CENTOS BUGZILLA PATCH
I'm going to email Andreas Schneider (he seems to be a packager of Samba in RH) to apply the recent patch and release the new package. # grep libcli/security/dom_sid.h /root/rpmbuild/BUILD/samba-4.10.16/source3/winbindd/idmap_nss.c + /usr/bin/cat /root/rpmbuild/SOURCES/libldb-require-version-1.5.4.patch + /usr/bin/xz -dc /root/rpmbuild/SOURCES/samba-4.10.16.tar.xz
CENTOS BUGZILLA VERIFICATION
Gpgv: Good signature from "Samba Distribution Verification Key " Gpgv: Signature made Mon May 25 11:32:59 2020 MSK using DSA key ID 6568B7EA + xzcat /root/rpmbuild/SOURCES/samba-4.10.16.tar.xz It appears the recent patch ( ) hasn't been applied to CentOS 7 4.10.16-17 package: Subject: CVE-2020-25721 krb5pac: Add new buffers for Subject: CVE-2020-25719 krb5pac.idl: Add PAC_REQUESTER_SID PAC Subject: CVE-2020-25719 krb5pac.idl: Add PAC_ATTRIBUTES_INFO PAC Subject: krb5pac.idl: Add missing buffer type values Subject: security.idl: Add well-known SIDs for FAST
Subject: krb5pac.idl: Add ticket checksum PAC buffer type Subject: CVE-2020-25717: selftest: configure 'ktest' env with Subject: CVE-2020-25717: s3:ntlm_auth: fix memory leaks in Subject: CVE-2020-25717: auth/gensec: always require a PAC in Subject: CVE-2020-25717: Add FreeIPA domain controller role Subject: CVE-2020-25717: s3:auth: don't let create_local_token
Subject: CVE-2020-25717: s3:auth: remove fallbacks in Subject: CVE-2020-25717: s3:auth: no longer let check_account() Subject: CVE-2020-25717: s3:auth: we should not try to Subject: CVE-2020-25717: s3:auth: Check minimum domain uid Subject: CVE-2020-25717: loadparm: Add new parameter "min domain Subject: CVE-2020-25717: auth/ntlmssp: start with authoritative Subject: CVE-2020-25717: s3:auth: start with authoritative = 1 Subject: CVE-2020-25717: s3:rpcclient: start with authoritative Subject: CVE-2020-25717: s3:torture: start with authoritative = Subject: CVE-2020-25717: s3:ntlm_auth: start with authoritative Subject: CVE-2020-25717: s4:smb_server: start with authoritative Subject: CVE-2020-25717: s4:torture: start with authoritative = Subject: CVE-2020-25717: s3:winbindd: make sure we default to Rowland, could you please help me with this? I tried to remove some patches and rebuild but this is very time-consuming and I wasn't able to find the affecting patch yet :(Īlso I'm wondering what 2.33.1 and 2.30.2 mean in the patch file, for example: On 1/10/22 6:21 AM, Alex via samba wrote: