X-Git-Url: http://git.samba.org/?a=blobdiff_plain;f=WHATSNEW.txt;h=3e8711de062d2f0c5af32cb389041706147df362;hb=e4d9909be5f7c8c022d2ee22d3259a6b412d4fc9;hp=895107164410167c4c36006aac59753d36ccac22;hpb=d4d84f47fc26b564bcab00bbe1d2e68004fbade1;p=samba.git diff --git a/WHATSNEW.txt b/WHATSNEW.txt index 89510716441..3e8711de062 100644 --- a/WHATSNEW.txt +++ b/WHATSNEW.txt @@ -1,13 +1,1377 @@ + ============================== + Release Notes for Samba 3.5.16 + , 2012 + ============================== + + +This is the latest stable release of Samba 3.5. + +Major enhancements in Samba 3.5.16 include: + +o + +Changes since 3.5.15: +--------------------- + + +o Jeremy Allison + + +###################################################################### +Reporting bugs & Development Discussion +####################################### + +Please discuss this release on the samba-technical mailing list or by +joining the #samba-technical IRC channel on irc.freenode.net. + +If you do report problems then please try to send high quality +feedback. If you don't provide vital information to help us track down +the problem then you will probably be ignored. All bug reports should +be filed under the Samba 3.5 product in the project's Bugzilla +database (https://bugzilla.samba.org/). + + +====================================================================== +== Our Code, Our Bugs, Our Responsibility. +== The Samba Team +====================================================================== + + +Release notes for older releases follow: +---------------------------------------- + + ============================== + Release Notes for Samba 3.5.15 + April 30, 2012 + ============================== + + +This is a security release in order to address +CVE-2012-2111 (Incorrect permission checks when granting/removing +privileges can compromise file server security). + +o CVE-2012-2111: + Samba 3.4.x to 3.6.4 are affected by a + vulnerability that allows arbitrary users + to modify privileges on a file server. + + +Changes since 3.5.14: +--------------------- + + +o Jeremy Allison + * Fix incorrect permission checks when granting/removing + privileges (CVE-2012-2111). + + +###################################################################### +Reporting bugs & Development Discussion +####################################### + +Please discuss this release on the samba-technical mailing list or by +joining the #samba-technical IRC channel on irc.freenode.net. + +If you do report problems then please try to send high quality +feedback. If you don't provide vital information to help us track down +the problem then you will probably be ignored. All bug reports should +be filed under the Samba 3.5 product in the project's Bugzilla +database (https://bugzilla.samba.org/). + + +====================================================================== +== Our Code, Our Bugs, Our Responsibility. +== The Samba Team +====================================================================== + + +---------------------------------------------------------------------- + + + ============================== + Release Notes for Samba 3.5.14 + April 10, 2012 + ============================== + + +This is a security release in order to address +CVE-2012-1182 ("root" credential remote code execution). + +o CVE-2012-1182: + Samba 3.0.x to 3.6.3 are affected by a + vulnerability that allows remote code + execution as the "root" user. + + +Changes since 3.5.13: +--------------------- + + +o Stefan Metzmacher + *BUG 8815: PIDL based autogenerated code allows overwriting beyond of + allocated array (CVE-2012-1182). + + +###################################################################### +Reporting bugs & Development Discussion +####################################### + +Please discuss this release on the samba-technical mailing list or by +joining the #samba-technical IRC channel on irc.freenode.net. + +If you do report problems then please try to send high quality +feedback. If you don't provide vital information to help us track down +the problem then you will probably be ignored. All bug reports should +be filed under the Samba 3.5 product in the project's Bugzilla +database (https://bugzilla.samba.org/). + + +====================================================================== +== Our Code, Our Bugs, Our Responsibility. +== The Samba Team +====================================================================== + + +---------------------------------------------------------------------- + + + ============================== + Release Notes for Samba 3.5.13 + March 12, 2012 + ============================== + + +This is the latest stable release of Samba 3.5. + +Major enhancements in Samba 3.5.13 include: + +o Fix a crash bug in cldap_socket_recv_dgram() (bug #8593). +o Fully observe password change settings (bug #8561). +o Fix NT ACL issue (bug #8673). +o Fix segfault in Winbind if we can't map the last user (bug #8678). + + +Changes since 3.5.12: +-------------------- + + +o Michael Adam + * BUG 8327: Fix config reload to reload shares from registry. + + +o Jeremy Allison + * BUG 8139: Ignore SMBecho errors. + * BUG 8521: Fix Winbind cache timeout expiry test. + * BUG 8561: Fully observe password change settings. + * BUG 8631: Fix POSIX ACE x permission mapping to and from a DACL. + * BUG 8636: When returning an ACL without SECINFO_DACL requested, we still + set SEC_DESC_DACL_PRESENT in the type field. + * BUG 8644: Make sure that vfs_acl_xattr and vfs_acl_tdb modules add + inheritable entries on a directory with no stored ACL. + * BUG 8663: Fix deleting a symlink if the symlink target is outside of the + * share. + * BUG 8664: Fix renaming a symlink if the symlink target is outside of the + share. + * BUG 8673: Fix NT ACL issue. + * BUG 8679: Make sure that recvfile code path using splice() on Linux + does not leave data in the pipe on short write. + * BUG 8687: Fix typo in 'net memberships' usage. + + +o Christian Ambach + * BUG 8658: Add timeouts to Winbind cache. + + +o Andrew Bartlett + * BUG 8727: Do not limit read replies to NBT packet sizes. + + +o Günther Deschner + * BUG 8176: Fix perl path. + * BUG 8692: Fix malloc/talloc mismatch in ads_keytab_verify_ticket(). + + +o Björn Jacke + * BUG 8652: Document the ignore system acls option of vfs_acl_xattr and + vfs_acl_tdb. + + +o Jeff Layton + * BUG 8648: Document more undocumented mount.cifs options. + + +o Volker Lendecke + * BUG 8639: Fix the vfs_commit module. + * BUG 8686: Packet validation checks can be done before length validation + causing uninitialized memory read. + + +o Stefan Metzmacher + * BUG 5326: Fix cli_write_and_x() against OS/2 print shares. + * BUG 8562: Fix double free error (talloc). + * BUG 8593: Fix a crash bug in cldap_socket_recv_dgram(). + * BUG 8684: Try ctdbd_init_connection() as root. + + +o Masafumi Nakayama + * BUG 563: Fix 'smbclient tar' for files greater than 8GB on BE machines. + + +o Matthieu Patou + * BUG 8599: Make WINBINDD_PAM_AUTH_CRAP return valid user session key. + * BUG 8771: Make Winbind change faster from DC1 to DC2. + + +o Andreas Schneider + * BUG 8608: Don't fail on users without a uid (Winbind). + * BUG 8628: Don't duplicate Kerberos service tickets. + * BUG 8645: Add missing prefixpath options for mount.cifs manpage. + * BUG 8658: Add an update function for Winbind cache. + * BUG 8678: Fix segfault in Winbind if we can't map the last user. + + +o Karolin Seeger + * BUG 7705: Fix rpm build issues on RHEL4. + + +o Richard Sharpe + * BUG 8607: Simplify building modules outside the Samba source tree. + + +###################################################################### +Reporting bugs & Development Discussion +####################################### + +Please discuss this release on the samba-technical mailing list or by +joining the #samba-technical IRC channel on irc.freenode.net. + +If you do report problems then please try to send high quality +feedback. If you don't provide vital information to help us track down +the problem then you will probably be ignored. All bug reports should +be filed under the Samba 3.5 product in the project's Bugzilla +database (https://bugzilla.samba.org/). + + +====================================================================== +== Our Code, Our Bugs, Our Responsibility. +== The Samba Team +====================================================================== + + +---------------------------------------------------------------------- + + + ============================== + Release Notes for Samba 3.5.12 + November 2, 2011 + ============================== + + +This is the latest stable release of Samba 3.5. + +Major enhancements in Samba 3.5.12 include: + +o Fix race condition in Winbind (bug 7844). +o The VFS ACL modules are no longer experimental but production-ready. + + +Changes since 3.5.11: +-------------------- + + +o Jeremy Allison + * BUG 7509: smb_acl_to_posix: ACL is invalid for set (Invalid argument). + * BUG 7551: Return error of cli_push when 'put - /some/file' is used. + * BUG 8156: 'net ads join' fails to use the user's kerberos ticket. + * BUG 8370: Fix vfs_chown_fsp. + * BUG 8422: Fix infinite loop in ACL module code. + * BUG 8443: Be smarter about setting default permissions when a ACL_USER_OBJ + isn't given. + * BUG 8458: IE9 on Windows 7 cannot download files to samba 3.5.11 share. + * BUG 8493: DFS breaks zip file extracting unless "follow symlinks = no" + set. + * BUG 8507: Make smbd correctly honor the "force create mode" bits from a + cifsfs create. + * BUG 8541: Fix readlink() on Linux clients if the symlink target is + outside of the share. + * BUG 8542: smbclient posix_open command fails to return correct info on + open file. + + +o Pierre Carrier + * BUG 8186: Allow changing the maximum number of simultaneous clients in + Winbind through an smb.conf option. + + +o Günther Deschner + * BUG 7465: Fix 'net ads join -k' when KRB5CCNAME is not set. + * BUG 7888: Deal with buggy 3.0 based PDCs. + * BUG 8491: Fix some coverity issues. + + +o David Disseldorp + * BUG 8480: acl_xattr can free an invalid pointer if no blob is loaded. + + +o Björn Jacke + * BUG 8256: Add man vfs_aio_fork. + * BUG 8362: Fix SWAT build issue on old glibc systems. + * BUG 8531: Make DSO_EXPORTS_CMD more portable. + + +o Volodymyr Khomenko + * BUG 8515: Disallow "." in can_set_delete_on_close(). + + +o Volker Lendecke + * BUG 7844: Fix race condition in Winbind. + * BUG 8338: Add a fallback for missing open&x support in OS/X Lion. + * BUG 8420: Fix getent group if trusted domains are not reachable. + + +o Stefan Metzmacher + * BUG 7462: Make SA_RESETHAND conditional on its existance. + * BUG 8254: Make "acl check permissions = no" working in all cases. + + +o Gregor Beck + * BUG 8253: Fix Winbind panics if verify_idpool() fails. + + +o David Disseldorp + * BUG 8269: Stop spamming log with "Could not find child X -- ignoring" + messages in smbd. + + +o Björn Jacke + * BUG 7460: Include sys/file.h only when available. + + +o Volker Lendecke + * BUG 7841: Explicitly pass domain_sid to wbint_LookupRids(). + * BUG 8238: Fix access to Samba shares when Windows security patch + KB2536276 is installed. + * BUG 8322: Add HAVE_FUNCTION_ATTRIBUTE_DESTRUCTOR. + + +o Stefan Metzmacher + * BUG 7841: Make WINBINDD_LOOKUPRIDS ask the right domain. + * BUG 8276: Close all sockets attached to a subnet in close_subnet(). + + +###################################################################### +Reporting bugs & Development Discussion +####################################### + +Please discuss this release on the samba-technical mailing list or by +joining the #samba-technical IRC channel on irc.freenode.net. + +If you do report problems then please try to send high quality +feedback. If you don't provide vital information to help us track down +the problem then you will probably be ignored. All bug reports should +be filed under the Samba 3.5 product in the project's Bugzilla +database (https://bugzilla.samba.org/). + + +====================================================================== +== Our Code, Our Bugs, Our Responsibility. +== The Samba Team +====================================================================== + + +---------------------------------------------------------------------- + + + ============================== + Release Notes for Samba 3.5.10 + July 26, 2011 + ============================== + + +This is a security release in order to address +CVE-2011-2522 (Cross-Site Request Forgery in SWAT) and +CVE-2011-2694 (Cross-Site Scripting vulnerability in SWAT). + + +o CVE-2011-2522: + The Samba Web Administration Tool (SWAT) in Samba versions + 3.0.x to 3.5.9 are affected by a cross-site request forgery. + + +o CVE-2011-2694: + The Samba Web Administration Tool (SWAT) in Samba versions + 3.0.x to 3.5.9 are affected by a cross-site scripting + vulnerability. + +Please note that SWAT must be enabled in order for these +vulnerabilities to be exploitable. By default, SWAT +is *not* enabled on a Samba install. + + +Changes since 3.5.9: +-------------------- + + +o Kai Blin + * BUG 8289: SWAT contains a cross-site scripting vulnerability. + * BUG 8290: CSRF vulnerability in SWAT. + + +###################################################################### +Reporting bugs & Development Discussion +####################################### + +Please discuss this release on the samba-technical mailing list or by +joining the #samba-technical IRC channel on irc.freenode.net. + +If you do report problems then please try to send high quality +feedback. If you don't provide vital information to help us track down +the problem then you will probably be ignored. All bug reports should +be filed under the Samba 3.5 product in the project's Bugzilla +database (https://bugzilla.samba.org/). + + +====================================================================== +== Our Code, Our Bugs, Our Responsibility. +== The Samba Team +====================================================================== + + +---------------------------------------------------------------------- + + + ============================= + Release Notes for Samba 3.5.9 + June 14, 2011 + ============================= + + +This is the latest stable release of Samba 3.5. + +Major enhancements in Samba 3.5.9 include: + +o Sgid bit lost on folder rename (bug #7996). +o ACL can get lost when files are being renamed (bug #7987). +o Respect "allow trusted domains = no" in Winbind (bug #6966). +o Samba now follows Windows behaviour as a Kerberos client, + requesting a CIFS/ ticket (bug #7893). + +New Kerberos behaviour +---------------------- + +A new parameter 'client use spnego principal' defaults to 'no' and +mean Samba will use CIFS/hostname to obtain a kerberos ticket, acting +more like Windows when using Kerberos against a CIFS server in +smbclient, winbind and other Samba client tools. This will change +which servers we will successfully negotiate kerberos connections to. +This is due to Samba no longer trusting a server-provided hint which +is not available from Windows 2008 or later. For correct operation +with all clients, all aliases for a server should be recorded as a as +a servicePrincipalName on the server's record in AD. + +Changes since 3.5.8: +-------------------- + +o Jeremy Allison + * BUG 6911: Kerberos authentication from Vista to Samba fails when security + blob size is greater than 16 kB. + * BUG 7080: Quota only shown when logged as root. + * BUG 7528: Fix Solaris with NIS autohome. + * BUG 7987: ACL can get lost when files are being renamed. + * BUG 7996: sgid bit lost on folder rename. + * BUG 8040: Fix 'smbclient' segfaults when a Cyrillic netbios name or + workgroup is configured. + * BUG 8072: Fix panic in create_file_acl_common. + * BUG 8038: Fix is_myname_or_ipaddr() to be robust against strange DNS + setups. + * BUG 8083: "inherit owner = yes" doesn't interact correctly with + vfs_acl_xattr or vfs_acl_tdb module. + * BUG 8088: Fix segfault in rpccli_samr_chng_pswd_auth_crap if any input + blobs are null. + * BUG 8111: CIFS VFS: Fix unexpected error on SMB posix open. + * BUG 8157: Fix parsing CUPS printcap files in std_pcap_cache_reload(). + * BUG 8163: Fix our asn.1 parser to handle negative numbers. + * BUG 8211: "inherit owner = yes" doesn't interact correctly with "inherit + permissions = yes". + + +o Christian Ambach + * BUG 8008: Fix a segfault in the krb5 locator plugin. + * BUG 8012: Use getgrset() instead of initgroups() + getgroups() when + getgrouplist() is not defined. + * BUG 8031: Convert gpfs:sharemodes and gpfs:leases parameters from a + global setting to a per share setting. + + +o Andrew Bartlett + * BUG 7893: Don't ever ask for machine$ principals as a target. + + +o Björn Baumbach + * BUG 8074: Fix debug message. + + +o Dmitry Butskoy + * BUG 6966: Respect "allow trusted domains = no" in Winbind. + + +o Marc A. Dahlhaus + * BUG 8047: Fix mdns registration if "interfaces=" is used. + + +o Günther Deschner + * BUG 7993: Make sure we don't crash when publishing a single printer. + * BUG 8085: Fix incorrect timeout handling in ncacn_ip_tcp client code. + * BUG 8132: Fix filling printers location field when using CUPS. + + +o David Disseldorp + * BUG 7836: Make newly added printers visible to clients. + * BUG 7994: Use printcap IDL for IPC. + + +o Björn Jacke + * BUG 7825: Fix GNU ld version detection with old gcc releases. + * BUG 8033: Add explicit configure option whether to enable dmapi + support or not. + + +o Sergey Korsak + * BUG 8099: setpwent() actually does endpwent() on FreeBSD. + + +o Volker Lendecke + * BUG 8009: Fix getting username in 'net rap session'. + * BUG 8011: Fix memory corruption in shadow_copy2. + * BUG 8016: Fix gpfs_get_xattr. + * BUG 8042: File creation on OS/X. + * BUG 8054: Winbind cache stores/retrieves wrong sizes for 16-bit ints. + * BUG 8066: Fix wrong output in 'smbget'. + * BUG 8087: Fix wbcChangeUserPasswordEx in RESPONSE mode. + + +o Nikolay Martynov + * BUG 8010: Fix inode generation so nautilus can count total dir size + correctly. + + +o Jim McDonough + * BUG 6364: Pull realm from supplied username on libnet join. + * BUG 8166: Don't lockout users when offline. + + +o Stefan Metzmacher + * BUG 7383: Normalize IPv4 mapped IPv6 addresses in both directions. + * BUG 8034: SEC_STD_DELETE is always granted to the owner of a file. + + +o Larry Reid + * BUG 8055: Can't see Parts of DFS CIFS share. + + +o Simo Sorce + * BUG 7610: winbindd_cache.tdb grows too large when scaled. + + +o Martin Vogt + * BUG 6762: Fix ctdb on gpfs error with MS Office. + + + +###################################################################### +Reporting bugs & Development Discussion +####################################### + +Please discuss this release on the samba-technical mailing list or by +joining the #samba-technical IRC channel on irc.freenode.net. + +If you do report problems then please try to send high quality +feedback. If you don't provide vital information to help us track down +the problem then you will probably be ignored. All bug reports should +be filed under the Samba 3.5 product in the project's Bugzilla +database (https://bugzilla.samba.org/). + + +====================================================================== +== Our Code, Our Bugs, Our Responsibility. +== The Samba Team +====================================================================== + + +---------------------------------------------------------------------- + + + ============================= + Release Notes for Samba 3.5.8 + March 7, 2011 + ============================= + + +This is the latest stable release of Samba 3.5. + +Major enhancements in Samba 3.5.8 include: + +o Fix Winbind crash bug when no DC is available (bug #7730). +o Fix finding users on domain members (bug #7743). +o Fix memory leaks in Winbind (bug #7879). +o Fix printing with Windows 7 clients (bug #7567). + + +Changes since 3.5.7: +-------------------- + + +o Michael Adam + * BUG 7594: Fix "log=>ndr_pull_error" in 'wbinfo -u' and 'wbinfo -g'. + * BUG 7871: Fix 'net ads dns register' in cluster setups. + * BUG 7894: Fix sporadic Winbind panic in rpc query_user_list. + + +o Jeremy Allison + * BUG 7409: Raise debug level for "reduce_name: couldn't get realpath" + messages. + * BUG 7716: Store unmodified copies of security descriptors in acl_xattr and + acl_tdb modules. + * BUG 7733: Fix incorrect unix mode_t caused by invalid client DOS + attributes on create. + * BUG 7734: Apply appropriate create masks when creating files with "inherit + ACLs" set to true. + * BUG 7743: Fix finding users on domain members. + * BUG 7744: Fix "dfree cache time" parameter. + * BUG 7777: Fix requesting lookups for BUILTIN sids. + * BUG 7785: Fix atime limit. + * BUG 7791: Fix copying files from a SMB share using Gnome vfs and SMB + signing. + * BUG 7812: ACL inheritance cannot be disabled in vfs_acl_xattr/vfs_acl_tdb. + * BUG 7835: vfs_fill_sparse() doesn't use posix_fallocate when strict + allocate is on. + * BUG 7843: Expand the local SAMs aliases. + * BUG 7892: Fix stale lock in open_file_fchmod(). + * BUG 7950: Revalidate the pathname once re-constructed from a root fsp. + + +o Andrew Bartlett + * BUG 7356: Fix 'net ads dns register' in Windows 2008 R2 domains. + + +o Björn Baumbach + * BUG 7875: Fix 'nmbd --port'. + * BUG 7880: Make 'rpcclient deldriver' delete drivers for all architectures. + + +o Günther Deschner + * BUG 7567: Fix printing with Windows 7 clients. + * BUG 7641: Handle Windows 9x adddriver calls without config file. + * BUG 7945: Let Winbind try to use samlogon validation level 6. + + +o Holger Hetterich + * BUG 3185: Fix 'testparm' return code when EOF in encountered in param + name. + + +o Björn Jacke + * BUG 7821: Fix build of shared libraries on Tru64. + + +o Volker Lendecke + * BUG 7066: Fix "Your Password expires today" message for users of trusted + domains. + * BUG 7262: Fix maintaining of users' groups via UsrMgr. + * BUG 7656: Fix scalability problem with hundreds of printers. + * BUG 7665: Fix memory leak in the netapi routines. + * BUG 7730: Fix Winbind crash bug when no DC is available. + * BUG 7774: Fix a getgrent crash with many groups. + * BUG 7779: Fix smbd crash caused by expand_msdfs. + * BUG 7800: Make Winbind recover from a signing error. + * BUG 7817: Fix "force group" with ntlmssp guest session setup. + * BUG 7841: Make WINBINDD_LOOKUPRIDS asking the right domain. + * BUG 7842: Make WINBINDD_LOOKUPRIDS returning the domain name. + * BUG 7855: ntlm_auth: Support clients which offer a spnego mechs we don't + support. + * BUG 7879: Fix memory leaks in Winbind. + * BUG 7881: Fix flaky Winbind against Windows 2008. + * BUG 7917: Fix connections from WinCE. + * BUG 7940: Fix opening MS Powerpoint files. + + +o Stefan Metzmacher + * BUG 7567: Fix printing with Windows 7 clients. + * BUG 7855: ntlm_auth: Support clients which offer a spnego mechs we don't + support. + * BUG 7883: Fix SMB session setups with Kerberos against some closed source + SMB servers. + * BUG 7896: Don't set SAMR_FIELD_FULL_NAME if we just want to set the + account name. + * BUG 7899: Don't return "-1" on success in 'net rpc vampire keytab'. + * BUG 7942: Fix endless loops caused by inotify. + * BUG 7944: Catch lookup_names/sids schannel errors over ncacn_ip_tcp. + + +o Jonathan Nieder + * BUG 6837: Make "rlimit_max below minimum Windows limit" notification less + scary. + + +o olivier + * BUG 7789: vfs_scannedonly: Switch from mtime to ctime which is more reliable. + + +o Rusty Russell + * BUG 7498: Fix updating the time on close in vfs_gpfs. + + +###################################################################### +Reporting bugs & Development Discussion +####################################### + +Please discuss this release on the samba-technical mailing list or by +joining the #samba-technical IRC channel on irc.freenode.net. + +If you do report problems then please try to send high quality +feedback. If you don't provide vital information to help us track down +the problem then you will probably be ignored. All bug reports should +be filed under the Samba 3.5 product in the project's Bugzilla +database (https://bugzilla.samba.org/). + + +====================================================================== +== Our Code, Our Bugs, Our Responsibility. +== The Samba Team +====================================================================== + + +---------------------------------------------------------------------- + + + ============================= + Release Notes for Samba 3.5.7 + February 28, 2011 + ============================= + + +This is a security release in order to address CVE-2011-0719. + + +o CVE-2011-0719: + All current released versions of Samba are vulnerable to + a denial of service caused by memory corruption. Range + checks on file descriptors being used in the FD_SET macro + were not present allowing stack corruption. This can cause + the Samba code to crash or to loop attempting to select + on a bad file descriptor set. + + +Changes since 3.5.6: +-------------------- + + +o Jeremy Allison + * BUG 7949: Fix DoS in Winbind and smbd with many file descriptors open. + + +###################################################################### +Reporting bugs & Development Discussion +####################################### + +Please discuss this release on the samba-technical mailing list or by +joining the #samba-technical IRC channel on irc.freenode.net. + +If you do report problems then please try to send high quality +feedback. If you don't provide vital information to help us track down +the problem then you will probably be ignored. All bug reports should +be filed under the Samba 3.5 product in the project's Bugzilla +database (https://bugzilla.samba.org/). + + +====================================================================== +== Our Code, Our Bugs, Our Responsibility. +== The Samba Team +====================================================================== + + +---------------------------------------------------------------------- + + + ============================= + Release Notes for Samba 3.5.6 + October 8, 2010 + ============================= + + +This is the latest stable release of Samba 3.5. + +Major enhancements in Samba 3.5.6 include: + + o Fix smbd panic on invalid NetBIOS session request (bug #7698). + o Fix smbd crash caused by "%D" in "printer admin" (bug #7541). + o Fix crash bug with invalid SPNEGO token (bug #7694). + o Fix Winbind internal error (bug #7636). + + +Changes since 3.5.5 +------------------- + + +o Jeremy Allison + * BUG 7577: Fix SPNEGO auth when contacting Win7 system using Microsoft Live + Sign-in Assistant. + * BUG 7578: Fix 'net idmap restore' setting HWM to avoid duplicates. + * BUG 7581: Fix "admin users" when using vfs_acl_xattr. + * BUG 7583: Fix smbclient to connect to Alfresco JLAN CIFS server using + Kerberos. + * BUG 7589: Fix using cached credentials in ntlm_auth. + * BUG 7590: Fix Winbind offline login. + * BUG 7617: Fix smbd coredump due to uninitialized variables in the + performance counter code. + * BUG 7636: Fix Winbind internal error. + * BUG 7651: Fix mknod and mkfifo failing with "No such file or + directory". + * BUG 7693: Fix smbd changing mode of files on rename. + * BUG 7694: Fix crash bug with invalid SPNEGO token. + * BUG 7698: Fix smbd panic on invalid NetBIOS session request. + + +o Günther Deschner + * BUG 7541: Fix smbd crash caused by "%D" in "printer admin". + * BUG 7568: Make sure cm_connect_lsa_tcp does not reset the secure channel. + * BUG 7658: Fix "dereferencing type-punned pointer will break + strict-aliasing rules" warnings). + * BUG 7665: Fix memory leak in netapi connection manager. + + +o Björn Jacke + * BUG 7244: Fall back to cups-config for underlinked libs. + * BUG 7474: Fix build on platforms without st_blocks and st_blksize stat + struct members. + + +o Volker Lendecke + * BUG 7336: Enable idmap_passdb module build as shared. + * BUG 7531: Fix the charset_pull routine. + * BUG 7635: Fix 'smbclient -M'. + * BUG 7656: Fix scalability problem with hundreds of printers. + * BUG 7684: Fix fd leak in libwbclient.so. + * BUG 7688: Fix crash bug in rpcclient. + * BUG 7470: Standardize S_IREAD and S_IWRITE. + * BUG 7715: Fix file corruption when setting Samba "write wache wize". + + +o Jim McDonough + * BUG 7280: Fix auto printers with registry config. + + +o Andreas Schneider + * BUG 7538: Fix GUID_from_data_blob() with length of 32. + + +o Chere Zhou + * BUG 7662: Align change notify replies on 4-byte boundary. + + +###################################################################### +Reporting bugs & Development Discussion +####################################### + +Please discuss this release on the samba-technical mailing list or by +joining the #samba-technical IRC channel on irc.freenode.net. + +If you do report problems then please try to send high quality +feedback. If you don't provide vital information to help us track down +the problem then you will probably be ignored. All bug reports should +be filed under the Samba 3.5 product in the project's Bugzilla +database (https://bugzilla.samba.org/). + + +====================================================================== +== Our Code, Our Bugs, Our Responsibility. +== The Samba Team +====================================================================== + + +---------------------------------------------------------------------- + + + ============================= + Release Notes for Samba 3.5.5 + September 14, 2010 + ============================= + + +This is a security release in order to address CVE-2010-3069. + + +o CVE-2010-3069: + All current released versions of Samba are vulnerable to + a buffer overrun vulnerability. The sid_parse() function + (and related dom_sid_parse() function in the source4 code) + do not correctly check their input lengths when reading a + binary representation of a Windows SID (Security ID). This + allows a malicious client to send a sid that can overflow + the stack variable that is being used to store the SID in the + Samba smbd server. + + +Changes since 3.5.4 +-------------------- + + +o Jeremy Allison + * BUG 7669: Fix for CVE-2010-3069. + + +o Andrew Bartlett + * BUG 7669: Fix for CVE-2010-3069. + + +###################################################################### +Reporting bugs & Development Discussion +####################################### + +Please discuss this release on the samba-technical mailing list or by +joining the #samba-technical IRC channel on irc.freenode.net. + +If you do report problems then please try to send high quality +feedback. If you don't provide vital information to help us track down +the problem then you will probably be ignored. All bug reports should +be filed under the Samba 3.5 product in the project's Bugzilla +database (https://bugzilla.samba.org/). + + +====================================================================== +== Our Code, Our Bugs, Our Responsibility. +== The Samba Team +====================================================================== + + +---------------------------------------------------------------------- + + ============================= - Release Notes for Samba 3.5.0 - February 16, 2010 + Release Notes for Samba 3.5.4 + June 23, 2010 + ============================= + + +This is the latest stable release of Samba 3.5. + +Major enhancements in Samba 3.5.4 include: + + o Fix smbd crash when sambaLMPassword and sambaNTPassword entries missing + from ldap (bug #7448). + o Fix init_sam_from_ldap storing group in sid2uid cache (bug #7507). + + +Changes since 3.5.3 +------------------- + + +o Michael Adam + * BUG 7507: Fix init_sam_from_ldap storing group in sid2uid cache. + + +o Jeremy Allison + * BUG 7188: Make ea data checks identical for trans2open and trans2mkdir. + * BUG 7410: Samba sends "raw" inode number as uniqueid with unix extensions. + * BUG 7449: Fix spnego returning incorrect mechListMIC string. + + +o Günther Deschner + * BUG 7341: Fix Winbind over IPv6. + * BUG 7459: Fix some crash bugs and missing error codes in AddDriver paths. + * BUG 7479: Fix crash bug in _samr_QueryUserInfo{2} level 18. + * BUG 7517: Fix session setup from linux kernel cifs clients with + "sec=ntlmv2". + + +o Olaf Flebbe + * BUG 7209: Fix build on RHEL5. + + +o Björn Jacke + * BUG 7427: Using IBM xl_C compiler produces wrong results in configure. + * BUG 7503: Fix calculation of st_blocks in vfs_streams_xattr. + * BUG 7504: Fix numerous build issues. + + +o Volker Lendecke + * BUG 7253: Fix Samba login cache problem on Sparc Architecture. + * BUG 7262: Fix editing users' groups via UsrMgr. + + +o Buchan Milne + * BUG 7500: Fix 'not a string literal' warning in netdomjoin-gui. + + +o Matthieu Patou + * BUG 7099: Allow previous password to be stored and use it to check + tickets. + + +o Andreas Schneider + * BUG 7423: Fix printing large formats. + + +o Roel van Meer + * BUG 7448: Fix smbd crash when sambaLMPassword and sambaNTPassword entries + missing from ldap. + + +###################################################################### +Reporting bugs & Development Discussion +####################################### + +Please discuss this release on the samba-technical mailing list or by +joining the #samba-technical IRC channel on irc.freenode.net. + +If you do report problems then please try to send high quality +feedback. If you don't provide vital information to help us track down +the problem then you will probably be ignored. All bug reports should +be filed under the Samba 3.5 product in the project's Bugzilla +database (https://bugzilla.samba.org/). + + +====================================================================== +== Our Code, Our Bugs, Our Responsibility. +== The Samba Team +====================================================================== + + +---------------------------------------------------------------------- + + + ============================= + Release Notes for Samba 3.5.3 + May 19, 2010 + ============================= + + +This is the latest stable release of Samba 3.5. + +Major enhancements in Samba 3.5.3 include: + + o Fix MS-DFS functionality (bug #7339). + o Fix a Winbind crash when scanning trusts (bug #7389). + o Fix problems with SIGCHLD handling in Winbind (bug #7317). + + +Changes since 3.5.2 +------------------- + + +o Jeremy Allison + * BUG 7288: Fix SMB job IDs in CUPS job names. + * BUG 7339: Fix MS-DFS functionality. + + +o Andrew Bartlett + * BUG 7354: Fix CLDAP tsocket problem on Solaris. + + +o Ira Cooper + * BUG 7384: Fix bitmap leak in dptr_Close. + + +o Günther Deschner + * BUG 7277: Fix exporting printers via 'cupsaddsmb' command. + * BUG 7417: Fix setting of passwords via 'net rpc user password' command. + * BUG 7418: Fix 'net rpc printer list' command. + + +o Olaf Flebbe + * BUG 7421: Rename mod_name to module_name. + + +o Björn Jacke + * BUG 7352: Make TIME_T_MAX defines consistent. + * BUG 7385: Fix building with Solaris' gcc. + + +o Jeff Layton + * BUG 7315: Fix segfault in mount.cifs. + + +o Volker Lendecke + * BUG 7357: Re-fix a bug with smbd serving a windows terminal server. + * BUG 7389: Fix a Winbind crash when scanning trusts. + * BUG 7398: Fix rename problems with full_audit VFS module. + + +o Jim McDonough + * BUG 7378: Display an error on 'net conf import' failures. + + +o Stefan Metzmacher + * BUG 7196: Add replacement for IPV6_V6ONLY on linux systems with broken + headers. + * BUG 7317: Fix problems with SIGCHLD handling in Winbind. + * BUG 7354: Fix CLDAP tsocket problem on Solaris. + + +o Luca Olivetti + * BUG 7263: Fix cups encryption setting. + + +###################################################################### +Reporting bugs & Development Discussion +####################################### + +Please discuss this release on the samba-technical mailing list or by +joining the #samba-technical IRC channel on irc.freenode.net. + +If you do report problems then please try to send high quality +feedback. If you don't provide vital information to help us track down +the problem then you will probably be ignored. All bug reports should +be filed under the Samba 3.5 product in the project's Bugzilla +database (https://bugzilla.samba.org/). + + +====================================================================== +== Our Code, Our Bugs, Our Responsibility. +== The Samba Team +====================================================================== + + +---------------------------------------------------------------------- + + + ============================= + Release Notes for Samba 3.5.2 + April 7, 2010 + ============================= + + +This is the latest stable release of Samba 3.5. + +Major enhancements in Samba 3.5.2 include: + + o Fix smbd segfaults in _netr_SamLogon for clients sending null domain + (bug #7237). + o Fix smbd segfaults in "waiting for connections" message (bug #7251). + o Fix an uninitialized variable read in smbd (bug #7254). + o Fix a memleak in Winbind (bug #7278). + o Fix Winbind reconnection to it's own domain (bug #7295). + + +Changes since 3.5.1 +------------------- + + +o Michael Adam + * BUG 7231: Fix automatic building of vfs_tsmsm if gpfs and dmapi are + present. + * BUG 7232: Fix race conditions in CTDB persistent transactions. + * BUG 7313: Make 'net conf addshare' atomic. + * BUG 7314: Eliminate race condition in creating/scanning sorted subkeys in + the registry backend. + + +o Jeremy Allison + * BUG 7075: Fix bug in vfs_scannedonly rmdir implementation. + * BUG 7159: Fix handling of bad server data returns in client rpc_transport. + * BUG 7234: Symlink delete fails but incorrectly reports success to client. + * BUG 7255: Fix "printer admin" functionality. + * BUG 7283: Fix smbd segfault if using vfs_acl_tdb. + * BUG 7297: Fix smbd crashes with CUPS printers and no [printers] share defined. + * BUG 7310: Fix DOS attribute inconsistency with MS Office. + + +o Kai Blin + * BUG 7290: Fix core dump in 'ntlm_auth' with "gss-spnego" helper. + + +o Günther Deschner + * BUG 6727: Fix several printing issues. + * BUG 7237: Fix smbd segfaults in _netr_SamLogon for clients sending + null domain. + * BUG 7256: Fix value-needed calculation in_spoolss_EnumPrinterData(). + * BUG 7258: Fix _winreg_QueryValue crash bugs and implement Windows + behavior. + + +o Holger Hetterich + * BUG 7203: Fix 'net share' command. + + +o Michael Karcher + * BUG 7269: Fix job management commands for CUPS queues. + + +o Jeff Layton + * BUG 6853: Fix race condition in mount.cifs that allows user to replace + mountpoint with a symlink. + + +o Volker Lendecke + * BUG 5198: Fix parsing of the gecos field. + * BUG 7202: Fix access by multi-threaded applications. + * BUG 7212: Fix returning of group members with 'getent group'. + * BUG 7216: Fix the build of net_afs.c with --fake-kaserver=yes. + * BUG 7229: Fix a NULL pointer dereference in smbd. + * BUG 7232: Fix race conditions in CTDB persistent transactions. + * BUG 7254: Fix an uninitialized variable read in smbd. + * BUG 7278: Fix a memleak in Winbind. + + +o Roel van Meer + * BUG 6814: Fix valgrind warning. + + +o Stefan Metzmacher + * BUG 7170: Never mark external domains as internal in Winbind. + * BUG 7225: Make Winbind logs more verbose for troubleshooting. + * BUG 7251: Fix smbd segfault in "waiting for connections" message. + * BUG 7295: Fix Winbind reconnection to it's own domain. + * BUG 7316: Winbind possibly segfaults when trying a trusted domain without + inbound trust. + + +o SATOH Fumiyasu + * BUG 1206: Fix segfault if hide files or veto files has no ".AppleDouble". + + +o Simo Sorce + * BUG 7204: Fix DN parsing name was always null. + + +o Andrew Tridgell + * BUG 7312: Many disconnecting clients render clustered Samba unusuable + for some time. + + +o Bo Yang + * BUG 7206: Signals are processed twice in child. + + + +###################################################################### +Reporting bugs & Development Discussion +####################################### + +Please discuss this release on the samba-technical mailing list or by +joining the #samba-technical IRC channel on irc.freenode.net. + +If you do report problems then please try to send high quality +feedback. If you don't provide vital information to help us track down +the problem then you will probably be ignored. All bug reports should +be filed under the Samba 3.5 product in the project's Bugzilla +database (https://bugzilla.samba.org/). + + +====================================================================== +== Our Code, Our Bugs, Our Responsibility. +== The Samba Team +====================================================================== + +---------------------------------------------------------------------- + + ============================= + Release Notes for Samba 3.5.1 + March 8, 2010 + ============================= + + +This is a security release in order to address CVE-2010-0728. + + +o CVE-2010-0728: + In Samba releases 3.5.0, 3.4.6 and 3.3.11, new code + was added to fix a problem with Linux asynchronous IO handling. + This code introduced a bad security flaw on Linux platforms if the + binaries were built on Linux platforms with libcap support. + The flaw caused all smbd processes to inherit CAP_DAC_OVERRIDE + capabilities, allowing all file system access to be allowed + even when permissions should have denied access. + + +Changes since 3.5.0 +------------------- + + +o Jeremy Allison + * BUG 7222: Fix for CVE-2010-0728. + + +###################################################################### +Reporting bugs & Development Discussion +####################################### + +Please discuss this release on the samba-technical mailing list or by +joining the #samba-technical IRC channel on irc.freenode.net. + +If you do report problems then please try to send high quality +feedback. If you don't provide vital information to help us track down +the problem then you will probably be ignored. All bug reports should +be filed under the Samba 3.5 product in the project's Bugzilla +database (https://bugzilla.samba.org/). + + +====================================================================== +== Our Code, Our Bugs, Our Responsibility. +== The Samba Team +====================================================================== + + +---------------------------------------------------------------------- + + ============================= + Release Notes for Samba 3.5.0 + March 1, 2010 + =============================== -This is the third release candidate of Samba 3.5. This is *not* -intended for production environments and is designed for testing -purposes only. Please report any defects via the Samba bug reporting -system at https://bugzilla.samba.org/. +This is the first stable release of Samba 3.5. + Major enhancements in Samba 3.5.0 include: @@ -129,11 +1493,30 @@ o Stefan Metzmacher * Implement the new SMB2 protocol (experimental). +Changes since 3.5.0rc3 +---------------------- + + +o Günther Deschner + * BUG 7181: Fix 'net ads dns' usage calls. + * BUG 7182: Fix uninitialized variable in wkssvc_enumerateusers. + + +o Volker Lendecke + * BUG 7145: Fix duplicate sam and unix accounts. + * BUG 7166: Avoid calling cli_alloc_mid twice in cli_smb_req_iov_send. + + +o Stefan Metzmacher + * BUG 7160: Keep the the correct negotiate_flags on the cli->dc structure. + + Changes since 3.5.0rc2 ---------------------- o Jeremy Allison + * BUG 6557: Fix vfs_full_audit. * BUG 6876: Fix duplicate initializer in the rmdir module. * BUG 7063: Fix core dump on Ubuntu 8.04 64 bit. * BUG 7067: Fix failing of smbd to respond to a read or a write caused by @@ -147,6 +1530,9 @@ o Jeremy Allison * BUG 7104: "wide links" and "unix extensions" are incompatible. * BUG 7118: Fix nmbd problems with socket address. * BUG 7122: Fix reading of large browselist. + * BUG 7154: "mangling method = hash" can crash storing a name containing a '.'. + * BUG 7155: Valgrind Conditional jump or move depends on uninitialised + value(s) error when "mangling method = hash".. o Steven Danneman @@ -154,7 +1540,9 @@ o Steven Danneman o Günther Deschner + * BUG 6888: Fix printing with 64 bit clients. * BUG 7130: Fix listing of printjobs in Windows 7. + * BUG 7148: Fix get_acl_blob in the acl_tdb VFS module. o Björn Jacke @@ -170,13 +1558,16 @@ o Jeff Layton o Volker Lendecke * BUG 7085: Fix an early release of the global lock that can cause data corruption in libtdb. + * BUG 7139: Owner of file not available with Kerberos. o Stefan Metzmacher + * BUG 6888: Fix printing with 64 bit clients. * BUG 7098: Fix results of 'smbclient -L' with a large browse list. * BUG 7116: Add pdb_ldap performance fixes. * BUG 7118: Add new "nmbd bind explicit broadcast" parameter. * BUG 7119: Support large browselist. + * BUG 7140: Fix IPv4/IPv6 problems. o Lars Müller @@ -454,4 +1845,3 @@ database (https://bugzilla.samba.org/). == Our Code, Our Bugs, Our Responsibility. == The Samba Team ====================================================================== -