-Release Announcements
-=====================
+ ===============================
+ Release Notes for Samba 4.16.11
+ July 19, 2023
+ ===============================
-This is the fifth release candidate of Samba 4.16. This is *not*
-intended for production environments and is designed for testing
-purposes only. Please report any defects via the Samba bug reporting
-system at https://bugzilla.samba.org/.
-Samba 4.16 will be the next version of the Samba suite.
+This is a security release in order to address the following defects:
+o CVE-2022-2127: When winbind is used for NTLM authentication, a maliciously
+ crafted request can trigger an out-of-bounds read in winbind
+ and possibly crash it.
+ https://www.samba.org/samba/security/CVE-2022-2127.html
-UPGRADING
-=========
+o CVE-2023-34966: An infinite loop bug in Samba's mdssvc RPC service for
+ Spotlight can be triggered by an unauthenticated attacker by
+ issuing a malformed RPC request.
+ https://www.samba.org/samba/security/CVE-2023-34966.html
+
+o CVE-2023-34967: Missing type validation in Samba's mdssvc RPC service for
+ Spotlight can be used by an unauthenticated attacker to
+ trigger a process crash in a shared RPC mdssvc worker process.
+ https://www.samba.org/samba/security/CVE-2023-34967.html
+
+o CVE-2023-34968: As part of the Spotlight protocol Samba discloses the server-
+ side absolute path of shares and files and directories in
+ search results.
+ https://www.samba.org/samba/security/CVE-2023-34968.html
+
+
+Changes since 4.16.10
+---------------------
+
+o Ralph Boehme <slow@samba.org>
+ * BUG 15072: CVE-2022-2127.
+ * BUG 15340: CVE-2023-34966.
+ * BUG 15341: CVE-2023-34967.
+ * BUG 15388: CVE-2023-34968.
+
+o Samuel Cabrero <scabrero@samba.org>
+ * BUG 15072: CVE-2022-2127.
+
+o Volker Lendecke <vl@samba.org>
+ * BUG 15072: CVE-2022-2127.
+
+o Stefan Metzmacher <metze@samba.org>
+ * BUG 15418: Secure channel faulty since Windows 10/11 update 07/2023.
+
+
+#######################################
+Reporting bugs & Development Discussion
+#######################################
+
+Please discuss this release on the samba-technical mailing list or by
+joining the #samba-technical:matrix.org matrix room, or
+#samba-technical IRC channel on irc.libera.chat.
+
+If you do report problems then please try to send high quality
+feedback. If you don't provide vital information to help us track down
+the problem then you will probably be ignored. All bug reports should
+be filed under the Samba 4.1 and newer product in the project's Bugzilla
+database (https://bugzilla.samba.org/).
+
+
+======================================================================
+== Our Code, Our Bugs, Our Responsibility.
+== The Samba Team
+======================================================================
+
+
+Release notes for older releases follow:
+----------------------------------------
+ ===============================
+ Release Notes for Samba 4.16.10
+ March 29, 2023
+ ===============================
+
+
+This is a security release in order to address the following defects:
+
+o CVE-2023-0922: The Samba AD DC administration tool, when operating against a
+ remote LDAP server, will by default send new or reset
+ passwords over a signed-only connection.
+ https://www.samba.org/samba/security/CVE-2023-0922.html
+
+o CVE-2023-0614: The fix in 4.6.16, 4.7.9, 4.8.4 and 4.9.7 for CVE-2018-10919
+ Confidential attribute disclosure via LDAP filters was
+ insufficient and an attacker may be able to obtain
+ confidential BitLocker recovery keys from a Samba AD DC.
+ Installations with such secrets in their Samba AD should
+ assume they have been obtained and need replacing.
+ https://www.samba.org/samba/security/CVE-2023-0614.html
+
+
+Changes since 4.16.9
+--------------------
+
+o Andrew Bartlett <abartlet@samba.org>
+ * BUG 15270: VE-2023-0614.
+ * BUG 15331: ldb wildcard matching makes excessive allocations.
+ * BUG 15332: large_ldap test is inefficient.
+
+o Rob van der Linde <rob@catalyst.net.nz>
+ * BUG 15315: CVE-2023-0922.
+
+o Joseph Sutton <josephsutton@catalyst.net.nz>
+ * BUG 15270: CVE-2023-0614.
+
+
+#######################################
+Reporting bugs & Development Discussion
+#######################################
+
+Please discuss this release on the samba-technical mailing list or by
+joining the #samba-technical:matrix.org matrix room, or
+#samba-technical IRC channel on irc.libera.chat.
+
+If you do report problems then please try to send high quality
+feedback. If you don't provide vital information to help us track down
+the problem then you will probably be ignored. All bug reports should
+be filed under the Samba 4.1 and newer product in the project's Bugzilla
+database (https://bugzilla.samba.org/).
+
+
+======================================================================
+== Our Code, Our Bugs, Our Responsibility.
+== The Samba Team
+======================================================================
+
+
+----------------------------------------------------------------------
+ ==============================
+ Release Notes for Samba 4.16.9
+ February 16, 2023
+ ==============================
+
+
+This is the latest stable release of the Samba 4.16 release series.
+
+
+Changes since 4.16.8
+--------------------
+
+o Jeremy Allison <jra@samba.org>
+ * BUG 14808: smbc_getxattr() return value is incorrect.
+ * BUG 15172: Compound SMB2 FLUSH+CLOSE requests from MacOSX are not handled
+ correctly.
+ * BUG 15210: synthetic_pathref AFP_AfpInfo failed errors.
+ * BUG 15226: samba-tool gpo listall fails IPv6 only - finddcs() fails to find
+ DC when there is only an AAAA record for the DC in DNS.
+ * BUG 15236: smbd crashes if an FSCTL request is done on a stream handle.
+
+o Ralph Boehme <slow@samba.org>
+ * BUG 15299: Spotlight doesn't work with latest macOS Ventura.
+
+o Samuel Cabrero <scabrero@suse.de>
+ * BUG 15240: CVE-2022-38023 [SECURITY] Samba should refuse RC4 (aka md5)
+ based SChannel on NETLOGON.
+
+o Volker Lendecke <vl@samba.org>
+ * BUG 15243: %U for include directive doesn't work for share listing
+ (netshareenum).
+ * BUG 15266: Shares missing from netshareenum response in samba 4.17.4.
+ * BUG 15269: ctdb: use-after-free in run_proc.
+
+o Stefan Metzmacher <metze@samba.org>
+ * BUG 15243: %U for include directive doesn't work for share listing
+ (netshareenum).
+ * BUG 15266: Shares missing from netshareenum response in samba 4.17.4.
+ * BUG 15280: irpc_destructor may crash during shutdown.
+ * BUG 15286: auth3_generate_session_info_pac leaks wbcAuthUserInfo.
+
+o Andreas Schneider <asn@samba.org>
+ * BUG 15268: smbclient segfaults with use after free on an optimized build.
+
+o Andrew Walker <awalker@ixsystems.com>
+ * BUG 15164: Leak in wbcCtxPingDc2.
+ * BUG 15265: Access based share enum does not work in Samba 4.16+.
+ * BUG 15267: Crash during share enumeration.
+ * BUG 15271: rep_listxattr on FreeBSD does not properly check for reads off
+ end of returned buffer.
+
+
+#######################################
+Reporting bugs & Development Discussion
+#######################################
+
+Please discuss this release on the samba-technical mailing list or by
+joining the #samba-technical:matrix.org matrix room, or
+#samba-technical IRC channel on irc.libera.chat.
+
+
+If you do report problems then please try to send high quality
+feedback. If you don't provide vital information to help us track down
+the problem then you will probably be ignored. All bug reports should
+be filed under the Samba 4.1 and newer product in the project's Bugzilla
+database (https://bugzilla.samba.org/).
+
+
+======================================================================
+== Our Code, Our Bugs, Our Responsibility.
+== The Samba Team
+======================================================================
+
+
+----------------------------------------------------------------------
+ ==============================
+ Release Notes for Samba 4.16.8
+ December 15, 2022
+ ==============================
+
+
+This is the latest stable release of the Samba 4.16 release series.
+It also contains security changes in order to address the following defects
+
+o CVE-2022-37966: This is the Samba CVE for the Windows Kerberos
+ RC4-HMAC Elevation of Privilege Vulnerability
+ disclosed by Microsoft on Nov 8 2022.
+
+ A Samba Active Directory DC will issue weak rc4-hmac
+ session keys for use between modern clients and servers
+ despite all modern Kerberos implementations supporting
+ the aes256-cts-hmac-sha1-96 cipher.
+
+ On Samba Active Directory DCs and members
+ 'kerberos encryption types = legacy' would force
+ rc4-hmac as a client even if the server supports
+ aes128-cts-hmac-sha1-96 and/or aes256-cts-hmac-sha1-96.
+
+ https://www.samba.org/samba/security/CVE-2022-37966.html
+
+o CVE-2022-37967: This is the Samba CVE for the Windows
+ Kerberos Elevation of Privilege Vulnerability
+ disclosed by Microsoft on Nov 8 2022.
+
+ A service account with the special constrained
+ delegation permission could forge a more powerful
+ ticket than the one it was presented with.
+
+ https://www.samba.org/samba/security/CVE-2022-37967.html
+
+o CVE-2022-38023: The "RC4" protection of the NetLogon Secure channel uses the
+ same algorithms as rc4-hmac cryptography in Kerberos,
+ and so must also be assumed to be weak.
+
+ https://www.samba.org/samba/security/CVE-2022-38023.html
+
+Note that there are several important behavior changes
+included in this release, which may cause compatibility problems
+interacting with system still expecting the former behavior.
+Please read the advisories of CVE-2022-37966,
+CVE-2022-37967 and CVE-2022-38023 carefully!
+
+samba-tool got a new 'domain trust modify' subcommand
+-----------------------------------------------------
+
+This allows "msDS-SupportedEncryptionTypes" to be changed
+on trustedDomain objects. Even against remote DCs (including Windows)
+using the --local-dc-ipaddress= (and other --local-dc-* options).
+See 'samba-tool domain trust modify --help' for further details.
+
+smb.conf changes
+----------------
+
+ Parameter Name Description Default
+ -------------- ----------- -------
+ allow nt4 crypto Deprecated no
+ allow nt4 crypto:COMPUTERACCOUNT New
+ kdc default domain supported enctypes New (see manpage)
+ kdc supported enctypes New (see manpage)
+ kdc force enable rc4 weak session keys New No
+ reject md5 clients New Default, Deprecated Yes
+ reject md5 servers New Default, Deprecated Yes
+ server schannel Deprecated Yes
+ server schannel require seal New, Deprecated Yes
+ server schannel require seal:COMPUTERACCOUNT New
+ winbind sealed pipes Deprecated Yes
+
+Changes since 4.16.7
+--------------------
+
+o Jeremy Allison <jra@samba.org>
+ * BUG 15224: pam_winbind uses time_t and pointers assuming they are of the
+ same size.
+
+o Andrew Bartlett <abartlet@samba.org>
+ * BUG 14929: CVE-2022-44640 [SECURITY] Upstream Heimdal free of
+ user-controlled pointer in FAST.
+ * BUG 15219: Heimdal session key selection in AS-REQ examines wrong entry.
+ * BUG 15237: CVE-2022-37966.
+ * BUG 15258: filter-subunit is inefficient with large numbers of knownfails.
+
+o Ralph Boehme <slow@samba.org>
+ * BUG 15240: CVE-2022-38023.
+ * BUG 15252: smbd allows setting FILE_ATTRIBUTE_TEMPORARY on directories.
+
+o Stefan Metzmacher <metze@samba.org>
+ * BUG 13135: The KDC logic arround msDs-supportedEncryptionTypes differs from
+ Windows.
+ * BUG 14611: CVE-2021-20251 [SECURITY] Bad password count not incremented
+ atomically.
+ * BUG 15203: CVE-2022-42898 [SECURITY] krb5_pac_parse() buffer parsing
+ vulnerability.
+ * BUG 15219: Heimdal session key selection in AS-REQ examines wrong entry.
+ * BUG 15230: Memory leak in snprintf replacement functions.
+ * BUG 15237: CVE-2022-37966.
+ * BUG 15240: CVE-2022-38023.
+ * BUG 15253: RODC doesn't reset badPwdCount reliable via an RWDC
+ (CVE-2021-20251 regression).
+
+o Noel Power <noel.power@suse.com>
+ * BUG 15224: pam_winbind uses time_t and pointers assuming they are of the
+ same size.
+
+o Andreas Schneider <asn@samba.org>
+ * BUG 15237: CVE-2022-37966.
+ * BUG 15243: %U for include directive doesn't work for share listing
+ (netshareenum).
+ * BUG 15257: Stack smashing in net offlinejoin requestodj.
+
+o Joseph Sutton <josephsutton@catalyst.net.nz>
+ * BUG 15197: Windows 11 22H2 and Samba-AD 4.15 Kerberos login issue.
+ * BUG 15219: Heimdal session key selection in AS-REQ examines wrong entry.
+ * BUG 15231: CVE-2022-37967.
+ * BUG 15237: CVE-2022-37966.
+
+o Nicolas Williams <nico@twosigma.com>
+ * BUG 14929: CVE-2022-44640 [SECURITY] Upstream Heimdal free of
+ user-controlled pointer in FAST.
+
+
+#######################################
+Reporting bugs & Development Discussion
+#######################################
+
+Please discuss this release on the samba-technical mailing list or by
+joining the #samba-technical:matrix.org matrix room, or
+#samba-technical IRC channel on irc.libera.chat.
+
+
+If you do report problems then please try to send high quality
+feedback. If you don't provide vital information to help us track down
+the problem then you will probably be ignored. All bug reports should
+be filed under the Samba 4.1 and newer product in the project's Bugzilla
+database (https://bugzilla.samba.org/).
+
+
+======================================================================
+== Our Code, Our Bugs, Our Responsibility.
+== The Samba Team
+======================================================================
+
+
+----------------------------------------------------------------------
+ ==============================
+ Release Notes for Samba 4.16.7
+ November 15, 2022
+ ==============================
+
+
+This is a security release in order to address the following defects:
+
+o CVE-2022-42898: Samba's Kerberos libraries and AD DC failed to guard against
+ integer overflows when parsing a PAC on a 32-bit system, which
+ allowed an attacker with a forged PAC to corrupt the heap.
+ https://www.samba.org/samba/security/CVE-2022-42898.html
+
+Changes since 4.16.6
+--------------------
+
+o Joseph Sutton <josephsutton@catalyst.net.nz>
+ * BUG 15203: CVE-2022-42898
+
+o Nicolas Williams <nico@twosigma.com>
+ * BUG 15203: CVE-2022-42898
+
+
+#######################################
+Reporting bugs & Development Discussion
+#######################################
+
+Please discuss this release on the samba-technical mailing list or by
+joining the #samba-technical:matrix.org matrix room, or
+#samba-technical IRC channel on irc.libera.chat.
+
+
+If you do report problems then please try to send high quality
+feedback. If you don't provide vital information to help us track down
+the problem then you will probably be ignored. All bug reports should
+be filed under the Samba 4.1 and newer product in the project's Bugzilla
+database (https://bugzilla.samba.org/).
+
+
+======================================================================
+== Our Code, Our Bugs, Our Responsibility.
+== The Samba Team
+======================================================================
+
+
+----------------------------------------------------------------------
+ ==============================
+ Release Notes for Samba 4.16.6
+ October 25, 2022
+ ==============================
+
+
+This is a security release in order to address the following defect:
+
+o CVE-2022-3437: There is a limited write heap buffer overflow in the GSSAPI
+ unwrap_des() and unwrap_des3() routines of Heimdal (included
+ in Samba).
+ https://www.samba.org/samba/security/CVE-2022-3437.html
+
+Changes since 4.16.5
+---------------------
+
+o Joseph Sutton <josephsutton@catalyst.net.nz>
+ * BUG 15134: CVE-2022-3437.
+
+
+#######################################
+Reporting bugs & Development Discussion
+#######################################
+
+Please discuss this release on the samba-technical mailing list or by
+joining the #samba-technical:matrix.org matrix room, or
+#samba-technical IRC channel on irc.libera.chat.
+
+If you do report problems then please try to send high quality
+feedback. If you don't provide vital information to help us track down
+the problem then you will probably be ignored. All bug reports should
+be filed under the Samba 4.1 and newer product in the project's Bugzilla
+database (https://bugzilla.samba.org/).
+
+
+======================================================================
+== Our Code, Our Bugs, Our Responsibility.
+== The Samba Team
+======================================================================
+
+
+----------------------------------------------------------------------
+ ==============================
+ Release Notes for Samba 4.16.5
+ September 07, 2022
+ ==============================
+
+
+This is the latest stable release of the Samba 4.16 release series.
+
+
+Changes since 4.16.4
+--------------------
+
+o Jeremy Allison <jra@samba.org>
+ * BUG 15128: Possible use after free of connection_struct when iterating
+ smbd_server_connection->connections.
+
+o Ralph Boehme <slow@samba.org>
+ * BUG 15086: Spotlight RPC service returns wrong response when Spotlight is
+ disabled on a share.
+ * BUG 15126: acl_xattr VFS module may unintentionally use filesystem
+ permissions instead of ACL from xattr.
+ * BUG 15153: Missing SMB2-GETINFO access checks from MS-SMB2 3.3.5.20.1.
+ * BUG 15161: assert failed: !is_named_stream(smb_fname)") at
+ ../../lib/util/fault.c:197.
+
+o Stefan Metzmacher <metze@samba.org>
+ * BUG 15148: Missing READ_LEASE break could cause data corruption.
+
+o Andreas Schneider <asn@samba.org>
+ * BUG 15124: rpcclient can crash using setuserinfo(2).
+ * BUG 15132: Samba fails to build with glibc 2.36 caused by including
+ <sys/mount.h> in libreplace.
+
+o Joseph Sutton <josephsutton@catalyst.net.nz>
+ * BUG 15152: SMB1 negotiation can fail to handle connection errors.
+
+o Michael Tokarev <mjt@tls.msk.ru>
+ * BUG 15078: samba-tool domain join segfault when joining a samba ad domain.
+
+
+#######################################
+Reporting bugs & Development Discussion
+#######################################
+
+Please discuss this release on the samba-technical mailing list or by
+joining the #samba-technical:matrix.org matrix room, or
+#samba-technical IRC channel on irc.libera.chat.
+
+
+If you do report problems then please try to send high quality
+feedback. If you don't provide vital information to help us track down
+the problem then you will probably be ignored. All bug reports should
+be filed under the Samba 4.1 and newer product in the project's Bugzilla
+database (https://bugzilla.samba.org/).
+
+
+======================================================================
+== Our Code, Our Bugs, Our Responsibility.
+== The Samba Team
+======================================================================
+
+
+----------------------------------------------------------------------
+ ==============================
+ Release Notes for Samba 4.16.4
+ July 27, 2022
+ ==============================
+
+
+This is a security release in order to address the following defects:
+
+o CVE-2022-2031: Samba AD users can bypass certain restrictions associated with
+ changing passwords.
+ https://www.samba.org/samba/security/CVE-2022-2031.html
+
+o CVE-2022-32744: Samba AD users can forge password change requests for any user.
+ https://www.samba.org/samba/security/CVE-2022-32744.html
+
+o CVE-2022-32745: Samba AD users can crash the server process with an LDAP add
+ or modify request.
+ https://www.samba.org/samba/security/CVE-2022-32745.html
+
+o CVE-2022-32746: Samba AD users can induce a use-after-free in the server
+ process with an LDAP add or modify request.
+ https://www.samba.org/samba/security/CVE-2022-32746.html
+
+o CVE-2022-32742: Server memory information leak via SMB1.
+ https://www.samba.org/samba/security/CVE-2022-32742.html
+
+Changes since 4.16.3
+--------------------
+
+o Jeremy Allison <jra@samba.org>
+ * BUG 15085: CVE-2022-32742.
+
+o Andrew Bartlett <abartlet@samba.org>
+ * BUG 15009: CVE-2022-32746.
+
+o Andreas Schneider <asn@samba.org>
+ * BUG 15047: CVE-2022-2031.
+
+o Joseph Sutton <josephsutton@catalyst.net.nz>
+ * BUG 15008: CVE-2022-32745.
+ * BUG 15009: CVE-2022-32746.
+ * BUG 15047: CVE-2022-2031.
+ * BUG 15074: CVE-2022-32744.
+
+
+#######################################
+Reporting bugs & Development Discussion
+#######################################
+
+Please discuss this release on the samba-technical mailing list or by
+joining the #samba-technical:matrix.org matrix room, or
+#samba-technical IRC channel on irc.libera.chat.
+
+If you do report problems then please try to send high quality
+feedback. If you don't provide vital information to help us track down
+the problem then you will probably be ignored. All bug reports should
+be filed under the Samba 4.1 and newer product in the project's Bugzilla
+database (https://bugzilla.samba.org/).
+
+
+======================================================================
+== Our Code, Our Bugs, Our Responsibility.
+== The Samba Team
+======================================================================
+
+
+----------------------------------------------------------------------
+ ==============================
+ Release Notes for Samba 4.16.3
+ July 18, 2022
+ ==============================
+
+
+This is the latest stable release of the Samba 4.16 release series.
+
+
+Changes since 4.16.2
+--------------------
+
+o Jeremy Allison <jra@samba.org>
+ * BUG 15099: Using vfs_streams_xattr and deleting a file causes a panic.
+
+o Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
+ * BUG 14986: Add support for bind 9.18.
+ * BUG 15076: logging dsdb audit to specific files does not work.
+
+o Samuel Cabrero <scabrero@samba.org>
+ * BUG 14979: Problem when winbind renews Kerberos.
+ * BUG 15095: Samba with new lorikeet-heimdal fails to build on gcc 12.1 in
+ developer mode.
+
+o Volker Lendecke <vl@samba.org>
+ * BUG 15105: Crash in streams_xattr because fsp->base_fsp->fsp_name is NULL.
+ * BUG 15118: Crash in rpcd_classic - NULL pointer deference in
+ mangle_is_mangled().
+
+o Noel Power <noel.power@suse.com>
+ * BUG 15100: smbclient commands del & deltree fail with
+ NT_STATUS_OBJECT_PATH_NOT_FOUND with DFS.
+
+o Christof Schmitt <cs@samba.org>
+ * BUG 15120: Fix check for chown when processing NFSv4 ACL.
+
+o Andreas Schneider <asn@samba.org>
+ * BUG 15082: The pcap background queue process should not be stopped.
+ * BUG 15097: testparm: Fix typo in idmap rangesize check.
+ * BUG 15106: net ads info returns LDAP server and LDAP server name as null.
+ * BUG 15108: ldconfig: /lib64/libsmbconf.so.0 is not a symbolic link.
+
+o Martin Schwenke <martin@meltin.net>
+ * BUG 15090: CTDB child process logging does not work as expected.
+
+
+#######################################
+Reporting bugs & Development Discussion
+#######################################
+
+Please discuss this release on the samba-technical mailing list or by
+joining the #samba-technical:matrix.org matrix room, or
+#samba-technical IRC channel on irc.libera.chat.
+
+If you do report problems then please try to send high quality
+feedback. If you don't provide vital information to help us track down
+the problem then you will probably be ignored. All bug reports should
+be filed under the Samba 4.1 and newer product in the project's Bugzilla
+database (https://bugzilla.samba.org/).
+
+
+======================================================================
+== Our Code, Our Bugs, Our Responsibility.
+== The Samba Team
+======================================================================
+
+
+----------------------------------------------------------------------
+ ==============================
+ Release Notes for Samba 4.16.2
+ June 13, 2022
+ ==============================
+
+
+This is the latest stable release of the Samba 4.16 release series.
+
+
+Changes since 4.16.1
+--------------------
+
+o Jeremy Allison <jra@samba.org>
+ * BUG 15042: Use pathref fd instead of io fd in vfs_default_durable_cookie.
+
+o Ralph Boehme <slow@samba.org>
+ * BUG 15069: vfs_gpfs with vfs_shadowcopy2 fail to restore file if original
+ file had been deleted.
+
+o Samuel Cabrero <scabrero@samba.org>
+ * BUG 15087: netgroups support removed.
+
+o Samuel Cabrero <scabrero@suse.de>
+ * BUG 14674: net ads info shows LDAP Server: 0.0.0.0 depending on contacted
+ server.
+
+o Volker Lendecke <vl@samba.org>
+ * BUG 15062: Update from 4.15 to 4.16 breaks discovery of [homes] on
+ standalone server from Win and IOS.
+
+o Stefan Metzmacher <metze@samba.org>
+ * BUG 15071: waf produces incorrect names for python extensions with Python
+ 3.11.
+
+o Noel Power <noel.power@suse.com>
+ * BUG 15075: smbclient -E doesn't work as advertised.
+
+o Andreas Schneider <asn@samba.org>
+ * BUG 15071: waf produces incorrect names for python extensions with Python
+ 3.11.
+ * BUG 15081: The samba background daemon doesn't refresh the printcap cache
+ on startup.
+
+o Robert Sprowson <webpages@sprow.co.uk>
+ * BUG 14443: Out-by-4 error in smbd read reply max_send clamp..
+
+
+#######################################
+Reporting bugs & Development Discussion
+#######################################
+
+Please discuss this release on the samba-technical mailing list or by
+joining the #samba-technical:matrix.org matrix room, or
+#samba-technical IRC channel on irc.libera.chat.
+
+If you do report problems then please try to send high quality
+feedback. If you don't provide vital information to help us track down
+the problem then you will probably be ignored. All bug reports should
+be filed under the Samba 4.1 and newer product in the project's Bugzilla
+database (https://bugzilla.samba.org/).
+
+
+======================================================================
+== Our Code, Our Bugs, Our Responsibility.
+== The Samba Team
+======================================================================
+
+
+----------------------------------------------------------------------
+ ==============================
+ Release Notes for Samba 4.16.1
+ May 02, 2022
+ ==============================
+
+
+This is the latest stable release of the Samba 4.16 release series.
+
+
+Changes since 4.16.0
+--------------------
+
+o Jeremy Allison <jra@samba.org>
+ * BUG 14831: Share and server swapped in smbget password prompt.
+ * BUG 15022: Durable handles won't reconnect if the leased file is written
+ to.
+ * BUG 15023: rmdir silently fails if directory contains unreadable files and
+ hide unreadable is yes.
+ * BUG 15038: SMB2_CLOSE_FLAGS_FULL_INFORMATION fails to return information on
+ renamed file handle.
+
+o Andrew Bartlett <abartlet@samba.org>
+ * BUG 8731: Need to describe --builtin-libraries= better (compare with
+ --bundled-libraries).
+
+o Ralph Boehme <slow@samba.org>
+ * BUG 14957: vfs_shadow_copy2 breaks "smbd async dosmode" sync fallback.
+ * BUG 15035: shadow_copy2 fails listing snapshotted dirs with
+ shadow:fixinodes.
+
+o Samuel Cabrero <scabrero@samba.org>
+ * BUG 15046: PAM Kerberos authentication incorrectly fails with a clock skew
+ error.
+
+o Pavel Filipenský <pfilipen@redhat.com>
+ * BUG 15041: Username map - samba erroneously applies unix group memberships
+ to user account entries.
+
+o Stefan Metzmacher <metze@samba.org>
+ * BUG 14951: KVNO off by 100000.
+
+o Christof Schmitt <cs@samba.org>
+ * BUG 15027: Uninitialized litemask in variable in vfs_gpfs module.
+ * BUG 15055: vfs_gpfs recalls=no option prevents listing files.
+
+o Andreas Schneider <asn@cryptomilk.org>
+ * BUG 15054: smbd doesn't handle UPNs for looking up names.
+
+
+#######################################
+Reporting bugs & Development Discussion
+#######################################
+
+Please discuss this release on the samba-technical mailing list or by
+joining the #samba-technical:matrix.org matrix room, or
+#samba-technical IRC channel on irc.libera.chat.
+
+If you do report problems then please try to send high quality
+feedback. If you don't provide vital information to help us track down
+the problem then you will probably be ignored. All bug reports should
+be filed under the Samba 4.1 and newer product in the project's Bugzilla
+database (https://bugzilla.samba.org/).
+
+
+======================================================================
+== Our Code, Our Bugs, Our Responsibility.
+== The Samba Team
+======================================================================
+
+
+----------------------------------------------------------------------
+ ==============================
+ Release Notes for Samba 4.16.0
+ March 21, 2022
+ ==============================
+
+This is the first stable release of the Samba 4.16 release series.
+Please read the release notes carefully before upgrading.
NEW FEATURES/CHANGES
rpc start on demand helpers Added true
+CHANGES SINCE 4.16.0rc5
+=======================
+
+o Andrew Bartlett <abartlet@samba.org>
+ * BUG 15000: Memory leak in FAST cookie handling.
+
+o Elia Geretto <elia.f.geretto@gmail.com>
+ * BUG 14983: NT_STATUS_ACCESS_DENIED translates into EPERM instead of EACCES
+ in SMBC_server_internal.
+
+o Stefan Metzmacher <metze@samba.org>
+ * BUG 13879: Simple bind doesn't work against an RODC (with non-preloaded
+ users).
+ * BUG 14641: Crash of winbind on RODC.
+ * BUG 15001: LDAP simple binds should honour "old password allowed period".
+ * BUG 15002: S4U2Self requests don't work against servers without FAST
+ support.
+ * BUG 15003: wbinfo -a doesn't work reliable with upn names.
+ * BUG 15005: A cross-realm kerberos client exchanges fail using KDCs with and
+ without FAST.
+ * BUG 15015: PKINIT: hdb_samba4_audit: Unhandled hdb_auth_status=9 =>
+ INTERNAL_ERROR.
+
+o Garming Sam <garming@catalyst.net.nz>
+ * BUG 13879: Simple bind doesn't work against an RODC (with non-preloaded
+ users).
+
+o Andreas Schneider <asn@samba.org>
+ * BUG 15016: Regression: create krb5 conf = yes doesn't work with a single
+ KDC.
+
+o Joseph Sutton <josephsutton@catalyst.net.nz>
+ * BUG 15015: PKINIT: hdb_samba4_audit: Unhandled hdb_auth_status=9 =>
+ INTERNAL_ERROR.
+
+
CHANGES SINCE 4.16.0rc4
=======================