It think it's not critical to have a backport of https://github.com/heimdal/heimdal/commit/b1e699103f08d6a0ca46a122193c9da65f6cf837 See https://lists.samba.org/archive/samba-technical/2017-August/122422.html for the related discussion. But if we do a security release we can just include this.
Created attachment 13514 [details] Possible patch for master
As it's not important we defer this to after 4.7.0
My view: We should revoke the security property of this bug. Until we have the SID filtering, our inter-forest trusts are only for forests we totally trust, so this is not a security issue. It should be fixed before SID filtering is announced as a feature.
G'Day Metze, Any chance you can look into pushing this into master. It is already disclosed in Heimdal and we should try to catch up. I'm still of the view that all our forests are 100% trusted, if that helps.
This bug was referenced in samba master: 7e961f3f7a815960ae25377d5b7515184d439690
This bug was referenced in samba v4-15-test: dc768d84f0210ab9d7bbdc84dae24d23a31dedfe
This bug was referenced in samba v4-14-test: 45cd642a45669619b23ecec7f0735dfe9804bb99
This bug was referenced in samba v4-14-stable (Release samba-4.14.9): 45cd642a45669619b23ecec7f0735dfe9804bb99
This bug was referenced in samba v4-15-stable (Release samba-4.15.1): dc768d84f0210ab9d7bbdc84dae24d23a31dedfe
This bug was referenced in samba v4-13-test: f7d6826afeafaae83a0164e8713c672e297eab6a
This bug was referenced in samba v4-13-stable (Release samba-4.13.13): f7d6826afeafaae83a0164e8713c672e297eab6a