1 ===============================
2 Release Notes for Samba 4.14.14
4 ===============================
7 This is a security release in order to address the following defects:
9 o CVE-2022-2031: Samba AD users can bypass certain restrictions associated with
11 https://www.samba.org/samba/security/CVE-2022-2031.html
13 o CVE-2022-32744: Samba AD users can forge password change requests for any user.
14 https://www.samba.org/samba/security/CVE-2022-32744.html
16 o CVE-2022-32745: Samba AD users can crash the server process with an LDAP add
18 https://www.samba.org/samba/security/CVE-2022-32745.html
20 o CVE-2022-32746: Samba AD users can induce a use-after-free in the server
21 process with an LDAP add or modify request.
22 https://www.samba.org/samba/security/CVE-2022-32746.html
24 o CVE-2022-32742: Server memory information leak via SMB1.
25 https://www.samba.org/samba/security/CVE-2022-32742.html
30 o Jeremy Allison <jra@samba.org>
31 * BUG 15085: CVE-2022-32742.
33 o Andrew Bartlett <abartlet@samba.org>
34 * BUG 15009: CVE-2022-32746.
36 o Andreas Schneider <asn@samba.org>
37 * BUG 15047: CVE-2022-2031.
39 o Isaac Boukris <iboukris@gmail.com>
40 * BUG 15047: CVE-2022-2031.
42 o Joseph Sutton <josephsutton@catalyst.net.nz>
43 * BUG 15008: CVE-2022-32745.
44 * BUG 15009: CVE-2022-32746.
45 * BUG 15047: CVE-2022-2031.
46 * BUG 15074: CVE-2022-32744.
49 #######################################
50 Reporting bugs & Development Discussion
51 #######################################
53 Please discuss this release on the samba-technical mailing list or by
54 joining the #samba-technical:matrix.org matrix room, or
55 #samba-technical IRC channel on irc.libera.chat.
57 If you do report problems then please try to send high quality
58 feedback. If you don't provide vital information to help us track down
59 the problem then you will probably be ignored. All bug reports should
60 be filed under the Samba 4.1 and newer product in the project's Bugzilla
61 database (https://bugzilla.samba.org/).
64 ======================================================================
65 == Our Code, Our Bugs, Our Responsibility.
67 ======================================================================
70 Release notes for older releases follow:
71 ----------------------------------------
72 ===============================
73 Release Notes for Samba 4.14.13
75 ===============================
78 This is the last bugfix release of the Samba 4.14 release series. There will be
79 security releases only beyond this point.
85 o Jeremy Allison <jra@samba.org>
86 * BUG 14169: Renaming file on DFS root fails with
87 NT_STATUS_OBJECT_PATH_NOT_FOUND.
88 * BUG 14737: Samba does not response STATUS_INVALID_PARAMETER when opening 2
89 objects with same lease key.
90 * BUG 14938: NT error code is not set when overwriting a file during rename
93 o Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
94 * BUG 14996: Fix ldap simple bind with TLS auditing.
96 o Ralph Boehme <slow@samba.org>
97 * BUG 14674: net ads info shows LDAP Server: 0.0.0.0 depending on contacted
100 o Samuel Cabrero <scabrero@suse.de>
101 * BUG 14979: Problem when winbind renews Kerberos.
103 o Pavel Filipenský <pfilipen@redhat.com>
104 * BUG 14971: virusfilter_vfs_openat: Not scanned: Directory or special file.
106 o Elia Geretto <elia.f.geretto@gmail.com>
107 * BUG 14983: NT_STATUS_ACCESS_DENIED translates into EPERM instead of EACCES
108 in SMBC_server_internal.
110 o Björn Jacke <bj@sernet.de>
111 * BUG 13631: DFS fix for AIX broken.
113 o Stefan Metzmacher <metze@samba.org>
114 * BUG 13879: Simple bind doesn't work against an RODC (with non-preloaded
116 * BUG 14641: Crash of winbind on RODC.
117 * BUG 14865: Uncached logon on RODC always fails once.
118 * BUG 14951: KVNO off by 100000.
119 * BUG 14968: smb2_signing_decrypt_pdu() may not decrypt with
120 gnutls_aead_cipher_decrypt() from gnutls before 3.5.2.
121 * BUG 14984: Changing the machine password against an RODC likely destroys
123 * BUG 14993: authsam_make_user_info_dc() steals memory from its struct
124 ldb_message *msg argument.
125 * BUG 14995: Use Heimdal 8.0 (pre) rather than an earlier snapshot.
126 * BUG 15001: LDAP simple binds should honour "old password allowed period".
127 * BUG 15003: wbinfo -a doesn't work reliable with upn names.
129 o Garming Sam <garming@catalyst.net.nz>
130 * BUG 13879: Simple bind doesn't work against an RODC (with non-preloaded
133 o Joseph Sutton <josephsutton@catalyst.net.nz>
134 * BUG 14621: "password hash userPassword schemes = CryptSHA256" does not seem
135 to work with samba-tool.
136 * BUG 14984: Changing the machine password against an RODC likely destroys
140 #######################################
141 Reporting bugs & Development Discussion
142 #######################################
144 Please discuss this release on the samba-technical mailing list or by
145 joining the #samba-technical:matrix.org matrix room, or
146 #samba-technical IRC channel on irc.libera.chat.
149 If you do report problems then please try to send high quality
150 feedback. If you don't provide vital information to help us track down
151 the problem then you will probably be ignored. All bug reports should
152 be filed under the Samba 4.1 and newer product in the project's Bugzilla
153 database (https://bugzilla.samba.org/).
156 ======================================================================
157 == Our Code, Our Bugs, Our Responsibility.
159 ======================================================================
162 ----------------------------------------------------------------------
163 ===============================
164 Release Notes for Samba 4.14.12
166 ===============================
169 This is a security release in order to address the following defects:
171 o CVE-2021-44142: Out-of-Bound Read/Write on Samba vfs_fruit module.
172 https://www.samba.org/samba/security/CVE-2021-44142.html
174 o CVE-2022-0336: Re-adding an SPN skips subsequent SPN conflict checks.
175 https://www.samba.org/samba/security/CVE-2022-0336.html
178 Changes since 4.14.11
179 ---------------------
181 o Ralph Boehme <slow@samba.org>
182 * BUG 14914: CVE-2021-44142.
184 o Joseph Sutton <josephsutton@catalyst.net.nz>
185 * BUG 14950: CVE-2022-0336.
188 #######################################
189 Reporting bugs & Development Discussion
190 #######################################
192 Please discuss this release on the samba-technical mailing list or by
193 joining the #samba-technical IRC channel on irc.freenode.net.
195 If you do report problems then please try to send high quality
196 feedback. If you don't provide vital information to help us track down
197 the problem then you will probably be ignored. All bug reports should
198 be filed under the Samba 4.1 and newer product in the project's Bugzilla
199 database (https://bugzilla.samba.org/).
202 ======================================================================
203 == Our Code, Our Bugs, Our Responsibility.
205 ======================================================================
208 ----------------------------------------------------------------------
209 ===============================
210 Release Notes for Samba 4.14.11
212 ===============================
215 This is the latest stable release of the Samba 4.14 release series.
220 There have been a few regressions in the security release 4.14.10:
222 o CVE-2020-25717: A user on the domain can become root on domain members.
223 https://www.samba.org/samba/security/CVE-2020-25717.html
225 The instructions have been updated and some workarounds
226 initially adviced for 4.14.10 are no longer required and
227 should be reverted in most cases.
229 o BUG-14902: User with multiple spaces (eg Fred<space><space>Nurk) become
230 un-deletable. While this release should fix this bug, it is
231 adviced to have a look at the bug report for more detailed
232 information, see https://bugzilla.samba.org/show_bug.cgi?id=14902.
234 Changes since 4.14.10
235 ---------------------
237 o Jeremy Allison <jra@samba.org>
238 * BUG 14878: Recursive directory delete with veto files is broken.
239 * BUG 14879: A directory containing dangling symlinks cannot be deleted by
240 SMB2 alone when they are the only entry in the directory.
242 o Andrew Bartlett <abartlet@samba.org>
243 * BUG 14656: Spaces incorrectly collapsed in ldb attributes.
244 * BUG 14694: Ensure that the LDB request has not timed out during filter
245 processing as the LDAP server MaxQueryDuration is otherwise not honoured.
246 * BUG 14901: The CVE-2020-25717 username map [script] advice has undesired
247 side effects for the local nt token.
248 * BUG 14902: User with multiple spaces (eg Fred<space><space>Nurk) become un-
251 o Ralph Boehme <slow@samba.org>
252 * BUG 14127: Avoid storing NTTIME_THAW (-2) as value on disk
253 * BUG 14922: Kerberos authentication on standalone server in MIT realm
255 * BUG 14923: Segmentation fault when joining the domain.
257 o Alexander Bokovoy <ab@samba.org>
258 * BUG 14903: Support for ROLE_IPA_DC is incomplete.
260 o Stefan Metzmacher <metze@samba.org>
261 * BUG 14788: Memory leak if ioctl(FSCTL_VALIDATE_NEGOTIATE_INFO) fails before
262 smbd_smb2_ioctl_send.
263 * BUG 14899: winbindd doesn't start when "allow trusted domains" is off.
264 * BUG 14901: The CVE-2020-25717 username map [script] advice has undesired
265 side effects for the local nt token.
267 o Joseph Sutton <josephsutton@catalyst.net.nz>
268 * BUG 14694: Ensure that the LDB request has not timed out during filter
269 processing as the LDAP server MaxQueryDuration is otherwise not honoured.
270 * BUG 14901: The CVE-2020-25717 username map [script] advice has undesired
271 side effects for the local nt token.
274 #######################################
275 Reporting bugs & Development Discussion
276 #######################################
278 Please discuss this release on the samba-technical mailing list or by
279 joining the #samba-technical IRC channel on irc.freenode.net.
281 If you do report problems then please try to send high quality
282 feedback. If you don't provide vital information to help us track down
283 the problem then you will probably be ignored. All bug reports should
284 be filed under the Samba 4.1 and newer product in the project's Bugzilla
285 database (https://bugzilla.samba.org/).
288 ======================================================================
289 == Our Code, Our Bugs, Our Responsibility.
291 ======================================================================
294 ----------------------------------------------------------------------
295 ===============================
296 Release Notes for Samba 4.14.10
298 ===============================
301 This is a security release in order to address the following defects:
303 o CVE-2016-2124: SMB1 client connections can be downgraded to plaintext
305 https://www.samba.org/samba/security/CVE-2016-2124.html
307 o CVE-2020-25717: A user on the domain can become root on domain members.
308 https://www.samba.org/samba/security/CVE-2020-25717.html
309 (PLEASE READ! There are important behaviour changes described)
311 o CVE-2020-25718: Samba AD DC did not correctly sandbox Kerberos tickets issued
313 https://www.samba.org/samba/security/CVE-2020-25718.html
315 o CVE-2020-25719: Samba AD DC did not always rely on the SID and PAC in Kerberos
317 https://www.samba.org/samba/security/CVE-2020-25719.html
319 o CVE-2020-25721: Kerberos acceptors need easy access to stable AD identifiers
321 https://www.samba.org/samba/security/CVE-2020-25721.html
323 o CVE-2020-25722: Samba AD DC did not do suffienct access and conformance
324 checking of data stored.
325 https://www.samba.org/samba/security/CVE-2020-25722.html
327 o CVE-2021-3738: Use after free in Samba AD DC RPC server.
328 https://www.samba.org/samba/security/CVE-2021-3738.html
330 o CVE-2021-23192: Subsequent DCE/RPC fragment injection vulnerability.
331 https://www.samba.org/samba/security/CVE-2021-23192.html
337 o Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
340 o Andrew Bartlett <abartlet@samba.org>
346 o Ralph Boehme <slow@samba.org>
349 o Alexander Bokovoy <ab@samba.org>
352 o Samuel Cabrero <scabrero@samba.org>
355 o Nadezhda Ivanova <nivanova@symas.com>
358 o Stefan Metzmacher <metze@samba.org>
367 o Andreas Schneider <asn@samba.org>
370 o Joseph Sutton <josephsutton@catalyst.net.nz>
379 #######################################
380 Reporting bugs & Development Discussion
381 #######################################
383 Please discuss this release on the samba-technical mailing list or by
384 joining the #samba-technical IRC channel on irc.libera.chat or the
385 #samba-technical:matrix.org matrix channel.
387 If you do report problems then please try to send high quality
388 feedback. If you don't provide vital information to help us track down
389 the problem then you will probably be ignored. All bug reports should
390 be filed under the Samba 4.1 and newer product in the project's Bugzilla
391 database (https://bugzilla.samba.org/).
394 ======================================================================
395 == Our Code, Our Bugs, Our Responsibility.
397 ======================================================================
400 ----------------------------------------------------------------------
403 ==============================
404 Release Notes for Samba 4.14.9
406 ==============================
409 This is the latest stable release of the Samba 4.14 release series.
415 o Jeremy Allison <jra@samba.org>
416 * BUG 14682: vfs_shadow_copy2: core dump in make_relative_path.
418 o Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
419 * BUG 14868: rodc_rwdc test flaps.
420 * BUG 14881: Backport bronze bit fixes, tests, and selftest improvements.
422 o Andrew Bartlett <abartlet@samba.org>
423 * BUG 14836: Python ldb.msg_diff() memory handling failure.
424 * BUG 14642: Provide a fix for MS CVE-2020-17049 in Samba [SECURITY] 'Bronze
425 bit' S4U2Proxy Constrained Delegation bypass in Samba with embedded
427 * BUG 14845: "in" operator on ldb.Message is case sensitive.
428 * BUG 14848: Release LDB 2.3.1 for Samba 4.14.9.
429 * BUG 14870: Prepare to operate with MIT krb5 >= 1.20.
430 * BUG 14871: Fix Samba support for UF_NO_AUTH_DATA_REQUIRED.
431 * BUG 14874: Allow special chars like "@" in samAccountName when generating
433 * BUG 14881: Backport bronze bit fixes, tests, and selftest improvements.
435 o Ralph Boehme <slow@samba.org>
436 * BUG 14826: Correctly ignore comments in CTDB public addresses file.
438 o Isaac Boukris <iboukris@gmail.com>
439 * BUG 14642: Provide a fix for MS CVE-2020-17049 in Samba [SECURITY] 'Bronze
440 bit' S4U2Proxy Constrained Delegation bypass in Samba with embedded
442 * BUG 14881: Backport bronze bit fixes, tests, and selftest improvements.
444 o Viktor Dukhovni <viktor@twosigma.com>
445 * BUG 12998: Fix transit path validation.
446 * BUG 14881: Backport bronze bit fixes, tests, and selftest improvements.
448 o Luke Howard <lukeh@padl.com>
449 * BUG 14642: Provide a fix for MS CVE-2020-17049 in Samba [SECURITY] 'Bronze
450 bit' S4U2Proxy Constrained Delegation bypass in Samba with embedded
452 * BUG 14881: Backport bronze bit fixes, tests, and selftest improvements.
454 o Stefan Metzmacher <metze@samba.org>
455 * BUG 14881: Backport bronze bit fixes, tests, and selftest improvements.
457 o Andreas Schneider <asn@samba.org>
458 * BUG 14870: Prepare to operate with MIT krb5 >= 1.20.
459 * BUG 14881: Backport bronze bit fixes, tests, and selftest improvements.
461 o Martin Schwenke <martin@meltin.net>
462 * BUG 14826: Correctly ignore comments in CTDB public addresses file.
464 o Joseph Sutton <josephsutton@catalyst.net.nz>
465 * BUG 14642: Provide a fix for MS CVE-2020-17049 in Samba [SECURITY] 'Bronze
466 bit' S4U2Proxy Constrained Delegation bypass in Samba with embedded
468 * BUG 14845: "in" operator on ldb.Message is case sensitive.
469 * BUG 14868: rodc_rwdc test flaps.
470 * BUG 14871: Fix Samba support for UF_NO_AUTH_DATA_REQUIRED.
471 * BUG 14874: Allow special chars like "@" in samAccountName when generating
473 * BUG 14881: Backport bronze bit fixes, tests, and selftest improvements.
475 o Nicolas Williams <nico@twosigma.com>
476 * BUG 14642: Provide a fix for MS CVE-2020-17049 in Samba [SECURITY] 'Bronze
477 bit' S4U2Proxy Constrained Delegation bypass in Samba with embedded
479 * BUG 14881: Backport bronze bit fixes, tests, and selftest improvements.
482 #######################################
483 Reporting bugs & Development Discussion
484 #######################################
486 Please discuss this release on the samba-technical mailing list or by
487 joining the #samba-technical IRC channel on irc.freenode.net.
489 If you do report problems then please try to send high quality
490 feedback. If you don't provide vital information to help us track down
491 the problem then you will probably be ignored. All bug reports should
492 be filed under the Samba 4.1 and newer product in the project's Bugzilla
493 database (https://bugzilla.samba.org/).
496 ======================================================================
497 == Our Code, Our Bugs, Our Responsibility.
499 ======================================================================
502 ----------------------------------------------------------------------
504 ==============================
505 Release Notes for Samba 4.14.8
507 ==============================
510 This is the latest stable release of the Samba 4.14 release series.
516 o Jeremy Allison <jra@samba.org>
517 * BUG 14742: Python ldb.msg_diff() memory handling failure.
518 * BUG 14805: OpenDir() loses the correct errno return.
519 * BUG 14809: Shares with variable substitutions cause core dump upon
520 connection from MacOS Big Sur 11.5.2.
521 * BUG 14816: Fix pathref open of a filesystem fifo in the DISABLE_OPATH
524 o Andrew Bartlett <abartlet@samba.org>
525 * BUG 14806: Address a signifcant performance regression in database access
526 in the AD DC since Samba 4.12.
527 * BUG 14807: Fix performance regression in lsa_LookupSids3/LookupNames4 since
528 Samba 4.9 by using an explicit database handle cache.
529 * BUG 14817: An unuthenticated user can crash the AD DC KDC by omitting the
530 server name in a TGS-REQ.
531 * BUG 14818: Address flapping samba_tool_drs_showrepl test.
532 * BUG 14819: Address flapping dsdb_schema_attributes test.
533 * BUG 14841: Samba CI runs can now continue past the first error if
534 AUTOBUILD_FAIL_IMMEDIATELY=0 is set.
535 * BUG 14854: samldb_krbtgtnumber_available() looks for incorrect string.
537 o Ralph Boehme <slow@samba.org>
538 * BUG 14771: Some VFS operations on pathref (O_PATH) handles fail on GPFS.
539 * BUG 14783: smbd "deadtime" parameter doesn't work anymore.
540 * BUG 14787: net conf list crashes when run as normal user.
541 * BUG 14790: vfs_btrfs compression support broken.
542 * BUG 14804: winbindd can crash because idmap child state is not fully
545 o Luke Howard <lukeh@padl.com>
546 * BUG 14817: An unuthenticated user can crash the AD DC KDC by omitting the
547 server name in a TGS-REQ.
549 o Volker Lendecke <vl@samba.org>
550 * BUG 14817: An unuthenticated user can crash the AD DC KDC by omitting the
551 server name in a TGS-REQ.
553 o Gary Lockyer <gary@catalyst.net.nz>
554 * BUG 14817: An unuthenticated user can crash the AD DC KDC by omitting the
555 server name in a TGS-REQ.
557 o Stefan Metzmacher <metze@samba.org>
558 * BUG 14771: Some VFS operations on pathref (O_PATH) handles fail on GPFS.
559 * BUG 14817: An unuthenticated user can crash the AD DC KDC by omitting the
560 server name in a TGS-REQ.
562 o Andreas Schneider <asn@samba.org>
563 * BUG 14817: An unuthenticated user can crash the AD DC KDC by omitting the
564 server name in a TGS-REQ.
566 o Martin Schwenke <martin@meltin.net>
567 * BUG 14784: Fix CTDB flag/status update race conditions.
569 o Joseph Sutton <josephsutton@catalyst.net.nz>
570 * BUG 14817: An unuthenticated user can crash the AD DC KDC by omitting the
571 server name in a TGS-REQ.
572 * BUG 14836: Python ldb.msg_diff() memory handling failure.
575 #######################################
576 Reporting bugs & Development Discussion
577 #######################################
579 Please discuss this release on the samba-technical mailing list or by
580 joining the #samba-technical:matrix.org matrix room, or
581 #samba-technical IRC channel on irc.libera.chat
583 If you do report problems then please try to send high quality
584 feedback. If you don't provide vital information to help us track down
585 the problem then you will probably be ignored. All bug reports should
586 be filed under the Samba 4.1 and newer product in the project's Bugzilla
587 database (https://bugzilla.samba.org/).
590 ======================================================================
591 == Our Code, Our Bugs, Our Responsibility.
593 ======================================================================
596 ----------------------------------------------------------------------
597 ==============================
598 Release Notes for Samba 4.14.7
600 ==============================
603 This is the latest stable release of the Samba 4.14 release series.
609 o Jeremy Allison <jra@samba.org>
610 * BUG 14769: smbd panic on force-close share during offload write.
612 o Ralph Boehme <slow@samba.org>
613 * BUG 12033: smbd should support copy_file_range() for FSCTL_SRV_COPYCHUNK.
614 * BUG 14731: Fix returned attributes on fake quota file handle and avoid
616 * BUG 14756: vfs_shadow_copy2 fix inodes not correctly updating inode
619 o David Gajewski <dgajews@math.utoledo.edu>
620 * BUG 14774: Fix build on Solaris.
622 o Björn Jacke <bj@sernet.de>
623 * BUG 14654: Make dos attributes available for unreadable files.
625 o Stefan Metzmacher <metze@samba.org>
626 * BUG 14607: Work around special SMB2 READ response behavior of NetApp Ontap
628 * BUG 14793: Start the SMB encryption as soon as possible.
631 #######################################
632 Reporting bugs & Development Discussion
633 #######################################
635 Please discuss this release on the samba-technical mailing list or by
636 joining the #samba-technical IRC channel on irc.freenode.net.
638 If you do report problems then please try to send high quality
639 feedback. If you don't provide vital information to help us track down
640 the problem then you will probably be ignored. All bug reports should
641 be filed under the Samba 4.1 and newer product in the project's Bugzilla
642 database (https://bugzilla.samba.org/).
645 ======================================================================
646 == Our Code, Our Bugs, Our Responsibility.
648 ======================================================================
651 ----------------------------------------------------------------------
654 ==============================
655 Release Notes for Samba 4.14.6
657 ==============================
660 This is the latest stable release of the Samba 4.14 release series.
666 o Jeremy Allison <jra@samba.org>
667 * BUG 14722: s3: lib: Fix talloc heirarcy error in parent_smb_fname().
668 * BUG 14732: smbd: Fix pathref unlinking in create_file_unixpath().
669 * BUG 14734: s3: VFS: default: Add proc_fd's fallback for vfswrap_fchown().
670 * BUG 14736: s3: smbd: Remove erroneous TALLOC_FREE(smb_fname_parent) in
671 change_file_owner_to_parent() error path.
673 o Ralph Boehme <slow@samba.org>
674 * BUG 14730: NT_STATUS_FILE_IS_A_DIRECTORY error messages when using
675 glusterfs VFS module.
676 * BUG 14734: s3/modules: fchmod: Fallback to path based chmod if pathref.
677 * BUG 14740: Spotlight RPC service doesn't work with vfs_glusterfs.
679 o Stefan Metzmacher <metze@samba.org>
680 * BUG 14750: gensec_krb5: Restore ipv6 support for kpasswd.
681 * BUG 14752: smbXsrv_{open,session,tcon}: protect
682 smbXsrv_{open,session,tcon}_global_traverse_fn against invalid records.
684 o Joseph Sutton <josephsutton@catalyst.net.nz>
685 * BUG 14027: samba-tool domain backup offline doesn't work against bind DLZ
687 * BUG 14669: netcmd: Use next_free_rid() function to calculate a SID for
691 #######################################
692 Reporting bugs & Development Discussion
693 #######################################
695 Please discuss this release on the samba-technical mailing list or by
696 joining the #samba-technical IRC channel on irc.freenode.net.
698 If you do report problems then please try to send high quality
699 feedback. If you don't provide vital information to help us track down
700 the problem then you will probably be ignored. All bug reports should
701 be filed under the Samba 4.1 and newer product in the project's Bugzilla
702 database (https://bugzilla.samba.org/).
705 ======================================================================
706 == Our Code, Our Bugs, Our Responsibility.
708 ======================================================================
711 ----------------------------------------------------------------------
712 ==============================
713 Release Notes for Samba 4.14.5
715 ==============================
718 This is the latest stable release of the Samba 4.14 release series.
724 o Jeremy Allison <jra@samba.org>
725 * BUG 14696: s3: smbd: SMB1 SMBsplwr doesn't send a reply packet on success.
726 * BUG 14708: s3: smbd: Ensure POSIX default ACL is mapped into returned
727 Windows ACL for directory handles.
728 * BUG 14721: s3: smbd: Fix uninitialized memory read in
729 process_symlink_open() when used with vfs_shadow_copy2().
731 o Andrew Bartlett <abartlet@samba.org>
732 * BUG 14689: docs: Expand the "log level" docs on audit logging.
734 o Ralph Boehme <slow@samba.org>
735 * BUG 14714: smbd: Correctly initialize close timestamp fields.
737 o Günther Deschner <gd@samba.org>
738 * BUG 14699: Fix gcc11 compiler issues.
740 o Pavel Filipenský <pfilipen@redhat.com>
741 * BUG 14718: docs-xml: Update smbcacls manpage.
742 * BUG 14719: docs: Update list of available commands in rpcclient.
744 o Volker Lendecke <vl@samba.org>
745 * BUG 14475: ctdb: Fix a crash in run_proc_signal_handler().
747 o Andreas Schneider <asn@samba.org>
748 * BUG 14695: s3:winbind: For 'security = ADS' require realm/workgroup to be
750 * BUG 14699: lib:replace: Do not build strndup test with gcc 11 or newer.
753 #######################################
754 Reporting bugs & Development Discussion
755 #######################################
757 Please discuss this release on the samba-technical mailing list or by
758 joining the #samba-technical IRC channel on irc.freenode.net.
760 If you do report problems then please try to send high quality
761 feedback. If you don't provide vital information to help us track down
762 the problem then you will probably be ignored. All bug reports should
763 be filed under the Samba 4.1 and newer product in the project's Bugzilla
764 database (https://bugzilla.samba.org/).
767 ======================================================================
768 == Our Code, Our Bugs, Our Responsibility.
770 ======================================================================
773 ----------------------------------------------------------------------
776 ==============================
777 Release Notes for Samba 4.14.4
779 ==============================
782 This is a security release in order to address the following defect:
784 o CVE-2021-20254: Negative idmap cache entries can cause incorrect group entries
785 in the Samba file server process token.
793 The Samba smbd file server must map Windows group identities (SIDs) into unix
794 group ids (gids). The code that performs this had a flaw that could allow it
795 to read data beyond the end of the array in the case where a negative cache
796 entry had been added to the mapping cache. This could cause the calling code
797 to return those values into the process token that stores the group
798 membership for a user.
800 Most commonly this flaw caused the calling code to crash, but an alert user
801 (Peter Eriksson, IT Department, Linköping University) found this flaw by
802 noticing an unprivileged user was able to delete a file within a network
803 share that they should have been disallowed access to.
805 Analysis of the code paths has not allowed us to discover a way for a
806 remote user to be able to trigger this flaw reproducibly or on demand,
807 but this CVE has been issued out of an abundance of caution.
813 o Volker Lendecke <vl@samba.org>
814 * BUG 14571: CVE-2021-20254: Fix buffer overrun in sids_to_unixids().
817 #######################################
818 Reporting bugs & Development Discussion
819 #######################################
821 Please discuss this release on the samba-technical mailing list or by
822 joining the #samba-technical IRC channel on irc.freenode.net.
824 If you do report problems then please try to send high quality
825 feedback. If you don't provide vital information to help us track down
826 the problem then you will probably be ignored. All bug reports should
827 be filed under the Samba 4.1 and newer product in the project's Bugzilla
828 database (https://bugzilla.samba.org/).
831 ======================================================================
832 == Our Code, Our Bugs, Our Responsibility.
834 ======================================================================
837 ----------------------------------------------------------------------
840 ==============================
841 Release Notes for Samba 4.14.3
843 ==============================
846 This is the latest stable release of the Samba 4.14 release series.
852 o Trever L. Adams <trever.adams@gmail.com>
853 * BUG 14671: s3:modules:vfs_virusfilter: Recent New_VFS changes break
854 vfs_virusfilter_openat.
856 o Andrew Bartlett <abartlet@samba.org>
857 * BUG 14586: build: Notice if flex is missing at configure time.
859 o Ralph Boehme <slow@samba.org>
860 * BUG 14672: Fix smbd panic when two clients open same file.
861 * BUG 14675: Fix memory leak in the RPC server.
862 * BUG 14679: s3: smbd: fix deferred renames.
864 o Samuel Cabrero <scabrero@samba.org>
865 * BUG 14675: s3-iremotewinspool: Set the per-request memory context.
867 o Volker Lendecke <vl@samba.org>
868 * BUG 14675: Fix memory leak in the RPC server.
870 o Stefan Metzmacher <metze@samba.org>
871 * BUG 11899: third_party: Update socket_wrapper to version 1.3.2.
872 * BUG 14640: third_party: Update socket_wrapper to version 1.3.3.
874 o David Mulder <dmulder@suse.com>
875 * BUG 14665: samba-gpupdate: Test that sysvol paths download in
876 case-insensitive way.
878 o Sachin Prabhu <sprabhu@redhat.com>
879 * BUG 14662: smbd: Ensure errno is preserved across fsp destructor.
881 o Christof Schmitt <cs@samba.org>
882 * BUG 14663: idmap_rfc2307 and idmap_nss return wrong mapping for uid/gid
885 o Martin Schwenke <martin@meltin.net>
886 * BUG 14288: build: Only add -Wl,--as-needed when supported.
889 #######################################
890 Reporting bugs & Development Discussion
891 #######################################
893 Please discuss this release on the samba-technical mailing list or by
894 joining the #samba-technical IRC channel on irc.freenode.net.
896 If you do report problems then please try to send high quality
897 feedback. If you don't provide vital information to help us track down
898 the problem then you will probably be ignored. All bug reports should
899 be filed under the Samba 4.1 and newer product in the project's Bugzilla
900 database (https://bugzilla.samba.org/).
903 ======================================================================
904 == Our Code, Our Bugs, Our Responsibility.
906 ======================================================================
909 ----------------------------------------------------------------------
912 ==============================
913 Release Notes for Samba 4.14.2
915 ==============================
918 This is a follow-up release to depend on the correct ldb version. This is only
919 needed when building against a system ldb library.
921 This is a security release in order to address the following defects:
923 o CVE-2020-27840: Heap corruption via crafted DN strings.
924 o CVE-2021-20277: Out of bounds read in AD DC LDAP server.
932 An anonymous attacker can crash the Samba AD DC LDAP server by sending easily
933 crafted DNs as part of a bind request. More serious heap corruption is likely
937 User-controlled LDAP filter strings against the AD DC LDAP server may crash
940 For more details, please refer to the security advisories.
946 o Release with dependency on ldb version 2.3.0.
949 #######################################
950 Reporting bugs & Development Discussion
951 #######################################
953 Please discuss this release on the samba-technical mailing list or by
954 joining the #samba-technical IRC channel on irc.freenode.net.
956 If you do report problems then please try to send high quality
957 feedback. If you don't provide vital information to help us track down
958 the problem then you will probably be ignored. All bug reports should
959 be filed under the Samba 4.1 and newer product in the project's Bugzilla
960 database (https://bugzilla.samba.org/).
963 ======================================================================
964 == Our Code, Our Bugs, Our Responsibility.
966 ======================================================================
969 ----------------------------------------------------------------------
972 ==============================
973 Release Notes for Samba 4.14.1
975 ==============================
978 This is a security release in order to address the following defects:
980 o CVE-2020-27840: Heap corruption via crafted DN strings.
981 o CVE-2021-20277: Out of bounds read in AD DC LDAP server.
989 An anonymous attacker can crash the Samba AD DC LDAP server by sending easily
990 crafted DNs as part of a bind request. More serious heap corruption is likely
994 User-controlled LDAP filter strings against the AD DC LDAP server may crash
997 For more details, please refer to the security advisories.
1000 Changes since 4.14.0
1001 --------------------
1003 o Andrew Bartlett <abartlet@samba.org>
1004 * BUG 14655: CVE-2021-20277: Fix out of bounds read in ldb_handler_fold.
1006 o Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
1007 * BUG 14595: CVE-2020-27840: Fix unauthenticated remote heap corruption via
1009 * BUG 14655: CVE-2021-20277: Fix out of bounds read in ldb_handler_fold.
1012 #######################################
1013 Reporting bugs & Development Discussion
1014 #######################################
1016 Please discuss this release on the samba-technical mailing list or by
1017 joining the #samba-technical IRC channel on irc.freenode.net.
1019 If you do report problems then please try to send high quality
1020 feedback. If you don't provide vital information to help us track down
1021 the problem then you will probably be ignored. All bug reports should
1022 be filed under the Samba 4.1 and newer product in the project's Bugzilla
1023 database (https://bugzilla.samba.org/).
1026 ======================================================================
1027 == Our Code, Our Bugs, Our Responsibility.
1029 ======================================================================
1032 ----------------------------------------------------------------------
1035 ==============================
1036 Release Notes for Samba 4.14.0
1038 ==============================
1041 This is the first stable release of the Samba 4.14 release series.
1042 Please read the release notes carefully before upgrading.
1048 The GPG release key for Samba releases changed from:
1050 pub dsa1024/6F33915B6568B7EA 2007-02-04 [SC] [expires: 2021-02-05]
1051 Key fingerprint = 52FB C0B8 6D95 4B08 4332 4CDC 6F33 915B 6568 B7EA
1052 uid [ full ] Samba Distribution Verification Key <samba-bugs@samba.org>
1053 sub elg2048/9C6ED163DA6DFB44 2007-02-04 [E] [expires: 2021-02-05]
1055 to the following new key:
1057 pub rsa4096/AA99442FB680B620 2020-12-21 [SC] [expires: 2022-12-21]
1058 Key fingerprint = 81F5 E283 2BD2 545A 1897 B713 AA99 442F B680 B620
1059 uid [ultimate] Samba Distribution Verification Key <samba-bugs@samba.org>
1060 sub rsa4096/97EF9386FBFD4002 2020-12-21 [E] [expires: 2022-12-21]
1062 Starting from Jan 21th 2021, all Samba releases will be signed with the new key.
1064 See also GPG_AA99442FB680B620_replaces_6F33915B6568B7EA.txt
1067 NEW FEATURES/CHANGES
1068 ====================
1070 Here is a copy of a clarification note added to the Samba code
1071 in the file: VFS-License-clarification.txt.
1072 --------------------------------------------------------------
1074 A clarification of our GNU GPL License enforcement boundary within the Samba
1075 Virtual File System (VFS) layer.
1077 Samba is licensed under the GNU GPL. All code committed to the Samba
1078 project or that creates a "modified version" or software "based on" Samba must
1079 be either licensed under the GNU GPL or a compatible license.
1081 Samba has several plug-in interfaces where external code may be called
1082 from Samba GNU GPL licensed code. The most important of these is the
1085 Samba VFS modules are intimately connected by header files and API
1086 definitions to the part of the Samba code that provides file services,
1087 and as such, code that implements a plug-in Samba VFS module must be
1088 licensed under the GNU GPL or a compatible license.
1090 However, Samba VFS modules may themselves call third-party external
1091 libraries that are not part of the Samba project and are externally
1092 developed and maintained.
1094 As long as these third-party external libraries do not use any of the
1095 Samba internal structure, APIs or interface definitions created by the
1096 Samba project (to the extent that they would be considered subject to the GNU
1097 GPL), then the Samba Team will not consider such third-party external
1098 libraries called from Samba VFS modules as "based on" and/or creating a
1099 "modified version" of the Samba code for the purposes of GNU GPL.
1100 Accordingly, we do not require such libraries be licensed under the GNU GPL
1101 or a GNU GPL compatible license.
1106 The effort to modernize Samba's VFS interface has reached a major milestone with
1107 the next release Samba 4.14.
1109 For details please refer to the documentation at source3/modules/The_New_VFS.txt or
1110 visit the <https://wiki.samba.org/index.php/The_New_VFS>.
1115 Publishing printers in AD is more reliable and more printer features are
1116 added to the published information in AD. Samba now also supports Windows
1117 drivers for the ARM64 architecture.
1121 This release extends Samba to support Group Policy functionality for Winbind
1122 clients. Active Directory Administrators can set policies that apply Sudoers
1123 configuration, and cron jobs to run hourly, daily, weekly or monthly.
1125 To enable the application of Group Policies on a client, set the global
1126 smb.conf option 'apply group policies' to 'yes'. Policies are applied on an
1127 interval of every 90 minutes, plus a random offset between 0 and 30 minutes.
1129 Policies applied by Samba are 'non-tattooing', meaning that changes can be
1130 reverted by executing the `samba-gpupdate --unapply` command. Policies can be
1131 re-applied using the `samba-gpupdate --force` command.
1132 To view what policies have been or will be applied to a system, use the
1133 `samba-gpupdate --rsop` command.
1135 Administration of Samba policy requires that a Samba ADMX template be uploaded
1136 to the SYSVOL share. The samba-tool command `samba-tool gpo admxload` is
1137 provided as a convenient method for adding this policy. Once uploaded, policies
1138 can be modified in the Group Policy Management Editor under Computer
1139 Configuration/Policies/Administrative Templates. Alternatively, Samba policy
1140 may be managed using the `samba-tool gpo manage` command. This tool does not
1141 require the admx templates to be installed.
1143 Python 3.6 or later required
1144 ----------------------------
1146 Samba's minimum runtime requirement for python was raised to Python
1147 3.6 with samba 4.13. Samba 4.14 raises this minimum version to Python
1148 3.6 also to build Samba. It is no longer possible to build Samba
1149 (even just the file server) with Python versions 2.6 and 2.7.
1151 As Python 2.7 has been End Of Life upstream since April 2020, Samba
1152 is dropping ALL Python 2.x support in this release.
1154 Miscellaneous samba-tool changes
1155 --------------------------------
1157 The 'samba-tool' subcommands to manage AD objects (e.g. users, computers and
1158 groups) now consistently use the "add" command when adding a new object to
1159 the AD. The previous deprecation warnings when using the 'add' commands
1160 have been removed. For compatibility reasons, both the 'add' and 'create'
1161 commands can be used now.
1163 Users, groups and contacts can now be renamed with the respective rename
1166 Locked users can be unlocked with the new 'samba-tool user unlock' command.
1168 The 'samba-tool user list' and 'samba-tool group listmembers' commands
1169 provide additional options to hide expired and disabled user accounts
1170 (--hide-expired and --hide-disabled).
1176 * The NAT gateway and LVS features now uses the term "leader" to refer
1177 to the main node in a group through which traffic is routed and
1178 "follower" for other members of a group. The command for
1179 determining the leader has changed to "ctdb natgw leader" (from
1180 "ctdb natgw master"). The configuration keyword for indicating that
1181 a node can not be the leader of a group has changed to
1182 "follower-only" (from "slave-only"). Identical changes were made
1185 * Remove "ctdb isnotrecmaster" command. It isn't used by CTDB's
1186 scripts and can be checked by users with "ctdb pnn" and "ctdb
1193 Parameter Name Description Default
1194 -------------- ----------- -------
1196 async dns timeout New 10
1197 client smb encrypt New default
1198 honor change notify privilege New No
1199 smbd force process locks New No
1200 server smb encrypt New default
1203 CHANGES SINCE 4.14.0rc4
1204 =======================
1206 o Trever L. Adams <trever.adams@gmail.com>
1207 * BUG 14634: s3:modules:vfs_virusfilter: Recent talloc changes cause infinite
1210 o Peter Eriksson <pen@lysator.liu.se>
1211 * BUG 14648: s3: VFS: nfs4_acls. Add missing TALLOC_FREE(frame) in error
1214 o Volker Lendecke <vl@samba.org>
1215 * BUG 14636: g_lock: Fix uninitalized variable reads.
1218 CHANGES SINCE 4.14.0rc3
1219 =======================
1221 o Jeremy Allison <jra@samba.org>
1222 * BUG 14604: smbd: In conn_force_tdis_done() when forcing a connection closed
1223 force a full reload of services.
1225 o Andrew Bartlett <abartlet@samba.org>
1226 * BUG 14593: dbcheck: Check Deleted Objects and reduce noise in reports about
1229 o Ralph Boehme <slow@samba.org>
1230 * BUG 14619: vfs: Restore platform specific POSIX sys_acl_set_file()
1232 * BUG 14620: Fix the build on AIX.
1233 * BUG 14629: smbd: Don't overwrite _mode if neither a msdfs symlink nor
1234 get_dosmode is requested.
1235 * BUG 14635: Fix printer driver upload.
1238 CHANGES SINCE 4.14.0rc2
1239 =======================
1241 o Björn Jacke <bj@sernet.de>
1242 * BUG 14624: classicupgrade: Treat old never expires value right.
1244 o Stefan Metzmacher <metze@samba.org>
1245 * BUG 13898: s3:pysmbd: fix fd leak in py_smbd_create_file().
1247 o Andreas Schneider <asn@samba.org>
1248 * BUG 14625: Fix smbd share mode double free crash.
1250 o Paul Wise <pabs3@bonedaddy.net>
1251 * BUG 12505: HEIMDAL: krb5_storage_free(NULL) should work.
1254 CHANGES SINCE 4.14.0rc1
1255 =======================
1257 o Jeremy Allison <jra@samba.org>
1258 * BUG 13992: Fix SAMBA RPC share error.
1260 o Ralph Boehme <slow@samba.org>
1261 * BUG 14602: "winbind:ignore domains" doesn't prevent user login from trusted
1263 * BUG 14617: smbd tries to delete files with wrong permissions (uses guest
1264 instead of user from force user =).
1266 o Stefan Metzmacher <metze@samba.org>
1267 * BUG 14539: s3:idmap_hash: Reliably return ID_TYPE_BOTH.
1269 o Andreas Schneider <asn@samba.org>
1270 * BUG 14627: s3:smbd: Fix invalid memory access in
1271 posix_sys_acl_blob_get_fd().
1277 https://wiki.samba.org/index.php/Release_Planning_for_Samba_4.14#Release_blocking_bugs
1280 #######################################
1281 Reporting bugs & Development Discussion
1282 #######################################
1284 Please discuss this release on the samba-technical mailing list or by
1285 joining the #samba-technical IRC channel on irc.freenode.net.
1287 If you do report problems then please try to send high quality
1288 feedback. If you don't provide vital information to help us track down
1289 the problem then you will probably be ignored. All bug reports should
1290 be filed under the Samba 4.1 and newer product in the project's Bugzilla
1291 database (https://bugzilla.samba.org/).
1294 ======================================================================
1295 == Our Code, Our Bugs, Our Responsibility.
1297 ======================================================================