This bug was fixed in the package adsys - 0.9.2~20.04
---------------
adsys (0.9.2~20.04) focal; urgency=medium
* Backport to focal
- Build with Go 1.16
- Move debhelper compat to 12
- Do not recommends ubuntu-advantage-desktop-daemon as it’s not available
on focal yet.
adsys (0.9.2) kinetic; urgency=medium
* Update generators to fix FTBFS
- shell out to mkdir instead of go's os.Mkdir which can bypass fakeroot's
filesystem hijacking and cause unexpected behavior
* Update dependencies to latest:
- github.com/golangci/golangci-lint
- google.golang.org/protobuf
adsys (0.9.1) kinetic; urgency=medium
[ Didier Roche ]
[ Gabriel Nagy ]
* Fix loading policy content from uppercase folders (LP: #1982330)
* Add GSettings power management keys (LP: #1982349)
* Allow parsing policy entries with empty values (LP: #1982342)
* Allow parsing policies with unsupported types (LP: #1982343)
* Allow parsing policy entries with no data (LP: #1982345)
* Lowercase target name when normalizing (LP: #1982347)
* Annotate policies that require Ubuntu Pro (LP: #1982348)
* Update dependencies to latest:
- github.com/spf13/cobra
- github.com/spf13/viper
- github.com/stretchr/testify
- github.com/charmbracelet/bubbletea
- github.com/charmbracelet/bubbles
- google.golang.org/grpc
- github.com/golangci/golangci-lint
- github.com/sirupsen/logrus
adsys (0.9.0) kinetic; urgency=medium
[ Jean-Baptiste Lallement ]
[ Didier Roche ]
[ Gabriel Nagy ]
* Add Active Directory Watch Daemon - adwatchd: (LP: #1982351)
- Implement a Windows daemon that watches a list of configured directories
for changes and bumps the relevant GPT.INI files.
- Add adsys-windows binary package which includes the Windows daemon
executable and the admx/adml policies.
* Config detection now includes current executable directory
* Fixes in generator build race
* Update dependencies to latest:
- github.com/spf13/cobra
- github.com/stretchr/testify
* CI updates:
- switch to Go setup v3
- bump to really build with Golang 1.18
adsys (0.8.6) kinetic; urgency=medium
* Fix new build failures on 32 bits due to libsmbclient-dev no longer sets
the large file support cflags in libsmbclient.h.
Update to latest libsmbclient-go.
* Update dependencies to latest:
- google.golang.org/grpc
- gopkg.in/ini.v1
- github.com/golangci/golangci-lint
- github.com/spf13/viper
- github.com/stretchr/testify
adsys (0.8.5) kinetic; urgency=medium
[ Jean-Baptiste Lallement ]
[ Didier Roche ]
* Rename chapters to be in correct ascii order when viewed online.
Thanks to Anton Drastrup-Fjordbak.
* Include 22.04 in admx/adml for lts only releases. (LP: #1973745)
* Bump embedeed dependencies minor versions for both bug fixes and minor
security enhancements.
* Fix dconf keys not being readable by user after applying policy.
(LP: #1973748)
* Ensure we can execute machine and user scripts:
/run is now noexec on Ubuntu. Ensure that we can execute the scripts in
/run/adsys subdirectories. The scripts mechanism has been reviewed by the
security team, so we can reset them as executable. (LP: #1973751)
* Move integration tests under cmd/adsysd and admxgen binary to cmd/admxgen
to prepare future adwatchd daemon under cmd/ which will be SRUed with an
exception in next update. This is a no-op in the finale deploy binaries,
apart from admxgen which is now using Cobra. This binary though is not
shipped in any package and only used in CI.
* Fix privilege permission which can not be set to disabled. (LP: #1973752)
* Adaptation or new tests for all above changes.
* Add fuzz tests and include new potential crash fixes on invalid files
generated by Windows AD.
* CI fixes and changes (not impacting finale package):
- Move CI to Go 1.18 (package is already building with 1.18 in jammy).
- Fixes due to new github.
- Fix to generate all LTS releases in admx/adml (see above).
adsys (0.8.4) jammy; urgency=medium
* Sync refresh timer with Windows
* Some lint fixes due to Go 1.18
* Fix image reference in documentation
adsys (0.8.3) jammy; urgency=medium
[ Jean-Baptiste Lallement ]
[ Didier Roche ]
* Use ua attached instead of a specific ua feature to gate optional
features.
* Added and updated documentation for privilege escalation and scripts
support.
* New linter version trigger fix.
* Dependencies update for latest bug fixes:
- github.com/golangci/golangci-lint
- github.com/spf13/cobra-1.4.0
- github.com/stretchr/testify-1.7.1
- google.golang.org/protobuf-1.28.0
- google.golang.org/grpc-1.45.0
adsys (0.8.2) jammy; urgency=medium
* Fix flaky "pick up config changes" tests on armhf and arm64
adsys (0.8.1) jammy; urgency=medium
* Change chown logic on script directory and parents to avoid potential
vulnerability. (LP: #1961458)
* Separate readiness from session running to avoid unrefreshed user script
directories after a logout without any new logins.
* pam_adsys: Fix memory leak and identation. (LP: #1961459)
* Adapt to newer samba, while keeping backward compatilibity for CI.
Thanks Michael. (LP: #1962170)
* Try to stabilize configuration detection change test by calling sync() to
sync FHS to disk, and then, hoping we get the inotify update. Seems to fix
flakyness on armhf. (LP: #1962510)
* Enforce closing stderr on ppcel64 in tests with new samba to avoid hangs
in race.
* Fix linting issues discovered by new golangci-lint.
* Misc syntax polish.
* Dependencies update:
- github.com/godbus/dbus/v5
- github.com/golangci/golangci-lint
- gopkg.in/ini.v1
-- Gabriel Nagy <[email protected]> Thu, 04 Aug 2022 12:25:29
+0300
** Changed in: adsys (Ubuntu Focal)
Status: Fix Committed => Fix Released
** Changed in: adsys (Ubuntu Jammy)
Status: Fix Committed => Fix Released
--
You received this bug notification because you are a member of Desktop
Packages, which is subscribed to adsys in Ubuntu.
https://bugs.launchpad.net/bugs/1982342
Title:
Cannot parse policies with empty values
Status in adsys package in Ubuntu:
Fix Released
Status in adsys source package in Focal:
Fix Released
Status in adsys source package in Jammy:
Fix Released
Bug description:
[Impact]
In addition to empty data, some Microsoft policy entries happen to
have empty values as well. See the following entry:
// [key;value;type;size;data]
00000000: 5052 6567 0100 0000 5b00 5300 6f00 6600 PReg....[.S.o.f.
00000010: 7400 7700 6100 7200 6500 5c00 5000 6f00 t.w.a.r.e.\.P.o.
00000020: 6c00 6900 6300 6900 6500 7300 5c00 4d00 l.i.c.i.e.s.\.M.
00000030: 6900 6300 7200 6f00 7300 6f00 6600 7400 i.c.r.o.s.o.f.t.
00000040: 5c00 5300 7900 7300 7400 6500 6d00 4300 \.S.y.s.t.e.m.C.
00000050: 6500 7200 7400 6900 6600 6900 6300 6100 e.r.t.i.f.i.c.a.
00000060: 7400 6500 7300 5c00 4100 4300 5200 5300 t.e.s.\.A.C.R.S.
00000070: 5c00 4300 6500 7200 7400 6900 6600 6900 \.C.e.r.t.i.f.i.
00000080: 6300 6100 7400 6500 7300 0000 3b00 0000 c.a.t.e.s...;...
00000090: 3b00 0000 0000 3b00 0000 0000 3b00 5d00 ;.....;.....;.].
This fails hard when parsing, returning an `empty value` error,
rendering the remaining policies unparsable.
This is a common occurence on Microsoft's policies like the Default
Domain Policy. Even if Ubuntu does not support policy entries with
empty values, we must still be able to parse them in case a Group
Policy has both Ubuntu and non-Ubuntu entries.
[Test Plan]
* Attempt to apply the Default Domain Policy on a client
[Where problems could occur]
Adsys already excluded non-Ubuntu keys before applying policies, so
this change has no impact other than letting all policies be parsed.
If an error occurs in parsing an Ubuntu entry, it will be surfaced
before policies are applied instead of at parsing time.
[Other Info]
This issue was initially reported on GitHub at
https://github.com/ubuntu/adsys/issues/386
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/adsys/+bug/1982342/+subscriptions
--
Mailing list: https://launchpad.net/~desktop-packages
Post to : [email protected]
Unsubscribe : https://launchpad.net/~desktop-packages
More help : https://help.launchpad.net/ListHelp
