+ =============================
+ Release Notes for Samba 4.0.4
+ March 19, 2013
+ =============================
+
+
+This is a security release in order to address CVE-2013-1863
+(World-writeable files may be created in additional shares on a
+Samba 4.0 AD DC).
+
+o CVE-2013-1863:
+ Administrators of the Samba 4.0 Active Directory Domain
+ Controller might unexpectedly find files created world-writeable
+ if additional CIFS file shares are created on the AD DC.
+ Samba versions 4.0.0rc6 - 4.0.3 (inclusive) are affected by this
+ defect.
+
+
+Changes since 4.0.3:
+--------------------
+
+o Andrew Bartlett <abartlet@samba.org>
+ * BUG 9709: CVE-2013-1863: Remove forced set of 'create mask' to 0777.
+
+
+######################################################################
+Reporting bugs & Development Discussion
+#######################################
+
+Please discuss this release on the samba-technical mailing list or by
+joining the #samba-technical IRC channel on irc.freenode.net.
+
+If you do report problems then please try to send high quality
+feedback. If you don't provide vital information to help us track down
+the problem then you will probably be ignored. All bug reports should
+be filed under the Samba 3.6 product in the project's Bugzilla
+database (https://bugzilla.samba.org/).
+
+
+======================================================================
+== Our Code, Our Bugs, Our Responsibility.
+== The Samba Team
+======================================================================
+
+Release notes for older releases follow:
+----------------------------------------
+
=============================
Release Notes for Samba 4.0.3
February 05, 2013
Major enhancements in Samba 4.0.3 include:
+o check_password_quality: Handle non-ASCII characters properly (bug #9105).
o Fix ACL problem with delegation of privileges and deletion of accounts
over LDAP interface (bug #8909).
o Fix 'smbd' panic triggered by unlink after open (bug #9571).
o smbd: Fix memleak in the async echo handler (bug #9549).
+Known issues:
+-------------
+
+o For more details concerning the ACL problem with delegation of privileges
+ and deletion of accounts over LDAP interface (bugs #8909 and #9267)
+ regarding upgrades from older 4.0.x versions, please see
+
+ http://wiki.samba.org/index.php/Samba_AD_DC_HOWTO#Upgrading
+
+ which will be filled with details once we have worked out an upgrade
+ strategy.
Changes since 4.0.2:
--------------------
o Stefan Metzmacher <metze@samba.org>
* BUG 8909: Fix ACL problem with delegation of privileges and deletion of
accounts over LDAP interface.
+ * BUG 9105: check_password_quality: Handle non-ASCII characters properly.
* BUG 9481: samba_upgradeprovision: fix the nTSecurityDescriptor on more
containers.
* BUG 9499: s3:smb2_negprot: set the 'remote_proto' value.
== The Samba Team
======================================================================
-Release notes for older releases follow:
-----------------------------------------
+
+----------------------------------------------------------------------
+
=============================
Release Notes for Samba 4.0.2
series (smbd, nmbd, winbindd, smbpasswd) continue to be available.
+Domain Member Support
+=====================
+
+Domain member support in the 'samba' binary is in its infancy, and
+is not comparable to the support found in 'winbindd'. As such, on
+Samba domain member servers, the binaries 'smbd', 'nmbd' and 'winbindd'
+are to be used, as known from Samba 3 domain member server setups.
+The only exceptions from this rule are the cases which explicitly
+require the 'samba' binary, namely running the ntvfs file server,
+the CIFS proxy or OpenChange on a domain member.
+
+
DNS
===
headers at compile time) is known to cause errors when dealing with
non-ASCII characters.
-- Domain member support in the 'samba' binary is in its infancy, and
- is not comparable to the support found in winbindd. As such, do not
- use the 'samba' binary (provided for the AD server) on a member
- server.
-
- There is no NetBIOS browsing support (network neighbourhood)
available for the AD domain controller. (Support in nmbd and smbd
for classic domains and member/standalone servers is unchanged).