Comments

114 Comments

I will take care of the other packages.

karma

Works fine with neovim!

karma

Looks fine.

BZ#2021720 CVE-2020-25719 freeipa: samba: Samba AD DC did not always rely on the SID and PAC in Kerberos tickets [fedora-all]
BZ#2021721 CVE-2020-25722 samba: Samba AD DC did not do suffienct access and conformance checking of data stored [fedora-all]
BZ#2021726 CVE-2021-3738 samba: Use after free in Samba AD DC RPC server
BZ#2021727 CVE-2021-3738 samba: Use after free in Samba AD DC RPC server [fedora-all]
BZ#2021728 CVE-2020-25721 samba: Kerberos acceptors need easy access to stableAD identifiers (eg objectSid)
BZ#2021729 CVE-2020-25721 samba: Kerberos acceptors need easy access to stableAD identifiers (eg objectSid) [fedora-all]
BZ#2019660 CVE-2016-2124 samba: SMB1 client connections can be downgraded to plaintext authentication
BZ#2019666 CVE-2021-23192 samba: Subsequent DCE/RPC fragment injection vulnerability
BZ#2019672 CVE-2020-25717 samba: A user in an AD Domain could become root on domain members
BZ#2019726 CVE-2020-25718 samba: Samba AD DC did not correctly sandbox Kerberos tickets issues by an RODC
BZ#2019732 CVE-2020-25719 samba: Samba AD DC did not always rely on the SID and PAC in Kerberos tickets
BZ#2019764 CVE-2020-25722 samba: Samba AD DC did not do sufficient access and conformance checking of data stored
BZ#2020376 winexe core dumps
BZ#2021625 samba-4.15.2 is available
BZ#2021711 CVE-2016-2124 samba: SMB1 client connections can be downgraded to plaintext authentication [fedora-all]
BZ#2021715 CVE-2021-23192 samba: Subsequent DCE/RPC fragment injection vulnerability [fedora-all]
BZ#2021716 CVE-2020-25717 samba: A user in an AD Domain could become root on domain members [fedora-all]
BZ#2021718 CVE-2020-25718 samba: Samba AD DC did not correctly sandbox Kerberos tickets issues by an RODC [fedora-all]
BZ#2021719 CVE-2020-25719 samba: Samba AD DC did not always rely on the SID and PAC in Kerberos tickets [fedora-all]
karma

Looks fine.

BZ#2019660 CVE-2016-2124 samba: SMB1 client connections can be downgraded to plaintext authentication
BZ#2019666 CVE-2021-23192 samba: Subsequent DCE/RPC fragment injection vulnerability
BZ#2019672 CVE-2020-25717 samba: A user in an AD Domain could become root on domain members
BZ#2019726 CVE-2020-25718 samba: Samba AD DC did not correctly sandbox Kerberos tickets issues by an RODC
BZ#2019732 CVE-2020-25719 samba: Samba AD DC did not always rely on the SID and PAC in Kerberos tickets
BZ#2019764 CVE-2020-25722 samba: Samba AD DC did not do sufficient access and conformance checking of data stored
BZ#2020376 winexe core dumps
BZ#2021625 samba-4.15.2 is available
BZ#2021711 CVE-2016-2124 samba: SMB1 client connections can be downgraded to plaintext authentication [fedora-all]
BZ#2021715 CVE-2021-23192 samba: Subsequent DCE/RPC fragment injection vulnerability [fedora-all]
BZ#2021716 CVE-2020-25717 samba: A user in an AD Domain could become root on domain members [fedora-all]
BZ#2021718 CVE-2020-25718 samba: Samba AD DC did not correctly sandbox Kerberos tickets issues by an RODC [fedora-all]
BZ#2021719 CVE-2020-25719 samba: Samba AD DC did not always rely on the SID and PAC in Kerberos tickets [fedora-all]
BZ#2021720 CVE-2020-25719 freeipa: samba: Samba AD DC did not always rely on the SID and PAC in Kerberos tickets [fedora-all]
BZ#2021721 CVE-2020-25722 samba: Samba AD DC did not do suffienct access and conformance checking of data stored [fedora-all]
BZ#2021726 CVE-2021-3738 samba: Use after free in Samba AD DC RPC server
BZ#2021727 CVE-2021-3738 samba: Use after free in Samba AD DC RPC server [fedora-all]
BZ#2021728 CVE-2020-25721 samba: Kerberos acceptors need easy access to stableAD identifiers (eg objectSid)
BZ#2021729 CVE-2020-25721 samba: Kerberos acceptors need easy access to stableAD identifiers (eg objectSid) [fedora-all]
karma

Looks fine.

BZ#2019660 CVE-2016-2124 samba: SMB1 client connections can be downgraded to plaintext authentication
BZ#2019666 CVE-2021-23192 samba: Subsequent DCE/RPC fragment injection vulnerability
BZ#2019672 CVE-2020-25717 samba: A user in an AD Domain could become root on domain members
BZ#2019726 CVE-2020-25718 samba: Samba AD DC did not correctly sandbox Kerberos tickets issues by an RODC
BZ#2019732 CVE-2020-25719 samba: Samba AD DC did not always rely on the SID and PAC in Kerberos tickets
BZ#2019764 CVE-2020-25722 samba: Samba AD DC did not do sufficient access and conformance checking of data stored
BZ#2021711 CVE-2016-2124 samba: SMB1 client connections can be downgraded to plaintext authentication [fedora-all]
BZ#2021715 CVE-2021-23192 samba: Subsequent DCE/RPC fragment injection vulnerability [fedora-all]
BZ#2021716 CVE-2020-25717 samba: A user in an AD Domain could become root on domain members [fedora-all]
BZ#2021718 CVE-2020-25718 samba: Samba AD DC did not correctly sandbox Kerberos tickets issues by an RODC [fedora-all]
BZ#2021719 CVE-2020-25719 samba: Samba AD DC did not always rely on the SID and PAC in Kerberos tickets [fedora-all]
BZ#2021720 CVE-2020-25719 freeipa: samba: Samba AD DC did not always rely on the SID and PAC in Kerberos tickets [fedora-all]
BZ#2021721 CVE-2020-25722 samba: Samba AD DC did not do suffienct access and conformance checking of data stored [fedora-all]
BZ#2021726 CVE-2021-3738 samba: Use after free in Samba AD DC RPC server
BZ#2021727 CVE-2021-3738 samba: Use after free in Samba AD DC RPC server [fedora-all]
BZ#2021728 CVE-2020-25721 samba: Kerberos acceptors need easy access to stableAD identifiers (eg objectSid)
BZ#2021729 CVE-2020-25721 samba: Kerberos acceptors need easy access to stableAD identifiers (eg objectSid) [fedora-all]
karma

Looks fine

BZ#2019660 CVE-2016-2124 samba: SMB1 client connections can be downgraded to plaintext authentication
BZ#2019666 CVE-2021-23192 samba: Subsequent DCE/RPC fragment injection vulnerability
BZ#2019672 CVE-2020-25717 samba: A user in an AD Domain could become root on domain members
BZ#2019726 CVE-2020-25718 samba: Samba AD DC did not correctly sandbox Kerberos tickets issues by an RODC
BZ#2019732 CVE-2020-25719 samba: Samba AD DC did not always rely on the SID and PAC in Kerberos tickets
BZ#2019764 CVE-2020-25722 samba: Samba AD DC did not do sufficient access and conformance checking of data stored
BZ#2021711 CVE-2016-2124 samba: SMB1 client connections can be downgraded to plaintext authentication [fedora-all]
BZ#2021715 CVE-2021-23192 samba: Subsequent DCE/RPC fragment injection vulnerability [fedora-all]
BZ#2021716 CVE-2020-25717 samba: A user in an AD Domain could become root on domain members [fedora-all]
BZ#2021718 CVE-2020-25718 samba: Samba AD DC did not correctly sandbox Kerberos tickets issues by an RODC [fedora-all]
BZ#2021719 CVE-2020-25719 samba: Samba AD DC did not always rely on the SID and PAC in Kerberos tickets [fedora-all]
BZ#2021720 CVE-2020-25719 freeipa: samba: Samba AD DC did not always rely on the SID and PAC in Kerberos tickets [fedora-all]
BZ#2021721 CVE-2020-25722 samba: Samba AD DC did not do suffienct access and conformance checking of data stored [fedora-all]
BZ#2021726 CVE-2021-3738 samba: Use after free in Samba AD DC RPC server
BZ#2021727 CVE-2021-3738 samba: Use after free in Samba AD DC RPC server [fedora-all]
BZ#2021728 CVE-2020-25721 samba: Kerberos acceptors need easy access to stableAD identifiers (eg objectSid)
BZ#2021729 CVE-2020-25721 samba: Kerberos acceptors need easy access to stableAD identifiers (eg objectSid) [fedora-all]
BZ#2017790 libldb-2.4.1 is available
BZ#2017847 samba-4.15.1 is available

Works for me :-)

karma

:+1:

BZ#1949442 CVE-2021-20254 samba: Negative idmap cache entries can cause incorrect group entries in the Samba file server process token
BZ#1954263 samba-dc gets replaced by samba-common during F33 -> F34 upgrade
BZ#1955011 samba-4.14.4 is available
BZ#1955027 CVE-2021-20254 samba: Negative idmap cache entries can cause incorrect group entries in the Samba file server process token [fedora-all]

This update has been unpushed.

User Icon asn commented & provided feedback on pam-1.4.0-7.fc33 a year ago
karma

The pam_wrapper testsuite with AddressSanitizer passes now!

$ ctest
Test project /home/asn/workspace/projects/pam_wrapper/obj-asan
    Start 1: test_pam_wrapper
1/1 Test #1: test_pam_wrapper .................   Passed    0.02 sec

100% tests passed, 0 tests failed out of 1
BZ#1894630 Memory leak in pam_start()
User Icon asn commented & provided feedback on pam-1.4.0-7.fc33 a year ago

lgtm

BZ#1894630 Memory leak in pam_start()

The libavif API still changes as 0.x versions are pre-releases.

If you can't fix avif support for a package yourself, I would suggest not to enable support for it till version 1.0 is out. It is likely that this will happen again!

If you're up for the task, I can create a build root overwrite if it already expired and we rebuild elf and add it here. Or you disable avif support in elf for f33. How do you want to proceeed?

karma

LGTM

BZ#1849489 CVE-2020-10730 samba: NULL pointer de-reference and use-after-free in Samba AD DC LDAP Server with ASQ, VLV and paged_results
BZ#1849491 CVE-2020-10745 samba: Parsing and packing of NBT and DNS packets can consume excessive CPU
BZ#1849509 CVE-2020-10760 samba: LDAP Use-after-free in Samba AD DC Global Catalog with paged_results and VLV
BZ#1851298 CVE-2020-14303 samba: Empty UDP packet DoS in Samba AD DC nbtd
BZ#1853255 CVE-2020-10730 libldb: samba: NULL pointer de-reference and use-after-free in Samba AD DC LDAP Server with ASQ, VLV and paged_results [fedora-all]
BZ#1853256 CVE-2020-10745 samba: Parsing and packing of NBT and DNS packets can consume excessive CPU [fedora-all]
BZ#1853259 CVE-2020-14303 samba: Empty UDP packet DoS in Samba AD DC nbtd [fedora-all]
BZ#1853276 CVE-2020-10760 samba: LDAP Use-after-free in Samba AD DC Global Catalog with paged_results and VLV [fedora-all]
karma

LGTM

BZ#1849489 CVE-2020-10730 samba: NULL pointer de-reference and use-after-free in Samba AD DC LDAP Server with ASQ, VLV and paged_results
BZ#1849491 CVE-2020-10745 samba: Parsing and packing of NBT and DNS packets can consume excessive CPU
BZ#1849509 CVE-2020-10760 samba: LDAP Use-after-free in Samba AD DC Global Catalog with paged_results and VLV
BZ#1851298 CVE-2020-14303 samba: Empty UDP packet DoS in Samba AD DC nbtd
BZ#1853255 CVE-2020-10730 libldb: samba: NULL pointer de-reference and use-after-free in Samba AD DC LDAP Server with ASQ, VLV and paged_results [fedora-all]
BZ#1853256 CVE-2020-10745 samba: Parsing and packing of NBT and DNS packets can consume excessive CPU [fedora-all]
BZ#1853259 CVE-2020-14303 samba: Empty UDP packet DoS in Samba AD DC nbtd [fedora-all]
BZ#1853276 CVE-2020-10760 samba: LDAP Use-after-free in Samba AD DC Global Catalog with paged_results and VLV [fedora-all]
BZ#1853440 samba-4.12.5 is available

Tested and FIPS selftest works now.

BZ#1835265 GnuTLS FIPS selftest fails on Fedora