1 ==============================
2 Release Notes for Samba 3.5.22
4 ==============================
7 This is a security release in order to address
8 CVE-2013-4124 (Missing integer wrap protection in EA list reading can cause
9 server to loop with DOS).
12 All current released versions of Samba are vulnerable to a denial of
13 service on an authenticated or guest connection. A malformed packet
14 can cause the smbd server to loop the CPU performing memory
15 allocations and preventing any further service.
17 A connection to a file share, or a local account is needed to exploit
18 this problem, either authenticated or unauthenticated if guest
19 connections are allowed.
21 This flaw is not exploitable beyond causing the code to loop
22 allocating memory, which may cause the machine to exceed memory
29 o Jeremy Allison <jra@samba.org>
30 * BUG 10010: CVE-2013-4124: Missing integer wrap protection in EA list
31 reading can cause server to loop with DOS.
34 ######################################################################
35 Reporting bugs & Development Discussion
36 #######################################
38 Please discuss this release on the samba-technical mailing list or by
39 joining the #samba-technical IRC channel on irc.freenode.net.
41 If you do report problems then please try to send high quality
42 feedback. If you don't provide vital information to help us track down
43 the problem then you will probably be ignored. All bug reports should
44 be filed under the Samba 3.5 product in the project's Bugzilla
45 database (https://bugzilla.samba.org/).
48 ======================================================================
49 == Our Code, Our Bugs, Our Responsibility.
51 ======================================================================
54 Release notes for older releases follow:
55 ----------------------------------------
57 ==============================
58 Release Notes for Samba 3.5.21
60 ==============================
63 This is a security release in order to address
64 CVE-2013-0213 (Clickjacking issue in SWAT) and
65 CVE-2013-0214 (Potential XSRF in SWAT).
68 All current released versions of Samba are vulnerable to clickjacking in the
69 Samba Web Administration Tool (SWAT). When the SWAT pages are integrated into
70 a malicious web page via a frame or iframe and then overlaid by other content,
71 an attacker could trick an administrator to potentially change Samba settings.
73 In order to be vulnerable, SWAT must have been installed and enabled
74 either as a standalone server launched from inetd or xinetd, or as a
75 CGI plugin to Apache. If SWAT has not been installed or enabled (which
76 is the default install state for Samba) this advisory can be ignored.
79 All current released versions of Samba are vulnerable to a cross-site
80 request forgery in the Samba Web Administration Tool (SWAT). By guessing a
81 user's password and then tricking a user who is authenticated with SWAT into
82 clicking a manipulated URL on a different web page, it is possible to manipulate
85 In order to be vulnerable, the attacker needs to know the victim's password.
86 Additionally SWAT must have been installed and enabled either as a standalone
87 server launched from inetd or xinetd, or as a CGI plugin to Apache. If SWAT has
88 not been installed or enabled (which is the default install state for Samba)
89 this advisory can be ignored.
95 o Kai Blin <kai@samba.org>
96 * BUG 9576: CVE-2013-0213: Fix clickjacking issue in SWAT.
97 * BUG 9577: CVE-2013-0214: Fix potential XSRF in SWAT.
100 ######################################################################
101 Reporting bugs & Development Discussion
102 #######################################
104 Please discuss this release on the samba-technical mailing list or by
105 joining the #samba-technical IRC channel on irc.freenode.net.
107 If you do report problems then please try to send high quality
108 feedback. If you don't provide vital information to help us track down
109 the problem then you will probably be ignored. All bug reports should
110 be filed under the Samba 3.5 product in the project's Bugzilla
111 database (https://bugzilla.samba.org/).
114 ======================================================================
115 == Our Code, Our Bugs, Our Responsibility.
117 ======================================================================
120 ----------------------------------------------------------------------
123 ==============================
124 Release Notes for Samba 3.5.20
126 ==============================
129 This is the latest stable release of Samba 3.5.
131 Major enhancements in Samba 3.5.20 include:
133 o Fix segfaults in log level = 10 on Solaris (bug #9390).
134 o Apply ACL masks correctly when setting ACLs (bug #9236).
137 Changes since 3.5.19:
138 ---------------------
140 o Jeremy Allison <jra@samba.org>
141 * BUG 7781: Samba transforms ShareName to lowercase (sharename) when adding
143 * BUG 9236: Apply ACL masks correctly when setting ACLs.
144 * BUG 9455: munmap called for an address location not mapped by Samba.
147 o Björn Baumbach <bb@sernet.de>
148 * BUG 9345: Fix usage of <smbconfoption> tag.
151 o Stefan Metzmacher <metze@samba.org>
152 * BUG 9390: Fix segfaults in log level = 10 on Solaris.
153 * BUG 9402: Fix dns updates against BIND9 (used in a Samba4 domain).
156 ######################################################################
157 Reporting bugs & Development Discussion
158 #######################################
160 Please discuss this release on the samba-technical mailing list or by
161 joining the #samba-technical IRC channel on irc.freenode.net.
163 If you do report problems then please try to send high quality
164 feedback. If you don't provide vital information to help us track down
165 the problem then you will probably be ignored. All bug reports should
166 be filed under the Samba 3.5 product in the project's Bugzilla
167 database (https://bugzilla.samba.org/).
170 ======================================================================
171 == Our Code, Our Bugs, Our Responsibility.
173 ======================================================================
176 ----------------------------------------------------------------------
179 ==============================
180 Release Notes for Samba 3.5.19
182 ==============================
185 This is the latest stable release of Samba 3.5.
187 Major enhancements in Samba 3.5.19 include:
189 o Connection to outbound trusted domain goes offline (bug #9016).
190 o ACL masks incorrectly applied when setting ACLs (bug #9236).
191 o Samba panics if a user specifies an invalid port number (bug #9218).
194 Changes since 3.5.18:
195 ---------------------
197 o Jeremy Allison <jra@samba.org>
198 * BUG 9016: Connection to outbound trusted domain goes offline.
199 * BUG 9117: smbclient can't connect to a Windows 7 server using NTLMv2.
200 * BUG 9213: Bad ASN.1 NegTokenInit packet can cause invalid free.
201 * BUG 9236: ACL masks incorrectly applied when setting ACLs.
204 o Andrew Bartlett <abartlet@samba.org>
205 * BUG 8788: libsmb: Initialise ticket to ensure we do not free invalid memory.
208 o Björn Jacke <bj@sernet.de>
209 * BUG 8344: autoconf: Fix --with(out)-sendfile-support option handling.
210 * BUG 8732: Fix compile of krb5 locator on Solaris.
211 * BUG 9172: Add quota support for gfs2.
214 o Matthieu Patou <mat@matws.net>
215 * BUG 9259: lib-addns: Ensure that allocated buffer are pre set to 0.
218 o Andreas Schneider <asn@samba.org>
219 * BUG 9218: Samba panics if a user specifies an invalid port number.
222 ######################################################################
223 Reporting bugs & Development Discussion
224 #######################################
226 Please discuss this release on the samba-technical mailing list or by
227 joining the #samba-technical IRC channel on irc.freenode.net.
229 If you do report problems then please try to send high quality
230 feedback. If you don't provide vital information to help us track down
231 the problem then you will probably be ignored. All bug reports should
232 be filed under the Samba 3.5 product in the project's Bugzilla
233 database (https://bugzilla.samba.org/).
236 ======================================================================
237 == Our Code, Our Bugs, Our Responsibility.
239 ======================================================================
242 ----------------------------------------------------------------------
245 ==============================
246 Release Notes for Samba 3.5.18
248 ==============================
251 This is the latest stable release of Samba 3.5.
253 Major enhancements in Samba 3.5.18 include:
255 o Fix a smbd crash in reply_lockingX_error (bug #9084).
256 o Fix Winbind crashes caused by mis-identified idle clients (bug #9104).
257 o Desktop Managers (xdm, gdm, lightdm...) crash with SIGSEGV in
258 _pam_winbind_change_pwd() when password is expiring (bug #9013).
261 Changes since 3.5.17:
262 ---------------------
264 o Michael Adam <obnox@samba.org>
265 * BUG 7788: Clarify the idmap_rid manpage.
268 o Jeremy Allison <jra@samba.org>
269 * BUG 9098: Winbind does not refresh Kerberos tickets.
270 * BUG 9147: Winbind can't fetch user or group info from AD via LDAP.
271 * BUG 9150: Valid open requests can cause smbd assert due to incorrect
272 oplock handling on delete requests.
275 o Neil R. Goldberg <ngoldber@mitre.org>
276 * BUG 9100: Winbind doesn't return "Domain Local" groups from own domain.
279 o Hargagan <shargagan@novell.com>
280 * BUG 9085: NMB registration for a duplicate workstation fails with
284 o Björn Jacke <bj@sernet.de>
285 * BUG 7814: Fix build of sysquote_xfs.
286 * BUG 8402: Winbind log spammed with idmap messages.
289 o Volker Lendecke <vl@samba.org>
290 * BUG 9084: Fix a smbd crash in reply_lockingX_error.
293 o Herb Lewis <hlewis@panasas.com>
294 * BUG 9104: Fix Winbind crashes caused by mis-identified idle clients.
297 o Luca Lorenzetto <lorenzetto-luca@ubuntu-it.org>
298 * BUG 9013: Desktop Managers (xdm, gdm, lightdm...) crash with SIGSEGV in
299 _pam_winbind_change_pwd() when password is expiring.
302 ######################################################################
303 Reporting bugs & Development Discussion
304 #######################################
306 Please discuss this release on the samba-technical mailing list or by
307 joining the #samba-technical IRC channel on irc.freenode.net.
309 If you do report problems then please try to send high quality
310 feedback. If you don't provide vital information to help us track down
311 the problem then you will probably be ignored. All bug reports should
312 be filed under the Samba 3.5 product in the project's Bugzilla
313 database (https://bugzilla.samba.org/).
316 ======================================================================
317 == Our Code, Our Bugs, Our Responsibility.
319 ======================================================================
322 ----------------------------------------------------------------------
325 ==============================
326 Release Notes for Samba 3.5.17
328 ==============================
331 This is the latest stable release of Samba 3.5.
334 Changes since 3.5.16:
335 ---------------------
337 o Jeremy Allison <jra@samba.org>
338 * BUG 9034: Fix typo in set_re_uid() call when USE_SETRESUID selected in
342 o Björn Jacke <bj@sernet.de>
343 * BUG 8996: Fix build without ads support.
344 * BUG 9011: Second part of a fix for bug #9011 (Build on HP-UX broken).
347 o Stefan Metzmacher <metze@samba.org>
348 * BUG 9022: Make vfs_gpfs less verbose in get/set_xattr functions.
351 ######################################################################
352 Reporting bugs & Development Discussion
353 #######################################
355 Please discuss this release on the samba-technical mailing list or by
356 joining the #samba-technical IRC channel on irc.freenode.net.
358 If you do report problems then please try to send high quality
359 feedback. If you don't provide vital information to help us track down
360 the problem then you will probably be ignored. All bug reports should
361 be filed under the Samba 3.5 product in the project's Bugzilla
362 database (https://bugzilla.samba.org/).
365 ======================================================================
366 == Our Code, Our Bugs, Our Responsibility.
368 ======================================================================
371 ----------------------------------------------------------------------
374 ==============================
375 Release Notes for Samba 3.5.16
377 ==============================
380 This is the latest stable release of Samba 3.5.
382 Major enhancements in Samba 3.5.16 include:
384 o Fix possible memory leaks in the Samba master process (bug #8970).
385 o Fix uninitialized memory read in talloc_free().
386 o Fix smbd crash with unknown user (bug #8314).
389 Changes since 3.5.15:
390 ---------------------
392 o Jeremy Allison <jra@samba.org>
393 * BUG 8314: Fix smbd crash with unknown user.
394 * BUG 8831: Fix inconsistent (with manpage) command-line switch for "help"
396 * BUG 8882: Fix processing of %U with vfs_full_audit when "force user"
398 * BUG 8897: winbind_krb5_locator only returns one IP address.
399 * BUG 8910: resolve_ads() code can return zero addresses and miss valid DC
401 * BUG 8957: Fix typo in pam_winbindd code.
402 * BUG 8972: Directory group write permission bit is set if unix extensions
404 * BUG 8974: Kernel oplocks are broken when uid(file) != uid(process).
405 * BUG 8989: Send correct responses to NT Transact Secondary when no data and
407 * BUG 8994: Fix "winbind normalize names".
410 o Andrew Bartlett <abartlet@samba.org>
411 * BUG 8599: Only use SamLogonEx when we can get unencrypted session keys.
412 * BUG 8943: Slow but responsive DC can lock up winbindd for > 10 minutes
416 o Björn Baumbach <bb@sernet.de>
417 * BUG 7564: Fix default name resolve order in the manpage.
420 o John Bradshaw <john@johnbradshaw.org>
421 * BUG 7938: Fix typo (overrided -> overridden) in Samba3-HOWTO.
424 o Olaf Flebbe <o.flebbe@science-computing.de>
425 * BUG 8552: Correct documentation of "case sensitive".
428 o Björn Jacke <bj@sernet.de>
429 * BUG 8869: Remove outdated netscape ds 5 schema file.
430 * BUG 9011: Fix build on HP-UX.
433 o Volker Lendecke <vl@samba.org>
434 * Fix uninitialized memory read in talloc_free().
435 * BUG 8338: OS/X can not deal with a 10-vwv read on normal files.
436 * BUG 8998: Notify code can miss a ChDir.
437 * BUG 9000: Fix a Winbind race leading to 100% CPU.
438 * BUG 9003: Fix posix acl on gpfs.
441 o Matthieu Patou <mat@matws.net>
442 * BUG 8975: Make sure that Winbind can coredump.
445 o Karolin Seeger <kseeger@samba.org>
446 * BUG 7930: Add hint that setting "profile acls = yes" on normal shares can
450 o Richard Sharpe <realrichardsharpe@gmail.com>
451 * BUG 8822: Fix building out-of-tree vfs modules.
452 * BUG 8970: Fix possible memory leaks in the Samba master process.
455 o Simo Sorce <idra@samba.org>
456 * BUG 8915: Fix pam_winbind build against newer iniparser library.
459 ######################################################################
460 Reporting bugs & Development Discussion
461 #######################################
463 Please discuss this release on the samba-technical mailing list or by
464 joining the #samba-technical IRC channel on irc.freenode.net.
466 If you do report problems then please try to send high quality
467 feedback. If you don't provide vital information to help us track down
468 the problem then you will probably be ignored. All bug reports should
469 be filed under the Samba 3.5 product in the project's Bugzilla
470 database (https://bugzilla.samba.org/).
473 ======================================================================
474 == Our Code, Our Bugs, Our Responsibility.
476 ======================================================================
479 ----------------------------------------------------------------------
482 ==============================
483 Release Notes for Samba 3.5.15
485 ==============================
488 This is a security release in order to address
489 CVE-2012-2111 (Incorrect permission checks when granting/removing
490 privileges can compromise file server security).
493 Samba 3.4.x to 3.6.4 are affected by a
494 vulnerability that allows arbitrary users
495 to modify privileges on a file server.
498 Changes since 3.5.14:
499 ---------------------
502 o Jeremy Allison <jra@samba.org>
503 * Fix incorrect permission checks when granting/removing
504 privileges (CVE-2012-2111).
507 ######################################################################
508 Reporting bugs & Development Discussion
509 #######################################
511 Please discuss this release on the samba-technical mailing list or by
512 joining the #samba-technical IRC channel on irc.freenode.net.
514 If you do report problems then please try to send high quality
515 feedback. If you don't provide vital information to help us track down
516 the problem then you will probably be ignored. All bug reports should
517 be filed under the Samba 3.5 product in the project's Bugzilla
518 database (https://bugzilla.samba.org/).
521 ======================================================================
522 == Our Code, Our Bugs, Our Responsibility.
524 ======================================================================
527 ----------------------------------------------------------------------
530 ==============================
531 Release Notes for Samba 3.5.14
533 ==============================
536 This is a security release in order to address
537 CVE-2012-1182 ("root" credential remote code execution).
540 Samba 3.0.x to 3.6.3 are affected by a
541 vulnerability that allows remote code
542 execution as the "root" user.
545 Changes since 3.5.13:
546 ---------------------
549 o Stefan Metzmacher <metze@samba.org>
550 *BUG 8815: PIDL based autogenerated code allows overwriting beyond of
551 allocated array (CVE-2012-1182).
554 ######################################################################
555 Reporting bugs & Development Discussion
556 #######################################
558 Please discuss this release on the samba-technical mailing list or by
559 joining the #samba-technical IRC channel on irc.freenode.net.
561 If you do report problems then please try to send high quality
562 feedback. If you don't provide vital information to help us track down
563 the problem then you will probably be ignored. All bug reports should
564 be filed under the Samba 3.5 product in the project's Bugzilla
565 database (https://bugzilla.samba.org/).
568 ======================================================================
569 == Our Code, Our Bugs, Our Responsibility.
571 ======================================================================
574 ----------------------------------------------------------------------
577 ==============================
578 Release Notes for Samba 3.5.13
580 ==============================
583 This is the latest stable release of Samba 3.5.
585 Major enhancements in Samba 3.5.13 include:
587 o Fix a crash bug in cldap_socket_recv_dgram() (bug #8593).
588 o Fully observe password change settings (bug #8561).
589 o Fix NT ACL issue (bug #8673).
590 o Fix segfault in Winbind if we can't map the last user (bug #8678).
593 Changes since 3.5.12:
597 o Michael Adam <obnox@samba.org>
598 * BUG 8327: Fix config reload to reload shares from registry.
601 o Jeremy Allison <jra@samba.org>
602 * BUG 8139: Ignore SMBecho errors.
603 * BUG 8521: Fix Winbind cache timeout expiry test.
604 * BUG 8561: Fully observe password change settings.
605 * BUG 8631: Fix POSIX ACE x permission mapping to and from a DACL.
606 * BUG 8636: When returning an ACL without SECINFO_DACL requested, we still
607 set SEC_DESC_DACL_PRESENT in the type field.
608 * BUG 8644: Make sure that vfs_acl_xattr and vfs_acl_tdb modules add
609 inheritable entries on a directory with no stored ACL.
610 * BUG 8663: Fix deleting a symlink if the symlink target is outside of the
612 * BUG 8664: Fix renaming a symlink if the symlink target is outside of the
614 * BUG 8673: Fix NT ACL issue.
615 * BUG 8679: Make sure that recvfile code path using splice() on Linux
616 does not leave data in the pipe on short write.
617 * BUG 8687: Fix typo in 'net memberships' usage.
620 o Christian Ambach <christian.ambach@de.ibm.com>
621 * BUG 8658: Add timeouts to Winbind cache.
624 o Andrew Bartlett <abartlet@samba.org>
625 * BUG 8727: Do not limit read replies to NBT packet sizes.
628 o Günther Deschner <gd@samba.org>
629 * BUG 8176: Fix perl path.
630 * BUG 8692: Fix malloc/talloc mismatch in ads_keytab_verify_ticket().
633 o Björn Jacke <bj@sernet.de>
634 * BUG 8652: Document the ignore system acls option of vfs_acl_xattr and
638 o Jeff Layton <jlayton@redhat.com>
639 * BUG 8648: Document more undocumented mount.cifs options.
642 o Volker Lendecke <vl@samba.org>
643 * BUG 8639: Fix the vfs_commit module.
644 * BUG 8686: Packet validation checks can be done before length validation
645 causing uninitialized memory read.
648 o Stefan Metzmacher <metze@samba.org>
649 * BUG 5326: Fix cli_write_and_x() against OS/2 print shares.
650 * BUG 8562: Fix double free error (talloc).
651 * BUG 8593: Fix a crash bug in cldap_socket_recv_dgram().
652 * BUG 8684: Try ctdbd_init_connection() as root.
655 o Masafumi Nakayama <MASA23@jp.ibm.com>
656 * BUG 563: Fix 'smbclient tar' for files greater than 8GB on BE machines.
659 o Matthieu Patou <mat@matws.net>
660 * BUG 8599: Make WINBINDD_PAM_AUTH_CRAP return valid user session key.
661 * BUG 8771: Make Winbind change faster from DC1 to DC2.
664 o Andreas Schneider <asn@samba.org>
665 * BUG 8608: Don't fail on users without a uid (Winbind).
666 * BUG 8628: Don't duplicate Kerberos service tickets.
667 * BUG 8645: Add missing prefixpath options for mount.cifs manpage.
668 * BUG 8658: Add an update function for Winbind cache.
669 * BUG 8678: Fix segfault in Winbind if we can't map the last user.
672 o Karolin Seeger <kseeger@samba.org>
673 * BUG 7705: Fix rpm build issues on RHEL4.
676 o Richard Sharpe <realrichardsharpe@gmail.com>
677 * BUG 8607: Simplify building modules outside the Samba source tree.
680 ######################################################################
681 Reporting bugs & Development Discussion
682 #######################################
684 Please discuss this release on the samba-technical mailing list or by
685 joining the #samba-technical IRC channel on irc.freenode.net.
687 If you do report problems then please try to send high quality
688 feedback. If you don't provide vital information to help us track down
689 the problem then you will probably be ignored. All bug reports should
690 be filed under the Samba 3.5 product in the project's Bugzilla
691 database (https://bugzilla.samba.org/).
694 ======================================================================
695 == Our Code, Our Bugs, Our Responsibility.
697 ======================================================================
700 ----------------------------------------------------------------------
703 ==============================
704 Release Notes for Samba 3.5.12
706 ==============================
709 This is the latest stable release of Samba 3.5.
711 Major enhancements in Samba 3.5.12 include:
713 o Fix race condition in Winbind (bug 7844).
714 o The VFS ACL modules are no longer experimental but production-ready.
717 Changes since 3.5.11:
721 o Jeremy Allison <jra@samba.org>
722 * BUG 7509: smb_acl_to_posix: ACL is invalid for set (Invalid argument).
723 * BUG 7551: Return error of cli_push when 'put - /some/file' is used.
724 * BUG 8156: 'net ads join' fails to use the user's kerberos ticket.
725 * BUG 8370: Fix vfs_chown_fsp.
726 * BUG 8422: Fix infinite loop in ACL module code.
727 * BUG 8443: Be smarter about setting default permissions when a ACL_USER_OBJ
729 * BUG 8458: IE9 on Windows 7 cannot download files to samba 3.5.11 share.
730 * BUG 8493: DFS breaks zip file extracting unless "follow symlinks = no"
732 * BUG 8507: Make smbd correctly honor the "force create mode" bits from a
734 * BUG 8541: Fix readlink() on Linux clients if the symlink target is
735 outside of the share.
736 * BUG 8542: smbclient posix_open command fails to return correct info on
740 o Pierre Carrier <pcarrier@redhat.com>
741 * BUG 8186: Allow changing the maximum number of simultaneous clients in
742 Winbind through an smb.conf option.
745 o Günther Deschner <gd@samba.org>
746 * BUG 7465: Fix 'net ads join -k' when KRB5CCNAME is not set.
747 * BUG 7888: Deal with buggy 3.0 based PDCs.
748 * BUG 8491: Fix some coverity issues.
751 o David Disseldorp <ddiss@suse.de>
752 * BUG 8480: acl_xattr can free an invalid pointer if no blob is loaded.
755 o Björn Jacke <bj@sernet.de>
756 * BUG 8256: Add man vfs_aio_fork.
757 * BUG 8362: Fix SWAT build issue on old glibc systems.
758 * BUG 8531: Make DSO_EXPORTS_CMD more portable.
761 o Volodymyr Khomenko <Volodymyr_Khomenko@dell.com>
762 * BUG 8515: Disallow "." in can_set_delete_on_close().
765 o Volker Lendecke <vl@samba.org>
766 * BUG 7844: Fix race condition in Winbind.
767 * BUG 8338: Add a fallback for missing open&x support in OS/X Lion.
768 * BUG 8420: Fix getent group if trusted domains are not reachable.
771 o Stefan Metzmacher <metze@samba.org
772 * BUG 8347: Fix regression on HP-UX, AIX and OSF introduced by the fix for
774 * BUG 8452: Check the wct of the incoming SMBnegprot responses in libsmb.
775 * BUG 8491: Fix some coverity issues.
778 ######################################################################
779 Reporting bugs & Development Discussion
780 #######################################
782 Please discuss this release on the samba-technical mailing list or by
783 joining the #samba-technical IRC channel on irc.freenode.net.
785 If you do report problems then please try to send high quality
786 feedback. If you don't provide vital information to help us track down
787 the problem then you will probably be ignored. All bug reports should
788 be filed under the Samba 3.5 product in the project's Bugzilla
789 database (https://bugzilla.samba.org/).
792 ======================================================================
793 == Our Code, Our Bugs, Our Responsibility.
795 ======================================================================
798 ----------------------------------------------------------------------
801 ==============================
802 Release Notes for Samba 3.5.11
804 ==============================
807 This is the latest stable release of Samba 3.5.
809 Major enhancements in Samba 3.5.11 include:
811 o Fix access to Samba shares when Windows security patch KB2536276 is installed
813 o Fix Winbind panics if verify_idpool() fails (bug #8253).
816 Changes since 3.5.10:
820 o Jeremy Allison <jra@samba.org>
821 * BUG 7462: Make SA_RESETHAND conditional on its existance.
822 * BUG 8254: Make "acl check permissions = no" working in all cases.
825 o Gregor Beck <gbeck@sernet.de>
826 * BUG 8253: Fix Winbind panics if verify_idpool() fails.
829 o David Disseldorp <ddiss@suse.de>
830 * BUG 8269: Stop spamming log with "Could not find child X -- ignoring"
834 o Björn Jacke <bj@sernet.de>
835 * BUG 7460: Include sys/file.h only when available.
838 o Volker Lendecke <vl@samba.org>
839 * BUG 7841: Explicitly pass domain_sid to wbint_LookupRids().
840 * BUG 8238: Fix access to Samba shares when Windows security patch
841 KB2536276 is installed.
842 * BUG 8322: Add HAVE_FUNCTION_ATTRIBUTE_DESTRUCTOR.
845 o Stefan Metzmacher <metze@samba.org>
846 * BUG 7841: Make WINBINDD_LOOKUPRIDS ask the right domain.
847 * BUG 8276: Close all sockets attached to a subnet in close_subnet().
850 ######################################################################
851 Reporting bugs & Development Discussion
852 #######################################
854 Please discuss this release on the samba-technical mailing list or by
855 joining the #samba-technical IRC channel on irc.freenode.net.
857 If you do report problems then please try to send high quality
858 feedback. If you don't provide vital information to help us track down
859 the problem then you will probably be ignored. All bug reports should
860 be filed under the Samba 3.5 product in the project's Bugzilla
861 database (https://bugzilla.samba.org/).
864 ======================================================================
865 == Our Code, Our Bugs, Our Responsibility.
867 ======================================================================
870 ----------------------------------------------------------------------
873 ==============================
874 Release Notes for Samba 3.5.10
876 ==============================
879 This is a security release in order to address
880 CVE-2011-2522 (Cross-Site Request Forgery in SWAT) and
881 CVE-2011-2694 (Cross-Site Scripting vulnerability in SWAT).
885 The Samba Web Administration Tool (SWAT) in Samba versions
886 3.0.x to 3.5.9 are affected by a cross-site request forgery.
890 The Samba Web Administration Tool (SWAT) in Samba versions
891 3.0.x to 3.5.9 are affected by a cross-site scripting
894 Please note that SWAT must be enabled in order for these
895 vulnerabilities to be exploitable. By default, SWAT
896 is *not* enabled on a Samba install.
903 o Kai Blin <kai@samba.org>
904 * BUG 8289: SWAT contains a cross-site scripting vulnerability.
905 * BUG 8290: CSRF vulnerability in SWAT.
908 ######################################################################
909 Reporting bugs & Development Discussion
910 #######################################
912 Please discuss this release on the samba-technical mailing list or by
913 joining the #samba-technical IRC channel on irc.freenode.net.
915 If you do report problems then please try to send high quality
916 feedback. If you don't provide vital information to help us track down
917 the problem then you will probably be ignored. All bug reports should
918 be filed under the Samba 3.5 product in the project's Bugzilla
919 database (https://bugzilla.samba.org/).
922 ======================================================================
923 == Our Code, Our Bugs, Our Responsibility.
925 ======================================================================
928 ----------------------------------------------------------------------
931 =============================
932 Release Notes for Samba 3.5.9
934 =============================
937 This is the latest stable release of Samba 3.5.
939 Major enhancements in Samba 3.5.9 include:
941 o Sgid bit lost on folder rename (bug #7996).
942 o ACL can get lost when files are being renamed (bug #7987).
943 o Respect "allow trusted domains = no" in Winbind (bug #6966).
944 o Samba now follows Windows behaviour as a Kerberos client,
945 requesting a CIFS/ ticket (bug #7893).
947 New Kerberos behaviour
948 ----------------------
950 A new parameter 'client use spnego principal' defaults to 'no' and
951 mean Samba will use CIFS/hostname to obtain a kerberos ticket, acting
952 more like Windows when using Kerberos against a CIFS server in
953 smbclient, winbind and other Samba client tools. This will change
954 which servers we will successfully negotiate kerberos connections to.
955 This is due to Samba no longer trusting a server-provided hint which
956 is not available from Windows 2008 or later. For correct operation
957 with all clients, all aliases for a server should be recorded as a as
958 a servicePrincipalName on the server's record in AD.
963 o Jeremy Allison <jra@samba.org>
964 * BUG 6911: Kerberos authentication from Vista to Samba fails when security
965 blob size is greater than 16 kB.
966 * BUG 7080: Quota only shown when logged as root.
967 * BUG 7528: Fix Solaris with NIS autohome.
968 * BUG 7987: ACL can get lost when files are being renamed.
969 * BUG 7996: sgid bit lost on folder rename.
970 * BUG 8040: Fix 'smbclient' segfaults when a Cyrillic netbios name or
971 workgroup is configured.
972 * BUG 8072: Fix panic in create_file_acl_common.
973 * BUG 8038: Fix is_myname_or_ipaddr() to be robust against strange DNS
975 * BUG 8083: "inherit owner = yes" doesn't interact correctly with
976 vfs_acl_xattr or vfs_acl_tdb module.
977 * BUG 8088: Fix segfault in rpccli_samr_chng_pswd_auth_crap if any input
979 * BUG 8111: CIFS VFS: Fix unexpected error on SMB posix open.
980 * BUG 8157: Fix parsing CUPS printcap files in std_pcap_cache_reload().
981 * BUG 8163: Fix our asn.1 parser to handle negative numbers.
982 * BUG 8211: "inherit owner = yes" doesn't interact correctly with "inherit
986 o Christian Ambach <ambi@samba.org>
987 * BUG 8008: Fix a segfault in the krb5 locator plugin.
988 * BUG 8012: Use getgrset() instead of initgroups() + getgroups() when
989 getgrouplist() is not defined.
990 * BUG 8031: Convert gpfs:sharemodes and gpfs:leases parameters from a
991 global setting to a per share setting.
994 o Andrew Bartlett <abartlet@samba.org>
995 * BUG 7893: Don't ever ask for machine$ principals as a target.
998 o Björn Baumbach <bb@sernet.de>
999 * BUG 8074: Fix debug message.
1002 o Dmitry Butskoy <dmitry@butskoy.name>
1003 * BUG 6966: Respect "allow trusted domains = no" in Winbind.
1006 o Marc A. Dahlhaus <mad@wol.de>
1007 * BUG 8047: Fix mdns registration if "interfaces=" is used.
1010 o Günther Deschner <gd@samba.org>
1011 * BUG 7993: Make sure we don't crash when publishing a single printer.
1012 * BUG 8085: Fix incorrect timeout handling in ncacn_ip_tcp client code.
1013 * BUG 8132: Fix filling printers location field when using CUPS.
1016 o David Disseldorp <ddiss@suse.de>
1017 * BUG 7836: Make newly added printers visible to clients.
1018 * BUG 7994: Use printcap IDL for IPC.
1021 o Björn Jacke <bj@sernet.de>
1022 * BUG 7825: Fix GNU ld version detection with old gcc releases.
1023 * BUG 8033: Add explicit configure option whether to enable dmapi
1027 o Sergey Korsak <skif@1plus1.net>
1028 * BUG 8099: setpwent() actually does endpwent() on FreeBSD.
1031 o Volker Lendecke <vl@samba.org>
1032 * BUG 8009: Fix getting username in 'net rap session'.
1033 * BUG 8011: Fix memory corruption in shadow_copy2.
1034 * BUG 8016: Fix gpfs_get_xattr.
1035 * BUG 8042: File creation on OS/X.
1036 * BUG 8054: Winbind cache stores/retrieves wrong sizes for 16-bit ints.
1037 * BUG 8066: Fix wrong output in 'smbget'.
1038 * BUG 8087: Fix wbcChangeUserPasswordEx in RESPONSE mode.
1041 o Nikolay Martynov <mar.kolya@gmail.com>
1042 * BUG 8010: Fix inode generation so nautilus can count total dir size
1046 o Jim McDonough <jmcd@samba.org>
1047 * BUG 6364: Pull realm from supplied username on libnet join.
1048 * BUG 8166: Don't lockout users when offline.
1051 o Stefan Metzmacher <metze@samba.org>
1052 * BUG 7383: Normalize IPv4 mapped IPv6 addresses in both directions.
1053 * BUG 8034: SEC_STD_DELETE is always granted to the owner of a file.
1056 o Larry Reid <lcreid@jadesystems.ca>
1057 * BUG 8055: Can't see Parts of DFS CIFS share.
1060 o Simo Sorce <idra@samba.org>
1061 * BUG 7610: winbindd_cache.tdb grows too large when scaled.
1064 o Martin Vogt <martin.vogt@itwm.fraunhofer.de>
1065 * BUG 6762: Fix ctdb on gpfs error with MS Office.
1069 ######################################################################
1070 Reporting bugs & Development Discussion
1071 #######################################
1073 Please discuss this release on the samba-technical mailing list or by
1074 joining the #samba-technical IRC channel on irc.freenode.net.
1076 If you do report problems then please try to send high quality
1077 feedback. If you don't provide vital information to help us track down
1078 the problem then you will probably be ignored. All bug reports should
1079 be filed under the Samba 3.5 product in the project's Bugzilla
1080 database (https://bugzilla.samba.org/).
1083 ======================================================================
1084 == Our Code, Our Bugs, Our Responsibility.
1086 ======================================================================
1089 ----------------------------------------------------------------------
1092 =============================
1093 Release Notes for Samba 3.5.8
1095 =============================
1098 This is the latest stable release of Samba 3.5.
1100 Major enhancements in Samba 3.5.8 include:
1102 o Fix Winbind crash bug when no DC is available (bug #7730).
1103 o Fix finding users on domain members (bug #7743).
1104 o Fix memory leaks in Winbind (bug #7879).
1105 o Fix printing with Windows 7 clients (bug #7567).
1108 Changes since 3.5.7:
1109 --------------------
1112 o Michael Adam <obnox@samba.org>
1113 * BUG 7594: Fix "log=>ndr_pull_error" in 'wbinfo -u' and 'wbinfo -g'.
1114 * BUG 7871: Fix 'net ads dns register' in cluster setups.
1115 * BUG 7894: Fix sporadic Winbind panic in rpc query_user_list.
1118 o Jeremy Allison <jra@samba.org>
1119 * BUG 7409: Raise debug level for "reduce_name: couldn't get realpath"
1121 * BUG 7716: Store unmodified copies of security descriptors in acl_xattr and
1123 * BUG 7733: Fix incorrect unix mode_t caused by invalid client DOS
1124 attributes on create.
1125 * BUG 7734: Apply appropriate create masks when creating files with "inherit
1127 * BUG 7743: Fix finding users on domain members.
1128 * BUG 7744: Fix "dfree cache time" parameter.
1129 * BUG 7777: Fix requesting lookups for BUILTIN sids.
1130 * BUG 7785: Fix atime limit.
1131 * BUG 7791: Fix copying files from a SMB share using Gnome vfs and SMB
1133 * BUG 7812: ACL inheritance cannot be disabled in vfs_acl_xattr/vfs_acl_tdb.
1134 * BUG 7835: vfs_fill_sparse() doesn't use posix_fallocate when strict
1136 * BUG 7843: Expand the local SAMs aliases.
1137 * BUG 7892: Fix stale lock in open_file_fchmod().
1138 * BUG 7950: Revalidate the pathname once re-constructed from a root fsp.
1141 o Andrew Bartlett <abartlet@samba.org>
1142 * BUG 7356: Fix 'net ads dns register' in Windows 2008 R2 domains.
1145 o Björn Baumbach <bb@sernet.de>
1146 * BUG 7875: Fix 'nmbd --port'.
1147 * BUG 7880: Make 'rpcclient deldriver' delete drivers for all architectures.
1150 o Günther Deschner <gd@samba.org>
1151 * BUG 7567: Fix printing with Windows 7 clients.
1152 * BUG 7641: Handle Windows 9x adddriver calls without config file.
1153 * BUG 7945: Let Winbind try to use samlogon validation level 6.
1156 o Holger Hetterich <hhetter@novell.com>
1157 * BUG 3185: Fix 'testparm' return code when EOF in encountered in param
1161 o Björn Jacke <bj@sernet.de>
1162 * BUG 7821: Fix build of shared libraries on Tru64.
1165 o Volker Lendecke <vl@samba.org>
1166 * BUG 7066: Fix "Your Password expires today" message for users of trusted
1168 * BUG 7262: Fix maintaining of users' groups via UsrMgr.
1169 * BUG 7656: Fix scalability problem with hundreds of printers.
1170 * BUG 7665: Fix memory leak in the netapi routines.
1171 * BUG 7730: Fix Winbind crash bug when no DC is available.
1172 * BUG 7774: Fix a getgrent crash with many groups.
1173 * BUG 7779: Fix smbd crash caused by expand_msdfs.
1174 * BUG 7800: Make Winbind recover from a signing error.
1175 * BUG 7817: Fix "force group" with ntlmssp guest session setup.
1176 * BUG 7841: Make WINBINDD_LOOKUPRIDS asking the right domain.
1177 * BUG 7842: Make WINBINDD_LOOKUPRIDS returning the domain name.
1178 * BUG 7855: ntlm_auth: Support clients which offer a spnego mechs we don't
1180 * BUG 7879: Fix memory leaks in Winbind.
1181 * BUG 7881: Fix flaky Winbind against Windows 2008.
1182 * BUG 7917: Fix connections from WinCE.
1183 * BUG 7940: Fix opening MS Powerpoint files.
1186 o Stefan Metzmacher <metze@samba.org>
1187 * BUG 7567: Fix printing with Windows 7 clients.
1188 * BUG 7855: ntlm_auth: Support clients which offer a spnego mechs we don't
1190 * BUG 7883: Fix SMB session setups with Kerberos against some closed source
1192 * BUG 7896: Don't set SAMR_FIELD_FULL_NAME if we just want to set the
1194 * BUG 7899: Don't return "-1" on success in 'net rpc vampire keytab'.
1195 * BUG 7942: Fix endless loops caused by inotify.
1196 * BUG 7944: Catch lookup_names/sids schannel errors over ncacn_ip_tcp.
1199 o Jonathan Nieder <jrnieder@gmail.com>
1200 * BUG 6837: Make "rlimit_max below minimum Windows limit" notification less
1204 o olivier <olivier@virtscano.fakenet>
1205 * BUG 7789: vfs_scannedonly: Switch from mtime to ctime which is more reliable.
1208 o Rusty Russell <rusty@rustcorp.com.au>
1209 * BUG 7498: Fix updating the time on close in vfs_gpfs.
1212 ######################################################################
1213 Reporting bugs & Development Discussion
1214 #######################################
1216 Please discuss this release on the samba-technical mailing list or by
1217 joining the #samba-technical IRC channel on irc.freenode.net.
1219 If you do report problems then please try to send high quality
1220 feedback. If you don't provide vital information to help us track down
1221 the problem then you will probably be ignored. All bug reports should
1222 be filed under the Samba 3.5 product in the project's Bugzilla
1223 database (https://bugzilla.samba.org/).
1226 ======================================================================
1227 == Our Code, Our Bugs, Our Responsibility.
1229 ======================================================================
1232 ----------------------------------------------------------------------
1235 =============================
1236 Release Notes for Samba 3.5.7
1238 =============================
1241 This is a security release in order to address CVE-2011-0719.
1245 All current released versions of Samba are vulnerable to
1246 a denial of service caused by memory corruption. Range
1247 checks on file descriptors being used in the FD_SET macro
1248 were not present allowing stack corruption. This can cause
1249 the Samba code to crash or to loop attempting to select
1250 on a bad file descriptor set.
1253 Changes since 3.5.6:
1254 --------------------
1257 o Jeremy Allison <jra@samba.org>
1258 * BUG 7949: Fix DoS in Winbind and smbd with many file descriptors open.
1261 ######################################################################
1262 Reporting bugs & Development Discussion
1263 #######################################
1265 Please discuss this release on the samba-technical mailing list or by
1266 joining the #samba-technical IRC channel on irc.freenode.net.
1268 If you do report problems then please try to send high quality
1269 feedback. If you don't provide vital information to help us track down
1270 the problem then you will probably be ignored. All bug reports should
1271 be filed under the Samba 3.5 product in the project's Bugzilla
1272 database (https://bugzilla.samba.org/).
1275 ======================================================================
1276 == Our Code, Our Bugs, Our Responsibility.
1278 ======================================================================
1281 ----------------------------------------------------------------------
1284 =============================
1285 Release Notes for Samba 3.5.6
1287 =============================
1290 This is the latest stable release of Samba 3.5.
1292 Major enhancements in Samba 3.5.6 include:
1294 o Fix smbd panic on invalid NetBIOS session request (bug #7698).
1295 o Fix smbd crash caused by "%D" in "printer admin" (bug #7541).
1296 o Fix crash bug with invalid SPNEGO token (bug #7694).
1297 o Fix Winbind internal error (bug #7636).
1304 o Jeremy Allison <jra@samba.org>
1305 * BUG 7577: Fix SPNEGO auth when contacting Win7 system using Microsoft Live
1307 * BUG 7578: Fix 'net idmap restore' setting HWM to avoid duplicates.
1308 * BUG 7581: Fix "admin users" when using vfs_acl_xattr.
1309 * BUG 7583: Fix smbclient to connect to Alfresco JLAN CIFS server using
1311 * BUG 7589: Fix using cached credentials in ntlm_auth.
1312 * BUG 7590: Fix Winbind offline login.
1313 * BUG 7617: Fix smbd coredump due to uninitialized variables in the
1314 performance counter code.
1315 * BUG 7636: Fix Winbind internal error.
1316 * BUG 7651: Fix mknod and mkfifo failing with "No such file or
1318 * BUG 7693: Fix smbd changing mode of files on rename.
1319 * BUG 7694: Fix crash bug with invalid SPNEGO token.
1320 * BUG 7698: Fix smbd panic on invalid NetBIOS session request.
1323 o Günther Deschner <gd@samba.org>
1324 * BUG 7541: Fix smbd crash caused by "%D" in "printer admin".
1325 * BUG 7568: Make sure cm_connect_lsa_tcp does not reset the secure channel.
1326 * BUG 7658: Fix "dereferencing type-punned pointer will break
1327 strict-aliasing rules" warnings).
1328 * BUG 7665: Fix memory leak in netapi connection manager.
1331 o Björn Jacke <bj@sernet.de>
1332 * BUG 7244: Fall back to cups-config for underlinked libs.
1333 * BUG 7474: Fix build on platforms without st_blocks and st_blksize stat
1337 o Volker Lendecke <vl@samba.org>
1338 * BUG 7336: Enable idmap_passdb module build as shared.
1339 * BUG 7531: Fix the charset_pull routine.
1340 * BUG 7635: Fix 'smbclient -M'.
1341 * BUG 7656: Fix scalability problem with hundreds of printers.
1342 * BUG 7684: Fix fd leak in libwbclient.so.
1343 * BUG 7688: Fix crash bug in rpcclient.
1344 * BUG 7470: Standardize S_IREAD and S_IWRITE.
1345 * BUG 7715: Fix file corruption when setting Samba "write wache wize".
1348 o Jim McDonough <jmcd@samba.org>
1349 * BUG 7280: Fix auto printers with registry config.
1352 o Andreas Schneider <asn@samba.org>
1353 * BUG 7538: Fix GUID_from_data_blob() with length of 32.
1356 o Chere Zhou <chere.zhou@isilon.com>
1357 * BUG 7662: Align change notify replies on 4-byte boundary.
1360 ######################################################################
1361 Reporting bugs & Development Discussion
1362 #######################################
1364 Please discuss this release on the samba-technical mailing list or by
1365 joining the #samba-technical IRC channel on irc.freenode.net.
1367 If you do report problems then please try to send high quality
1368 feedback. If you don't provide vital information to help us track down
1369 the problem then you will probably be ignored. All bug reports should
1370 be filed under the Samba 3.5 product in the project's Bugzilla
1371 database (https://bugzilla.samba.org/).
1374 ======================================================================
1375 == Our Code, Our Bugs, Our Responsibility.
1377 ======================================================================
1380 ----------------------------------------------------------------------
1383 =============================
1384 Release Notes for Samba 3.5.5
1386 =============================
1389 This is a security release in order to address CVE-2010-3069.
1393 All current released versions of Samba are vulnerable to
1394 a buffer overrun vulnerability. The sid_parse() function
1395 (and related dom_sid_parse() function in the source4 code)
1396 do not correctly check their input lengths when reading a
1397 binary representation of a Windows SID (Security ID). This
1398 allows a malicious client to send a sid that can overflow
1399 the stack variable that is being used to store the SID in the
1404 --------------------
1407 o Jeremy Allison <jra@samba.org>
1408 * BUG 7669: Fix for CVE-2010-3069.
1411 o Andrew Bartlett <abartlet@samba.org>
1412 * BUG 7669: Fix for CVE-2010-3069.
1415 ######################################################################
1416 Reporting bugs & Development Discussion
1417 #######################################
1419 Please discuss this release on the samba-technical mailing list or by
1420 joining the #samba-technical IRC channel on irc.freenode.net.
1422 If you do report problems then please try to send high quality
1423 feedback. If you don't provide vital information to help us track down
1424 the problem then you will probably be ignored. All bug reports should
1425 be filed under the Samba 3.5 product in the project's Bugzilla
1426 database (https://bugzilla.samba.org/).
1429 ======================================================================
1430 == Our Code, Our Bugs, Our Responsibility.
1432 ======================================================================
1435 ----------------------------------------------------------------------
1438 =============================
1439 Release Notes for Samba 3.5.4
1441 =============================
1444 This is the latest stable release of Samba 3.5.
1446 Major enhancements in Samba 3.5.4 include:
1448 o Fix smbd crash when sambaLMPassword and sambaNTPassword entries missing
1449 from ldap (bug #7448).
1450 o Fix init_sam_from_ldap storing group in sid2uid cache (bug #7507).
1457 o Michael Adam <obnox@samba.org>
1458 * BUG 7507: Fix init_sam_from_ldap storing group in sid2uid cache.
1461 o Jeremy Allison <jra@samba.org>
1462 * BUG 7188: Make ea data checks identical for trans2open and trans2mkdir.
1463 * BUG 7410: Samba sends "raw" inode number as uniqueid with unix extensions.
1464 * BUG 7449: Fix spnego returning incorrect mechListMIC string.
1467 o Günther Deschner <gd@samba.org>
1468 * BUG 7341: Fix Winbind over IPv6.
1469 * BUG 7459: Fix some crash bugs and missing error codes in AddDriver paths.
1470 * BUG 7479: Fix crash bug in _samr_QueryUserInfo{2} level 18.
1471 * BUG 7517: Fix session setup from linux kernel cifs clients with
1475 o Olaf Flebbe <o.flebbe@science-computing.de>
1476 * BUG 7209: Fix build on RHEL5.
1479 o Björn Jacke <bj@sernet.de>
1480 * BUG 7427: Using IBM xl_C compiler produces wrong results in configure.
1481 * BUG 7503: Fix calculation of st_blocks in vfs_streams_xattr.
1482 * BUG 7504: Fix numerous build issues.
1485 o Volker Lendecke <vl@samba.org>
1486 * BUG 7253: Fix Samba login cache problem on Sparc Architecture.
1487 * BUG 7262: Fix editing users' groups via UsrMgr.
1490 o Buchan Milne <bgmilne@mandriva.org>
1491 * BUG 7500: Fix 'not a string literal' warning in netdomjoin-gui.
1494 o Matthieu Patou <mat@matws.net>
1495 * BUG 7099: Allow previous password to be stored and use it to check
1499 o Andreas Schneider <asn@samba.org>
1500 * BUG 7423: Fix printing large formats.
1503 o Roel van Meer <rolek@bokxing.nl>
1504 * BUG 7448: Fix smbd crash when sambaLMPassword and sambaNTPassword entries
1508 ######################################################################
1509 Reporting bugs & Development Discussion
1510 #######################################
1512 Please discuss this release on the samba-technical mailing list or by
1513 joining the #samba-technical IRC channel on irc.freenode.net.
1515 If you do report problems then please try to send high quality
1516 feedback. If you don't provide vital information to help us track down
1517 the problem then you will probably be ignored. All bug reports should
1518 be filed under the Samba 3.5 product in the project's Bugzilla
1519 database (https://bugzilla.samba.org/).
1522 ======================================================================
1523 == Our Code, Our Bugs, Our Responsibility.
1525 ======================================================================
1528 ----------------------------------------------------------------------
1531 =============================
1532 Release Notes for Samba 3.5.3
1534 =============================
1537 This is the latest stable release of Samba 3.5.
1539 Major enhancements in Samba 3.5.3 include:
1541 o Fix MS-DFS functionality (bug #7339).
1542 o Fix a Winbind crash when scanning trusts (bug #7389).
1543 o Fix problems with SIGCHLD handling in Winbind (bug #7317).
1550 o Jeremy Allison <jra@samba.org>
1551 * BUG 7288: Fix SMB job IDs in CUPS job names.
1552 * BUG 7339: Fix MS-DFS functionality.
1555 o Andrew Bartlett <abartlet@samba.org>
1556 * BUG 7354: Fix CLDAP tsocket problem on Solaris.
1559 o Ira Cooper <samba@ira.wakeful.net>
1560 * BUG 7384: Fix bitmap leak in dptr_Close.
1563 o Günther Deschner <gd@samba.org>
1564 * BUG 7277: Fix exporting printers via 'cupsaddsmb' command.
1565 * BUG 7417: Fix setting of passwords via 'net rpc user password' command.
1566 * BUG 7418: Fix 'net rpc printer list' command.
1569 o Olaf Flebbe <o.flebbe@science-computing.de>
1570 * BUG 7421: Rename mod_name to module_name.
1573 o Björn Jacke <bj@sernet.de>
1574 * BUG 7352: Make TIME_T_MAX defines consistent.
1575 * BUG 7385: Fix building with Solaris' gcc.
1578 o Jeff Layton <jlayton@redhat.com>
1579 * BUG 7315: Fix segfault in mount.cifs.
1582 o Volker Lendecke <vl@samba.org>
1583 * BUG 7357: Re-fix a bug with smbd serving a windows terminal server.
1584 * BUG 7389: Fix a Winbind crash when scanning trusts.
1585 * BUG 7398: Fix rename problems with full_audit VFS module.
1588 o Jim McDonough <jmcd@samba.org>
1589 * BUG 7378: Display an error on 'net conf import' failures.
1592 o Stefan Metzmacher <metze@samba.org>
1593 * BUG 7196: Add replacement for IPV6_V6ONLY on linux systems with broken
1595 * BUG 7317: Fix problems with SIGCHLD handling in Winbind.
1596 * BUG 7354: Fix CLDAP tsocket problem on Solaris.
1599 o Luca Olivetti <luca@wetron.es>
1600 * BUG 7263: Fix cups encryption setting.
1603 ######################################################################
1604 Reporting bugs & Development Discussion
1605 #######################################
1607 Please discuss this release on the samba-technical mailing list or by
1608 joining the #samba-technical IRC channel on irc.freenode.net.
1610 If you do report problems then please try to send high quality
1611 feedback. If you don't provide vital information to help us track down
1612 the problem then you will probably be ignored. All bug reports should
1613 be filed under the Samba 3.5 product in the project's Bugzilla
1614 database (https://bugzilla.samba.org/).
1617 ======================================================================
1618 == Our Code, Our Bugs, Our Responsibility.
1620 ======================================================================
1623 ----------------------------------------------------------------------
1626 =============================
1627 Release Notes for Samba 3.5.2
1629 =============================
1632 This is the latest stable release of Samba 3.5.
1634 Major enhancements in Samba 3.5.2 include:
1636 o Fix smbd segfaults in _netr_SamLogon for clients sending null domain
1638 o Fix smbd segfaults in "waiting for connections" message (bug #7251).
1639 o Fix an uninitialized variable read in smbd (bug #7254).
1640 o Fix a memleak in Winbind (bug #7278).
1641 o Fix Winbind reconnection to it's own domain (bug #7295).
1648 o Michael Adam <obnox@samba.org>
1649 * BUG 7231: Fix automatic building of vfs_tsmsm if gpfs and dmapi are
1651 * BUG 7232: Fix race conditions in CTDB persistent transactions.
1652 * BUG 7313: Make 'net conf addshare' atomic.
1653 * BUG 7314: Eliminate race condition in creating/scanning sorted subkeys in
1654 the registry backend.
1657 o Jeremy Allison <jra@samba.org>
1658 * BUG 7075: Fix bug in vfs_scannedonly rmdir implementation.
1659 * BUG 7159: Fix handling of bad server data returns in client rpc_transport.
1660 * BUG 7234: Symlink delete fails but incorrectly reports success to client.
1661 * BUG 7255: Fix "printer admin" functionality.
1662 * BUG 7283: Fix smbd segfault if using vfs_acl_tdb.
1663 * BUG 7297: Fix smbd crashes with CUPS printers and no [printers] share defined.
1664 * BUG 7310: Fix DOS attribute inconsistency with MS Office.
1667 o Kai Blin <kai@samba.org>
1668 * BUG 7290: Fix core dump in 'ntlm_auth' with "gss-spnego" helper.
1671 o Günther Deschner <gd@samba.org>
1672 * BUG 6727: Fix several printing issues.
1673 * BUG 7237: Fix smbd segfaults in _netr_SamLogon for clients sending
1675 * BUG 7256: Fix value-needed calculation in_spoolss_EnumPrinterData().
1676 * BUG 7258: Fix _winreg_QueryValue crash bugs and implement Windows
1680 o Holger Hetterich <hhetter@novell.com>
1681 * BUG 7203: Fix 'net share' command.
1684 o Michael Karcher <samba@mkarcher.dialup.fu-berlin.de>
1685 * BUG 7269: Fix job management commands for CUPS queues.
1688 o Jeff Layton <jlayton@redhat.com>
1689 * BUG 6853: Fix race condition in mount.cifs that allows user to replace
1690 mountpoint with a symlink.
1693 o Volker Lendecke <vl@samba.org>
1694 * BUG 5198: Fix parsing of the gecos field.
1695 * BUG 7202: Fix access by multi-threaded applications.
1696 * BUG 7212: Fix returning of group members with 'getent group'.
1697 * BUG 7216: Fix the build of net_afs.c with --fake-kaserver=yes.
1698 * BUG 7229: Fix a NULL pointer dereference in smbd.
1699 * BUG 7232: Fix race conditions in CTDB persistent transactions.
1700 * BUG 7254: Fix an uninitialized variable read in smbd.
1701 * BUG 7278: Fix a memleak in Winbind.
1704 o Roel van Meer <rolek@alt001.com>
1705 * BUG 6814: Fix valgrind warning.
1708 o Stefan Metzmacher <metze@samba.org>
1709 * BUG 7170: Never mark external domains as internal in Winbind.
1710 * BUG 7225: Make Winbind logs more verbose for troubleshooting.
1711 * BUG 7251: Fix smbd segfault in "waiting for connections" message.
1712 * BUG 7295: Fix Winbind reconnection to it's own domain.
1713 * BUG 7316: Winbind possibly segfaults when trying a trusted domain without
1717 o SATOH Fumiyasu <fumiyas@osstech.co.jp>
1718 * BUG 1206: Fix segfault if hide files or veto files has no ".AppleDouble".
1721 o Simo Sorce <idra@samba.org>
1722 * BUG 7204: Fix DN parsing name was always null.
1725 o Andrew Tridgell <tridge@samba.org>
1726 * BUG 7312: Many disconnecting clients render clustered Samba unusuable
1730 o Bo Yang <boyang@samba.org>
1731 * BUG 7206: Signals are processed twice in child.
1735 ######################################################################
1736 Reporting bugs & Development Discussion
1737 #######################################
1739 Please discuss this release on the samba-technical mailing list or by
1740 joining the #samba-technical IRC channel on irc.freenode.net.
1742 If you do report problems then please try to send high quality
1743 feedback. If you don't provide vital information to help us track down
1744 the problem then you will probably be ignored. All bug reports should
1745 be filed under the Samba 3.5 product in the project's Bugzilla
1746 database (https://bugzilla.samba.org/).
1749 ======================================================================
1750 == Our Code, Our Bugs, Our Responsibility.
1752 ======================================================================
1754 ----------------------------------------------------------------------
1756 =============================
1757 Release Notes for Samba 3.5.1
1759 =============================
1762 This is a security release in order to address CVE-2010-0728.
1766 In Samba releases 3.5.0, 3.4.6 and 3.3.11, new code
1767 was added to fix a problem with Linux asynchronous IO handling.
1768 This code introduced a bad security flaw on Linux platforms if the
1769 binaries were built on Linux platforms with libcap support.
1770 The flaw caused all smbd processes to inherit CAP_DAC_OVERRIDE
1771 capabilities, allowing all file system access to be allowed
1772 even when permissions should have denied access.
1779 o Jeremy Allison <jra@samba.org>
1780 * BUG 7222: Fix for CVE-2010-0728.
1783 ######################################################################
1784 Reporting bugs & Development Discussion
1785 #######################################
1787 Please discuss this release on the samba-technical mailing list or by
1788 joining the #samba-technical IRC channel on irc.freenode.net.
1790 If you do report problems then please try to send high quality
1791 feedback. If you don't provide vital information to help us track down
1792 the problem then you will probably be ignored. All bug reports should
1793 be filed under the Samba 3.5 product in the project's Bugzilla
1794 database (https://bugzilla.samba.org/).
1797 ======================================================================
1798 == Our Code, Our Bugs, Our Responsibility.
1800 ======================================================================
1803 ----------------------------------------------------------------------
1806 =============================
1807 Release Notes for Samba 3.5.0
1809 ===============================
1812 This is the first stable release of Samba 3.5.
1815 Major enhancements in Samba 3.5.0 include:
1818 o Add support for full Windows timestamp resolution
1819 o The Using Samba HTML book has been removed.
1820 o 'net', 'smbclient' and libsmbclient can use credentials cached by Winbind.
1821 o The default value of "wide links" has been changed to "no".
1824 o Experimental implementation of SMB2
1827 o Add encryption support for connections to a CUPS server
1834 o New vfs_scannedonly module has been added.
1840 Support for full Windows timestamp resolution has been added. This effectively
1841 makes us use Windows' full 100ns timestamp resolution if supported by the
1842 kernel (2.6.22 and higher) and the glibc (2.6 and higher).
1844 The Using Samba HTML book has been removed from the Samba tarball.
1845 It is still available at http://www.samba.org/samba/docs/using_samba/toc.html.
1847 Samba client tools like 'net', 'smbclient' and libsmbclient can use the user
1848 credentials cached by Winbind at logon time. This is very useful e.g. when
1849 connecting to a Samba server using Nautilus without re-entering username and
1850 password. This feature is enabled by default and can be disabled per application
1851 by setting the LIBSMBCLIENT_NO_CCACHE environment variable.
1853 The default value of "wide links" has been changed to "no" to avoid an insecure
1854 default configuration ("wide links = yes" and "unix extensions = yes"). For
1855 more details, please see http://www.samba.org/samba/news/symlink_attack.html.
1861 An EXPERIMENTAL implementation of the SMB2 protocol has been added. SMB2 can be
1862 enabled by setting "max protocol = smb2". SMB2 is a new implementation of the
1863 SMB protocol used by Windows Vista and higher.
1868 A new parameter "cups encrypt" has been added to control whether connections to
1869 CUPS servers will be encrypted or not. The default is to use unencrypted
1875 The Winbind daemon has been refactored internally to be asynchronous. The new
1876 Winbind will not be blocked by running 'getent group' or 'getent passwd'.
1881 A new VFS module "scannedonly" has been added. This is a filter that
1882 talks to an antivirus-engine and stores whether a file is clean or not.
1883 Users do only see clean files on their filesystem.
1886 ######################################################################
1893 Parameter Name Description Default
1894 -------------- ----------- -------
1896 create krb5 conf New yes
1899 debug hires timestamp Changed Default yes
1901 ldap follow referral New auto
1902 nmbd bind explicit broadcast New no
1903 wide links Changed Default no
1906 New configure options
1907 ---------------------
1909 --enable-external-libtdb Enable external tdb
1910 --enable-netapi Turn on netapi support
1911 --enable-pthreadpool Enable pthreads pool helper support
1912 --with-cifsumount Include umount.cifs (Linux only) support
1913 --with-codepagedir=DIR Where to put codepages
1919 o Björn Jacke <bj@sernet.de>
1920 * Add support for full Windows timestamp resolution.
1921 * Add encryption support for connections to a CUPS server.
1924 o Volker Lendecke <vl@samba.org>
1925 * Major internal refactoring of the Winbind daemon.
1926 * Make Winbind asynchronous.
1927 * Make 'net', 'smbclient' and libsmbclient use the logon credentials cached
1931 o Stefan Metzmacher <metze@samba.org>
1932 * Implement the new SMB2 protocol (experimental).
1935 Changes since 3.5.0rc3
1936 ----------------------
1939 o Günther Deschner <gd@samba.org>
1940 * BUG 7181: Fix 'net ads dns' usage calls.
1941 * BUG 7182: Fix uninitialized variable in wkssvc_enumerateusers.
1944 o Volker Lendecke <vl@samba.org>
1945 * BUG 7145: Fix duplicate sam and unix accounts.
1946 * BUG 7166: Avoid calling cli_alloc_mid twice in cli_smb_req_iov_send.
1949 o Stefan Metzmacher <metze@samba.org>
1950 * BUG 7160: Keep the the correct negotiate_flags on the cli->dc structure.
1953 Changes since 3.5.0rc2
1954 ----------------------
1957 o Jeremy Allison <jra@samba.org>
1958 * BUG 6557: Fix vfs_full_audit.
1959 * BUG 6876: Fix duplicate initializer in the rmdir module.
1960 * BUG 7063: Fix core dump on Ubuntu 8.04 64 bit.
1961 * BUG 7067: Fix failing of smbd to respond to a read or a write caused by
1962 Linux asynchronous IO (aio).
1963 * BUG 7069: Fix 'smbget' error status.
1964 * BUG 7072: Fix unlocking of accounts from ldap.
1965 * BUG 7079 Cliconnect gets realm wrong with trusted domains.
1966 * BUG 7081: Fix vfs_expand_msdfs.
1967 * BUG 7084: Fix storing of create time on directories in an EA in new
1969 * BUG 7104: "wide links" and "unix extensions" are incompatible.
1970 * BUG 7118: Fix nmbd problems with socket address.
1971 * BUG 7122: Fix reading of large browselist.
1972 * BUG 7154: "mangling method = hash" can crash storing a name containing a '.'.
1973 * BUG 7155: Valgrind Conditional jump or move depends on uninitialised
1974 value(s) error when "mangling method = hash"..
1977 o Steven Danneman <steven.danneman@isilon.com>
1978 * BUG 7096: Fix string buffer overflow causing heap corruption in smbd.
1981 o Günther Deschner <gd@samba.org>
1982 * BUG 6888: Fix printing with 64 bit clients.
1983 * BUG 7130: Fix listing of printjobs in Windows 7.
1984 * BUG 7148: Fix get_acl_blob in the acl_tdb VFS module.
1987 o Björn Jacke <bj@sernet.de>
1988 * BUG 7103: Fix build issue on Tru64.
1989 * BUG 7116: Change ldap filter to what really was intended.
1990 * Fix some wrong newlines in de translation strings.
1993 o Jeff Layton <jlayton@redhat.com>
1994 * BUG 6868: Fix crash bug in 'cifs.upcall'.
1997 o Volker Lendecke <vl@samba.org>
1998 * BUG 7085: Fix an early release of the global lock that can cause data
1999 corruption in libtdb.
2000 * BUG 7139: Owner of file not available with Kerberos.
2003 o Stefan Metzmacher <metze@samba.org>
2004 * BUG 6888: Fix printing with 64 bit clients.
2005 * BUG 7098: Fix results of 'smbclient -L' with a large browse list.
2006 * BUG 7116: Add pdb_ldap performance fixes.
2007 * BUG 7118: Add new "nmbd bind explicit broadcast" parameter.
2008 * BUG 7119: Support large browselist.
2009 * BUG 7140: Fix IPv4/IPv6 problems.
2012 o Lars Müller <lars@samba.org>
2013 * BUG 7071: Fix build of 'smbfilter'.
2014 * BUG 7047: Add cross option to samba_cv_linux_getgrouplist_ok.
2015 * BUG 7102: Normalize "Changing password for" msg IDs and STRs.
2018 o Olivier Sessink <olivier@virtscano.fakenet>
2019 * BUG 7076: Fix build of vfs_scannedonly on AIX.
2022 o Bo Yang <boyang@samba.org>
2023 * BUG 7106: Fix malformed require_membership_of_sid.
2027 Changes since 3.5.0rc1
2028 ----------------------
2031 o Michael Adam <obnox@samba.org>
2032 * BUG 4347: Check password history before increasing "badPasswordCount".
2035 o Jeremy Allison <jra@samba.org>
2036 * BUG 5202: Fix changing of ACLs on writable file with "dos filemode=yes".
2037 * BUG 6876: Fix deletion of an object whose parent folder does not have delete
2038 rights fails even if the delete right is set on the object in
2039 vfs_acl_xattr and vfs_acl_tdb.
2040 * BUG 7033: Fix SMBrmdir error message when deleting a directory fails.
2041 * BUG 7036: Fix 'net rpc getsid' in hardened Windows environments.
2042 * BUG 7045: Fix bad (non memory copying) interfaces in smbc_setXXXX calls.
2045 o Giovanni Bajo <rasky@develer.com>
2046 * BUG 7029: Disable sanity check in NetShareEnum for better compatibility
2050 o Kai Blin <kai@samba.org>
2051 * BUG 7039: Fix compile error with WITH_DNS_UPDATE. Update .po files.
2054 o Günther Deschner <gd@samba.org>
2055 * BUG 7043: Fix crash bug in libsmbclient.
2058 o André Hentschel <nerv@dawncrow.de>
2059 * BUG 7039: Complete German translation of 'net'.
2062 o Björn Jacke <bj@sernet.de>
2063 * BUG 7039: Improve some German translations in 'net'.
2066 o William Jojo <w.jojo@hvcc.edu>
2067 * BUG 7052: Fix DFS on AIX.
2070 o Volker Lendecke <vl@samba.org>
2071 * BUG 6981: Fix large paged search with DirX LDAP servers.
2072 * BUG 7027: Fix a segfault in winbindd_dual_ccache_ntlm_auth().
2073 * BUG 7037: Fix a Winbind segfault in "trusted_domains".
2074 * BUG 7046: Fix libsmbclient crash against OpenSolaris CIFS server.
2075 * BUG 7062: Make 'net', 'smbclient' and libsmbclient use the logon
2076 credentials cached by Winbind.
2077 * Lock down some srvsvc calls according to what w2k3 seems to do.
2080 o Stefan Metzmacher <metze@samba.org>
2081 * BUG 6157: Restore Samba 3.0.x behavior and use the first "uid" value in
2085 o SASAJIMA Toshihiro <sasajima_t@jp.fujitsu.com>
2086 * BUG 7034: Fix segfault in vfs_cap.
2089 o Olivier Sessink <oliviersessink@gmail.com>
2090 * BUG 7028: Add new scannedonly VFS module.
2093 Changes since 3.5.0pre2
2094 -----------------------
2096 o Jeremy Allison <jra@samba.org>
2097 * BUG 6837: Fix "Too many open files" when trying to access large number of
2098 files with Windows 7.
2099 * BUG 6939: Fix long filenames when "mangling method" is set to "hash".
2100 * BUG 7020: Fix smbd using 2G memory.
2101 * Ensure dos_mode can return FILE_ATTRIBUTE_NORMAL, then filter the returned
2102 attributes by protocol level.
2103 * Vector correctly through reply_openerror() (which uses the same logic).
2104 * Fix bugs with the full Windows ACL support.
2107 o Kai Blin <kai@samba.org>
2108 * Add a few missing gettext calls to the 'net' command.
2109 * Fix up a share type translation and translate some more strings in 'net'.
2112 o Günther Deschner <gd@samba.org>
2113 * Allow to call "pdbedit -N description -u user" without specifiyng "-r".
2114 * Add spoolss_DriverInfo7.
2115 * Fix rpcclient after setprinter IDL fixes.
2116 * Use generated krb5.conf in 'net ads testjoin'.
2119 o Jonas Gorski <jonas.gorski+samba@gmail.com>
2120 * BUG 6992: make test for getgrouplist cacheable.
2123 o André Hentschel <nerv@dawncrow.de>
2124 * Add some German translations for the 'net' command.
2127 o Suresh Jayaraman <sjayaraman@suse.de>
2128 * Update mount.cifs man page with nounix option.
2131 o Volker Lendecke <vl@samba.org>
2132 * Fix _samr_GetAliasMembership for results with 0 rids.
2133 * Fix an error case in cli_negprot.
2134 * Add a lower-cost alternative to wbinfo -t: wbinfo --ping-dc.
2135 * Restore correct timeouts for SMB requests.
2136 * Fix a 64-bit error in libsmb.
2137 * Replace IS_DOMAIN_OFFLINE by a function in Winbind.
2138 * Simplify/cleanup Winbind code.
2141 o Kamen Mazdrashki <kamen.mazdrashki@postpath.com>
2142 * Fix write behind memory block in libtalloc.
2143 * Fix result check for getaddrinfo().
2146 o Jim McDonough <jmcd@samba.org>
2147 * BUG 7014: Fix Winbind crash when retrieving empty group members.
2150 o Brian Lu <brian.lu@sun.com>
2151 * BUG 6991: Create symbol links to shared libraries.
2154 o Stefan Metzmacher <metze@samba.org>
2155 * Add tsocket_address_bsd_sockaddr() and tsocket_address_bsd_from_sockaddr()
2157 * Always set tdb->tracefd to -1 to be safe on goto fail in libtdb.
2158 * Add TDB_DISALLOW_NESTING and make TDB_ALLOW_NESTING the default behavior.
2159 * Fix standalone 'make installdocs'.
2162 o Peter Rosin <peda@lysator.liu.se>
2163 * Output %p as unsigned in snprintf replacement.
2166 o Ronnie Sahlberg <ronniesahlberg@gmail.com>
2167 * New attempt at TDB transaction nesting allow/disallow.
2170 o Kirill Smelkov <kirr@mns.spb.ru>
2171 * Remove swig stuff from libtdb.
2172 * Reset tdb->fd to -1 in tdb_close() in libtdb.
2175 o Simo Sorce <idra@samba.org>
2176 * Change the way mksysms work in libtalloc.
2179 o Jelmer Vernooij <jelmer@samba.org>
2180 * Also build and install tdb manpages from standalone tdb.
2183 o Bo Yang <boyang@samba.org>
2184 * Fix infinite loop in NCACN_IP_TCP as there is no timeout.
2185 * Make winbindd_cache.c aware of domain offline to avoid unnecessary backend
2187 * List trusted domains from wcache when domain is offline.
2190 Changes since 3.5.0pre1
2191 -----------------------
2193 o Michael Adam <obnox@samba.org>
2194 * Fix the build when no external talloc and tdb are installed.
2195 * Fix detection of CTDB headers on systems without system-libtalloc.
2198 o Jeremy Allison <jra@samba.org>
2199 * BUG 6802: A created folder does not properly inherit permissions from
2200 parent in vfs_acl_xattr.
2201 * BUG 6837: "Too many open files" when trying to access large number of
2202 files from Windows 7.
2203 * BUG 6938 : No hook exists to check creation rights when using acl_xattr
2205 * Fix vfs_acl_xattr which was failing to call the NEXT connect function.
2206 * Restructure the ACL code.
2207 * Refactor reply_rmdir to use handle based code.
2210 o Dan Cox <dan@wep.net>
2211 * BUG 2350: Add LDAP Alias Dereferencing support.
2214 o Günther Deschner <gd@samba.org>
2215 * BUG 6929: Fix build with recent heimdal.
2216 * Fix several printing issues.
2217 * Fix the build on Mac OS X 10.6.2.
2218 * Fix net and rpcclient after setprinterdataex changes.
2219 * Add full support for level 8 printer drivers.
2220 * Add more spoolss architectures to IDL.
2221 * Fix enumprinter key client and server.
2222 * Fix crash in EnumPrinterDataEx.
2225 o Björn Jacke <bj@sernet.de>
2226 * Prefer posix_fallocate for doing "strict allocate".
2229 o Matt Kraai <mkraai@beckman.com>
2230 * BUG 6860: Fix shared library build on QNX.
2233 o Volker Lendecke <vl@samba.org>
2234 * BUG 6288: SWAT adds a second share when changing parameters of an existing
2236 * BUG 6435: Fix minor memory corruption.
2237 * Restore "fake directory create times" as a share parameter.
2238 * Fix explicit stat64 support.
2239 * Add support for NetWkstaGetInfo 101 and 102.
2240 * Add rpcclient wkssvc_enumerateusers.
2241 * De-deprecate "write cache size" to prevent its removal without a proper
2243 * Allow more than 1000 users in BUILTIN\Users.
2246 o Jim McDonough <jmcd@samba.org>
2247 * BUG 6967: Prevent glibc error on 'net ads join'.
2250 o Lars Müller <lars@samba.org>
2251 * BUG 6710: Only install the cifs.upcall man page if CIFSUPCALL_PROGS was
2252 set while configure.
2255 o Ian Puleston <ipuleston@sonicwall.com>
2256 * Complete support for NetWkstaGetInfo/NetWkstaEnumUsers.
2259 o Karolin Seeger <kseeger@samba.org>
2260 * Fix the build of the example VFS modules.
2263 o Bo Yang <boyang@samba.org>
2264 * BUG 6879: Fix crash in Winbind.
2265 * Fix crash in free_file_list().
2266 * Give the user a chance to change password when password will expire soon.
2269 ######################################################################
2270 Reporting bugs & Development Discussion
2271 #######################################
2273 Please discuss this release on the samba-technical mailing list or by
2274 joining the #samba-technical IRC channel on irc.freenode.net.
2276 If you do report problems then please try to send high quality
2277 feedback. If you don't provide vital information to help us track down
2278 the problem then you will probably be ignored. All bug reports should
2279 be filed under the Samba 3.5 product in the project's Bugzilla
2280 database (https://bugzilla.samba.org/).
2283 ======================================================================
2284 == Our Code, Our Bugs, Our Responsibility.
2286 ======================================================================