1 ==============================
2 Release Notes for Samba 3.2.15
4 ==============================
7 This is a security release in order to address CVE-2009-2813, CVE-2009-2948
11 In all versions of Samba later than 3.0.11, connecting to the home
12 share of a user will use the root of the filesystem
13 as the home directory if this user is misconfigured to have
14 an empty home directory in /etc/passwd.
17 If mount.cifs is installed as a setuid program, a user can pass it a
18 credential or password path to which he or she does not have access and
19 then use the --verbose option to view the first line of that file.
20 All known Samba versions are affected.
23 Specially crafted SMB requests on authenticated SMB connections can
24 send smbd into a 100% CPU loop, causing a DoS on the Samba server.
27 ######################################################################
35 o Jeremy Allison <jra@samba.org>
36 * BUG 6763: Fix for CVE-2009-2813.
37 * BUG 6768: Fix for CVE-2009-2906.
40 o Jeff Layton <jlayton@redhat.com>
41 * Fix for CVE-2009-2948.
44 ######################################################################
45 Reporting bugs & Development Discussion
46 #######################################
48 Please discuss this release on the samba-technical mailing list or by
49 joining the #samba-technical IRC channel on irc.freenode.net.
51 If you do report problems then please try to send high quality
52 feedback. If you don't provide vital information to help us track down
53 the problem then you will probably be ignored. All bug reports should
54 be filed under the Samba 3.2 product in the project's Bugzilla
55 database (https://bugzilla.samba.org/).
58 ======================================================================
59 == Our Code, Our Bugs, Our Responsibility.
61 ======================================================================
64 Release notes for older releases follow:
65 ----------------------------------------
67 ==============================
68 Release Notes for Samba 3.2.14
70 ==============================
73 This is the last maintenance release of the Samba 3.2 series.
75 Please note that this is the last bugfix release of the Samba 3.2 series!
76 There will security releases on demand only. Please see
77 http://wiki.samba.org/index.php/Samba3_Release_Planning for information
80 Major enhancements in 3.2.14 include:
82 o Fix SAMR access checks (e.g. bugs #6089 and #6112).
83 o Fix 'force user' (bug #6291).
84 o Improve Win7 support (bug #6099).
85 o Fix posix ACLs when setting an ACL without explicit ACE for the
89 ######################################################################
97 o Michael Adam <obnox@samba.org>
98 * BUG 6387: Fix Winbind crash when multiple IDmappings exist in the
100 * BUG 6509: Use gid (not uid) cache in fetch_gid_from_cache().
101 * BUG 6628: 'smbpasswd -a' uses algorithmic rid base with
102 'passdb backend = tdbsam'.
103 * Prevent creation of keys containing the '/' character.
106 o Jeremy Allison <jra@samba.org>
107 * BUG 6089: Fix SAMR access checks.
108 * BUG 6112: Fix SAMR access checks.
109 * BUG 6279: Fix Winbind crash.
110 * BUG 6291: Fix 'force user'.
111 * BUG 6099: Try to fix domain join of Win7 Beta.
112 * BUG 6386: Groupdb mapping fix.
113 * BUG 6421: Fix POSIX read-only open on read-only shares.
114 * BUG 6476: Fix more smbd-zombies in memory.
115 * BUG 6488: acl_group_override() call in posix acls references an
116 uninitialized variable.
117 * BUG 6504: Fix SAMR server for Winbind access.
118 * BUG 6520: Fix time stamps.
119 * Fix join of Windows 7 RC to a Samba3 DC.
120 * Fix bug in processing of open modes in POSIX open.
123 o Günther Deschner <gd@samba.org>
124 * BUG 6301: Fix samr_ConnectVersion enum which is 32bit not 16bit.
125 * BUG 6340: Don't segfault when cleartext trustdom pwd could not be
127 * BUG 6372: Fix usermanager only displaying 1024 groups and aliases.
128 * BUG 6465: Fix enum_aliasmem in ldb branch.
129 * BUG 6484: Fix searching for users while adding them to groups via
131 * Fix the negotiate flags.
132 * Protect netlogon_creds_server_step() against NULL creds.
135 o Björn Jacke <bj@sernet.de>
136 * Also handle DirX return codes.
139 o Stefan Metzmacher <metze@samba.org>
140 * BUG 2346: Fix posix ACLs when setting an ACL without explicit ACE for the
142 * BUG 6526: Let parent_dirname() correctly return toplevel filenames.
143 * BUG 6627: Raise the timeout for lsa_Lookup*() calls from 10 to 35 seconds.
144 * Fix a crash bug if we timeout in net rpc trustdom list.
145 * Add '--request-timeout' option to 'net'.
148 o Volker Lendecke <vl@samba.org>
149 * BUG 5798: Preserve CFLAGS info in configure.
150 * BUG 6382: Case insensitive access to DFS links broken.
151 * Fix a race condition in Winbind leading to a panic.
152 * Add workaround for MS KB932762.
155 o Jim McDonough <jmcd@samba.org>
156 * BUG 6481: Don't require "Modify property" perms to unjoin.
159 o Sébastien Prud'homme <sebastien.prudhomme@gmail.com>
160 * 5945: Fix out of memory error with Winbind idmap.
163 o Simo Sorce <ssorce@redhat.com>
164 * BUG 6628: 'smbpasswd -a' uses algorithmic rid base with
165 'passdb backend = tdbsam'.
166 * Avoid duplicate ACEs.
167 * Fix profile ACLs in some corner cases.
170 o Marc VanHeyningen <marc.vanheyningen@isilon.com>
171 * Zero an uninitialized array.
174 o Bo Yang <boyang@samba.org>
175 * BUG 6560: Lookupname failed, cannot find domain when attempt
179 ######################################################################
180 Reporting bugs & Development Discussion
181 #######################################
183 Please discuss this release on the samba-technical mailing list or by
184 joining the #samba-technical IRC channel on irc.freenode.net.
186 If you do report problems then please try to send high quality
187 feedback. If you don't provide vital information to help us track down
188 the problem then you will probably be ignored. All bug reports should
189 be filed under the Samba 3.2 product in the project's Bugzilla
190 database (https://bugzilla.samba.org/).
193 ======================================================================
194 == Our Code, Our Bugs, Our Responsibility.
196 ======================================================================
199 ----------------------------------------------------------------------
202 ==============================
203 Release Notes for Samba 3.2.13
205 ==============================
208 This is a security release in order to address CVE-2009-1886 and CVE-2009-1888.
211 In Samba 3.2.0 to 3.2.12 (inclusive), the smbclient commands dealing
212 with file names treat user input as a format string to asprintf.
213 With a maliciously crafted file name smbclient can be made
214 to execute code triggered by the server.
217 In Samba 3.0.31 to 3.3.5 (inclusive), an uninitialized read of a data
218 value can potentially affect access control when "dos filemode"
222 ######################################################################
230 o Jeremy Allison <jra@samba.org>
231 * Fix for CVE-2009-1886.
232 * Fix for CVE-2009-1888.
235 ######################################################################
236 Reporting bugs & Development Discussion
237 #######################################
239 Please discuss this release on the samba-technical mailing list or by
240 joining the #samba-technical IRC channel on irc.freenode.net.
242 If you do report problems then please try to send high quality
243 feedback. If you don't provide vital information to help us track down
244 the problem then you will probably be ignored. All bug reports should
245 be filed under the Samba 3.2 product in the project's Bugzilla
246 database (https://bugzilla.samba.org/).
249 ======================================================================
250 == Our Code, Our Bugs, Our Responsibility.
252 ======================================================================
255 ----------------------------------------------------------------------
258 ==============================
259 Release Notes for Samba 3.2.12
261 ==============================
264 This is a maintenance release of the Samba 3.2 series.
266 Major enhancements in 3.2.12 include:
268 o Fix SAMR and LSA checks (bug #6089, #6289)
269 o Fix posix acls when setting an ACL without explicit ACE for the
271 o Fix "force user" (bug #6291).
272 o Fix Winbind crash (bug #6279).
273 o Fix joining of Win7 into Samba domain (bug #6099).
276 ######################################################################
284 o Michael Adam <obnox@samba.org>
285 * Prevent creation of keys containing the '/' character.
288 o Jeremy Allison <jra@samba.org>
289 * BUG 6089: Revert the extra SAMR and LSA checks.
290 * BUG 6099: Fix joining of Win7 into Samba domain.
291 * BUG 6279: Fix Winbind crash.
292 * BUG 6289: Revert the extra SAMR and LSA checks.
293 * BUG 6291: Fix "force user".
294 * BUG 6386: Groupdb mapping fix.
295 * Fix bug in processing of open modes in POSIX open.
298 o Guenther Deschner <gd@samba.org>
299 * BUG 6099: Fix joining of Win7 into Samba domain.
300 * BUG 6301: Fix samr_ConnectVersion enum which is 32bit not 16bit.
301 * BUG 6372: Fix usermanager only displaying 1024 groups and aliases.
302 * BUG 6465: Fix enumeration of empty aliases (ldb backend).
303 * Protect netlogon_creds_server_step() against NULL creds.
306 o Björn Jacke <bj@sernet.de>
307 * Also handle DirX return codes.
310 o Volker Lendecke <vl@samba.org>
311 * BUG 5798: CFLAGS info lost in configure.
312 * BUG 6382: Fix case insensitive access to DFS links.
313 * Fix a race condition in winbind leading to a panic.
316 o Stefan Metzmacher <metze@samba.org>
317 * BUG 2346: Fix posix acls when setting an ACL without explicit ACE for the
319 * Fix a crash bug if we timeout in net rpc trustdom list.
322 o D.L. Meyer <dlmeyer@uiuc.edu>
323 * BUG 5832: Fix build on RHEL when ccache is not available.
326 o Sébastien Prud'homme <sebastien.prudhomme@gmail.com>
327 * BUG 5945: Fix out of memory error with Winbind idmap.
330 o Karolin Seeger <kseeger@samba.org>
331 * BUG 5835: Add keyutils-devel to build requires.
334 o Simo Sorce <ssorce@redhat.com>
335 * Fix profile acls in some corner cases.
339 ######################################################################
340 Reporting bugs & Development Discussion
341 #######################################
343 Please discuss this release on the samba-technical mailing list or by
344 joining the #samba-technical IRC channel on irc.freenode.net.
346 If you do report problems then please try to send high quality
347 feedback. If you don't provide vital information to help us track down
348 the problem then you will probably be ignored. All bug reports should
349 be filed under the Samba 3.2 product in the project's Bugzilla
350 database (https://bugzilla.samba.org/).
353 ======================================================================
354 == Our Code, Our Bugs, Our Responsibility.
356 ======================================================================
359 ----------------------------------------------------------------------
361 ==============================
362 Release Notes for Samba 3.2.11
364 ==============================
367 This is a maintenance release of the Samba 3.2 series.
369 Major enhancements in 3.2.11 include:
371 o Fix domain logins for WinXP clients pre SP3 (bug #6263).
372 o Fix samr_OpenDomain access checks (bug #6089).
373 o Fix smbd crash for close_on_completion.
376 ######################################################################
384 o Jeremy Allison <jra@samba.org>
385 * BUG 6089: Fix samr_OpenDomain access checks.
386 * BUG 6254: Fix IPv6 PUT/GET errors to an SMB server (3.3) with
387 "msdfs root" set to "yes".
388 * Allow pdbedit to change a user rid/sid.
389 * When doing a cli_ulogoff don't invalidate the cnum, invalidate the vuid.
392 o Günther Deschner <gd@samba.org>
393 * BUG 6205: Correct sample smb.conf share configuration.
394 * BUG 6263: Fix domain logins for WinXP clients pre SP3.
395 * Fix resume command typo for "printing = vlp".
398 o Volker Lendecke <vl@samba.org>
399 * Fix smbd crash for close_on_completion.
400 * Fix a memleak in an unlikely error path in change_notify_create().
403 o Jim McDonough <jmcd@samba.org>
404 * Don't look up local user for remote changes, even when root.
407 ######################################################################
408 Reporting bugs & Development Discussion
409 #######################################
411 Please discuss this release on the samba-technical mailing list or by
412 joining the #samba-technical IRC channel on irc.freenode.net.
414 If you do report problems then please try to send high quality
415 feedback. If you don't provide vital information to help us track down
416 the problem then you will probably be ignored. All bug reports should
417 be filed under the Samba 3.2 product in the project's Bugzilla
418 database (https://bugzilla.samba.org/).
421 ======================================================================
422 == Our Code, Our Bugs, Our Responsibility.
424 ======================================================================
427 ----------------------------------------------------------------------
430 ==============================
431 Release Notes for Samba 3.2.10
433 ==============================
436 This is a maintenance release of the Samba 3.2 series.
438 In Samba 3.2.9, there is an issue while migrating passdb.tdb files from older
439 Samba versions (e.g. 3.2.8). That causes panics of smbd child processes until
440 the parent smbd is restarted once after converting the passdb.tdb file. This
441 issue is fixed in Samba 3.2.10.
443 Sorry for the inconveniences!
445 ######################################################################
453 o Michael Adam <obnox@samba.org>
454 * BUG #6195: Don't let smbd child processes panic.
457 ######################################################################
458 Reporting bugs & Development Discussion
459 #######################################
461 Please discuss this release on the samba-technical mailing list or by
462 joining the #samba-technical IRC channel on irc.freenode.net.
464 If you do report problems then please try to send high quality
465 feedback. If you don't provide vital information to help us track down
466 the problem then you will probably be ignored. All bug reports should
467 be filed under the Samba 3.2 product in the project's Bugzilla
468 database (https://bugzilla.samba.org/).
471 ======================================================================
472 == Our Code, Our Bugs, Our Responsibility.
474 ======================================================================
477 ----------------------------------------------------------------------
480 =============================
481 Release Notes for Samba 3.2.9
483 =============================
486 This is a maintenance release of the Samba 3.2 series.
488 Major enhancements included in Samba 3.2.9 are:
490 o Migrating from 3.0.x to 3.3.x can fail to update passdb.tdb
491 correctly (bug #6195).
492 o Fix guest authentication in setups with "security = share" and
493 "guest ok = yes" when Winbind is running.
494 o Fix corruptions of source path in tar mode of smbclient (bug #6161).
497 The original security announcement for this and past advisories can
498 be found http://www.samba.org/samba/security/
501 ######################################################################
509 o Michael Adam <obnox@samba.org>
510 * Add script fill-templates.
511 * Make update-pkginfo callable from any directory.
514 o Jeremy Allison <jra@samba.org>
515 * BUG 6099: Samba returns incurrate capabilities list.
516 * BUG 6133: Cannot delete non-ACL files on Solaris/ZFS/NFSv4 ACL
518 * BUG 6161: smbclient corrupts source path in tar mode.
519 * BUG 6195: Migrating from 3.0.x to 3.3.x can fail to update passdb.tdb
521 * BUG 6196: Unable to serve files with colons to Linux CIFS/VFS client.
522 * BUG 6224: nmbd waits 5 minutes at startup before checking if it needs to
524 * Correctly use chroot().
525 * Parameterize in local.h the MAX_RPC_DATA_SIZE, and ensure
526 that "offered" read from the rpc packet in spoolss is under
528 * Fix Coverity ID 602.
529 * Backport the semantics of when to delete alternate data streams on a file
531 * Allow set attributes on a stream fnum to be redirected to the base
533 * Fix use of streams modules with CIFSFS client.
534 * Fix more POSIX path lstat calls.
535 * Allow DFS client paths to work when POSIX pathnames have been
537 * Try and fix the build farm RAW-STREAMS errors.
538 * Ensure files starting with multiple dots are hidden.
541 o Steven Danneman <steven.danneman@isilon.com>
542 * Fix guest auth when Winbind is running.
545 o Günther Deschner <gd@samba.org>
546 * BUG 6102: NetQueryDisplayInformation could return wrong information.
547 * BUG 6193: Avoid messing with sync_context in fetch_database_to_ldif().
548 * Fix memleak in get_remote_printer_publishing_data().
549 * Add pidl in order to be able to regenerate librpc functions.
550 * Fix Coverity IDs 722, 762.
553 o Steve French <smfrench@gmail.com>
554 * cifs mount fix for handling -V parameter.
558 o Holger Hetterich <hhetter@novell.com>
559 * Enable total anonymization in vfs_smb_traffic_analyzer.
562 o Björn Jacke <bj@sernet.de>
563 * Enable IPv6 support for NetBSD and FreeBSD.
564 * Prefer gssapi header files from subdirectory.
565 * Fix build on old Heimdal based systems.
566 * Use parentheses in if condition to make negation clear.
569 o Günter Kukkukk <linux@kukkukk.com>
570 * Don't try and delete a default ACL from a file.
573 o Jeff Layton <jlayton@redhat.com>
574 * Initialize rc to 0 in main.
577 o Volker Lendecke <vl@sernet.de>
578 * BUG 6100: Complete fix.
579 * BUG 6130: Don't crash in winbindd_rpc lookup_groupmem() on unmapped
581 * BUG 6097: Fix smbd segfault.
582 * Fix remotely adding a share via MMC.
583 * Fix resume handle for _samr_EnumDomainGroups.
584 * Fix Coverity IDs 742, 744, 745, 879, 880.
585 * Fix a buffer handling bug when adding lots of registry keys.
586 * Fix a O(n^2) algorithm in regdb_fetch_keys().
587 * Fix an uninitialized variable warning.
588 * Fix a valgrind error / segfault in dns_register_smbd().
589 * Don't log NDR_PRINT_DEBUG at level 0, this always ends up in syslog.
590 * Fix a malloc/talloc mismatch when cli_initialise() fails.
591 * Fix a valgrind error.
592 * Fix two memleaks in the encryption code.
593 * Fix gcc 4.4 compile warning.
594 * Fix a scary "fill_share_mode_lock failed" message.
597 o Derrell Lipman <derrell@dworkin.(none)>
598 * BUG 6228: Fix SMBC_open_ctx failure due to path resolve failure doesn't
602 o Stefan Metzmacher <metze@samba.org
603 * BUG 6100: Implement _netr_LogonGetCapabilities() with
604 NT_STATUS_NOT_IMPLEMENTED.
605 * Add S-1-22-X-Y sids to the local token.
606 * Add idl for netr_LogonGetCapabilities().
607 * Fix the build on SLES8.
608 * Fix smb signing for fragmented trans/trans2/nttrans requests.
611 o Glenn Machin <gmachin@sandia.gov>
612 * Don't miss an absolute pathname as a kerberos keytab path.
615 o Shirish Pargaonkar <shirishpargaonkar@gmail.com>
616 * Clean-up entries in /etc/mtab after unmount.
617 * Add fakemount (-f) and nomtab (-n) flags to mount.cifs.
620 o Ted Percival <ted.percival@quest.com>
621 * Fix a crash during name resolution when log level >= 10 and libc
622 segfaults if printf is passed NULL for a "%s" arg (e.g. Solaris).
625 o Tim Prouty <tprouty@samba.org>
626 * Fix SMB_VFS_RECVFILE/SENDFILE macros.
627 * Parse_packet can return NULL which is then dereferenced in
631 o Dan Sledz <dsledz@isilon.com>
632 * Fix double free caused by incorrect talloc_steal usage.
635 o Aravind Srinivasan <aravind.srinivasan@isilon.com>
636 * Have nmbd check all available interfaces for WINS before failing.
639 o Miguel Suarez <Miguel.Suarez@stratus.com>
640 * BUG 6085: Fix build of vfs_default on systems without utime support.
643 o Yasuma Takeda <yasuma@osstech.co.jp>
644 * BUG 5920: The length of the memcpy was calculated wrong.
645 * BUG 6098: Fix the ads_find_dc() with "security = domain" when the DNS
649 o Andrew Tridgell <tridge@samba.org>
650 * Fix a bug in message handling for code the change notify code.
653 o Jelmer Vernooij <jelmer@samba.org>
654 * Properly cast array length in print functions.
657 o Bo Yang <boyang@novell.com>
658 * Initialize the id_map status in idmap_ldap to avoid surprise.
661 ######################################################################
662 Reporting bugs & Development Discussion
663 #######################################
665 Please discuss this release on the samba-technical mailing list or by
666 joining the #samba-technical IRC channel on irc.freenode.net.
668 If you do report problems then please try to send high quality
669 feedback. If you don't provide vital information to help us track down
670 the problem then you will probably be ignored. All bug reports should
671 be filed under the Samba 3.2 product in the project's Bugzilla
672 database (https://bugzilla.samba.org/).
675 ======================================================================
676 == Our Code, Our Bugs, Our Responsibility.
678 ======================================================================
681 ----------------------------------------------------------------------
684 =============================
685 Release Notes for Samba 3.2.8
687 =============================
690 This is a bug fix release of the Samba 3.2 series.
692 Major enhancements included in Samba 3.2.8 are:
694 o Correctly detect if the current DC is the closest one.
695 o Add saf_join_store() function to memorize the DC used at join time.
696 This avoids problems caused by replication delays shortly after domain
700 The original security announcement for this and past advisories can
701 be found http://www.samba.org/samba/security/
704 ######################################################################
712 o Michael Adam <obnox@samba.org>
713 * BUG 6066: netinet/ip.h present but cannot be compiled under Solaris.
714 * Fix join by creating keytab after changing the config in libnet.
715 * Streamline logic of libnet_join_post_processing() in libnet_join.
716 * Fix build of [u]mount.cifs in the RHEL packaging.
717 * Fix distclean target and add realdistclean target in the docs build.
718 * Clean generated .png images and build/catalog.xml in "make clean".
719 * Fix detection of netinet/ip.h on Solaris 8.
722 o Jeremy Allison <jra@samba.org>
723 * BUG 4308: Excel save operation corrupts file ACLs.
724 * BUG 5979: Fix level 2 oplocks.
725 * BUG 5980: Fix race condition when granting level2 oplocks can cause break
727 * BUG 5986: Fix renaming of streams.
728 * BUG 5990: Strict allocate should be checked before ftruncate.
729 * BUG 6009: Setting "min receivefile size = 1" breaks writes.
730 * BUG 6016: Alternate Data Streams / Extended Attributes seem to conflict.
731 * BUG 6017: Fix magic scripts.
732 * BUG 6019: Fix file corruption in Clustered SMB/NFS environments managed via
734 * BUG 6021: smbclient du command does not recuse properly.
735 * BUG 6030: Add missing <th> header in Status page.
736 * BUG 6035: Fix possible race between fcntl F_SETLKW and alarm delivery.
737 * BUG 6040: Calling Samba print server with an aliased DNS-name fails.
738 * Fix race condition in alarm lock processing.
739 * Fix logic bug introduce in backport of ccache_regain_all_now.
740 * Fix crash bug in SWAT.
741 * Fix logic error in try_chown.
742 * Fix detection of dns_sd libraries.
745 o Kai Blin <kai@samba.org>
746 * BUG 5953: Fix smbclient crashes.
749 o Gerald (Jerry) Carter <jerry@samba.org>
750 * Fix "allow trusted domain" so it disables trusted domains.
753 o Guenther Deschner <gd@samba.org>
754 * Fix buffer allocation in eventlog read call.
755 * Fix various invalid memcpy in read_package_entry().
758 o SATOH Fumiyasu <fumiyas@osstech.co.jp>
759 * Variables for signals must be volatile sig_atomic_t in Winbind.
760 * Fix gmem->numgids and gmem->maxgids breakage on Solaris 64-bit.
761 * Fix a compile-time warning.
762 * Fix SIGBUS on non-x86 CPUs in libsmbclient.
765 o Björn Jacke <bj@sernet.de>
766 * Correct the description of the "ldap timeout" parameter.
767 * Fix build with external dns_sd libraries.
770 o Jeff Layton <jlayton@redhat.com>
771 * Allow mounts to ipv6 capable servers in mount.cifs.
774 o Volker Lendecke <vl@sernet.de>
775 * BUG 5933: Fix incrementing/decrementing num_validated_vuids.
776 * BUG 5953: Make cli_send_smb_direct_writeX use writev.
777 * BUG 5965: Fix creation of the first share using SWAT.
778 * BUG 5969: Optimize smbclient put command.
779 * BUG 6014: mget shouldn't segfault without arguments.
780 * Fix error code when smbclient puts a file over an existing directory.
781 * Fix a valgrind error.
782 * Fix a "ignoring function call result" warning.
784 * Add write_data_iov.
785 * Make write_data use write_data_iov.
786 * Fix a memory leak in cups_pull_comment_location.
787 * Fix an ancient uninitialized variable read.
788 * Fix a bad memleak in vfs_full_audit.
789 * Fix several valgrind errors.
790 * Fix 'net rpc join' for users with the SeMachineAccountPrivilege.
793 o Herb Lewis <hlewis@chomps.localdomain>
794 * Don't return 0 on error in smbcacls - bad for scripts.
797 o Derrell Lipman <derrell.lipman@unwireduniverse.com>
798 * Determine case sensitivity based on file system attributes in
802 o Stefan Metzmacher <metze@samba.org>
803 * Correctly detect if the current dc is the closest one.
804 * Use get_dc_name() instead of get_sorted_dc_list() in the LDAP case.
805 * Fallback to returning all DCs, when none is available in the requested
807 * Add saf_join_store() function.
808 * Use DS_FORCE_REDISCOVERY in libnet_join.
809 * Use dbwrap to open sessionid.tdb in net status.
810 * Fix dbwrap_store_uint32() to match dbwrap_store_int32().
811 * Handle the SMB signing states the same in the krb5 and ntlmssp cases in
813 * Re-add "fileid:algorithm" as option in vfs_fileid.
814 * Add vfs_fileid manpage.
817 o Lars Müller <lars@samba.org>
818 * Tweak with pam defines of older Linux versions.
819 * Adjust regex to match variable names including underscores.
820 * Conditional install of the cifs.upcall man page.
823 o Tim Prouty <tprouty@samba.org>
824 * Fix stream marshalling to return the correct streaminfo status.
825 * Fix a delete on close divergence from Windows.
826 * Allow renames of streams via NTRENAME and fix stream error codes on
828 * Remove a few unnecessary checks from the streams depot module and fix to
830 * Remove a few unnecessary checks from the streams xattr module.
831 * Remove a few unnecessary checks from the streams xattr module.
834 o Andreas Schneider <anschneider@suse.de>
835 * Fix a segfault if ? is there but the options are NULL.
836 * Avoid flooding of syslog with failing pam_putenv messages.
837 * Document default of the printing config variable.
838 * Use talloc_tos() instead of the talloc NULL context.
841 o Karolin Seeger <kseeger@samba.org>
842 * BUG 6058: Use 'make distclean' instead of 'make clean' in build_docs.
843 * BUG 6000: Avoid bashism in perfcount.init.
844 * Change default value for "ldap ssl" to "start tls".
845 * Several documentation improvements/typo fixes.
846 * Fix syntax error in samba.spec.tmpl.
847 * Check if Unix account exists before asking for the password in smbpasswd.
848 * Add manpage for vfs_shadow_copy2.
851 o Richard Sharpe <realrichardsharpe@gmail.com>
852 * Fix mistake in DEBUG message.
855 o Andrew Tridgell <tridge@samba.org>
856 * Keep compatibility with v3-0-ctdb name for fileid:mapping option.
859 o Bo Yang <boyang@novell.com>
860 * Clean event context after child is forked.
861 * Refresh sequence number as soon as possible.
862 * Don't set child->requests to NULL in parent after fork.
863 * Backport of the clean event context after fork and
864 krb5 refresh chain fixes.
865 * Fix null pointer refrence in event context.
866 * Don't send message to any other child in child process.
867 * Fix bug in get_dc_name_via_netlogon(), null pointer refrence.
870 ######################################################################
871 Reporting bugs & Development Discussion
872 #######################################
874 Please discuss this release on the samba-technical mailing list or by
875 joining the #samba-technical IRC channel on irc.freenode.net.
877 If you do report problems then please try to send high quality
878 feedback. If you don't provide vital information to help us track down
879 the problem then you will probably be ignored. All bug reports should
880 be filed under the Samba 3.2 product in the project's Bugzilla
881 database (https://bugzilla.samba.org/).
884 ======================================================================
885 == Our Code, Our Bugs, Our Responsibility.
887 ======================================================================
890 ----------------------------------------------------------------------
893 =============================
894 Release Notes for Samba 3.2.7
896 =============================
899 This is a security release in order to address CVE-2009-0022.
902 In Samba 3.2.0 to 3.2.6, in setups with registry shares enabled,
903 access to the root filesystem ("/") is granted
904 when connecting to a share called "" (empty string)
905 using old versions of smbclient (before 3.0.28).
907 The original security announcement for this and past advisories can
908 be found http://www.samba.org/samba/security/
911 ######################################################################
919 o Michael Adam <obnox@samba.org>
920 * Fix for CVE-2009-0022.
923 ######################################################################
924 Reporting bugs & Development Discussion
925 #######################################
927 Please discuss this release on the samba-technical mailing list or by
928 joining the #samba-technical IRC channel on irc.freenode.net.
930 If you do report problems then please try to send high quality
931 feedback. If you don't provide vital information to help us track down
932 the problem then you will probably be ignored. All bug reports should
933 be filed under the Samba 3.2 product in the project's Bugzilla
934 database (https://bugzilla.samba.org/).
937 ======================================================================
938 == Our Code, Our Bugs, Our Responsibility.
940 ======================================================================
943 ----------------------------------------------------------------------
946 ==============================
947 Release Notes for Samba 3.2.6
949 ==============================
952 This is a bug fix release of the Samba 3.2 series.
954 Major enhancements included in Samba 3.2.6 are:
956 o Fix Winbind crash bugs.
957 o Fix moving of readonly files.
958 o Fix "write list" in setups using "security = share".
959 o Fix access to cups-printers with cups 1.3.4.
960 o Fix timeouts in setups with large groups.
961 o Fix several bugs concerning Alternate Data Streams.
962 o Add new SMB traffic analyzer VFS module.
965 ######################################################################
973 o Michael Adam <obnox@samba.org>
974 * BUG 5677: Fix test_{shlibs,nss_modules,pam_modules} on Solaris.
975 * BUG 5765: Fix installlibs on solaris by using portable "test -r".
976 * Fix potential segfault in vfs_tsmsm.
977 * Don't list the domain twice when expanding internal aliases.
978 * Fix the output of "getent group" when "winbind use default domain = yes"
979 with "security = ads".
980 * Add domain prefix to username in lookup_groupmem().
981 * Prevent negative GM/ cache entries due to broken connections.
982 * Fix crash in sync_eventlog_params().
983 * Fix timeouts when calling 'getgrent'.
984 * Fix smbd hanging on Solaris when winbindd closes socket.
987 o Jeremy Allison <jra@samba.org>
988 * BUG 1254: Fix "write list" in setups using "security = share".
989 * BUG 5080: Fix access to cups-printers with cups 1.3.4.
990 * BUG 5737: Fix Winbind crash in an unusual failure mode.
991 * BUG 5783: Fix FindFirst where search pattern equals the mangled filename.
992 * BUG 5790: Fix returning of STATUS_OBJECT_NAME_NOT_FOUND on set file
994 * BUG 5797: Fix moving of readonly files.
995 * BUG 5814: Fix Winbind crash bug while doing "rescan_trusted_domain".
996 * BUG 5818: Sort ACEs in smbcacl output properly and honor inheritance.
997 * BUG 5825: Fix account locking with LDAP backend.
998 * BUG 5826: Fix truncated filenames when accessing old servers.
999 * BUG 5889: Fix "delete veto files = no".
1000 * BUG 5891: Fix smbd crash when viewing the eventlog exported by "eventlog
1002 * BUG 5900: Fix vfs_readonly.
1003 * BUG 5903: Fix vfs_streams_xattr breaking contents of files.
1004 * BUG 5904: Fix libnss_wins causing SIGABRT while servicing getaddrinfo()
1006 * BUG 5914: Fix build failure: redefinition of struct name_list.
1007 * BUG 5937: Fix filenames with "*" char hiding other files.
1008 * BUG 5953: Fix smbclient crashes.
1009 * Fix rename_open_files.
1010 * Restructure VFS SMB traffic analyzer VFS module.
1011 * Correctly fix smbclient to terminate on eof from server.
1012 * Unify access checks for lsa server functions.
1013 * Remove the requirement for ldap call made as root.
1014 * Cope with MAXIMUM_ALLOWED_ACCESS requests when opening handles.
1015 * Fix net rpc vampire, based on an *amazing* piece of debugging work by
1016 "Cooper S. Blake" <the_analogkid@yahoo.com>.
1017 * Fix Coverity IDs 456, 574, 592, 606 and 607.
1018 * Fix net rpc vampire.
1021 o Gerald (Jerry) Carter <jerry@samba.org>
1022 * Use the same prerequisite for DDNS update as Windows XP.
1023 * Make "lwinet ads dns register" honor the "interfaces" parameter.
1026 o Steven Danneman <steven.danneman@isilon.com>
1027 * Fix extended DN parse error when AD object does not have a SID.
1030 o Guenther Deschner <gd@samba.org>
1031 * BUG 5888: Fix PNP_GetHwProfInfo().
1032 * BUG 5957: Do not abort rename process on valid rename script.
1033 * BUG 5898: Fix 'net rpc shutdown'.
1034 * Fix duplicate installation of cifs.upcall.
1035 * Fix _srvsvc_NetShareAdd segfault.
1036 * Ensure consistency when reporting password complexity.
1037 * Fix _lsa_GetUserName.
1038 * Fix access check in _samr_QuerySecurity().
1039 * _samr_DeleteUser needs to wipe out the user_handle on success.
1040 * NetGroupEnum_r needs to handle servers with no groups.
1043 o Mathias Dietz <MDIETZ@de.ibm.com>
1044 * Search for gpfs functions in both libgpfs_gpl.so an libgpfs.so.
1047 o Dina Fine <dina@exanet.com>
1048 * BUG 5908: Fix internal change notify on shared directory.
1051 o Nils Goroll <nils.goroll@hamburg.de>
1052 * BUG 5135 and 5446: Prevent calling POSIX ACL vfs methods on zfs share.
1055 o Henning Henkel <henning.henkel@fh-furtwangen.de>
1056 * BUG 5929: Fix building of vfs_prealloc with option --with-cluster-support
1060 o Holger Hetterich <hhetter@novell.com>
1061 * Add new VFS module to analyze SMB traffic
1064 o Tomasz Krasuski <kr0tki@poczta.onet.pl>
1065 * BUG 5928: Fix 'testparm --version'.
1068 o Jeff Layton <jlayton@redhat.com>
1069 * Have uppercase_string return success on NULL pointer in mount.cifs.
1070 * Make mount.cifs return codes match the return codes for /bin/mount.
1071 * Use lock/unlock_mtab scheme from util-linux-ng mount prog in mount.cifs.
1074 o Volker Lendecke <vl@samba.org>
1075 * BUG 5691: Fig smbd panic on Solaris.
1076 * BUG 5778: Check if strlcpy and strlcat are already defined.
1077 * BUG 5840: Fix segfault in "rpcclient lsaaddacctrights".
1078 * BUG 5860: Fix nasty error message for overlong strings in safe_strcpy.
1079 * Fix a potential NULL deref in found by the IBM Checker.
1080 * Fix an uninitialized variable found by the IBM Checker.
1081 * Fix an unlikely memleak found by the IBM Checker.
1082 * Fix some missing error handlings.
1083 * Add workaround for domain joins using a netbios name which is different
1085 * Fix crash bug when freeing a non-malloc'ed buffer if the client sends a
1086 non-encrypted packet with the crypto state set.
1087 * Fix trans2findfirst for the large directory optimization.
1088 * Fix checking for presence of cups-devel and correct cups-devel test for
1092 o Derrell Lipman <derrell.lipman@unwireduniverse.com>
1093 * BUG 5805: Don't close stdout when calling setup_logging multiple times.
1096 o Stefan Metzmacher <metze@samba.org>
1097 * Fix setting of trust password using 'net rpc trustdom add'.
1098 * Fix several issues in vfs_streams_xattr and vfs_stream_depot.
1099 * Return an error instead of crashing when no realm is given (trigerred by
1100 "net ads info -S 127.8.7.6" (where 127.8.7.6 doesn't exist)
1101 and "disable netbios = yes").
1104 o Jim McDonough <jmcd@samba.org>
1105 * Fix the new vfs_smb_traffic_analyzer build for static links.
1108 o TAKAHASHI Motonobu <monyo@samba.gr.jp>
1109 * BUG 5901: Fix default for streams_depot location.
1112 o Tim Prouty <tim.prouty@isilon.com>
1113 * Fix several build warnings.
1116 o Andreas Schneider <mail@cynapses.org>
1117 * Delete the krb5 ccname variable from the PAM environment if set.
1118 * Fix circular dependency error with autoconf 2.6.3.
1121 o Martin Schwenke <martin@meltin.net>
1122 * Add @CIFSUPCALL_PROGS@ to "all" target so cifs.upcall gets built at
1123 compile time rather than install time.
1126 o Davide Sfriso <sfriso@virgilio.it>
1127 * BUG 5906: Fix Winbind crash when calling 'getent group'.
1130 o Dan Sledz <dsledz@isilon.com>
1131 * Add FreeBSD configure check for backtrace_symbols.
1132 * Fix logging to syslog.
1133 * Allow SYSLOG_FACILITY to be modified with a new configure option called
1134 --with-syslog-facility.
1137 o Yasuma Takeda <yasuma@osstech.co.jp>
1138 * BUG 5909: Fix MS-DFS on Vista clients.
1139 * BUG 5944: Fix starting of nmbd with "socket address" set to "".
1142 o Andrew Tridgell <tridge@samba.org>
1143 * Fix segfault on startup with trusted domains.
1144 * Re-add "winbind:ignore domains" parameter.
1147 o Jelmer Vernooij <jelmer@samba.org>
1148 * Avoid freeing fsp twice when opening new_file fails (Debian #431696).
1151 ######################################################################
1152 Reporting bugs & Development Discussion
1153 #######################################
1155 Please discuss this release on the samba-technical mailing list or by
1156 joining the #samba-technical IRC channel on irc.freenode.net.
1158 If you do report problems then please try to send high quality
1159 feedback. If you don't provide vital information to help us track down
1160 the problem then you will probably be ignored. All bug reports should
1161 be filed under the Samba 3.2 product in the project's Bugzilla
1162 database (https://bugzilla.samba.org/).
1165 ======================================================================
1166 == Our Code, Our Bugs, Our Responsibility.
1168 ======================================================================
1171 ----------------------------------------------------------------------
1174 ==============================
1175 Release Notes for Samba 3.2.5
1177 ==============================
1180 This is a security release in order to address CVE-2008-4314 ("Potential leak of
1181 arbitrary memory contents").
1184 Samba 3.0.29 to 3.2.4 can potentially leak
1185 arbitrary memory contents to malicious
1188 The original security announcement for this and past advisories can
1189 be found http://www.samba.org/samba/security/
1191 ######################################################################
1199 o Volker Lendecke <vl@samba.org>
1200 * Fix for CVE-2008-4314.
1203 ######################################################################
1204 Reporting bugs & Development Discussion
1205 #######################################
1207 Please discuss this release on the samba-technical mailing list or by
1208 joining the #samba-technical IRC channel on irc.freenode.net.
1210 If you do report problems then please try to send high quality
1211 feedback. If you don't provide vital information to help us track down
1212 the problem then you will probably be ignored. All bug reports should
1213 be filed under the Samba 3.2 product in the project's Bugzilla
1214 database (https://bugzilla.samba.org/).
1217 ======================================================================
1218 == Our Code, Our Bugs, Our Responsibility.
1220 ======================================================================
1223 ----------------------------------------------------------------------
1226 ==============================
1227 Release Notes for Samba 3.2.4
1229 ==============================
1232 This is a bug fix release of the Samba 3.2 series.
1234 Major bug fixes included in Samba 3.2.4 are:
1236 o Fix Winbind crashes.
1237 o Fix changing of machine account passwords.
1238 o Fix non guest connections to shares when "security = share"
1240 o Fix file write times.
1243 ######################################################################
1251 o Michael Adam <obnox@samba.org>
1252 * BUG 5590: Fix binary stripping on older OS.
1253 * BUG 5492: Fix RHEL SPEC file by removing libmsrpc stuff.
1254 * BUG 5507: Fix several issues in the RHEL SPEC file.
1255 * Fix linking of cifs.upcall when nscd_flush_cache() is found.
1258 o Jeremy Allison <jra@samba.org>
1259 * BUG 5052: Allow inheritable permissions.
1260 * BUG 5697: Fix spinning of nmbd in reload_interfaces when only loopback
1261 has an IPv4 address.
1262 * BUG 5698: Fix non guest connections to shares when "security = share"
1264 * BUG 5729: Explicitly allow "-valid".
1265 * BUG 5745: Fix Kerberos authentication with (lib)smbclient.
1266 * BUG 5751: Fix showing of ACLs on DFS in (lib)smbclient.
1267 * BUG 5761: Fix opening of mangled directory name (resulted
1268 'is a stream name').
1269 * Fix the wcache_invalidate_samlogon calls.
1270 * Add st_birthtime and friends for accurate create times on *BSD and MacOSX.
1271 * Clarify usage of "force create mode".
1272 * Write times code update.
1275 o Gerald (Jerry) Carter <jerry@samba.org>
1276 * Fix Winbind crash.
1277 * idmap_ad: Fix a segfault when calling nss_get_info() with a NULL ads
1281 o Steven Danneman <steven.danneman@isilon.com>
1282 * Fix build warnings.
1283 * Cleanup of DC enumeration in get_dcs().
1286 o Günther Deschner <gd@samba.org>
1287 * BUG 5710: Fix changing of machine account passwords.
1288 * Fix several build warnings.
1289 * Fix invalid sid copy (hit when enumerating sibling domains) in Winbind.
1292 o James Ding <ding_cc@hotmail.com>
1293 * BUG 5736: Fix Winbind crash bug with trusted domains.
1296 o Ephi Dror <Ephi.Dror@datadomain.com>
1297 * Correct the netsamlogon_clear_cached_user function.
1300 o Jeff Layton <jlayton@redhat.com>
1301 * Fix handling of MSKRB5 OID in cifs.upcall.
1302 * Fix build warnings in cifs.upcall.
1303 * Change default install location of cifs.upcall to EPREFIX/sbin.
1304 * Enable building of cifs.upcall by default on Linux.
1307 o Volker Lendecke <vl@sernet.de>
1308 * BUG 5707: Do proper error handling if the socket is closed.
1309 * Fix calculation of useable_space for trans2 and nttrans replies.
1310 * Fix Coverity ID 587.
1311 * Add mapping of generic bits when setting an NFSv4 ACL.
1314 o Stefan Metzmacher <metze@samba.org>
1315 * Some write time fixes.
1318 o David Leonard <David.Leonard@quest.com>
1319 * BUG 4516: No IPv6 on Solaris 2.6.
1322 o Simo Sorce <idra@samba.org>
1323 * BUG 5571: Fix group memeberships in Winbind.
1326 o Timur <timur@FreeBSD.org>
1327 * Fix cut and paste error in quota code.
1328 * Fix display of POSIX ACLs.
1329 * Fix aio on FreeBSD.
1332 o Andrew Tridgell <tridge@samba.org>
1333 * Avoid a race condition in glibc between AIO and setresuid().
1334 * Add missing become root for AIO operations.
1335 * Fix logic of tsmsm_sendfile().
1336 * Fix an errno handling bug that could lead to an infinite loop.
1337 * Fix handling of arbitrary new PAC types.
1340 o Qiao Yang <geoyang@ironport.com>
1344 ######################################################################
1345 Reporting bugs & Development Discussion
1346 #######################################
1348 Please discuss this release on the samba-technical mailing list or by
1349 joining the #samba-technical IRC channel on irc.freenode.net.
1351 If you do report problems then please try to send high quality
1352 feedback. If you don't provide vital information to help us track down
1353 the problem then you will probably be ignored. All bug reports should
1354 be filed under the Samba 3.2 product in the project's Bugzilla
1355 database (https://bugzilla.samba.org/).
1358 ======================================================================
1359 == Our Code, Our Bugs, Our Responsibility.
1361 ======================================================================
1364 ----------------------------------------------------------------------
1367 ==============================
1368 Release Notes for Samba 3.2.3
1370 ==============================
1372 This is a security release in order to address CVE-2008-3789 ("Wrong
1373 permissions of group_mapping.ldb").
1376 The file group_mapping.ldb is created with
1377 the permissions 0666. That means everyone
1378 is able to edit this file and might map any
1381 The original security announcement for this and past advisories can
1382 be found http://www.samba.org/samba/security/
1385 ######################################################################
1392 o Andrew Tridgell <tridge@samba.org>
1393 * Fix for CVE-2008-3789.
1396 ######################################################################
1397 Reporting bugs & Development Discussion
1398 #######################################
1400 Please discuss this release on the samba-technical mailing list or by
1401 joining the #samba-technical IRC channel on irc.freenode.net.
1403 If you do report problems then please try to send high quality
1404 feedback. If you don't provide vital information to help us track down
1405 the problem then you will probably be ignored. All bug reports should
1406 be filed under the Samba 3.2 product in the project's Bugzilla
1407 database (https://bugzilla.samba.org/).
1410 ======================================================================
1411 == Our Code, Our Bugs, Our Responsibility.
1413 ======================================================================
1416 ----------------------------------------------------------------------
1419 ==============================
1420 Release Notes for Samba 3.2.2
1422 ==============================
1424 This is a bug fix release of the Samba 3.2 series.
1426 Major bug fixes included in Samba 3.2.2 are:
1428 o Fix removal of dead records in tdb files. This can lead to very large
1429 tdb files and to overflowing partitions as a consequence on systems
1430 running an nmbd daemon.
1431 o Fix "force group" in setups using Winbind.
1432 o Fix freezing Windows Explorer on WinXP while browsing Samba shares.
1433 This one led to timeouts during printing as well.
1434 o Fix assigning of primary group memberships when authenticating via
1436 o Fix creation and installation of shared libraries.
1439 ######################################################################
1447 o Michael Adam <obnox@samba.org>
1448 * BUG 5592: Fix creation and installation of shared libraries.
1449 * Fix replacement of random seed generator.
1450 * Fix a race condition in idmap_tdb2_allocate_id().
1451 * Fix unix_convert() for "*" after changing map_nt_error_from_unix().
1452 * Make sure to always set errno on error path in OpenDir.
1455 o Jeremy Allison <jra@samba.org>
1456 * BUG 5675: Fix smbspool program assuming Kerberos authentication by
1458 * BUG 5686: Fix segfaults in libsmbclient.
1459 * BUG 5692: Fix coredump in full_audit.so.
1460 * BUG 5696: Fix "force group" in setups using Winbind.
1461 * Rename cifs.spnego to cifs.upcall.
1462 * Fix segfault in cifs.upcall when it is called without any arguments.
1463 * Fix coverity ID 594 (resource leak on error path).
1464 * Fix assigning of primary group memberships when authenticating via
1466 * Several build fixes.
1469 o Bartosz Antosik <antosik@gmail.com>
1470 * BUG #5617: Fix freezing Windows Explorer on WinXP while browsing
1474 o Andrew Bartlett <abartlet@samba.org>
1475 * Include stdlib.h to get a prototype for free().
1478 o Yannick Bergeron <yaberger@ca.ibm.com>
1479 * Solve an IBM XL C/C++ compiler error encountered in get_exit_code()
1480 auth_errors array initialization in client/smbspool.c.
1481 * Use NGROUPS_MAX instead of 32 for the max group value in
1485 o Günther Deschner <gd@samba.org>
1486 * Fix build warning.
1487 * Add add c++ guard to netapi.
1490 o Steve French <stevef@smf-t60p.smfdom>
1491 * Fix compile warning in cifs.upcall.
1492 * Add "dns_resolver" key type to cifs.upcall.
1495 o SATOH Fumiyasu <fumiyas@osstech.co.jp>
1496 * BUG 5688: Fix orphaned LPQ processes if socket address is invalid.
1499 o Volker Lendecke <vl@samba.org>
1500 * BUG 5684: Fix removal of dead records in tdb files.
1501 * Fix coverity IDs 595, 596.
1502 * Fix smb_len calculation for chained requests.
1505 o Herb Lewis <herb@samba.org>
1506 * Fix output of test status.
1509 o Jim McDonough <jmcd@samba.org>
1510 * Fix smbclient connections to older servers.
1513 o Andrew Tridgell <tridge@samba.org>
1514 * Fix a fd leak when trying to regain contact to a domain controller
1516 * Fix permissions on ctdb databases.
1517 * Fix passing back success when a function had in fact failed in two
1521 ######################################################################
1522 Reporting bugs & Development Discussion
1523 #######################################
1525 Please discuss this release on the samba-technical mailing list or by
1526 joining the #samba-technical IRC channel on irc.freenode.net.
1528 If you do report problems then please try to send high quality
1529 feedback. If you don't provide vital information to help us track down
1530 the problem then you will probably be ignored. All bug reports should
1531 be filed under the Samba 3.2 product in the project's Bugzilla
1532 database (https://bugzilla.samba.org/).
1535 ======================================================================
1536 == Our Code, Our Bugs, Our Responsibility.
1538 ======================================================================
1541 ----------------------------------------------------------------------
1544 ==============================
1545 Release Notes for Samba 3.2.1
1547 ==============================
1549 This is the second stable release of Samba 3.2.
1551 Major bug fixes included in Samba 3.2.1 are:
1553 o Race condition in Winbind leading to a crash.
1554 o Regression in Winbindd offline mode.
1555 o Flushing of smb.conf when creating a new share using SWAT.
1556 o Setting of ACEs in setups with "dos filemode = yes".
1559 ######################################################################
1567 o Michael Adam <obnox@samba.org>
1568 * BUG 5608: Fix link creation for libtalloc.so.1 (and friends) on
1570 * BUG 5594: Fix "make test" by adding and using a new testparm
1571 switch "--skip-logic-checks".
1572 * Fix creation of libaddns.a, libsmbclient.a and libsharemodes.a.
1573 * Update the section about net conf in the net(8) manpage.
1574 * Improve processing of registry shares.
1575 * Fix listing of registry shares with testparm.
1576 * Fix several build issues.
1579 o Jeremy Allison <jra@samba.org>
1580 * BUG 5578: Fix error from strlcat.
1581 * BUG 5613: Fix flushing of smb.conf when creating a new share using SWAT.
1582 * Ensure consistent use of pdb_get_nt_passwd instead of
1583 pdb_get_lanman_passwd.
1584 * Remove worrying warning message when safe_strcpy tries to copy a
1585 pseaudo interface name that's too long.
1586 * Canonicalize servername in the printer functions to remove leading
1588 * Fix option processing in smbcacls - add POPT_COMMON_CONNECTION.
1589 * Fix bug creating files using DOS clients with mixed case files.
1590 * Fix uninitialized variable.
1593 o Yannick Bergeron <yaberger@ca.ibm.com>
1594 * Fix compile error on AIX 6.1
1597 o Jim Brown <jim.brown@miami.edu>
1598 * Fix SGI compiler warnings.
1601 o Günther Deschner <gd@samba.org>
1602 * BUG 5616: Fix session keys also in rpccli_netr_LogonSamLogonEx wrapper.
1603 * BUG 5570: Fix bogus error message during AD domain join.
1604 * Fix trusted domain handling in Winbindd.
1605 * Fix build warning.
1608 o SATOH Fumiyasu <fumiyas@osstech.co.jp>
1609 * BUG 5202: Fix setting of ACEs for users/groups with write access
1610 in setups with 'dos filemode = yes'.
1611 * Re-activate 'acl group control' parameter and make it only apply
1615 o Volodymyr Khomenko <Volodymyr.Khomenko@exanet.com>
1616 * Make ntimes function more like POSIX and allow NULL arg.
1619 o Volker Lendecke <vl@samba.org>
1620 * BUG 5512: Fix alignment problems on sparc.
1621 * BUG 5616: Fix share connections in setups with
1622 "server signing = mandatory" or SMB signing set on the client side.
1623 * Fix a race condition in Winbind leading to a crash.
1624 * Fix a segfault in base64_encode_data_blob.
1625 * Fix some uninitialized variable references via ndr_print.
1626 * Fix error message if trying to join with a non-privileged user.
1627 * Fix setups using "include = registry" without [global] settings
1629 * Fix "net sam rights" on domain member servers.
1630 * Add documentation for the vfs streams modules.
1633 o Herb Lewis <herb@samba.org>
1634 * Cleanup some duplicate code by passing the password to the wbinfo_auth*
1636 * Allow SID with 0 in subauthority to be converted properly.
1639 o Zach Loafman <zachary.loafman@isilon.com>
1640 * Set sin[6]_family instead of ss_family in in[6]_addr_to_sockaddr_storage.
1641 * Fix realpath() check so that it doesn't generate a core() when it fails.
1644 o Jim McDonough <jmcd@samba.org>
1645 * Fix overwriting of winbind logfiles.
1648 o Lars Müller <lars@samba.org>
1649 * Fix "vfs_full_audit.c: name table not in sync with vfs.h" panic.
1652 o Darshan Purandare <dpurandare@isilon.com>
1653 * Add broadcasting of the debug message to all winbindd children.
1656 o Karolin Seeger <kseeger@samba.org>
1657 * BUG 5635: Fix updating of printer queues.
1660 o Andreas Schneider <anschneider@suse.de>
1661 * Release still reachable memory if the smbclient context is freed.
1662 * Remove trailing withespace from wbinfo -m which breaks gdm auth.
1665 o Simo Sorce <idra@samba.org>
1666 * BUG 5540: Fix "set primary group script" user option substitution.
1667 * Fix regression in Winbindd offline mode.
1670 o Bo Yang <boyang@novell.com>
1671 * Allow authentication and memory credential refresh after password
1672 change from gdm/xdm.
1673 * Allow %u parameters for print job username.
1676 ######################################################################
1677 Reporting bugs & Development Discussion
1678 #######################################
1680 Please discuss this release on the samba-technical mailing list or by
1681 joining the #samba-technical IRC channel on irc.freenode.net.
1683 If you do report problems then please try to send high quality
1684 feedback. If you don't provide vital information to help us track down
1685 the problem then you will probably be ignored. All bug reports should
1686 be filed under the Samba 3.2 product in the project's Bugzilla
1687 database (https://bugzilla.samba.org/).
1690 ======================================================================
1691 == Our Code, Our Bugs, Our Responsibility.
1693 ======================================================================
1696 ----------------------------------------------------------------------
1699 ==============================
1700 Release Notes for Samba 3.2.0
1702 ==============================
1704 This is the first stable release of Samba 3.2.0.
1706 Please be aware that Samba is now distributed under the version 3
1707 of the new GNU General Public License. You may refer to the COPYING
1708 file that accompanies these release notes for further licensing details.
1710 Major enhancements in Samba 3.2.0 include:
1713 o Use of IDL generated parsing layer for several DCE/RPC
1715 o Removal of the 1024 byte limit on pathnames and 256 byte limit on
1716 filename components to honor the MAX_PATH setting from the host OS.
1717 o Introduction of a registry based configuration system.
1718 o Improved CIFS Unix Extensions support.
1719 o Experimental support for file serving clusters.
1720 o Support for IPv6 in the server, and client tools and libraries.
1721 o Support for storing alternate data streams in xattrs.
1722 o Encrypted SMB transport in client tools and libraries, and server.
1723 o Support for Vista clients authenticating via Kerberos.
1725 Winbind and Active Directory Integration:
1726 o Full support for Windows 2003 cross-forest, transitive trusts
1727 and one-way domain trusts.
1728 o Support for userPrincipalName logons via pam_winbind and NSS
1730 o Expansion of nested domain groups via NSS calls.
1731 o Support for Active Directory LDAP Signing policy.
1732 o New LGPL Winbind client library (libwbclient.so).
1733 o Support for establishing interdomain trust relationships with
1737 o New NetApi library for domain join related queries (libnetapi.so)
1738 and example GTK+ Domain join gui.
1739 o New client and server support for remotely joining and unjoining
1741 o Support for joining into Windows 2008 domains.
1744 o New ldb backend for local group mapping tables
1745 o Raised level of security defaults for authentication operations.
1746 o New NetApi library for user account related queries.
1750 Now Licensed under the GNU GPLv3
1751 ================================
1753 The Samba Team has adopted the Version 3 of the GNU General Public
1754 License for the 3.2 and later releases. The GPLv3 is the updated
1755 version of the GPLv2 license under which Samba is currently
1756 distributed. It has been updated to improve compatibility with other
1757 licenses and to make it easier to adopt internationally, and is an
1758 improved version of the license to better suit the needs of Free
1759 Software in the 21st Century.
1761 The original announcement is available on-line at
1763 http://news.samba.org/announcements/samba_gplv3/
1766 New Security Defaults for Authentication
1767 ========================================
1769 Support for LanMan passwords is now disabled in both client and server
1770 applications. Additionally, clear text authentication requests are
1771 disabled by default in client utilities such as smbclient and all
1772 libsmbclient based applications. This will affect connection both
1773 to and from hosts running DOS, Windows 9x/ME, and OS/2. Please refer
1774 to the "Changes" section for details on the exact parameters that were
1778 Registry Configuration Backend
1779 ==============================
1781 Samba is now able to use a registry based configuration backed to
1782 supplement smb.conf settings. This feature may be enabled by setting
1783 "config backend = registry" in the [global] section of smb.conf for a
1784 registry only configuration, or by specifying "include = registry" to
1785 include global options from registry for a mixed setup.
1787 The new parameter "registry shares = yes" in the [global] section of
1788 smb.conf can be used to activate share definitions from registry.
1789 These shares are loaded on demand by the server. Registry shares are
1790 automatically activated by the global registry options above.
1792 The configuration stored in registry can be conveniently managed using
1793 the "net conf" command.
1795 More information may be obtained from the smb.conf(5) and net(8) man
1802 Both the Python bindings and the libmsrpc shared library have been
1803 removed from the tree due to lack of an official maintainer.
1805 As smbfs is no longer supported in current kernel versions, smbmount has
1806 been removed in this Samba version. Please use cifs (mount.cifs) instead.
1807 See examples/scripts/mount/mount.smbfs as an example for a wrapper which
1808 calls mount.cifs instead of smbmount/mount.smbfs.
1811 Modified API for libsmbclient
1812 ==============================================================================
1814 Maintaining ABI compatibility for libsmbclient has become increasingly
1815 difficult to accomplish, while also keeping the code organization such that it
1816 is easily readable. Towards the goal of maintaining ABI compatibility and
1817 also keeping the code easy to maintain and enhance, the API has been enhanced.
1818 In particular, the fields in the SMBCCTX context structure are no longer
1819 intended to be read/write by the user, and are marked as deprecated. An
1820 application that previously accessed the members of the SMBCCTX context
1821 structure will now encounter warnings if recompiled. This is intentional, to
1822 encourage implementation of the small changes required for the new interface.
1823 The number of changes is expected to be quite small for the vast majority of
1824 applications, and no changes need be made for many applications. The changes
1825 required for KDE (konqueror) to conform to the new interface, for example, are
1826 only four lines in only one file.
1828 Instead of the application manually changing or reading values in the context
1829 structure, there are now setter and getter functions for each configurable
1830 member in that structure. Similarly, the smbc_option_get() and
1831 smbc_option_set() functions are deprecated in favor of the setter/getter
1832 interface. The setters and getters are all documented in libsmbclient.h
1833 under these comment blocks:
1835 Getters and setters for CONFIGURATION
1836 Getters and setters for OPTIONS
1837 Getters and setters for FUNCTIONS
1838 Callable functions for files
1839 Callable functions for directories
1840 Callable functions applicable to both files and directories
1842 Example changes that may be required to eliminate "deprecated" warnings:
1844 /* Set the debug level */
1845 context->debug = 99;
1847 smbc_setDebug(context, 99);
1849 /* Specify the authentication callback function */
1850 context->callbacks.auth_fn = auth_smbc_get_data;
1852 smbc_setFunctionAuthData(context, auth_smbc_get_data);
1854 /* Specify the new-style authentication callback with context parameter */
1855 smbc_option_set("auth_function", auth_smbc_get_data_with_ctx);
1857 smbc_setFunctionAuthDataWithContext(context, auth_smbc_get_data_with_ctx);
1859 /* Set kerberos flags */
1860 context->flags = (SMB_CTX_FLAG_USE_KERBEROS |
1861 SMB_CTX_FLAG_FALLBACK_AFTER_KERBEROS);
1863 smbc_setOptionUseKerberos(context, 1);
1864 smbc_setOptionFallbackAfterKerberos(context, 1);
1869 ######################################################################
1876 Parameter Name Description Default
1877 -------------- ----------- -------
1878 administrative share New No
1879 client lanman auth Changed Default No
1880 client ldap sasl wrapping New plain
1881 client plaintext auth Changed Default No
1883 cluster addresses New ""
1884 config backend New file
1887 lanman auth Changed Default No
1888 ldap connection timeout New 2
1889 ldap debug level New 0
1890 ldap debug threshold New 10
1892 min receive file size New 0
1893 open files database hashsize Removed
1895 registry shares New No
1896 smb encrypt New Auto
1897 winbind expand groups New 1
1898 winbind rpc only New No
1900 New special meaning of "include = registry".
1903 Changes since 3.2.0rc2:
1904 -----------------------
1907 o Jeremy Allison <jra@samba.org>
1908 * BUG 5531: Fix conversion of ns units when converting
1909 from nttime to timespec.
1910 * BUG 5533: Fix handling of workgroup names containing a '.' in Winbindd.
1911 * BUG 5551: Fix group enumeration with 'wbinfo -g' on PDCs.
1912 * BUG 5555: Fix setting of the password last set field during domain joins.
1913 * BUG 5568: Fix net rpc trustdom add.
1914 * Fix gcc warnings at -O3.
1917 o Michael Adam <obnox@samba.org>
1918 * BUG 5548: Fix segfaults in handle_include with %m macro expansion.
1919 * Add several tests to the testsuite.
1922 o Steven Danneman <steven.danneman@isilon.com>
1923 * Make winbindd enum users and groups async.
1926 o Günther Deschner <gd@samba.org>
1927 * BUG 5542: Fix empty passwords of samsync.
1930 o Volker Lendecke <vl@samba.org>
1931 * BUG 5500: Add missing become_root to enable access to LDAP DB.
1932 * Fix coverity IDs 464, 474.
1933 * Fix an uninitialized variable found by the IBM checker.
1934 * Fix group parsing in libwbclient's copy_group_entry().
1935 * Fix max_fd calculation in event_loop_once.
1936 * Fix warnings on Fedory Core 9.
1937 * Fix several memleaks.
1938 * Fix a segfaults in wbcLookupRids.
1939 * Fix a segfault in clitar.
1940 * Fix the build on FreeBSD 4.6.2 and Darwin.
1941 * Fix a double-closedir() in form_junctions().
1942 * Fix a crash in _dfs_Enum.
1943 * Fix a segfault in rpcclient adddriver.
1944 * Fix valgrind errors in _spoolss_addprinterdriver.
1945 * Fix warnings on SuSE 9.0.
1946 * Fix a file descriptor leak in add_port_hook.
1949 o William Jojo <jojowil@hvcc.edu>
1950 * Fix several AIX build issues.
1951 * Add -brtl to the AIX linker flags.
1954 o Atte Peltomäki <atte.peltomaki@f-secure.com>
1955 * Fix winbindd group expansion.
1958 o Andreas Schneider <anschneider@suse.de>
1959 * Add documentation for kerberos support in libsmbclient.
1960 * Add krb5 support for the testbrowse example.
1963 o John H Terpstra <jht@samba.org>
1964 * Fix net help info.
1965 * Add documentation for TDB file.
1968 o Bo Yang <boyang@novell.com>
1969 * Fix update of cached credentials during password change in pam_winbind.
1972 o Christoph Zauner <christoph.zauner@sernet.de>
1973 * Fix several typos in the man pages and the Samba3 HowTo Collection.
1977 ######################################################################
1978 Reporting bugs & Development Discussion
1979 #######################################
1981 Please discuss this release on the samba-technical mailing list or by
1982 joining the #samba-technical IRC channel on irc.freenode.net.
1984 If you do report problems then please try to send high quality
1985 feedback. If you don't provide vital information to help us track down
1986 the problem then you will probably be ignored. All bug reports should
1987 be filed under the Samba 3.2 product in the project's Bugzilla
1988 database (https://bugzilla.samba.org/).
1991 ======================================================================
1992 == Our Code, Our Bugs, Our Responsibility.
1994 ======================================================================
1997 ==============================
1998 Release Notes for Samba 3.2.11
2000 ==============================
2003 This is a maintenance release of the Samba 3.2 series.
2005 Major enhancements in 3.2.11 include:
2007 o Fix domain logins for WinXP clients pre SP3 (bug #6263).
2008 o Fix samr_OpenDomain access checks (bug #6089).
2009 o Fix smbd crash for close_on_completion.
2012 ######################################################################
2016 Changes since 3.2.10
2017 --------------------
2020 o Jeremy Allison <jra@samba.org>
2021 * BUG 6089: Fix samr_OpenDomain access checks.
2022 * BUG 6254: Fix IPv6 PUT/GET errors to an SMB server (3.3) with
2023 "msdfs root" set to "yes".
2024 * Allow pdbedit to change a user rid/sid.
2025 * When doing a cli_ulogoff don't invalidate the cnum, invalidate the vuid.
2028 o Günther Deschner <gd@samba.org>
2029 * BUG 6205: Correct sample smb.conf share configuration.
2030 * BUG 6263: Fix domain logins for WinXP clients pre SP3.
2031 * Fix resume command typo for "printing = vlp".
2034 o Volker Lendecke <vl@samba.org>
2035 * Fix smbd crash for close_on_completion.
2036 * Fix a memleak in an unlikely error path in change_notify_create().
2039 o Jim McDonough <jmcd@samba.org>
2040 * Don't look up local user for remote changes, even when root.
2043 ######################################################################
2044 Reporting bugs & Development Discussion
2045 #######################################
2047 Please discuss this release on the samba-technical mailing list or by
2048 joining the #samba-technical IRC channel on irc.freenode.net.
2050 If you do report problems then please try to send high quality
2051 feedback. If you don't provide vital information to help us track down
2052 the problem then you will probably be ignored. All bug reports should
2053 be filed under the Samba 3.2 product in the project's Bugzilla
2054 database (https://bugzilla.samba.org/).
2057 ======================================================================
2058 == Our Code, Our Bugs, Our Responsibility.
2060 ======================================================================
2063 ----------------------------------------------------------------------
2066 ==============================
2067 Release Notes for Samba 3.2.10
2069 ==============================
2072 This is a maintenance release of the Samba 3.2 series.
2074 In Samba 3.2.9, there is an issue while migrating passdb.tdb files from older
2075 Samba versions (e.g. 3.2.8). That causes panics of smbd child processes until
2076 the parent smbd is restarted once after converting the passdb.tdb file. This
2077 issue is fixed in Samba 3.2.10.
2079 Sorry for the inconveniences!
2081 ######################################################################
2089 o Michael Adam <obnox@samba.org>
2090 * BUG #6195: Don't let smbd child processes panic.
2093 ######################################################################
2094 Reporting bugs & Development Discussion
2095 #######################################
2097 Please discuss this release on the samba-technical mailing list or by
2098 joining the #samba-technical IRC channel on irc.freenode.net.
2100 If you do report problems then please try to send high quality
2101 feedback. If you don't provide vital information to help us track down
2102 the problem then you will probably be ignored. All bug reports should
2103 be filed under the Samba 3.2 product in the project's Bugzilla
2104 database (https://bugzilla.samba.org/).
2107 ======================================================================
2108 == Our Code, Our Bugs, Our Responsibility.
2110 ======================================================================
2113 ----------------------------------------------------------------------
2116 =============================
2117 Release Notes for Samba 3.2.9
2119 =============================
2122 This is a maintenance release of the Samba 3.2 series.
2124 Major enhancements included in Samba 3.2.9 are:
2126 o Migrating from 3.0.x to 3.3.x can fail to update passdb.tdb
2127 correctly (bug #6195).
2128 o Fix guest authentication in setups with "security = share" and
2129 "guest ok = yes" when Winbind is running.
2130 o Fix corruptions of source path in tar mode of smbclient (bug #6161).
2133 The original security announcement for this and past advisories can
2134 be found http://www.samba.org/samba/security/
2137 ######################################################################
2145 o Michael Adam <obnox@samba.org>
2146 * Add script fill-templates.
2147 * Make update-pkginfo callable from any directory.
2150 o Jeremy Allison <jra@samba.org>
2151 * BUG 6099: Samba returns incurrate capabilities list.
2152 * BUG 6133: Cannot delete non-ACL files on Solaris/ZFS/NFSv4 ACL
2154 * BUG 6161: smbclient corrupts source path in tar mode.
2155 * BUG 6195: Migrating from 3.0.x to 3.3.x can fail to update passdb.tdb
2157 * BUG 6196: Unable to serve files with colons to Linux CIFS/VFS client.
2158 * BUG 6224: nmbd waits 5 minutes at startup before checking if it needs to
2160 * Correctly use chroot().
2161 * Parameterize in local.h the MAX_RPC_DATA_SIZE, and ensure
2162 that "offered" read from the rpc packet in spoolss is under
2164 * Fix Coverity ID 602.
2165 * Backport the semantics of when to delete alternate data streams on a file
2167 * Allow set attributes on a stream fnum to be redirected to the base
2169 * Fix use of streams modules with CIFSFS client.
2170 * Fix more POSIX path lstat calls.
2171 * Allow DFS client paths to work when POSIX pathnames have been
2173 * Try and fix the build farm RAW-STREAMS errors.
2174 * Ensure files starting with multiple dots are hidden.
2177 o Steven Danneman <steven.danneman@isilon.com>
2178 * Fix guest auth when Winbind is running.
2181 o Günther Deschner <gd@samba.org>
2182 * BUG 6102: NetQueryDisplayInformation could return wrong information.
2183 * BUG 6193: Avoid messing with sync_context in fetch_database_to_ldif().
2184 * Fix memleak in get_remote_printer_publishing_data().
2185 * Add pidl in order to be able to regenerate librpc functions.
2186 * Fix Coverity IDs 722, 762.
2189 o Steve French <smfrench@gmail.com>
2190 * cifs mount fix for handling -V parameter.
2194 o Holger Hetterich <hhetter@novell.com>
2195 * Enable total anonymization in vfs_smb_traffic_analyzer.
2198 o Björn Jacke <bj@sernet.de>
2199 * Enable IPv6 support for NetBSD and FreeBSD.
2200 * Prefer gssapi header files from subdirectory.
2201 * Fix build on old Heimdal based systems.
2202 * Use parentheses in if condition to make negation clear.
2205 o Günter Kukkukk <linux@kukkukk.com>
2206 * Don't try and delete a default ACL from a file.
2209 o Jeff Layton <jlayton@redhat.com>
2210 * Initialize rc to 0 in main.
2213 o Volker Lendecke <vl@sernet.de>
2214 * BUG 6100: Complete fix.
2215 * BUG 6130: Don't crash in winbindd_rpc lookup_groupmem() on unmapped
2217 * BUG 6097: Fix smbd segfault.
2218 * Fix remotely adding a share via MMC.
2219 * Fix resume handle for _samr_EnumDomainGroups.
2220 * Fix Coverity IDs 742, 744, 745, 879, 880.
2221 * Fix a buffer handling bug when adding lots of registry keys.
2222 * Fix a O(n^2) algorithm in regdb_fetch_keys().
2223 * Fix an uninitialized variable warning.
2224 * Fix a valgrind error / segfault in dns_register_smbd().
2225 * Don't log NDR_PRINT_DEBUG at level 0, this always ends up in syslog.
2226 * Fix a malloc/talloc mismatch when cli_initialise() fails.
2227 * Fix a valgrind error.
2228 * Fix two memleaks in the encryption code.
2229 * Fix gcc 4.4 compile warning.
2230 * Fix a scary "fill_share_mode_lock failed" message.
2233 o Derrell Lipman <derrell@dworkin.(none)>
2234 * BUG 6228: Fix SMBC_open_ctx failure due to path resolve failure doesn't
2238 o Stefan Metzmacher <metze@samba.org
2239 * BUG 6100: Implement _netr_LogonGetCapabilities() with
2240 NT_STATUS_NOT_IMPLEMENTED.
2241 * Add S-1-22-X-Y sids to the local token.
2242 * Add idl for netr_LogonGetCapabilities().
2243 * Fix the build on SLES8.
2244 * Fix smb signing for fragmented trans/trans2/nttrans requests.
2247 o Glenn Machin <gmachin@sandia.gov>
2248 * Don't miss an absolute pathname as a kerberos keytab path.
2251 o Shirish Pargaonkar <shirishpargaonkar@gmail.com>
2252 * Clean-up entries in /etc/mtab after unmount.
2253 * Add fakemount (-f) and nomtab (-n) flags to mount.cifs.
2256 o Ted Percival <ted.percival@quest.com>
2257 * Fix a crash during name resolution when log level >= 10 and libc
2258 segfaults if printf is passed NULL for a "%s" arg (e.g. Solaris).
2261 o Tim Prouty <tprouty@samba.org>
2262 * Fix SMB_VFS_RECVFILE/SENDFILE macros.
2263 * Parse_packet can return NULL which is then dereferenced in
2264 match_mailslot_name.
2267 o Dan Sledz <dsledz@isilon.com>
2268 * Fix double free caused by incorrect talloc_steal usage.
2271 o Aravind Srinivasan <aravind.srinivasan@isilon.com>
2272 * Have nmbd check all available interfaces for WINS before failing.
2275 o Miguel Suarez <Miguel.Suarez@stratus.com>
2276 * BUG 6085: Fix build of vfs_default on systems without utime support.
2279 o Yasuma Takeda <yasuma@osstech.co.jp>
2280 * BUG 5920: The length of the memcpy was calculated wrong.
2281 * BUG 6098: Fix the ads_find_dc() with "security = domain" when the DNS
2285 o Andrew Tridgell <tridge@samba.org>
2286 * Fix a bug in message handling for code the change notify code.
2289 o Jelmer Vernooij <jelmer@samba.org>
2290 * Properly cast array length in print functions.
2293 o Bo Yang <boyang@novell.com>
2294 * Initialize the id_map status in idmap_ldap to avoid surprise.
2297 ######################################################################
2298 Reporting bugs & Development Discussion
2299 #######################################
2301 Please discuss this release on the samba-technical mailing list or by
2302 joining the #samba-technical IRC channel on irc.freenode.net.
2304 If you do report problems then please try to send high quality
2305 feedback. If you don't provide vital information to help us track down
2306 the problem then you will probably be ignored. All bug reports should
2307 be filed under the Samba 3.2 product in the project's Bugzilla
2308 database (https://bugzilla.samba.org/).
2311 ======================================================================
2312 == Our Code, Our Bugs, Our Responsibility.
2314 ======================================================================
2317 ----------------------------------------------------------------------
2320 =============================
2321 Release Notes for Samba 3.2.8
2323 =============================
2326 This is a bug fix release of the Samba 3.2 series.
2328 Major enhancements included in Samba 3.2.8 are:
2330 o Correctly detect if the current DC is the closest one.
2331 o Add saf_join_store() function to memorize the DC used at join time.
2332 This avoids problems caused by replication delays shortly after domain
2336 The original security announcement for this and past advisories can
2337 be found http://www.samba.org/samba/security/
2340 ######################################################################
2348 o Michael Adam <obnox@samba.org>
2349 * BUG 6066: netinet/ip.h present but cannot be compiled under Solaris.
2350 * Fix join by creating keytab after changing the config in libnet.
2351 * Streamline logic of libnet_join_post_processing() in libnet_join.
2352 * Fix build of [u]mount.cifs in the RHEL packaging.
2353 * Fix distclean target and add realdistclean target in the docs build.
2354 * Clean generated .png images and build/catalog.xml in "make clean".
2355 * Fix detection of netinet/ip.h on Solaris 8.
2358 o Jeremy Allison <jra@samba.org>
2359 * BUG 4308: Excel save operation corrupts file ACLs.
2360 * BUG 5979: Fix level 2 oplocks.
2361 * BUG 5980: Fix race condition when granting level2 oplocks can cause break
2362 notify to be missed.
2363 * BUG 5986: Fix renaming of streams.
2364 * BUG 5990: Strict allocate should be checked before ftruncate.
2365 * BUG 6009: Setting "min receivefile size = 1" breaks writes.
2366 * BUG 6016: Alternate Data Streams / Extended Attributes seem to conflict.
2367 * BUG 6017: Fix magic scripts.
2368 * BUG 6019: Fix file corruption in Clustered SMB/NFS environments managed via
2370 * BUG 6021: smbclient du command does not recuse properly.
2371 * BUG 6030: Add missing <th> header in Status page.
2372 * BUG 6035: Fix possible race between fcntl F_SETLKW and alarm delivery.
2373 * BUG 6040: Calling Samba print server with an aliased DNS-name fails.
2374 * Fix race condition in alarm lock processing.
2375 * Fix logic bug introduce in backport of ccache_regain_all_now.
2376 * Fix crash bug in SWAT.
2377 * Fix logic error in try_chown.
2378 * Fix detection of dns_sd libraries.
2381 o Kai Blin <kai@samba.org>
2382 * BUG 5953: Fix smbclient crashes.
2385 o Gerald (Jerry) Carter <jerry@samba.org>
2386 * Fix "allow trusted domain" so it disables trusted domains.
2389 o Guenther Deschner <gd@samba.org>
2390 * Fix buffer allocation in eventlog read call.
2391 * Fix various invalid memcpy in read_package_entry().
2394 o SATOH Fumiyasu <fumiyas@osstech.co.jp>
2395 * Variables for signals must be volatile sig_atomic_t in Winbind.
2396 * Fix gmem->numgids and gmem->maxgids breakage on Solaris 64-bit.
2397 * Fix a compile-time warning.
2398 * Fix SIGBUS on non-x86 CPUs in libsmbclient.
2401 o Björn Jacke <bj@sernet.de>
2402 * Correct the description of the "ldap timeout" parameter.
2403 * Fix build with external dns_sd libraries.
2406 o Jeff Layton <jlayton@redhat.com>
2407 * Allow mounts to ipv6 capable servers in mount.cifs.
2410 o Volker Lendecke <vl@sernet.de>
2411 * BUG 5933: Fix incrementing/decrementing num_validated_vuids.
2412 * BUG 5953: Make cli_send_smb_direct_writeX use writev.
2413 * BUG 5965: Fix creation of the first share using SWAT.
2414 * BUG 5969: Optimize smbclient put command.
2415 * BUG 6014: mget shouldn't segfault without arguments.
2416 * Fix error code when smbclient puts a file over an existing directory.
2417 * Fix a valgrind error.
2418 * Fix a "ignoring function call result" warning.
2420 * Add write_data_iov.
2421 * Make write_data use write_data_iov.
2422 * Fix a memory leak in cups_pull_comment_location.
2423 * Fix an ancient uninitialized variable read.
2424 * Fix a bad memleak in vfs_full_audit.
2425 * Fix several valgrind errors.
2426 * Fix 'net rpc join' for users with the SeMachineAccountPrivilege.
2429 o Herb Lewis <hlewis@chomps.localdomain>
2430 * Don't return 0 on error in smbcacls - bad for scripts.
2433 o Derrell Lipman <derrell.lipman@unwireduniverse.com>
2434 * Determine case sensitivity based on file system attributes in
2438 o Stefan Metzmacher <metze@samba.org>
2439 * Correctly detect if the current dc is the closest one.
2440 * Use get_dc_name() instead of get_sorted_dc_list() in the LDAP case.
2441 * Fallback to returning all DCs, when none is available in the requested
2443 * Add saf_join_store() function.
2444 * Use DS_FORCE_REDISCOVERY in libnet_join.
2445 * Use dbwrap to open sessionid.tdb in net status.
2446 * Fix dbwrap_store_uint32() to match dbwrap_store_int32().
2447 * Handle the SMB signing states the same in the krb5 and ntlmssp cases in
2449 * Re-add "fileid:algorithm" as option in vfs_fileid.
2450 * Add vfs_fileid manpage.
2453 o Lars Müller <lars@samba.org>
2454 * Tweak with pam defines of older Linux versions.
2455 * Adjust regex to match variable names including underscores.
2456 * Conditional install of the cifs.upcall man page.
2459 o Tim Prouty <tprouty@samba.org>
2460 * Fix stream marshalling to return the correct streaminfo status.
2461 * Fix a delete on close divergence from Windows.
2462 * Allow renames of streams via NTRENAME and fix stream error codes on
2464 * Remove a few unnecessary checks from the streams depot module and fix to
2466 * Remove a few unnecessary checks from the streams xattr module.
2467 * Remove a few unnecessary checks from the streams xattr module.
2470 o Andreas Schneider <anschneider@suse.de>
2471 * Fix a segfault if ? is there but the options are NULL.
2472 * Avoid flooding of syslog with failing pam_putenv messages.
2473 * Document default of the printing config variable.
2474 * Use talloc_tos() instead of the talloc NULL context.
2477 o Karolin Seeger <kseeger@samba.org>
2478 * BUG 6058: Use 'make distclean' instead of 'make clean' in build_docs.
2479 * BUG 6000: Avoid bashism in perfcount.init.
2480 * Change default value for "ldap ssl" to "start tls".
2481 * Several documentation improvements/typo fixes.
2482 * Fix syntax error in samba.spec.tmpl.
2483 * Check if Unix account exists before asking for the password in smbpasswd.
2484 * Add manpage for vfs_shadow_copy2.
2487 o Richard Sharpe <realrichardsharpe@gmail.com>
2488 * Fix mistake in DEBUG message.
2491 o Andrew Tridgell <tridge@samba.org>
2492 * Keep compatibility with v3-0-ctdb name for fileid:mapping option.
2495 o Bo Yang <boyang@novell.com>
2496 * Clean event context after child is forked.
2497 * Refresh sequence number as soon as possible.
2498 * Don't set child->requests to NULL in parent after fork.
2499 * Backport of the clean event context after fork and
2500 krb5 refresh chain fixes.
2501 * Fix null pointer refrence in event context.
2502 * Don't send message to any other child in child process.
2503 * Fix bug in get_dc_name_via_netlogon(), null pointer refrence.
2506 ######################################################################
2507 Reporting bugs & Development Discussion
2508 #######################################
2510 Please discuss this release on the samba-technical mailing list or by
2511 joining the #samba-technical IRC channel on irc.freenode.net.
2513 If you do report problems then please try to send high quality
2514 feedback. If you don't provide vital information to help us track down
2515 the problem then you will probably be ignored. All bug reports should
2516 be filed under the Samba 3.2 product in the project's Bugzilla
2517 database (https://bugzilla.samba.org/).
2520 ======================================================================
2521 == Our Code, Our Bugs, Our Responsibility.
2523 ======================================================================
2526 ----------------------------------------------------------------------
2529 =============================
2530 Release Notes for Samba 3.2.7
2532 =============================
2535 This is a security release in order to address CVE-2009-0022.
2538 In Samba 3.2.0 to 3.2.6, in setups with registry shares enabled,
2539 access to the root filesystem ("/") is granted
2540 when connecting to a share called "" (empty string)
2541 using old versions of smbclient (before 3.0.28).
2543 The original security announcement for this and past advisories can
2544 be found http://www.samba.org/samba/security/
2547 ######################################################################
2555 o Michael Adam <obnox@samba.org>
2556 * Fix for CVE-2009-0022.
2559 ######################################################################
2560 Reporting bugs & Development Discussion
2561 #######################################
2563 Please discuss this release on the samba-technical mailing list or by
2564 joining the #samba-technical IRC channel on irc.freenode.net.
2566 If you do report problems then please try to send high quality
2567 feedback. If you don't provide vital information to help us track down
2568 the problem then you will probably be ignored. All bug reports should
2569 be filed under the Samba 3.2 product in the project's Bugzilla
2570 database (https://bugzilla.samba.org/).
2573 ======================================================================
2574 == Our Code, Our Bugs, Our Responsibility.
2576 ======================================================================
2579 ----------------------------------------------------------------------
2582 ==============================
2583 Release Notes for Samba 3.2.6
2585 ==============================
2588 This is a bug fix release of the Samba 3.2 series.
2590 Major enhancements included in Samba 3.2.6 are:
2592 o Fix Winbind crash bugs.
2593 o Fix moving of readonly files.
2594 o Fix "write list" in setups using "security = share".
2595 o Fix access to cups-printers with cups 1.3.4.
2596 o Fix timeouts in setups with large groups.
2597 o Fix several bugs concerning Alternate Data Streams.
2598 o Add new SMB traffic analyzer VFS module.
2601 ######################################################################
2609 o Michael Adam <obnox@samba.org>
2610 * BUG 5677: Fix test_{shlibs,nss_modules,pam_modules} on Solaris.
2611 * BUG 5765: Fix installlibs on solaris by using portable "test -r".
2612 * Fix potential segfault in vfs_tsmsm.
2613 * Don't list the domain twice when expanding internal aliases.
2614 * Fix the output of "getent group" when "winbind use default domain = yes"
2615 with "security = ads".
2616 * Add domain prefix to username in lookup_groupmem().
2617 * Prevent negative GM/ cache entries due to broken connections.
2618 * Fix crash in sync_eventlog_params().
2619 * Fix timeouts when calling 'getgrent'.
2620 * Fix smbd hanging on Solaris when winbindd closes socket.
2623 o Jeremy Allison <jra@samba.org>
2624 * BUG 1254: Fix "write list" in setups using "security = share".
2625 * BUG 5080: Fix access to cups-printers with cups 1.3.4.
2626 * BUG 5737: Fix Winbind crash in an unusual failure mode.
2627 * BUG 5783: Fix FindFirst where search pattern equals the mangled filename.
2628 * BUG 5790: Fix returning of STATUS_OBJECT_NAME_NOT_FOUND on set file
2630 * BUG 5797: Fix moving of readonly files.
2631 * BUG 5814: Fix Winbind crash bug while doing "rescan_trusted_domain".
2632 * BUG 5818: Sort ACEs in smbcacl output properly and honor inheritance.
2633 * BUG 5825: Fix account locking with LDAP backend.
2634 * BUG 5826: Fix truncated filenames when accessing old servers.
2635 * BUG 5889: Fix "delete veto files = no".
2636 * BUG 5891: Fix smbd crash when viewing the eventlog exported by "eventlog
2638 * BUG 5900: Fix vfs_readonly.
2639 * BUG 5903: Fix vfs_streams_xattr breaking contents of files.
2640 * BUG 5904: Fix libnss_wins causing SIGABRT while servicing getaddrinfo()
2642 * BUG 5914: Fix build failure: redefinition of struct name_list.
2643 * BUG 5937: Fix filenames with "*" char hiding other files.
2644 * BUG 5953: Fix smbclient crashes.
2645 * Fix rename_open_files.
2646 * Restructure VFS SMB traffic analyzer VFS module.
2647 * Correctly fix smbclient to terminate on eof from server.
2648 * Unify access checks for lsa server functions.
2649 * Remove the requirement for ldap call made as root.
2650 * Cope with MAXIMUM_ALLOWED_ACCESS requests when opening handles.
2651 * Fix net rpc vampire, based on an *amazing* piece of debugging work by
2652 "Cooper S. Blake" <the_analogkid@yahoo.com>.
2653 * Fix Coverity IDs 456, 574, 592, 606 and 607.
2654 * Fix net rpc vampire.
2657 o Gerald (Jerry) Carter <jerry@samba.org>
2658 * Use the same prerequisite for DDNS update as Windows XP.
2659 * Make "lwinet ads dns register" honor the "interfaces" parameter.
2662 o Steven Danneman <steven.danneman@isilon.com>
2663 * Fix extended DN parse error when AD object does not have a SID.
2666 o Guenther Deschner <gd@samba.org>
2667 * BUG 5888: Fix PNP_GetHwProfInfo().
2668 * BUG 5957: Do not abort rename process on valid rename script.
2669 * BUG 5898: Fix 'net rpc shutdown'.
2670 * Fix duplicate installation of cifs.upcall.
2671 * Fix _srvsvc_NetShareAdd segfault.
2672 * Ensure consistency when reporting password complexity.
2673 * Fix _lsa_GetUserName.
2674 * Fix access check in _samr_QuerySecurity().
2675 * _samr_DeleteUser needs to wipe out the user_handle on success.
2676 * NetGroupEnum_r needs to handle servers with no groups.
2679 o Mathias Dietz <MDIETZ@de.ibm.com>
2680 * Search for gpfs functions in both libgpfs_gpl.so an libgpfs.so.
2683 o Dina Fine <dina@exanet.com>
2684 * BUG 5908: Fix internal change notify on shared directory.
2687 o Nils Goroll <nils.goroll@hamburg.de>
2688 * BUG 5135 and 5446: Prevent calling POSIX ACL vfs methods on zfs share.
2691 o Henning Henkel <henning.henkel@fh-furtwangen.de>
2692 * BUG 5929: Fix building of vfs_prealloc with option --with-cluster-support
2696 o Holger Hetterich <hhetter@novell.com>
2697 * Add new VFS module to analyze SMB traffic
2700 o Tomasz Krasuski <kr0tki@poczta.onet.pl>
2701 * BUG 5928: Fix 'testparm --version'.
2704 o Jeff Layton <jlayton@redhat.com>
2705 * Have uppercase_string return success on NULL pointer in mount.cifs.
2706 * Make mount.cifs return codes match the return codes for /bin/mount.
2707 * Use lock/unlock_mtab scheme from util-linux-ng mount prog in mount.cifs.
2710 o Volker Lendecke <vl@samba.org>
2711 * BUG 5691: Fig smbd panic on Solaris.
2712 * BUG 5778: Check if strlcpy and strlcat are already defined.
2713 * BUG 5840: Fix segfault in "rpcclient lsaaddacctrights".
2714 * BUG 5860: Fix nasty error message for overlong strings in safe_strcpy.
2715 * Fix a potential NULL deref in found by the IBM Checker.
2716 * Fix an uninitialized variable found by the IBM Checker.
2717 * Fix an unlikely memleak found by the IBM Checker.
2718 * Fix some missing error handlings.
2719 * Add workaround for domain joins using a netbios name which is different
2721 * Fix crash bug when freeing a non-malloc'ed buffer if the client sends a
2722 non-encrypted packet with the crypto state set.
2723 * Fix trans2findfirst for the large directory optimization.
2724 * Fix checking for presence of cups-devel and correct cups-devel test for
2728 o Derrell Lipman <derrell.lipman@unwireduniverse.com>
2729 * BUG 5805: Don't close stdout when calling setup_logging multiple times.
2732 o Stefan Metzmacher <metze@samba.org>
2733 * Fix setting of trust password using 'net rpc trustdom add'.
2734 * Fix several issues in vfs_streams_xattr and vfs_stream_depot.
2735 * Return an error instead of crashing when no realm is given (trigerred by
2736 "net ads info -S 127.8.7.6" (where 127.8.7.6 doesn't exist)
2737 and "disable netbios = yes").
2740 o Jim McDonough <jmcd@samba.org>
2741 * Fix the new vfs_smb_traffic_analyzer build for static links.
2744 o TAKAHASHI Motonobu <monyo@samba.gr.jp>
2745 * BUG 5901: Fix default for streams_depot location.
2748 o Tim Prouty <tim.prouty@isilon.com>
2749 * Fix several build warnings.
2752 o Andreas Schneider <mail@cynapses.org>
2753 * Delete the krb5 ccname variable from the PAM environment if set.
2754 * Fix circular dependency error with autoconf 2.6.3.
2757 o Martin Schwenke <martin@meltin.net>
2758 * Add @CIFSUPCALL_PROGS@ to "all" target so cifs.upcall gets built at
2759 compile time rather than install time.
2762 o Davide Sfriso <sfriso@virgilio.it>
2763 * BUG 5906: Fix Winbind crash when calling 'getent group'.
2766 o Dan Sledz <dsledz@isilon.com>
2767 * Add FreeBSD configure check for backtrace_symbols.
2768 * Fix logging to syslog.
2769 * Allow SYSLOG_FACILITY to be modified with a new configure option called
2770 --with-syslog-facility.
2773 o Yasuma Takeda <yasuma@osstech.co.jp>
2774 * BUG 5909: Fix MS-DFS on Vista clients.
2775 * BUG 5944: Fix starting of nmbd with "socket address" set to "".
2778 o Andrew Tridgell <tridge@samba.org>
2779 * Fix segfault on startup with trusted domains.
2780 * Re-add "winbind:ignore domains" parameter.
2783 o Jelmer Vernooij <jelmer@samba.org>
2784 * Avoid freeing fsp twice when opening new_file fails (Debian #431696).
2787 ######################################################################
2788 Reporting bugs & Development Discussion
2789 #######################################
2791 Please discuss this release on the samba-technical mailing list or by
2792 joining the #samba-technical IRC channel on irc.freenode.net.
2794 If you do report problems then please try to send high quality
2795 feedback. If you don't provide vital information to help us track down
2796 the problem then you will probably be ignored. All bug reports should
2797 be filed under the Samba 3.2 product in the project's Bugzilla
2798 database (https://bugzilla.samba.org/).
2801 ======================================================================
2802 == Our Code, Our Bugs, Our Responsibility.
2804 ======================================================================
2807 ----------------------------------------------------------------------
2810 ==============================
2811 Release Notes for Samba 3.2.5
2813 ==============================
2816 This is a security release in order to address CVE-2008-4314 ("Potential leak of
2817 arbitrary memory contents").
2820 Samba 3.0.29 to 3.2.4 can potentially leak
2821 arbitrary memory contents to malicious
2824 The original security announcement for this and past advisories can
2825 be found http://www.samba.org/samba/security/
2827 ######################################################################
2835 o Volker Lendecke <vl@samba.org>
2836 * Fix for CVE-2008-4314.
2839 ######################################################################
2840 Reporting bugs & Development Discussion
2841 #######################################
2843 Please discuss this release on the samba-technical mailing list or by
2844 joining the #samba-technical IRC channel on irc.freenode.net.
2846 If you do report problems then please try to send high quality
2847 feedback. If you don't provide vital information to help us track down
2848 the problem then you will probably be ignored. All bug reports should
2849 be filed under the Samba 3.2 product in the project's Bugzilla
2850 database (https://bugzilla.samba.org/).
2853 ======================================================================
2854 == Our Code, Our Bugs, Our Responsibility.
2856 ======================================================================
2859 ----------------------------------------------------------------------
2862 ==============================
2863 Release Notes for Samba 3.2.4
2865 ==============================
2868 This is a bug fix release of the Samba 3.2 series.
2870 Major bug fixes included in Samba 3.2.4 are:
2872 o Fix Winbind crashes.
2873 o Fix changing of machine account passwords.
2874 o Fix non guest connections to shares when "security = share"
2876 o Fix file write times.
2879 ######################################################################
2887 o Michael Adam <obnox@samba.org>
2888 * BUG 5590: Fix binary stripping on older OS.
2889 * BUG 5492: Fix RHEL SPEC file by removing libmsrpc stuff.
2890 * BUG 5507: Fix several issues in the RHEL SPEC file.
2891 * Fix linking of cifs.upcall when nscd_flush_cache() is found.
2894 o Jeremy Allison <jra@samba.org>
2895 * BUG 5052: Allow inheritable permissions.
2896 * BUG 5697: Fix spinning of nmbd in reload_interfaces when only loopback
2897 has an IPv4 address.
2898 * BUG 5698: Fix non guest connections to shares when "security = share"
2900 * BUG 5729: Explicitly allow "-valid".
2901 * BUG 5745: Fix Kerberos authentication with (lib)smbclient.
2902 * BUG 5751: Fix showing of ACLs on DFS in (lib)smbclient.
2903 * BUG 5761: Fix opening of mangled directory name (resulted
2904 'is a stream name').
2905 * Fix the wcache_invalidate_samlogon calls.
2906 * Add st_birthtime and friends for accurate create times on *BSD and MacOSX.
2907 * Clarify usage of "force create mode".
2908 * Write times code update.
2911 o Gerald (Jerry) Carter <jerry@samba.org>
2912 * Fix Winbind crash.
2913 * idmap_ad: Fix a segfault when calling nss_get_info() with a NULL ads
2917 o Steven Danneman <steven.danneman@isilon.com>
2918 * Fix build warnings.
2919 * Cleanup of DC enumeration in get_dcs().
2922 o Günther Deschner <gd@samba.org>
2923 * BUG 5710: Fix changing of machine account passwords.
2924 * Fix several build warnings.
2925 * Fix invalid sid copy (hit when enumerating sibling domains) in Winbind.
2928 o James Ding <ding_cc@hotmail.com>
2929 * BUG 5736: Fix Winbind crash bug with trusted domains.
2932 o Ephi Dror <Ephi.Dror@datadomain.com>
2933 * Correct the netsamlogon_clear_cached_user function.
2936 o Jeff Layton <jlayton@redhat.com>
2937 * Fix handling of MSKRB5 OID in cifs.upcall.
2938 * Fix build warnings in cifs.upcall.
2939 * Change default install location of cifs.upcall to EPREFIX/sbin.
2940 * Enable building of cifs.upcall by default on Linux.
2943 o Volker Lendecke <vl@sernet.de>
2944 * BUG 5707: Do proper error handling if the socket is closed.
2945 * Fix calculation of useable_space for trans2 and nttrans replies.
2946 * Fix Coverity ID 587.
2947 * Add mapping of generic bits when setting an NFSv4 ACL.
2950 o Stefan Metzmacher <metze@samba.org>
2951 * Some write time fixes.
2954 o David Leonard <David.Leonard@quest.com>
2955 * BUG 4516: No IPv6 on Solaris 2.6.
2958 o Simo Sorce <idra@samba.org>
2959 * BUG 5571: Fix group memeberships in Winbind.
2962 o Timur <timur@FreeBSD.org>
2963 * Fix cut and paste error in quota code.
2964 * Fix display of POSIX ACLs.
2965 * Fix aio on FreeBSD.
2968 o Andrew Tridgell <tridge@samba.org>
2969 * Avoid a race condition in glibc between AIO and setresuid().
2970 * Add missing become root for AIO operations.
2971 * Fix logic of tsmsm_sendfile().
2972 * Fix an errno handling bug that could lead to an infinite loop.
2973 * Fix handling of arbitrary new PAC types.
2976 o Qiao Yang <geoyang@ironport.com>
2980 ######################################################################
2981 Reporting bugs & Development Discussion
2982 #######################################
2984 Please discuss this release on the samba-technical mailing list or by
2985 joining the #samba-technical IRC channel on irc.freenode.net.
2987 If you do report problems then please try to send high quality
2988 feedback. If you don't provide vital information to help us track down
2989 the problem then you will probably be ignored. All bug reports should
2990 be filed under the Samba 3.2 product in the project's Bugzilla
2991 database (https://bugzilla.samba.org/).
2994 ======================================================================
2995 == Our Code, Our Bugs, Our Responsibility.
2997 ======================================================================
3000 ----------------------------------------------------------------------
3003 ==============================
3004 Release Notes for Samba 3.2.3
3006 ==============================
3008 This is a security release in order to address CVE-2008-3789 ("Wrong
3009 permissions of group_mapping.ldb").
3012 The file group_mapping.ldb is created with
3013 the permissions 0666. That means everyone
3014 is able to edit this file and might map any
3017 The original security announcement for this and past advisories can
3018 be found http://www.samba.org/samba/security/
3021 ######################################################################
3028 o Andrew Tridgell <tridge@samba.org>
3029 * Fix for CVE-2008-3789.
3032 ######################################################################
3033 Reporting bugs & Development Discussion
3034 #######################################
3036 Please discuss this release on the samba-technical mailing list or by
3037 joining the #samba-technical IRC channel on irc.freenode.net.
3039 If you do report problems then please try to send high quality
3040 feedback. If you don't provide vital information to help us track down
3041 the problem then you will probably be ignored. All bug reports should
3042 be filed under the Samba 3.2 product in the project's Bugzilla
3043 database (https://bugzilla.samba.org/).
3046 ======================================================================
3047 == Our Code, Our Bugs, Our Responsibility.
3049 ======================================================================
3052 ----------------------------------------------------------------------
3055 ==============================
3056 Release Notes for Samba 3.2.2
3058 ==============================
3060 This is a bug fix release of the Samba 3.2 series.
3062 Major bug fixes included in Samba 3.2.2 are:
3064 o Fix removal of dead records in tdb files. This can lead to very large
3065 tdb files and to overflowing partitions as a consequence on systems
3066 running an nmbd daemon.
3067 o Fix "force group" in setups using Winbind.
3068 o Fix freezing Windows Explorer on WinXP while browsing Samba shares.
3069 This one led to timeouts during printing as well.
3070 o Fix assigning of primary group memberships when authenticating via
3072 o Fix creation and installation of shared libraries.
3075 ######################################################################
3083 o Michael Adam <obnox@samba.org>
3084 * BUG 5592: Fix creation and installation of shared libraries.
3085 * Fix replacement of random seed generator.
3086 * Fix a race condition in idmap_tdb2_allocate_id().
3087 * Fix unix_convert() for "*" after changing map_nt_error_from_unix().
3088 * Make sure to always set errno on error path in OpenDir.
3091 o Jeremy Allison <jra@samba.org>
3092 * BUG 5675: Fix smbspool program assuming Kerberos authentication by
3094 * BUG 5686: Fix segfaults in libsmbclient.
3095 * BUG 5692: Fix coredump in full_audit.so.
3096 * BUG 5696: Fix "force group" in setups using Winbind.
3097 * Rename cifs.spnego to cifs.upcall.
3098 * Fix segfault in cifs.upcall when it is called without any arguments.
3099 * Fix coverity ID 594 (resource leak on error path).
3100 * Fix assigning of primary group memberships when authenticating via
3102 * Several build fixes.
3105 o Bartosz Antosik <antosik@gmail.com>
3106 * BUG #5617: Fix freezing Windows Explorer on WinXP while browsing
3110 o Andrew Bartlett <abartlet@samba.org>
3111 * Include stdlib.h to get a prototype for free().
3114 o Yannick Bergeron <yaberger@ca.ibm.com>
3115 * Solve an IBM XL C/C++ compiler error encountered in get_exit_code()
3116 auth_errors array initialization in client/smbspool.c.
3117 * Use NGROUPS_MAX instead of 32 for the max group value in
3121 o Günther Deschner <gd@samba.org>
3122 * Fix build warning.
3123 * Add add c++ guard to netapi.
3126 o Steve French <stevef@smf-t60p.smfdom>
3127 * Fix compile warning in cifs.upcall.
3128 * Add "dns_resolver" key type to cifs.upcall.
3131 o SATOH Fumiyasu <fumiyas@osstech.co.jp>
3132 * BUG 5688: Fix orphaned LPQ processes if socket address is invalid.
3135 o Volker Lendecke <vl@samba.org>
3136 * BUG 5684: Fix removal of dead records in tdb files.
3137 * Fix coverity IDs 595, 596.
3138 * Fix smb_len calculation for chained requests.
3141 o Herb Lewis <herb@samba.org>
3142 * Fix output of test status.
3145 o Jim McDonough <jmcd@samba.org>
3146 * Fix smbclient connections to older servers.
3149 o Andrew Tridgell <tridge@samba.org>
3150 * Fix a fd leak when trying to regain contact to a domain controller
3152 * Fix permissions on ctdb databases.
3153 * Fix passing back success when a function had in fact failed in two
3157 ######################################################################
3158 Reporting bugs & Development Discussion
3159 #######################################
3161 Please discuss this release on the samba-technical mailing list or by
3162 joining the #samba-technical IRC channel on irc.freenode.net.
3164 If you do report problems then please try to send high quality
3165 feedback. If you don't provide vital information to help us track down
3166 the problem then you will probably be ignored. All bug reports should
3167 be filed under the Samba 3.2 product in the project's Bugzilla
3168 database (https://bugzilla.samba.org/).
3171 ======================================================================
3172 == Our Code, Our Bugs, Our Responsibility.
3174 ======================================================================
3177 ----------------------------------------------------------------------
3180 ==============================
3181 Release Notes for Samba 3.2.1
3183 ==============================
3185 This is the second stable release of Samba 3.2.
3187 Major bug fixes included in Samba 3.2.1 are:
3189 o Race condition in Winbind leading to a crash.
3190 o Regression in Winbindd offline mode.
3191 o Flushing of smb.conf when creating a new share using SWAT.
3192 o Setting of ACEs in setups with "dos filemode = yes".
3195 ######################################################################
3203 o Michael Adam <obnox@samba.org>
3204 * BUG 5608: Fix link creation for libtalloc.so.1 (and friends) on
3206 * BUG 5594: Fix "make test" by adding and using a new testparm
3207 switch "--skip-logic-checks".
3208 * Fix creation of libaddns.a, libsmbclient.a and libsharemodes.a.
3209 * Update the section about net conf in the net(8) manpage.
3210 * Improve processing of registry shares.
3211 * Fix listing of registry shares with testparm.
3212 * Fix several build issues.
3215 o Jeremy Allison <jra@samba.org>
3216 * BUG 5578: Fix error from strlcat.
3217 * BUG 5613: Fix flushing of smb.conf when creating a new share using SWAT.
3218 * Ensure consistent use of pdb_get_nt_passwd instead of
3219 pdb_get_lanman_passwd.
3220 * Remove worrying warning message when safe_strcpy tries to copy a
3221 pseaudo interface name that's too long.
3222 * Canonicalize servername in the printer functions to remove leading
3224 * Fix option processing in smbcacls - add POPT_COMMON_CONNECTION.
3225 * Fix bug creating files using DOS clients with mixed case files.
3226 * Fix uninitialized variable.
3229 o Yannick Bergeron <yaberger@ca.ibm.com>
3230 * Fix compile error on AIX 6.1
3233 o Jim Brown <jim.brown@miami.edu>
3234 * Fix SGI compiler warnings.
3237 o Günther Deschner <gd@samba.org>
3238 * BUG 5616: Fix session keys also in rpccli_netr_LogonSamLogonEx wrapper.
3239 * BUG 5570: Fix bogus error message during AD domain join.
3240 * Fix trusted domain handling in Winbindd.
3241 * Fix build warning.
3244 o SATOH Fumiyasu <fumiyas@osstech.co.jp>
3245 * BUG 5202: Fix setting of ACEs for users/groups with write access
3246 in setups with 'dos filemode = yes'.
3247 * Re-activate 'acl group control' parameter and make it only apply
3251 o Volodymyr Khomenko <Volodymyr.Khomenko@exanet.com>
3252 * Make ntimes function more like POSIX and allow NULL arg.
3255 o Volker Lendecke <vl@samba.org>
3256 * BUG 5512: Fix alignment problems on sparc.
3257 * BUG 5616: Fix share connections in setups with
3258 "server signing = mandatory" or SMB signing set on the client side.
3259 * Fix a race condition in Winbind leading to a crash.
3260 * Fix a segfault in base64_encode_data_blob.
3261 * Fix some uninitialized variable references via ndr_print.
3262 * Fix error message if trying to join with a non-privileged user.
3263 * Fix setups using "include = registry" without [global] settings
3265 * Fix "net sam rights" on domain member servers.
3266 * Add documentation for the vfs streams modules.
3269 o Herb Lewis <herb@samba.org>
3270 * Cleanup some duplicate code by passing the password to the wbinfo_auth*
3272 * Allow SID with 0 in subauthority to be converted properly.
3275 o Zach Loafman <zachary.loafman@isilon.com>
3276 * Set sin[6]_family instead of ss_family in in[6]_addr_to_sockaddr_storage.
3277 * Fix realpath() check so that it doesn't generate a core() when it fails.
3280 o Jim McDonough <jmcd@samba.org>
3281 * Fix overwriting of winbind logfiles.
3284 o Lars Müller <lars@samba.org>
3285 * Fix "vfs_full_audit.c: name table not in sync with vfs.h" panic.
3288 o Darshan Purandare <dpurandare@isilon.com>
3289 * Add broadcasting of the debug message to all winbindd children.
3292 o Karolin Seeger <kseeger@samba.org>
3293 * BUG 5635: Fix updating of printer queues.
3296 o Andreas Schneider <anschneider@suse.de>
3297 * Release still reachable memory if the smbclient context is freed.
3298 * Remove trailing withespace from wbinfo -m which breaks gdm auth.
3301 o Simo Sorce <idra@samba.org>
3302 * BUG 5540: Fix "set primary group script" user option substitution.
3303 * Fix regression in Winbindd offline mode.
3306 o Bo Yang <boyang@novell.com>
3307 * Allow authentication and memory credential refresh after password
3308 change from gdm/xdm.
3309 * Allow %u parameters for print job username.
3312 ######################################################################
3313 Reporting bugs & Development Discussion
3314 #######################################
3316 Please discuss this release on the samba-technical mailing list or by
3317 joining the #samba-technical IRC channel on irc.freenode.net.
3319 If you do report problems then please try to send high quality
3320 feedback. If you don't provide vital information to help us track down
3321 the problem then you will probably be ignored. All bug reports should
3322 be filed under the Samba 3.2 product in the project's Bugzilla
3323 database (https://bugzilla.samba.org/).
3326 ======================================================================
3327 == Our Code, Our Bugs, Our Responsibility.
3329 ======================================================================
3332 ----------------------------------------------------------------------
3335 ==============================
3336 Release Notes for Samba 3.2.0
3338 ==============================
3340 This is the first stable release of Samba 3.2.0.
3342 Please be aware that Samba is now distributed under the version 3
3343 of the new GNU General Public License. You may refer to the COPYING
3344 file that accompanies these release notes for further licensing details.
3346 Major enhancements in Samba 3.2.0 include:
3349 o Use of IDL generated parsing layer for several DCE/RPC
3351 o Removal of the 1024 byte limit on pathnames and 256 byte limit on
3352 filename components to honor the MAX_PATH setting from the host OS.
3353 o Introduction of a registry based configuration system.
3354 o Improved CIFS Unix Extensions support.
3355 o Experimental support for file serving clusters.
3356 o Support for IPv6 in the server, and client tools and libraries.
3357 o Support for storing alternate data streams in xattrs.
3358 o Encrypted SMB transport in client tools and libraries, and server.
3359 o Support for Vista clients authenticating via Kerberos.
3361 Winbind and Active Directory Integration:
3362 o Full support for Windows 2003 cross-forest, transitive trusts
3363 and one-way domain trusts.
3364 o Support for userPrincipalName logons via pam_winbind and NSS
3366 o Expansion of nested domain groups via NSS calls.
3367 o Support for Active Directory LDAP Signing policy.
3368 o New LGPL Winbind client library (libwbclient.so).
3369 o Support for establishing interdomain trust relationships with
3373 o New NetApi library for domain join related queries (libnetapi.so)
3374 and example GTK+ Domain join gui.
3375 o New client and server support for remotely joining and unjoining
3377 o Support for joining into Windows 2008 domains.
3380 o New ldb backend for local group mapping tables
3381 o Raised level of security defaults for authentication operations.
3382 o New NetApi library for user account related queries.
3386 Now Licensed under the GNU GPLv3
3387 ================================
3389 The Samba Team has adopted the Version 3 of the GNU General Public
3390 License for the 3.2 and later releases. The GPLv3 is the updated
3391 version of the GPLv2 license under which Samba is currently
3392 distributed. It has been updated to improve compatibility with other
3393 licenses and to make it easier to adopt internationally, and is an
3394 improved version of the license to better suit the needs of Free
3395 Software in the 21st Century.
3397 The original announcement is available on-line at
3399 http://news.samba.org/announcements/samba_gplv3/
3402 New Security Defaults for Authentication
3403 ========================================
3405 Support for LanMan passwords is now disabled in both client and server
3406 applications. Additionally, clear text authentication requests are
3407 disabled by default in client utilities such as smbclient and all
3408 libsmbclient based applications. This will affect connection both
3409 to and from hosts running DOS, Windows 9x/ME, and OS/2. Please refer
3410 to the "Changes" section for details on the exact parameters that were
3414 Registry Configuration Backend
3415 ==============================
3417 Samba is now able to use a registry based configuration backed to
3418 supplement smb.conf settings. This feature may be enabled by setting
3419 "config backend = registry" in the [global] section of smb.conf for a
3420 registry only configuration, or by specifying "include = registry" to
3421 include global options from registry for a mixed setup.
3423 The new parameter "registry shares = yes" in the [global] section of
3424 smb.conf can be used to activate share definitions from registry.
3425 These shares are loaded on demand by the server. Registry shares are
3426 automatically activated by the global registry options above.
3428 The configuration stored in registry can be conveniently managed using
3429 the "net conf" command.
3431 More information may be obtained from the smb.conf(5) and net(8) man
3438 Both the Python bindings and the libmsrpc shared library have been
3439 removed from the tree due to lack of an official maintainer.
3441 As smbfs is no longer supported in current kernel versions, smbmount has
3442 been removed in this Samba version. Please use cifs (mount.cifs) instead.
3443 See examples/scripts/mount/mount.smbfs as an example for a wrapper which
3444 calls mount.cifs instead of smbmount/mount.smbfs.
3447 Modified API for libsmbclient
3448 ==============================================================================
3450 Maintaining ABI compatibility for libsmbclient has become increasingly
3451 difficult to accomplish, while also keeping the code organization such that it
3452 is easily readable. Towards the goal of maintaining ABI compatibility and
3453 also keeping the code easy to maintain and enhance, the API has been enhanced.
3454 In particular, the fields in the SMBCCTX context structure are no longer
3455 intended to be read/write by the user, and are marked as deprecated. An
3456 application that previously accessed the members of the SMBCCTX context
3457 structure will now encounter warnings if recompiled. This is intentional, to
3458 encourage implementation of the small changes required for the new interface.
3459 The number of changes is expected to be quite small for the vast majority of
3460 applications, and no changes need be made for many applications. The changes
3461 required for KDE (konqueror) to conform to the new interface, for example, are
3462 only four lines in only one file.
3464 Instead of the application manually changing or reading values in the context
3465 structure, there are now setter and getter functions for each configurable
3466 member in that structure. Similarly, the smbc_option_get() and
3467 smbc_option_set() functions are deprecated in favor of the setter/getter
3468 interface. The setters and getters are all documented in libsmbclient.h
3469 under these comment blocks:
3471 Getters and setters for CONFIGURATION
3472 Getters and setters for OPTIONS
3473 Getters and setters for FUNCTIONS
3474 Callable functions for files
3475 Callable functions for directories
3476 Callable functions applicable to both files and directories
3478 Example changes that may be required to eliminate "deprecated" warnings:
3480 /* Set the debug level */
3481 context->debug = 99;
3483 smbc_setDebug(context, 99);
3485 /* Specify the authentication callback function */
3486 context->callbacks.auth_fn = auth_smbc_get_data;
3488 smbc_setFunctionAuthData(context, auth_smbc_get_data);
3490 /* Specify the new-style authentication callback with context parameter */
3491 smbc_option_set("auth_function", auth_smbc_get_data_with_ctx);
3493 smbc_setFunctionAuthDataWithContext(context, auth_smbc_get_data_with_ctx);
3495 /* Set kerberos flags */
3496 context->flags = (SMB_CTX_FLAG_USE_KERBEROS |
3497 SMB_CTX_FLAG_FALLBACK_AFTER_KERBEROS);
3499 smbc_setOptionUseKerberos(context, 1);
3500 smbc_setOptionFallbackAfterKerberos(context, 1);
3505 ######################################################################
3512 Parameter Name Description Default
3513 -------------- ----------- -------
3514 administrative share New No
3515 client lanman auth Changed Default No
3516 client ldap sasl wrapping New plain
3517 client plaintext auth Changed Default No
3519 cluster addresses New ""
3520 config backend New file
3523 lanman auth Changed Default No
3524 ldap connection timeout New 2
3525 ldap debug level New 0
3526 ldap debug threshold New 10
3528 min receive file size New 0
3529 open files database hashsize Removed
3531 registry shares New No
3532 smb encrypt New Auto
3533 winbind expand groups New 1
3534 winbind rpc only New No
3536 New special meaning of "include = registry".
3539 Changes since 3.2.0rc2:
3540 -----------------------
3543 o Jeremy Allison <jra@samba.org>
3544 * BUG 5531: Fix conversion of ns units when converting
3545 from nttime to timespec.
3546 * BUG 5533: Fix handling of workgroup names containing a '.' in Winbindd.
3547 * BUG 5551: Fix group enumeration with 'wbinfo -g' on PDCs.
3548 * BUG 5555: Fix setting of the password last set field during domain joins.
3549 * BUG 5568: Fix net rpc trustdom add.
3550 * Fix gcc warnings at -O3.
3553 o Michael Adam <obnox@samba.org>
3554 * BUG 5548: Fix segfaults in handle_include with %m macro expansion.
3555 * Add several tests to the testsuite.
3558 o Steven Danneman <steven.danneman@isilon.com>
3559 * Make winbindd enum users and groups async.
3562 o Günther Deschner <gd@samba.org>
3563 * BUG 5542: Fix empty passwords of samsync.
3566 o Volker Lendecke <vl@samba.org>
3567 * BUG 5500: Add missing become_root to enable access to LDAP DB.
3568 * Fix coverity IDs 464, 474.
3569 * Fix an uninitialized variable found by the IBM checker.
3570 * Fix group parsing in libwbclient's copy_group_entry().
3571 * Fix max_fd calculation in event_loop_once.
3572 * Fix warnings on Fedory Core 9.
3573 * Fix several memleaks.
3574 * Fix a segfaults in wbcLookupRids.
3575 * Fix a segfault in clitar.
3576 * Fix the build on FreeBSD 4.6.2 and Darwin.
3577 * Fix a double-closedir() in form_junctions().
3578 * Fix a crash in _dfs_Enum.
3579 * Fix a segfault in rpcclient adddriver.
3580 * Fix valgrind errors in _spoolss_addprinterdriver.
3581 * Fix warnings on SuSE 9.0.
3582 * Fix a file descriptor leak in add_port_hook.
3585 o William Jojo <jojowil@hvcc.edu>
3586 * Fix several AIX build issues.
3587 * Add -brtl to the AIX linker flags.
3590 o Atte Peltomäki <atte.peltomaki@f-secure.com>
3591 * Fix winbindd group expansion.
3594 o Andreas Schneider <anschneider@suse.de>
3595 * Add documentation for kerberos support in libsmbclient.
3596 * Add krb5 support for the testbrowse example.
3599 o John H Terpstra <jht@samba.org>
3600 * Fix net help info.
3601 * Add documentation for TDB file.
3604 o Bo Yang <boyang@novell.com>
3605 * Fix update of cached credentials during password change in pam_winbind.
3608 o Christoph Zauner <christoph.zauner@sernet.de>
3609 * Fix several typos in the man pages and the Samba3 HowTo Collection.
3613 ######################################################################
3614 Reporting bugs & Development Discussion
3615 #######################################
3617 Please discuss this release on the samba-technical mailing list or by
3618 joining the #samba-technical IRC channel on irc.freenode.net.
3620 If you do report problems then please try to send high quality
3621 feedback. If you don't provide vital information to help us track down
3622 the problem then you will probably be ignored. All bug reports should
3623 be filed under the Samba 3.2 product in the project's Bugzilla
3624 database (https://bugzilla.samba.org/).
3627 ======================================================================
3628 == Our Code, Our Bugs, Our Responsibility.
3630 ======================================================================