+ ==============================
+ Release Notes for Samba 3.0.34
+ January, 20 2009
+ ==============================
+
+
+This is a bug fix release of the Samba 3.0 series.
+
+Major enhancements included in Samba 3.0.34 are:
+
+ o Fix update of machine account passwords.
+ o Fix SMB signing issue on Windows Vista with MS Hotfix KB955302.
+ o Fix Winbind crashes.
+ o Correctly detect if the current dc is the closest one.
+ o Add saf_join_store() function to memorize the dc used at join time.
+ This avoids problems caused by replication delays shortly after domain
+ joins.
+ o Fix write list in setups using "security = share".
+
+
+######################################################################
+Changes
+#######
+
+Changes since 3.0.33
+--------------------
+
+
+o Michael Adam <obnox@samba.org>
+ * Fix linking cifs.upcall when nscd_flush_cache() is found.
+ * Fix smbd hanging on Solaris when winbindd closes socket.
+ * Use the reconnect methods instead of the rpc methods directly.
+
+
+o Jeremy Allison <jra@samba.org>
+ * BUG 1254: Fix write list in setups using "security = share".
+ * BUG 5052: Not work cancel inheritance on share.
+ * BUG 5729: Explicitly allow "-valid" parameter.
+ * BUG 5737: Fix Winbind crash in an unusual failure mode.
+ * BUG 5750: Fix SMB signing issue on Windows Vista with MS Hotfix KB955302.
+ * BUG 5751: Backport to fix showing of ACLson DFS with smbclient.
+ * BUG 5790: Fix returning STATUS_OBJECT_NAME_NOT_FOUND on set file
+ disposition call.
+ * BUG 5814: Fix core dump of Winbind while doing "rescan_trusted_domain".
+ * BUG 5873: Fix ACL inheritance.
+ * BUG 5914: Fix build failure (redefinition of struct name_list).
+ * BUG 5937: Fix filenames with "*" char hiding other files.
+ * BUG 6019: File corruption in Clustered SMB/NFS environment
+ managed via CTDB.
+ * BUG 6035: Fix possible race between fcntl F_SETLKW and alarm delivery.
+ * Remove unecessary msync.
+ * Rename cifs.spnego to cifs.upcall.
+ * Fix segfault when execution cifs.upcall without any arguments.
+ * Ensure we emit the notify message before renaming the open files.
+ * Fix use of DLIST_REMOVE.
+ * Cope with bad trans2mkdir requests from System in QNTC IBM SMB client.
+ * Fix memory leak in error path.
+ * Fix logic bug introduced in backport of ccache_regain_all_now.
+
+
+o Kai Blin <kai@samba.org>
+ * Reformat the WBFLAGS defines to prepare for adding a new flag.
+ * Put huge NTLMv2 blobs into extra_data on CRAP auth.
+
+
+o Günther Deschner <gd@samba.org>
+ * BUG 5710: Fix update of machine account passwords.
+ * Define NET_SRVPWSET2 call.
+ * Net should just use machine account creds when changing passwords.
+ * Fix net_io_q_srv_pwset2.
+
+
+o Carsten Dumke <carsten@cdumke.de>
+ * BUG 5892: Fix documentation of net rap printq info.
+
+
+o Dina Fine <dina@exanet.com>
+ * BUG 5908: Fix failing of internal change notify on share directory.
+
+
+o Steve French <stevef@smf-t60p.smfdom>
+ * Fix compile warning in cifs.upcall.
+ * Fix cifs.upcall manpage and comments.
+
+
+o Jeff Layton <jlayton@redhat.com>
+ * Build cifs.upcall by default on Linux.
+ * Fix negatively instantiate keys on error in cifs.upcall.
+ * Handle handle MSKRB5 OID properly in cifs.upcall.
+ * Bump SPNEGO msg version number and don't reject old versions in
+ cifs.upcall.
+ * Fix several problems when mounting subdirectories of shares in
+ mount.cifs.
+ * Don't prompt for password on krb5 mounts in mount.cifs.
+ * Have uppercase_string return success on NULL pointer in mount.cifs.
+ * Make return codes match the return codes for /bin/mount in mount.cifs.
+ * Use lock/unlock_mtab scheme from util-linux-ng mount prog.
+
+
+o Volker Lendecke <vl@samba.org>
+ * BUG 5965: Fix creation of the first share using SWAT.
+ * Fix bug triggered by the RAW-SAMBA3OPLOCKLOGOFF test.
+
+
+o David Leonard <David.Leonard@quest.com>
+ * BUG 4516: No IPv6 on Solaris 2.6.
+
+
+o Igor Mammedov <niallain@gmail.com>
+ * Add support for cifs.spnego helper into configure and Makefile.in.
+ * Add checks for spnego prereq keyutils.h and kerberos in configure.in.
+ * Add helper source for handling cifs kernel module upcall for kerberos
+ authorization.
+ * Add -c option to set service prefix to "cifs" in service principal by
+ default service prefix "host" is used.
+ * Add support for cifs.resolver upcall.
+
+
+o Stefan Metzmacher <metze@samba.org>
+ * Correctly detect if the current dc is the closest one.
+ * For CLDAP we need to use get_sorted_dc_list() to avoid recursion.
+ * Add fallback to return all dcs, when none is available in the requested
+ site.
+ * Add saf_join_store() function to memorize the dc used at join time.
+ * Return an error instead of crashing when no realm is given.
+ * Handle the SMB signing states the same in the krb5 and ntlmssp cases.
+
+
+o Andreas Schneider <mail@cynapses.org>
+ * Delete the krb5 ccname variable from the PAM environment if set.
+ * Fix the build of pam_winbind.
+ * Fix circular dependency error with autoconf 2.6.3.
+
+
+o Simo Sorce <idra@samba.org>
+ * Fix an ifdef check.
+ * Fix warning.
+
+
+o Yasuma Takeda <yasuma@osstech.co.jp>
+ * BUG 5909: Fix MS-DFS links inlcuding multibyte characters on Vista.
+
+
+o Andrew Tridgell <tridge@samba.org>
+ * Avoid a race condition in glibc between AIO and setresuid().
+ * Become root for AIO operations.
+
+
+o Bo Yang <boyang@novell.com>
+ * Don't set child->requests to NULL in parent after fork.
+ * Backport of the clean event context after fork and krb5
+ refresh chain fixes.
+ * Fix null pointer refrence in event context in backport from v3-3-test.
+
+
+o Qiao Yang <geoyang@ironport.com>
+ * Fix a memleak.
+
+
+######################################################################
+Reporting bugs & Development Discussion
+#######################################
+
+Please discuss this release on the samba-technical mailing list or by
+joining the #samba-technical IRC channel on irc.freenode.net.
+
+If you do report problems then please try to send high quality
+feedback. If you don't provide vital information to help us track down
+the problem then you will probably be ignored. All bug reports should
+be filed under the Samba 3.0 product in the project's Bugzilla
+database (https://bugzilla.samba.org/).
+
+
+======================================================================
+== Our Code, Our Bugs, Our Responsibility.
+== The Samba Team
+======================================================================
+
+
+Release notes for older releases follow:
+ --------------------------------------------------
+ ==============================
+ Release Notes for Samba 3.0.33
+ November, 27 2008
+ ==============================
+
+
+This is a security release in order to address CVE-2008-4314 ("Potential leak of
+arbitrary memory contents").
+
+ o CVE-2008-4314
+ Samba 3.0.29 to 3.2.4 can potentially leak
+ arbitrary memory contents to malicious
+ clients.
+
+The original security announcement for this and past advisories can
+be found http://www.samba.org/samba/security/
+
+######################################################################
+Changes
+#######
+
+Changes since 3.0.32
+--------------------
+
+
+o Volker Lendecke <vl@samba.org>
+ * Fix for CVE-2008-4314.
+
+
+ --------------------------------------------------
+ ===============================
+ Release Notes for Samba 3.0.32
+ Aug 25, 2008
+ ===============================
+
+This is a bug fix release of the Samba 3.0 production series
+and is the version that servers should be run for all current
+Samba 3.0 bug fixes.
+
+User visible bug fixes in this release include:
+
+ o Prevent crash bug in Winbind caused by a race condition
+ when a child process becomes unresponsive.
+ o Fix interactive password prompting in the "net" command.
+ o Documentation clarifications and typographical fixes.
+
+
+######################################################################
+Changes
+#######
+
+Changes since 3.0.31
+--------------------
+
+o Michael Adam <obnox@samba.org>
+ * Docs fix for "password server" parameter.
+ * Fix IPC connections with interactive password prompt.
+
+
+o Jeremy Allison <jra@samba.org>
+ * BUG 5697: nmbd spins in reload_interfaces when only loopback
+ exists.
+ * Don't re-initialize a token when we already have one.
+
+
+o Gerald (Jerry) Carter <jerry@samba.org>
+ * When returning NSS_UNAVAIL from libnss_winbind, squash errno
+ to ENOENT.
+
+
+o Volker Lendecke <vl@samba.org>
+ * Fix a race condition in winbind leading to a crash.
+
+
+o Jim McDonough <jmcd@samba.org>
+ * Correct interaction between Winbind log files and the
+ "log file" smb.conf parameter upon a reload.
+
+
+o Karolin Seeger <kseeger@samba.org>
+ * Fix scope description of the "printcap name" parameter in
+ smb.conf(5).
+ * Fix typos in smbclient man page.
+
+
+o Bo Yang <boyang@novell.com>
+ * Allow %u parameters for print job username.
+
+
+o Christoph Zauner <christoph.zauner@sernet.de>
+ * Corrections to various man pages.
+
+
+ --------------------------------------------------
+ ===============================
+ Release Notes for Samba 3.0.31
+ July 10, 2008
+ ===============================
+
+This is a bug fix release of the Samba 3.0 production series
+and is the version that servers should be run for all current
+Samba 3.0 bug fixes.
+
+User visible bug fixes in this release include:
+
+ o Correct issues with running Winbind running on a Samba PDC.
+ o Problems with trusted Windows 2008 domains.
+ o Difficulty joining an NT4 or Windows 2000 AD domain.
+
+
+######################################################################
+Changes
+#######
+
+Changes since 3.0.30
+--------------------
+
+o Jeremy Allison <jra@samba.org>
+ * BUG 5504: Fix SIGTERM handling in Winbind children so that they
+ do not remove the unix domain socket used to field client requests.
+ * Split the winbindd_passdb backend into a 'builtin' and a 'sam'
+ backend.
+ * When allocating client buffers for large read/write - make sure we
+ take account of the large read/write SMB headers as well as the buffer
+ space.
+ * Memory leak fixes in DC location code.
+ * BUG 5533: Winbindd fails to cope correctly with a workgroup name
+ containing a '.'
+ * BUG 5555: Don't return NT_STATUS_PASSWORD_MUST_CHANGE error on machine
+ account logon.
+ * BUG 5551: smbd recursing back into winbindd from a winbindd call.
+ * Fix usage message for "net rpc trustdom add".
+ * Ensure consistent use of pdb_get_nt_passwd instead of pdb_get_lanman_passwd.
+ * BUG 5578: Bad (non-Samba) use of strlcat gives error.
+ * Canonicalize servername in the printer functions to remove leading '\\'
+ characters.
+
+
+o Alexander Bokovoy <ab@samba.org>
+ * Documentation build fixes.
+ * [DOCS] Fix use of smbconfoption in samba.entities.
+
+
+o Gerald (Jerry) Carter <jerry@samba.org>
+ * Return NULL in sitename_fetch() if gencache_init() fails.
+
+
+o Steven Danneman <steven.danneman@isilon.com>
+ * Use machine account and machine password from our domain when
+ contacting trusted domains.
+ * SPNEGO SPN fix when contacting trusted domains.
+
+
+o Guenther Deschner <gd@samba.org>
+ * BUG 5285: Fix libcap header mismatch.
+ * Fix joining NT4 domains.
+ * Don't let winbind getgroups crash when we have no gids in the
+ token.
+ * Fallback to level 24 pwd set while joining.
+ * Fix joining w2k domains in "security = ads".
+ * Fix pam_sm_chauthtok for storing modified cached creds.
+
+
+o SATOH Fumiyasu <fumiyas@osstech.co.jp>
+ * BUG 5202: Re-activate "acl group control" parameter and make it
+ only apply to owning group.
+
+
+o <hkurma@datadomain.com>
+ * BUG 5531: Fix conversion of ns units when converting from
+ nttime to timespec.
+
+
+o Volker Lendecke <vl@samba.org>
+ * BUG 4974: Map NT_STATUS_OBJECT_PATH_NOT_FOUND to ENOENT in libsmbclient.
+ * Fix a segfault in base64_encode_data_blob.
+
+
+o William Jojo <jojowil@hvcc.edu>
+ * AIX build fixes.
+
+
+o Herb Lewis <herb@samba.org>
+ * ENODATA is not defined in freeBSD 4.6.2.
+
+
+o Jim McDonough <jmcd@samba.org>
+ * Don't reset password last set time just because the expired flag
+ is set to 0.
+
+
+o Karolin Seeger <kseeger@samba.org>
+ * Fix usage message for 'net idmap dump'.
+ * Miscellaneous man page fixes.
+ * BUG 4203: Samba3-HOWTO: Add improvements/fixes submitted by Pete Boyd.
+
+
+o John H Terpstra <jht@samba.org>
+ * Fixes to man pages.
+ * Add tdb file documentation.
+
+
+o Bo Yang <boyang@novell.com>
+ * Ensure that winbindd trusted domain children keep primary domain online
+ status up to date.
+ * Update cached creds during password change.
+ * Ensure that Winbind always uses set_domain_offline() to mark a domain
+ offline.
+ * Allow authentication and memory credential refresh after password change
+ from gdm/xdm.
+
+
+o Chere Zhou <czhou@isilon.com>
+ * Memory leak fixes.
+
+
+ --------------------------------------------------
+ ===============================
+ Release Notes for Samba 3.0.30
+ May 28, 2008
+ ===============================
+
+This is a security release in order to address CVE-2008-1105 ("Boundary
+failure when parsing SMB responses can result in a buffer overrun").
+
+ o CVE-2008-1105
+ Specifically crafted SMB responses can result in a heap overflow
+ in the Samba client code. Because the server process, smbd, can
+ itself act as a client during operations such as printer notification
+ and domain authentication, this issue affects both Samba client
+ and server installations.
+
+The original security announcement for this and past advisories can
+be found http://www.samba.org/samba/security/
+
+
+######################################################################
+Changes
+#######
+
+Changes since 3.0.29
+--------------------
+
+o Jeremy Allison <jra@samba.org>
+ * Fix for CVE-2008-1105.
+
+
+o Karolin Seeger <kseeger@samba.org>
+ * Remove man pages for ldb tools not included in Samba 3.0.
+
+ --------------------------------------------------
+
+ ===============================
+ Release Notes for Samba 3.0.29
+ May 20, 2008
+ ===============================
+
+Major bug fixes included in Samba 3.0.29 are:
+
+ o Problems following domain trusts on a Samba DC.
+ o SMB Signing errors.
+ o Interoperability issues with Windows 2008 domains.
+
+
+######################################################################
+Changes
+#######
+
+Changes since 3.0.28a
+---------------------
+
+o Michael Adam <obnox@samba.org>
+ * Fix build for pam_smbpass.
+ * Fix a crash in tdb_wrap_log().
+
+
+o Jeremy Allison <jra@samba.org>
+ * BUG 5267: Fix for nmbd termination problems when no interfaces
+ found.
+ * BUG 5326: OS/2 servers give strange "high word" replies for
+ print jobs.
+ * Remove MS-DFS check that required the target host be ourself.
+ * BUG 5372: Fix high CPU usage of cupsd on large print servers
+ by using more efficient CUPS queries in smbd.
+ * Rewrite integer wrap checks to deal with gcc 4.x optimizations.
+ * BUG 5095: Fix the enforcement of the "Manage Documents" access right.
+ * Don't free memory from getpass() in mount.cifs.
+ * BUG 5460: Fix MS-DFS referral problem in server code.
+ * Fix bug in Winbind that caused the parent to ignore dead children.
+ * Fix compile warnings.
+
+
+o Alexander Bokovoy <ab@samba.org>
+ * Fix build for pam_smbpass.
+ * Document build fixes.
+
+
+o Kai Blin <kai@samba.org>
+ * BUG 4235: Improve compliance to the Squid helper protocol.
+ Original patch from Pawel Worach <pawel.worach@gmail.com>.
+
+
+o Gerald (Jerry) Carter <jerry@samba.org>
+ * BUG 5107: Fix handling of large DNS replies on AIX and Solaris.
+
+
+o Glenn Curtis <gcurtis@likewisesoftware.com>
+ * Prevent cycle in Winbind's list of children when reaping dead processes.
+
+
+o Steven Danneman <steven.danneman@isilon.com>
+ * BUG 5419: Fix memory leak in ads_do_search_all_args() (merge from v3-2).
+
+
+o Guenther Deschner <gd@samba.org>
+ * Fix winbind NETLOGON credential chain on a samba dc for w2k8 trusts.
+ * Fix client connections and negotiation with Windows 2008 DCs
+ in member server code.
+ * Add NT_STATUS_DOWNGRADE_DETECTED error code (merge from v3-2).
+ * BUG 5430: Fix pam_winbind.so on Solaris (requires -lsocket).
+ * Re-add samr getdispinfoindex parsing which got lost in the glue commit.
+ * BUG 5461: Implement a very basic _samr_GetDisplayEnumerationIndex().
+ Corrects interop problem between Citrix PM and a Samba DC.
+
+
+o Bryan Kolodziej <bryan.kolodziej@allenlund.com>
+ * BUG 3840: Fix smbclient connecting to NetApp filers when using
+ whitespace in the user's password.
+
+
+o Volker Lendecke <vl@samba.org>
+ * BUG 4901: Fix behavior of "ldap passwd sync = only".
+ * BUG 5317: Fix debug output from domain_client_validate().
+ * BUG 5338: Fix format string bug in rpcclient.
+ * Ensure that "wbinfo -a trusted\\user%password" works correctly
+ on a Samba DC with trusts.
+ * BUG 5336: Fix SetUsetrInfo(level 25) to update the pwdLastSet
+ attribute.
+ * BUG 5350: Fallback to anonymous sessions if not trust password
+ could be obtained on Samba DCs and member servers.
+ * BUG 5366: Fix password chat on Sun OpenSolaris (Nevada).
+ * Fix signing problem in the client with trans requests.
+
+
+o Björn Jacke <bj@sernet.de>
+ * Fix alignment bug hitting Solaris with "reset in zero vc" activated.
+
+
+o Jim McDonough <jmcd@samba.org>
+ * Fix build with glibc 2.8.
+ * Enable winbind child processes to do something with signals, in
+ particular closing and reopening logs on SIGHUP.
+
+
+o Karolin Seeger <kseeger@samba.org>
+ * Documentation cleanup after merging docs from svn to git and
+ back-porting from the v3-2 branch.
+
+
+o Rafal Szczesniak <mimir@samba.org>
+ * Add implementation of machine-authenticated connection to netlogon
+ pipe used when connecting to win2k and newer domain controllers.
+
+
+o Simo Sorce <idra@samba.org>
+ * Fix trusted users on a DC that uses the old idmap syntax.
+
+
+o Bo Yang <boyang@novell.com>
+ * Only have Winbind cache domain password policies that were
+ successfully retrieved.
+
+
+o Martin Zielinski <mz@seh.de>
+ * Fix alignment bug when marshalling printer data replies.
+ * Fix DeleteDriverDriverEx() checks to prevent removing in use files.
+
+
+
+ --------------------------------------------------
+
+ ===============================
+ Release Notes for Samba 3.0.28a
+ Mar 8, 2008
+ ===============================
+
+Major bug fixes included in Samba 3.0.28a are:
+
+ o Failure to join Windows 2008 domains
+ o Windows Vista (including SP1 RC) interop issues
+
+
+
+######################################################################
+Changes
+#######
+
+smb.conf changes
+----------------
+
+ Parameter Name Description Default
+ -------------- ----------- -------
+ administrative share New No
+ ldap debug level New 0
+ ldap debug threshold New 10
+
+
+Changes since 3.0.28
+--------------------
+
+o Michael Adam <obnox@samba.org>
+ * Fix bug in version string's vendor tag.
+ * Prevent net getdomainsid from crashing when called as non-root.
+ * BUG 4801: Correctly implement LSA lookup levels for LookupNames.
+ * Fixes for internal LookupNames() calls for unqualified users and
+ groups.
+ * Remove unnecessary functions when managing domain trust
+ passwords.
+ * Fix winbindd on a Samba DC talking to a trusted domain DC
+ (again).
+ * Consolidate the detection of the machine_account_name when
+ obtaining trust credentials from the local database.
+ * Refactor trust account database routines and session key
+ management.
+ * Fix retrieval of trusted domain password policies when
+ authenticating a user (only when WBFLAG_PAM_GET_PWD is config
+ flags is set).
+ * Refactor Winbind's cm_connect_sam().
+ * Enable building the notify_fam module.
+ * Add "ldap debug level" and "ldap debug threshold" smb.conf options.
+
+
+o Jeremy Allison <jra@samba.org>
+ * Fix cut-n-paste bug when filling in form values for Printer
+ info.
+ * Fix SMB signing bug found by Volker.
+ * Create locking.tdb when running smbstatus before smbd to avoid
+ confusing error messages.
+ * Add a portable version of strlcpy and strlcat.
+ * BUG 4780: Cause user mounts to inherit uid= and gid= from the
+ calling user when called as non-root, except when overridden on
+ the command line. Original patch by Steve Langasek.
+ * BUG 5802: Recent versions of Linux-PAM support localization of
+ user prompts, so Samba must use the C locale when invoking PAM
+ * Merge Vista principal detection changes by Andreas Schneider
+ from 3.2 branch.
+ * BUG 5121: Fix problems running unix passwd sync on streams based
+ systems.
+ * BUG 4612: Fix smbd crash when connecting from an OS/2 client.
+ * Back port Volker's ACL fixes on newly create files form 3.2.
+ * Ensure that send_getdc_request() matches the 3.2 code base.
+ * BUG 3617: Fix crash in nmbd caused by referencing freed memory.
+ * Fixes for issues reported by IBM checker.
+ * Fixes for issues reported by Coverity.
+ * Back port Volker's fix for nlink count.
+ * Back port SAMR flag fixes from Matt Geddes
+ <musicalcarrion@gmail.com>.
+ * BUG 4929: Cope with protected ACL set correctly (based on work
+ from Jim McDonough).
+ * Fix ACL set bug when group being set is the primary group.
+ * Ensure NDR wire-reads of string types are always null
+ terminated.
+ * BUG 5247: Fix mget wildcard expansion in smbclient.
+ * Fix bug in SPNEGO negotiation.
+ * BUG 3617: Fix "Invalid read of size 4" errors.
+ * BUG 5267: Prevent nmbd from shutting down when no network
+ interfaces can be located.
+
+
+o Kai Blin <kai@samba.org>
+ * libsmb: Do not upper-case target name on NTLMv2 hash generation.
+ * Fix an incompatible pointer type warning.
+
+
+o Gerald Carter <jerry@samba.org>
+ * Restrict the enctypes in the generated krb5.conf files to
+ Win2003 types.
+
+
+o Steven Danneman <steven.danneman@isilon.com>
+ * Error path memory leak fixes.
+
+
+o Guenther Deschner <gd@samba.org>
+ * Fix PAC decoding from Vista SP1 client.
+ * Fix get_trust_creds() to return always an upper-cased krb5
+ principal.
+ * Back port additional fixes necessary for support Windows 2008
+ domain joins from the 3.2 branch.
+
+
+o Mathias Gug <mathiaz@ubuntu.com>
+ * BUG 5802: Recent versions of Linux-PAM support localization of
+ user prompts, so Samba must use the C locale when invoking PAM
+
+
+o Steve Langasek <vorlon@debian.org>
+ * BUG 3727: Fix smbpasswd abort when called by non-root user.
+ * BUG 4784: Prevent umount.cifs from allowing all users to unmount shares.
+ * BUG 5802: Recent versions of Linux-PAM support localization of
+ user prompts, so Samba must use the C locale when invoking PAM
+
+
+o Volker Lendecke <vl@samba.org>
+ * When allocating a new vuid, also avoid partial ones. Also
+ fully invalidate intermediate ones.
+ * Fix error path exit in create_local_nt_token() to correctly roll
+ back security contexts.
+ * Fix valgrind warnings in nmbd.
+ * Pointer initialization fixes in notify_marshall_changes().
+ * BUG 5208: Fix uninitialized variables in vfs_hpuxacl.c (reported
+ by David Leonard <David.Leonard@quest.com>).
+ * Copy the 3.2 version of string_replace to 3.0.
+ * Port SMB_FS_OBJECTID_INFORMATION from 3.2 (Patch by Corinna
+ Vinschen).
+ * Memory leak fixes.
+ * Fix error code propagation from cli_session_setup_kerberos().
+ * BUG 5217: Fix inotify detection.
+ * BUG 5279: Correctly check return of rename().
+ * BUG 5252: Fix confusing error messages in mount.cifs.
+ * BUG 5307: Respect FAMChanged (Thanks to Ricardo Santos).
+ * Work around a handle leak in XP 64 bit.
+
+
+o Guenter Kukkukk <linux@kukkukk.com>
+ * OS/2 returns eclass == ERRDOS && ecode == ERRnofiles for a zero
+ entry directory listing.
+
+
+o Tom Maher <tmaher@watson.org>
+ * BUG 5175: Support krb5 auth in smbcacls.
+
+
+o Hans Mayer <hans.mayer@ages.at>
+ * BUG 5141: Solaris 9 compile fix.
+
+
+o Stefan Metzmacher <metze@samba.org>
+ * Fix default printing system detection in libreplace.
+
+
+o Laurent Pinchart <pinchart@skynet.be>
+ * BUG 5163: Return better error codes when a password cannot be
+ set in and LDAP directory.
+
+
+o Jiri Sasek <Jiri.Sasek@Sun.COM>
+ * BUG 4866: Correct password routine detection on Solaris.
+
+
+o Andreas Schneider <anschneider@suse.de>
+ * Remove trailing slashes on server names when parsing input from
+ smbclient.
+ * Support Windows 2008 domain joins (variant of Todd Stecher's
+ original patch).
+ * Add "administrative share" service parameter for defining hidden
+ administrative shares that cannot be managed from Windows.
+
+
+o Karolin Seeger <kseeger@samba.org>
+ * Use the "ldap user suffix" when enumerating a users group
+ memberships.
+
+
+o Simo Sorce <idra@samba.org>
+ * Don't assume NULL termination when copying the principal name
+ in kerberos_get_default_realm_from_ccache().
+ * Fix winbindd running on a Samba DC (again).
+
+
+o Bo Yang <boyang@novell.com>
+ * Fix bad private_data pointer in winbindd_lookupname_async().
+
+
+
+
+ ==============================
+ Release Notes for Samba 3.0.28
+ Dec 10, 2007
+ ==============================
+
+Samba 3.0.28 is a security release in order to address the following
+defect:
+
+ o CVE-2007-6015
+ Boundary failure in GETDC mailslot processing can result in
+ a buffer overrun
+
+The original security announcement for this and past advisories can
+be found http://www.samba.org/samba/security/
+
+######################################################################
+Changes
+#######
+
+Changes since 3.0.27a
+---------------------
+
+o Jeremy Allison <jra@samba.org>
+ * Fix for CVE-2007-6015.
+
+o Volker Lendecke <vl@samba.org>
+ * Fix for CVE-2007-6015.
+ * Add missing unbecome_root() calls in error path processing
+ when failing to add local groups in create_local_nt_token().
+
+
+ --------------------------------------------------
+
===============================
- Release Notes for Samba 3.0.25b
- June 20, 2007
+ Release Notes for Samba 3.0.27a
+ Nov 20, 2007
+ ===============================
+
+Samba 3.0.27a is a bug fix release and is the current release
+for production servers running the Samba 3.0 series.
+
+Important fixes in 3.0.27a include:
+
+ o A crash bug regression experienced by smbfs clients caused
+ by the fix for CVE-2007-4572.
+
+
+
+######################################################################
+Changes
+#######
+
+Changes since 3.0.27
+--------------------
+
+o Michael Adam <obnox@samba.org>
+ * BUG 4308: Add missing become_root/unbecome_root around calls of
+ add_aliases. Add same changes in create_token_from_username()
+ surrounding the call to getsampwsid().
+ * BUG 5083: Make solarisacl_sys_acl_get_fd() return a result when
+ there is one (thereby fixing a memleak).
+ * BUG 5023: Fix smbd's interaction with NFSv4 ACL compatible VFS
+ plugins such as GPFS and ZFS.
+
+
+o Jeremy Allison <jra@samba.org>
+ * BUG 4978: Ensure that DOS attributes are copied with folders.
+ * Fix bug where tdb lock call interrupted with an alarm sig would
+ not terminate and could lead to runaway smbd processes.
+ * Fix smbd crash bug which resulted from a regression in the patch
+ for CVE-2007-4572 patch.
+ * Prevent nmbd from adding non-initialized name to IP address
+ mappings to it's WINS database.
+
+
+o Dmitry Butskoy <buc@odusz.so-cdu.ru>
+ * Properly catch errors in the query_user() callback to avoid
+ generated struct passwd replies with zero length usernames.
+
+
+o Gerald (Jerry) Carter <jerry@samba.org>
+ * Prevent segv in winbindd running on a DC using the "idmap
+ backend" syntax.
+
+
+o Steve Langasek <vorlon@debian.org>
+ * BUG 4781: Allow cleaning of /etc/mtab by canonicalizing mountpoint.
+
+
+o Volker Lendecke <vl@samba.org>
+ * BUG 4028: Fix message popup sent via "smbclient -M".
+ * BUG 4984: Filename unix_convert() fixes for WinNT 4.0 clients.
+
+
+o Stefan Metzmacher <metze@samba.org>
+ * Fix crash bug in pidl generated client code caused by
+ [in,out,unique] pointers.
+ * Fix crash bug in the group mapping code.
+
+
+o Heinrich Mislik <Heinrich.Mislik@univie.ac.at>
+ * Fixes for AIX quota support.
+
+
+o Tomasz Ostrowski <tometzky@batory.org.pl>
+ * BUG 4393: Prevent smbclient from dropping 0 bytes files from tar
+ archives.
+
+
+o Simo Sorce <idra@samba.org>
+ * Fixes for internal idmap domain list when "winbind trusted
+ domains only" is enabled.
+ * Fix 32/64-bit compatibility issues in the winbind request/response
+ structures.
+
+
+o Martin Zielinski <mz@seh.de>
+ * Error code path fix for get_mydnsdomname().
+
+
+
+ --------------------------------------------------
+
+ ==============================
+ Release Notes for Samba 3.0.27
+ Nov 15, 2007
+ ==============================
+
+Samba 3.0.27 is a security release in order to address the following
+defects:
+
+ o CVE-2007-4572
+ Stack buffer overflow in nmbd's logon request processing.
+
+ o CVE-2007-5398
+ Remote code execution in Samba's WINS server daemon (nmbd)
+ when processing name registration followed name query requests.
+
+The original security announcement for this and past advisories can
+be found http://www.samba.org/samba/security/
+
+######################################################################
+Changes
+#######
+
+Changes since 3.0.26a
+---------------------
+
+o Jeremy Allison <jra@samba.org>
+ * Fix for CVE-2007-4572.
+ * Fix for CVE-2007-5398.
+
+
+o Simo Sorce <idra@samba.org>
+ * Additional fixes for CVE-2007-4572.
+
+
+ --------------------------------------------------
+ ===============================
+ Release Notes for Samba 3.0.26a
+ Sep 11, 2007
+ ===============================
+
+Major bug fixes included in Samba 3.0.26a are:
+
+ o Memory leaks in Winbind's IDMap manager.
+
+
+######################################################################
+Changes
+#######
+
+Changes since 3.0.26
+--------------------
+
+o Michael Adam <obnox@samba.org>
+ * Fix read_sock() semantics in wb_common.c to address "invalid
+ request size" errors in winbindd logs.
+ * Fix use of pwrite() in tdb IO code paths.
+
+
+o Jeremy Allison <jra@samba.org>
+ * Fix logic error in timeout of blocking lock processing.
+
+
+o Guenther Deschner <gd@samba.org>
+ * Fix error code in the msrpc EnumerateDomainGroups() Winbind
+ method when a memory allocation fails.
+ * Fix Winbind initialization storms when contacting an older Samba DC.
+
+
+o Volker Lendecke <vl@samba.org>
+ * Fix compile failure in NFSv4 VFS module.
+ * Fix compile failures on True64.
+ * Fix compile failure in unmaintained python bindings.
+ * BUG 4917: Fix memory leaks in Winbind's idmap_ldap and
+ idmap_cache backends.
+ * Coverity fixes in the group mapping code.
+
+
+o Derrell Lipman <derrell@samba.org>
+ * Remove NetBIOS keepalives from libsmbclient and consolidate on
+ the use of getpeername() when checking connection health.
+ * Use formal syntax for invoking function pointers in
+ libsmbclient.
+
+
+o Lars Mueller <lars@samba.org>
+ * Fixes for Winbind's AD site support when the host is not
+ configured in any site or nor DC's are present within the host's
+ configured site.
+
+
+o Simo Sorce <idra@samba.org>
+ * Debian packaging updates for 3.0.25c.
+ * Add sanity checks for "smb ports" values.
+ * Fix compile issues related to the VFS "open" method and newer
+ glibc implementations.
+ * Fix a segv in smbldap_set_creds() when using an anonymous
+ connection.
+ * BUG 4772: Fix us of ldap_base_dn for the idmap_ldap plugin.
+
+
+Release notes for older releases follow:
+
+ --------------------------------------------------
+ ==============================
+ Release Notes for Samba 3.0.26
+ Sep 11, 2007
+ ==============================
+
+This is a security release of Samba 3.0 to address
+
+ o CVE-2007-4138
+ Versions: All Samba 3.0.25 releases
+ Incorrect primary group assignment for
+ domain users using the rfc2307 or sfu
+ winbind nss info plugin.
+
+The original security announcement for this and past advisories
+can be found http://www.samba.org/samba/security/
+
+######################################################################
+Changes
+#######
+
+Changes since 3.0.25c
+---------------------
+
+o Gerald (Jerry) Carter <jerry@samba.org>
+ * Fix CVE-2007-4138 in the "winbind nss info = {sfu | rfc2307}"
+ plugin (idmap_ad.c)
+
+
+ --------------------------------------------------
===============================
+ Release Notes for Samba 3.0.25c
+ Aug 20, 2007
+ ===============================
+
+Major bug fixes included in Samba 3.0.25c are:
+
+ o File sharing with Widows 9x clients.
+ o Winbind running out of file descriptors due to stalled
+ child processes.
+ o MS-DFS inter-operability issues.
+
-This is the third production release of the Samba 3.0.25 code
-base and is the version that servers should be run for for all
-current bug fixes.
+######################################################################
+Changes
+#######
+
+Changes since 3.0.25b
+---------------------
+
+o Michael Adam <obnox@samba.org>
+ * Fix incorrect log messages in tdbbackup.
+ * Fix a bug in pwrite error detection in tdb_expand_file().
+
+
+o Jeremy Allison <jra@samba.org>
+ * BUG 4711: Make cli_connect() return NT_STATUS codes.
+ * Ensure we obey Unicode consortium restrictions. Based on
+ patch from MORIYAMA Masayuki.
+ * BUG 3204: Cope with stalled winbindd child processes and
+ prevent the parent winbindd process from running out of file
+ descriptors.
+ * Fix realloc leak on failure case from Jim Meyering.
+ * BUG 4759: Fix crash in ber_printf() caused invalid tag.
+ * BUG 4763: Limit notify responses to client max buf size.
+ * BUG 4777: Doing a DFS traverse through a deep link could fail
+ (not using explorer).
+ * BUG 4779: Setting the allocation size updates the modified
+ time as a write does.
+ * BUG 4308: Fix interaction with MS Excel and POSIX ACLs.
+ * Fix POSIX unlink bug found by the Linux CIFS fs client.
+ * Stop counting locks if we get a POSIX lock request.
+ * Fix interaction between Linux CIFS fs client and Windows
+ clients when the former tries to remove a file opened by the
+ latter.
+ * Fix incorrect mapping of invalid resume names in FindNext
+ commands.
+ * Cope with dead entries in the locking database tied to
+ non-existent processes (merge from 3.2-ctdb).
+ * Fix MS-DFS related renaming bug in smbclient.
+ * Fix for write cache corruption bug.
+ * Fix invalid vuid from being returned by a failed call to
+ cli_session_setup_spnego.().
+ * Fixes for error mappings from NT_STATUS to the appropriate DOS
+ error codes in reply_opeNXXX() calls.
+
+
+o Ofir Azoulay <Ofir.Azoulay@expand.com>
+ * Only look at errno set by SMB_VFS_CLOSE() if the call actually
+ failed.
+
+
+o Alexander Bokovoy <ab@samba.org>
+ * Fix vfs_readahead: transparent modules should always pass
+ through.
+
+
+o David S. Collier-Brown <davecb@spamcop.net>
+ * BUG 4897: Fix Solaris xattr misdeclarations.
+
+
+o Guenther Deschner <gd@samba.org>
+ * Remove redundant pointer checks when freeing memory in winbindd.
+ * BUG 4408: Remove last traces of Heimdal KCM support.
+ * Fix bug in user Krb5 ticket refresh feature in winbindd.
+ * Fix Heimdal path in the krb5 renew routine.
+ * Unused code cleanup in winbindd.
+
+
+o SATOH Fumiyasu <fumiyas@osstech.co.jp>
+ * BUG 4750: smbc_telldir_ctx() was not returning a value useful
+ to smbc_lseekdir_ctx().
+
+
+o Bjoern Jacke <bj@sernet.de>
+ * Add support for Extended Attributes on Solaris.
+
+
+o Matthijs Kooijman <matthijs@stdin.nl>
+ * BUG 4836: Fix incorrect log message in the nss_info
+ plugin init call.
+ * BUG 4849: Fix "net ads dns register" usage text.
+
+
+o Volker Lendecke <vl@samba.org>
+ * Port cli_connect() NT_STATUS fixes to smbmount.
+ * Add notes about smbfs/cifs to usage() in smb[u]mount.
+ * BUG 4792: Fix pidfile name bug.
+ * Fix missing END_PROFILE() call in the SMBunlink reply.
+ * Coverity fixes.
+ * Correct logic error in change notify code that would result in
+ an endless loop.
+ * Fix uninitialized reads in the spoolss GetPrinterData() replies.
+ * Fix file overwrites from Windows 9x clients.
+
+
+o Herb Lewis <herb@samba.org>
+ * Unused code cleanup.
+ * Avoid a crash in "net rpc info" when no username has
+ been specified.
+ * Remove biconv detection on *BSD.
+
+
+o Derrell Lipman <derrell@samba.org>
+ * Get/Set ACL fixes in libsmbclient.
+
+
+o Jan Martin <Jan.Martin@rwedea.com>
+ * BUG 4860: Patches for fixing MS-DFS links with trailing
+ back slashes.
+
+
+o Jim McDonough <jmcd@us.ibm.com>
+ * BUG 4719: "Must change password" is not set from usrmgr.exe.
+
+
+o Atsushi Nakabayashi <nakabayashi@miraclelinux.com>
+ * Ensure proper exit when nmbd is unable to reopen the wins.tdb.
+ * Fix error path memleaks in the messaging subsystem.
+
+ --------------------------------------------------
+ ===============================
+ Release Notes for Samba 3.0.25b
+ June 26, 2007
+ ===============================
Major bug fixes included in Samba 3.0.25b are:
o Crashes is idmap_ldap and idmap_rid.
+Changes to 'net idmap dump'
+===========================
+
+A change in command line syntax and behavior was introduced in the
+3.0.25 release series where the command
+
+ $ net idmap dump /.../path/to/idmap.tdb
+
+would overwrite the tdb instead of dumping its contents to standard
+output as was the case in releases prior to Samba 3.0.25. The
+changed has been reverted in 3.0.25b and the semantics from 3.0.24
+and earlier releases have been restored.
+
+
######################################################################
Changes
#######
* Fix sync_file() to return NTSTATUS and return this on failure in
the write reply path.
* BUG 4678,4697: Fix token creation for clear text logins.
+ * BUG 4725: Don't crash when no eventlog names are defined in
+ smb.conf.
+ * Ensure we will always release any timeout handler on fsp close
+ or removal of oplock.
o Jacob Berkman <jberkman@novell.com>
* BUG 4566: Pass password data to krb5_prompter.
+o Gerald (Jerry) Carter <jerry@samba.org>
+ * BUG 4579: Fix "wbinfo -t" when running winbindd on a Samba DC.
+
+
o Guenther Deschner <gd@samba.org>
* BUG 4657: Fix compilation and linking of pam_smbpass.so.
* Add more netlogon GetDcName() client calls.
+ * Fix event based krb5 ticket refreshing in winbindd.
+
+o SATOH Fumiyasu <fumiyas@osstech.co.jp>
+ * BUG 4720: Fix smbclient connections to share names containing
+ multibyte characters.
o Steve Langasek <vorlon@debian.org>
o Volker Lendecke <vl@samba.org>
* Fix record state check error when reviewing entries in nmbd's
WINS database.
-
+ * Revert 'net idmap dump' behavior to 3.0.24 behavior to fix change
+ in command line syntax that would overwrite winbindd_idmap.tdb.
+
o Justin Maggard <jmaggard@infrant.com>
* Don't expire a password if it's explicitly set as ACB_PWNOTREQ.
git.samba.org / samba.git / blobdiff