+ ==============================
+ Release Notes for Samba 4.0.25
+ February 23, 2015
+ ==============================
+
+
+This is a security release in order to address CVE-2015-0240 (Unexpected
+code execution in smbd).
+
+o CVE-2015-0240:
+ All versions of Samba from 3.5.0 to 4.2.0rc4 are vulnerable to an
+ unexpected code execution vulnerability in the smbd file server
+ daemon.
+
+ A malicious client could send packets that may set up the stack in
+ such a way that the freeing of memory in a subsequent anonymous
+ netlogon packet could allow execution of arbitrary code. This code
+ would execute with root privileges.
+
+
+Changes since 4.0.24:
+---------------------
+
+o Jeremy Allison <jra@samba.org>
+ * BUG 11077: CVE-2015-0240: talloc free on uninitialized stack pointer
+ in netlogon server could lead to security vulnerability.
+
+
+o Andreas Schneider <asn@samba.org>
+ * BUG 11077: CVE-2015-0240: s3-netlogon: Make sure we do not deference
+ a NULL pointer./auth: Make sure that creds_out is initialized with NULL.
+
+
+######################################################################
+Reporting bugs & Development Discussion
+#######################################
+
+Please discuss this release on the samba-technical mailing list or by
+joining the #samba-technical IRC channel on irc.freenode.net.
+
+If you do report problems then please try to send high quality
+feedback. If you don't provide vital information to help us track down
+the problem then you will probably be ignored. All bug reports should
+be filed under the Samba 4.0 product in the project's Bugzilla
+database (https://bugzilla.samba.org/).
+
+
+======================================================================
+== Our Code, Our Bugs, Our Responsibility.
+== The Samba Team
+======================================================================
+
+
+Release notes for older releases follow:
+----------------------------------------
+
+ ==============================
+ Release Notes for Samba 4.0.24
+ January 15, 2015
+ ==============================
+
+
+This is a security release in order to address CVE-2014-8143 (Elevation
+of privilege to Active Directory Domain Controller).
+
+o CVE-2014-8143:
+ Samba's AD DC allows the administrator to delegate
+ creation of user or computer accounts to specific users or groups.
+
+ However, all released versions of Samba's AD DC did not implement the
+ additional required check on the UF_SERVER_TRUST_ACCOUNT bit in the
+ userAccountControl attributes.
+
+
+Changes since 4.0.23:
+---------------------
+
+o Andrew Bartlett <abartlet@samba.org>
+ * BUG 10993: CVE-2014-8143: dsdb-samldb: Check for extended access
+ rights before we allow changes to userAccountControl.
+
+
+######################################################################
+Reporting bugs & Development Discussion
+#######################################
+
+Please discuss this release on the samba-technical mailing list or by
+joining the #samba-technical IRC channel on irc.freenode.net.
+
+If you do report problems then please try to send high quality
+feedback. If you don't provide vital information to help us track down
+the problem then you will probably be ignored. All bug reports should
+be filed under the Samba 4.0 product in the project's Bugzilla
+database (https://bugzilla.samba.org/).
+
+
+======================================================================
+== Our Code, Our Bugs, Our Responsibility.
+== The Samba Team
+======================================================================
+
+
+----------------------------------------------------------------------
+
+
+ ==============================
+ Release Notes for Samba 4.0.23
+ December 08, 2014
+ ==============================
+
+
+This is the latest stable release of Samba 4.0.
+
+
+Changes since 4.0.22:
+---------------------
+
+o Michael Adam <obnox@samba.org>
+ * BUG 10472: Revert buildtools/wafadmin/Tools/perl.py back to upstream
+ state.
+
+
+o Jeremy Allison <jra@samba.org>
+ * BUG 10711: s3:daemons: Ensure nmbd and winbindd are consistent in
+ command line processing by adding POPT_COMMON_DYNCONFIG.
+ * BUG 10779: pthreadpool: Slightly serialize jobs.
+ * BUG 10830: s3:nmbd: Ensure the main nmbd process doesn't create zombies.
+ * BUG 10831: SIGCLD Signal handler not correctly reinstalled on old library
+ code use - smbrun etc.
+ * BUG 10848: s3:smb2cli: Query info return length check was reversed.
+ * BUG 10896: s3:nmbd: Fix netbios name truncation.
+
+
+o Günther Deschner <gd@samba.org>
+ * BUG 9984: s3-libnet: Make sure we do not overwrite precreated SPNs.
+
+
+o David Disseldorp <ddiss@samba.org>
+ * BUG 10898: spoolss: Fix handling of bad EnumJobs levels.
+ * BUG 10905: spoolss: Fix print job enumeration.
+
+
+o Björn Jacke <bj@sernet.de>
+ * BUG docs: Mention incompatibility between kernel oplocks and
+ streams_xattr.
+
+
+o Volker Lendecke <vl@samba.org>
+ * BUG 10860: registry: Don't leave dangling transactions.
+ * BUG 10932: pdb_tdb: Fix a TALLOC/SAFE_FREE mixup.
+
+
+o Stefan Metzmacher <metze@samba.org>
+ * BUG 10472: Revert buildtools/wafadmin/Tools/perl.py back to upstream
+ state.
+ * BUG 10921: s3:smbd: Fix file corruption using "write cache size != 0".
+
+
+o Christof Schmitt <cs@samba.org>
+ * BUG 10838: s3-winbindd: Do not use domain SID from LookupSids for
+ * Sids2UnixIDs call.
+
+
+o Andreas Schneider <asn@samba.org>
+ * BUG 9984: s3-libnet: Add libnet_join_get_machine_spns().
+ * BUG 9985: s3-libads: Add all machine account principals to the keytab.
+ * BUG 10472: wafsamba: If perl can't provide defaults, define them.
+ * BUG 10824: nsswitch: Skip groups we were not able to map.
+ * BUG 10829: s3-libads: Improve service principle guessing.
+
+
+o Richard Sharpe <realrichardsharpe@gmail.com>
+ * BUG: source3/smbd/process.c::srv_send_smb() returns true on the error
+ path.
+
+
+######################################################################
+Reporting bugs & Development Discussion
+#######################################
+
+Please discuss this release on the samba-technical mailing list or by
+joining the #samba-technical IRC channel on irc.freenode.net.
+
+If you do report problems then please try to send high quality
+feedback. If you don't provide vital information to help us track down
+the problem then you will probably be ignored. All bug reports should
+be filed under the Samba 4.0 product in the project's Bugzilla
+database (https://bugzilla.samba.org/).
+
+
+======================================================================
+== Our Code, Our Bugs, Our Responsibility.
+== The Samba Team
+======================================================================
+
+
+----------------------------------------------------------------------
+
+
+ ==============================
+ Release Notes for Samba 4.0.22
+ September 15, 2014
+ ==============================
+
+
+This is the latest stable release of Samba 4.0.
+
+Major enhancements in Samba 4.0.22 include:
+
+o New parameter "winbind request timeout" has been added (bug #3204). Please
+ see smb.conf man page for details.
+
+
+Changes since 4.0.21:
+---------------------
+
+o Michael Adam <obnox@samba.org>
+ * BUG 10369: build: Fix configure to honour '--without-dmapi'.
+
+
+o Jeremy Allison <jra@samba.org>
+ * BUG 3204: s3: winbindd: On new client connect, prune idle or hung
+ connections older than "winbind request timeout". Add new parameter
+ "winbind request timeout".
+ * BUG 10640: lib: tevent: make TEVENT_SIG_INCREMENT atomic.
+ * BUG 10650: Make "case sensitive = True" option working with
+ "max protocol = SMB2" or higher in large directories.
+ * BUG 10728: 'net time': Fix usage and core dump.
+ * BUG 10773: s3: smbd: POSIX ACLs. Remove incorrect check for
+ SECINFO_PROTECTED_DACL in incoming security_information flags in
+ posix_get_nt_acl_common().
+ * BUG 10794: vfs_dirsort: Fix an off-by-one error that can
+ cause uninitialized memory read.
+
+
+o Björn Baumbach <bb@sernet.de>
+ * BUG 10543: s3: Enforce a positive allocation_file_size for non-empty
+ files.
+
+
+o David Disseldorp <ddiss@samba.org>
+ * BUG 10652: Samba 4 consuming a lot of CPU when re-reading printcap info.
+ * BUG 10787: dosmode: Fix FSCTL_SET_SPARSE request validation.
+
+
+o Amitay Isaacs <amitay@gmail.com>
+ * BUG 10742: s4-rpc: dnsserver: Allow . to be specified for @ record.
+
+
+o Daniel Kobras <d.kobras@science-computing.de>
+ * BUG 10731: sys_poll_intr: Fix timeout arithmetic.
+
+
+o Ross Lagerwall <rosslagerwall@gmail.com>
+ * BUG 10778: s3:libsmb: Set a max charge for SMB2 connections.
+
+
+o Volker Lendecke <vl@samba.org>
+ * BUG 10758: lib: Remove unused nstrcpy.
+ * BUG 10782: smbd: Properly initialize mangle_hash.
+
+
+o Stefan Metzmacher <metze@samba.org>
+ * BUG 10773: libcli/security: Add better detection of
+ SECINFO_[UN]PROTECTED_[D|S]ACL in get_sec_info().
+
+
+o Marc Muehlfeld <mmuehlfeld@samba.org>
+ * BUG 10761: docs: Fix typos in smb.conf (inherit acls).
+
+
+o Shirish Pargaonkar <spargaonkar@suse.com>
+ * BUG 10755: samba: Retain case sensitivity of cifs client.
+
+
+o Arvid Requate <requate@univention.de>
+ * BUG 9570: passdb: Fix NT_STATUS_NO_SUCH_GROUP.
+
+
+o Har Gagan Sahai <SHarGagan@novell.com>
+ * BUG 10759: Fix a memory leak in cli_set_mntpoint().
+
+
+o Roel van Meer <roel@1afa.com>
+ * BUG 10777: Don't discard result of checking grouptype.
+
+
+######################################################################
+Reporting bugs & Development Discussion
+#######################################
+
+Please discuss this release on the samba-technical mailing list or by
+joining the #samba-technical IRC channel on irc.freenode.net.
+
+If you do report problems then please try to send high quality
+feedback. If you don't provide vital information to help us track down
+the problem then you will probably be ignored. All bug reports should
+be filed under the Samba 4.0 product in the project's Bugzilla
+database (https://bugzilla.samba.org/).
+
+
+======================================================================
+== Our Code, Our Bugs, Our Responsibility.
+== The Samba Team
+======================================================================
+
+
+----------------------------------------------------------------------
+
+
+ ==============================
+ Release Notes for Samba 4.0.21
+ August 1, 2014
+ ==============================
+
+
+This is a security release in order to address
+CVE-2014-3560 (Remote code execution in nmbd).
+
+o CVE-2014-3560:
+ Samba 4.0.0 to 4.1.10 are affected by a remote code execution attack on
+ unauthenticated nmbd NetBIOS name services.
+
+ A malicious browser can send packets that may overwrite the heap of
+ the target nmbd NetBIOS name services daemon. It may be possible to
+ use this to generate a remote code execution vulnerability as the
+ superuser (root).
+
+
+Changes since 4.1.20:
+---------------------
+
+o Volker Lendecke <vl@samba.org>
+ * BUG 10735: CVE-2014-3560: Fix unstrcpy macro length.
+
+
+######################################################################
+Reporting bugs & Development Discussion
+#######################################
+
+Please discuss this release on the samba-technical mailing list or by
+joining the #samba-technical IRC channel on irc.freenode.net.
+
+If you do report problems then please try to send high quality
+feedback. If you don't provide vital information to help us track down
+the problem then you will probably be ignored. All bug reports should
+be filed under the Samba 4.0 product in the project's Bugzilla
+database (https://bugzilla.samba.org/).
+
+
+======================================================================
+== Our Code, Our Bugs, Our Responsibility.
+== The Samba Team
+======================================================================
+
+
+----------------------------------------------------------------------
+
+
+ ==============================
+ Release Notes for Samba 4.0.20
+ July 30, 2014
+ ==============================
+
+
+This is the latest stable release of the Samba 4.0 release series.
+
+
+Changes since 4.0.19:
+---------------------
+
+o Jeremy Allison <jra@samba.org>
+ * BUG 3124: s3: smb2: Fix 'xcopy /d' with samba shares.
+ * BUG 10653: Samba won't start on a machine configured with only IPv4.
+ * BUG 10673: s3: SMB2: Fix leak of blocking lock records in the database.
+ * BUG 10684: SMB1 blocking locks can fail notification on unlock, causing
+ client timeout.
+ * BUG 10685: s3: smbd: Locking, fix off-by one calculation in
+ brl_pending_overlap().
+ * BUG 10692: wbcCredentialCache fails if challenge_blob is not first.
+
+
+o Andrew Bartlett <abartlet@samba.org>
+ * BUG 10627: rid_array used before status checked - segmentation fault due
+ to null pointer dereference.
+
+
+o David Disseldorp <ddiss@samba.org>
+ * BUG 10612: printing: Fix purge of all print jobs.
+
+
+o Björn Jacke <bj@sernet.de>
+ * BUG 3263: net/doc: Make clear that net vampire is for NT4 domains only.
+ * BUG 10657: autobuild: Delete $NSS_MODULES in "make clean".
+
+
+o Volker Lendecke <vl@samba.org>
+ * BUG 10663: msg_channel: Fix a 100% CPU loop.
+ * BUG 10680: smbstatus: Fix an uninitialized variable.
+ * BUG 10687: 'RW2' smbtorture test fails when -N <numprocs> is set to 2 due
+ to the invalid status check in the second client.
+ * BUG 10699: smbd: Avoid double-free in get_print_db_byname.
+
+
+o Stefan Metzmacher <metze@samba.org>
+ * BUG 10469: ldb-samba: fix a memory leak in
+ ldif_canonicalise_objectCategory().
+ * BUG 10692: wbcCredentialCache fails if challenge_blob is not first.
+ * BUG 10696: Backport autobuild/selftest fixes from master.
+ * BUG 10706: s3:smb2_read: let smb2_sendfile_send_data() behave like
+ send_file_readX().
+
+
+######################################################################
+Reporting bugs & Development Discussion
+#######################################
+
+Please discuss this release on the samba-technical mailing list or by
+joining the #samba-technical IRC channel on irc.freenode.net.
+
+If you do report problems then please try to send high quality
+feedback. If you don't provide vital information to help us track down
+the problem then you will probably be ignored. All bug reports should
+be filed under the Samba 4.0 product in the project's Bugzilla
+database (https://bugzilla.samba.org/).
+
+
+======================================================================
+== Our Code, Our Bugs, Our Responsibility.
+== The Samba Team
+======================================================================
+
+
+----------------------------------------------------------------------
+
+
+ ==============================
+ Release Notes for Samba 4.0.19
+ June 23, 2014
+ ==============================
+
+
+This is a security release in order to address
+CVE-2014-0244 (Denial of service - CPU loop) and
+CVE-2014-3493 (Denial of service - Server crash/memory corruption).
+
+o CVE-2014-0244:
+ All current released versions of Samba are vulnerable to a denial of
+ service on the nmbd NetBIOS name services daemon. A malformed packet
+ can cause the nmbd server to loop the CPU and prevent any further
+ NetBIOS name service.
+
+ This flaw is not exploitable beyond causing the code to loop expending
+ CPU resources.
+
+o CVE-2014-3493:
+ All current released versions of Samba are affected by a denial of service
+ crash involving overwriting memory on an authenticated connection to the
+ smbd file server.
+
+
+Changes since 4.0.18:
+---------------------
+
+o Jeremy Allison <jra@samba.org>
+ * BUG 10633: CVE-2014-0244: Fix nmbd denial of service.
+ * BUG 10654: CVE-2014-3493: Fix segmentation fault in
+ smbd_marshall_dir_entry()'s SMB_FIND_FILE_UNIX handler.
+
+
+######################################################################
+Reporting bugs & Development Discussion
+#######################################
+
+Please discuss this release on the samba-technical mailing list or by
+joining the #samba-technical IRC channel on irc.freenode.net.
+
+If you do report problems then please try to send high quality
+feedback. If you don't provide vital information to help us track down
+the problem then you will probably be ignored. All bug reports should
+be filed under the Samba 4.0 product in the project's Bugzilla
+database (https://bugzilla.samba.org/).
+
+
+======================================================================
+== Our Code, Our Bugs, Our Responsibility.
+== The Samba Team
+======================================================================
+
+
+----------------------------------------------------------------------
+
+
+ ==============================
+ Release Notes for Samba 4.0.18
+ May 27, 2014
+ ==============================
+
+
+This is the latest stable release of Samba 4.0.
+
+Please note that this bug fix release also addresses two minor security issues
+without being a dedicated security release:
+
+ o CVE-2014-0239: dns: Don't reply to replies (bug #10609).
+ o CVE-2014-0178: Malformed FSCTL_SRV_ENUMERATE_SNAPSHOTS response
+ (bug #10549).
+
+For more details including security advisories and patches, please see
+
+ http://www.samba.org/samba/history/security.html
+
+
+ Changes since 4.0.17:
+---------------------
+
+o Michael Adam <obnox@samba.org>
+ * BUG 10548: build: Fix ordering problems with lib-provided and internal
+ RPATHs.
+
+
+o Jeremy Allison <jra@samba.org>
+ * BUG 10577: SMB1 wildcard unlink fail can leave a retry record on the open
+ retry queue.
+ * BUG 10564: Fix lock order violation and file lost.
+
+
+o Björn Baumbach <bb@sernet.de>
+ * BUG 10239: s3-nmbd: Reset debug settings after reading config file.
+ * BUG 10544: s3-lib/util: set_namearray reads across end of namelist
+ string.
+ * BUG 10556: lib-util: Rename memdup to smb_memdup and fix all callers.
+
+
+o Kai Blin <kai@samba.org>
+ * BUG 10609: CVE-2014-0239: dns: Don't reply to replies.
+
+
+o David Disseldorp <ddiss@samba.org>
+ * BUG 10590: byteorder: Do not assume PowerPC is big-endian.
+
+
+o Stefan Metzmacher <metze@samba.org>
+ * BUG 10472: script/autobuild: Make use of
+ '--with-perl-{arch,lib}-install-dir'.
+
+
+o Noel Power <nopower@suse.com>
+ * BUG 10554: Fix read of deleted memory in reply_writeclose()'.
+
+
+o Jose A. Rivera <jarrpa@redhat.com>
+ * BUG 10151: Extra ':' in msg for Waf Cross Compile Build System with
+ Cross-answers command.
+ * BUG 10348: Fix empty body in if-statement in continue_domain_open_lookup.
+
+
+o Christof Schmitt <christof.schmitt@us.ibm.com>
+ * BUG 10549: CVE-2014-0178: Malformed FSCTL_SRV_ENUMERATE_SNAPSHOTS
+ response.
+
+
+o Andreas Schneider <asn@samba.org>
+ * BUG 10472: wafsamba: Fix the installation on FreeBSD.
+
+
+######################################################################
+Reporting bugs & Development Discussion
+#######################################
+
+Please discuss this release on the samba-technical mailing list or by
+joining the #samba-technical IRC channel on irc.freenode.net.
+
+If you do report problems then please try to send high quality
+feedback. If you don't provide vital information to help us track down
+the problem then you will probably be ignored. All bug reports should
+be filed under the Samba 4.0 product in the project's Bugzilla
+database (https://bugzilla.samba.org/).
+
+
+======================================================================
+== Our Code, Our Bugs, Our Responsibility.
+== The Samba Team
+======================================================================
+
+
+----------------------------------------------------------------------
+
+
+ ==============================
+ Release Notes for Samba 4.0.17
+ April 15, 2014
+ ==============================
+
+
+This is the latest stable release of Samba 4.0.
+
+
+Changes since 4.0.16:
+---------------------
+
+o Jeremy Allison <jra@samba.org>
+ * BUG 9878: Make "force user" work as expected.
+ * BUG 9942: Fix problem with server taking too long to respond to a
+ MSG_PRINTER_DRVUPGRADE message.
+ * BUG 9993: s3-printing: Fix obvious memory leak in
+ printer_list_get_printer().
+ * BUG 10344: SessionLogoff on a signed connection with an outstanding notify
+ request crashes smbd.
+ * BUG 10431: Fix STATUS_NO_MEMORY response from Query File Posix Lock request.
+ * BUG 10508: smbd: Correctly add remote users into local groups.
+ * BUG 10534: Cleanup messages.tdb record after unclean smbd shutdown.
+
+
+o Christian Ambach <ambi@samba.org>
+ * BUG 9911: Fix build on AIX with IBM XL C/C++ (gettext detection issues).
+ * BUG 10308: Fix String Conversion Errors with Samba 4.1.0 Build on AIX 7.1.
+
+
+o Andrew Bartlett <abartlet@samba.org>
+ * smbd: Split create_conn_struct into a fn that does not change the
+ working dir.
+
+
+o Gregor Beck <gbeck@sernet.de>
+ * BUG 10458: Fix 'wbinfo -i' with one-way trust.
+ * s3:rpc_server: Minor refactoring of process_request_pdu().
+
+
+o Kai Blin <kai@samba.org>
+ * BUG 10471: Don't respond with NXDOMAIN to records that exist with another
+ type.
+
+
+o Alexander Bokovoy <ab@samba.org>
+ * BUG 10504: lsa.idl: Define lsa.ForestTrustCollisionInfo and
+ ForestTrustCollisionRecord as public structs.
+
+
+o Günther Deschner <gd@samba.org>
+ * BUG 10439: Increase max netbios name components.
+
+
+o David Disseldorp <ddiss@samba.org>
+ * BUG 10188: doc: Add "spoolss: architecture" parameter usage.
+ * BUG 10484: Initial FSRVP rpcclient requests fail with
+ NT_STATUS_PIPE_NOT_AVAILABLE.
+
+
+o Daniel Liberman <danielvl@gmail.com>
+ * BUG 10387: 'net ads search' on high latency networks can return a partial
+ list with no error indication.
+
+
+o Stefan Metzmacher <metze@samba.org>
+ * BUG 10344: SessionLogoff on a signed connection with an outstanding notify
+ request crashes smbd.
+ * BUG 10422: max xmit > 64kb leads to segmentation fault.
+ * BUG 10444: smbd_server_connection_terminate("CTDB_SRVID_RELEASE_IP")
+ panics from within ctdbd_migrate() with invalid lock_order.
+ * BUG 10464: samba4 services not binding on IPv6 addresses causing
+ connection delays.
+ * tevent: Fix crash bug in tevent_queue_immediate_trigger().
+
+
+o Garming Sam <garming@catalyst.net.nz>
+ * BUG 10378: dfs: Always call create_conn_struct with root privileges.
+
+
+o Andreas Schneider <asn@cryptomilk.org>
+ * BUG 10472: pidl: waf should have an option for the dir to install perl
+ files and do not glob.
+ * BUG 10474: s3-spoolssd: Don't register spoolssd if epmd is not running.
+ * BUG 10481: s3-rpc_server: Fix handling of fragmented rpc requests.
+
+
+o Gustavo Zacarias <gustavo@zacarias.com.ar>
+ * BUG 10506: Make 'smbreadline' build with readline 6.3.
+
+
+######################################################################
+Reporting bugs & Development Discussion
+#######################################
+
+Please discuss this release on the samba-technical mailing list or by
+joining the #samba-technical IRC channel on irc.freenode.net.
+
+If you do report problems then please try to send high quality
+feedback. If you don't provide vital information to help us track down
+the problem then you will probably be ignored. All bug reports should
+be filed under the Samba 4.0 product in the project's Bugzilla
+database (https://bugzilla.samba.org/).
+
+
+======================================================================
+== Our Code, Our Bugs, Our Responsibility.
+== The Samba Team
+======================================================================
+
+
+----------------------------------------------------------------------
+
+
+ ==============================
+ Release Notes for Samba 4.0.16
+ March 11, 2014
+ ==============================
+
+
+This is a security release in order to address
+CVE-2013-4496 (Password lockout not enforced for SAMR password changes) and
+CVE-2013-6442 (smbcacls can remove a file or directory ACL by mistake).
+
+o CVE-2013-4496:
+ Samba versions 3.4.0 and above allow the administrator to implement
+ locking out Samba accounts after a number of bad password attempts.
+
+ However, all released versions of Samba did not implement this check for
+ password changes, such as are available over multiple SAMR and RAP
+ interfaces, allowing password guessing attacks.
+
+o CVE-2013-6442:
+ Samba versions 4.0.0 and above have a flaw in the smbcacls command. If
+ smbcacls is used with the "-C|--chown name" or "-G|--chgrp name"
+ command options it will remove the existing ACL on the object being
+ modified, leaving the file or directory unprotected.
+
+
+Changes since 4.0.15:
+---------------------
+
+o Jeremy Allison <jra@samba.org>
+ * BUG 10327: CVE-2013-6442: ensure we don't lose an existing ACL when
+ setting owner or group owner.
+
+
+o Andrew Bartlett <abartlet@samba.org>
+ * BUG 10245: CVE-2013-4496: Enforce password lockout for SAMR password
+ changes.
+
+
+o Stefan Metzmacher <metze@samba.org>
+ * BUG 10245: CVE-2013-4496: Enforce password lockout for SAMR password
+ changes.
+
+
+######################################################################
+Reporting bugs & Development Discussion
+#######################################
+
+Please discuss this release on the samba-technical mailing list or by
+joining the #samba-technical IRC channel on irc.freenode.net.
+
+If you do report problems then please try to send high quality
+feedback. If you don't provide vital information to help us track down
+the problem then you will probably be ignored. All bug reports should
+be filed under the Samba 4.0 product in the project's Bugzilla
+database (https://bugzilla.samba.org/).
+
+
+======================================================================
+== Our Code, Our Bugs, Our Responsibility.
+== The Samba Team
+======================================================================
+
+
+----------------------------------------------------------------------
+
+
+ ==============================
+ Release Notes for Samba 4.0.15
+ February 18, 2014
+ ==============================
+
+
+This is the latest stable release of Samba 4.0.
+
+
+Changes since 4.0.14:
+---------------------
+
+o Michael Adam <obnox@samba.org>
+ * BUG 10259: Make shadow_copy2 module working with Windows 7.
+
+
+o Alistair Leslie-Hughes <leslie_alistair@hotmail.com>
+ * BUG 10087: ntlm_auth sometimes returns the wrong username to
+ mod_ntlm_auth_winbind.
+
+
+o Jeremy Allison <jra@samba.org>
+ * BUG 2662: Make revamped directory handling code 64bit clean.
+ * BUG 10358: Fix 100% CPU utilization in winbindd when trying to free
+ memory in winbindd_reinit_after_fork.
+ * BUG 10429: s3: modules: streaminfo: As we have no VFS function
+ SMB_VFS_LLISTXATTR we can't cope with a symlink when lp_posix_pathnames()
+ is true.
+
+
+o Christian Ambach <ambi@samba.org>
+ * BUG 0280: s3:winbindd: Fix use of uninitialized variables.
+
+
+o Andrew Bartlett <abartlet@samba.org>
+ * BUG 10418: Fix INTERNAL ERROR: Signal 11 in the kdc pid.
+
+
+o Jeffrey Clark <dude@zaplabs.com>
+ * BUG 10418: Add support for Heimdal's unified krb5 and hdb plugin system.
+
+
+o Volker Lendecke <vl@samba.org>
+ * BUG 2191: s3-winbind: Improve performance of wb_fill_pwent_sid2uid_done().
+ * BUG 10415: smbd: Fix memory overwrites.
+ * BUG 10436: smbd: Fix an ancient oplock bug.
+
+
+o Stefan Metzmacher <metze@samba.org>
+ * BUG 10442: Fix crash bug in smb2_notify code.
+
+
+o Jelmer Vernooij <jelmer@samba.org>
+ * BUG 10418: Cope with first element in hdb_method having a different name
+ in different heimdal versions.
+
+
+######################################################################
+Reporting bugs & Development Discussion
+#######################################
+
+Please discuss this release on the samba-technical mailing list or by
+joining the #samba-technical IRC channel on irc.freenode.net.
+
+If you do report problems then please try to send high quality
+feedback. If you don't provide vital information to help us track down
+the problem then you will probably be ignored. All bug reports should
+be filed under the Samba 4.0 product in the project's Bugzilla
+database (https://bugzilla.samba.org/).
+
+
+======================================================================
+== Our Code, Our Bugs, Our Responsibility.
+== The Samba Team
+======================================================================
+
+
+----------------------------------------------------------------------
+
+
+ ==============================
+ Release Notes for Samba 4.0.14
+ January 7, 2014
+ ==============================
+
+
+This is the latest stable release of Samba 4.0.
+
+Major enhancements in Samba 4.0.14 include:
+
+o Fix segfault in smbd (bug #10284).
+o Fix SMB2 server panic when a smb2 brlock times out (bug #10311).
+
+
+Changes since 4.0.13:
+---------------------
+
+o Jeremy Allison <jra@samba.org>
+ * BUG 9870: smbd: Allow updates on directory write times on open handles.
+ * BUG 10297: smbd: Fix writing to a directory with -wx permissions
+ on a share.
+ * BUG 10305: ldb: Fix bad if test in ldb_comparison_fold().
+ * BUG 10320: s3:smbpasswd: Fix crashes on invalid input.
+
+
+o David Disseldorp <ddiss@samba.org>
+ * BUG 10271: Send correct job-ID in print job notifications.
+
+
+o Volker Lendecke <vl@samba.org>
+ * BUG 10250: smbd: Fix a talloc hierarchy problem in msg_channel.
+ * BUG 10284: smbd: Fix segfault.
+ * BUG 10297: smbd: Fix writing to a directory with -wx permissions
+ on a share.
+ * BUG 10311: Fix SMB2 server panic when a smb2 brlock times out.
+
+
+o Stefan Metzmacher <metze@samba.org>
+ * BUG 10298: Reduce smb2_server processing overhead.
+ * BUG 10330: s3:configure: Require tevent >= 0.9.18 as external library.
+
+
+o Arvid Requate <requate@univention.de>
+ * BUG 10267: spoolss: Accept XPS_PASS datatype used by Windows 8.
+
+
+o Christof Schmitt <cs@samba.org>
+ * BUG 10310: Fix AIO with SMB2 and locks.
+
+
+o Andreas Schneider <asn@samba.org>
+ * BUG 2191: Fix substution of %G/%g in 'template * homedir'.
+
+
+######################################################################
+Reporting bugs & Development Discussion
+#######################################
+
+Please discuss this release on the samba-technical mailing list or by
+joining the #samba-technical IRC channel on irc.freenode.net.
+
+If you do report problems then please try to send high quality
+feedback. If you don't provide vital information to help us track down
+the problem then you will probably be ignored. All bug reports should
+be filed under the Samba 4.0 product in the project's Bugzilla
+database (https://bugzilla.samba.org/).
+
+
+----------------------------------------------------------------------
+
+
+ ==============================
+ Release Notes for Samba 4.0.13
+ December 9, 2013
+ ==============================
+
+
+This is a security release in order to address
+CVE-2013-4408 (DCE-RPC fragment length field is incorrectly checked) and
+CVE-2012-6150 (pam_winbind login without require_membership_of restrictions).
+
+o CVE-2013-4408:
+ Samba versions 3.4.0 and above (versions 3.4.0 - 3.4.17, 3.5.0 -
+ 3.5.22, 3.6.0 - 3.6.21, 4.0.0 - 4.0.12 and including 4.1.2) are
+ vulnerable to buffer overrun exploits in the client processing of
+ DCE-RPC packets. This is due to incorrect checking of the DCE-RPC
+ fragment length in the client code.
+
+ This is a critical vulnerability as the DCE-RPC client code is part of
+ the winbindd authentication and identity mapping daemon, which is
+ commonly configured as part of many server installations (when joined
+ to an Active Directory Domain). A malicious Active Directory Domain
+ Controller or man-in-the-middle attacker impersonating an Active
+ Directory Domain Controller could achieve root-level access by
+ compromising the winbindd process.
+
+ Samba server versions 3.4.0 - 3.4.17 and versions 3.5.0 - 3.5.22 are
+ also vulnerable to a denial of service attack (server crash) due to a
+ similar error in the server code of those versions.
+
+ Samba server versions 3.6.0 and above (including all 3.6.x versions,
+ all 4.0.x versions and 4.1.x) are not vulnerable to this problem.
+
+ In addition range checks were missing on arguments returned from calls
+ to the DCE-RPC functions LookupSids (lsa and samr), LookupNames (lsa and samr)
+ and LookupRids (samr) which could also cause similar problems.
+
+ As this was found during an internal audit of the Samba code there are
+ no currently known exploits for this problem (as of December 9th 2013).
+
+o CVE-2012-6150:
+ Winbind allows for the further restriction of authenticated PAM logins using
+ the require_membership_of parameter. System administrators may specify a list
+ of SIDs or groups for which an authenticated user must be a member of. If an
+ authenticated user does not belong to any of the entries, then login should
+ fail. Invalid group name entries are ignored.
+
+ Samba versions 3.3.10, 3.4.3, 3.5.0 and later incorrectly allow login from
+ authenticated users if the require_membership_of parameter specifies only
+ invalid group names.
+
+ This is a vulnerability with low impact. All require_membership_of group
+ names must be invalid for this bug to be encountered.
+
+
+Changes since 4.0.12:
+---------------------
+
+o Jeremy Allison <jra@samba.org>
+ * BUG 10185: CVE-2013-4408: Correctly check DCE-RPC fragment length field.
+
+
+o Stefan Metzmacher <metze@samba.org>
+ * BUG 10185: CVE-2013-4408: Correctly check DCE-RPC fragment length field.
+
+
+o Noel Power <noel.power@suse.com>
+ * BUGs 10300, 10306: CVE-2012-6150: Fail authentication if user isn't
+ member of *any* require_membership_of specified groups.
+
+
+######################################################################
+Reporting bugs & Development Discussion
+#######################################
+
+Please discuss this release on the samba-technical mailing list or by
+joining the #samba-technical IRC channel on irc.freenode.net.
+
+If you do report problems then please try to send high quality
+feedback. If you don't provide vital information to help us track down
+the problem then you will probably be ignored. All bug reports should
+be filed under the Samba 4.0 product in the project's Bugzilla
+database (https://bugzilla.samba.org/).
+
+
+======================================================================
+== Our Code, Our Bugs, Our Responsibility.
+== The Samba Team
+======================================================================
+
+
+----------------------------------------------------------------------
+
+
+ ==============================
+ Release Notes for Samba 4.0.12
+ November 19, 2013
+ ==============================
+
+
+This is is the latest stable release of Samba 4.0.
+
+Major enhancements in Samba 4.0.12 include:
+
+o RW Deny for a specific user is not overriding RW Allow for a group (bug
+ #10196)
+
+
+Changes since 4.0.11:
+---------------------
+
+o Jeremy Allison <jra@samba.org>
+ * BUG 10187: Missing talloc_free can leak stackframe in error path.
+ * BUG 10196: RW Deny for a specific user is not overriding RW Allow for a
+ group.
+
+
+o Andrew Bartlett <abartlet@samba.org>
+ * BUG 10052: Use dsdb_search_one to catch 0 results as well as
+ NO_SUCH_OBJECT errors.
+
+
+o Samuel Cabrero <scabrero@zentyal.com>
+ * BUG 9091: s4-dns: dlz_bind9: Create dns-HOSTNAME account disabled.
+
+
+o Günther Deschner <gd@samba.org>
+ * BUG 10264: s3-winbind: Fix cache_traverse_validate_fn failure for NDR
+ cache entries.
+
+
+o Björn Jacke <bj@sernet.de>
+ * BUG 10247: xattr: Fix listing EAs on *BSD for non-root users.
+
+
+o Volker Lendecke <vl@samba.org>
+ * BUG 10195: nsswitch: Fix short writes in winbind_write_sock.
+
+
+o Stefan Metzmacher <metze@samba.org>
+ * BUG 9905: ldap_server: Register name and pid at startup.
+ * BUG 10193: s4:dsdb/rootdse: report 'dnsHostName' instead of 'dNSHostName'.
+ * BUG 10232: libcli/smb: fix smb2cli_ioctl*() against Windows 2008.
+
+
+o Andreas Schneider <asn@samba.org>
+ * BUG 10132: pam_winbindd: Add support for the KEYRING ccache type.
+ * BUG 10194: winbind: Offline logon cache not updating for cross child
+ domain group membership.
+ * BUG 10269: util: Remove 32bit macros breaking strict aliasing.
+
+
+######################################################################
+Reporting bugs & Development Discussion
+#######################################
+
+Please discuss this release on the samba-technical mailing list or by
+joining the #samba-technical IRC channel on irc.freenode.net.
+
+If you do report problems then please try to send high quality
+feedback. If you don't provide vital information to help us track down
+the problem then you will probably be ignored. All bug reports should
+be filed under the Samba 4.0 product in the project's Bugzilla
+database (https://bugzilla.samba.org/).
+
+
+======================================================================
+== Our Code, Our Bugs, Our Responsibility.
+== The Samba Team
+======================================================================
+
+
+----------------------------------------------------------------------
+
+
+ ==============================
+ Release Notes for Samba 4.0.11
+ November 11, 2013
+ ==============================
+
+
+This is a security release in order to address
+CVE-2013-4475 (ACLs are not checked on opening an alternate
+data stream on a file or directory) and
+CVE-2013-4476 (Private key in key.pem world readable).
+
+o CVE-2013-4475:
+ Samba versions 3.2.0 and above (all versions of 3.2.x, 3.3.x,
+ 3.4.x, 3.5.x, 3.6.x, 4.0.x and 4.1.x) do not check the underlying
+ file or directory ACL when opening an alternate data stream.
+
+ According to the SMB1 and SMB2+ protocols the ACL on an underlying
+ file or directory should control what access is allowed to alternate
+ data streams that are associated with the file or directory.
+
+ By default no version of Samba supports alternate data streams
+ on files or directories.
+
+ Samba can be configured to support alternate data streams by loading
+ either one of two virtual file system modues (VFS) vfs_streams_depot or
+ vfs_streams_xattr supplied with Samba, so this bug only affects Samba
+ servers configured this way.
+
+ To determine if your server is vulnerable, check for the strings
+ "streams_depot" or "streams_xattr" inside your smb.conf configuration
+ file.
+
+o CVE-2013-4476:
+ In setups which provide ldap(s) and/or https services, the private
+ key for SSL/TLS encryption might be world readable. This typically
+ happens in active directory domain controller setups.
+
+
+Changes since 4.0.10:
+---------------------
+
+o Jeremy Allison <jra@samba.org>
+ * BUGs 10234 + 10229: CVE-2013-4475: Fix access check verification on stream
+ files.
+
+
+o Björn Baumbach <bb@sernet.de>
+ * BUG 10234: CVE-2013-4476: Private key in key.pem world readable.
+
+
+######################################################################
+Reporting bugs & Development Discussion
+#######################################
+
+Please discuss this release on the samba-technical mailing list or by
+joining the #samba-technical IRC channel on irc.freenode.net.
+
+If you do report problems then please try to send high quality
+feedback. If you don't provide vital information to help us track down
+the problem then you will probably be ignored. All bug reports should
+be filed under the Samba 4.0 product in the project's Bugzilla
+database (https://bugzilla.samba.org/).
+
+
+======================================================================
+== Our Code, Our Bugs, Our Responsibility.
+== The Samba Team
+======================================================================
+
+
+----------------------------------------------------------------------
+
+
==============================
Release Notes for Samba 4.0.10
October 8, 2013
======================================================================
-Release notes for older releases follow:
-----------------------------------------
+----------------------------------------------------------------------
+
=============================
Release Notes for Samba 4.0.9