The annotated tag, samba-4.14.10 has been created
        at  2830e8cf78ec658f8991a166405f8f440aa54877 (tag)
   tagging  9312b1832e5a808a63fc7f9e7d6e70348cc9eb86 (commit)
  replaces  ldb-2.3.2
 tagged by  Jule Anger
        on  Mon Nov 8 12:43:13 2021 +0100

- Log -----------------------------------------------------------------
samba: tag release samba-4.14.10
-----BEGIN PGP SIGNATURE-----

iQIzBAABCgAdFiEEgfXigyvSVFoYl7cTqplEL7aAtiAFAmGJDVEACgkQqplEL7aA
tiCXug//fHd/TfSXjTSF+f/NYxZuJM4KTYqmBao+aGL4WTbqrWog9ctqW9D5LGBC
NuqjKt+p4lR095xD0TFuUH65e6vATt4B6bV2rV50rf5tOB/crLFmxVicmd+avyvY
hU2Bxn9Lbdh840Z3vr5FQRj1P2OqgqVd3WPTS90D/OitEpvoNBtIksC55YbPX13R
r8iFj7I4gKcykEA0g3Rcy+JDEHwNx8yJEO575UEnW6bQEnJp10WUnPplN+jPEW62
ChehnrM6Mz1QqL/pZh3MJzrVqj2UxZ6I3PHoetBQrMAS41crtgxvgsx6WjulK69X
ImgjAG0RRDSsTz8xRpvAfiskNanXzFGcWM2L+lHqNnr54+BahI4iCCQH/ynK1fVk
EPLO5B5myC+bZBc1vY9g4nxorO5feWO8EyEl9Ft4oHAr+0gHWEeKBKuivt0kAe/C
aNv4JTa2iYdhVuTr9LdipKT1XJwQlVaD07q3ClQhFwNtriMWMDIEkgaUzelmHiMq
4oGF9bJ2IaE5dkhmmcfmrZLRb2q8aFfWR6oexPhcWbB3ntRiSeiAhhjJJgfyKjDG
SFxtB7P26wvmcX0UJKAMdwr00NjO61WsWXgcun0ejZxHpvDfB9Cej0jyB/Awt81X
2pGuhqAGyNlMyzS2dXiYYAvyleIhTzot/NoOWvwNDU2uL7B4tEY=
=49xf
-----END PGP SIGNATURE-----

Alexander Bokovoy (1):
      CVE-2020-25717: Add FreeIPA domain controller role

Andreas Schneider (13):
      CVE-2020-25717 selftest: Pass down the machine account name to 
provision_ad_member
      CVE-2020-25717 selftest: Only set netbios aliases for the ad_member env
      CVE-2020-25719 mit-samba: Make ks_get_principal() internally public
      CVE-2020-25719 mit-samba: Add ks_free_principal()
      CVE-2020-25719 mit-samba: If we use client_princ, always lookup the db 
entry
      CVE-2020-25719 mit-samba: Add mit_samba_princ_needs_pac()
      CVE-2020-25719 mit-samba: Handle no DB entry in mit_samba_get_pac()
      CVE-2020-25719 mit-samba: Rework PAC handling in 
kdb_samba_db_sign_auth_data()
      CVE-2020-25719 mit_samba: The samba_princ_needs_pac check should be on 
the server entry
      CVE-2020-25719 mit_samba: Create the talloc context earlier
      CVE-2020-25719 s4:kdc: Remove trailing spaces in pac-glue.c
      CVE-2020-25719 s4:kdc: Add samba_kdc_validate_pac_blob()
      CVE-2020-25719 s4:kdc: Check if the pac is valid before updating it

Andrew Bartlett (55):
      CVE-2020-25722 selftest: Move self.assertRaisesLdbError() to 
samba.tests.TestCase
      CVE-2020-25722 selftest: Modernise user_account_control.py tests use a 
common self.OU
      CVE-2020-25722 selftest: Use addCleanup rather than tearDown in 
user_account_control.py
      CVE-2020-25722 pydsdb: Add API to return strings of known UF_ flags
      CVE-2020-25722 selftest: Use @DynamicTestCase in user_account_control 
test_uac_bits_unrelated_modify()
      CVE-2020-25722 selftest: Replace internal loop in test_uac_bits_add() 
using @DynamicTestClass
      CVE-2020-25722 selftest: Replace internal loop in test_uac_bits_set() 
using @DynamicTestClass
      CVE-2020-25722 selftest: Update user_account_control tests to pass 
against Windows 2019
      CVE-2020-25722 selftest: Use self.assertRaisesLdbError() in 
user_account_control.py test
      CVE-2020-25722 dsdb: Tests for our known set of privileged attributes
      CVE-2020-25722 dsdb: Move krbtgt password setup after the point of 
checking if any passwords are changed
      CVE-2020-25722 dsdb: Restrict the setting of privileged attributes during 
LDAP add/modify
      CVE-2020-25722 selftest: Extend priv_attrs test - work around 
UF_NORMAL_ACCOUNT rules on Windows 2019 (requires |UF_PASSWD_NOTREQD or a 
password) - extend to also cover the sensitive UF_TRUSTED_FOR_DELEGATION
      CVE-2020-25722 selftest: Test combinations of account type and 
objectclass for creating a user
      CVE-2020-25722 selftest: allow for future failures in 
BindTests.test_virtual_email_account_style_bind
      CVE-2020-25722 selftest: Catch possible errors in 
PasswordSettingsTestCase.test_pso_none_applied()
      CVE-2020-25722 selftest: Catch errors from samdb.modify() in 
user_account_control tests
      CVE-2020-25722 dsdb: objectclass computer becomes UF_WORKSTATION_TRUST by 
default
      CVE-2020-25722 dsdb: Improve privileged and unprivileged tests for 
objectclass/doller/UAC
      CVE-2020-25722 dsdb: Prohibit mismatch between UF_ account types and 
objectclass.
      CVE-2020-25722 selftest/priv_attrs: Mention that these knownfails are OK 
(for now)
      CVE-2020-25722 selftest: Adapt selftest to restriction on swapping 
account types
      CVE-2020-25722 dsdb: samldb_objectclass_trigger() is only called on ADD, 
so remove indentation
      CVE-2020-25722 dsdb: Add restrictions on computer accounts without a 
trailing $
      CVE-2020-25722 selftest: Adapt sam.py test_isCriticalSystemObject to new 
UF_WORKSTATION_TRUST_ACCOUNT default
      CVE-2020-25722 samdb: Fill in isCriticalSystemObject on any account type 
change
      CVE-2020-25722 selftest: Split test_userAccountControl into unit tests
      CVE-2020-25722 selftest: Adjust sam.py 
test_userAccountControl_computer_add_trust to new reality
      CVE-2020-25722 selftest: New objects of objectclass=computer are 
workstations by default now
      CVE-2020-25722 selftest: Adapt sam.py test to 
userAccountControl/objectclass restrictions
      CVE-2020-25722 selftest: adapt ldap.py/sam.py test_all tests to new 
default computer behaviour
      CVE-2020-25722 selftest: Allow self.assertRaisesLdbError() to take a list 
of errors to match with
      CVE-2020-25722 selftest/user_account_control: Allow a broader set of 
possible errors
      CVE-2020-25722 selftest/user_account_control: more work to cope with 
UAC/objectclass defaults and lock
      CVE-2020-25721 krb5pac: Add new buffers for samAccountName and objectSID
      CVE-2020-25722 Check all elements in acl_check_spn() not just the first 
one
      CVE-2020-25722 Check for all errors from acl_check_extended_right() in 
acl_check_spn()
      CVE-2020-25718 kdc: Remove unused samba_kdc_get_pac_blob()
      CVE-2020-25718 s4-rpc_server: Change sid list functions to operate on a 
array of struct dom_sid
      CVE-2020-25718 s4-rpc_server: Obtain the user tokenGroups earlier
      CVE-2020-25718 s4-rpc_server: Put RODC reveal/never reveal logic into a 
single helper function
      CVE-2020-25718 s4-rpc_server: Put msDS-KrbTgtLinkBL and 
UF_INTERDOMAIN_TRUST_ACCOUNT RODC checks in common
      CVE-2020-25718 s4-rpc_server: Confirm that the RODC has the 
UF_PARTIAL_SECRETS_ACCOUNT bit
      CVE-2020-25718 s4-rpc_server: Provide wrapper 
samdb_confirm_rodc_allowed_to_repl_to()
      CVE-2020-25718 s4-rpc_server: Remove unused attributes in RODC check
      CVE-2020-25718 s4-rpc_server: Explain why we use 
DSDB_SEARCH_SHOW_EXTENDED_DN in RODC access check
      CVE-2020-25718 s4-rpc_server: Add in debug messages into RODC processing
      CVE-2020-25718 dsdb: Bring sid_helper.c into common code as rodc_helper.c
      CVE-2020-25718 kdc: Confirm the RODC was allowed to issue a particular 
ticket
      CVE-2020-25719 kdc: Avoid races and multiple DB lookups in s4u2self check
      CVE-2020-25721 auth: Fill in the new HAS_SAM_NAME_AND_SID values
      CVE-2020-25722 Ensure the structural objectclass cannot be changed
      CVE-2020-25722 kdc: Do not honour a request for a 3-part SPN (ending in 
our domain/realm) unless a DC
      Revert "CVE-2020-25719 heimdal:kdc: Require authdata to be present"
      CVE-2020-25719 selftest: Always expect a PAC in TGS replies with Heimdal

Douglas Bagnall (35):
      CVE-2020-25722 pytests: add reverse lookup dict for LDB error codes
      CVE-2020-25722 pytest: assertRaisesLdbError invents a message if you're 
lazy
      CVE-2020-25722 s4/dsdb/cracknames: always free tmp_ctx in spn_alias
      CVE-2020-25722 s4/cracknames: lookup_spn_alias doesn't need krb5 context
      CVE-2020-25722 samba-tool spn: accept -H for database url
      CVE-2020-25722 samba-tool spn add: remove --force option
      CVE-2020-25722 tests: blackbox samba-tool spn non-admin test
      CVE-2020-25722 s4/provision: add host/ SPNs at the start
      CVE-2020-25722 blackbox/upgrades tests: ignore SPN for ldapcmp
      CVE-2020-25722 pytest: test sAMAccountName/userPrincipalName over ldap
      CVE-2020-25722 pytest: test setting servicePrincipalName over ldap
      CVE-2020-25722 s4/cracknames: add comment pointing to samldb spn handling
      CVE-2020-25722 s4/dsdb/samldb: add samldb_get_single_valued_attr() helper
      CVE-2020-25722 s4/dsdb/samldb: unique_attr_check uses 
samldb_get_single_valued_attr()
      CVE-2020-25722 s4/dsdb/samldb: check for clashes in UPNs/samaccountnames
      CVE-2020-25722 s4/dsdb/samldb: check sAMAccountName for illegal characters
      CVE-2020-25722 s4/dsdb/samldb: check for SPN uniqueness, including aliases
      CVE-2020-25722 s4/dsdb/samldb: reject SPN with too few/many components
      CVE-2020-25722 s4/dsdb modules: add dsdb_get_expected_new_values()
      CVE-2020-25722 s4/dsdb/samldb: samldb_get_single_valued_attr() check all 
values
      CVE-2020-25722 s4/dsdb/samldb: samldb_sam_accountname_valid_check() check 
all values
      CVE-2020-25722 s4/dsdb/samldb: samldb_schema_add_handle_linkid() checks 
all values
      CVE-2020-25722 s4/dsdb/samldb: samldb_schema_add_handle_mapiid() checks 
all values
      CVE-2020-25722 s4/dsdb/samldb: samldb_prim_group_change() checks all 
values
      CVE-2020-25722 s4/dsdb/samldb: samldb_user_account_control_change() 
checks all values
      CVE-2020-25722 s4/dsdb/samldb _user_account_control_change() always add 
final value
      CVE-2020-25722 s4/dsdb/samldb: samldb_pwd_last_set_change() checks all 
values
      CVE-2020-25722 s4/dsdb/samldb: samldb_lockout_time() checks all values
      CVE-2020-25722 s4/dsdb/samldb: samldb_group_type_change() checks all 
values
      CVE-2020-25722 s4/dsdb/samldb: samldb_service_principal_names_change 
checks values
      CVE-2020-25722 s4/dsdb/samldb: samldb_fsmo_role_owner_check checks values
      CVE-2020-25722 s4/dsdb/samldb: samldb_fsmo_role_owner_check() wants one 
value
      CVE-2020-25722 s4/dsdb/pwd_hash: password_hash_bypass gets all values
      CVE-2020-25722 s4/dsdb/pwd_hash: rework pwdLastSet bypass
      CVE-2020-25722 s4/dsdb/util: remove unused dsdb_get_single_valued_attr()

Joseph Sutton (64):
      CVE-2020-17049 tests/krb5: Check account name and SID in PAC for S4U tests
      CVE-2020-25722 dsdb: Add tests for modifying objectClass, 
userAccountControl and sAMAccountName
      CVE-2020-25718 tests/krb5: Allow tests accounts to replicate to RODC
      CVE-2020-25719 CVE-2020-25717 tests/krb5: Modify get_service_ticket() to 
use _generic_kdc_exchange()
      CVE-2020-25719 CVE-2020-25717 tests/krb5: Add pac_request parameter to 
get_service_ticket()
      CVE-2020-25722 tests/krb5: Allow creating server accounts
      CVE-2020-25719 tests/krb5: Add is_tgt() helper method
      CVE-2020-25719 tests/krb5: Add method to get unique username for test 
accounts
      MS CVE-2020-17049 tests/krb5: Allow tests to pass if ticket signature 
checksum type is wrong
      CVE-2020-25721 tests/krb5: Check PAC buffer types when STRICT_CHECKING=0
      CVE-2020-25719 CVE-2020-25717 tests/krb5: Refactor 
create_ccache_with_user() to take credentials of target service
      CVE-2020-25719 CVE-2020-25717 tests/krb5: Allow create_ccache_with_user() 
to return a ticket without a PAC
      CVE-2020-25722 tests/krb5: Add KDC tests for 3-part SPNs
      CVE-2020-25721 ndrdump: Add tests for PAC with UPN_DNS_INFO
      CVE-2020-25719 tests/krb5: Add tests for requiring and issuing a PAC
      CVE-2020-25719 tests/krb5: Add a test for making an S4U2Self request 
without a PAC
      CVE-2020-25719 tests/krb5: Add principal aliasing test
      CVE-2020-25718 tests/krb5: Add tests for RODC-printed and invalid TGTs
      CVE-2020-25719 tests/krb5: Add tests for including authdata without a PAC
      CVE-2020-25721 tests/krb5: Add tests for extended PAC_UPN_DNS_INFO PAC 
buffer
      CVE-2020-25719 CVE-2020-25717 tests/krb5: Adapt tests for connecting 
without a PAC to new error codes
      CVE-2020-25722 Add test for SPN deletion followed by addition
      CVE-2020-25722 s4:dsdb:tests: Add missing self.fail() calls
      CVE-2020-25722 selftest: Adapt ldap.py tests to new objectClass 
restrictions
      CVE-2020-25718 tests/krb5: Fix indentation
      CVE-2020-25719 krb5pac.idl: Add PAC_ATTRIBUTES_INFO PAC buffer type
      CVE-2020-25719 krb5pac.idl: Add PAC_REQUESTER_SID PAC buffer type
      CVE-2020-25719 tests/krb5: Provide expected parameters for both AS-REQs 
in get_tgt()
      CVE-2020-25719 tests/krb5: Allow update_pac_checksums=True if the PAC is 
not present
      CVE-2020-25719 tests/krb5: Don't expect a kvno for user-to-user
      CVE-2020-25719 tests/krb5: Expect 'renew-till' element when renewing a TGT
      CVE-2020-25719 tests/krb5: Return ticket from _tgs_req()
      CVE-2020-25719 tests/krb5: Use correct credentials for user-to-user tests
      CVE-2020-25719 tests/krb5: Adjust PAC tests to prepare for new 
PAC_ATTRIBUTES_INFO buffer
      CVE-2020-25719 tests/krb5: Adjust expected error codes for user-to-user 
tests
      CVE-2020-25719 tests/krb5: tests/krb5: Adjust expected error code for 
S4U2Self no-PAC tests
      CVE-2020-25719 tests/krb5: Extend _get_tgt() method to allow more 
modifications to tickets
      CVE-2020-25719 tests/krb5: Add _modify_tgt() method for modifying already 
obtained tickets
      CVE-2020-25719 tests/krb5: Add testing for PAC_TYPE_ATTRIBUTES_INFO PAC 
buffer
      CVE-2020-25719 tests/krb5: Add testing for PAC_TYPE_REQUESTER_SID PAC 
buffer
      CVE-2020-25719 tests/krb5: Add EXPECT_PAC environment variable to expect 
pac from all TGS tickets
      CVE-2020-25719 tests/krb5: Add expected parameters to cache key for 
obtaining tickets
      CVE-2020-25719 tests/krb5: Add tests for PAC attributes buffer
      CVE-2020-25719 tests/krb5: Add tests for PAC-REQUEST padata
      CVE-2020-25719 tests/krb5: Add tests for requester SID PAC buffer
      CVE-2020-25719 tests/krb5: Add test for user-to-user with no sname
      CVE-2020-25719 tests/krb5: Add tests for mismatched names with 
user-to-user
      CVE-2020-25719 s4/torture: Expect additional PAC buffers
      CVE-2020-25722 pytest: Raise an error when adding a dynamic test that 
would overwrite an existing test
      CVE-2020-25719 s4:kdc: Add KDC support for PAC_ATTRIBUTES_INFO PAC buffer
      CVE-2020-25719 heimdal:kdc: Require authdata to be present
      CVE-2020-25718 kdc: Return ERR_POLICY if RODC krbtgt account is invalid
      CVE-2020-25719 s4:kdc: Add KDC support for PAC_REQUESTER_SID PAC buffer
      CVE-2020-25719 heimdal:kdc: Check return code
      CVE-2020-25719 heimdal:kdc: Move fetching krbtgt entry to before enctype 
selection
      CVE-2020-25719 heimdal:kdc: Use sname from request rather than 
user-to-user TGT client name
      CVE-2020-25719 heimdal:kdc: Check name in request against name in 
user-to-user TGT
      CVE-2020-25719 heimdal:kdc: Verify PAC in TGT provided for user-to-user 
authentication
      CVE-2020-25719 heimdal:kdc: Require PAC to be present
      CVE-2020-25718 tests/krb5: Only fetch RODC account credentials when 
necessary
      CVE-2020-25719 tests/krb5: Add tests for using a ticket with a renamed 
account
      CVE-2020-25718 heimdal:kdc: Add comment about tests for tickets of users 
not revealed to an RODC
      CVE-2020-25722 selftest: Add test for duplicate servicePrincipalNames on 
an add operation
      CVE-2020-25722 selftest: Ensure check for duplicate servicePrincipalNames 
is not bypassed for an add operation

Jule Anger (2):
      WHATSNEW: Add release notes for Samba 4.14.10.
      VERSION: Disable GIT_SNAPSHOT for the 4.14.10 release.

Nadezhda Ivanova (2):
      CVE-2020-25722: s4-acl: test Control Access Rights honor the Applies-to 
attribute
      CVE-2020-25722: s4-acl: Make sure Control Access Rights honor the 
Applies-to attribute

Ralph Boehme (1):
      CVE-2020-25717: s3:auth: remove fallbacks in smb_getpwnam()

Samuel Cabrero (4):
      CVE-2020-25717: loadparm: Add new parameter "min domain uid"
      CVE-2020-25717: selftest: Add ad_member_no_nss_wb environment
      CVE-2020-25717: selftest: Add a test for the new 'min domain uid' 
parameter
      CVE-2020-25717: s3:auth: Check minimum domain uid

Stefan Metzmacher (48):
      CVE-2020-25719 selftest/knownfail_mit_kdc: Add pointless knownfail to 
allow a later cherry-pick to apply cleanly
      CVE-2020-25719 CVE-2020-25717 tests/krb5: Add tests for connecting to 
services anonymously and without a PAC
      CVE-2020-25719 CVE-2020-25717: selftest: remove "gensec:require_pac" 
settings
      CVE-2020-25717: s3:winbindd: make sure we default to r->out.authoritative 
= true
      CVE-2020-25717: s4:auth/ntlm: make sure auth_check_password() defaults to 
r->out.authoritative = true
      CVE-2020-25717: s4:torture: start with authoritative = 1
      CVE-2020-25717: s4:smb_server: start with authoritative = 1
      CVE-2020-25717: s4:auth_simple: start with authoritative = 1
      CVE-2020-25717: s3:ntlm_auth: start with authoritative = 1
      CVE-2020-25717: s3:torture: start with authoritative = 1
      CVE-2020-25717: s3:rpcclient: start with authoritative = 1
      CVE-2020-25717: s3:auth: start with authoritative = 1
      CVE-2020-25717: auth/ntlmssp: start with authoritative = 1
      CVE-2020-25717: s3:auth: let auth3_generate_session_info_pac() forward 
the low level errors
      CVE-2020-25717: s3:auth: we should not try to autocreate the guest account
      CVE-2020-25717: s3:auth: no longer let check_account() autocreate local 
users
      CVE-2020-25717: s3:lib: add lp_allow_trusted_domains() logic to 
is_allowed_domain()
      CVE-2020-25717: s3:auth: don't let create_local_token depend on 
!winbind_ping()
      CVE-2020-25719 CVE-2020-25717: auth/gensec: always require a PAC in 
domain mode (DC or member)
      CVE-2020-25719 CVE-2020-25717: s4:auth: remove unused 
auth_generate_session_info_principal()
      CVE-2020-25717: s3:ntlm_auth: fix memory leaks in 
ntlm_auth_generate_session_info_pac()
      CVE-2020-25717: s3:ntlm_auth: let ntlm_auth_generate_session_info_pac() 
base the name on the PAC LOGON_INFO only
      CVE-2020-25717: s3:auth: let auth3_generate_session_info_pac() delegate 
everything to make_server_info_wbcAuthUserInfo()
      CVE-2020-25717: selftest: configure 'ktest' env with winbindd and 
idmap_autorid
      CVE-2020-25717: s3:auth: let auth3_generate_session_info_pac() reject a 
PAC in standalone mode
      CVE-2020-25717: s3:auth: simplify get_user_from_kerberos_info() by 
removing the unused logon_info argument
      CVE-2020-25717: s3:auth: simplify make_session_info_krb5() by removing 
unused arguments
      CVE-2020-25722 pytests: Give computer accounts unique (and valid) 
sAMAccountNames and SPNs
      CVE-2021-23192: dcesrv_core: add better debugging to 
dcesrv_fault_disconnect()
      CVE-2021-23192: dcesrv_core: add dcesrv_fault_disconnect0() that skips 
DCERPC_PFC_FLAG_DID_NOT_EXECUTE
      CVE-2021-23192: python/tests/dcerpc: change assertNotEquals() into 
assertNotEqual()
      CVE-2021-23192: python/tests/dcerpc: let generate_request_auth() use 
g_auth_level in all places
      CVE-2021-23192: python/tests/dcerpc: fix do_single_request(send_req=False)
      CVE-2021-23192: python/tests/dcerpc: add tests to check how security 
contexts relate to fragmented requests
      CVE-2021-23192: dcesrv_core: only the first fragment specifies the 
auth_contexts
      CVE-2016-2124: s4:libcli/sesssetup: don't fallback to non spnego 
authentication if we require kerberos
      CVE-2016-2124: s3:libsmb: don't fallback to non spnego authentication if 
we require kerberos
      CVE-2021-3738 s4:torture/drsuapi: don't pass DsPrivate to test_DsBind()
      CVE-2021-3738 s4:torture/drsuapi: maintain priv->dc_credentials
      CVE-2021-3738 s4:torture/drsuapi: maintain priv->admin_credentials
      CVE-2021-3738 s4:torture/drsuapi: DsBindAssocGroup* tests
      CVE-2021-3738 auth_util: avoid talloc_tos() in copy_session_info()
      CVE-2021-3738 s4:rpc_server/common: provide assoc_group aware 
dcesrv_samdb_connect_as_{system,user}() helpers
      CVE-2021-3738 s4:rpc_server/drsuapi: make use of assoc_group aware 
dcesrv_samdb_connect_as_*() helpers
      CVE-2021-3738 s4:rpc_server/dnsserver: make use of 
dcesrv_samdb_connect_as_user() helper
      CVE-2021-3738 s4:rpc_server/lsa: make use of 
dcesrv_samdb_connect_as_user() helper
      CVE-2021-3738 s4:rpc_server/netlogon: make use of 
dcesrv_samdb_connect_as_*() helper
      CVE-2021-3738 s4:rpc_server/samr: make use of dcesrv_samdb_connect_as_*() 
helper

Volker Lendecke (9):
      CVE-2020-25717 auth3: Simplify check_samba4_security()
      CVE-2020-25717 auth: Simplify DEBUG statements in 
make_auth3_context_for_ntlm()
      CVE-2020-25717 auth4: Make auth_anonymous pseudo-async
      CVE-2020-25717 auth4: Make auth_developer pseudo-async
      CVE-2020-25717 auth4: Make auth_unix pseudo-async
      CVE-2020-25717 auth4: Make auth_sam pseudo-async
      CVE-2020-25717 auth4: Remove sync check_password from auth_operations
      CVE-2021-23192 rpc: Give dcerpc_util.c its own header
      CVE-2021-23192 librpc: Remove the gensec dependency from library 
dcerpc-binding

-----------------------------------------------------------------------


-- 
Samba Shared Repository

Reply via email to