+ =============================
+ Release Notes for Samba 4.2.9
+ March 8, 2016
+ =============================
+
+
+This is a security release in order to address the following CVEs:
+
+o CVE-2015-7560 (Incorrect ACL get/set allowed on symlink path)
+o CVE-2016-0771 (Out-of-bounds read in internal DNS server)
+
+=======
+Details
+=======
+
+o CVE-2015-7560:
+ All versions of Samba from 3.2.0 to 4.4.0rc3 inclusive are vulnerable to
+ a malicious client overwriting the ownership of ACLs using symlinks.
+
+ An authenticated malicious client can use SMB1 UNIX extensions to
+ create a symlink to a file or directory, and then use non-UNIX SMB1
+ calls to overwrite the contents of the ACL on the file or directory
+ linked to.
+
+o CVE-2016-0771:
+ All versions of Samba from 4.0.0 to 4.4.0rc3 inclusive, when deployed as
+ an AD DC and choose to run the internal DNS server, are vulnerable to an
+ out-of-bounds read issue during DNS TXT record handling caused by users
+ with permission to modify DNS records.
+
+ A malicious client can upload a specially constructed DNS TXT record,
+ resulting in a remote denial-of-service attack. As long as the affected
+ TXT record remains undisturbed in the Samba database, a targeted DNS
+ query may continue to trigger this exploit.
+
+ While unlikely, the out-of-bounds read may bypass safety checks and
+ allow leakage of memory from the server in the form of a DNS TXT reply.
+
+ By default only authenticated accounts can upload DNS records,
+ as "allow dns updates = secure only" is the default.
+ Any other value would allow anonymous clients to trigger this
+ bug, which is a much higher risk.
+
+
+Changes since 4.2.8:
+--------------------
+
+o Jeremy Allison <jra@samba.org>
+ * BUG 11648: CVE-2015-7560: Getting and setting Windows ACLs on symlinks can
+ change permissions on link target.
+
+o Garming Sam <garming@catalyst.net.nz>
+ * BUGs 11128, 11686: CVE-2016-0771: Read of uninitialized memory DNS TXT
+ handling.
+
+o Stefan Metzmacher <metze@samba.org>
+ * BUGs 11128, 11686: CVE-2016-0771: Read of uninitialized memory DNS TXT
+ handling.
+
+
+#######################################
+Reporting bugs & Development Discussion
+#######################################
+
+Please discuss this release on the samba-technical mailing list or by
+joining the #samba-technical IRC channel on irc.freenode.net.
+
+If you do report problems then please try to send high quality
+feedback. If you don't provide vital information to help us track down
+the problem then you will probably be ignored. All bug reports should
+be filed under the "Samba 4.1 and newer" product in the project's Bugzilla
+database (https://bugzilla.samba.org/).
+
+
+======================================================================
+== Our Code, Our Bugs, Our Responsibility.
+== The Samba Team
+======================================================================
+
+
+Release notes for older releases follow:
+----------------------------------------
+
+ =============================
+ Release Notes for Samba 4.2.8
+ February 2, 2016
+ =============================
+
+
+This is the latest stable release of Samba 4.2.
+
+
+Changes since 4.2.7:
+--------------------
+
+o Michael Adam <obnox@samba.org>
+ * BUG 11647: s3:smbd: Fix a corner case of the symlink verification.
+
+
+o Jeremy Allison <jra@samba.org>
+ * BUG 11624: s3: libsmb: Correctly initialize the list head when keeping a
+ list of primary followed by DFS connections.
+ * BUG 11625: Reduce the memory footprint of empty string options.
+
+
+o Christian Ambach <ambi@samba.org>
+ * BUG 11400: s3:smbd/oplock: Obey kernel oplock setting when releasing
+ oplocks.
+
+
+o Ralph Boehme <slow@samba.org>
+ * BUG 11065: vfs_fruit: Fix renaming directories with open files.
+ * BUG 11347: Fix MacOS finder error 36 when copying folder to Samba.
+ * BUG 11466: Fix copying files with vfs_fruit when using vfs_streams_xattr
+ without stream prefix and type suffix.
+ * BUG 11645: smbd: make "hide dot files" option work with "store dos
+ attributes = yes".
+ * BUG 11684: s3:smbd: Ignore initial allocation size for directory creation.
+
+
+o Günther Deschner <gd@samba.org>
+ * BUG 11639: lib/async_req: Do not install async_connect_send_test.
+
+
+o Karolin Seeger <kseeger@samba.org>
+ * BUG 11641: docs: Fix typos in man vfs_gpfs.
+
+
+o Uri Simchoni <uri@samba.org>
+ * BUG 11682: smbcacls: Fix uninitialized variable.
+
+
+#######################################
+Reporting bugs & Development Discussion
+#######################################
+
+Please discuss this release on the samba-technical mailing list or by
+joining the #samba-technical IRC channel on irc.freenode.net.
+
+If you do report problems then please try to send high quality
+feedback. If you don't provide vital information to help us track down
+the problem then you will probably be ignored. All bug reports should
+be filed under the "Samba 4.1 and newer" product in the project's Bugzilla
+database (https://bugzilla.samba.org/).
+
+
+======================================================================
+== Our Code, Our Bugs, Our Responsibility.
+== The Samba Team
+======================================================================
+
+
+----------------------------------------------------------------------
+
+
+ =============================
+ Release Notes for Samba 4.2.7
+ December 16, 2015
+ =============================
+
+
+This is a security release in order to address the following CVEs:
+
+o CVE-2015-3223 (Denial of service in Samba Active Directory
+ server)
+o CVE-2015-5252 (Insufficient symlink verification in smbd)
+o CVE-2015-5299 (Missing access control check in shadow copy
+ code)
+o CVE-2015-5296 (Samba client requesting encryption vulnerable
+ to downgrade attack)
+o CVE-2015-8467 (Denial of service attack against Windows
+ Active Directory server)
+o CVE-2015-5330 (Remote memory read in Samba LDAP server)
+
+Please note that if building against a system libldb, the required
+version has been bumped to ldb-1.1.24. This is needed to ensure
+we build against a system ldb library that contains the fixes
+for CVE-2015-5330 and CVE-2015-3223.
+
+=======
+Details
+=======
+
+o CVE-2015-3223:
+ All versions of Samba from 4.0.0 to 4.3.2 inclusive (resp. all
+ ldb versions up to 1.1.23 inclusive) are vulnerable to
+ a denial of service attack in the samba daemon LDAP server.
+
+ A malicious client can send packets that cause the LDAP server in the
+ samba daemon process to become unresponsive, preventing the server
+ from servicing any other requests.
+
+ This flaw is not exploitable beyond causing the code to loop expending
+ CPU resources.
+
+o CVE-2015-5252:
+ All versions of Samba from 3.0.0 to 4.3.2 inclusive are vulnerable to
+ a bug in symlink verification, which under certain circumstances could
+ allow client access to files outside the exported share path.
+
+ If a Samba share is configured with a path that shares a common path
+ prefix with another directory on the file system, the smbd daemon may
+ allow the client to follow a symlink pointing to a file or directory
+ in that other directory, even if the share parameter "wide links" is
+ set to "no" (the default).
+
+o CVE-2015-5299:
+ All versions of Samba from 3.2.0 to 4.3.2 inclusive are vulnerable to
+ a missing access control check in the vfs_shadow_copy2 module. When
+ looking for the shadow copy directory under the share path the current
+ accessing user should have DIRECTORY_LIST access rights in order to
+ view the current snapshots.
+
+ This was not being checked in the affected versions of Samba.
+
+o CVE-2015-5296:
+ Versions of Samba from 3.2.0 to 4.3.2 inclusive do not ensure that
+ signing is negotiated when creating an encrypted client connection to
+ a server.
+
+ Without this a man-in-the-middle attack could downgrade the connection
+ and connect using the supplied credentials as an unsigned, unencrypted
+ connection.
+
+o CVE-2015-8467:
+ Samba, operating as an AD DC, is sometimes operated in a domain with a
+ mix of Samba and Windows Active Directory Domain Controllers.
+
+ All versions of Samba from 4.0.0 to 4.3.2 inclusive, when deployed as
+ an AD DC in the same domain with Windows DCs, could be used to
+ override the protection against the MS15-096 / CVE-2015-2535 security
+ issue in Windows.
+
+ Prior to MS16-096 it was possible to bypass the quota of machine
+ accounts a non-administrative user could create. Pure Samba domains
+ are not impacted, as Samba does not implement the
+ SeMachineAccountPrivilege functionality to allow non-administrator
+ users to create new computer objects.
+
+o CVE-2015-5330:
+ All versions of Samba from 4.0.0 to 4.3.2 inclusive (resp. all
+ ldb versions up to 1.1.23 inclusive) are vulnerable to
+ a remote memory read attack in the samba daemon LDAP server.
+
+ A malicious client can send packets that cause the LDAP server in the
+ samba daemon process to return heap memory beyond the length of the
+ requested value.
+
+ This memory may contain data that the client should not be allowed to
+ see, allowing compromise of the server.
+
+ The memory may either be returned to the client in an error string, or
+ stored in the database by a suitabily privileged user. If untrusted
+ users can create objects in your database, please confirm that all DN
+ and name attributes are reasonable.
+
+
+Changes since 4.2.6:
+--------------------
+
+o Andrew Bartlett <abartlet@samba.org>
+ * BUG 11552: CVE-2015-8467: samdb: Match MS15-096 behaviour for
+ userAccountControl.
+
+o Jeremy Allison <jra@samba.org>
+ * BUG 11325: CVE-2015-3223: Fix LDAP \00 search expression attack DoS.
+ * BUG 11395: CVE-2015-5252: Fix insufficient symlink verification (file
+ access outside the share).
+ * BUG 11529: CVE-2015-5299: s3-shadow-copy2: Fix missing access check on
+ snapdir.
+
+o Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
+ * BUG 11599: CVE-2015-5330: Fix remote read memory exploit in LDB.
+
+o Stefan Metzmacher <metze@samba.org>
+ * BUG 11536: CVE-2015-5296: Add man in the middle protection when forcing
+ smb encryption on the client side.
+
+
+#######################################
+Reporting bugs & Development Discussion
+#######################################
+
+Please discuss this release on the samba-technical mailing list or by
+joining the #samba-technical IRC channel on irc.freenode.net.
+
+If you do report problems then please try to send high quality
+feedback. If you don't provide vital information to help us track down
+the problem then you will probably be ignored. All bug reports should
+be filed under the "Samba 4.1 and newer" product in the project's Bugzilla
+database (https://bugzilla.samba.org/).
+
+
+======================================================================
+== Our Code, Our Bugs, Our Responsibility.
+== The Samba Team
+======================================================================
+
+
+----------------------------------------------------------------------
+
+
+ =============================
+ Release Notes for Samba 4.2.6
+ December 08, 2015
+ =============================
+
+
+This is the latest stable release of Samba 4.2.
+
+
+Changes since 4.2.5:
+--------------------
+
+o Michael Adam <obnox@samba.org>
+ * BUG 11365: ctdb: Strip trailing spaces from nodes file.
+ * BUG 11577: ctdb: Open the RO tracking db with perms 0600 instead of 0000.
+ * BUG 11619: doc: Fix a typo in the smb.conf manpage.
+
+
+o Jeremy Allison <jra@samba.org>
+ * BUG 11452: s3-smbd: Fix old DOS client doing wildcard delete - gives a
+ attribute type of zero.
+ * BUG 11565: auth: gensec: Fix a memory leak.
+ * BUG 11566: lib: util: Make non-critical message a warning.
+ * BUG 11589: s3: smbd: If EA's are turned off on a share don't allow an SMB2
+ create containing them.
+ * BUG 11615: s3: smbd: have_file_open_below() fails to enumerate open files
+ below an open directory handle.
+
+
+o Ralph Boehme <slow@samba.org>
+ * BUG 11564: async_req: Fix non-blocking connect().
+
+
+o Volker Lendecke <vl@samba.org>
+ * BUG 11243: vfs_gpfs: Re-enable share modes.
+ * BUG 11570: smbd: Send SMB2 oplock breaks unencrypted.
+
+
+o YvanM <yvan.masson@openmailbox.org>
+ * BUG 11584: manpage: Correct small typo error.
+
+
+o Marc Muehlfeld <mmuehlfeld@samba.org>
+ * BUG 9912: Changing log level of two entries to from 1 to 3.
+
+
+o Andreas Schneider <asn@samba.org>
+ * BUG 11346: wafsamba: Also build libraries with RELRO protection.
+ * BUG 11563: nss_wins: Do not run into use after free issues when we access
+ memory allocated on the globals and the global being reinitialized.
+
+
+o Karolin Seeger <kseeger@samba.org>
+ * BUG 11619: docs: Fix some typos in the idmap config section of man 5
+ smb.conf.
+
+
+o Noel Power <noel.power@suse.com>
+ * BUG 11569: Fix winbindd crashes with samlogon for trusted domain user.
+ * BUG 11597: Backport some valgrind fixes from upstream master.
+
+
+#######################################
+Reporting bugs & Development Discussion
+#######################################
+
+Please discuss this release on the samba-technical mailing list or by
+joining the #samba-technical IRC channel on irc.freenode.net.
+
+If you do report problems then please try to send high quality
+feedback. If you don't provide vital information to help us track down
+the problem then you will probably be ignored. All bug reports should
+be filed under the Samba 4.2 product in the project's Bugzilla
+database (https://bugzilla.samba.org/).
+
+
+======================================================================
+== Our Code, Our Bugs, Our Responsibility.
+== The Samba Team
+======================================================================
+
+
+----------------------------------------------------------------------
+
+
+ =============================
+ Release Notes for Samba 4.2.5
+ October 27, 2015
+ =============================
+
+
+This is the latest stable release of Samba 4.2.
+
+
+Changes since 4.2.4:
+--------------------
+
+o Jeremy Allison <jra@samba.org>
+ * BUG 10252: s3: smbd: Fix our access-based enumeration on "hide unreadable"
+ to match Windows.
+ * BUG 10634: smbd: Fix file name buflen and padding in notify repsonse.
+ * BUG 11486: s3: smbd: Fix mkdir race condition.
+ * BUG 11522: s3: smbd: Fix opening/creating :stream files on the root share
+ directory.
+ * BUG 11535: s3: smbd: Fix NULL pointer bug introduced by previous 'raw'
+ stream fix (bug #11522).
+ * BUG 11555: s3: lsa: lookup_name() logic for unqualified (no DOMAIN\
+ component) names is incorrect.
+
+
+o Ralph Boehme <slow@samba.org>
+ * BUG 11535: s3: smbd: Fix a crash in unix_convert().
+ * BUG 11543: vfs_fruit: Return value of ad_pack in vfs_fruit.c.
+ * BUG 11549: Fix bug in smbstatus where the lease info is not printed.
+ * BUG 11550: s3:smbstatus: Add stream name to share_entry_forall().
+ * BUG 11555: s3:lib: validate domain name in lookup_wellknown_name().
+
+
+o Günther Deschner <gd@samba.org>
+ * BUG 11038: kerberos: Make sure we only use prompter type when available.
+
+
+o Björn Jacke <bj@sernet.de>
+ * BUG 10365: nss_winbind: Fix hang on Solaris on big groups.
+ * BUG 11355: build: Use as-needed linker flag also on OpenBSD.
+
+
+o Volker Lendecke <vl@samba.org>
+ * BUG 11038: winbind: Fix 100% loop.
+ * BUG 11381: Fix a deadlock in tdb.
+
+
+o Stefan Metzmacher <metze@samba.org>
+ * BUG 11316: s3:ctdbd_conn: Make sure we destroy tevent_fd before closing
+ the socket.
+ * BUG 11327: dcerpc.idl: accept invalid dcerpc_bind_nak pdus.
+
+
+o Har Gagan Sahai <SHarGagan@novell.com>
+ * BUG 11509: s3: dfs: Fix a crash when the dfs targets are disabled.
+
+
+o Andreas Schneider <asn@samba.org>
+ * BUG 11502: pam_winbind: Fix a segfault if initialization fails.
+
+
+o Uri Simchoni <uri@samba.org>
+ * BUG 11528: net: Fix a crash with 'net ads keytab create'.
+ * BUG 11547: vfs_commit: Set the fd on open before calling SMB_VFS_FSTAT.
+
+
+#######################################
+Reporting bugs & Development Discussion
+#######################################
+
+Please discuss this release on the samba-technical mailing list or by
+joining the #samba-technical IRC channel on irc.freenode.net.
+
+If you do report problems then please try to send high quality
+feedback. If you don't provide vital information to help us track down
+the problem then you will probably be ignored. All bug reports should
+be filed under the Samba 4.2 product in the project's Bugzilla
+database (https://bugzilla.samba.org/).
+
+
+======================================================================
+== Our Code, Our Bugs, Our Responsibility.
+== The Samba Team
+======================================================================
+
+
+----------------------------------------------------------------------
+
+
+ =============================
+ Release Notes for Samba 4.2.4
+ September 8, 2015
+ =============================
+
+
+This is the latest stable release of Samba 4.2.
+
+
+Changes since 4.2.3:
+--------------------
+
+o Michael Adam <obnox@samba.org>
+ * BUG 11372: smbd: Fix SMB3 functionality of "smb encrypt".
+
+
+o Jeremy Allison <jra@samba.org>
+ * BUG 11359: lib: replace: Add strsep function (missing on Solaris).
+
+
+o Ralph Boehme <slow@samba.org>
+ * BUG 11278: Fix stream names with colon with "fruit:encoding = native".
+ * BUG 11317: vfs:fruit: Implement copyfile style copy_chunk.
+ * BUG 11426: s3-net: Use talloc array in share allowedusers.
+ * BUG 11467: vfs_fruit: Handling of empty resource fork.
+
+
+o Alexander Bokovoy <ab@samba.org>
+ * BUG 11265: auth/credentials: If credentials have principal set, they are
+ not anonymous anymore.
+
+
+o Günther Deschner <gd@samba.org>
+ * BUG 11373: s3-smbd: Reset protocol in smbXsrv_connection_init_tables
+ failure paths.
+
+
+o Amitay Isaacs <amitay@gmail.com>
+ * BUG 11398: ctdb-daemon: Return correct sequence number for
+ CONTROL_GET_DB_SEQNUM.
+ * BUG 11431: ctdb-daemon: Improve error handling for running event scripts.
+
+
+o Volker Lendecke <vl@samba.org>
+ * BUG 11316: lib: Fix rundown of open_socket_out().
+ * BUG 11488: Avoid quoting problems in user's DNs.
+
+
+o Justin Maggard <jmaggard@netgear.com>
+ * BUG 11320: s3-passdb: Respect LOOKUP_NAME_GROUP flag in sid lookup.
+
+
+o Roel van Meer <roel@1afa.com>
+ * BUG 11427: s3-util: Compare the maximum allowed length of a NetBIOS name.
+
+
+o Stefan Metzmacher <metze@samba.org>
+ * BUG 11316: s3:lib: Fix some corner cases of open_socket_out_cleanup().
+ * BUG 11454: Backport dcesrv_netr_DsRGetDCNameEx2 fixes.
+
+
+o Anubhav Rakshit <anubhav.rakshit@gmail.com>
+ * BUG 11361: s3:libsmb: Fix a bug in conversion of ea list to ea array.
+
+
+o Arvid Requate <requate@univention.de>
+ * BUG 11291: s4:rpc_server/netlogon: Fix for NetApp.
+
+
+o Andreas Schneider <asn@samba.org>
+ * BUG 9862: s3-auth: Fix "map to guest = Bad uid".
+ * BUG 11403: s3-smbd: Leave sys_disk_free() if dfree command is used.
+ * BUG 11404: s3-auth: Fix a possible null pointer dereference.
+
+
+o Martin Schwenke <martin@meltin.net>
+ * BUG 11399: ctdb-scripts: Support monitoring of interestingly named VLANs
+ on bonds.
+ * BUG 11432: ctdb-daemon: Check if updates are in flight when releasing all
+ IPs.
+ * BUG 11435: ctdb-build: Fix building of PCP PMDA module.
+
+
+o Wei Zhong <wweyeww@gmail.com>
+ * BUG 10823: s3: winbindd: Fix TALLOC_FREE of uninitialized groups variable.
+
+
+#######################################
+Reporting bugs & Development Discussion
+#######################################
+
+Please discuss this release on the samba-technical mailing list or by
+joining the #samba-technical IRC channel on irc.freenode.net.
+
+If you do report problems then please try to send high quality
+feedback. If you don't provide vital information to help us track down
+the problem then you will probably be ignored. All bug reports should
+be filed under the Samba 4.2 product in the project's Bugzilla
+database (https://bugzilla.samba.org/).
+
+
+======================================================================
+== Our Code, Our Bugs, Our Responsibility.
+== The Samba Team
+======================================================================
+
+
+----------------------------------------------------------------------
+
+
+ =============================
+ Release Notes for Samba 4.2.3
+ July 14, 2015
+ =============================
+
+
+This is the latest stable release of Samba 4.2.
+
+
+Changes since 4.2.2:
+--------------------
+
+o Michael Adam <obnox@samba.org>
+ * BUG 11366: docs: Overhaul the description of "smb encrypt" to include SMB3
+ encryption.
+
+
+o Jeremy Allison <jra@samba.org>
+ * BUG 11068: s3: lib: util: Ensure we read a hex number as %x, not %u.
+ * BUG 11295: Excessive cli_resolve_path() usage can slow down transmission.
+ * BUG 11328: winbindd: winbindd_raw_kerberos_login - ensure logon_info
+ exists in PAC.
+ * BUG 11339: s3: smbd: Use separate flag to track
+ become_root()/unbecome_root() state.
+ * BUG 11342: s3: smbd: Codenomicon crash in do_smb_load_module().
+
+
+o Christian Ambach <ambi@samba.org>
+ * BUG 11170: s3:param/loadparm: Fix 'testparm --show-all-parameters'.
+
+
+o Andrew Bartlett <abartlet@samba.org>
+ * BUG 10991: winbindd: Sync secrets.ldb into secrets.tdb on startup.
+
+
+o Ralph Boehme <slow@samba.org>
+ * BUG 11277: s3:smb2: Add padding to last command in compound requests.
+ * BUG 11305: vfs_fruit: Add option "veto_appledouble".
+ * BUG 11323: smbd/trans2: Add a useful diagnostic for files with bad
+ encoding.
+ * BUG 11363: vfs_fruit: Check offset and length for AFP_AfpInfo read
+ requests.
+ * BUG 11371: ncacn_http: Fix GNUism.
+
+
+o Günther Deschner <gd@samba.org>
+ * BUG 11245: s3-rpc_server: Fix rpc_create_tcpip_sockets() processing of
+ interfaces.
+
+
+o Alexander Drozdov <al.drozdov@gmail.com>
+ * BUG 11331: tdb: version 1.3.5: ABI change: tdb_chainlock_read_nonblock()
+ has been added.
+
+
+o Evangelos Foutras <evangelos@foutrelis.com>
+ * BUG 8780: s4:lib/tls: Fix build with gnutls 3.4.
+
+
+o David Holder <david.holder@erion.co.uk>
+ * BUG 11281: Add IPv6 support to ADS client side LDAP connects.
+ * BUG 11282: Add IPv6 support for determining FQDN during ADS join.
+ * BUG 11283: s3: IPv6 enabled DNS connections for ADS client.
+
+
+o Steve Howells <steve.howells@moscowfirst.com>
+ * BUG 10924: s4.2/fsmo.py: Fixed fsmo transfer exception.
+
+
+o Amitay Isaacs <amitay@gmail.com>
+ * BUG 11293: Fix invalid write in ctdb_lock_context_destructor.
+
+
+o Volker Lendecke <vl@samba.org>
+ * BUG 11218: smbd: Fix a use-after-free.
+ * BUG 11312: tstream: Make socketpair nonblocking.
+ * BUG 11330: tevent: Fix CID 1035381 Unchecked return value.
+ * BUG 11331: tdb: Fix CID 1034842 and 1034841 Resource leaks.
+
+
+o Stefan Metzmacher <metze@samba.org>
+ * BUG 11061: Logon via MS Remote Desktop hangs.
+ * BUG 11141: tevent: Add a note to tevent_add_fd().
+ * BUG 11293: Fix invalid write in ctdb_lock_context_destructor.
+ * BUG 11316: tevent_fd needs to be destroyed before closing the fd.
+ * BUG 11319: Build fails on Solaris 11 with "‘PTHREAD_MUTEX_ROBUST’
+ undeclared".
+ * BUG 11326: Robust mutex support broken in 1.3.5.
+ * BUG 11329: s3:smb2_setinfo: Fix memory leak in the defer_rename case.
+ * BUG 11330: Backport tevent-0.9.25.
+ * BUG 11331: Backport tdb-1.3.6.
+ * BUG 11367: s3:auth_domain: Fix talloc problem in
+ connect_to_domain_password_server().
+
+
+o Marc Muehlfeld <mmuehlfeld@samba.org>
+ * BUG 11315: Group creation: Add msSFU30Name only when --nis-domain was
+ given.
+
+o Matthieu Patou <mat@matws.net>
+ * BUG 11356: pidl: Make the compilation of PIDL producing the same results
+ if the content hasn't change.
+
+
+o Noel Power <noel.power@suse.com>
+ * BUG 11328: Kerberos auth info3 should contain resource group ids available
+ from pac_logon.
+
+
+o Gordon Ross <gordon.w.ross@gmail.com>
+ * BUG 11330: lib: tevent: Fix compile error in Solaris ports backend.
+
+
+o Christof Schmitt <cs@samba.org>
+ * BUG 11313: idmap_rfc2307: Fix wbinfo '--gid-to-sid' query.
+ * BUG 11324: Change sharesec output back to previous format.
+
+
+o Uri Simchoni <urisimchoni@gmail.com>
+ * BUG 11358: winbindd: Disconnect child process if request is cancelled at
+ main process.
+
+
+o Petr Viktorin <pviktori@redhat.com>
+ * BUG 11330: Backport tevent-0.9.25.
+
+
+o Youzhong Yang <yyang@mathworks.com>
+ * BUG 11217: s3-unix_msg: Remove socket file after closing socket fd.
+
+
+#######################################
+Reporting bugs & Development Discussion
+#######################################
+
+Please discuss this release on the samba-technical mailing list or by
+joining the #samba-technical IRC channel on irc.freenode.net.
+
+If you do report problems then please try to send high quality
+feedback. If you don't provide vital information to help us track down
+the problem then you will probably be ignored. All bug reports should
+be filed under the Samba 4.2 product in the project's Bugzilla
+database (https://bugzilla.samba.org/).
+
+
+======================================================================
+== Our Code, Our Bugs, Our Responsibility.
+== The Samba Team
+======================================================================
+
+
+----------------------------------------------------------------------
+
+
=============================
Release Notes for Samba 4.2.2
May 27, 2015
======================================================================
-Release notes for older releases follow:
-----------------------------------------
+----------------------------------------------------------------------
-======================================================================
=============================
Release Notes for Samba 4.2.1