+ ==============================
+ Release Notes for Samba 3.0.35
+ June, 23 2009
+ ==============================
+
+
+This is a security release in order to address CVE-2009-1888.
+
+ o CVE-2009-1888:
+ In Samba 3.0.31 to 3.3.5 (inclusive), an uninitialized read of a
+ data value can potentially affect access control when "dos filemode"
+ is set to "yes".
+
+
+######################################################################
+Changes
+#######
+
+Changes since 3.0.34
+--------------------
+
+
+o Jeremy Allison <jra@samba.org>
+ * Fix for CVE-2009-1888.
+
+
+######################################################################
+Reporting bugs & Development Discussion
+#######################################
+
+Please discuss this release on the samba-technical mailing list or by
+joining the #samba-technical IRC channel on irc.freenode.net.
+
+If you do report problems then please try to send high quality
+feedback. If you don't provide vital information to help us track down
+the problem then you will probably be ignored. All bug reports should
+be filed under the Samba 3.0 product in the project's Bugzilla
+database (https://bugzilla.samba.org/).
+
+
+======================================================================
+== Our Code, Our Bugs, Our Responsibility.
+== The Samba Team
+======================================================================
+
+
+Release notes for older releases follow:
+-------------------------------------------------
+
+ ==============================
+ Release Notes for Samba 3.0.34
+ January, 20 2009
+ ==============================
+
+
+This is a bug fix release of the Samba 3.0 series.
+
+Major enhancements included in Samba 3.0.34 are:
+
+ o Fix update of machine account passwords.
+ o Fix SMB signing issue on Windows Vista with MS Hotfix KB955302.
+ o Fix Winbind crashes.
+ o Correctly detect if the current dc is the closest one.
+ o Add saf_join_store() function to memorize the dc used at join time.
+ This avoids problems caused by replication delays shortly after domain
+ joins.
+ o Fix write list in setups using "security = share".
+
+
+######################################################################
+Changes
+#######
+
+Changes since 3.0.33
+--------------------
+
+
+o Michael Adam <obnox@samba.org>
+ * Fix linking cifs.upcall when nscd_flush_cache() is found.
+ * Fix smbd hanging on Solaris when winbindd closes socket.
+ * Use the reconnect methods instead of the rpc methods directly.
+
+
+o Jeremy Allison <jra@samba.org>
+ * BUG 1254: Fix write list in setups using "security = share".
+ * BUG 5052: Not work cancel inheritance on share.
+ * BUG 5729: Explicitly allow "-valid" parameter.
+ * BUG 5737: Fix Winbind crash in an unusual failure mode.
+ * BUG 5750: Fix SMB signing issue on Windows Vista with MS Hotfix KB955302.
+ * BUG 5751: Backport to fix showing of ACLson DFS with smbclient.
+ * BUG 5790: Fix returning STATUS_OBJECT_NAME_NOT_FOUND on set file
+ disposition call.
+ * BUG 5814: Fix core dump of Winbind while doing "rescan_trusted_domain".
+ * BUG 5873: Fix ACL inheritance.
+ * BUG 5914: Fix build failure (redefinition of struct name_list).
+ * BUG 5937: Fix filenames with "*" char hiding other files.
+ * BUG 6019: File corruption in Clustered SMB/NFS environment
+ managed via CTDB.
+ * BUG 6035: Fix possible race between fcntl F_SETLKW and alarm delivery.
+ * Remove unecessary msync.
+ * Rename cifs.spnego to cifs.upcall.
+ * Fix segfault when execution cifs.upcall without any arguments.
+ * Ensure we emit the notify message before renaming the open files.
+ * Fix use of DLIST_REMOVE.
+ * Cope with bad trans2mkdir requests from System in QNTC IBM SMB client.
+ * Fix memory leak in error path.
+ * Fix logic bug introduced in backport of ccache_regain_all_now.
+
+
+o Kai Blin <kai@samba.org>
+ * Reformat the WBFLAGS defines to prepare for adding a new flag.
+ * Put huge NTLMv2 blobs into extra_data on CRAP auth.
+
+
+o Günther Deschner <gd@samba.org>
+ * BUG 5710: Fix update of machine account passwords.
+ * Define NET_SRVPWSET2 call.
+ * Net should just use machine account creds when changing passwords.
+ * Fix net_io_q_srv_pwset2.
+
+
+o Carsten Dumke <carsten@cdumke.de>
+ * BUG 5892: Fix documentation of net rap printq info.
+
+
+o Dina Fine <dina@exanet.com>
+ * BUG 5908: Fix failing of internal change notify on share directory.
+
+
+o Steve French <stevef@smf-t60p.smfdom>
+ * Fix compile warning in cifs.upcall.
+ * Fix cifs.upcall manpage and comments.
+
+
+o Jeff Layton <jlayton@redhat.com>
+ * Build cifs.upcall by default on Linux.
+ * Fix negatively instantiate keys on error in cifs.upcall.
+ * Handle handle MSKRB5 OID properly in cifs.upcall.
+ * Bump SPNEGO msg version number and don't reject old versions in
+ cifs.upcall.
+ * Fix several problems when mounting subdirectories of shares in
+ mount.cifs.
+ * Don't prompt for password on krb5 mounts in mount.cifs.
+ * Have uppercase_string return success on NULL pointer in mount.cifs.
+ * Make return codes match the return codes for /bin/mount in mount.cifs.
+ * Use lock/unlock_mtab scheme from util-linux-ng mount prog.
+
+
+o Volker Lendecke <vl@samba.org>
+ * BUG 5965: Fix creation of the first share using SWAT.
+ * Fix bug triggered by the RAW-SAMBA3OPLOCKLOGOFF test.
+
+
+o David Leonard <David.Leonard@quest.com>
+ * BUG 4516: No IPv6 on Solaris 2.6.
+
+
+o Igor Mammedov <niallain@gmail.com>
+ * Add support for cifs.spnego helper into configure and Makefile.in.
+ * Add checks for spnego prereq keyutils.h and kerberos in configure.in.
+ * Add helper source for handling cifs kernel module upcall for kerberos
+ authorization.
+ * Add -c option to set service prefix to "cifs" in service principal by
+ default service prefix "host" is used.
+ * Add support for cifs.resolver upcall.
+
+
+o Stefan Metzmacher <metze@samba.org>
+ * Correctly detect if the current dc is the closest one.
+ * For CLDAP we need to use get_sorted_dc_list() to avoid recursion.
+ * Add fallback to return all dcs, when none is available in the requested
+ site.
+ * Add saf_join_store() function to memorize the dc used at join time.
+ * Return an error instead of crashing when no realm is given.
+ * Handle the SMB signing states the same in the krb5 and ntlmssp cases.
+
+
+o Andreas Schneider <mail@cynapses.org>
+ * Delete the krb5 ccname variable from the PAM environment if set.
+ * Fix the build of pam_winbind.
+ * Fix circular dependency error with autoconf 2.6.3.
+
+
+o Simo Sorce <idra@samba.org>
+ * Fix an ifdef check.
+ * Fix warning.
+
+
+o Yasuma Takeda <yasuma@osstech.co.jp>
+ * BUG 5909: Fix MS-DFS links inlcuding multibyte characters on Vista.
+
+
+o Andrew Tridgell <tridge@samba.org>
+ * Avoid a race condition in glibc between AIO and setresuid().
+ * Become root for AIO operations.
+
+
+o Bo Yang <boyang@novell.com>
+ * Don't set child->requests to NULL in parent after fork.
+ * Backport of the clean event context after fork and krb5
+ refresh chain fixes.
+ * Fix null pointer refrence in event context in backport from v3-3-test.
+
+
+o Qiao Yang <geoyang@ironport.com>
+ * Fix a memleak.
+
+
+######################################################################
+Reporting bugs & Development Discussion
+#######################################
+
+Please discuss this release on the samba-technical mailing list or by
+joining the #samba-technical IRC channel on irc.freenode.net.
+
+If you do report problems then please try to send high quality
+feedback. If you don't provide vital information to help us track down
+the problem then you will probably be ignored. All bug reports should
+be filed under the Samba 3.0 product in the project's Bugzilla
+database (https://bugzilla.samba.org/).
+
+
+======================================================================
+== Our Code, Our Bugs, Our Responsibility.
+== The Samba Team
+======================================================================
+
+
+
+
+ ==============================
+ Release Notes for Samba 3.0.33
+ November, 27 2008
+ ==============================
+
+
+This is a security release in order to address CVE-2008-4314 ("Potential leak of
+arbitrary memory contents").
+
+ o CVE-2008-4314
+ Samba 3.0.29 to 3.2.4 can potentially leak
+ arbitrary memory contents to malicious
+ clients.
+
+The original security announcement for this and past advisories can
+be found http://www.samba.org/samba/security/
+
+######################################################################
+Changes
+#######
+
+Changes since 3.0.32
+--------------------
+
+
+o Volker Lendecke <vl@samba.org>
+ * Fix for CVE-2008-4314.
+
+
+ --------------------------------------------------
+ ===============================
+ Release Notes for Samba 3.0.32
+ Aug 25, 2008
+ ===============================
+
+This is a bug fix release of the Samba 3.0 production series
+and is the version that servers should be run for all current
+Samba 3.0 bug fixes.
+
+User visible bug fixes in this release include:
+
+ o Prevent crash bug in Winbind caused by a race condition
+ when a child process becomes unresponsive.
+ o Fix interactive password prompting in the "net" command.
+ o Documentation clarifications and typographical fixes.
+
+
+######################################################################
+Changes
+#######
+
+Changes since 3.0.31
+--------------------
+
+o Michael Adam <obnox@samba.org>
+ * Docs fix for "password server" parameter.
+ * Fix IPC connections with interactive password prompt.
+
+
+o Jeremy Allison <jra@samba.org>
+ * BUG 5697: nmbd spins in reload_interfaces when only loopback
+ exists.
+ * Don't re-initialize a token when we already have one.
+
+
+o Gerald (Jerry) Carter <jerry@samba.org>
+ * When returning NSS_UNAVAIL from libnss_winbind, squash errno
+ to ENOENT.
+
+
+o Volker Lendecke <vl@samba.org>
+ * Fix a race condition in winbind leading to a crash.
+
+
+o Jim McDonough <jmcd@samba.org>
+ * Correct interaction between Winbind log files and the
+ "log file" smb.conf parameter upon a reload.
+
+
+o Karolin Seeger <kseeger@samba.org>
+ * Fix scope description of the "printcap name" parameter in
+ smb.conf(5).
+ * Fix typos in smbclient man page.
+
+
+o Bo Yang <boyang@novell.com>
+ * Allow %u parameters for print job username.
+
+
+o Christoph Zauner <christoph.zauner@sernet.de>
+ * Corrections to various man pages.
+
+
+ --------------------------------------------------
+ ===============================
+ Release Notes for Samba 3.0.31
+ July 10, 2008
+ ===============================
+
+This is a bug fix release of the Samba 3.0 production series
+and is the version that servers should be run for all current
+Samba 3.0 bug fixes.
+
+User visible bug fixes in this release include:
+
+ o Correct issues with running Winbind running on a Samba PDC.
+ o Problems with trusted Windows 2008 domains.
+ o Difficulty joining an NT4 or Windows 2000 AD domain.
+
+
+######################################################################
+Changes
+#######
+
+Changes since 3.0.30
+--------------------
+
+o Jeremy Allison <jra@samba.org>
+ * BUG 5504: Fix SIGTERM handling in Winbind children so that they
+ do not remove the unix domain socket used to field client requests.
+ * Split the winbindd_passdb backend into a 'builtin' and a 'sam'
+ backend.
+ * When allocating client buffers for large read/write - make sure we
+ take account of the large read/write SMB headers as well as the buffer
+ space.
+ * Memory leak fixes in DC location code.
+ * BUG 5533: Winbindd fails to cope correctly with a workgroup name
+ containing a '.'
+ * BUG 5555: Don't return NT_STATUS_PASSWORD_MUST_CHANGE error on machine
+ account logon.
+ * BUG 5551: smbd recursing back into winbindd from a winbindd call.
+ * Fix usage message for "net rpc trustdom add".
+ * Ensure consistent use of pdb_get_nt_passwd instead of pdb_get_lanman_passwd.
+ * BUG 5578: Bad (non-Samba) use of strlcat gives error.
+ * Canonicalize servername in the printer functions to remove leading '\\'
+ characters.
+
+
+o Alexander Bokovoy <ab@samba.org>
+ * Documentation build fixes.
+ * [DOCS] Fix use of smbconfoption in samba.entities.
+
+
+o Gerald (Jerry) Carter <jerry@samba.org>
+ * Return NULL in sitename_fetch() if gencache_init() fails.
+
+
+o Steven Danneman <steven.danneman@isilon.com>
+ * Use machine account and machine password from our domain when
+ contacting trusted domains.
+ * SPNEGO SPN fix when contacting trusted domains.
+
+
+o Guenther Deschner <gd@samba.org>
+ * BUG 5285: Fix libcap header mismatch.
+ * Fix joining NT4 domains.
+ * Don't let winbind getgroups crash when we have no gids in the
+ token.
+ * Fallback to level 24 pwd set while joining.
+ * Fix joining w2k domains in "security = ads".
+ * Fix pam_sm_chauthtok for storing modified cached creds.
+
+
+o SATOH Fumiyasu <fumiyas@osstech.co.jp>
+ * BUG 5202: Re-activate "acl group control" parameter and make it
+ only apply to owning group.
+
+
+o <hkurma@datadomain.com>
+ * BUG 5531: Fix conversion of ns units when converting from
+ nttime to timespec.
+
+
+o Volker Lendecke <vl@samba.org>
+ * BUG 4974: Map NT_STATUS_OBJECT_PATH_NOT_FOUND to ENOENT in libsmbclient.
+ * Fix a segfault in base64_encode_data_blob.
+
+
+o William Jojo <jojowil@hvcc.edu>
+ * AIX build fixes.
+
+
+o Herb Lewis <herb@samba.org>
+ * ENODATA is not defined in freeBSD 4.6.2.
+
+
+o Jim McDonough <jmcd@samba.org>
+ * Don't reset password last set time just because the expired flag
+ is set to 0.
+
+
+o Karolin Seeger <kseeger@samba.org>
+ * Fix usage message for 'net idmap dump'.
+ * Miscellaneous man page fixes.
+ * BUG 4203: Samba3-HOWTO: Add improvements/fixes submitted by Pete Boyd.
+
+
+o John H Terpstra <jht@samba.org>
+ * Fixes to man pages.
+ * Add tdb file documentation.
+
+
+o Bo Yang <boyang@novell.com>
+ * Ensure that winbindd trusted domain children keep primary domain online
+ status up to date.
+ * Update cached creds during password change.
+ * Ensure that Winbind always uses set_domain_offline() to mark a domain
+ offline.
+ * Allow authentication and memory credential refresh after password change
+ from gdm/xdm.
+
+
+o Chere Zhou <czhou@isilon.com>
+ * Memory leak fixes.
+
+
+ --------------------------------------------------
===============================
Release Notes for Samba 3.0.30
May 28, 2008
o Karolin Seeger <kseeger@samba.org>
* Remove man pages for ldb tools not included in Samba 3.0.
-
-Release notes for older releases follow:
-
--------------------------------------------------
===============================
-Release notes for older releases follow:
-
- --------------------------------------------------
==============================
Release Notes for Samba 3.0.28
git.samba.org / samba.git / blobdiff