+ ===============================
+ Release Notes for Samba 3.0.31
+ July 10, 2008
+ ===============================
+
+This is a bug fix release of the Samba 3.0 production series
+and is the version that servers should be run for all current
+Samba 3.0 bug fixes.
+
+User visible bug fixes in this release include:
+
+ o Correct issues with running Winbind runing on a Samba PDC.
+ o Problems with trusted Windows 2008 domains.
+ o Difficulty joining an NT4 or Windows 2000 AD domain.
+
+
+######################################################################
+Changes
+#######
+
+Changes since 3.0.30
+--------------------
+
+o Jeremy Allison <jra@samba.org>
+ * BUG 5504: Fix SIGTERM handling in Winbind children so that they
+ do not remove the unix domain socket used to field client requests.
+ * Split the winbindd_passdb backend into a 'builtin' and a 'sam'
+ backend.
+ * When allocating client buffers for large read/write - make sure we
+ take account of the large read/write SMB headers as well as the buffer
+ space.
+ * Memory leak fixes in DC location code.
+ * BUG 5533: Winbindd fails to cope correctly with a workgroup name
+ containing a '.'
+ * BUG 5555: Don't return NT_STATUS_PASSWORD_MUST_CHANGE error on machine
+ account logon.
+ * BUG 5551: smbd recursing back into winbindd from a winbindd call.
+ * Fix usage message for "net rpc trustdom add".
+ * Ensure consistent use of pdb_get_nt_passwd instead of pdb_get_lanman_passwd.
+ * BUG 5578: Bad (non-Samba) use of strlcat gives error.
+ * Canonicalize servername in the printer functions to remove leading '\\'
+ characters.
+
+
+o Alexander Bokovoy <ab@samba.org>
+ * Documentation build fixes.
+ * [DOCS] Fix use of smbconfoption in samba.entities.
+
+
+o Gerald (Jerry) Carter <jerry@samba.org>
+ * Return NULL in sitename_fetch() if gencache_init() fails.
+
+
+o Steven Danneman <steven.danneman@isilon.com>
+ * Use machine account and machine password from our domain when
+ contacting trusted domains.
+ * SPNEGO SPN fix when contacting trusted domains.
+
+
+o Guenther Deschner <gd@samba.org>
+ * BUG 5285: Fix libcap header mismatch.
+ * Fix joining NT4 domains.
+ * Don't let winbind getgroups crash when we have no gids in the
+ token.
+ * Fallback to level 24 pwd set while joining.
+ * Fix joining w2k domains in "security = ads".
+ * Fix pam_sm_chauthtok for storing modified cached creds.
+
+
+o SATOH Fumiyasu <fumiyas@osstech.co.jp>
+ * BUG 5202: Re-activate "acl group control" parameter and make it
+ only apply to owning group.
+
+
+o <hkurma@datadomain.com>
+ * BUG 5531: Fix conversion of ns units when converting from
+ nttime to timespec.
+
+
+o Volker Lendecke <vl@samba.org>
+ * BUG 4974: Map NT_STATUS_OBJECT_PATH_NOT_FOUND to ENOENT in libsmbclient.
+ * Fix a segfault in base64_encode_data_blob.
+
+
+o William Jojo <jojowil@hvcc.edu>
+ * AIX build fixes.
+
+
+o Herb Lewis <herb@samba.org>
+ * ENODATA is not defined in freeBSD 4.6.2.
+
+
+o Jim McDonough <jmcd@samba.org>
+ * Don't reset password last set time just because the expired flag
+ is set to 0.
+
+
+o Karolin Seeger <kseeger@samba.org>
+ * Fix usage message for 'net idmap dump'.
+ * Miscellaneous man page fixes.
+ * BUG 4203: Samba3-HOWTO: Add improvements/fixes submitted by Pete Boyd.
+
+
+o John H Terpstra <jht@samba.org>
+ * Fixes to man pages.
+ * Add tdb file documentation.
+
+
+o Bo Yang <boyang@novell.com>
+ * Ensure that winbindd trusted domain children keep primary domain online
+ status up to date.
+ * Update cached creds during password change.
+ * Ensure that Winbind always uses set_domain_offline() to mark a domain
+ offline.
+ * Allow authentication and memory credential refresh after password change
+ from gdm/xdm.
+
+
+o Chere Zhou <czhou@isilon.com>
+ * Memory leak fixes.
+
+
+
+Release notes for older releases follow:
+
+ --------------------------------------------------
+ ===============================
+ Release Notes for Samba 3.0.30
+ May 28, 2008
+ ===============================
+
+This is a security release in order to address CVE-2008-1105 ("Boundary
+failure when parsing SMB responses can result in a buffer overrun").
+
+ o CVE-2008-1105
+ Specifically crafted SMB responses can result in a heap overflow
+ in the Samba client code. Because the server process, smbd, can
+ itself act as a client during operations such as printer notification
+ and domain authentication, this issue affects both Samba client
+ and server installations.
+
+The original security announcement for this and past advisories can
+be found http://www.samba.org/samba/security/
+
+
+######################################################################
+Changes
+#######
+
+Changes since 3.0.29
+--------------------
+
+o Jeremy Allison <jra@samba.org>
+ * Fix for CVE-2008-1105.
+
+
+o Karolin Seeger <kseeger@samba.org>
+ * Remove man pages for ldb tools not included in Samba 3.0.
+
+ --------------------------------------------------
+
+ ===============================
+ Release Notes for Samba 3.0.29
+ May 20, 2008
+ ===============================
+
+Major bug fixes included in Samba 3.0.29 are:
+
+ o Problems following domain trusts on a Samba DC.
+ o SMB Signing errors.
+ o Interoperability issues with Windows 2008 domains.
+
+
+######################################################################
+Changes
+#######
+
+Changes since 3.0.28a
+---------------------
+
+o Michael Adam <obnox@samba.org>
+ * Fix build for pam_smbpass.
+ * Fix a crash in tdb_wrap_log().
+
+
+o Jeremy Allison <jra@samba.org>
+ * BUG 5267: Fix for nmbd termination problems when no interfaces
+ found.
+ * BUG 5326: OS/2 servers give strange "high word" replies for
+ print jobs.
+ * Remove MS-DFS check that required the target host be ourself.
+ * BUG 5372: Fix high CPU usage of cupsd on large print servers
+ by using more efficient CUPS queries in smbd.
+ * Rewrite integer wrap checks to deal with gcc 4.x optimizations.
+ * BUG 5095: Fix the enforcement of the "Manage Documents" access right.
+ * Don't free memory from getpass() in mount.cifs.
+ * BUG 5460: Fix MS-DFS referral problem in server code.
+ * Fix bug in Winbind that caused the parent to ignore dead children.
+ * Fix compile warnings.
+
+
+o Alexander Bokovoy <ab@samba.org>
+ * Fix build for pam_smbpass.
+ * Document build fixes.
+
+
+o Kai Blin <kai@samba.org>
+ * BUG 4235: Improve compliance to the Squid helper protocol.
+ Original patch from Pawel Worach <pawel.worach@gmail.com>.
+
+
+o Gerald (Jerry) Carter <jerry@samba.org>
+ * BUG 5107: Fix handling of large DNS replies on AIX and Solaris.
+
+
+o Glenn Curtis <gcurtis@likewisesoftware.com>
+ * Prevent cycle in Winbind's list of children when reaping dead processes.
+
+
+o Steven Danneman <steven.danneman@isilon.com>
+ * BUG 5419: Fix memory leak in ads_do_search_all_args() (merge from v3-2).
+
+
+o Guenther Deschner <gd@samba.org>
+ * Fix winbind NETLOGON credential chain on a samba dc for w2k8 trusts.
+ * Fix client connections and negotiation with Windows 2008 DCs
+ in member server code.
+ * Add NT_STATUS_DOWNGRADE_DETECTED error code (merge from v3-2).
+ * BUG 5430: Fix pam_winbind.so on Solaris (requires -lsocket).
+ * Re-add samr getdispinfoindex parsing which got lost in the glue commit.
+ * BUG 5461: Implement a very basic _samr_GetDisplayEnumerationIndex().
+ Corrects interop problem between Citrix PM and a Samba DC.
+
+
+o Bryan Kolodziej <bryan.kolodziej@allenlund.com>
+ * BUG 3840: Fix smbclient connecting to NetApp filers when using
+ whitespace in the user's password.
+
+
+o Volker Lendecke <vl@samba.org>
+ * BUG 4901: Fix behavior of "ldap passwd sync = only".
+ * BUG 5317: Fix debug output from domain_client_validate().
+ * BUG 5338: Fix format string bug in rpcclient.
+ * Ensure that "wbinfo -a trusted\\user%password" works correctly
+ on a Samba DC with trusts.
+ * BUG 5336: Fix SetUsetrInfo(level 25) to update the pwdLastSet
+ attribute.
+ * BUG 5350: Fallback to anonymous sessions if not trust password
+ could be obtained on Samba DCs and member servers.
+ * BUG 5366: Fix password chat on Sun OpenSolaris (Nevada).
+ * Fix signing problem in the client with trans requests.
+
+
+o Björn Jacke <bj@sernet.de>
+ * Fix alignment bug hitting Solaris with "reset in zero vc" activated.
+
+
+o Jim McDonough <jmcd@samba.org>
+ * Fix build with glibc 2.8.
+ * Enable winbind child processes to do something with signals, in
+ particular closing and reopening logs on SIGHUP.
+
+
+o Karolin Seeger <kseeger@samba.org>
+ * Documentation cleanup after merging docs from svn to git and
+ back-porting from the v3-2 branch.
+
+
+o Rafal Szczesniak <mimir@samba.org>
+ * Add implementation of machine-authenticated connection to netlogon
+ pipe used when connecting to win2k and newer domain controllers.
+
+
+o Simo Sorce <idra@samba.org>
+ * Fix trusted users on a DC that uses the old idmap syntax.
+
+
+o Bo Yang <boyang@novell.com>
+ * Only have Winbind cache domain password policies that were
+ successfully retrieved.
+
+
+o Martin Zielinski <mz@seh.de>
+ * Fix alignment bug when marshalling printer data replies.
+ * Fix DeleteDriverDriverEx() checks to prevent removing in use files.
+
+
+
+ --------------------------------------------------
+
+ ===============================
+ Release Notes for Samba 3.0.28a
+ Mar 8, 2008
+ ===============================
+
+Major bug fixes included in Samba 3.0.28a are:
+
+ o Failure to join Windows 2008 domains
+ o Windows Vista (including SP1 RC) interop issues
+
+
+
+######################################################################
+Changes
+#######
+
+smb.conf changes
+----------------
+
+ Parameter Name Description Default
+ -------------- ----------- -------
+ administrative share New No
+ ldap debug level New 0
+ ldap debug threshold New 10
+
+
+Changes since 3.0.28
+--------------------
+
+o Michael Adam <obnox@samba.org>
+ * Fix bug in version string's vendor tag.
+ * Prevent net getdomainsid from crashing when called as non-root.
+ * BUG 4801: Correctly implement LSA lookup levels for LookupNames.
+ * Fixes for internal LookupNames() calls for unqualified users and
+ groups.
+ * Remove unnecessary functions when managing domain trust
+ passwords.
+ * Fix winbindd on a Samba DC talking to a trusted domain DC
+ (again).
+ * Consolidate the detection of the machine_account_name when
+ obtaining trust credentials from the local database.
+ * Refactor trust account database routines and session key
+ management.
+ * Fix retrieval of trusted domain password policies when
+ authenticating a user (only when WBFLAG_PAM_GET_PWD is config
+ flags is set).
+ * Refactor Winbind's cm_connect_sam().
+ * Enable building the notify_fam module.
+ * Add "ldap debug level" and "ldap debug threshold" smb.conf options.
+
+
+o Jeremy Allison <jra@samba.org>
+ * Fix cut-n-paste bug when filling in form values for Printer
+ info.
+ * Fix SMB signing bug found by Volker.
+ * Create locking.tdb when running smbstatus before smbd to avoid
+ confusing error messages.
+ * Add a portable version of strlcpy and strlcat.
+ * BUG 4780: Cause user mounts to inherit uid= and gid= from the
+ calling user when called as non-root, except when overridden on
+ the command line. Original patch by Steve Langasek.
+ * BUG 5802: Recent versions of Linux-PAM support localization of
+ user prompts, so Samba must use the C locale when invoking PAM
+ * Merge Vista principal detection changes by Andreas Schneider
+ from 3.2 branch.
+ * BUG 5121: Fix problems running unix passwd sync on streams based
+ systems.
+ * BUG 4612: Fix smbd crash when connecting from an OS/2 client.
+ * Back port Volker's ACL fixes on newly create files form 3.2.
+ * Ensure that send_getdc_request() matches the 3.2 code base.
+ * BUG 3617: Fix crash in nmbd caused by referencing freed memory.
+ * Fixes for issues reported by IBM checker.
+ * Fixes for issues reported by Coverity.
+ * Back port Volker's fix for nlink count.
+ * Back port SAMR flag fixes from Matt Geddes
+ <musicalcarrion@gmail.com>.
+ * BUG 4929: Cope with protected ACL set correctly (based on work
+ from Jim McDonough).
+ * Fix ACL set bug when group being set is the primary group.
+ * Ensure NDR wire-reads of string types are always null
+ terminated.
+ * BUG 5247: Fix mget wildcard expansion in smbclient.
+ * Fix bug in SPNEGO negotiation.
+ * BUG 3617: Fix "Invalid read of size 4" errors.
+ * BUG 5267: Prevent nmbd from shutting down when no network
+ interfaces can be located.
+
+
+o Kai Blin <kai@samba.org>
+ * libsmb: Do not upper-case target name on NTLMv2 hash generation.
+ * Fix an incompatible pointer type warning.
+
+
+o Gerald Carter <jerry@samba.org>
+ * Restrict the enctypes in the generated krb5.conf files to
+ Win2003 types.
+
+
+o Steven Danneman <steven.danneman@isilon.com>
+ * Error path memory leak fixes.
+
+
+o Guenther Deschner <gd@samba.org>
+ * Fix PAC decoding from Vista SP1 client.
+ * Fix get_trust_creds() to return always an upper-cased krb5
+ principal.
+ * Back port additional fixes necessary for support Windows 2008
+ domain joins from the 3.2 branch.
+
+
+o Mathias Gug <mathiaz@ubuntu.com>
+ * BUG 5802: Recent versions of Linux-PAM support localization of
+ user prompts, so Samba must use the C locale when invoking PAM
+
+
+o Steve Langasek <vorlon@debian.org>
+ * BUG 3727: Fix smbpasswd abort when called by non-root user.
+ * BUG 4784: Prevent umount.cifs from allowing all users to unmount shares.
+ * BUG 5802: Recent versions of Linux-PAM support localization of
+ user prompts, so Samba must use the C locale when invoking PAM
+
+
+o Volker Lendecke <vl@samba.org>
+ * When allocating a new vuid, also avoid partial ones. Also
+ fully invalidate intermediate ones.
+ * Fix error path exit in create_local_nt_token() to correctly roll
+ back security contexts.
+ * Fix valgrind warnings in nmbd.
+ * Pointer initialization fixes in notify_marshall_changes().
+ * BUG 5208: Fix uninitialized variables in vfs_hpuxacl.c (reported
+ by David Leonard <David.Leonard@quest.com>).
+ * Copy the 3.2 version of string_replace to 3.0.
+ * Port SMB_FS_OBJECTID_INFORMATION from 3.2 (Patch by Corinna
+ Vinschen).
+ * Memory leak fixes.
+ * Fix error code propagation from cli_session_setup_kerberos().
+ * BUG 5217: Fix inotify detection.
+ * BUG 5279: Correctly check return of rename().
+ * BUG 5252: Fix confusing error messages in mount.cifs.
+ * BUG 5307: Respect FAMChanged (Thanks to Ricardo Santos).
+ * Work around a handle leak in XP 64 bit.
+
+
+o Guenter Kukkukk <linux@kukkukk.com>
+ * OS/2 returns eclass == ERRDOS && ecode == ERRnofiles for a zero
+ entry directory listing.
+
+
+o Tom Maher <tmaher@watson.org>
+ * BUG 5175: Support krb5 auth in smbcacls.
+
+
+o Hans Mayer <hans.mayer@ages.at>
+ * BUG 5141: Solaris 9 compile fix.
+
+
+o Stefan Metzmacher <metze@samba.org>
+ * Fix default printing system detection in libreplace.
+
+
+o Laurent Pinchart <pinchart@skynet.be>
+ * BUG 5163: Return better error codes when a password cannot be
+ set in and LDAP directory.
+
+
+o Jiri Sasek <Jiri.Sasek@Sun.COM>
+ * BUG 4866: Correct password routine detection on Solaris.
+
+
+o Andreas Schneider <anschneider@suse.de>
+ * Remove trailing slashes on server names when parsing input from
+ smbclient.
+ * Support Windows 2008 domain joins (variant of Todd Stecher's
+ original patch).
+ * Add "administrative share" service parameter for defining hidden
+ administrative shares that cannot be managed from Windows.
+
+
+o Karolin Seeger <kseeger@samba.org>
+ * Use the "ldap user suffix" when enumerating a users group
+ memberships.
+
+
+o Simo Sorce <idra@samba.org>
+ * Don't assume NULL termination when copying the principal name
+ in kerberos_get_default_realm_from_ccache().
+ * Fix winbindd running on a Samba DC (again).
+
+
+o Bo Yang <boyang@novell.com>
+ * Fix bad private_data pointer in winbindd_lookupname_async().
+
+
+
+Release notes for older releases follow:
+
+ --------------------------------------------------
+
==============================
Release Notes for Samba 3.0.28
Dec 10, 2007
when failing to add local groups in create_local_nt_token().
-Release notes for older releases follow:
-
--------------------------------------------------
===============================