- =================================
- Release Notes for Samba 3.2.0pre3
- Apr 25, 2008
- =================================
-
-This is the third preview release of Samba 3.2.0. This is *not*
-intended for production environments and is designed for testing
-purposes only. Please report any defects via the Samba bug reporting
-system at https://bugzilla.samba.org/.
-
-Please be aware that Samba is now distributed under the version 3
-of the new GNU General Public License. You may refer to the COPYING
-file that accompanies these release notes for further licensing details.
-
-Major enhancements in Samba 3.2.0 include:
-
- File Serving:
- o Use of IDL generated parsing layer for several DCE/RPC
- interfaces.
- o Removal of the 1024 byte limit on pathnames and 256 byte limit on
- filename components to honor the MAX_PATH setting from the host OS.
- o Introduction of a registry based configuration system.
- o Improved CIFS Unix Extensions support.
- o Experimental support for file serving clusters.
- o Support for IPv6 in the server, and client tools and libraries.
- o Support for storing alternate data streams in xattrs.
- o Encrypted SMB transport in client tools and libraries, and server.
- o Support for Vista clients authenticating via Kerberos.
-
- Winbind and Active Directory Integration:
- o Full support for Windows 2003 cross-forest, transitive trusts
- and one-way domain trusts.
- o Support for userPrincipalName logons via pam_winbind and NSS
- lookups.
- o Expansion of nested domain groups via NSS calls.
- o Support for Active Directory LDAP Signing policy.
- o New LGPL Winbind client library (libwbclient.so).
- o Support for establishing interdomain trust relationships with
- Windows 2008.
-
- Joining:
- o New NetApi library for domain join related queries (libnetapi.so)
- and example GTK+ Domain join gui.
- o New client and server support for remotely joining and unjoining
- Domains.
- o Support for joining into Windows 2008 domains.
-
- Users & Groups:
- o New ldb backend for local group mapping tables
- o Raised level of security defaults for authentication operations.
- o New NetApi library for user account related queries.
-
-
- Documentation:
- o Inclusion of an HTML version of the 3rd edition of "Using Samba"
- from O'Reilly Publishing.
-
-
-Now Licensed under the GNU GPLv3
-================================
-
-The Samba Team has adopted the Version 3 of the GNU General Public
-License for the 3.2 and later releases. The GPLv3 is the updated
-version of the GPLv2 license under which Samba is currently
-distributed. It has been updated to improve compatibility with other
-licenses and to make it easier to adopt internationally, and is an
-improved version of the license to better suit the needs of Free
-Software in the 21st Century.
-
-The original announcement is available on-line at
-
- http://news.samba.org/announcements/samba_gplv3/
-
-
-New Security Defaults for Authentication
-========================================
-
-Support for LanMan passwords is now disabled in both client and server
-applications. Additionally, clear text authentication requests are
-disabled by default in client utilities such as smbclient and all
-libsmbclient based applications. This will affect connection both
-to and from hosts running DOS, Windows 9x/ME, and OS/2. Please refer
-to the "Changes" section for details on the exact parameters that were
-updated.
-
-
-Registry Configuration Backend
-==============================
-
-Samba is now able to use a registry based configuration backed to
-supplement smb.conf setting. This feature may be enabled by setting
-"config backend = registry" and "registry shares = yes" in the [global]
-section of smb.conf and may be managed using the "net conf" command.
-
-More information may be obtained from the smb.conf(5) and net(8) man
-pages.
-
-
-Removed Features
-================
+ =============================
+ Release Notes for Samba 3.5.8
+ March 7, 2011
+ =============================
+
+
+This is the latest stable release of Samba 3.5.
+
-Both the Python bindings and the libmsrpc shared library have been
-removed from the tree due to lack of an official maintainer.
-
-As smbfs is no longer supported in current kernel versions, smbmount has
-been removed in this Samba version. Please use cifs (mount.cifs) instead.
-See examples/scripts/mount/mount.smbfs as an example for a wrapper which
-calls mount.cifs instead of smbmount/mount.smbfs.
-
-
-Modified API for libsmbclient
-==============================================================================
-
-Maintaining ABI compatibility for libsmbclient has become increasingly
-difficult to accomplish, while also keeping the code organization such that it
-is easily readable. Towards the goal of maintaining ABI compatibility and
-also keeping the code easy to maintain and enhance, the API has been enhanced.
-In particular, the fields in the SMBCCTX context structure are no longer
-intended to be read/write by the user, and are marked as deprecated. An
-application that previously accessed the members of the SMBCCTX context
-structure will now encounter warnings if recompiled. This is intentional, to
-encourage implementation of the small changes required for the new interface.
-The number of changes is expected to be quite small for the vast majority of
-applications, and no changes need be made for many applications. The changes
-required for KDE (konqueror) to conform to the new interface, for example, are
-only four lines in only one file.
-
-Instead of the application manually changing or reading values in the context
-structure, there are now setter and getter functions for each configurable
-member in that structure. Similarly, the smbc_option_get() and
-smbc_option_set() functions are deprecated in favor of the setter/getter
-interface. The setters and getters are all documented in libsmbclient.h
-under these comment blocks:
-
- Getters and setters for CONFIGURATION
- Getters and setters for OPTIONS
- Getters and setters for FUNCTIONS
- Callable functions for files
- Callable functions for directories
- Callable functions applicable to both files and directories
-
-Example changes that may be required to eliminate "deprecated" warnings:
-
- /* Set the debug level */
- context->debug = 99;
-changes to:
- smbc_setDebug(context, 99);
-
- /* Specify the authentication callback function */
- context->callbacks.auth_fn = auth_smbc_get_data;
-changes to:
- smbc_setFunctionAuthData(context, auth_smbc_get_data);
-
- /* Specify the new-style authentication callback with context parameter */
- smbc_option_set("auth_function", auth_smbc_get_data_with_ctx);
-changes to:
- smbc_setFunctionAuthDataWithContext(context, auth_smbc_get_data_with_ctx);
-
- /* Set kerberos flags */
- context->flags = (SMB_CTX_FLAG_USE_KERBEROS |
- SMB_CTX_FLAG_FALLBACK_AFTER_KERBEROS);
-changes to:
- smbc_setOptionUseKerberos(context, 1);
- smbc_setOptionFallbackAfterKerberos(context, 1);
+o
+Changes since 3.5.7:
+--------------------
+
+
+o Jeremy Allison <jra@samba.org>
######################################################################
-Changes
-#######
+Reporting bugs & Development Discussion
+#######################################
-smb.conf changes
-----------------
+Please discuss this release on the samba-technical mailing list or by
+joining the #samba-technical IRC channel on irc.freenode.net.
- Parameter Name Description Default
- -------------- ----------- -------
- administrative share New No
- client lanman auth Changed Default No
- client ldap sasl wrapping New plain
- client plaintext auth Changed Default No
- clustering New No
- cluster addresses New ""
- config backend New file
- ctdb socket New ""
- debug class New No
- lanman auth Changed Default No
- ldap debug level New 0
- ldap debug threshold New 10
- mangle map Removed
- min receive file size New 0
- open files database hashsize Removed
- read bmpx Removed
- registry shares New No
- winbind expand groups New 1
- winbind rpc only New No
-
- New special meaning of "include = registry".
-
-
-Changes since 3.2.0pre2:
------------------------
+If you do report problems then please try to send high quality
+feedback. If you don't provide vital information to help us track down
+the problem then you will probably be ignored. All bug reports should
+be filed under the Samba 3.5 product in the project's Bugzilla
+database (https://bugzilla.samba.org/).
+
+
+======================================================================
+== Our Code, Our Bugs, Our Responsibility.
+== The Samba Team
+======================================================================
+
+
+Release notes for older releases follow:
+----------------------------------------
+
+ =============================
+ Release Notes for Samba 3.5.7
+ February 28, 2011
+ =============================
+
+
+This is a security release in order to address CVE-2011-0719.
+
+
+o CVE-2011-0719:
+ All current released versions of Samba are vulnerable to
+ a denial of service caused by memory corruption. Range
+ checks on file descriptors being used in the FD_SET macro
+ were not present allowing stack corruption. This can cause
+ the Samba code to crash or to loop attempting to select
+ on a bad file descriptor set.
+
+
+Changes since 3.5.6:
+--------------------
+
+
+o Jeremy Allison <jra@samba.org>
+ * BUG 7949: Fix DoS in Winbind and smbd with many file descriptors open.
+
+
+######################################################################
+Reporting bugs & Development Discussion
+#######################################
+
+Please discuss this release on the samba-technical mailing list or by
+joining the #samba-technical IRC channel on irc.freenode.net.
+
+If you do report problems then please try to send high quality
+feedback. If you don't provide vital information to help us track down
+the problem then you will probably be ignored. All bug reports should
+be filed under the Samba 3.5 product in the project's Bugzilla
+database (https://bugzilla.samba.org/).
+
+
+======================================================================
+== Our Code, Our Bugs, Our Responsibility.
+== The Samba Team
+======================================================================
+
+
+----------------------------------------------------------------------
+
+
+ =============================
+ Release Notes for Samba 3.5.6
+ October 8, 2010
+ =============================
+
+
+This is the latest stable release of Samba 3.5.
+
+Major enhancements in Samba 3.5.6 include:
+
+ o Fix smbd panic on invalid NetBIOS session request (bug #7698).
+ o Fix smbd crash caused by "%D" in "printer admin" (bug #7541).
+ o Fix crash bug with invalid SPNEGO token (bug #7694).
+ o Fix Winbind internal error (bug #7636).
+
+
+Changes since 3.5.5
+-------------------
+
+
+o Jeremy Allison <jra@samba.org>
+ * BUG 7577: Fix SPNEGO auth when contacting Win7 system using Microsoft Live
+ Sign-in Assistant.
+ * BUG 7578: Fix 'net idmap restore' setting HWM to avoid duplicates.
+ * BUG 7581: Fix "admin users" when using vfs_acl_xattr.
+ * BUG 7583: Fix smbclient to connect to Alfresco JLAN CIFS server using
+ Kerberos.
+ * BUG 7589: Fix using cached credentials in ntlm_auth.
+ * BUG 7590: Fix Winbind offline login.
+ * BUG 7617: Fix smbd coredump due to uninitialized variables in the
+ performance counter code.
+ * BUG 7636: Fix Winbind internal error.
+ * BUG 7651: Fix mknod and mkfifo failing with "No such file or
+ directory".
+ * BUG 7693: Fix smbd changing mode of files on rename.
+ * BUG 7694: Fix crash bug with invalid SPNEGO token.
+ * BUG 7698: Fix smbd panic on invalid NetBIOS session request.
+
+
+o Günther Deschner <gd@samba.org>
+ * BUG 7541: Fix smbd crash caused by "%D" in "printer admin".
+ * BUG 7568: Make sure cm_connect_lsa_tcp does not reset the secure channel.
+ * BUG 7658: Fix "dereferencing type-punned pointer will break
+ strict-aliasing rules" warnings).
+ * BUG 7665: Fix memory leak in netapi connection manager.
+
+
+o Björn Jacke <bj@sernet.de>
+ * BUG 7244: Fall back to cups-config for underlinked libs.
+ * BUG 7474: Fix build on platforms without st_blocks and st_blksize stat
+ struct members.
+
+
+o Volker Lendecke <vl@samba.org>
+ * BUG 7336: Enable idmap_passdb module build as shared.
+ * BUG 7531: Fix the charset_pull routine.
+ * BUG 7635: Fix 'smbclient -M'.
+ * BUG 7656: Fix scalability problem with hundreds of printers.
+ * BUG 7684: Fix fd leak in libwbclient.so.
+ * BUG 7688: Fix crash bug in rpcclient.
+ * BUG 7470: Standardize S_IREAD and S_IWRITE.
+ * BUG 7715: Fix file corruption when setting Samba "write wache wize".
+
+
+o Jim McDonough <jmcd@samba.org>
+ * BUG 7280: Fix auto printers with registry config.
+
+
+o Andreas Schneider <asn@samba.org>
+ * BUG 7538: Fix GUID_from_data_blob() with length of 32.
+
+
+o Chere Zhou <chere.zhou@isilon.com>
+ * BUG 7662: Align change notify replies on 4-byte boundary.
+
+
+######################################################################
+Reporting bugs & Development Discussion
+#######################################
+
+Please discuss this release on the samba-technical mailing list or by
+joining the #samba-technical IRC channel on irc.freenode.net.
+
+If you do report problems then please try to send high quality
+feedback. If you don't provide vital information to help us track down
+the problem then you will probably be ignored. All bug reports should
+be filed under the Samba 3.5 product in the project's Bugzilla
+database (https://bugzilla.samba.org/).
+
+
+======================================================================
+== Our Code, Our Bugs, Our Responsibility.
+== The Samba Team
+======================================================================
+
+
+----------------------------------------------------------------------
+
+
+ =============================
+ Release Notes for Samba 3.5.5
+ September 14, 2010
+ =============================
+
+
+This is a security release in order to address CVE-2010-3069.
+
+
+o CVE-2010-3069:
+ All current released versions of Samba are vulnerable to
+ a buffer overrun vulnerability. The sid_parse() function
+ (and related dom_sid_parse() function in the source4 code)
+ do not correctly check their input lengths when reading a
+ binary representation of a Windows SID (Security ID). This
+ allows a malicious client to send a sid that can overflow
+ the stack variable that is being used to store the SID in the
+ Samba smbd server.
+
+
+Changes since 3.5.4
+--------------------
+
+
+o Jeremy Allison <jra@samba.org>
+ * BUG 7669: Fix for CVE-2010-3069.
+
+
+o Andrew Bartlett <abartlet@samba.org>
+ * BUG 7669: Fix for CVE-2010-3069.
+
+
+######################################################################
+Reporting bugs & Development Discussion
+#######################################
+
+Please discuss this release on the samba-technical mailing list or by
+joining the #samba-technical IRC channel on irc.freenode.net.
+
+If you do report problems then please try to send high quality
+feedback. If you don't provide vital information to help us track down
+the problem then you will probably be ignored. All bug reports should
+be filed under the Samba 3.5 product in the project's Bugzilla
+database (https://bugzilla.samba.org/).
+
+
+======================================================================
+== Our Code, Our Bugs, Our Responsibility.
+== The Samba Team
+======================================================================
+
+
+----------------------------------------------------------------------
+
+
+ =============================
+ Release Notes for Samba 3.5.4
+ June 23, 2010
+ =============================
+
+
+This is the latest stable release of Samba 3.5.
+
+Major enhancements in Samba 3.5.4 include:
+
+ o Fix smbd crash when sambaLMPassword and sambaNTPassword entries missing
+ from ldap (bug #7448).
+ o Fix init_sam_from_ldap storing group in sid2uid cache (bug #7507).
+
+
+Changes since 3.5.3
+-------------------
o Michael Adam <obnox@samba.org>
- * Fix session setup with security = share.
- * Fix segfault in testparm.
- * Fix several Makefile issues.
- * Fix build of bin/net on Solaris.
- * Reformat the parm table of loadparm to use named initializers.
- * Fix %I macro expansion for IPv4 mapped IPv6 addresses.
- * Convert registry.tdb to use dbwrap and fix memleaks.
- * Several make test fixes and improvements.
- * Several libreplace extensions and fixes (portet from v4-0-test).
- * Rename libnet_conf to libsmbconf and introduce backend abstraction layer.
- * Add text backend to libsmbconf, based on params.c.
- * Fix handling of includes in registry libsmbconf backend.
- * Fix net conf import by reading from text backend.
- * Add a "net registry" command to locally access the registry.
- * Add testsuites for libsmbconf and "net registry".
- * Fix Coverity IDs 517, 536, 545.
- * Remove unneeded REGISTRY_HOOKS layer from reghook cache
- to allow plugging one backend to multiple keys more easily.
- * Add smbconf_init dispatcher taking source strings like "backend:path"
- * Fix handling of dangling parameters (without share) in libsmbconf.
- * Introduce special meaning of "include = registry" to complement
- the registry-only configuration of "config backend = registry".
- * Enhance error propagation by making several registry functions
- return WERROR.
- * Fix loading of registry shares in smbd by fixing the token.
- * Fix a segfault in tdb_wrap_log().
+ * BUG 7507: Fix init_sam_from_ldap storing group in sid2uid cache.
o Jeremy Allison <jra@samba.org>
- * BUG 5311: Fix IPv6 issue with hosts allow/deny settings.
- * BUG 5372: Fix client timeouts in large CUPS installations.
- * Fix problem with nmbd not waiting until interfaces come up.
- * Fix S3 to pass the test_raw_oplock_exclusive3 test.
- * Fix MSDFS bug breaking MS clients in some cases by ensuring
- the target host is ourselves.
- * Rewrite the wrap checks to deal with gcc 4.x optimisations.
+ * BUG 7188: Make ea data checks identical for trans2open and trans2mkdir.
+ * BUG 7410: Samba sends "raw" inode number as uniqueid with unix extensions.
+ * BUG 7449: Fix spnego returning incorrect mechListMIC string.
-o Kai Blin <kai@samba.org>
- * BUG 4235: Prevent ntlm_auth from sending BH responses without a message.
- * Fix one BH message.
-
-
-o Gerald (Jerry) Carter <jerry@samba.org>
- * Fix libtdb some to move back towards allowing out of tree builds.
- * Ignore port when pulling IP addr from struct sockaddr_storage..
-
-
-o Guenther Deschner <gd@samba.org>
- * Fix build of pam_smbpass.
- * Fix lp_load with an empty registry and "config backend = registry".
- * Fix build targets for bin/net.
- * Fix _dssetup_DsRoleGetPrimaryDomainInformation().
- * Fix the build of cifs.spnego.
- * Migration of the SRVSVC client and server DCE/RPC code to IDL
- based structures and autogenerated code
- * Fix Kerberos session setup with Vista SP1 (ignore PAC type 12)
- * Fix support for vampire of lockout policies and
- for storing dialin/terminal server settings.
- * Fix remote join/unjoin server implementation.
- * BUG 5328: Fix netlogon credential chain with Windows 2008
- (this also fixes joining Windows 2008 with rpc methods).
- * Various fixes for establishing and validating interdomain trust
- relationships with Windows 2008.
- * Use IDL for storing domain controller information in dsgetdcname.
- * Re-arranged internal structure of libnetapi.
- * Add support for domain\dcname syntax in libnetjoin.
- * Add support for browsing/joining OUs in netdomjoin-gui.
- * Add various new calls to libnetapi.
+o Günther Deschner <gd@samba.org>
+ * BUG 7341: Fix Winbind over IPv6.
+ * BUG 7459: Fix some crash bugs and missing error codes in AddDriver paths.
+ * BUG 7479: Fix crash bug in _samr_QueryUserInfo{2} level 18.
+ * BUG 7517: Fix session setup from linux kernel cifs clients with
+ "sec=ntlmv2".
+
+
+o Olaf Flebbe <o.flebbe@science-computing.de>
+ * BUG 7209: Fix build on RHEL5.
+
+
+o Björn Jacke <bj@sernet.de>
+ * BUG 7427: Using IBM xl_C compiler produces wrong results in configure.
+ * BUG 7503: Fix calculation of st_blocks in vfs_streams_xattr.
+ * BUG 7504: Fix numerous build issues.
+
+
+o Volker Lendecke <vl@samba.org>
+ * BUG 7253: Fix Samba login cache problem on Sparc Architecture.
+ * BUG 7262: Fix editing users' groups via UsrMgr.
+
+
+o Buchan Milne <bgmilne@mandriva.org>
+ * BUG 7500: Fix 'not a string literal' warning in netdomjoin-gui.
+
+
+o Matthieu Patou <mat@matws.net>
+ * BUG 7099: Allow previous password to be stored and use it to check
+ tickets.
+
+
+o Andreas Schneider <asn@samba.org>
+ * BUG 7423: Fix printing large formats.
+
+
+o Roel van Meer <rolek@bokxing.nl>
+ * BUG 7448: Fix smbd crash when sambaLMPassword and sambaNTPassword entries
+ missing from ldap.
+
+
+######################################################################
+Reporting bugs & Development Discussion
+#######################################
+
+Please discuss this release on the samba-technical mailing list or by
+joining the #samba-technical IRC channel on irc.freenode.net.
+
+If you do report problems then please try to send high quality
+feedback. If you don't provide vital information to help us track down
+the problem then you will probably be ignored. All bug reports should
+be filed under the Samba 3.5 product in the project's Bugzilla
+database (https://bugzilla.samba.org/).
+
+
+======================================================================
+== Our Code, Our Bugs, Our Responsibility.
+== The Samba Team
+======================================================================
+
+
+----------------------------------------------------------------------
+
+
+ =============================
+ Release Notes for Samba 3.5.3
+ May 19, 2010
+ =============================
+
+
+This is the latest stable release of Samba 3.5.
+
+Major enhancements in Samba 3.5.3 include:
+
+ o Fix MS-DFS functionality (bug #7339).
+ o Fix a Winbind crash when scanning trusts (bug #7389).
+ o Fix problems with SIGCHLD handling in Winbind (bug #7317).
+
+
+Changes since 3.5.2
+-------------------
+
+
+o Jeremy Allison <jra@samba.org>
+ * BUG 7288: Fix SMB job IDs in CUPS job names.
+ * BUG 7339: Fix MS-DFS functionality.
+
+
+o Andrew Bartlett <abartlet@samba.org>
+ * BUG 7354: Fix CLDAP tsocket problem on Solaris.
+
+
+o Ira Cooper <samba@ira.wakeful.net>
+ * BUG 7384: Fix bitmap leak in dptr_Close.
+
+
+o Günther Deschner <gd@samba.org>
+ * BUG 7277: Fix exporting printers via 'cupsaddsmb' command.
+ * BUG 7417: Fix setting of passwords via 'net rpc user password' command.
+ * BUG 7418: Fix 'net rpc printer list' command.
+
+
+o Olaf Flebbe <o.flebbe@science-computing.de>
+ * BUG 7421: Rename mod_name to module_name.
o Björn Jacke <bj@sernet.de>
- * Add AC_TRY_RUN_STRICT support for Sun Studio compiler.
+ * BUG 7352: Make TIME_T_MAX defines consistent.
+ * BUG 7385: Fix building with Solaris' gcc.
+
+
+o Jeff Layton <jlayton@redhat.com>
+ * BUG 7315: Fix segfault in mount.cifs.
o Volker Lendecke <vl@samba.org>
- * Add support for async SMB requests.
- * Add transactions to the dbwrap API.
- * Add "net idmap aclmapset".
- * Change default bufsize to 512k.
- * Fix Coverity IDs 473, 481, 506, 507, 525, 526, 527, 528, 529, 530, 537,
- 538, 547, 548, 551, 552, 553, 554, 555, 557, 558, 559, 563, 564, 567.
- ... and half a ton more
- * Fix some warnings in the tsmsm module.
- * Fix warnings.
- * BUG 4901: Fix "ldap passwd sync = only".
- * BUG 5334: Fix download of empty files using smbclient.
- * BUG 5307: Fix notify changes.
- * BUG 5317: Fix debug output in domain_client_validate.
- * BUG 5338: Fix format string issue in rpcclient.
- * Convert account_pol.tdb and share_info.tdb to dbwrap.
- * Protect group_mapping.tdb ops with transactions.
- * BUG 5366: "passwd program" should work on Solaris 10 again now.
- * A level 25 setuserinfo does change the pwdlastset, fixes XP joins.
- * BUG 5350: A Samba DC trusting NT4 should do an anon session setup.
- * BUG 5375: Fix a segfault with "security=share" and [in]valid users.
- * Fix printing from DOS clients -- introduced by inbuf/outbuf rewrite.
- * Fix wbinfo -a trusted\\user%password on a Samba DC with trusts.
- * BUG 5341: Fix async smbclient get command on Solaris.
- * Make winbind use NetSamLogonEx when possible.
- * Merge fixes in the 3-0-ctdb cluster code.
- * Fix a segfault in snprintf replacement code.
- * Fix a regression for wbinfo --group-info if winbind separator is set
-
-
-o Derrell Lipman <derrell@samba.org>
- * Check for NULL pointers before dereferencing them.
- * Fix use of AuthDataWithContext capability.
+ * BUG 7357: Re-fix a bug with smbd serving a windows terminal server.
+ * BUG 7389: Fix a Winbind crash when scanning trusts.
+ * BUG 7398: Fix rename problems with full_audit VFS module.
+
+
+o Jim McDonough <jmcd@samba.org>
+ * BUG 7378: Display an error on 'net conf import' failures.
o Stefan Metzmacher <metze@samba.org>
- * Add dbwrap_tdb2 backend, useful for cluster setups.
- * Add more functions to libwbclient:
- - wbcGetGroups()
- - wbcInterfaceDetails()
- - wbcListUsers()
- - wbcListGroups()
- - wbcLookupUserSids()
- - wbcSetUidMapping()
- - wbcSetGidMapping()
- - wbcSetUidHwm()
- - wbcSetGidHwm()
- - wbcResolveWinsByName()
- - wbcResolveWinsByIP()
- - wbcCheckTrustCredentials()
- * Let wbinfo use libwbclient where possible.
- * Let net use only libwbclient to access winbindd.
- * Make socket wrapper pcap support more portable.
- * Some libreplace backports from v4-0-test.
- * Store the write time in the locking.tdb,
- so that smbd passes the BASE-DELAYWRITE test.
- * Run RAW-SEARCH and BASE-DELAYWRITE by 'make test'.
- * Let each process use its own connection to ctdb
- in cluster mode.
- * Add a reinit_after_fork() helper function to correct
- reinitialize the same things in all cases.
- * Fix a chicken and egg problem with "include = registry".
+ * BUG 7196: Add replacement for IPV6_V6ONLY on linux systems with broken
+ headers.
+ * BUG 7317: Fix problems with SIGCHLD handling in Winbind.
+ * BUG 7354: Fix CLDAP tsocket problem on Solaris.
-o Karolin Seeger <kseeger@samba.org>
- * Fix usage message for "net idmap dump".
+o Luca Olivetti <luca@wetron.es>
+ * BUG 7263: Fix cups encryption setting.
-o Andrew Tridgell <tridge@samba.org>
- * Suppress superfluous message.
+######################################################################
+Reporting bugs & Development Discussion
+#######################################
+Please discuss this release on the samba-technical mailing list or by
+joining the #samba-technical IRC channel on irc.freenode.net.
+
+If you do report problems then please try to send high quality
+feedback. If you don't provide vital information to help us track down
+the problem then you will probably be ignored. All bug reports should
+be filed under the Samba 3.5 product in the project's Bugzilla
+database (https://bugzilla.samba.org/).
-o Marc VanHeyningen <marc.vanheyningen@isilon.com>
- * Coverity fixes.
+======================================================================
+== Our Code, Our Bugs, Our Responsibility.
+== The Samba Team
+======================================================================
+
+
+----------------------------------------------------------------------
+
+
+ =============================
+ Release Notes for Samba 3.5.2
+ April 7, 2010
+ =============================
+
+
+This is the latest stable release of Samba 3.5.
+
+Major enhancements in Samba 3.5.2 include:
+
+ o Fix smbd segfaults in _netr_SamLogon for clients sending null domain
+ (bug #7237).
+ o Fix smbd segfaults in "waiting for connections" message (bug #7251).
+ o Fix an uninitialized variable read in smbd (bug #7254).
+ o Fix a memleak in Winbind (bug #7278).
+ o Fix Winbind reconnection to it's own domain (bug #7295).
+
+
+Changes since 3.5.1
+-------------------
-Changes since 3.2.0pre1:
------------------------
o Michael Adam <obnox@samba.org>
- * Add library for access to the registry configuration data.
- * BUG 5023: Separate NFS4 and POSIX ACL code in file access checks.
- * BUG 4308: Fix Excel save operation ACL bug.
- * Refactor and consolidate logic for retrieving the machine
- trust password information.
- * VFS API cleanup (remove redundant parameter).
- * BUG 4801: Correctly implement LSA lookup levels for LookupNames.
- * Add new option "debug class" to control printing of the debug class.
- in debug headers.
- * Enable building of the zfsacl and notify_fam vfs modules.
- * BUG 5083: Fix memleak in solarisacl module.
- * BUG 5063: Fix build on RHEL5.
- * New smb.conf parameter "config backend = registry" to enable registry
- only configuration.
- * Move "net conf" functionality into a separate module libnet_conf.c
- * Restructure registry code, eliminating the dynamic overlay.
- Make use of reg_api instead of backend code in most places.
- * Add support for intercepting LDAP libraries' debug output and print
- it in Samba's debugging system.
- * Libreplace fixes.
- * Build fixes.
- * Initial support for using subsystems as shared libraries.
- Use talloc, tdb, and libnetapi as shared libraries internally.
+ * BUG 7231: Fix automatic building of vfs_tsmsm if gpfs and dmapi are
+ present.
+ * BUG 7232: Fix race conditions in CTDB persistent transactions.
+ * BUG 7313: Make 'net conf addshare' atomic.
+ * BUG 7314: Eliminate race condition in creating/scanning sorted subkeys in
+ the registry backend.
o Jeremy Allison <jra@samba.org>
- * Added support for IPv6 client and server connections.
- * Add in the recvfile entry to the VFS layer.
- * Removal of pstring data type.
- * Remove unused utilities: smbctool and rpctorture.
- * Fix service principal detection to match Windows Vista
- (based on work from Andreas Schneider).
- * Encrypted SMB transport in client tools and libraries, and server.
+ * BUG 7075: Fix bug in vfs_scannedonly rmdir implementation.
+ * BUG 7159: Fix handling of bad server data returns in client rpc_transport.
+ * BUG 7234: Symlink delete fails but incorrectly reports success to client.
+ * BUG 7255: Fix "printer admin" functionality.
+ * BUG 7283: Fix smbd segfault if using vfs_acl_tdb.
+ * BUG 7297: Fix smbd crashes with CUPS printers and no [printers] share defined.
+ * BUG 7310: Fix DOS attribute inconsistency with MS Office.
o Kai Blin <kai@samba.org>
- * Added support for an SMB_CONF_PATH environment variable
- containing the path to smb.conf.
- * Various fixes to ntlm_auth.
- * make test now supports more extensive SPOOLSS testing using vlp.
- * Correctly handle mixed-case hostnames in NTLMv2 authentication.
-
-
-o Gerald (Jerry) Carter <jerry@samba.org>
- * Add Winbind client library.
- * Decouple static linking between smbd and winbindd's client
- interface.
-
-
-o Guenther Deschner <gd@samba.org>
- * Enhance client and server remote registry access.
- * Add client calls for remotely joining a computer to a domain
- (including calls from "net dom" command).
- * Add libnetapi.so library for joining domains including
- sample GTK+ app.
- * Fixes for Vista SP1 Kerberos authdata handling to only pickup
- the PAC.
- * Various error code and error message fixes.
- * Add initial draft of libnetconf to allow programmatic
- configuration changes.
- * Add libnet_join internal library for programmatically joining
- and unjoining Domains.
- * Add various fixes and new calls to libnetapi.so library.
- * Various fixes for DsGetDcName and conversion to IDL based
- structures.
- * Fixes for pidl to correctly generate WERROR based client calls.
- * Fixes for pidl to generate output that complies to coding
- conventions.
- * Various IDL fixes.
- * Add ads_get_joinable_ous() to libads to get list of joinable ous.
- * Add get_logon_hours_from_pdb() to comply with new IDL based
- structures.
- * Add debugging capabilities to dump AD connections to libads
- (using ndr_print).
- * Add "dump-domain-list" command for smbcontrol to retrieve better
- debugging information out of winbindd.
- * Migration of the entire client and server DCE/RPC code to IDL
- based structures and autogenerated code for DSSETUP, LSA, SAMR
- and NETLOGON.
- * Started migration of client and server DCE/RPC code to IDL based
- structures and autogenerated code for NTSSVC, SVCCTL and
- EVENTLOG.
- * Use IDL and autogenerated code for samlogoncache and Kerberos
- PAC handling.
- * Various fixes and cleanup of Kerberos PAC handling.
- * Fix segfault in _srv_net_file_enum.
- * Conversion of client join and unjoin code to libnet_join.
- * Add remote join/unjoin server-side implementation.
- * Removed a lot of code which has become obsolete.
-
-
-o Steve Langasek <vorlon@debian.org>
- * Integrate 2 out of 3 --with-fhs patches from Debian packaging
- for better adherence to the FHS standard.
+ * BUG 7290: Fix core dump in 'ntlm_auth' with "gss-spnego" helper.
+
+
+o Günther Deschner <gd@samba.org>
+ * BUG 6727: Fix several printing issues.
+ * BUG 7237: Fix smbd segfaults in _netr_SamLogon for clients sending
+ null domain.
+ * BUG 7256: Fix value-needed calculation in_spoolss_EnumPrinterData().
+ * BUG 7258: Fix _winreg_QueryValue crash bugs and implement Windows
+ behavior.
+
+
+o Holger Hetterich <hhetter@novell.com>
+ * BUG 7203: Fix 'net share' command.
+
+
+o Michael Karcher <samba@mkarcher.dialup.fu-berlin.de>
+ * BUG 7269: Fix job management commands for CUPS queues.
+
+
+o Jeff Layton <jlayton@redhat.com>
+ * BUG 6853: Fix race condition in mount.cifs that allows user to replace
+ mountpoint with a symlink.
o Volker Lendecke <vl@samba.org>
- * Add talloc_stackframe() and talloc_pool() features.
- * Removal of pstring data type.
- * Add generic a in-memory cache.
- * Import the Linux red-black tree implementation.
- * Remove large amount of global variables.
- * Support for storing xattrs in tdb files.
- * Support for storing alternate data streams in xattrs.
- * Implement a generic in-memory cache based on rb-trees.
- * Add implicit temporary talloc contexts via talloc_stack().
- * Speed up the smbclient "get" command
- * Add the aio_fork module
- * Fix bug 4901
-
-o Derrell Lipman <derrell@samba.org>
- * Modified libsmbclient API for more easily maintaining ABI compatibility
- while adding new features to libsmbclient.
+ * BUG 5198: Fix parsing of the gecos field.
+ * BUG 7202: Fix access by multi-threaded applications.
+ * BUG 7212: Fix returning of group members with 'getent group'.
+ * BUG 7216: Fix the build of net_afs.c with --fake-kaserver=yes.
+ * BUG 7229: Fix a NULL pointer dereference in smbd.
+ * BUG 7232: Fix race conditions in CTDB persistent transactions.
+ * BUG 7254: Fix an uninitialized variable read in smbd.
+ * BUG 7278: Fix a memleak in Winbind.
+
+
+o Roel van Meer <rolek@alt001.com>
+ * BUG 6814: Fix valgrind warning.
+
o Stefan Metzmacher <metze@samba.org>
- * Refactor Winbind internal parent-child interface tables
- to achieve better unit testing support.
- * Add nss_wrapper API for local Winbind unit tests.
- * Networking fixes to the libreplace library.
- * Pidl fixes.
- * Remove unused Winbind pipe calls.
- * Build fixes.
- * Fix for a crash bug in pidl generated client code.
- This could have happend with [in,out,unique] pointers
- when the client sends a valid pointer, but the server
- responds with a NULL pointer (as samba-3.0.26a does for some calls).
- * Change NTSTATUS into enum ndr_err_code in librpc/ndr.
- * Remove unused calls in the struct based winbindd protocol.
- * Add --configfile option to wbinfo.
- * Convert winbind_env_set(), winbind_on() and winbind_off() into macros.
- * Return rids and other_sids arrays in WBFLAG_PAM_INFO3_TEXT mode.
- * Implement wbcErrorString() and wbcAuthenticateUserEx().
- * Convert auth_winbind to use wbcAuthenticateUserEx().
+ * BUG 7170: Never mark external domains as internal in Winbind.
+ * BUG 7225: Make Winbind logs more verbose for troubleshooting.
+ * BUG 7251: Fix smbd segfault in "waiting for connections" message.
+ * BUG 7295: Fix Winbind reconnection to it's own domain.
+ * BUG 7316: Winbind possibly segfaults when trying a trusted domain without
+ inbound trust.
-o James Peach <jpeach@samba.org>
- * Add support for DNS Service Discovery. Based on work from
- Rishi Srivatsavai <rishisv@gmail.com>.
+o SATOH Fumiyasu <fumiyas@osstech.co.jp>
+ * BUG 1206: Fix segfault if hide files or veto files has no ".AppleDouble".
-o Andreas Schneider <anschneider@suse.de>
- * Don't restart winbind if a corrupted tdb is found during
- initialization.
- * Fix Windows 2008 (Longhorn) join.
- * Fix crashbug in winbindd.
- * Add share parameter "administrative share".
+o Simo Sorce <idra@samba.org>
+ * BUG 7204: Fix DN parsing name was always null.
-o Karolin Seeger <ks@sernet.de>
- * Improve error messages of net subcommands.
- * Add 'net rap file user'.
- * Change LDAP search filter to find machine accounts which
- are not located in the user suffix.
- * Remove smbmount.
+o Andrew Tridgell <tridge@samba.org>
+ * BUG 7312: Many disconnecting clients render clustered Samba unusuable
+ for some time.
-o David Shaw <dshaw@jabberwocky.com>
- * BUG 5073: Allow "delete readonly = yes" to correctly override
- deletion of a file.
+o Bo Yang <boyang@samba.org>
+ * BUG 7206: Signals are processed twice in child.
-o Rishi Srivatsavai <rishisv@gmail.com>
- * Register the smb service with mDNS if mDNS is supported.
- * Add smbclient support for basic mDNS browsing.
+######################################################################
+Reporting bugs & Development Discussion
+#######################################
-o Andrew Tridgell <tridge@samba.org>
- * Fix padding between Winbind 32bit/64bit client library in
- the request/response structures.
- * Added a syncops VFS module for file systems which do not
- guarantee meta-data operations are immediately committed to
- disk in stable form.
+Please discuss this release on the samba-technical mailing list or by
+joining the #samba-technical IRC channel on irc.freenode.net.
+If you do report problems then please try to send high quality
+feedback. If you don't provide vital information to help us track down
+the problem then you will probably be ignored. All bug reports should
+be filed under the Samba 3.5 product in the project's Bugzilla
+database (https://bugzilla.samba.org/).
-o Jelmer Vernooij <jelmer@samba.org>
- * Additional portability support for building shared libraries.
+======================================================================
+== Our Code, Our Bugs, Our Responsibility.
+== The Samba Team
+======================================================================
+
+----------------------------------------------------------------------
-o Corinna Vinschen <corinna@vinschen.de>
- * Get Samba version or capability information from Windows user space.
+ =============================
+ Release Notes for Samba 3.5.1
+ March 8, 2010
+ =============================
-Original 3.2.0pre1 commits:
----------------------------
-o Michael Adam <obnox@samba.org>
- * Unified POSIX ACL detection including support for FreeBSD and
- HP-UX.
- * Performance improvements for Winbind's lookup functions (names,
- SIDs, and group membership) when joined to an AD domain.
- * Winbind cache validation support.
- * Store domain trust passwords for Samba domain controller's in
- the domain's passdb backend.
- * Merged \winreg server code from the SAMBA_3_2 development branch.
- * Fixes for libreplace.
- * Implement new registry configuration backend.
+This is a security release in order to address CVE-2010-0728.
+
+
+o CVE-2010-0728:
+ In Samba releases 3.5.0, 3.4.6 and 3.3.11, new code
+ was added to fix a problem with Linux asynchronous IO handling.
+ This code introduced a bad security flaw on Linux platforms if the
+ binaries were built on Linux platforms with libcap support.
+ The flaw caused all smbd processes to inherit CAP_DAC_OVERRIDE
+ capabilities, allowing all file system access to be allowed
+ even when permissions should have denied access.
+
+
+Changes since 3.5.0
+-------------------
o Jeremy Allison <jra@samba.org>
- * Add support for file system objectIDs.
- * Winbind cache validation support.
- * Add in the UNIX capability for 24-bit readX.
- * Improve Delete-on-Close semantics.
- * Removal of static file and path name buffers in SMB file serving
- code.
+ * BUG 7222: Fix for CVE-2010-0728.
-o Danilo Almeida <dalmeida@centeris.com>
- * Move the machine account to the OU specified when running "net
- ads join".
+######################################################################
+Reporting bugs & Development Discussion
+#######################################
+Please discuss this release on the samba-technical mailing list or by
+joining the #samba-technical IRC channel on irc.freenode.net.
-o Andrew Bartlett <abartlet@samba.org>
- * Tighten authentication protocol defaults in client tools and
- servers.
+If you do report problems then please try to send high quality
+feedback. If you don't provide vital information to help us track down
+the problem then you will probably be ignored. All bug reports should
+be filed under the Samba 3.5 product in the project's Bugzilla
+database (https://bugzilla.samba.org/).
-o Gerald (Jerry) Carter <jerry@samba.org>
- * Implement support for one-way trusts and two-way cross-forest
- transitive trust in winbindd.
- * Fixes for Winbind's offline/disconnected logon support when
- using remote idmap backends.
- * Fix LookupNames and LookupSids to use the same resolution
- heuristics as Windows XP.
- * Fix lockups in Winbind when running nscd.
- * UPN logon support in pam_winbind.
- * Add support for GNU linker scripts when build shared libraries
- (based on work by Julien Cristau <jcristau@debian.org> and James
- Peach).
+======================================================================
+== Our Code, Our Bugs, Our Responsibility.
+== The Samba Team
+======================================================================
+
+
+----------------------------------------------------------------------
+
+
+ =============================
+ Release Notes for Samba 3.5.0
+ March 1, 2010
+ ===============================
+
+
+This is the first stable release of Samba 3.5.
+
+
+Major enhancements in Samba 3.5.0 include:
+
+General changes:
+o Add support for full Windows timestamp resolution
+o The Using Samba HTML book has been removed.
+o 'net', 'smbclient' and libsmbclient can use credentials cached by Winbind.
+o The default value of "wide links" has been changed to "no".
+
+Protocol changes:
+o Experimental implementation of SMB2
+
+Printing Changes:
+o Add encryption support for connections to a CUPS server
+
+Winbind changes:
+o Major refactoring
+o Asynchronous
+
+VFS modules:
+o New vfs_scannedonly module has been added.
+
+
+General changes:
+================
+
+Support for full Windows timestamp resolution has been added. This effectively
+makes us use Windows' full 100ns timestamp resolution if supported by the
+kernel (2.6.22 and higher) and the glibc (2.6 and higher).
+
+The Using Samba HTML book has been removed from the Samba tarball.
+It is still available at http://www.samba.org/samba/docs/using_samba/toc.html.
+
+Samba client tools like 'net', 'smbclient' and libsmbclient can use the user
+credentials cached by Winbind at logon time. This is very useful e.g. when
+connecting to a Samba server using Nautilus without re-entering username and
+password. This feature is enabled by default and can be disabled per application
+by setting the LIBSMBCLIENT_NO_CCACHE environment variable.
+
+The default value of "wide links" has been changed to "no" to avoid an insecure
+default configuration ("wide links = yes" and "unix extensions = yes"). For
+more details, please see http://www.samba.org/samba/news/symlink_attack.html.
+
+
+Protocol changes
+================
+
+An EXPERIMENTAL implementation of the SMB2 protocol has been added. SMB2 can be
+enabled by setting "max protocol = smb2". SMB2 is a new implementation of the
+SMB protocol used by Windows Vista and higher.
+
+Printing Changes
+================
+
+A new parameter "cups encrypt" has been added to control whether connections to
+CUPS servers will be encrypted or not. The default is to use unencrypted
+connections.
+Winbind changes
+===============
-o Guenther Deschner <gd@samba.org>
- * Additional support for decoding and downloading group policy
- objects from Active Directory.
- * Improvements to "net ads keytab" command.
- * Fixes for linking against Heimdal Kerberos client libs.
- * Support LDAP range retrieval searches.
- * Fixes for failure to refresh user ticket caches in Winbind.
- * UPN logon support in pam_winbind.
- * Add KDC locator plugin for MIT kerberos 1.6 or later.
+The Winbind daemon has been refactored internally to be asynchronous. The new
+Winbind will not be blocked by running 'getent group' or 'getent passwd'.
+VFS modules
+===========
-o Steve Langasek <vorlon@debian.org>
- * Allow SIGTERM to cause nmbd to exit while awaiting a interface
- to come up.
+A new VFS module "scannedonly" has been added. This is a filter that
+talks to an antivirus-engine and stores whether a file is clean or not.
+Users do only see clean files on their filesystem.
+
+
+######################################################################
+Changes
+#######
+
+smb.conf changes
+----------------
+
+ Parameter Name Description Default
+ -------------- ----------- -------
+
+ create krb5 conf New yes
+ ctdb timeout New 0
+ cups encrypt New no
+ debug hires timestamp Changed Default yes
+ ldap deref New auto
+ ldap follow referral New auto
+ nmbd bind explicit broadcast New no
+ wide links Changed Default no
+
+
+New configure options
+---------------------
+
+--enable-external-libtdb Enable external tdb
+--enable-netapi Turn on netapi support
+--enable-pthreadpool Enable pthreads pool helper support
+--with-cifsumount Include umount.cifs (Linux only) support
+--with-codepagedir=DIR Where to put codepages
+
+
+Commit Highlights
+=================
+
+o Björn Jacke <bj@sernet.de>
+ * Add support for full Windows timestamp resolution.
+ * Add encryption support for connections to a CUPS server.
o Volker Lendecke <vl@samba.org>
- * Merge experimental cluster support patches from the ctdb branch.
- * Add tdb storage abstraction for ctdb.
- * Use IDL for internal message passing system.
- * Add client support for the SamLogonEx() authentication request.
- * Implement RPC proxy stubs in the Samba server code to allow
- replacing implementation functions one by one.
- * Remove static incoming and outgoing buffers from core server SMB
- packet processing code.
- * Add "net sam rights" command.
+ * Major internal refactoring of the Winbind daemon.
+ * Make Winbind asynchronous.
+ * Make 'net', 'smbclient' and libsmbclient use the logon credentials cached
+ by Winbind.
+
+
+o Stefan Metzmacher <metze@samba.org>
+ * Implement the new SMB2 protocol (experimental).
+
+Changes since 3.5.0rc3
+----------------------
-o Steve French <sfrench@samba.org>
- * Fixes for mount.cifs Linux utility.
+
+o Günther Deschner <gd@samba.org>
+ * BUG 7181: Fix 'net ads dns' usage calls.
+ * BUG 7182: Fix uninitialized variable in wkssvc_enumerateusers.
+
+
+o Volker Lendecke <vl@samba.org>
+ * BUG 7145: Fix duplicate sam and unix accounts.
+ * BUG 7166: Avoid calling cli_alloc_mid twice in cli_smb_req_iov_send.
o Stefan Metzmacher <metze@samba.org>
- * Fixes for libreplace.
- * Add support for LDAP digital signing policy.
- * Experimental clustered file system support.
+ * BUG 7160: Keep the the correct negotiate_flags on the cli->dc structure.
-o Lars Mueller <lars@samba.org>
- * Makefile and build fixes.
- * Add pam_pwd_expire for pam_winbind (original patch from Andreas
- Schneider).
+Changes since 3.5.0rc2
+----------------------
-o James Peach <jpeach@apple.com>
- * Fixes for setgroups() and *BSD and Darwin.
- * Support membership of >16 groups on Darwin.
+o Jeremy Allison <jra@samba.org>
+ * BUG 6557: Fix vfs_full_audit.
+ * BUG 6876: Fix duplicate initializer in the rmdir module.
+ * BUG 7063: Fix core dump on Ubuntu 8.04 64 bit.
+ * BUG 7067: Fix failing of smbd to respond to a read or a write caused by
+ Linux asynchronous IO (aio).
+ * BUG 7069: Fix 'smbget' error status.
+ * BUG 7072: Fix unlocking of accounts from ldap.
+ * BUG 7079 Cliconnect gets realm wrong with trusted domains.
+ * BUG 7081: Fix vfs_expand_msdfs.
+ * BUG 7084: Fix storing of create time on directories in an EA in new
+ create time code.
+ * BUG 7104: "wide links" and "unix extensions" are incompatible.
+ * BUG 7118: Fix nmbd problems with socket address.
+ * BUG 7122: Fix reading of large browselist.
+ * BUG 7154: "mangling method = hash" can crash storing a name containing a '.'.
+ * BUG 7155: Valgrind Conditional jump or move depends on uninitialised
+ value(s) error when "mangling method = hash"..
+
+
+o Steven Danneman <steven.danneman@isilon.com>
+ * BUG 7096: Fix string buffer overflow causing heap corruption in smbd.
+
+
+o Günther Deschner <gd@samba.org>
+ * BUG 6888: Fix printing with 64 bit clients.
+ * BUG 7130: Fix listing of printjobs in Windows 7.
+ * BUG 7148: Fix get_acl_blob in the acl_tdb VFS module.
-o Jiri Sasek <Jiri.Sasek@Sun.COM>
- * Added vfs_zfsacl module.
+o Björn Jacke <bj@sernet.de>
+ * BUG 7103: Fix build issue on Tru64.
+ * BUG 7116: Change ldap filter to what really was intended.
+ * Fix some wrong newlines in de translation strings.
-o Karolin Seeger <ks@sernet.de>
- * Add deletelocalgroup and unmapunixgroup subcommand to "net sam".
- * Cleanup internal passdb functions.
+o Jeff Layton <jlayton@redhat.com>
+ * BUG 6868: Fix crash bug in 'cifs.upcall'.
-o Simo Sorce <idra@samba.org>
- * Fixes for IDmap and Passdb backends.
+o Volker Lendecke <vl@samba.org>
+ * BUG 7085: Fix an early release of the global lock that can cause data
+ corruption in libtdb.
+ * BUG 7139: Owner of file not available with Kerberos.
-o Andrew Tridgell <tridge@samba.org>
- * Port ldb from the Samba 4 tree and add ldb group mapping plugin.
- * Move several file serving related tdb files to use the dbwrap
- API internally.
- * Cleanup the GPFS VFS plugin.
- * Experimental clustered file system support.
+o Stefan Metzmacher <metze@samba.org>
+ * BUG 6888: Fix printing with 64 bit clients.
+ * BUG 7098: Fix results of 'smbclient -L' with a large browse list.
+ * BUG 7116: Add pdb_ldap performance fixes.
+ * BUG 7118: Add new "nmbd bind explicit broadcast" parameter.
+ * BUG 7119: Support large browselist.
+ * BUG 7140: Fix IPv4/IPv6 problems.
+
+
+o Lars Müller <lars@samba.org>
+ * BUG 7071: Fix build of 'smbfilter'.
+ * BUG 7047: Add cross option to samba_cv_linux_getgrouplist_ok.
+ * BUG 7102: Normalize "Changing password for" msg IDs and STRs.
+
+
+o Olivier Sessink <olivier@virtscano.fakenet>
+ * BUG 7076: Fix build of vfs_scannedonly on AIX.
+
+
+o Bo Yang <boyang@samba.org>
+ * BUG 7106: Fix malformed require_membership_of_sid.
+
+
+
+Changes since 3.5.0rc1
+----------------------
+
+
+o Michael Adam <obnox@samba.org>
+ * BUG 4347: Check password history before increasing "badPasswordCount".
+
+
+o Jeremy Allison <jra@samba.org>
+ * BUG 5202: Fix changing of ACLs on writable file with "dos filemode=yes".
+ * BUG 6876: Fix deletion of an object whose parent folder does not have delete
+ rights fails even if the delete right is set on the object in
+ vfs_acl_xattr and vfs_acl_tdb.
+ * BUG 7033: Fix SMBrmdir error message when deleting a directory fails.
+ * BUG 7036: Fix 'net rpc getsid' in hardened Windows environments.
+ * BUG 7045: Fix bad (non memory copying) interfaces in smbc_setXXXX calls.
+
+
+o Giovanni Bajo <rasky@develer.com>
+ * BUG 7029: Disable sanity check in NetShareEnum for better compatibility
+ with Windows.
+
+
+o Kai Blin <kai@samba.org>
+ * BUG 7039: Fix compile error with WITH_DNS_UPDATE. Update .po files.
+
+
+o Günther Deschner <gd@samba.org>
+ * BUG 7043: Fix crash bug in libsmbclient.
+
+
+o André Hentschel <nerv@dawncrow.de>
+ * BUG 7039: Complete German translation of 'net'.
+
+
+o Björn Jacke <bj@sernet.de>
+ * BUG 7039: Improve some German translations in 'net'.
+
+
+o William Jojo <w.jojo@hvcc.edu>
+ * BUG 7052: Fix DFS on AIX.
+
+
+o Volker Lendecke <vl@samba.org>
+ * BUG 6981: Fix large paged search with DirX LDAP servers.
+ * BUG 7027: Fix a segfault in winbindd_dual_ccache_ntlm_auth().
+ * BUG 7037: Fix a Winbind segfault in "trusted_domains".
+ * BUG 7046: Fix libsmbclient crash against OpenSolaris CIFS server.
+ * BUG 7062: Make 'net', 'smbclient' and libsmbclient use the logon
+ credentials cached by Winbind.
+ * Lock down some srvsvc calls according to what w2k3 seems to do.
+
+
+o Stefan Metzmacher <metze@samba.org>
+ * BUG 6157: Restore Samba 3.0.x behavior and use the first "uid" value in
+ pdb_ldap.
+
+
+o SASAJIMA Toshihiro <sasajima_t@jp.fujitsu.com>
+ * BUG 7034: Fix segfault in vfs_cap.
+
+
+o Olivier Sessink <oliviersessink@gmail.com>
+ * BUG 7028: Add new scannedonly VFS module.
+
+
+Changes since 3.5.0pre2
+-----------------------
+
+o Jeremy Allison <jra@samba.org>
+ * BUG 6837: Fix "Too many open files" when trying to access large number of
+ files with Windows 7.
+ * BUG 6939: Fix long filenames when "mangling method" is set to "hash".
+ * BUG 7020: Fix smbd using 2G memory.
+ * Ensure dos_mode can return FILE_ATTRIBUTE_NORMAL, then filter the returned
+ attributes by protocol level.
+ * Vector correctly through reply_openerror() (which uses the same logic).
+ * Fix bugs with the full Windows ACL support.
+
+
+o Kai Blin <kai@samba.org>
+ * Add a few missing gettext calls to the 'net' command.
+ * Fix up a share type translation and translate some more strings in 'net'.
+
+
+o Günther Deschner <gd@samba.org>
+ * Allow to call "pdbedit -N description -u user" without specifiyng "-r".
+ * Add spoolss_DriverInfo7.
+ * Fix rpcclient after setprinter IDL fixes.
+ * Use generated krb5.conf in 'net ads testjoin'.
+
+
+o Jonas Gorski <jonas.gorski+samba@gmail.com>
+ * BUG 6992: make test for getgrouplist cacheable.
+
+
+o André Hentschel <nerv@dawncrow.de>
+ * Add some German translations for the 'net' command.
+
+
+o Suresh Jayaraman <sjayaraman@suse.de>
+ * Update mount.cifs man page with nounix option.
+
+
+o Volker Lendecke <vl@samba.org>
+ * Fix _samr_GetAliasMembership for results with 0 rids.
+ * Fix an error case in cli_negprot.
+ * Add a lower-cost alternative to wbinfo -t: wbinfo --ping-dc.
+ * Restore correct timeouts for SMB requests.
+ * Fix a 64-bit error in libsmb.
+ * Replace IS_DOMAIN_OFFLINE by a function in Winbind.
+ * Simplify/cleanup Winbind code.
+
+
+o Kamen Mazdrashki <kamen.mazdrashki@postpath.com>
+ * Fix write behind memory block in libtalloc.
+ * Fix result check for getaddrinfo().
+
+
+o Jim McDonough <jmcd@samba.org>
+ * BUG 7014: Fix Winbind crash when retrieving empty group members.
+
+
+o Brian Lu <brian.lu@sun.com>
+ * BUG 6991: Create symbol links to shared libraries.
+
+
+o Stefan Metzmacher <metze@samba.org>
+ * Add tsocket_address_bsd_sockaddr() and tsocket_address_bsd_from_sockaddr()
+ to tsocket.
+ * Always set tdb->tracefd to -1 to be safe on goto fail in libtdb.
+ * Add TDB_DISALLOW_NESTING and make TDB_ALLOW_NESTING the default behavior.
+ * Fix standalone 'make installdocs'.
+
+
+o Peter Rosin <peda@lysator.liu.se>
+ * Output %p as unsigned in snprintf replacement.
+
+
+o Ronnie Sahlberg <ronniesahlberg@gmail.com>
+ * New attempt at TDB transaction nesting allow/disallow.
+
+
+o Kirill Smelkov <kirr@mns.spb.ru>
+ * Remove swig stuff from libtdb.
+ * Reset tdb->fd to -1 in tdb_close() in libtdb.
+
+
+o Simo Sorce <idra@samba.org>
+ * Change the way mksysms work in libtalloc.
o Jelmer Vernooij <jelmer@samba.org>
- * Implement NDR basic to support utilizing IDL files from Samba 4
- tree for general DCE/RPC parsing stubs.
+ * Also build and install tdb manpages from standalone tdb.
+
+
+o Bo Yang <boyang@samba.org>
+ * Fix infinite loop in NCACN_IP_TCP as there is no timeout.
+ * Make winbindd_cache.c aware of domain offline to avoid unnecessary backend
+ query.
+ * List trusted domains from wcache when domain is offline.
+
+
+Changes since 3.5.0pre1
+-----------------------
+
+o Michael Adam <obnox@samba.org>
+ * Fix the build when no external talloc and tdb are installed.
+ * Fix detection of CTDB headers on systems without system-libtalloc.
+
+
+o Jeremy Allison <jra@samba.org>
+ * BUG 6802: A created folder does not properly inherit permissions from
+ parent in vfs_acl_xattr.
+ * BUG 6837: "Too many open files" when trying to access large number of
+ files from Windows 7.
+ * BUG 6938 : No hook exists to check creation rights when using acl_xattr
+ module.
+ * Fix vfs_acl_xattr which was failing to call the NEXT connect function.
+ * Restructure the ACL code.
+ * Refactor reply_rmdir to use handle based code.
+
+
+o Dan Cox <dan@wep.net>
+ * BUG 2350: Add LDAP Alias Dereferencing support.
+
+
+o Günther Deschner <gd@samba.org>
+ * BUG 6929: Fix build with recent heimdal.
+ * Fix several printing issues.
+ * Fix the build on Mac OS X 10.6.2.
+ * Fix net and rpcclient after setprinterdataex changes.
+ * Add full support for level 8 printer drivers.
+ * Add more spoolss architectures to IDL.
+ * Fix enumprinter key client and server.
+ * Fix crash in EnumPrinterDataEx.
+
+
+o Björn Jacke <bj@sernet.de>
+ * Prefer posix_fallocate for doing "strict allocate".
+
+
+o Matt Kraai <mkraai@beckman.com>
+ * BUG 6860: Fix shared library build on QNX.
+o Volker Lendecke <vl@samba.org>
+ * BUG 6288: SWAT adds a second share when changing parameters of an existing
+ share.
+ * BUG 6435: Fix minor memory corruption.
+ * Restore "fake directory create times" as a share parameter.
+ * Fix explicit stat64 support.
+ * Add support for NetWkstaGetInfo 101 and 102.
+ * Add rpcclient wkssvc_enumerateusers.
+ * De-deprecate "write cache size" to prevent its removal without a proper
+ alternative.
+ * Allow more than 1000 users in BUILTIN\Users.
+
+
+o Jim McDonough <jmcd@samba.org>
+ * BUG 6967: Prevent glibc error on 'net ads join'.
+
+
+o Lars Müller <lars@samba.org>
+ * BUG 6710: Only install the cifs.upcall man page if CIFSUPCALL_PROGS was
+ set while configure.
+
+
+o Ian Puleston <ipuleston@sonicwall.com>
+ * Complete support for NetWkstaGetInfo/NetWkstaEnumUsers.
+
+
+o Karolin Seeger <kseeger@samba.org>
+ * Fix the build of the example VFS modules.
+
+
+o Bo Yang <boyang@samba.org>
+ * BUG 6879: Fix crash in Winbind.
+ * Fix crash in free_file_list().
+ * Give the user a chance to change password when password will expire soon.
+
######################################################################
Reporting bugs & Development Discussion
If you do report problems then please try to send high quality
feedback. If you don't provide vital information to help us track down
the problem then you will probably be ignored. All bug reports should
-be filed under the Samba 3.2 product in the project's Bugzilla
+be filed under the Samba 3.5 product in the project's Bugzilla
database (https://bugzilla.samba.org/).
== Our Code, Our Bugs, Our Responsibility.
== The Samba Team
======================================================================
-
git.samba.org / samba.git / blobdiff