (release for samba-4.18). * Sat Sep 17 2022 Evgeny Sinelnikov <sin@altlinux> 1.4.7-alt1 libtevent - The tevent library * Mon Nov 06 2023 Evgeny Sinelnikov <sin@altlinux> 0.15.0-alt1 - New version for samba-4.19 * Wed Nov 01 2023 Evgeny Sinelnikov <sin@altlinux> 0.14.1-alt1 - New version for samba-4.18 * Mon Aug 07 2023 Ivan A. Melnikov <iv@altlinux> 0.14.0-alt2 - NMU: fix and re-enable checks * Mon May 29 2023 Grigory Ustinov <grenka@altlinux> 0.14.0-alt1 - Build new version for python3.11. - Build without check. * Sat Sep 17 2022 Evgeny Sinelnikov <sin@altlinux> 0.13.0-alt1 netcmdplus - Extended samba-tool (netcmd) version * Mon Feb 19 2024 Evgeny Sinelnikov <sin@altlinux> 0.1.3-alt1 - Add compatibility with stable releases of samba-4.18 and later (closes: 49404). - Replace python3 build to new pyproject_build process. * Sat Nov 13 2021 Evgeny Sinelnikov <sin@altlinux> 0.1.2-alt2 nss_wrapper - A wrapper for the user, group and hosts NSS API * Fri Mar 24 2023 Evgeny Sinelnikov <sin@altlinux> 1.1.15-alt2 - Fix cmocka >= 1.1.6 find_package() * Fri Mar 24 2023 Evgeny Sinelnikov <sin@altlinux> 1.1.15-alt1 - Fixed linking issue in tests - Fixed a memory leak in tests - Fixed implementation of initgroups() - Fixed implementation of getgrouplist() - Avoid dclose(RTLD_NEXT) - Fixed possible mutex and threading issues * Sat Sep 17 2022 Evgeny Sinelnikov <sin@altlinux> 1.1.12-alt1 polkit - PolicyKit Authorization Framework * Thu Feb 08 2024 Valery Inozemtsev <shrek@altlinux> 0.120-alt3 - new subpackage polkit-default-rules containing 50-default.rules * Tue Dec 05 2023 Valery Inozemtsev <shrek@altlinux> 0.120-alt2 python3-module-os-ken - A component-based software defined networking framework for OpenStack * Thu Feb 15 2024 Ilfat Aminov <aminov@altlinux> 2.6.0-alt2.p10 - AutoReqProv: yes * Fri Jan 26 2024 Ilfat Aminov <aminov@altlinux> 2.6.0-alt1.p10 resolv_wrapper - A wrapper for dns name resolving or dns faking * Fri Mar 24 2023 Evgeny Sinelnikov <sin@altlinux> 1.1.8-alt2 - Fix cmocka >= 1.1.6 find_package() * Fri Mar 24 2023 Evgeny Sinelnikov <sin@altlinux> 1.1.8-alt1 - Fix issues with glibc >= 2.34 * Thu Jan 27 2022 Evgeny Sinelnikov <sin@altlinux> 1.1.7-alt2 - Fix detection of a fully seperate libresolv. With glibc 2.24 all res_ symbols moved from libresolv to libc, so only DNS faking avaialble now. * Wed Apr 28 2021 Arseny Maslennikov <arseny@altlinux> 1.1.7-alt1.1 rpm-macros-features - RPM macros to check if can build with a feature * Sun Feb 18 2024 Vitaly Lipatov <lav@altlinux> 20240217-alt0.p10.1 - add if_notfeature - add python3, wine features * Tue Feb 06 2024 Vitaly Lipatov <lav@altlinux> 20240206-alt0.p10.1 samba - The Samba4 CIFS and AD client and server suite [32M] * Tue Jan 16 2024 Evgeny Sinelnikov <sin@altlinux> 4.19.4-alt1 - Update to stable release of Samba 4.19 - Fixes from upstream: + net changesecretpw cannot set the machine account password if secrets.tdb is empty (Samba#13577). + Following intermediate abolute share-local symlinks is broken (Samba#15505). ctdb RELEASE_IP causes a crash in release_ip if a connection to a non-public address disconnects first (Samba#15523). + shadow_copy2 broken when current fileset's directories are removed (Samba#15544). + 'force user = localunixuser' doesn't work if 'allow trusted domains = no' is set (Samba#15469). + smbget: debug logging doesn't work (Samba#15525), username in the smburl and interactive password entry doesn't work (Samba#15532), auth function doesn't set values for password prompt correctly (Samba#15538). + Unable to copy and write files from clients to Ceph cluster via SMB Linux gateway with Ceph VFS module (Samba#15440). + Multichannel refresh network information (Samba#15547). * Tue Dec 12 2023 Evgeny Sinelnikov <sin@altlinux> 4.19.3-alt2 - Replace samba service pam config to samba-common due regression with password authentication in security = user mode with obey pam restrictions = yes. * Tue Dec 05 2023 Evgeny Sinelnikov <sin@altlinux> 4.19.3-alt1 - Update to stable release of Samba 4.19 with fixes of the Samba CVE for Deleted Object tombstones visible in AD LDAP to normal users (CVE-2018-14628). - Security fixes: + CVE-2018-14628: Wrong ntSecurityDescriptor values for "CN=Deleted Objects" allow read of object tombstones over LDAP (Administrator action required!) https://www.samba.org/samba/security/CVE-2018-14628.html * Mon Nov 06 2023 Evgeny Sinelnikov <sin@altlinux> 4.19.2-alt1 - Update to stable release of Samba 4.19 with latest bugfixes and new features: + Migrated smbget to use common command line parser. This has some advantages as you get all the feature it provides like Kerberos authentication. The support for smbgetrc has been removed. + gpupdate changes: The libgpo.get_gpo_list function has been deprecated in favor of an implementation written in python, connects to Active Directory using the SamDB module, instead of ADS (which is what libgpo uses). + Improved winbind logging and a new tool for parsing the winbind logs. Winbind logs (if smb.conf 'winbind debug traceid = yes' is set) contain new trace header fields 'traceid' and 'depth'. + AD database prepared to Functional Level 2016 standards for new domains. While Samba still provides only Functional Level 2008R2 by default, Samba as an AD DC will now, in provision ensure that the blank database is already prepared for Functional Level 2016, with AD Schema 2019. + Kerberos Claims, Authentication Silos and NTLM authentication policies. The primary limitation is that while Samba can read and write claims in the directory, and populate the PAC, Samba does not yet use them for access control decisions. + Improved KDC Auditing now provides Samba-style JSON audit logging of all issued Kerberos tickets, including if they would fail a policy that is not yet enforced. Additionally most failures are audited. + Kerberos Armoring (FAST) Support for Windows clients. In domains where the domain controller functional level is set to 2012, 2012_R2 or 2016, Windows clients will, if configured via GPO, use FAST to protect user passwords between (in particular) a workstation and the KDC on the AD DC. This is a significant security improvement, as weak passwords in an AS-REQ are no longer available for offline attack. + Claims compression in the AD PAC. Samba as an AD DC will compress "AD claims" using the same compression algorithm as Microsoft Windows. + Resource SID compression in the AD PAC. Samba as an AD DC will now correctly populate the various PAC group membership buffers, splitting global and local groups correctly. + Resource Based Constrained Delegation (RBCD) support in both MIT and Heimdal. Samba 4.17 added to samba-tool delegation the 'add-principal' and 'del-principal' subcommands in order to manage RBCD, and the database changes made by these tools are now honoured by the Heimdal KDC once Samba is upgraded. + New samba-tool support for silos, claims, sites and subnets. samba-tool can now list, show, add and manipulate Authentication Silos (silos) and Active Directory Authentication Claims (claims). + Updated Heimdal import. Samba's Heimdal branch (known as lorikeet-heimdal) has been updated to the current pre-8.0 (master) tree from upstream Heimdal, ensuring that this vendored copy, included in our release remains as close as possible to the current upstream code. + Revocation support in Heimdal KDC for PKINIT certificates. Samba will now correctly honour the revocation of 'smart card' certificates used for PKINIT Kerberos authentication. + Require encrypted connection to modify unicodePwd on the AD DC. + Samba AD TLS Certificates can be reloaded. The TLS certificates used for Samba's AD DC LDAP server were previously only read on startup, and this meant that when then expired it was required to restart Samba, disrupting service to other users (smbcontrol ldap_server reload-certs). * Wed Nov 01 2023 Evgeny Sinelnikov <sin@altlinux> 4.18.8-alt1 - Update to maintenance release of Samba 4.18 with latest bugfixes and new features: + SMB Server performance improvements. The locking overhead for contended path based operations is reduced by an additional factor of ~ 3 compared to 4.17. + More succinct samba-tool error messages. + Accessing the old samba-tool messages with full Python stack trace by using the argument '-d3'. + New samba-tool dsacl subcommand for deleting ACES + Colour output with samba-tool --color and + No colour with NO_COLOR environment variable + New wbinfo option --change-secret-at which forces the trust account password to be changed at a specified domain controller. + New option acl_xattr:security_acl_name to change the NT ACL default protected location security.NTACL not accessible from normal users outside of Samba. + New option server addresses as per-share parameter to limit share visibility and accessibility to specific server IP addresses. This option can offer a different set of shares per interface. + Azure Active Directory / Office365 synchronisation improvements with the Azure AD Connect cloud sync tool which now supported for password hash synchronisation, allowing Samba AD Domains to synchronise passwords with this popular cloud environment. * Sun Oct 22 2023 Evgeny Sinelnikov <sin@altlinux> 4.17.12-alt2 Note: changelog entry for 4.17.12-alt4 not found. socket_wrapper - A library passing all socket communications through Unix sockets * Fri Oct 20 2023 Evgeny Sinelnikov <sin@altlinux> 1.4.2-alt1 - Fixed LFS issues on 32bit platforms - Fixed issue with fnctl() on 32bit - Added openat64() to detect stale fds * Fri Mar 24 2023 Evgeny Sinelnikov <sin@altlinux> 1.4.0-alt3 - Fix cmocka >= 1.1.6 find_package() * Fri Mar 24 2023 Evgeny Sinelnikov <sin@altlinux> 1.4.0-alt2 - Skip test_syscall_swrap for arm archicture * Fri Mar 24 2023 Evgeny Sinelnikov <sin@altlinux> 1.4.0-alt1 - Added support for sendmmsg()/recvmmsg() - Added support for handling close, recvmmsg and sendmmsg syscalls - Added support to interact with uid_wrapper syscall() - Improved IP address tracing output - Inject O_LARGEFILE as needed on 32bit - pkgconfig: Fix path to libsocket_wrapper.so - Fix -Wcast-qual warnings - Fix dclose(RTLD_NEXT) * Fri Mar 24 2023 Evgeny Sinelnikov <sin@altlinux> 1.3.4-alt2 sssd - System Security Services Daemon * Wed Jan 17 2024 Evgeny Sinelnikov <sin@altlinux> 2.9.4-alt1 - Update to latest 2.9 major release in long-term maintenance (LTM) phase. - Fixes from upstream: + A crash when PAM passkey processing incorrectly handles non-passkey data. + A workaround was implemented to handle gracefully misbehaving applications that destroy internal state of SSSD client librarires. + An error when rotating KCM's logs was fixed. + Group membership handling when members are coming from different forest domains and using ldap token groups is prohibited. + Files provider was erroneously taking into consideration local_auth_policy config option, thus breaking smartcard authentication of local user in setups that didn't explicitly specify this option. * Mon Nov 20 2023 Evgeny Sinelnikov <sin@altlinux> 2.9.3-alt1 uid_wrapper - A wrapper for privilege separation * Fri Mar 24 2023 Evgeny Sinelnikov <sin@altlinux> 1.3.0-alt3 - Fix cmocka >= 1.1.6 find_package() * Fri Mar 24 2023 Evgeny Sinelnikov <sin@altlinux> 1.3.0-alt2 - Skip test_syscall_swrap for arm archicture * Fri Mar 24 2023 Evgeny Sinelnikov <sin@altlinux> 1.3.0-alt1 - Added support to interact with socket_wrapper syscall() - Fixed deadlocks with threads - Improved log output * Sun Feb 27 2022 Evgeny Sinelnikov <sin@altlinux> 1.2.9-alt1 - Update to latest release with support for getgroups_chk() * Wed Apr 28 2021 Arseny Maslennikov <arseny@altlinux> 1.2.8-alt1.1 Total 18722 source packages.
reply other threads:[~2024-02-21 0:16 UTC|newest] Thread overview: [no followups] expand[flat|nested] mbox.gz Atom feed
Reply instructions: You may reply publicly to this message via plain-text email using any one of the following methods: * Save the following mbox file, import it into your mail client, and reply-to-all from there: mbox Avoid top-posting and favor interleaved quoting: https://en.wikipedia.org/wiki/Posting_style#Interleaved_style * Reply using the --to, --cc, and --in-reply-to switches of git-send-email(1): git send-email \ --in-reply-to=ZdVA932ft7beRGT/@beehive.mskdc.altlinux.org \ --to=qa@altlinux.org \ --cc=devel@lists.altlinux.org \ --cc=sisyphus-cybertalk@lists.altlinux.org \ /path/to/YOUR_REPLY https://kernel.org/pub/software/scm/git/docs/git-send-email.html * If your mail client supports setting the In-Reply-To header via mailto: links, try the mailto: link
ALT Linux Sisyphus cybertalk This inbox may be cloned and mirrored by anyone: git clone --mirror http://lore.altlinux.org/sisyphus-cybertalk/0 sisyphus-cybertalk/git/0.git # If you have public-inbox 1.1+ installed, you may # initialize and index your mirror using the following commands: public-inbox-init -V2 sisyphus-cybertalk sisyphus-cybertalk/ http://lore.altlinux.org/sisyphus-cybertalk \ sisyphus-cybertalk@lists.altlinux.org sisyphus-cybertalk@lists.altlinux.ru sisyphus-cybertalk@lists.altlinux.com public-inbox-index sisyphus-cybertalk Example config snippet for mirrors. Newsgroup available over NNTP: nntp://lore.altlinux.org/org.altlinux.lists.sisyphus-cybertalk AGPL code for this site: git clone https://public-inbox.org/public-inbox.git