1 ===============================
2 Release Notes for Samba 4.18.11
4 ===============================
7 This is the latest stable release of the Samba 4.18 release series.
13 o Martin Schwenke <mschwenke@ddn.com>
14 * BUG 15580: Packet marshalling push support missing for
15 CTDB_CONTROL_TCP_CLIENT_DISCONNECTED and
16 CTDB_CONTROL_TCP_CLIENT_PASSED
19 #######################################
20 Reporting bugs & Development Discussion
21 #######################################
23 Please discuss this release on the samba-technical mailing list or by
24 joining the #samba-technical:matrix.org matrix room, or
25 #samba-technical IRC channel on irc.libera.chat.
27 If you do report problems then please try to send high quality
28 feedback. If you don't provide vital information to help us track down
29 the problem then you will probably be ignored. All bug reports should
30 be filed under the Samba 4.1 and newer product in the project's Bugzilla
31 database (https://bugzilla.samba.org/).
34 ======================================================================
35 == Our Code, Our Bugs, Our Responsibility.
37 ======================================================================
40 Release notes for older releases follow:
41 ----------------------------------------
42 ===============================
43 Release Notes for Samba 4.18.10
45 ===============================
48 This is the latest stable release of the Samba 4.18 release series.
54 o Ralph Boehme <slow@samba.org>
55 * BUG 13688: Windows 2016 fails to restore previous version of a file from a
56 shadow_copy2 snapshot.
57 * BUG 15549: Symlinks on AIX are broken in 4.19 (and a few version before
60 o Samuel Cabrero <scabrero@samba.org>
61 * BUG 13577: net changesecretpw cannot set the machine account password if
64 o Bjoern Jacke <bj@sernet.de>
65 * BUG 12421: Fake directory create times has no effect.
67 o Björn Jacke <bjacke@samba.org>
68 * BUG 15540: For generating doc, take, if defined, env XML_CATALOG_FILES.
69 * BUG 15541: Trivial C typo in nsswitch/winbind_nss_netbsd.c.
70 * BUG 15542: vfs_linux_xfs is incorrectly named.
71 * BUG 15550: ctime mixed up with mtime by smbd.
73 o Volker Lendecke <vl@samba.org>
74 * BUG 15523: ctdb RELEASE_IP causes a crash in release_ip if a connection to
75 a non-public address disconnects first.
76 * BUG 15544: shadow_copy2 broken when current fileset's directories are
79 o Stefan Metzmacher <metze@samba.org>
80 * BUG 15523: ctdb RELEASE_IP causes a crash in release_ip if a connection to
81 a non-public address disconnects first.
82 * BUG 15534: smbd does not detect ctdb public ipv6 addresses for multichannel
85 o Martin Schwenke <mschwenke@ddn.com>
86 * BUG 15523: ctdb RELEASE_IP causes a crash in release_ip if a connection to
87 a non-public address disconnects first.
89 o Shachar Sharon <ssharon@redhat.com>
90 * BUG 15440: Unable to copy and write files from clients to Ceph cluster via
91 SMB Linux gateway with Ceph VFS module.
93 o Jones Syue <jonessyue@qnap.com>
94 * BUG 15547: Multichannel refresh network information.
95 * BUG 15555: smbpasswd reset permissions only if not 0600.
98 #######################################
99 Reporting bugs & Development Discussion
100 #######################################
102 Please discuss this release on the samba-technical mailing list or by
103 joining the #samba-technical:matrix.org matrix room, or
104 #samba-technical IRC channel on irc.libera.chat.
106 If you do report problems then please try to send high quality
107 feedback. If you don't provide vital information to help us track down
108 the problem then you will probably be ignored. All bug reports should
109 be filed under the Samba 4.1 and newer product in the project's Bugzilla
110 database (https://bugzilla.samba.org/).
113 ======================================================================
114 == Our Code, Our Bugs, Our Responsibility.
116 ======================================================================
119 ----------------------------------------------------------------------
120 ==============================
121 Release Notes for Samba 4.18.9
123 ==============================
126 This is the latest stable release of the Samba 4.18 release series.
127 It contains the security-relevant bugfix CVE-2018-14628:
129 Wrong ntSecurityDescriptor values for "CN=Deleted Objects"
130 allow read of object tombstones over LDAP
131 (Administrator action required!)
132 https://www.samba.org/samba/security/CVE-2018-14628.html
135 Description of CVE-2018-14628
136 -----------------------------
138 All versions of Samba from 4.0.0 onwards are vulnerable to an
139 information leak (compared with the established behaviour of
140 Microsoft's Active Directory) when Samba is an Active Directory Domain
143 When a domain was provisioned with an unpatched Samba version,
144 the ntSecurityDescriptor is simply inherited from Domain/Partition-HEAD-Object
145 instead of being very strict (as on a Windows provisioned domain).
147 This means also non privileged users can use the
148 LDAP_SERVER_SHOW_DELETED_OID control in order to view,
149 the names and preserved attributes of deleted objects.
151 No information that was hidden before the deletion is visible, but in
152 with the correct ntSecurityDescriptor value in place the whole object
153 is also not visible without administrative rights.
155 There is no further vulnerability associated with this error, merely an
156 information disclosure.
158 Action required in order to resolve CVE-2018-14628!
159 ---------------------------------------------------
161 The patched Samba does NOT protect existing domains!
163 The administrator needs to run the following command
164 (on only one domain controller)
165 in order to apply the protection to an existing domain:
167 samba-tool dbcheck --cross-ncs --attrs=nTSecurityDescriptor --fix
169 The above requires manual interaction in order to review the
170 changes before they are applied. Typicall question look like this:
172 Reset nTSecurityDescriptor on CN=Deleted Objects,DC=samba,DC=org back to provision default?
173 Owner mismatch: SY (in ref) DA(in current)
174 Group mismatch: SY (in ref) DA(in current)
175 Part dacl is different between reference and current here is the detail:
176 (A;;LCRPLORC;;;AU) ACE is not present in the reference
177 (A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;SY) ACE is not present in the reference
178 (A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;DA) ACE is not present in the reference
179 (A;;CCDCLCSWRPWPSDRCWDWO;;;SY) ACE is not present in the current
180 (A;;LCRP;;;BA) ACE is not present in the current
182 Fixed attribute 'nTSecurityDescriptor' of 'CN=Deleted Objects,DC=samba,DC=org'
184 The change should be confirmed with 'y' for all objects starting with
185 'CN=Deleted Objects'.
191 o Michael Adam <obnox@samba.org>
192 * BUG 15497: Add make command for querying Samba version.
194 o Ralph Boehme <slow@samba.org>
195 * BUG 15487: smbd crashes if asked to return full information on close of a
196 stream handle with delete on close disposition set.
197 * BUG 15521: smbd: fix close order of base_fsp and stream_fsp in
198 smb_fname_fsp_destructor().
200 o Björn Jacke <bj@sernet.de>
201 * BUG 15093: Files without "read attributes" NFS4 ACL permission are not
202 listed in directories.
204 o Stefan Metzmacher <metze@samba.org>
205 * BUG 13595: CVE-2018-14628 [SECURITY] Deleted Object tombstones visible in
206 AD LDAP to normal users.
208 o Christof Schmitt <cs@samba.org>
209 * BUG 15507: vfs_gpfs stat calls fail due to file system permissions.
211 o Christof Schmitt <christof.schmitt@us.ibm.com>
212 * BUG 15497: Add make command for querying Samba version.
214 o Martin Schwenke <mschwenke@ddn.com>
215 * BUG 15479: ctdbd: setproctitle not initialized messages flooding logs.
218 #######################################
219 Reporting bugs & Development Discussion
220 #######################################
222 Please discuss this release on the samba-technical mailing list or by
223 joining the #samba-technical:matrix.org matrix room, or
224 #samba-technical IRC channel on irc.libera.chat.
226 If you do report problems then please try to send high quality
227 feedback. If you don't provide vital information to help us track down
228 the problem then you will probably be ignored. All bug reports should
229 be filed under the Samba 4.1 and newer product in the project's Bugzilla
230 database (https://bugzilla.samba.org/).
233 ======================================================================
234 == Our Code, Our Bugs, Our Responsibility.
236 ======================================================================
239 ----------------------------------------------------------------------
240 ==============================
241 Release Notes for Samba 4.18.8
243 ==============================
246 This is a security release in order to address the following defects:
249 o CVE-2023-3961: Unsanitized pipe names allow SMB clients to connect as root to
250 existing unix domain sockets on the file system.
251 https://www.samba.org/samba/security/CVE-2023-3961.html
253 o CVE-2023-4091: SMB client can truncate files to 0 bytes by opening files with
254 OVERWRITE disposition when using the acl_xattr Samba VFS
255 module with the smb.conf setting
256 "acl_xattr:ignore system acls = yes"
257 https://www.samba.org/samba/security/CVE-2023-4091.html
259 o CVE-2023-4154: An RODC and a user with the GET_CHANGES right can view all
260 attributes, including secrets and passwords. Additionally,
261 the access check fails open on error conditions.
262 https://www.samba.org/samba/security/CVE-2023-4154.html
264 o CVE-2023-42669: Calls to the rpcecho server on the AD DC can request that the
265 server block for a user-defined amount of time, denying
267 https://www.samba.org/samba/security/CVE-2023-42669.html
269 o CVE-2023-42670: Samba can be made to start multiple incompatible RPC
270 listeners, disrupting service on the AD DC.
271 https://www.samba.org/samba/security/CVE-2023-42670.html
277 o Jeremy Allison <jra@samba.org>
278 * BUG 15422: CVE-2023-3961.
280 o Andrew Bartlett <abartlet@samba.org>
281 * BUG 15424: CVE-2023-4154.
282 * BUG 15473: CVE-2023-42670.
283 * BUG 15474: CVE-2023-42669.
285 o Ralph Boehme <slow@samba.org>
286 * BUG 15439: CVE-2023-4091.
288 o Stefan Metzmacher <metze@samba.org>
289 * BUG 15424: CVE-2023-4154.
291 o Joseph Sutton <josephsutton@catalyst.net.nz>
292 * BUG 15424: CVE-2023-4154.
295 #######################################
296 Reporting bugs & Development Discussion
297 #######################################
299 Please discuss this release on the samba-technical mailing list or by
300 joining the #samba-technical:matrix.org matrix room, or
301 #samba-technical IRC channel on irc.libera.chat.
303 If you do report problems then please try to send high quality
304 feedback. If you don't provide vital information to help us track down
305 the problem then you will probably be ignored. All bug reports should
306 be filed under the Samba 4.1 and newer product in the project's Bugzilla
307 database (https://bugzilla.samba.org/).
310 ======================================================================
311 == Our Code, Our Bugs, Our Responsibility.
313 ======================================================================
316 ----------------------------------------------------------------------
317 ==============================
318 Release Notes for Samba 4.18.7
320 ==============================
323 This is the latest stable release of the Samba 4.18 release series.
329 o Jeremy Allison <jra@samba.org>
330 * BUG 15419: Weird filename can cause assert to fail in
331 openat_pathref_fsp_nosymlink().
332 * BUG 15423: use-after-free in aio_del_req_from_fsp during smbd shutdown
333 after failed IPC FSCTL_PIPE_TRANSCEIVE.
334 * BUG 15432: TREE_CONNECT without SETUP causes smbd to use uninitialized
337 o Andrew Bartlett <abartlet@samba.org>
338 * BUG 15401: Avoid infinite loop in initial user sync with Azure AD Connect.
339 * BUG 15407: Samba replication logs show (null) DN.
341 o Ralph Boehme <slow@samba.org>
342 * BUG 15463: macOS mdfind returns only 50 results.
344 o Remi Collet <rcollet@redhat.com>
345 * BUG 14808: smbc_getxattr() return value is incorrect.
347 o Volker Lendecke <vl@samba.org>
348 * BUG 15481: GETREALFILENAME_CACHE can modify incoming new filename with
349 previous cache entry value.
351 o Stefan Metzmacher <metze@samba.org>
352 * BUG 15464: libnss_winbind causes memory corruption since samba-4.18,
353 impacts sendmail, zabbix, potentially more.
355 o MikeLiu <mikeliu@qnap.com>
356 * BUG 15453: File doesn't show when user doesn't have permission if
357 aio_pthread is loaded.
359 o Martin Schwenke <mschwenke@ddn.com>
360 * BUG 15451: ctdb_killtcp fails to work with --enable-pcap and libpcap ≥
363 o Joseph Sutton <josephsutton@catalyst.net.nz>
364 * BUG 15476: The KDC in 4.18 (and older) is not able to accept tickets with
365 empty claims pac blobs (from Samba 4.19 or Windows).
366 * BUG 15477: The heimdal KDC doesn't detect s4u2self correctly when fast is
370 #######################################
371 Reporting bugs & Development Discussion
372 #######################################
374 Please discuss this release on the samba-technical mailing list or by
375 joining the #samba-technical:matrix.org matrix room, or
376 #samba-technical IRC channel on irc.libera.chat.
378 If you do report problems then please try to send high quality
379 feedback. If you don't provide vital information to help us track down
380 the problem then you will probably be ignored. All bug reports should
381 be filed under the Samba 4.1 and newer product in the project's Bugzilla
382 database (https://bugzilla.samba.org/).
385 ======================================================================
386 == Our Code, Our Bugs, Our Responsibility.
388 ======================================================================
391 ----------------------------------------------------------------------
392 ==============================
393 Release Notes for Samba 4.18.6
395 ==============================
398 This is the latest stable release of the Samba 4.18 release series.
404 o Jeremy Allison <jra@samba.org>
405 * BUG 15420: reply_sesssetup_and_X() can dereference uninitialized tmp
407 * BUG 15430: Missing return in reply_exit_done().
409 o Andrew Bartlett <abartlet@samba.org>
410 * BUG 15289: post-exec password redaction for samba-tool is more reliable for
411 fully random passwords as it no longer uses regular expressions
412 containing the password value itself.
413 * BUG 9959: Windows client join fails if a second container CN=System exists
416 o Ralph Boehme <slow@samba.org>
417 * BUG 15342: Spotlight sometimes returns no results on latest macOS.
418 * BUG 15417: Renaming results in NT_STATUS_SHARING_VIOLATION if previously
419 attempted to remove the destination.
420 * BUG 15427: Spotlight results return wrong date in result list.
422 o Günther Deschner <gd@samba.org>
423 * BUG 15414: "net offlinejoin provision" does not work as non-root user.
425 o Pavel Filipenský <pfilipensky@samba.org>
426 * BUG 15400: rpcserver no longer accepts double backslash in dfs pathname.
427 * BUG 15433: cm_prepare_connection() calls close(fd) for the second time.
429 o Stefan Metzmacher <metze@samba.org>
430 * BUG 15346: 2-3min delays at reconnect with smb2_validate_sequence_number:
432 * BUG 15441: samba-tool ntacl get segfault if aio_pthread appended.
433 * BUG 15446: DCERPC_PKT_CO_CANCEL and DCERPC_PKT_ORPHANED can't be parsed.
435 o Noel Power <noel.power@suse.com>
436 * BUG 15390: Python tarfile extraction needs change to avoid a warning
437 (CVE-2007-4559 mitigation).
438 * BUG 15435: Regression DFS not working with widelinks = true.
440 o Arvid Requate <requate@univention.de>
441 * BUG 9959: Windows client join fails if a second container CN=System exists
444 o Jones Syue <jonessyue@qnap.com>
445 * BUG 15441: samba-tool ntacl get segfault if aio_pthread appended.
446 * BUG 15449: mdssvc: Do an early talloc_free() in _mdssvc_open().
449 #######################################
450 Reporting bugs & Development Discussion
451 #######################################
453 Please discuss this release on the samba-technical mailing list or by
454 joining the #samba-technical:matrix.org matrix room, or
455 #samba-technical IRC channel on irc.libera.chat.
457 If you do report problems then please try to send high quality
458 feedback. If you don't provide vital information to help us track down
459 the problem then you will probably be ignored. All bug reports should
460 be filed under the Samba 4.1 and newer product in the project's Bugzilla
461 database (https://bugzilla.samba.org/).
464 ======================================================================
465 == Our Code, Our Bugs, Our Responsibility.
467 ======================================================================
470 ----------------------------------------------------------------------
471 ==============================
472 Release Notes for Samba 4.18.5
474 ==============================
477 This is a security release in order to address the following defects:
479 o CVE-2022-2127: When winbind is used for NTLM authentication, a maliciously
480 crafted request can trigger an out-of-bounds read in winbind
481 and possibly crash it.
482 https://www.samba.org/samba/security/CVE-2022-2127.html
484 o CVE-2023-3347: SMB2 packet signing is not enforced if an admin configured
485 "server signing = required" or for SMB2 connections to Domain
486 Controllers where SMB2 packet signing is mandatory.
487 https://www.samba.org/samba/security/CVE-2023-3347.html
489 o CVE-2023-34966: An infinite loop bug in Samba's mdssvc RPC service for
490 Spotlight can be triggered by an unauthenticated attacker by
491 issuing a malformed RPC request.
492 https://www.samba.org/samba/security/CVE-2023-34966.html
494 o CVE-2023-34967: Missing type validation in Samba's mdssvc RPC service for
495 Spotlight can be used by an unauthenticated attacker to
496 trigger a process crash in a shared RPC mdssvc worker process.
497 https://www.samba.org/samba/security/CVE-2023-34967.html
499 o CVE-2023-34968: As part of the Spotlight protocol Samba discloses the server-
500 side absolute path of shares and files and directories in
502 https://www.samba.org/samba/security/CVE-2023-34968.html
508 o Ralph Boehme <slow@samba.org>
509 * BUG 15072: CVE-2022-2127.
510 * BUG 15340: CVE-2023-34966.
511 * BUG 15341: CVE-2023-34967.
512 * BUG 15388: CVE-2023-34968.
513 * BUG 15397: CVE-2023-3347.
515 o Volker Lendecke <vl@samba.org>
516 * BUG 15072: CVE-2022-2127.
518 o Stefan Metzmacher <metze@samba.org>
519 * BUG 15418: Secure channel faulty since Windows 10/11 update 07/2023.
522 #######################################
523 Reporting bugs & Development Discussion
524 #######################################
526 Please discuss this release on the samba-technical mailing list or by
527 joining the #samba-technical:matrix.org matrix room, or
528 #samba-technical IRC channel on irc.libera.chat.
530 If you do report problems then please try to send high quality
531 feedback. If you don't provide vital information to help us track down
532 the problem then you will probably be ignored. All bug reports should
533 be filed under the Samba 4.1 and newer product in the project's Bugzilla
534 database (https://bugzilla.samba.org/).
537 ======================================================================
538 == Our Code, Our Bugs, Our Responsibility.
540 ======================================================================
543 ----------------------------------------------------------------------
544 ==============================
545 Release Notes for Samba 4.18.4
547 ==============================
550 This is the latest stable release of the Samba 4.18 release series.
556 o Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
557 * BUG 15404: Backport --pidl-developer fixes.
559 o Samuel Cabrero <scabrero@samba.org>
560 * BUG 14030: Named crashes on DLZ zone update.
562 o Björn Jacke <bj@sernet.de>
563 * BUG 2312: smbcacls and smbcquotas do not check // before the server.
565 o Volker Lendecke <vl@samba.org>
566 * BUG 15382: cli_list loops 100% CPU against pre-lanman2 servers.
567 * BUG 15391: smbclient leaks fds with showacls.
568 * BUG 15402: smbd returns NOT_FOUND when creating files on a r/o filesystem.
570 o Stefan Metzmacher <metze@samba.org>
571 * BUG 15355: NSS_WRAPPER_HOSTNAME doesn't match NSS_WRAPPER_HOSTS entry and
572 causes test timeouts.
574 o Noel Power <noel.power@suse.com>
575 * BUG 15384: net ads lookup (with unspecified realm) fails.
577 o Christof Schmitt <cs@samba.org>
578 * BUG 15381: Register Samba processes with GPFS.
580 o Andreas Schneider <asn@samba.org>
581 * BUG 15390: Python tarfile extraction needs change to avoid a warning
582 (CVE-2007-4559 mitigation).
583 * BUG 15398: The winbind child segfaults when listing users with `winbind
584 scan trusted domains = yes`.
586 o Jones Syue <jonessyue@qnap.com>
587 * BUG 15383: Remove comments about deprecated 'write cache size'.
588 * BUG 15403: smbget memory leak if failed to download files recursively.
591 #######################################
592 Reporting bugs & Development Discussion
593 #######################################
595 Please discuss this release on the samba-technical mailing list or by
596 joining the #samba-technical:matrix.org matrix room, or
597 #samba-technical IRC channel on irc.libera.chat.
599 If you do report problems then please try to send high quality
600 feedback. If you don't provide vital information to help us track down
601 the problem then you will probably be ignored. All bug reports should
602 be filed under the Samba 4.1 and newer product in the project's Bugzilla
603 database (https://bugzilla.samba.org/).
606 ======================================================================
607 == Our Code, Our Bugs, Our Responsibility.
609 ======================================================================
612 ----------------------------------------------------------------------
613 ==============================
614 Release Notes for Samba 4.18.3
616 ==============================
619 This is the latest stable release of the Samba 4.18 release series.
625 o Ralph Boehme <slow@samba.org>
626 * BUG 15375: Symlinks to files can have random DOS mode information in a
628 * BUG 15378: vfs_fruit might cause a failing open for delete.
630 o Volker Lendecke <vl@samba.org>
631 * BUG 15361: winbind recurses into itself via rpcd_lsad.
632 * BUG 15366: wbinfo -u fails on ad dc with >1000 users.
634 o Stefan Metzmacher <metze@samba.org>
635 * BUG 15338: DS ACEs might be inherited to unrelated object classes.
636 * BUG 15362: a lot of messages: get_static_share_mode_data:
637 get_static_share_mode_data_fn failed: NT_STATUS_NOT_FOUND.
638 * BUG 15374: aes256 smb3 encryption algorithms are not allowed in
641 o Andreas Schneider <asn@samba.org>
642 * BUG 15360: Setting veto files = /.*/ break listing directories.
644 o Joseph Sutton <josephsutton@catalyst.net.nz>
645 * BUG 15363: "samba-tool domain provision" does not run interactive mode if
646 no arguments are given.
648 o Nathaniel W. Turner <nturner@exagrid.com>
649 * BUG 15325: dsgetdcname: assumes local system uses IPv4.
652 #######################################
653 Reporting bugs & Development Discussion
654 #######################################
656 Please discuss this release on the samba-technical mailing list or by
657 joining the #samba-technical:matrix.org matrix room, or
658 #samba-technical IRC channel on irc.libera.chat.
660 If you do report problems then please try to send high quality
661 feedback. If you don't provide vital information to help us track down
662 the problem then you will probably be ignored. All bug reports should
663 be filed under the Samba 4.1 and newer product in the project's Bugzilla
664 database (https://bugzilla.samba.org/).
667 ======================================================================
668 == Our Code, Our Bugs, Our Responsibility.
670 ======================================================================
673 ----------------------------------------------------------------------
674 ==============================
675 Release Notes for Samba 4.18.2
677 ==============================
680 This is the latest stable release of the Samba 4.18 release series.
686 o Jeremy Allison <jra@samba.org>
687 * BUG 15302: Log flood: smbd_calculate_access_mask_fsp: Access denied:
688 message level should be lower.
689 * BUG 15306: Floating point exception (FPE) via cli_pull_send at
690 source3/libsmb/clireadwrite.c.
692 o Andrew Bartlett <abartlet@samba.org>
693 * BUG 15328: test_tstream_more_tcp_user_timeout_spin fails intermittently on
694 Rackspace GitLab runners.
695 * BUG 15329: Reduce flapping of ridalloc test.
696 * BUG 15351: large_ldap test is unreliable.
698 o Ralph Boehme <slow@samba.org>
699 * BUG 15143: New filename parser doesn't check veto files smb.conf parameter.
700 * BUG 15354: mdssvc may crash when initializing.
702 o Volker Lendecke <vl@samba.org>
703 * BUG 15313: large directory optimization broken for non-lcomp path elements.
704 * BUG 15357: streams_depot fails to create streams.
705 * BUG 15358: shadow_copy2 and streams_depot don't play well together.
707 o Rob van der Linde <rob@catalyst.net.nz>
708 * BUG 15316: Flapping tests in samba_tool_drs_show_repl.py.
710 o Stefan Metzmacher <metze@samba.org>
711 * BUG 15317: winbindd idmap child contacts the domain controller without a
713 * BUG 15318: idmap_autorid may fail to map sids of trusted domains for the
715 * BUG 15319: idmap_hash doesn't use ID_TYPE_BOTH for reverse mappings.
716 * BUG 15323: net ads search -P doesn't work against servers in other domains.
717 * BUG 15353: Temporary smbXsrv_tcon_global.tdb can't be parsed.
719 o Joseph Sutton <josephsutton@catalyst.net.nz>
720 * BUG 15316: Flapping tests in samba_tool_drs_show_repl.py.
721 * BUG 15343: Tests use depricated and removed methods like
725 #######################################
726 Reporting bugs & Development Discussion
727 #######################################
729 Please discuss this release on the samba-technical mailing list or by
730 joining the #samba-technical:matrix.org matrix room, or
731 #samba-technical IRC channel on irc.libera.chat.
733 If you do report problems then please try to send high quality
734 feedback. If you don't provide vital information to help us track down
735 the problem then you will probably be ignored. All bug reports should
736 be filed under the Samba 4.1 and newer product in the project's Bugzilla
737 database (https://bugzilla.samba.org/).
740 ======================================================================
741 == Our Code, Our Bugs, Our Responsibility.
743 ======================================================================
746 ----------------------------------------------------------------------
747 ==============================
748 Release Notes for Samba 4.18.1
750 ==============================
753 This is a security release in order to address the following defects:
755 o CVE-2023-0225: An incomplete access check on dnsHostName allows authenticated
756 but otherwise unprivileged users to delete this attribute from
757 any object in the directory.
758 https://www.samba.org/samba/security/CVE-2023-0225.html
760 o CVE-2023-0922: The Samba AD DC administration tool, when operating against a
761 remote LDAP server, will by default send new or reset
762 passwords over a signed-only connection.
763 https://www.samba.org/samba/security/CVE-2023-0922.html
765 o CVE-2023-0614: The fix in 4.6.16, 4.7.9, 4.8.4 and 4.9.7 for CVE-2018-10919
766 Confidential attribute disclosure via LDAP filters was
767 insufficient and an attacker may be able to obtain
768 confidential BitLocker recovery keys from a Samba AD DC.
769 Installations with such secrets in their Samba AD should
770 assume they have been obtained and need replacing.
771 https://www.samba.org/samba/security/CVE-2023-0614.html
777 o Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
778 * BUG 15276: CVE-2023-0225.
780 o Andrew Bartlett <abartlet@samba.org>
781 * BUG 15270: CVE-2023-0614.
782 * BUG 15331: ldb wildcard matching makes excessive allocations.
783 * BUG 15332: large_ldap test is inefficient.
785 o Rob van der Linde <rob@catalyst.net.nz>
786 * BUG 15315: CVE-2023-0922.
788 o Joseph Sutton <josephsutton@catalyst.net.nz>
789 * BUG 15270: CVE-2023-0614.
790 * BUG 15276: CVE-2023-0225.
793 #######################################
794 Reporting bugs & Development Discussion
795 #######################################
797 Please discuss this release on the samba-technical mailing list or by
798 joining the #samba-technical:matrix.org matrix room, or
799 #samba-technical IRC channel on irc.libera.chat.
801 If you do report problems then please try to send high quality
802 feedback. If you don't provide vital information to help us track down
803 the problem then you will probably be ignored. All bug reports should
804 be filed under the Samba 4.1 and newer product in the project's Bugzilla
805 database (https://bugzilla.samba.org/).
808 ======================================================================
809 == Our Code, Our Bugs, Our Responsibility.
811 ======================================================================
814 ----------------------------------------------------------------------
815 ==============================
816 Release Notes for Samba 4.18.0
818 ==============================
820 This is the first stable release of the Samba 4.18 release series.
821 Please read the release notes carefully before upgrading.
826 SMB Server performance improvements
827 -----------------------------------
829 The security improvements in recent releases
830 (4.13, 4.14, 4.15, 4.16), mainly as protection against symlink races,
831 caused performance regressions for metadata heavy workloads.
833 While 4.17 already improved the situation quite a lot,
834 with 4.18 the locking overhead for contended path based operations
835 is reduced by an additional factor of ~ 3 compared to 4.17.
836 It means the throughput of open/close
837 operations reached the level of 4.12 again.
839 More succinct samba-tool error messages
840 ---------------------------------------
842 Historically samba-tool has reported user error or misconfiguration by
843 means of a Python traceback, showing you where in its code it noticed
844 something was wrong, but not always exactly what is amiss. Now it
845 tries harder to identify the true cause and restrict its output to
846 describing that. Particular cases include:
848 * a username or password is incorrect
849 * an ldb database filename is wrong (including in smb.conf)
850 * samba-tool dns: various zones or records do not exist
851 * samba-tool ntacl: certain files are missing
852 * the network seems to be down
853 * bad --realm or --debug arguments
855 Accessing the old samba-tool messages
856 -------------------------------------
858 This is not new, but users are reminded they can get the full Python
859 stack trace, along with other noise, by using the argument '-d3'.
860 This may be useful when searching the web.
862 The intention is that when samba-tool encounters an unrecognised
863 problem (especially a bug), it will still output a Python traceback.
864 If you encounter a problem that has been incorrectly identified by
865 samba-tool, please report it on https://bugzilla.samba.org.
867 Colour output with samba-tool --color
868 -------------------------------------
870 For some time a few samba-tool commands have had a --color=yes|no|auto
871 option, which determines whether the command outputs ANSI colour
872 codes. Now all samba-tool commands support this option, which now also
873 accepts 'always' and 'force' for 'yes', 'never' and 'none' for 'no',
874 and 'tty' and 'if-tty' for 'auto' (this more closely matches
875 convention). With --color=auto, or when --color is omitted, colour
876 codes are only used when output is directed to a terminal.
878 Most commands have very little colour in any case. For those that
879 already used it, the defaults have changed slightly.
881 * samba-tool drs showrepl: default is now 'auto', not 'no'
883 * samba-tool visualize: the interactions between --color-scheme,
884 --color, and --output have changed slightly. When --color-scheme is
885 set it overrides --color for the purpose of the output diagram, but
886 not for other output like error messages.
888 New samba-tool dsacl subcommand for deleting ACES
889 -------------------------------------------------
891 The samba-tool dsacl tool can now delete entries in directory access
892 control lists. The interface for 'samba-tool dsacl delete' is similar
893 to that of 'samba-tool dsacl set', with the difference being that the
894 ACEs described by the --sddl argument are deleted rather than added.
896 No colour with NO_COLOR environment variable
897 --------------------------------------------
899 With both samba-tool --color=auto (see above) and some other places
900 where we use ANSI colour codes, the NO_COLOR environment variable will
901 disable colour output. See https://no-color.org/ for a description of
902 this variable. `samba-tool --color=always` will use colour regardless
905 New wbinfo option --change-secret-at
906 ------------------------------------
908 The wbinfo command has a new option, --change-secret-at=<DOMAIN CONTROLLER>
909 which forces the trust account password to be changed at a specified domain
910 controller. If the specified domain controller cannot be contacted the
911 password change fails rather than trying other DCs.
913 New option to change the NT ACL default location
914 ------------------------------------------------
916 Usually the NT ACLs are stored in the security.NTACL extended
917 attribute (xattr) of files and directories. The new
918 "acl_xattr:security_acl_name" option allows to redefine the default
919 location. The default "security.NTACL" is a protected location, which
920 means the content of the security.NTACL attribute is not accessible
921 from normal users outside of Samba. When this option is set to use a
922 user-defined value, e.g. user.NTACL then any user can potentially
923 access and overwrite this information. The module prevents access to
924 this xattr over SMB, but the xattr may still be accessed by other
925 means (eg local access, SSH, NFS). This option must only be used when
926 this consequence is clearly understood and when specific precautions
927 are taken to avoid compromising the ACL content.
929 Azure Active Directory / Office365 synchronisation improvements
930 --------------------------------------------------------------
932 Use of the Azure AD Connect cloud sync tool is now supported for
933 password hash synchronisation, allowing Samba AD Domains to synchronise
934 passwords with this popular cloud environment.
943 Parameter Name Description Default
944 -------------- ----------- -------
945 acl_xattr:security_acl_name New security.NTACL
949 CHANGES SINCE 4.18.0rc4
950 =======================
952 o Jeremy Allison <jra@samba.org>
953 * BUG 15314: streams_xattr is creating unexpected locks on folders.
955 o Volker Lendecke <vl@samba.org>
956 * BUG 15310: New samba-dcerpc architecture does not scale gracefully.
959 CHANGES SINCE 4.18.0rc3
960 =======================
962 o Andreas Schneider <asn@samba.org>
963 * BUG 15308: Avoid that tests fail because other tests didn't do cleanup on
966 o baixiangcpp <baixiangcpp@gmail.com>
967 * BUG 15311: fd_load() function implicitly closes the fd where it should not.
970 CHANGES SINCE 4.18.0rc2
971 =======================
973 o Jeremy Allison <jra@samba.org>
974 * BUG 15301: Improve file_modtime() and issues around smb3 unix test.
976 o Ralph Boehme <slow@samba.org>
977 * BUG 15299: Spotlight doesn't work with latest macOS Ventura.
979 o Stefan Metzmacher <metze@samba.org>
980 * BUG 15298: Build failure on solaris with tevent 0.14.0 (and ldb 2.7.0).
981 (tevent 0.14.1 and ldb 2.7.1 are already released...)
983 o John Mulligan <jmulligan@redhat.com>
984 * BUG 15307: vfs_ceph incorrectly uses fsp_get_io_fd() instead of
985 fsp_get_pathref_fd() in close and fstat.
987 o Andreas Schneider <asn@samba.org>
988 * BUG 15291: test_chdir_cache.sh doesn't work with SMBD_DONT_LOG_STDOUT=1.
989 * BUG 15301: Improve file_modtime() and issues around smb3 unix test.
992 CHANGES SINCE 4.18.0rc1
993 =======================
995 o Andrew Bartlett <abartlet@samba.org>
996 * BUG 10635: Office365 azure Password Sync not working.
998 o Stefan Metzmacher <metze@samba.org>
999 * BUG 15286: auth3_generate_session_info_pac leaks wbcAuthUserInfo.
1001 o Noel Power <noel.power@suse.com>
1002 * BUG 15293: With clustering enabled samba-bgqd can core dump due to use
1009 https://wiki.samba.org/index.php/Release_Planning_for_Samba_4.18#Release_blocking_bugs
1012 #######################################
1013 Reporting bugs & Development Discussion
1014 #######################################
1016 Please discuss this release on the samba-technical mailing list or by
1017 joining the #samba-technical:matrix.org matrix room, or
1018 #samba-technical IRC channel on irc.libera.chat
1020 If you do report problems then please try to send high quality
1021 feedback. If you don't provide vital information to help us track down
1022 the problem then you will probably be ignored. All bug reports should
1023 be filed under the Samba 4.1 and newer product in the project's Bugzilla
1024 database (https://bugzilla.samba.org/).
1027 ======================================================================
1028 == Our Code, Our Bugs, Our Responsibility.
1030 ======================================================================