1 ==============================
2 Release Notes for Samba 4.19.6
4 ==============================
7 This is the latest stable release of the Samba 4.19 release series.
13 o Ralph Boehme <slow@samba.org>
14 * BUG 15527: fd_handle_destructor() panics within an smbd_smb2_close() if
15 vfs_stat_fsp() fails in fd_close().
17 o Guenther Deschner <gd@samba.org>
18 * BUG 15588: samba-gpupdate: Correctly implement site support.
20 o Noel Power <noel.power@suse.com>
21 * BUG 15527: fd_handle_destructor() panics within an smbd_smb2_close() if
22 vfs_stat_fsp() fails in fd_close().
24 o Andreas Schneider <asn@samba.org>
25 * BUG 15588: samba-gpupdate: Correctly implement site support.
26 * BUG 15599: libgpo: Segfault in python bindings.
28 o Martin Schwenke <mschwenke@ddn.com>
29 * BUG 15580: Packet marshalling push support missing for
30 CTDB_CONTROL_TCP_CLIENT_DISCONNECTED and
31 CTDB_CONTROL_TCP_CLIENT_PASSED.
34 #######################################
35 Reporting bugs & Development Discussion
36 #######################################
38 Please discuss this release on the samba-technical mailing list or by
39 joining the #samba-technical:matrix.org matrix room, or
40 #samba-technical IRC channel on irc.libera.chat.
42 If you do report problems then please try to send high quality
43 feedback. If you don't provide vital information to help us track down
44 the problem then you will probably be ignored. All bug reports should
45 be filed under the Samba 4.1 and newer product in the project's Bugzilla
46 database (https://bugzilla.samba.org/).
49 ======================================================================
50 == Our Code, Our Bugs, Our Responsibility.
52 ======================================================================
55 Release notes for older releases follow:
56 ----------------------------------------
57 ==============================
58 Release Notes for Samba 4.19.5
60 ==============================
63 This is the latest stable release of the Samba 4.19 release series.
69 o Ralph Boehme <slow@samba.org>
70 * BUG 13688: Windows 2016 fails to restore previous version of a file from a
71 shadow_copy2 snapshot.
72 * BUG 15549: Symlinks on AIX are broken in 4.19 (and a few version before
75 o Bjoern Jacke <bj@sernet.de>
76 * BUG 12421: Fake directory create times has no effect.
78 o Björn Jacke <bjacke@samba.org>
79 * BUG 15550: ctime mixed up with mtime by smbd.
81 o David Mulder <dmulder@samba.org>
82 * BUG 15548: samba-gpupdate --rsop fails if machine is not in a site.
84 o Gabriel Nagy <gabriel.nagy@canonical.com>
85 * BUG 15557: gpupdate: The root cert import when NDES is not available is
88 o Andreas Schneider <asn@samba.org>
89 * BUG 15552: samba-gpupdate should print a useful message if cepces-submit
91 * BUG 15558: samba-gpupdate logging doesn't work.
93 o Jones Syue <jonessyue@qnap.com>
94 * BUG 15555: smbpasswd reset permissions only if not 0600.
97 #######################################
98 Reporting bugs & Development Discussion
99 #######################################
101 Please discuss this release on the samba-technical mailing list or by
102 joining the #samba-technical:matrix.org matrix room, or
103 #samba-technical IRC channel on irc.libera.chat.
105 If you do report problems then please try to send high quality
106 feedback. If you don't provide vital information to help us track down
107 the problem then you will probably be ignored. All bug reports should
108 be filed under the Samba 4.1 and newer product in the project's Bugzilla
109 database (https://bugzilla.samba.org/).
112 ======================================================================
113 == Our Code, Our Bugs, Our Responsibility.
115 ======================================================================
118 ----------------------------------------------------------------------
119 ==============================
120 Release Notes for Samba 4.19.4
122 ==============================
125 This is the latest stable release of the Samba 4.19 release series.
131 o Samuel Cabrero <scabrero@samba.org>
132 * BUG 13577: net changesecretpw cannot set the machine account password if
133 secrets.tdb is empty.
135 o Björn Jacke <bjacke@samba.org>
136 * BUG 15540: For generating doc, take, if defined, env XML_CATALOG_FILES.
137 * BUG 15541: Trivial C typo in nsswitch/winbind_nss_netbsd.c.
138 * BUG 15542: vfs_linux_xfs is incorrectly named.
140 o Björn Jacke <bj@sernet.de>
141 * BUG 15377: systemd stumbled over copyright-message at smbd startup.
143 o Volker Lendecke <vl@samba.org>
144 * BUG 15505: Following intermediate abolute share-local symlinks is broken.
145 * BUG 15523: ctdb RELEASE_IP causes a crash in release_ip if a connection to
146 a non-public address disconnects first.
147 * BUG 15544: shadow_copy2 broken when current fileset's directories are
150 o Stefan Metzmacher <metze@samba.org>
151 * BUG 15377: systemd stumbled over copyright-message at smbd startup.
152 * BUG 15523: ctdb RELEASE_IP causes a crash in release_ip if a connection to
153 a non-public address disconnects first.
154 * BUG 15534: smbd does not detect ctdb public ipv6 addresses for multichannel
157 o Andreas Schneider <asn@samba.org>
158 * BUG 15469: 'force user = localunixuser' doesn't work if 'allow trusted
159 domains = no' is set.
160 * BUG 15525: smbget debug logging doesn't work.
161 * BUG 15532: smget: username in the smburl and interactive password entry
163 * BUG 15538: smbget auth function doesn't set values for password prompt
166 o Martin Schwenke <mschwenke@ddn.com>
167 * BUG 15523: ctdb RELEASE_IP causes a crash in release_ip if a connection to
168 a non-public address disconnects first.
170 o Shachar Sharon <ssharon@redhat.com>
171 * BUG 15440: Unable to copy and write files from clients to Ceph cluster via
172 SMB Linux gateway with Ceph VFS module.
174 o Jones Syue <jonessyue@qnap.com>
175 * BUG 15547: Multichannel refresh network information.
178 #######################################
179 Reporting bugs & Development Discussion
180 #######################################
182 Please discuss this release on the samba-technical mailing list or by
183 joining the #samba-technical:matrix.org matrix room, or
184 #samba-technical IRC channel on irc.libera.chat.
186 If you do report problems then please try to send high quality
187 feedback. If you don't provide vital information to help us track down
188 the problem then you will probably be ignored. All bug reports should
189 be filed under the Samba 4.1 and newer product in the project's Bugzilla
190 database (https://bugzilla.samba.org/).
193 ======================================================================
194 == Our Code, Our Bugs, Our Responsibility.
196 ======================================================================
199 ----------------------------------------------------------------------
200 ==============================
201 Release Notes for Samba 4.19.3
203 ==============================
206 This is the latest stable release of the Samba 4.19 release series.
207 It contains the security-relevant bugfix CVE-2018-14628:
209 Wrong ntSecurityDescriptor values for "CN=Deleted Objects"
210 allow read of object tombstones over LDAP
211 (Administrator action required!)
212 https://www.samba.org/samba/security/CVE-2018-14628.html
215 Description of CVE-2018-14628
216 -----------------------------
218 All versions of Samba from 4.0.0 onwards are vulnerable to an
219 information leak (compared with the established behaviour of
220 Microsoft's Active Directory) when Samba is an Active Directory Domain
223 When a domain was provisioned with an unpatched Samba version,
224 the ntSecurityDescriptor is simply inherited from Domain/Partition-HEAD-Object
225 instead of being very strict (as on a Windows provisioned domain).
227 This means also non privileged users can use the
228 LDAP_SERVER_SHOW_DELETED_OID control in order to view,
229 the names and preserved attributes of deleted objects.
231 No information that was hidden before the deletion is visible, but in
232 with the correct ntSecurityDescriptor value in place the whole object
233 is also not visible without administrative rights.
235 There is no further vulnerability associated with this error, merely an
236 information disclosure.
238 Action required in order to resolve CVE-2018-14628!
239 ---------------------------------------------------
241 The patched Samba does NOT protect existing domains!
243 The administrator needs to run the following command
244 (on only one domain controller)
245 in order to apply the protection to an existing domain:
247 samba-tool dbcheck --cross-ncs --attrs=nTSecurityDescriptor --fix
249 The above requires manual interaction in order to review the
250 changes before they are applied. Typicall question look like this:
252 Reset nTSecurityDescriptor on CN=Deleted Objects,DC=samba,DC=org back to provision default?
253 Owner mismatch: SY (in ref) DA(in current)
254 Group mismatch: SY (in ref) DA(in current)
255 Part dacl is different between reference and current here is the detail:
256 (A;;LCRPLORC;;;AU) ACE is not present in the reference
257 (A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;SY) ACE is not present in the reference
258 (A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;DA) ACE is not present in the reference
259 (A;;CCDCLCSWRPWPSDRCWDWO;;;SY) ACE is not present in the current
260 (A;;LCRP;;;BA) ACE is not present in the current
262 Fixed attribute 'nTSecurityDescriptor' of 'CN=Deleted Objects,DC=samba,DC=org'
264 The change should be confirmed with 'y' for all objects starting with
265 'CN=Deleted Objects'.
271 o Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
272 * BUG 15520: sid_strings test broken by unix epoch > 1700000000.
274 o Ralph Boehme <slow@samba.org>
275 * BUG 15487: smbd crashes if asked to return full information on close of a
276 stream handle with delete on close disposition set.
277 * BUG 15521: smbd: fix close order of base_fsp and stream_fsp in
278 smb_fname_fsp_destructor().
280 o Pavel Filipenský <pfilipensky@samba.org>
281 * BUG 15499: Improve logging for failover scenarios.
283 o Björn Jacke <bj@sernet.de>
284 * BUG 15093: Files without "read attributes" NFS4 ACL permission are not
285 listed in directories.
287 o Stefan Metzmacher <metze@samba.org>
288 * BUG 13595: CVE-2018-14628 [SECURITY] Deleted Object tombstones visible in
289 AD LDAP to normal users.
290 * BUG 15492: Kerberos TGS-REQ with User2User does not work for normal
293 o Christof Schmitt <cs@samba.org>
294 * BUG 15507: vfs_gpfs stat calls fail due to file system permissions.
296 o Andreas Schneider <asn@samba.org>
297 * BUG 15513: Samba doesn't build with Python 3.12.
300 #######################################
301 Reporting bugs & Development Discussion
302 #######################################
304 Please discuss this release on the samba-technical mailing list or by
305 joining the #samba-technical:matrix.org matrix room, or
306 #samba-technical IRC channel on irc.libera.chat.
308 If you do report problems then please try to send high quality
309 feedback. If you don't provide vital information to help us track down
310 the problem then you will probably be ignored. All bug reports should
311 be filed under the Samba 4.1 and newer product in the project's Bugzilla
312 database (https://bugzilla.samba.org/).
315 ======================================================================
316 == Our Code, Our Bugs, Our Responsibility.
318 ======================================================================
321 ----------------------------------------------------------------------
322 ==============================
323 Release Notes for Samba 4.19.2
325 ==============================
328 This is the latest stable release of the Samba 4.19 release series.
334 o Jeremy Allison <jra@samba.org>
335 * BUG 15423: Use-after-free in aio_del_req_from_fsp during smbd shutdown
336 after failed IPC FSCTL_PIPE_TRANSCEIVE.
337 * BUG 15426: clidfs.c do_connect() missing a "return" after a cli_shutdown()
340 o Ralph Boehme <slow@samba.org>
341 * BUG 15463: macOS mdfind returns only 50 results.
343 o Volker Lendecke <vl@samba.org>
344 * BUG 15481: GETREALFILENAME_CACHE can modify incoming new filename with
345 previous cache entry value.
347 o Stefan Metzmacher <metze@samba.org>
348 * BUG 15464: libnss_winbind causes memory corruption since samba-4.18,
349 impacts sendmail, zabbix, potentially more.
351 o Martin Schwenke <mschwenke@ddn.com>
352 * BUG 15479: ctdbd: setproctitle not initialized messages flooding logs.
354 o Joseph Sutton <josephsutton@catalyst.net.nz>
355 * BUG 15491: CVE-2023-5568 Heap buffer overflow with freshness tokens in the
356 Heimdal KDC in Samba 4.19
357 * BUG 15477: The heimdal KDC doesn't detect s4u2self correctly when fast is
361 #######################################
362 Reporting bugs & Development Discussion
363 #######################################
365 Please discuss this release on the samba-technical mailing list or by
366 joining the #samba-technical:matrix.org matrix room, or
367 #samba-technical IRC channel on irc.libera.chat.
369 If you do report problems then please try to send high quality
370 feedback. If you don't provide vital information to help us track down
371 the problem then you will probably be ignored. All bug reports should
372 be filed under the Samba 4.1 and newer product in the project's Bugzilla
373 database (https://bugzilla.samba.org/).
376 ======================================================================
377 == Our Code, Our Bugs, Our Responsibility.
379 ======================================================================
382 ----------------------------------------------------------------------
383 ==============================
384 Release Notes for Samba 4.19.1
386 ==============================
389 This is a security release in order to address the following defects:
392 o CVE-2023-3961: Unsanitized pipe names allow SMB clients to connect as root to
393 existing unix domain sockets on the file system.
394 https://www.samba.org/samba/security/CVE-2023-3961.html
396 o CVE-2023-4091: SMB client can truncate files to 0 bytes by opening files with
397 OVERWRITE disposition when using the acl_xattr Samba VFS
398 module with the smb.conf setting
399 "acl_xattr:ignore system acls = yes"
400 https://www.samba.org/samba/security/CVE-2023-4091.html
402 o CVE-2023-4154: An RODC and a user with the GET_CHANGES right can view all
403 attributes, including secrets and passwords. Additionally,
404 the access check fails open on error conditions.
405 https://www.samba.org/samba/security/CVE-2023-4154.html
407 o CVE-2023-42669: Calls to the rpcecho server on the AD DC can request that the
408 server block for a user-defined amount of time, denying
410 https://www.samba.org/samba/security/CVE-2023-42669.html
412 o CVE-2023-42670: Samba can be made to start multiple incompatible RPC
413 listeners, disrupting service on the AD DC.
414 https://www.samba.org/samba/security/CVE-2023-42670.html
420 o Jeremy Allison <jra@samba.org>
421 * BUG 15422: CVE-2023-3961.
423 o Andrew Bartlett <abartlet@samba.org>
424 * BUG 15424: CVE-2023-4154.
425 * BUG 15473: CVE-2023-42670.
426 * BUG 15474: CVE-2023-42669.
428 o Ralph Boehme <slow@samba.org>
429 * BUG 15439: CVE-2023-4091.
432 #######################################
433 Reporting bugs & Development Discussion
434 #######################################
436 Please discuss this release on the samba-technical mailing list or by
437 joining the #samba-technical:matrix.org matrix room, or
438 #samba-technical IRC channel on irc.libera.chat.
440 If you do report problems then please try to send high quality
441 feedback. If you don't provide vital information to help us track down
442 the problem then you will probably be ignored. All bug reports should
443 be filed under the Samba 4.1 and newer product in the project's Bugzilla
444 database (https://bugzilla.samba.org/).
447 ======================================================================
448 == Our Code, Our Bugs, Our Responsibility.
450 ======================================================================
453 ----------------------------------------------------------------------
454 ==============================
455 Release Notes for Samba 4.19.0
457 ==============================
459 This is the first stable release of the Samba 4.19 release series.
460 Please read the release notes carefully before upgrading.
465 Migrated smbget to use common command line parser
466 -------------------------------------------------
468 The smbget utility implemented its own command line parsing logic. After
469 discovering an issue we decided to migrate it to use the common command line
470 parser. This has some advantages as you get all the feature it provides like
471 Kerberos authentication. The downside is that breaks the options interface.
472 The support for smbgetrc has been removed. You can use an authentication file
473 if needed, this is documented in the manpage.
475 Please check the smbget manpage or --help output.
480 The libgpo.get_gpo_list function has been deprecated in favor of
481 an implementation written in python. The new function can be imported via
482 `import samba.gp`. The python implementation connects to Active Directory
483 using the SamDB module, instead of ADS (which is what libgpo uses).
485 Improved winbind logging and a new tool for parsing the winbind logs
486 --------------------------------------------------------------------
488 Winbind logs (if smb.conf 'winbind debug traceid = yes' is set) contain new
489 trace header fields 'traceid' and 'depth'. Field 'traceid' allows to track the
490 trace records belonging to the same request. Field 'depth' allows to track the
491 request nesting level. A new tool samba-log-parser is added for better log
494 AD database prepared to FL 2016 standards for new domains
495 ---------------------------------------------------------
497 While Samba still provides only Functional Level 2008R2 by default,
498 Samba as an AD DC will now, in provision ensure that the blank
499 database is already prepared for Functional Level 2016, with AD Schema
502 This preparation is of the default objects in the database, adding
503 containers for Authentication Policies, Authentication Silos and AD
504 claims in particular. These DB objects must be updated to allow
505 operation of the new features found in higher functional levels.
507 Kerberos Claims, Authentication Silos and NTLM authentication policies
508 ----------------------------------------------------------------------
510 An initial, partial implementation of Active Directory Functional
511 Level 2012, 2012R2 and 2016 is available in this release.
513 In particular Samba will issue Active Directory "Claims" in the PAC,
514 for member servers that support these, and honour in-directory
515 configuration for Authentication Policies and Authentication Silos.
517 The primary limitation is that while Samba can read and write claims
518 in the directory, and populate the PAC, Samba does not yet use them
519 for access control decisions.
521 While we continue to develop these features, existing domains can
522 test the feature by selecting the functional level in provision or
523 raising the DC functional level by setting
525 ad dc functional level = 2016
529 The smb.conf file on each DC must have 'ad dc functional level = 2016'
530 set to have the partially complete feature available. This will also,
531 at first startup, update the server's own AD entry with the configured
534 For new domains, add these parameters to 'samba-tool provision'
536 --option="ad dc functional level = 2016" --function-level=2016
538 The second option, setting the overall domain functional level
539 indicates that all DCs should be at this functional level.
541 To raise the domain functional level of an existing domain, after
542 updating the smb.conf and restarting Samba run
543 samba-tool domain schemaupgrade --schema=2019
544 samba-tool domain functionalprep --function-level=2016
545 samba-tool domain level raise --domain-level=2016 --forest-level=2016
547 Improved KDC Auditing
548 ---------------------
550 As part of the auditing required to allow successful deployment of
551 Authentication Policies and Authentication Silos, our KDC now provides
552 Samba-style JSON audit logging of all issued Kerberos tickets,
553 including if they would fail a policy that is not yet enforced.
554 Additionally most failures are audited, (after the initial
555 pre-validation of the request).
557 Kerberos Armoring (FAST) Support for Windows clients
558 ----------------------------------------------------
560 In domains where the domain controller functional level is set, as
561 above, to 2012, 2012_R2 or 2016, Windows clients will, if configured
562 via GPO, use FAST to protect user passwords between (in particular) a
563 workstation and the KDC on the AD DC. This is a significant security
564 improvement, as weak passwords in an AS-REQ are no longer available
567 Claims compression in the AD PAC
568 --------------------------------
570 Samba as an AD DC will compress "AD claims" using the same compression
571 algorithm as Microsoft Windows.
573 Resource SID compression in the AD PAC
574 --------------------------------------
576 Samba as an AD DC will now correctly populate the various PAC group
577 membership buffers, splitting global and local groups correctly.
579 Additionally, Samba marshals Resource SIDs, being local groups in the
580 member server's own domain, to only consume a header and 4 bytes per
581 group in the PAC, not a full-length SID worth of space each. This is
582 known as "Resource SID compression".
584 Resource Based Constrained Delegation (RBCD) support in both MIT and Heimdal
585 -----------------------------------------------------------------------------
587 Samba AD DC built with MIT Kerberos (1.20 and later) has offered RBCD
588 support since Samba 4.17. Samba 4.19 brings this feature to the
591 Samba 4.17 added to samba-tool delegation the 'add-principal' and
592 'del-principal' subcommands in order to manage RBCD, and the database
593 changes made by these tools are now honoured by the Heimdal KDC once
596 Likewise, now both MIT (1.20 and later) and Heimdal KDCs add the
597 Asserted Identity [1] SID into the PAC for constrained delegation.
599 [1] https://docs.microsoft.com/en-us/windows-server/security/kerberos/kerberos-constrained-delegation-overview
601 New samba-tool support for silos, claims, sites and subnets.
602 ------------------------------------------------------------
604 samba-tool can now list, show, add and manipulate Authentication Silos
605 (silos) and Active Directory Authentication Claims (claims).
607 samba-tool can now list and show Active Directory sites and subnets.
609 A new Object Relational Model (ORM) based architecture, similar to
610 that used with Django, has been built to make adding new samba-tool
611 subcommands simpler and more consistent, with JSON output available
612 standard on these new commands.
614 Updated GnuTLS requirement / in-tree cryptography removal
615 ----------------------------------------------------------
617 Samba requires GnuTLS 3.6.13 and prefers GnuTLS 3.6.14 or later.
619 This has allowed Samba to remove all of our in-tree cryptography,
620 except that found in our Heimdal import. Samba's runtime cryptography
621 needs are now all provided by GnuTLS.
623 (The GnuTLS vesion requirement is raised to 3.7.2 on systems without
624 the Linux getrandom())
626 We also use Python's cryptography module for our testing.
628 The use of well known cryptography libraries makes Samba easier for
629 end-users to validate and deploy, and for distributors to ship. This
630 is the end of a very long journey for Samba.
632 Updated Heimdal import
633 ----------------------
635 Samba's Heimdal branch (known as lorikeet-heimdal) has been updated to
636 the current pre-8.0 (master) tree from upstream Heimdal, ensuring that
637 this vendored copy, included in our release remains as close as
638 possible to the current upstream code.
640 Revocation support in Heimdal KDC for PKINIT certificates
641 ---------------------------------------------------------
643 Samba will now correctly honour the revocation of 'smart card'
644 certificates used for PKINIT Kerberos authentication.
646 This list is reloaded each time the file changes, so no further action
647 other than replacing the file is required. The additional krb5.conf
651 pkinit_revoke = FILE:/path/to/crl.pem
653 Information on the "Smart Card login" feature as a whole is at:
654 https://wiki.samba.org/index.php/Samba_AD_Smart_Card_Login
656 Protocol level testsuite for (Smart Card Logon) PKINIT
657 ------------------------------------------------------
659 Previously Samba's PKINIT support in the KDC was tested by use of
660 shell scripts around the client tools of MIT or Heimdal Kerberos.
661 Samba's independently written python testsuite has been extended to
662 validate KDC behaviour for PKINIT.
664 Require encrypted connection to modify unicodePwd on the AD DC
665 --------------------------------------------------------------
667 Setting the password on an AD account on should never be attempted
668 over a plaintext or signed-only LDAP connection. If the unicodePwd
669 (or userPassword) attribute is modified without encryption (as seen by
670 Samba), the request will be rejected. This is to encourage the
671 administrator to use an encrypted connection in the future.
673 NOTE WELL: If Samba is accessed via a TLS frontend or load balancer,
674 the LDAP request will be regarded as plaintext.
676 Samba AD TLS Certificates can be reloaded
677 -----------------------------------------
679 The TLS certificates used for Samba's AD DC LDAP server were
680 previously only read on startup, and this meant that when then expired
681 it was required to restart Samba, disrupting service to other users.
683 smbcontrol ldap_server reload-certs
685 This will now allow these certificates to be reloaded 'on the fly'
695 Parameter Name Description Default
696 -------------- ----------- -------
697 winbind debug traceid Add traceid No
698 directory name cache size Removed
701 CHANGES SINCE 4.19.0rc4
702 =======================
704 o MikeLiu <mikeliu@qnap.com>
705 * BUG 15453: File doesn't show when user doesn't have permission if
706 aio_pthread is loaded.
708 o Martin Schwenke <mschwenke@ddn.com>
709 * BUG 15451: ctdb_killtcp fails to work with --enable-pcap and libpcap ≥
713 CHANGES SINCE 4.19.0rc3
714 =======================
716 o Martin Schwenke <mschwenke@ddn.com>
717 * BUG 15460: Logging to stdout/stderr with DEBUG_SYSLOG_FORMAT_ALWAYS can log
720 o Joseph Sutton <josephsutton@catalyst.net.nz>
721 * BUG 15458: ‘samba-tool domain level raise’ fails unless given a URL.
724 CHANGES SINCE 4.19.0rc2
725 =======================
727 o Jeremy Allison <jra@samba.org>
728 * BUG 15420: reply_sesssetup_and_X() can dereference uninitialized tmp
730 * BUG 15430: missing return in reply_exit_done().
731 * BUG 15432: TREE_CONNECT without SETUP causes smbd to use uninitialized
734 o Andrew Bartlett <abartlet@samba.org>
735 * BUG 15401: Avoid infinite loop in initial user sync with Azure AD Connect
736 when synchronising a large Samba AD domain.
737 * BUG 15407: Samba replication logs show (null) DN.
739 o Stefan Metzmacher <metze@samba.org>
740 * BUG 15346: 2-3min delays at reconnect with smb2_validate_sequence_number:
742 * BUG 15446: DCERPC_PKT_CO_CANCEL and DCERPC_PKT_ORPHANED can't be parsed.
744 o Martin Schwenke <mschwenke@ddn.com>
745 * BUG 15438: CID 1539212 causes real issue when output contains only
748 o Joseph Sutton <josephsutton@catalyst.net.nz>
749 * BUG 15452: KDC encodes INT64 claims incorrectly.
751 o Jones Syue <jonessyue@qnap.com>
752 * BUG 15449: mdssvc: Do an early talloc_free() in _mdssvc_open().
755 CHANGES SINCE 4.19.0rc1
756 =======================
758 o Andrew Bartlett <abartlet@samba.org>
759 * BUG 9959: Windows client join fails if a second container CN=System exists
762 o Noel Power <noel.power@suse.com>
763 * BUG 15435: regression DFS not working with widelinks = true.
765 o Arvid Requate <requate@univention.de>
766 * BUG 9959: Windows client join fails if a second container CN=System exists
769 o Joseph Sutton <josephsutton@catalyst.net.nz>
770 * BUG 15443: Heimdal fails to build on 32-bit FreeBSD.
772 o Jones Syue <jonessyue@qnap.com>
773 * BUG 15441: samba-tool ntacl get segfault if aio_pthread appended.
779 https://wiki.samba.org/index.php/Release_Planning_for_Samba_4.19#Release_blocking_bugs
782 #######################################
783 Reporting bugs & Development Discussion
784 #######################################
786 Please discuss this release on the samba-technical mailing list or by
787 joining the #samba-technical:matrix.org matrix room, or
788 #samba-technical IRC channel on irc.libera.chat
790 If you do report problems then please try to send high quality
791 feedback. If you don't provide vital information to help us track down
792 the problem then you will probably be ignored. All bug reports should
793 be filed under the Samba 4.1 and newer product in the project's Bugzilla
794 database (https://bugzilla.samba.org/).
797 ======================================================================
798 == Our Code, Our Bugs, Our Responsibility.
800 ======================================================================