X-Git-Url: http://git.samba.org/?a=blobdiff_plain;f=WHATSNEW.txt;h=80589c77a75a5eb844a08b964ae78e35e8be9a5e;hb=e9d313880a6596fbf7fea5bda4e147aeaba02eb8;hp=eef1c15486bb826f990d3eb1057ed9889c136c84;hpb=5158bdcc222cb38b7cf4939e09f6d0fbb7868de2;p=obnox%2Fsamba-ctdb.git diff --git a/WHATSNEW.txt b/WHATSNEW.txt index eef1c15486..80589c77a7 100644 --- a/WHATSNEW.txt +++ b/WHATSNEW.txt @@ -1,3 +1,336 @@ + ============================= + Release Notes for Samba 3.4.7 + March 8, 2010 + ============================= + + +This is a security release in order to address CVE-2010-0728. + + +o CVE-2010-0728: + In Samba releases 3.5.0, 3.4.6 and 3.3.11, new code + was added to fix a problem with Linux asynchronous IO handling. + This code introduced a bad security flaw on Linux platforms if the + binaries were built on Linux platforms with libcap support. + The flaw caused all smbd processes to inherit CAP_DAC_OVERRIDE + capabilities, allowing all file system access to be allowed + even when permissions should have denied access. + + +Changes since 3.5.0 +------------------- + + +o Jeremy Allison + * BUG 7222: Fix for CVE-2010-0728. + + +###################################################################### +Reporting bugs & Development Discussion +####################################### + +Please discuss this release on the samba-technical mailing list or by +joining the #samba-technical IRC channel on irc.freenode.net. + +If you do report problems then please try to send high quality +feedback. If you don't provide vital information to help us track down +the problem then you will probably be ignored. All bug reports should +be filed under the Samba 3.4 product in the project's Bugzilla +database (https://bugzilla.samba.org/). + + +====================================================================== +== Our Code, Our Bugs, Our Responsibility. +== The Samba Team +====================================================================== + + +Release notes for older versions follow: +---------------------------------------- + + ============================= + Release Notes for Samba 3.4.6 + February 24, 2010 + ============================= + + +This is the latest stable release of Samba 3.4. + +Major enhancements in Samba 3.4.6 include: + + o "wide links" and "unix extensions" are incompatible (bug #7104). + o Fix printing with 64 bit clients (bug #6888). + o Fix core dump on Ubuntu 8.04 64 bit (bug #7063). + o Fix failing of smbd to respond to a read or a write caused by + Linux asynchronous IO (aio) (bug #7067). + o Fix string buffer overflow causing heap corruption in smbd (bug #7096). + + +###################################################################### +Changes +####### + +Changes since 3.4.5 +------------------- + + +o Michael Adam + * Make idmap cache persistent for "ldapsam:trusted". + * Also fill the memcache with sid<->id mappings in ldapsam_sid_to_id() not + only the persistent idmap cache. + * Shortcut uid_to_sid when "ldapsam:trusted = yes". + + +o Jeremy Allison + * BUG 6557: Fix vfs_full_audit. + * BUG 7063: Fix core dump on Ubuntu 8.04 64 bit. + * BUG 7067: Fix failing of smbd to respond to a read or a write caused by + Linux asynchronous IO (aio). + * BUG 7072: Fix unlocking of accounts from ldap. + * BUG 7081: Fix vfs_expand_msdfs. + * BUG 7104: "wide links" and "unix extensions" are incompatible. + * BUG 7122: Fix reading of large browselist. + * BUG 7154: "mangling method = hash" can crash storing a name containing a '.'. + * BUG 7155: Valgrind Conditional jump or move depends on uninitialised + value(s) error when "mangling method = hash". + + +o Steven Danneman + * BUG 7096: Fix string buffer overflow causing heap corruption in smbd. + + +o Günther Deschner + * BUG 6888: Fix printing with 64 bit clients. + * BUG 7130: Fix listing of printjobs in Windows 7. + * BUG 7136: Spoolss getprinterdriver2 level 101 marshalling is bad. + + +o William Jojo + * BUG 7052: Fix DFS on AIX (maybe others). + + +o Jeff Layton + * BUG 6868: Fix crash bug in 'cifs.upcall'. + + +o Volker Lendecke + * BUG 5885: Fix bogus ip address in SWAT. + * BUG 6981: Fix large paged search with DirX LDAP servers. + * BUG 7068: Fix pdb_search crash as non-root user. + * Make pdb_copy_sam_account also copy the group sid. + + +o Stefan Metzmacher + * BUG 6157: Use the first "uid" value. + * BUG 6888: Fix printing with 64 bit clients. + * BUG 7098: Fix results of 'smbclient -L' with a large browse list. + * Shortcut gid_to_sid when "ldapsam:trusted = yes". + * Speed up pdb_get_group_sid(). + * Try to build the full unix_pw structure with ldapsam:trusted support. + * Optimize ldapsam_alias_memberships() and cache ldap searches. + + +o Lars Müller + * BUG 7047: Add cross option to samba_cv_linux_getgrouplist_ok. + * BUG 7102: Normalize "Changing password for" msg IDs and STRs. + + +o Bo Yang + * BUG 7106: Fix malformed require_membership_of_sid. + + +###################################################################### +Reporting bugs & Development Discussion +####################################### + +Please discuss this release on the samba-technical mailing list or by +joining the #samba-technical IRC channel on irc.freenode.net. + +If you do report problems then please try to send high quality +feedback. If you don't provide vital information to help us track down +the problem then you will probably be ignored. All bug reports should +be filed under the Samba 3.4 product in the project's Bugzilla +database (https://bugzilla.samba.org/). + + +====================================================================== +== Our Code, Our Bugs, Our Responsibility. +== The Samba Team +====================================================================== + + +---------------------------------------------------------------------- + + + ============================= + Release Notes for Samba 3.4.5 + January 19, 2010 + ============================= + + +This is the latest stable release of Samba 3.4. + +Major enhancements in Samba 3.4.5 include: + + o Fix memory in leak in smbd (bug #7020). + o Fix changing of ACLs on writable files with "dos filemode=yes" (bug #5202). + + +###################################################################### +Changes +####### + +Changes since 3.4.4 +------------------- + + +o Jeremy Allison + * BUG 5202: Fix changing of ACLs on writable files with "dos filemode=yes". + * BUG 7020: Fix memory leak in smbd. + * BUG 7036: Fix 'net rpc getsid' in hardened Windows environments. + * BUG 7045: Fix bad (non memory copying) interfaces in smbc_setXXXX calls. + + +o Günther Deschner + * BUG 7043: Fix crash bug in "SMBC_parse_path". + + +o Volker Lendecke + * BUG 7046: Fix a crash in libsmbclient used against the OpenSolaris CIFS + server. + + +o Stefan Metzmacher + * BUG 6642: Fix opening the quota magic file. + * BUG 6919: Fix remote quota management. + + +o SASAJIMA Toshihiro + * BUG 7034: Fix internal error caused by vfs_cap. + + +###################################################################### +Reporting bugs & Development Discussion +####################################### + +Please discuss this release on the samba-technical mailing list or by +joining the #samba-technical IRC channel on irc.freenode.net. + +If you do report problems then please try to send high quality +feedback. If you don't provide vital information to help us track down +the problem then you will probably be ignored. All bug reports should +be filed under the Samba 3.4 product in the project's Bugzilla +database (https://bugzilla.samba.org/). + + +====================================================================== +== Our Code, Our Bugs, Our Responsibility. +== The Samba Team +====================================================================== + + +---------------------------------------------------------------------- + + + ============================= + Release Notes for Samba 3.4.4 + January 7, 2009 + ============================= + + +This is the latest stable release of Samba 3.4. + +Major enhancements in Samba 3.4.4 include: + + o Fix interdomain trust relationships with Win2008R2 (bug #6697). + o Fix Winbind crashes when queried from nss (bug #6889). + o Fix Winbind crash when retrieving empty group members (bug #7014). + o Fix "UID range full" error in Winbind (bug #6901). + o Fix multiple LDAP servers in "idmap backend" and "idmap alloc + backend" (bug #6910). + + +###################################################################### +Changes +####### + +Changes since 3.4.3 +------------------- + +o Michael Adam + * BUG 6851: Add pdbedit --kickoff-time/-K to set the user's kickoff time. + * BUG 6901: Fix "UID range full" error in Winbind. + * BUG 6910: Fix multiple LDAP servers in "idmap backend" and "idmap alloc + backend". + + +o Jeremy Allison + * BUG 6828: Fix infinite timeout when byte lock held outside of samba. + * BUG 6837: Fix "Too many open files" message when trying to access a large + number of files with Windows 7. + * BUG 6841: Fix "map acl inherit = yes". + * BUG 6867: Fix listing of directories with a lot of files. + * BUG 6875: Fix DOS attributes on OS/2 clients. + * BUG 6880: Fix listing of workgroup servers in libsmbclient. + * BUG 6898: Samba duplicates file content on appending. + * BUG 6939: Fix long filenames with "mangling method = hash". + * BUG 7005: Fix "mangle method = hash" truncates files with dot "." + character. + + +o Kai Blin + * BUG 4832: Fix iconv checks. + + +o Günther Deschner + * BUG 6697: Fix interdomain trust relationships with Win2008R2. + * BUG 6868: Support building with Heimdal we well as with MIT. + * BUG 6889: Fix Winbind crashes when queried from nss. + * BUG 6929: Fix build with recent heimdal. + * Fix the build of the winbind krb5 locator plugin. + * Fix enumprinter key client and server. + + +o Volker Lendecke + * BUG 6338: Do not always display "none" in 'net rpc trustdom list'. + * BUG 6850: Fix shadow copy display on Windows 7. + * BUG 6981: Fix paged search with DirX LDAP server. + * BUG 6982: Remove erroneous out of memory error path in lookup_sid. + * BUG 6997: Fix _samr_GetAliasMembership for results with 0 rids. + + +o Jim McDonough + * BUG 6967: Fix 'net ads join' with OU. + * BUG 7014: Fix Winbind crash when retrieving empty group members. + + +o Andrew Tridgell + * BUG 6918: Fix krb5 build problem on Ubuntu karmic. + + +###################################################################### +Reporting bugs & Development Discussion +####################################### + +Please discuss this release on the samba-technical mailing list or by +joining the #samba-technical IRC channel on irc.freenode.net. + +If you do report problems then please try to send high quality +feedback. If you don't provide vital information to help us track down +the problem then you will probably be ignored. All bug reports should +be filed under the Samba 3.4 product in the project's Bugzilla +database (https://bugzilla.samba.org/). + + +====================================================================== +== Our Code, Our Bugs, Our Responsibility. +== The Samba Team +====================================================================== + + +---------------------------------------------------------------------- + + ============================= Release Notes for Samba 3.4.3 October 29, 2009 @@ -10,6 +343,7 @@ Major enhancements in Samba 3.4.3 include: o Fix trust relationships to windows 2008 (2008 r2) (bug #6711). o Fix file corruption using smbclient with NT4 server (bug #6606). + o Fix Windows 7 share access (which defaults to NTLMv2) (bug #6680). ###################################################################### @@ -134,8 +468,8 @@ database (https://bugzilla.samba.org/). ====================================================================== -Release notes for older versions follow: ----------------------------------------- +---------------------------------------------------------------------- + ============================= Release Notes for Samba 3.4.2