1 ============================= 2 Release Notes for Samba 3.5.8 3 March 7, 2011 4 ============================= 5 6 7This is the latest stable release of Samba 3.5. 8 9Major enhancements in Samba 3.5.8 include: 10 11o Fix Winbind crash bug when no DC is available (bug #7730). 12o Fix finding users on domain members (bug #7743). 13o Fix memory leaks in Winbind (bug #7879). 14o Fix printing with Windows 7 clients (bug #7567). 15 16 17Changes since 3.5.7: 18-------------------- 19 20 21o Michael Adam <obnox@samba.org> 22 * BUG 7594: Fix "log=>ndr_pull_error" in 'wbinfo -u' and 'wbinfo -g'. 23 * BUG 7871: Fix 'net ads dns register' in cluster setups. 24 * BUG 7894: Fix sporadic Winbind panic in rpc query_user_list. 25 26 27o Jeremy Allison <jra@samba.org> 28 * BUG 7409: Raise debug level for "reduce_name: couldn't get realpath" 29 messages. 30 * BUG 7716: Store unmodified copies of security descriptors in acl_xattr and 31 acl_tdb modules. 32 * BUG 7733: Fix incorrect unix mode_t caused by invalid client DOS 33 attributes on create. 34 * BUG 7734: Apply appropriate create masks when creating files with "inherit 35 ACLs" set to true. 36 * BUG 7743: Fix finding users on domain members. 37 * BUG 7744: Fix "dfree cache time" parameter. 38 * BUG 7777: Fix requesting lookups for BUILTIN sids. 39 * BUG 7785: Fix atime limit. 40 * BUG 7791: Fix copying files from a SMB share using Gnome vfs and SMB 41 signing. 42 * BUG 7812: ACL inheritance cannot be disabled in vfs_acl_xattr/vfs_acl_tdb. 43 * BUG 7835: vfs_fill_sparse() doesn't use posix_fallocate when strict 44 allocate is on. 45 * BUG 7843: Expand the local SAMs aliases. 46 * BUG 7892: Fix stale lock in open_file_fchmod(). 47 * BUG 7950: Revalidate the pathname once re-constructed from a root fsp. 48 49 50o Andrew Bartlett <abartlet@samba.org> 51 * BUG 7356: Fix 'net ads dns register' in Windows 2008 R2 domains. 52 53 54o Bj��rn Baumbach <bb@sernet.de> 55 * BUG 7875: Fix 'nmbd --port'. 56 * BUG 7880: Make 'rpcclient deldriver' delete drivers for all architectures. 57 58 59o G��nther Deschner <gd@samba.org> 60 * BUG 7567: Fix printing with Windows 7 clients. 61 * BUG 7641: Handle Windows 9x adddriver calls without config file. 62 * BUG 7945: Let Winbind try to use samlogon validation level 6. 63 64 65o Holger Hetterich <hhetter@novell.com> 66 * BUG 3185: Fix 'testparm' return code when EOF in encountered in param 67 name. 68 69 70o Bj��rn Jacke <bj@sernet.de> 71 * BUG 7821: Fix build of shared libraries on Tru64. 72 73 74o Volker Lendecke <vl@samba.org> 75 * BUG 7066: Fix "Your Password expires today" message for users of trusted 76 domains. 77 * BUG 7262: Fix maintaining of users' groups via UsrMgr. 78 * BUG 7656: Fix scalability problem with hundreds of printers. 79 * BUG 7665: Fix memory leak in the netapi routines. 80 * BUG 7730: Fix Winbind crash bug when no DC is available. 81 * BUG 7774: Fix a getgrent crash with many groups. 82 * BUG 7779: Fix smbd crash caused by expand_msdfs. 83 * BUG 7800: Make Winbind recover from a signing error. 84 * BUG 7817: Fix "force group" with ntlmssp guest session setup. 85 * BUG 7841: Make WINBINDD_LOOKUPRIDS asking the right domain. 86 * BUG 7842: Make WINBINDD_LOOKUPRIDS returning the domain name. 87 * BUG 7855: ntlm_auth: Support clients which offer a spnego mechs we don't 88 support. 89 * BUG 7879: Fix memory leaks in Winbind. 90 * BUG 7881: Fix flaky Winbind against Windows 2008. 91 * BUG 7917: Fix connections from WinCE. 92 * BUG 7940: Fix opening MS Powerpoint files. 93 94 95o Stefan Metzmacher <metze@samba.org> 96 * BUG 7567: Fix printing with Windows 7 clients. 97 * BUG 7855: ntlm_auth: Support clients which offer a spnego mechs we don't 98 support. 99 * BUG 7883: Fix SMB session setups with Kerberos against some closed source 100 SMB servers. 101 * BUG 7896: Don't set SAMR_FIELD_FULL_NAME if we just want to set the 102 account name. 103 * BUG 7899: Don't return "-1" on success in 'net rpc vampire keytab'. 104 * BUG 7942: Fix endless loops caused by inotify. 105 * BUG 7944: Catch lookup_names/sids schannel errors over ncacn_ip_tcp. 106 107 108o Jonathan Nieder <jrnieder@gmail.com> 109 * BUG 6837: Make "rlimit_max below minimum Windows limit" notification less 110 scary. 111 112 113o olivier <olivier@virtscano.fakenet> 114 * BUG 7789: vfs_scannedonly: Switch from mtime to ctime which is more reliable. 115 116 117o Rusty Russell <rusty@rustcorp.com.au> 118 * BUG 7498: Fix updating the time on close in vfs_gpfs. 119 120 121###################################################################### 122Reporting bugs & Development Discussion 123####################################### 124 125Please discuss this release on the samba-technical mailing list or by 126joining the #samba-technical IRC channel on irc.freenode.net. 127 128If you do report problems then please try to send high quality 129feedback. If you don't provide vital information to help us track down 130the problem then you will probably be ignored. All bug reports should 131be filed under the Samba 3.5 product in the project's Bugzilla 132database (https://bugzilla.samba.org/). 133 134 135====================================================================== 136== Our Code, Our Bugs, Our Responsibility. 137== The Samba Team 138====================================================================== 139 140 141Release notes for older releases follow: 142---------------------------------------- 143 144 ============================= 145 Release Notes for Samba 3.5.7 146 February 28, 2011 147 ============================= 148 149 150This is a security release in order to address CVE-2011-0719. 151 152 153o CVE-2011-0719: 154 All current released versions of Samba are vulnerable to 155 a denial of service caused by memory corruption. Range 156 checks on file descriptors being used in the FD_SET macro 157 were not present allowing stack corruption. This can cause 158 the Samba code to crash or to loop attempting to select 159 on a bad file descriptor set. 160 161 162Changes since 3.5.6: 163-------------------- 164 165 166o Jeremy Allison <jra@samba.org> 167 * BUG 7949: Fix DoS in Winbind and smbd with many file descriptors open. 168 169 170###################################################################### 171Reporting bugs & Development Discussion 172####################################### 173 174Please discuss this release on the samba-technical mailing list or by 175joining the #samba-technical IRC channel on irc.freenode.net. 176 177If you do report problems then please try to send high quality 178feedback. If you don't provide vital information to help us track down 179the problem then you will probably be ignored. All bug reports should 180be filed under the Samba 3.5 product in the project's Bugzilla 181database (https://bugzilla.samba.org/). 182 183 184====================================================================== 185== Our Code, Our Bugs, Our Responsibility. 186== The Samba Team 187====================================================================== 188 189 190---------------------------------------------------------------------- 191 192 193 ============================= 194 Release Notes for Samba 3.5.6 195 October 8, 2010 196 ============================= 197 198 199This is the latest stable release of Samba 3.5. 200 201Major enhancements in Samba 3.5.6 include: 202 203 o Fix smbd panic on invalid NetBIOS session request (bug #7698). 204 o Fix smbd crash caused by "%D" in "printer admin" (bug #7541). 205 o Fix crash bug with invalid SPNEGO token (bug #7694). 206 o Fix Winbind internal error (bug #7636). 207 208 209Changes since 3.5.5 210------------------- 211 212 213o Jeremy Allison <jra@samba.org> 214 * BUG 7577: Fix SPNEGO auth when contacting Win7 system using Microsoft Live 215 Sign-in Assistant. 216 * BUG 7578: Fix 'net idmap restore' setting HWM to avoid duplicates. 217 * BUG 7581: Fix "admin users" when using vfs_acl_xattr. 218 * BUG 7583: Fix smbclient to connect to Alfresco JLAN CIFS server using 219 Kerberos. 220 * BUG 7589: Fix using cached credentials in ntlm_auth. 221 * BUG 7590: Fix Winbind offline login. 222 * BUG 7617: Fix smbd coredump due to uninitialized variables in the 223 performance counter code. 224 * BUG 7636: Fix Winbind internal error. 225 * BUG 7651: Fix mknod and mkfifo failing with "No such file or 226 directory". 227 * BUG 7693: Fix smbd changing mode of files on rename. 228 * BUG 7694: Fix crash bug with invalid SPNEGO token. 229 * BUG 7698: Fix smbd panic on invalid NetBIOS session request. 230 231 232o G��nther Deschner <gd@samba.org> 233 * BUG 7541: Fix smbd crash caused by "%D" in "printer admin". 234 * BUG 7568: Make sure cm_connect_lsa_tcp does not reset the secure channel. 235 * BUG 7658: Fix "dereferencing type-punned pointer will break 236 strict-aliasing rules" warnings). 237 * BUG 7665: Fix memory leak in netapi connection manager. 238 239 240o Bj��rn Jacke <bj@sernet.de> 241 * BUG 7244: Fall back to cups-config for underlinked libs. 242 * BUG 7474: Fix build on platforms without st_blocks and st_blksize stat 243 struct members. 244 245 246o Volker Lendecke <vl@samba.org> 247 * BUG 7336: Enable idmap_passdb module build as shared. 248 * BUG 7531: Fix the charset_pull routine. 249 * BUG 7635: Fix 'smbclient -M'. 250 * BUG 7656: Fix scalability problem with hundreds of printers. 251 * BUG 7684: Fix fd leak in libwbclient.so. 252 * BUG 7688: Fix crash bug in rpcclient. 253 * BUG 7470: Standardize S_IREAD and S_IWRITE. 254 * BUG 7715: Fix file corruption when setting Samba "write wache wize". 255 256 257o Jim McDonough <jmcd@samba.org> 258 * BUG 7280: Fix auto printers with registry config. 259 260 261o Andreas Schneider <asn@samba.org> 262 * BUG 7538: Fix GUID_from_data_blob() with length of 32. 263 264 265o Chere Zhou <chere.zhou@isilon.com> 266 * BUG 7662: Align change notify replies on 4-byte boundary. 267 268 269###################################################################### 270Reporting bugs & Development Discussion 271####################################### 272 273Please discuss this release on the samba-technical mailing list or by 274joining the #samba-technical IRC channel on irc.freenode.net. 275 276If you do report problems then please try to send high quality 277feedback. If you don't provide vital information to help us track down 278the problem then you will probably be ignored. All bug reports should 279be filed under the Samba 3.5 product in the project's Bugzilla 280database (https://bugzilla.samba.org/). 281 282 283====================================================================== 284== Our Code, Our Bugs, Our Responsibility. 285== The Samba Team 286====================================================================== 287 288 289---------------------------------------------------------------------- 290 291 292 ============================= 293 Release Notes for Samba 3.5.5 294 September 14, 2010 295 ============================= 296 297 298This is a security release in order to address CVE-2010-3069. 299 300 301o CVE-2010-3069: 302 All current released versions of Samba are vulnerable to 303 a buffer overrun vulnerability. The sid_parse() function 304 (and related dom_sid_parse() function in the source4 code) 305 do not correctly check their input lengths when reading a 306 binary representation of a Windows SID (Security ID). This 307 allows a malicious client to send a sid that can overflow 308 the stack variable that is being used to store the SID in the 309 Samba smbd server. 310 311 312Changes since 3.5.4 313-------------------- 314 315 316o Jeremy Allison <jra@samba.org> 317 * BUG 7669: Fix for CVE-2010-3069. 318 319 320o Andrew Bartlett <abartlet@samba.org> 321 * BUG 7669: Fix for CVE-2010-3069. 322 323 324###################################################################### 325Reporting bugs & Development Discussion 326####################################### 327 328Please discuss this release on the samba-technical mailing list or by 329joining the #samba-technical IRC channel on irc.freenode.net. 330 331If you do report problems then please try to send high quality 332feedback. If you don't provide vital information to help us track down 333the problem then you will probably be ignored. All bug reports should 334be filed under the Samba 3.5 product in the project's Bugzilla 335database (https://bugzilla.samba.org/). 336 337 338====================================================================== 339== Our Code, Our Bugs, Our Responsibility. 340== The Samba Team 341====================================================================== 342 343 344---------------------------------------------------------------------- 345 346 347 ============================= 348 Release Notes for Samba 3.5.4 349 June 23, 2010 350 ============================= 351 352 353This is the latest stable release of Samba 3.5. 354 355Major enhancements in Samba 3.5.4 include: 356 357 o Fix smbd crash when sambaLMPassword and sambaNTPassword entries missing 358 from ldap (bug #7448). 359 o Fix init_sam_from_ldap storing group in sid2uid cache (bug #7507). 360 361 362Changes since 3.5.3 363------------------- 364 365 366o Michael Adam <obnox@samba.org> 367 * BUG 7507: Fix init_sam_from_ldap storing group in sid2uid cache. 368 369 370o Jeremy Allison <jra@samba.org> 371 * BUG 7188: Make ea data checks identical for trans2open and trans2mkdir. 372 * BUG 7410: Samba sends "raw" inode number as uniqueid with unix extensions. 373 * BUG 7449: Fix spnego returning incorrect mechListMIC string. 374 375 376o G��nther Deschner <gd@samba.org> 377 * BUG 7341: Fix Winbind over IPv6. 378 * BUG 7459: Fix some crash bugs and missing error codes in AddDriver paths. 379 * BUG 7479: Fix crash bug in _samr_QueryUserInfo{2} level 18. 380 * BUG 7517: Fix session setup from linux kernel cifs clients with 381 "sec=ntlmv2". 382 383 384o Olaf Flebbe <o.flebbe@science-computing.de> 385 * BUG 7209: Fix build on RHEL5. 386 387 388o Bj��rn Jacke <bj@sernet.de> 389 * BUG 7427: Using IBM xl_C compiler produces wrong results in configure. 390 * BUG 7503: Fix calculation of st_blocks in vfs_streams_xattr. 391 * BUG 7504: Fix numerous build issues. 392 393 394o Volker Lendecke <vl@samba.org> 395 * BUG 7253: Fix Samba login cache problem on Sparc Architecture. 396 * BUG 7262: Fix editing users' groups via UsrMgr. 397 398 399o Buchan Milne <bgmilne@mandriva.org> 400 * BUG 7500: Fix 'not a string literal' warning in netdomjoin-gui. 401 402 403o Matthieu Patou <mat@matws.net> 404 * BUG 7099: Allow previous password to be stored and use it to check 405 tickets. 406 407 408o Andreas Schneider <asn@samba.org> 409 * BUG 7423: Fix printing large formats. 410 411 412o Roel van Meer <rolek@bokxing.nl> 413 * BUG 7448: Fix smbd crash when sambaLMPassword and sambaNTPassword entries 414 missing from ldap. 415 416 417###################################################################### 418Reporting bugs & Development Discussion 419####################################### 420 421Please discuss this release on the samba-technical mailing list or by 422joining the #samba-technical IRC channel on irc.freenode.net. 423 424If you do report problems then please try to send high quality 425feedback. If you don't provide vital information to help us track down 426the problem then you will probably be ignored. All bug reports should 427be filed under the Samba 3.5 product in the project's Bugzilla 428database (https://bugzilla.samba.org/). 429 430 431====================================================================== 432== Our Code, Our Bugs, Our Responsibility. 433== The Samba Team 434====================================================================== 435 436 437---------------------------------------------------------------------- 438 439 440 ============================= 441 Release Notes for Samba 3.5.3 442 May 19, 2010 443 ============================= 444 445 446This is the latest stable release of Samba 3.5. 447 448Major enhancements in Samba 3.5.3 include: 449 450 o Fix MS-DFS functionality (bug #7339). 451 o Fix a Winbind crash when scanning trusts (bug #7389). 452 o Fix problems with SIGCHLD handling in Winbind (bug #7317). 453 454 455Changes since 3.5.2 456------------------- 457 458 459o Jeremy Allison <jra@samba.org> 460 * BUG 7288: Fix SMB job IDs in CUPS job names. 461 * BUG 7339: Fix MS-DFS functionality. 462 463 464o Andrew Bartlett <abartlet@samba.org> 465 * BUG 7354: Fix CLDAP tsocket problem on Solaris. 466 467 468o Ira Cooper <samba@ira.wakeful.net> 469 * BUG 7384: Fix bitmap leak in dptr_Close. 470 471 472o G��nther Deschner <gd@samba.org> 473 * BUG 7277: Fix exporting printers via 'cupsaddsmb' command. 474 * BUG 7417: Fix setting of passwords via 'net rpc user password' command. 475 * BUG 7418: Fix 'net rpc printer list' command. 476 477 478o Olaf Flebbe <o.flebbe@science-computing.de> 479 * BUG 7421: Rename mod_name to module_name. 480 481 482o Bj��rn Jacke <bj@sernet.de> 483 * BUG 7352: Make TIME_T_MAX defines consistent. 484 * BUG 7385: Fix building with Solaris' gcc. 485 486 487o Jeff Layton <jlayton@redhat.com> 488 * BUG 7315: Fix segfault in mount.cifs. 489 490 491o Volker Lendecke <vl@samba.org> 492 * BUG 7357: Re-fix a bug with smbd serving a windows terminal server. 493 * BUG 7389: Fix a Winbind crash when scanning trusts. 494 * BUG 7398: Fix rename problems with full_audit VFS module. 495 496 497o Jim McDonough <jmcd@samba.org> 498 * BUG 7378: Display an error on 'net conf import' failures. 499 500 501o Stefan Metzmacher <metze@samba.org> 502 * BUG 7196: Add replacement for IPV6_V6ONLY on linux systems with broken 503 headers. 504 * BUG 7317: Fix problems with SIGCHLD handling in Winbind. 505 * BUG 7354: Fix CLDAP tsocket problem on Solaris. 506 507 508o Luca Olivetti <luca@wetron.es> 509 * BUG 7263: Fix cups encryption setting. 510 511 512###################################################################### 513Reporting bugs & Development Discussion 514####################################### 515 516Please discuss this release on the samba-technical mailing list or by 517joining the #samba-technical IRC channel on irc.freenode.net. 518 519If you do report problems then please try to send high quality 520feedback. If you don't provide vital information to help us track down 521the problem then you will probably be ignored. All bug reports should 522be filed under the Samba 3.5 product in the project's Bugzilla 523database (https://bugzilla.samba.org/). 524 525 526====================================================================== 527== Our Code, Our Bugs, Our Responsibility. 528== The Samba Team 529====================================================================== 530 531 532---------------------------------------------------------------------- 533 534 535 ============================= 536 Release Notes for Samba 3.5.2 537 April 7, 2010 538 ============================= 539 540 541This is the latest stable release of Samba 3.5. 542 543Major enhancements in Samba 3.5.2 include: 544 545 o Fix smbd segfaults in _netr_SamLogon for clients sending null domain 546 (bug #7237). 547 o Fix smbd segfaults in "waiting for connections" message (bug #7251). 548 o Fix an uninitialized variable read in smbd (bug #7254). 549 o Fix a memleak in Winbind (bug #7278). 550 o Fix Winbind reconnection to it's own domain (bug #7295). 551 552 553Changes since 3.5.1 554------------------- 555 556 557o Michael Adam <obnox@samba.org> 558 * BUG 7231: Fix automatic building of vfs_tsmsm if gpfs and dmapi are 559 present. 560 * BUG 7232: Fix race conditions in CTDB persistent transactions. 561 * BUG 7313: Make 'net conf addshare' atomic. 562 * BUG 7314: Eliminate race condition in creating/scanning sorted subkeys in 563 the registry backend. 564 565 566o Jeremy Allison <jra@samba.org> 567 * BUG 7075: Fix bug in vfs_scannedonly rmdir implementation. 568 * BUG 7159: Fix handling of bad server data returns in client rpc_transport. 569 * BUG 7234: Symlink delete fails but incorrectly reports success to client. 570 * BUG 7255: Fix "printer admin" functionality. 571 * BUG 7283: Fix smbd segfault if using vfs_acl_tdb. 572 * BUG 7297: Fix smbd crashes with CUPS printers and no [printers] share defined. 573 * BUG 7310: Fix DOS attribute inconsistency with MS Office. 574 575 576o Kai Blin <kai@samba.org> 577 * BUG 7290: Fix core dump in 'ntlm_auth' with "gss-spnego" helper. 578 579 580o G��nther Deschner <gd@samba.org> 581 * BUG 6727: Fix several printing issues. 582 * BUG 7237: Fix smbd segfaults in _netr_SamLogon for clients sending 583 null domain. 584 * BUG 7256: Fix value-needed calculation in_spoolss_EnumPrinterData(). 585 * BUG 7258: Fix _winreg_QueryValue crash bugs and implement Windows 586 behavior. 587 588 589o Holger Hetterich <hhetter@novell.com> 590 * BUG 7203: Fix 'net share' command. 591 592 593o Michael Karcher <samba@mkarcher.dialup.fu-berlin.de> 594 * BUG 7269: Fix job management commands for CUPS queues. 595 596 597o Jeff Layton <jlayton@redhat.com> 598 * BUG 6853: Fix race condition in mount.cifs that allows user to replace 599 mountpoint with a symlink. 600 601 602o Volker Lendecke <vl@samba.org> 603 * BUG 5198: Fix parsing of the gecos field. 604 * BUG 7202: Fix access by multi-threaded applications. 605 * BUG 7212: Fix returning of group members with 'getent group'. 606 * BUG 7216: Fix the build of net_afs.c with --fake-kaserver=yes. 607 * BUG 7229: Fix a NULL pointer dereference in smbd. 608 * BUG 7232: Fix race conditions in CTDB persistent transactions. 609 * BUG 7254: Fix an uninitialized variable read in smbd. 610 * BUG 7278: Fix a memleak in Winbind. 611 612 613o Roel van Meer <rolek@alt001.com> 614 * BUG 6814: Fix valgrind warning. 615 616 617o Stefan Metzmacher <metze@samba.org> 618 * BUG 7170: Never mark external domains as internal in Winbind. 619 * BUG 7225: Make Winbind logs more verbose for troubleshooting. 620 * BUG 7251: Fix smbd segfault in "waiting for connections" message. 621 * BUG 7295: Fix Winbind reconnection to it's own domain. 622 * BUG 7316: Winbind possibly segfaults when trying a trusted domain without 623 inbound trust. 624 625 626o SATOH Fumiyasu <fumiyas@osstech.co.jp> 627 * BUG 1206: Fix segfault if hide files or veto files has no ".AppleDouble". 628 629 630o Simo Sorce <idra@samba.org> 631 * BUG 7204: Fix DN parsing name was always null. 632 633 634o Andrew Tridgell <tridge@samba.org> 635 * BUG 7312: Many disconnecting clients render clustered Samba unusuable 636 for some time. 637 638 639o Bo Yang <boyang@samba.org> 640 * BUG 7206: Signals are processed twice in child. 641 642 643 644###################################################################### 645Reporting bugs & Development Discussion 646####################################### 647 648Please discuss this release on the samba-technical mailing list or by 649joining the #samba-technical IRC channel on irc.freenode.net. 650 651If you do report problems then please try to send high quality 652feedback. If you don't provide vital information to help us track down 653the problem then you will probably be ignored. All bug reports should 654be filed under the Samba 3.5 product in the project's Bugzilla 655database (https://bugzilla.samba.org/). 656 657 658====================================================================== 659== Our Code, Our Bugs, Our Responsibility. 660== The Samba Team 661====================================================================== 662 663---------------------------------------------------------------------- 664 665 ============================= 666 Release Notes for Samba 3.5.1 667 March 8, 2010 668 ============================= 669 670 671This is a security release in order to address CVE-2010-0728. 672 673 674o CVE-2010-0728: 675 In Samba releases 3.5.0, 3.4.6 and 3.3.11, new code 676 was added to fix a problem with Linux asynchronous IO handling. 677 This code introduced a bad security flaw on Linux platforms if the 678 binaries were built on Linux platforms with libcap support. 679 The flaw caused all smbd processes to inherit CAP_DAC_OVERRIDE 680 capabilities, allowing all file system access to be allowed 681 even when permissions should have denied access. 682 683 684Changes since 3.5.0 685------------------- 686 687 688o Jeremy Allison <jra@samba.org> 689 * BUG 7222: Fix for CVE-2010-0728. 690 691 692###################################################################### 693Reporting bugs & Development Discussion 694####################################### 695 696Please discuss this release on the samba-technical mailing list or by 697joining the #samba-technical IRC channel on irc.freenode.net. 698 699If you do report problems then please try to send high quality 700feedback. If you don't provide vital information to help us track down 701the problem then you will probably be ignored. All bug reports should 702be filed under the Samba 3.5 product in the project's Bugzilla 703database (https://bugzilla.samba.org/). 704 705 706====================================================================== 707== Our Code, Our Bugs, Our Responsibility. 708== The Samba Team 709====================================================================== 710 711 712---------------------------------------------------------------------- 713 714 715 ============================= 716 Release Notes for Samba 3.5.0 717 March 1, 2010 718 =============================== 719 720 721This is the first stable release of Samba 3.5. 722 723 724Major enhancements in Samba 3.5.0 include: 725 726General changes: 727o Add support for full Windows timestamp resolution 728o The Using Samba HTML book has been removed. 729o 'net', 'smbclient' and libsmbclient can use credentials cached by Winbind. 730o The default value of "wide links" has been changed to "no". 731 732Protocol changes: 733o Experimental implementation of SMB2 734 735Printing Changes: 736o Add encryption support for connections to a CUPS server 737 738Winbind changes: 739o Major refactoring 740o Asynchronous 741 742VFS modules: 743o New vfs_scannedonly module has been added. 744 745 746General changes: 747================ 748 749Support for full Windows timestamp resolution has been added. This effectively 750makes us use Windows' full 100ns timestamp resolution if supported by the 751kernel (2.6.22 and higher) and the glibc (2.6 and higher). 752 753The Using Samba HTML book has been removed from the Samba tarball. 754It is still available at http://www.samba.org/samba/docs/using_samba/toc.html. 755 756Samba client tools like 'net', 'smbclient' and libsmbclient can use the user 757credentials cached by Winbind at logon time. This is very useful e.g. when 758connecting to a Samba server using Nautilus without re-entering username and 759password. This feature is enabled by default and can be disabled per application 760by setting the LIBSMBCLIENT_NO_CCACHE environment variable. 761 762The default value of "wide links" has been changed to "no" to avoid an insecure 763default configuration ("wide links = yes" and "unix extensions = yes"). For 764more details, please see http://www.samba.org/samba/news/symlink_attack.html. 765 766 767Protocol changes 768================ 769 770An EXPERIMENTAL implementation of the SMB2 protocol has been added. SMB2 can be 771enabled by setting "max protocol = smb2". SMB2 is a new implementation of the 772SMB protocol used by Windows Vista and higher. 773 774Printing Changes 775================ 776 777A new parameter "cups encrypt" has been added to control whether connections to 778CUPS servers will be encrypted or not. The default is to use unencrypted 779connections. 780 781Winbind changes 782=============== 783 784The Winbind daemon has been refactored internally to be asynchronous. The new 785Winbind will not be blocked by running 'getent group' or 'getent passwd'. 786 787VFS modules 788=========== 789 790A new VFS module "scannedonly" has been added. This is a filter that 791talks to an antivirus-engine and stores whether a file is clean or not. 792Users do only see clean files on their filesystem. 793 794 795###################################################################### 796Changes 797####### 798 799smb.conf changes 800---------------- 801 802 Parameter Name Description Default 803 -------------- ----------- ------- 804 805 create krb5 conf New yes 806 ctdb timeout New 0 807 cups encrypt New no 808 debug hires timestamp Changed Default yes 809 ldap deref New auto 810 ldap follow referral New auto 811 nmbd bind explicit broadcast New no 812 wide links Changed Default no 813 814 815New configure options 816--------------------- 817 818--enable-external-libtdb Enable external tdb 819--enable-netapi Turn on netapi support 820--enable-pthreadpool Enable pthreads pool helper support 821--with-cifsumount Include umount.cifs (Linux only) support 822--with-codepagedir=DIR Where to put codepages 823 824 825Commit Highlights 826================= 827 828o Bj��rn Jacke <bj@sernet.de> 829 * Add support for full Windows timestamp resolution. 830 * Add encryption support for connections to a CUPS server. 831 832 833o Volker Lendecke <vl@samba.org> 834 * Major internal refactoring of the Winbind daemon. 835 * Make Winbind asynchronous. 836 * Make 'net', 'smbclient' and libsmbclient use the logon credentials cached 837 by Winbind. 838 839 840o Stefan Metzmacher <metze@samba.org> 841 * Implement the new SMB2 protocol (experimental). 842 843 844Changes since 3.5.0rc3 845---------------------- 846 847 848o G��nther Deschner <gd@samba.org> 849 * BUG 7181: Fix 'net ads dns' usage calls. 850 * BUG 7182: Fix uninitialized variable in wkssvc_enumerateusers. 851 852 853o Volker Lendecke <vl@samba.org> 854 * BUG 7145: Fix duplicate sam and unix accounts. 855 * BUG 7166: Avoid calling cli_alloc_mid twice in cli_smb_req_iov_send. 856 857 858o Stefan Metzmacher <metze@samba.org> 859 * BUG 7160: Keep the the correct negotiate_flags on the cli->dc structure. 860 861 862Changes since 3.5.0rc2 863---------------------- 864 865 866o Jeremy Allison <jra@samba.org> 867 * BUG 6557: Fix vfs_full_audit. 868 * BUG 6876: Fix duplicate initializer in the rmdir module. 869 * BUG 7063: Fix core dump on Ubuntu 8.04 64 bit. 870 * BUG 7067: Fix failing of smbd to respond to a read or a write caused by 871 Linux asynchronous IO (aio). 872 * BUG 7069: Fix 'smbget' error status. 873 * BUG 7072: Fix unlocking of accounts from ldap. 874 * BUG 7079 Cliconnect gets realm wrong with trusted domains. 875 * BUG 7081: Fix vfs_expand_msdfs. 876 * BUG 7084: Fix storing of create time on directories in an EA in new 877 create time code. 878 * BUG 7104: "wide links" and "unix extensions" are incompatible. 879 * BUG 7118: Fix nmbd problems with socket address. 880 * BUG 7122: Fix reading of large browselist. 881 * BUG 7154: "mangling method = hash" can crash storing a name containing a '.'. 882 * BUG 7155: Valgrind Conditional jump or move depends on uninitialised 883 value(s) error when "mangling method = hash".. 884 885 886o Steven Danneman <steven.danneman@isilon.com> 887 * BUG 7096: Fix string buffer overflow causing heap corruption in smbd. 888 889 890o G��nther Deschner <gd@samba.org> 891 * BUG 6888: Fix printing with 64 bit clients. 892 * BUG 7130: Fix listing of printjobs in Windows 7. 893 * BUG 7148: Fix get_acl_blob in the acl_tdb VFS module. 894 895 896o Bj��rn Jacke <bj@sernet.de> 897 * BUG 7103: Fix build issue on Tru64. 898 * BUG 7116: Change ldap filter to what really was intended. 899 * Fix some wrong newlines in de translation strings. 900 901 902o Jeff Layton <jlayton@redhat.com> 903 * BUG 6868: Fix crash bug in 'cifs.upcall'. 904 905 906o Volker Lendecke <vl@samba.org> 907 * BUG 7085: Fix an early release of the global lock that can cause data 908 corruption in libtdb. 909 * BUG 7139: Owner of file not available with Kerberos. 910 911 912o Stefan Metzmacher <metze@samba.org> 913 * BUG 6888: Fix printing with 64 bit clients. 914 * BUG 7098: Fix results of 'smbclient -L' with a large browse list. 915 * BUG 7116: Add pdb_ldap performance fixes. 916 * BUG 7118: Add new "nmbd bind explicit broadcast" parameter. 917 * BUG 7119: Support large browselist. 918 * BUG 7140: Fix IPv4/IPv6 problems. 919 920 921o Lars M��ller <lars@samba.org> 922 * BUG 7071: Fix build of 'smbfilter'. 923 * BUG 7047: Add cross option to samba_cv_linux_getgrouplist_ok. 924 * BUG 7102: Normalize "Changing password for" msg IDs and STRs. 925 926 927o Olivier Sessink <olivier@virtscano.fakenet> 928 * BUG 7076: Fix build of vfs_scannedonly on AIX. 929 930 931o Bo Yang <boyang@samba.org> 932 * BUG 7106: Fix malformed require_membership_of_sid. 933 934 935 936Changes since 3.5.0rc1 937---------------------- 938 939 940o Michael Adam <obnox@samba.org> 941 * BUG 4347: Check password history before increasing "badPasswordCount". 942 943 944o Jeremy Allison <jra@samba.org> 945 * BUG 5202: Fix changing of ACLs on writable file with "dos filemode=yes". 946 * BUG 6876: Fix deletion of an object whose parent folder does not have delete 947 rights fails even if the delete right is set on the object in 948 vfs_acl_xattr and vfs_acl_tdb. 949 * BUG 7033: Fix SMBrmdir error message when deleting a directory fails. 950 * BUG 7036: Fix 'net rpc getsid' in hardened Windows environments. 951 * BUG 7045: Fix bad (non memory copying) interfaces in smbc_setXXXX calls. 952 953 954o Giovanni Bajo <rasky@develer.com> 955 * BUG 7029: Disable sanity check in NetShareEnum for better compatibility 956 with Windows. 957 958 959o Kai Blin <kai@samba.org> 960 * BUG 7039: Fix compile error with WITH_DNS_UPDATE. Update .po files. 961 962 963o G��nther Deschner <gd@samba.org> 964 * BUG 7043: Fix crash bug in libsmbclient. 965 966 967o Andr�� Hentschel <nerv@dawncrow.de> 968 * BUG 7039: Complete German translation of 'net'. 969 970 971o Bj��rn Jacke <bj@sernet.de> 972 * BUG 7039: Improve some German translations in 'net'. 973 974 975o William Jojo <w.jojo@hvcc.edu> 976 * BUG 7052: Fix DFS on AIX. 977 978 979o Volker Lendecke <vl@samba.org> 980 * BUG 6981: Fix large paged search with DirX LDAP servers. 981 * BUG 7027: Fix a segfault in winbindd_dual_ccache_ntlm_auth(). 982 * BUG 7037: Fix a Winbind segfault in "trusted_domains". 983 * BUG 7046: Fix libsmbclient crash against OpenSolaris CIFS server. 984 * BUG 7062: Make 'net', 'smbclient' and libsmbclient use the logon 985 credentials cached by Winbind. 986 * Lock down some srvsvc calls according to what w2k3 seems to do. 987 988 989o Stefan Metzmacher <metze@samba.org> 990 * BUG 6157: Restore Samba 3.0.x behavior and use the first "uid" value in 991 pdb_ldap. 992 993 994o SASAJIMA Toshihiro <sasajima_t@jp.fujitsu.com> 995 * BUG 7034: Fix segfault in vfs_cap. 996 997 998o Olivier Sessink <oliviersessink@gmail.com> 999 * BUG 7028: Add new scannedonly VFS module. 1000 1001 1002Changes since 3.5.0pre2 1003----------------------- 1004 1005o Jeremy Allison <jra@samba.org> 1006 * BUG 6837: Fix "Too many open files" when trying to access large number of 1007 files with Windows 7. 1008 * BUG 6939: Fix long filenames when "mangling method" is set to "hash". 1009 * BUG 7020: Fix smbd using 2G memory. 1010 * Ensure dos_mode can return FILE_ATTRIBUTE_NORMAL, then filter the returned 1011 attributes by protocol level. 1012 * Vector correctly through reply_openerror() (which uses the same logic). 1013 * Fix bugs with the full Windows ACL support. 1014 1015 1016o Kai Blin <kai@samba.org> 1017 * Add a few missing gettext calls to the 'net' command. 1018 * Fix up a share type translation and translate some more strings in 'net'. 1019 1020 1021o G��nther Deschner <gd@samba.org> 1022 * Allow to call "pdbedit -N description -u user" without specifiyng "-r". 1023 * Add spoolss_DriverInfo7. 1024 * Fix rpcclient after setprinter IDL fixes. 1025 * Use generated krb5.conf in 'net ads testjoin'. 1026 1027 1028o Jonas Gorski <jonas.gorski+samba@gmail.com> 1029 * BUG 6992: make test for getgrouplist cacheable. 1030 1031 1032o Andr�� Hentschel <nerv@dawncrow.de> 1033 * Add some German translations for the 'net' command. 1034 1035 1036o Suresh Jayaraman <sjayaraman@suse.de> 1037 * Update mount.cifs man page with nounix option. 1038 1039 1040o Volker Lendecke <vl@samba.org> 1041 * Fix _samr_GetAliasMembership for results with 0 rids. 1042 * Fix an error case in cli_negprot. 1043 * Add a lower-cost alternative to wbinfo -t: wbinfo --ping-dc. 1044 * Restore correct timeouts for SMB requests. 1045 * Fix a 64-bit error in libsmb. 1046 * Replace IS_DOMAIN_OFFLINE by a function in Winbind. 1047 * Simplify/cleanup Winbind code. 1048 1049 1050o Kamen Mazdrashki <kamen.mazdrashki@postpath.com> 1051 * Fix write behind memory block in libtalloc. 1052 * Fix result check for getaddrinfo(). 1053 1054 1055o Jim McDonough <jmcd@samba.org> 1056 * BUG 7014: Fix Winbind crash when retrieving empty group members. 1057 1058 1059o Brian Lu <brian.lu@sun.com> 1060 * BUG 6991: Create symbol links to shared libraries. 1061 1062 1063o Stefan Metzmacher <metze@samba.org> 1064 * Add tsocket_address_bsd_sockaddr() and tsocket_address_bsd_from_sockaddr() 1065 to tsocket. 1066 * Always set tdb->tracefd to -1 to be safe on goto fail in libtdb. 1067 * Add TDB_DISALLOW_NESTING and make TDB_ALLOW_NESTING the default behavior. 1068 * Fix standalone 'make installdocs'. 1069 1070 1071o Peter Rosin <peda@lysator.liu.se> 1072 * Output %p as unsigned in snprintf replacement. 1073 1074 1075o Ronnie Sahlberg <ronniesahlberg@gmail.com> 1076 * New attempt at TDB transaction nesting allow/disallow. 1077 1078 1079o Kirill Smelkov <kirr@mns.spb.ru> 1080 * Remove swig stuff from libtdb. 1081 * Reset tdb->fd to -1 in tdb_close() in libtdb. 1082 1083 1084o Simo Sorce <idra@samba.org> 1085 * Change the way mksysms work in libtalloc. 1086 1087 1088o Jelmer Vernooij <jelmer@samba.org> 1089 * Also build and install tdb manpages from standalone tdb. 1090 1091 1092o Bo Yang <boyang@samba.org> 1093 * Fix infinite loop in NCACN_IP_TCP as there is no timeout. 1094 * Make winbindd_cache.c aware of domain offline to avoid unnecessary backend 1095 query. 1096 * List trusted domains from wcache when domain is offline. 1097 1098 1099Changes since 3.5.0pre1 1100----------------------- 1101 1102o Michael Adam <obnox@samba.org> 1103 * Fix the build when no external talloc and tdb are installed. 1104 * Fix detection of CTDB headers on systems without system-libtalloc. 1105 1106 1107o Jeremy Allison <jra@samba.org> 1108 * BUG 6802: A created folder does not properly inherit permissions from 1109 parent in vfs_acl_xattr. 1110 * BUG 6837: "Too many open files" when trying to access large number of 1111 files from Windows 7. 1112 * BUG 6938 : No hook exists to check creation rights when using acl_xattr 1113 module. 1114 * Fix vfs_acl_xattr which was failing to call the NEXT connect function. 1115 * Restructure the ACL code. 1116 * Refactor reply_rmdir to use handle based code. 1117 1118 1119o Dan Cox <dan@wep.net> 1120 * BUG 2350: Add LDAP Alias Dereferencing support. 1121 1122 1123o G��nther Deschner <gd@samba.org> 1124 * BUG 6929: Fix build with recent heimdal. 1125 * Fix several printing issues. 1126 * Fix the build on Mac OS X 10.6.2. 1127 * Fix net and rpcclient after setprinterdataex changes. 1128 * Add full support for level 8 printer drivers. 1129 * Add more spoolss architectures to IDL. 1130 * Fix enumprinter key client and server. 1131 * Fix crash in EnumPrinterDataEx. 1132 1133 1134o Bj��rn Jacke <bj@sernet.de> 1135 * Prefer posix_fallocate for doing "strict allocate". 1136 1137 1138o Matt Kraai <mkraai@beckman.com> 1139 * BUG 6860: Fix shared library build on QNX. 1140 1141 1142o Volker Lendecke <vl@samba.org> 1143 * BUG 6288: SWAT adds a second share when changing parameters of an existing 1144 share. 1145 * BUG 6435: Fix minor memory corruption. 1146 * Restore "fake directory create times" as a share parameter. 1147 * Fix explicit stat64 support. 1148 * Add support for NetWkstaGetInfo 101 and 102. 1149 * Add rpcclient wkssvc_enumerateusers. 1150 * De-deprecate "write cache size" to prevent its removal without a proper 1151 alternative. 1152 * Allow more than 1000 users in BUILTIN\Users. 1153 1154 1155o Jim McDonough <jmcd@samba.org> 1156 * BUG 6967: Prevent glibc error on 'net ads join'. 1157 1158 1159o Lars M��ller <lars@samba.org> 1160 * BUG 6710: Only install the cifs.upcall man page if CIFSUPCALL_PROGS was 1161 set while configure. 1162 1163 1164o Ian Puleston <ipuleston@sonicwall.com> 1165 * Complete support for NetWkstaGetInfo/NetWkstaEnumUsers. 1166 1167 1168o Karolin Seeger <kseeger@samba.org> 1169 * Fix the build of the example VFS modules. 1170 1171 1172o Bo Yang <boyang@samba.org> 1173 * BUG 6879: Fix crash in Winbind. 1174 * Fix crash in free_file_list(). 1175 * Give the user a chance to change password when password will expire soon. 1176 1177 1178###################################################################### 1179Reporting bugs & Development Discussion 1180####################################### 1181 1182Please discuss this release on the samba-technical mailing list or by 1183joining the #samba-technical IRC channel on irc.freenode.net. 1184 1185If you do report problems then please try to send high quality 1186feedback. If you don't provide vital information to help us track down 1187the problem then you will probably be ignored. All bug reports should 1188be filed under the Samba 3.5 product in the project's Bugzilla 1189database (https://bugzilla.samba.org/). 1190 1191 1192====================================================================== 1193== Our Code, Our Bugs, Our Responsibility. 1194== The Samba Team 1195====================================================================== 1196