==============================
- Release Notes for Samba 3.2.0
- July 1, 2008
+ Release Notes for Samba 3.2.6
+ December 10, 2008
==============================
-This is the first stable release of Samba 3.2.0.
-Please be aware that Samba is now distributed under the version 3
-of the new GNU General Public License. You may refer to the COPYING
-file that accompanies these release notes for further licensing details.
+This is a bug fix release of the Samba 3.2 series.
-Major enhancements in Samba 3.2.0 include:
+Major enhancements included in Samba 3.2.6 are:
- File Serving:
- o Use of IDL generated parsing layer for several DCE/RPC
- interfaces.
- o Removal of the 1024 byte limit on pathnames and 256 byte limit on
- filename components to honor the MAX_PATH setting from the host OS.
- o Introduction of a registry based configuration system.
- o Improved CIFS Unix Extensions support.
- o Experimental support for file serving clusters.
- o Support for IPv6 in the server, and client tools and libraries.
- o Support for storing alternate data streams in xattrs.
- o Encrypted SMB transport in client tools and libraries, and server.
- o Support for Vista clients authenticating via Kerberos.
+ o Fix Winbind crash bugs.
+ o Fix moving of readonly files.
+ o Fix "write list" in setups using "security = share".
+ o Fix access to cups-printers with cups 1.3.4.
+ o Fix timeouts in setups with large groups.
+ o Fix several bugs concerning Alternate Data Streams.
+ o Add new SMB traffic analyzer VFS module.
- Winbind and Active Directory Integration:
- o Full support for Windows 2003 cross-forest, transitive trusts
- and one-way domain trusts.
- o Support for userPrincipalName logons via pam_winbind and NSS
- lookups.
- o Expansion of nested domain groups via NSS calls.
- o Support for Active Directory LDAP Signing policy.
- o New LGPL Winbind client library (libwbclient.so).
- o Support for establishing interdomain trust relationships with
- Windows 2008.
-
- Joining:
- o New NetApi library for domain join related queries (libnetapi.so)
- and example GTK+ Domain join gui.
- o New client and server support for remotely joining and unjoining
- Domains.
- o Support for joining into Windows 2008 domains.
-
- Users & Groups:
- o New ldb backend for local group mapping tables
- o Raised level of security defaults for authentication operations.
- o New NetApi library for user account related queries.
-
-
- Documentation:
- o Inclusion of an HTML version of the 3rd edition of "Using Samba"
- from O'Reilly Publishing.
-
-
-Now Licensed under the GNU GPLv3
-================================
-
-The Samba Team has adopted the Version 3 of the GNU General Public
-License for the 3.2 and later releases. The GPLv3 is the updated
-version of the GPLv2 license under which Samba is currently
-distributed. It has been updated to improve compatibility with other
-licenses and to make it easier to adopt internationally, and is an
-improved version of the license to better suit the needs of Free
-Software in the 21st Century.
-
-The original announcement is available on-line at
-
- http://news.samba.org/announcements/samba_gplv3/
-
-
-New Security Defaults for Authentication
-========================================
-
-Support for LanMan passwords is now disabled in both client and server
-applications. Additionally, clear text authentication requests are
-disabled by default in client utilities such as smbclient and all
-libsmbclient based applications. This will affect connection both
-to and from hosts running DOS, Windows 9x/ME, and OS/2. Please refer
-to the "Changes" section for details on the exact parameters that were
-updated.
-
-
-Registry Configuration Backend
-==============================
-
-Samba is now able to use a registry based configuration backed to
-supplement smb.conf settings. This feature may be enabled by setting
-"config backend = registry" in the [global] section of smb.conf for a
-registry only configuration, or by specifying "include = registry" to
-include global options from registry for a mixed setup.
-
-The new parameter "registry shares = yes" in the [global] section of
-smb.conf can be used to activate share definitions from registry.
-These shares are loaded on demand by the server. Registry shares are
-automatically activated by the global registry options above.
-
-The configuration stored in registry can be conveniently managed using
-the "net conf" command.
-
-More information may be obtained from the smb.conf(5) and net(8) man
-pages.
-
-
-Removed Features
-================
-
-Both the Python bindings and the libmsrpc shared library have been
-removed from the tree due to lack of an official maintainer.
-
-As smbfs is no longer supported in current kernel versions, smbmount has
-been removed in this Samba version. Please use cifs (mount.cifs) instead.
-See examples/scripts/mount/mount.smbfs as an example for a wrapper which
-calls mount.cifs instead of smbmount/mount.smbfs.
-
-
-Modified API for libsmbclient
-==============================================================================
-
-Maintaining ABI compatibility for libsmbclient has become increasingly
-difficult to accomplish, while also keeping the code organization such that it
-is easily readable. Towards the goal of maintaining ABI compatibility and
-also keeping the code easy to maintain and enhance, the API has been enhanced.
-In particular, the fields in the SMBCCTX context structure are no longer
-intended to be read/write by the user, and are marked as deprecated. An
-application that previously accessed the members of the SMBCCTX context
-structure will now encounter warnings if recompiled. This is intentional, to
-encourage implementation of the small changes required for the new interface.
-The number of changes is expected to be quite small for the vast majority of
-applications, and no changes need be made for many applications. The changes
-required for KDE (konqueror) to conform to the new interface, for example, are
-only four lines in only one file.
-Instead of the application manually changing or reading values in the context
-structure, there are now setter and getter functions for each configurable
-member in that structure. Similarly, the smbc_option_get() and
-smbc_option_set() functions are deprecated in favor of the setter/getter
-interface. The setters and getters are all documented in libsmbclient.h
-under these comment blocks:
+######################################################################
+Changes
+#######
- Getters and setters for CONFIGURATION
- Getters and setters for OPTIONS
- Getters and setters for FUNCTIONS
- Callable functions for files
- Callable functions for directories
- Callable functions applicable to both files and directories
+Changes since 3.2.5
+-------------------
-Example changes that may be required to eliminate "deprecated" warnings:
- /* Set the debug level */
- context->debug = 99;
-changes to:
- smbc_setDebug(context, 99);
+o Michael Adam <obnox@samba.org>
+ * BUG 5677: Fix test_{shlibs,nss_modules,pam_modules} on Solaris.
+ * BUG 5765: Fix installlibs on solaris by using portable "test -r".
+ * Fix potential segfault in vfs_tsmsm.
+ * Don't list the domain twice when expanding internal aliases.
+ * Fix the output of "getent group" when "winbind use default domain = yes"
+ with "security = ads".
+ * Add domain prefix to username in lookup_groupmem().
+ * Prevent negative GM/ cache entries due to broken connections.
+ * Fix crash in sync_eventlog_params().
+ * Fix timeouts when calling 'getgrent'.
+ * Fix smbd hanging on Solaris when winbindd closes socket.
- /* Specify the authentication callback function */
- context->callbacks.auth_fn = auth_smbc_get_data;
-changes to:
- smbc_setFunctionAuthData(context, auth_smbc_get_data);
- /* Specify the new-style authentication callback with context parameter */
- smbc_option_set("auth_function", auth_smbc_get_data_with_ctx);
-changes to:
- smbc_setFunctionAuthDataWithContext(context, auth_smbc_get_data_with_ctx);
+o Jeremy Allison <jra@samba.org>
+ * BUG 1254: Fix "write list" in setups using "security = share".
+ * BUG 5080: Fix access to cups-printers with cups 1.3.4.
+ * BUG 5737: Fix Winbind crash in an unusual failure mode.
+ * BUG 5783: Fix FindFirst where search pattern equals the mangled filename.
+ * BUG 5790: Fix returning of STATUS_OBJECT_NAME_NOT_FOUND on set file
+ disposition.
+ * BUG 5797: Fix moving of readonly files.
+ * BUG 5814: Fix Winbind crash bug while doing "rescan_trusted_domain".
+ * BUG 5818: Sort ACEs in smbcacl output properly and honor inheritance.
+ * BUG 5825: Fix account locking with LDAP backend.
+ * BUG 5826: Fix truncated filenames when accessing old servers.
+ * BUG 5889: Fix "delete veto files = no".
+ * BUG 5891: Fix smbd crash when viewing the eventlog exported by "eventlog
+ list".
+ * BUG 5900: Fix vfs_readonly.
+ * BUG 5903: Fix vfs_streams_xattr breaking contents of files.
+ * BUG 5904: Fix libnss_wins causing SIGABRT while servicing getaddrinfo()
+ request.
+ * BUG 5914: Fix build failure: redefinition of struct name_list.
+ * BUG 5937: Fix filenames with "*" char hiding other files.
+ * BUG 5953: Fix smbclient crashes.
+ * Fix rename_open_files.
+ * Restructure VFS SMB traffic analyzer VFS module.
+ * Correctly fix smbclient to terminate on eof from server.
+ * Unify access checks for lsa server functions.
+ * Remove the requirement for ldap call made as root.
+ * Cope with MAXIMUM_ALLOWED_ACCESS requests when opening handles.
+ * Fix net rpc vampire, based on an *amazing* piece of debugging work by
+ "Cooper S. Blake" <the_analogkid@yahoo.com>.
+ * Fix Coverity IDs 456, 574, 592, 606 and 607.
+ * Fix net rpc vampire.
- /* Set kerberos flags */
- context->flags = (SMB_CTX_FLAG_USE_KERBEROS |
- SMB_CTX_FLAG_FALLBACK_AFTER_KERBEROS);
-changes to:
- smbc_setOptionUseKerberos(context, 1);
- smbc_setOptionFallbackAfterKerberos(context, 1);
+o Gerald (Jerry) Carter <jerry@samba.org>
+ * Use the same prerequisite for DDNS update as Windows XP.
+ * Make "lwinet ads dns register" honor the "interfaces" parameter.
+o Steven Danneman <steven.danneman@isilon.com>
+ * Fix extended DN parse error when AD object does not have a SID.
-######################################################################
-Changes
-#######
-smb.conf changes
-----------------
-
- Parameter Name Description Default
- -------------- ----------- -------
- administrative share New No
- client lanman auth Changed Default No
- client ldap sasl wrapping New plain
- client plaintext auth Changed Default No
- clustering New No
- cluster addresses New ""
- config backend New file
- ctdbd socket New ""
- debug class New No
- lanman auth Changed Default No
- ldap connection timeout New 2
- ldap debug level New 0
- ldap debug threshold New 10
- mangled map Removed
- min receive file size New 0
- open files database hashsize Removed
- read bmpx Removed
- registry shares New No
- smb encrypt New Auto
- winbind expand groups New 1
- winbind rpc only New No
-
- New special meaning of "include = registry".
-
-
-Changes since 3.2.0rc2:
------------------------
+o Guenther Deschner <gd@samba.org>
+ * BUG 5888: Fix PNP_GetHwProfInfo().
+ * BUG 5957: Do not abort rename process on valid rename script.
+ * BUG 5898: Fix 'net rpc shutdown'.
+ * Fix duplicate installation of cifs.upcall.
+ * Fix _srvsvc_NetShareAdd segfault.
+ * Ensure consistency when reporting password complexity.
+ * Fix _lsa_GetUserName.
+ * Fix access check in _samr_QuerySecurity().
+ * _samr_DeleteUser needs to wipe out the user_handle on success.
+ * NetGroupEnum_r needs to handle servers with no groups.
-o Jeremy Allison <jra@samba.org>
- * BUG 5531: Fix conversion of ns units when converting
- from nttime to timespec.
- * BUG 5533: Fix handling of workgroup names containing a '.' in Winbindd.
- * BUG 5551: Fix group enumeration with 'wbinfo -g' on PDCs.
- * BUG 5555: Fix setting of the password last set field during domain joins.
- * BUG 5568: Fix net rpc trustdom add.
- * Fix gcc warnings at -O3.
+o Mathias Dietz <MDIETZ@de.ibm.com>
+ * Search for gpfs functions in both libgpfs_gpl.so an libgpfs.so.
-o Michael Adam <obnox@samba.org>
- * BUG 5548: Fix segfaults in handle_include with %m macro expansion.
- * Add several tests to the testsuite.
+o Dina Fine <dina@exanet.com>
+ * BUG 5908: Fix internal change notify on shared directory.
+
+
+o Nils Goroll <nils.goroll@hamburg.de>
+ * BUG 5135 and 5446: Prevent calling POSIX ACL vfs methods on zfs share.
+
+
+o Henning Henkel <henning.henkel@fh-furtwangen.de>
+ * BUG 5929: Fix building of vfs_prealloc with option --with-cluster-support
+ and GPFS.
+
+o Holger Hetterich <hhetter@novell.com>
+ * Add new VFS module to analyze SMB traffic
-o Günther Deschner <gd@samba.org>
- * BUG 5542: Fix empty passwords of samsync.
+
+o Tomasz Krasuski <kr0tki@poczta.onet.pl>
+ * BUG 5928: Fix 'testparm --version'.
+
+
+o Jeff Layton <jlayton@redhat.com>
+ * Have uppercase_string return success on NULL pointer in mount.cifs.
+ * Make mount.cifs return codes match the return codes for /bin/mount.
+ * Use lock/unlock_mtab scheme from util-linux-ng mount prog in mount.cifs.
o Volker Lendecke <vl@samba.org>
- * BUG 5500: Add missing become_root to enable access to LDAP DB.
- * Fix coverity IDs 464, 474.
- * Fix an uninitialized variable found by the IBM checker.
- * Fix group parsing in libwbclient's copy_group_entry().
- * Fix max_fd calculation in event_loop_once.
- * Fix warnings on Fedory Core 9.
- * Fix several memleaks.
- * Fix a segfaults in wbcLookupRids.
- * Fix a segfault in clitar.
- * Fix the build on FreeBSD 4.6.2 and Darwin.
- * Fix a double-closedir() in form_junctions().
- * Fix a crash in _dfs_Enum.
- * Fix a segfault in rpcclient adddriver.
- * Fix valgrind errors in _spoolss_addprinterdriver.
- * Fix warnings on SuSE 9.0.
- * Fix a file descriptor leak in add_port_hook.
+ * BUG 5691: Fig smbd panic on Solaris.
+ * BUG 5778: Check if strlcpy and strlcat are already defined.
+ * BUG 5840: Fix segfault in "rpcclient lsaaddacctrights".
+ * BUG 5860: Fix nasty error message for overlong strings in safe_strcpy.
+ * Fix a potential NULL deref in found by the IBM Checker.
+ * Fix an uninitialized variable found by the IBM Checker.
+ * Fix an unlikely memleak found by the IBM Checker.
+ * Fix some missing error handlings.
+ * Add workaround for domain joins using a netbios name which is different
+ from the hostname.
+ * Fix crash bug when freeing a non-malloc'ed buffer if the client sends a
+ non-encrypted packet with the crypto state set.
+ * Fix trans2findfirst for the large directory optimization.
+ * Fix checking for presence of cups-devel and correct cups-devel test for
+ HAVE_IPRINT.
+
+
+o Derrell Lipman <derrell.lipman@unwireduniverse.com>
+ * BUG 5805: Don't close stdout when calling setup_logging multiple times.
+
+
+o Stefan Metzmacher <metze@samba.org>
+ * Fix setting of trust password using 'net rpc trustdom add'.
+ * Fix several issues in vfs_streams_xattr and vfs_stream_depot.
+ * Return an error instead of crashing when no realm is given (trigerred by
+ "net ads info -S 127.8.7.6" (where 127.8.7.6 doesn't exist)
+ and "disable netbios = yes").
+
+
+o Jim McDonough <jmcd@samba.org>
+ * Fix the new vfs_smb_traffic_analyzer build for static links.
+
+
+o TAKAHASHI Motonobu <monyo@samba.gr.jp>
+ * BUG 5901: Fix default for streams_depot location.
+
+
+o Tim Prouty <tim.prouty@isilon.com>
+ * Fix several build warnings.
+
+o Andreas Schneider <mail@cynapses.org>
+ * Delete the krb5 ccname variable from the PAM environment if set.
+ * Fix circular dependency error with autoconf 2.6.3.
-o William Jojo <jojowil@hvcc.edu>
- * Fix several AIX build issues.
- * Add -brtl to the AIX linker flags.
+o Martin Schwenke <martin@meltin.net>
+ * Add @CIFSUPCALL_PROGS@ to "all" target so cifs.upcall gets built at
+ compile time rather than install time.
-o Atte Peltomäki <atte.peltomaki@f-secure.com>
- * Fix winbindd group expansion.
+o Davide Sfriso <sfriso@virgilio.it>
+ * BUG 5906: Fix Winbind crash when calling 'getent group'.
-o Andreas Schneider <anschneider@suse.de>
- * Add documentation for kerberos support in libsmbclient.
- * Add krb5 support for the testbrowse example.
+o Dan Sledz <dsledz@isilon.com>
+ * Add FreeBSD configure check for backtrace_symbols.
+ * Fix logging to syslog.
+ * Allow SYSLOG_FACILITY to be modified with a new configure option called
+ --with-syslog-facility.
-o John H Terpstra <jht@samba.org>
- * Fix net help info.
- * Add documentation for TDB file.
+o Yasuma Takeda <yasuma@osstech.co.jp>
+ * BUG 5909: Fix MS-DFS on Vista clients.
+ * BUG 5944: Fix starting of nmbd with "socket address" set to "".
-o Bo Yang <boyang@novell.com>
- * Fix update of cached credentials during password change in pam_winbind.
+o Andrew Tridgell <tridge@samba.org>
+ * Fix segfault on startup with trusted domains.
+ * Re-add "winbind:ignore domains" parameter.
-o Christoph Zauner <christoph.zauner@sernet.de>
- * Fix several typos in the man pages and the Samba3 HowTo Collection.
+o Jelmer Vernooij <jelmer@samba.org>
+ * Avoid freeing fsp twice when opening new_file fails (Debian #431696).
######################################################################