Samba Changelog

New in version 4.2.1

April 16th, 2015
  • BUG 8905: s3:winbind:grent: Don't stop group enumeration when a group has no gid.
  • BUG 10476: build:wafadmin: Fix use of spaces instead of tabs.
  • BUG 11143: s3-winbind: Fix cached user group lookup of trusted domains.
  • BUG 10016: s3: lib: ntlmssp: If NTLMSSP_NEGOTIATE_TARGET_INFO isn't set, cope with servers that don't send the 2 unused fields.
  • BUG 10888: s3: client: "client use spnego principal = yes" code checks wrong name.
  • BUG 11079: s3: lib: libsmbclient: If reusing a server struct, check every cli->timout miliseconds if it's still valid before use.
  • BUG 11173: s3: libcli: smb1: Ensure we correctly finish a tevent req if the writev fails in the SMB1 case.
  • BUG 11175: Fix lots of winbindd zombie processes on Solaris platform.
  • BUG 11177: s3: libsmbclient: Add missing talloc stackframe.
  • BUG 11135: backupkey: Explicitly link to gnutls and gcrypt.
  • BUG 11174: backupkey: Use ndr_pull_struct_blob_all().
  • BUG 11125: vfs_fruit: Enhance handling of malformed AppleDouble files.
  • BUG 9791: Initialize dwFlags field of DNS_RPC_NODE structure.
  • BUG 11169: docs/idmap_rid: Remove deprecated base_rid from example.
  • BUG 10476: waf: Fix the build on openbsd.
  • BUG 11144: talloc: Version 2.1.2.
  • BUG 11164: s4:auth/gensec_gssapi: Let gensec_gssapi_update() return NT_STATUS_LOGON_FAILURE for unknown errors.
  • BUG 11149: Update libwbclient version to 0.12.
  • BUG 11018: spoolss: Retrieve published printer GUID if not in registry.
  • BUG 11135: replace: Remove superfluous check for gcrypt header.
  • BUG 11180: s4-process_model: Do not close random fds while forking.
  • BUG 11185: s3-passdb: Fix 'force user' with winbind default domain.
  • BUG 11153: brlock: Use 0 instead of empty initializer list.
  • BUG 11092: lib: texpect: Fix the build on Solaris.
  • BUG 11140: libcli/auth: Match Declaration of netlogon_creds_cli_context_tmp with implementation.
  • BUG 11137: Backport subunit changes.

New in version 4.2.0 (March 6th, 2015)

  • Transparent File Compression
  • Previous File Versions with Snapper
  • Winbindd/Netlogon improvements
  • Winbindd use on the Samba AD DC
  • Winbind now requires secured connections
  • Larger IO sizes for SMB2/3 by default
  • SMB2 leases
  • Improved DCERPC man in the middle detection
  • Overhauled "net idmap" command
  • tdb improvements
  • Messaging improvements
  • Clustering support
  • Samba Registry Editor
  • Bad Password Lockout in the AD DC
  • Correct defaults in the smb.conf manpages
  • Consistent behaviour between samba-tool testparm and testparm
  • VFS WORM module
  • vfs_fruit, a VFS module for OS X clients
  • smbclient archival improvements

New in version 4.1.17 (February 23rd, 2015)

  • This is a security release in order to address CVE-2015-0240 (Unexpected code execution in smbd).
  • CVE-2015-0240: All versions of Samba from 3.5.0 to 4.2.0rc4 are vulnerable to an unexpected code execution vulnerability in the smbd file server daemon.
  • A malicious client could send packets that may set up the stack in such a way that the freeing of memory in a subsequent anonymous netlogon packet could allow execution of arbitrary code. This code would execute with root privileges.
  • Changes since 4.1.16:
  • BUG 11077: CVE-2015-0240: talloc free on uninitialized stack pointer in netlogon server could lead to security vulnerability.
  • BUG 11077: CVE-2015-0240: s3-netlogon: Make sure we do not deference a NULL pointer.

New in version 4.1.15 (January 12th, 2015)

  • BUG 10966: libcli: SMB2: Pure SMB2-only negprot fix to make us behave as a Windows client does.
  • BUG 10982 s3: smbd/modules: Fix *allocate* calls to follow POSIX error return convention.
  • BUG 9629: Fix profiles tool.
  • BUG 11006: idl:drsuapi: Manage all possible lengths of drsuapi_DsBindInfo.
  • BUG 9056: pam_winbind: Fix warn_pwd_expire implementation.
  • BUG 10952: s4-rpc: dnsserver: Fix enumeration of IPv4 and IPv6 addresses.
  • BUG 9299: nsswitch: Fix soname of linux nss_*.so.2 modules.
  • BUG 10949: s4:dsdb/rootdse: Expand extended dn values with the AS_SYSTEM control.
  • BUG 10958: s3:smb2_server: Allow reauthentication without signing.
  • BUG 11006: Fix 'domain join' by adding 'drsuapi.DsBindInfoFallBack' attribute 'supported_extensions'.
  • BUG 11006: Fix 'domain join' by adding 'drsuapi.DsBindInfoFallBack' attribute 'supported_extensions'.
  • BUG 11034: winbind: Retry LogonControl RPC in ping-dc after session expiration.
  • BUG 10279: s3-lib: Do not require a password with --use-ccache.
  • BUG 10960: s3-smbclient: Return success if we listed the shares.
  • BUG 10961: s3-smbstatus: Fix exit code of profile output.

New in version 4.1.14 (December 1st, 2014)

  • BUG 10472: Revert buildtools/wafadmin/Tools/perl.py back to upstream state.
  • BUG 10711: nmbd fails to accept "--piddir" option.
  • BUG 10896: s3-nmbd: Fix netbios name truncation.
  • BUG 10904: s3: libsmbclient-smb2. MacOSX 10 SMB2 server doesn't set STATUS_NO_MORE_FILES when handed a non-wildcard path.
  • BUG 10920: s3: nmbd: Ensure NetBIOS names are only 15 characters stored.
  • BUG 10942: Cleanup add_string_to_array and usage.
  • BUG 10898: spoolss: Fix handling of bad EnumJobs levels.
  • BUG 10905: spoolss: Fix jobid in level 3 EnumJobs response.
  • BUG 10620: s4-dns: Add support for BIND 9.10.
  • BUG 10835: nss_winbind: Add getgroupmembership for FreeBSD.
  • BUG 10932: pdb_tdb: Fix a TALLOC/SAFE_FREE mixup.
  • BUG 10472: pidl/wscript: Remove --with-perl-* options.
  • BUG 10921: s3:smbd: Fix file corruption using "write cache size != 0".
  • BUG 10889: vfs_glusterfs: Remove "integer fd" code and store the glfs pointers.
  • BUG 10933: s3-keytab: Fix keytab array NULL termination.
  • BUG 10880: S3: source3/smbd/process.c::srv_send_smb() returns true on the error path.

New in version 4.1.13 (October 20th, 2014)

  • BUG 10809: s3:smbd:open_file: Use a more natural check.
  • BUG 10717: s3: winbindd: Old NT Domain code sets struct winbind_domain->alt_name to be NULL. Ensure this is safe with modern AD-DCs.
  • BUG 10779: pthreadpool: Slightly serialize jobs.
  • BUG 10809: s3: smbd: Open logic fix.
  • BUG 10830: s3: nmbd: Ensure the main nmbd process doesn't create zombies.
  • BUG 10831: s3: lib: Signal handling - ensure smbrun and change password code save and restore existing SIGCHLD handlers.
  • BUG 10848: s3: smb2cli: Query info return length check was reversed.
  • BUG 9984: s3-libnet: Make sure we do not overwrite precreated SPNs.
  • BUG 10814: docs: Mention incompatibility between kernel oplocks and streams_xattr.
  • BUG 10735: Fix unstrcpy.
  • BUG 10797: s3: smbd: streams - Ensure share mode validation ignores internal opens (op_mid == 0).
  • BUG 10813: vfs_media_harmony: Fix a crash bug.
  • BUG 10860: registry: Don't leave dangling transactions.
  • BUG 10826: s3-winbindd: Use correct realm for trusted domains in idmap child.
  • BUG 10837: idmap_rfc2307: Fix a crash after connection problem to DC.
  • BUG 10838: s3-winbindd: Do not use domain SID from LookupSids for Sids2UnixIDs call.
  • BUG 9984: s3-libnet: Add libnet_join_get_machine_spns().
  • BUG 9985: s3-libads: Add all machine account principals to the keytab.
  • BUG 10816: nmbd: Send waiting status to systemd.
  • BUG 10817: libcli: Fix a segfault calling smbXcli_req_set_pending() on NULL.
  • BUG 10824: nsswitch: Skip groups we were not able to map.

New in version 4.1.12 (September 8th, 2014)

  • BUG 10369: build: Fix configure to honour '--without-dmapi'.
  • BUG 10737: s3:idmap: Don't log missing range config if range checking not requested.
  • BUG 10741: Fix flapping VFS gpfs offline bit.
  • BUG 3204: s3: winbindd: On new client connect, prune idle or hung connections older than "winbind request timeout". Add new parameter "winbind request timeout".
  • BUG 10640: lib: tevent: make TEVENT_SIG_INCREMENT atomic.
  • BUG 10650: Make "case sensitive = True" option working with "max protocol = SMB2" or higher in large directories.
  • BUG 10716: Fix smbd crashes when filename contains non-ascii character.
  • BUG 10728: 'net time': Fix usage and core dump.
  • BUG 10773: s3: smbd: POSIX ACLs. Remove incorrect check for SECINFO_PROTECTED_DACL in incoming security_information flags in posix_get_nt_acl_common().
  • BUG 10794: vfs_dirsort: Fix an off-by-one error that can cause uninitialized memory read.
  • BUG 10543: s3: Enforce a positive allocation_file_size for non-empty files.
  • BUG 10466: provision: Correctly provision the SOA record minimum TTL.
  • BUG 10652: Samba 4 consuming a lot of CPU when re-reading printcap info.
  • BUG 10787: dosmode: Fix FSCTL_SET_SPARSE request validation.
  • BUG 10742: s4-rpc: dnsserver: Allow . to be specified for @ record.
  • BUG 10731: sys_poll_intr: Fix timeout arithmetic.
  • BUG 10778: s3:libsmb: Set a max charge for SMB2 connections.
  • BUG 10716: lib: strings: Simplify strcasecmp.
  • BUG 10758: lib: Remove unused nstrcpy.
  • BUG 10782: smbd: Properly initialize mangle_hash.
  • BUG 9831: s4:setup/dns_update_list: make use of the new substitution variables.
  • BUG 10723: Allow netr_ServerReqChallenge() and netr_ServerAuthenticate3() on different connections.
  • BUG 10749: s4-rpc: dnsserver: Handle updates of tombstoned dnsNode objects.
  • BUG 10751: s4-rpc: dnsserver: return DNS_RANK_NS_GLUE recors when explicitly asked for.
  • BUG 10773: libcli/security: Add better detection of SECINFO_[UN]PROTECTED_[D|S]ACL in get_sec_info().
  • BUG 10761: docs: Fix typos in smb.conf (inherit acls).
  • BUG 10755: samba: Retain case sensitivity of cifs client.
  • BUG 9570: passdb: Fix NT_STATUS_NO_SUCH_GROUP.
  • BUG 10759: Fix a memory leak in cli_set_mntpoint().
  • BUG 10777: Don't discard result of checking grouptype.

New in version 4.1.11 (August 1st, 2014)

  • Samba 4.1.11 and 4.0.21 are security releases in order to address CVE-2014-3560 (Remote code execution in nmbd).

New in version 4.1.10 (July 29th, 2014)

  • BUG 10693: Backport ldb-1.1.17 + changes from master.
  • BUG 10587: s3: libsmbclient: Work around bugs in SLES cifsd and Apple smbx SMB1 servers.
  • BUG 10653: Samba won't start on a machine configured with only IPv4.
  • BUG 10671: s3: smbd: Prevent file truncation on an open that fails with share mode violation.
  • BUG 10673: s3: SMB2: Fix leak of blocking lock records in the database.
  • BUG 10684: SMB1 blocking locks can fail notification on unlock, causing client timeout.
  • BUG 10685: s3: smbd: Locking, fix off-by one calculation in brl_pending_overlap().
  • BUG 10692: wbcCredentialCache fails if challenge_blob is not first.
  • BUG 10693: lib/ldb: Fix compiler warnings.
  • BUG 8077: dbcheck: Add check and test for various invalid userParameters values.
  • BUG 8449: Simple use case results in "no talloc stackframe around, leaking memory" error.)
  • BUG 10130: dsdb: Always store and return the userParameters as a array of LE 16-bit values.
  • BUG 10582: dsdb: Rename private_data to rootdse_private_data in rootdse.
  • BUG 10627: rid_array used before status checked - segmentation fault due to null pointer dereference.
  • BUG 10693: ldb: make the successful ldb_transaction_start() message clearer.
  • BUG 10694: dsdb: Return NO_SUCH_OBJECT if a basedn is a deleted object.
  • BUG 10700: Backport access check related fixes from master.
  • BUG 10674: samba-tool: Add --site parameter to provision command.
  • BUG 10693: Fix SEGV from improperly formed SUBSTRING/PRESENCE filter.
  • BUG 10693: ldb: Do not build libldb-cmdline when using system ldb.
  • BUG 10693: s4-openldap: Remove use of talloc_reference in ldb_map_outbound.c
  • BUG 3263: net/doc: Make clear that net vampire is for NT4 domains only.
  • BUG s3: Fix missing braces in nfs4_acls.c.
  • BUG 10593: Fix "PANIC: assert failed at ../source3/smbd/open.c(1582): ret".
  • BUG 10663: msg_channel: Fix a 100% CPU loop.
  • BUG 10671: s3: smbd: Prevent file truncation on an open that fails with share mode violation.
  • BUG 10680: smbstatus: Fix an uninitialized variable.
  • BUG 10687: 'RW2' smbtorture test fails when -N is set to 2 due to the invalid status check in the second client.
  • BUG 10693: ldb: Fix 1138330 Dereference null return value, fix CIDs 241329, 240798, 1034791, 1034792 1034910, 1034910).
  • BUG 10699: smbd: Avoid double-free in get_print_db_byname.
  • BUG 8077: s4:dsdb/samldb: Don't allow 'userParameters' to be modified over LDAP for now.
  • BUG 9763: s4:dsdb/repl_meta_data: Make sure objectGUID can't be deleted.
  • BUG 10469: ldb-samba: fix a memory leak in ldif_canonicalise_objectCategory().
  • BUG 10294: s4:repl_meta_data: fix array assignment in replmd_process_linked_attribute().
  • BUG 10536: dbchecker: Verify and fix broken dn values.
  • BUG 10692: wbcCredentialCache fails if challenge_blob is not first.
  • BUG 10693: ldb:pyldb: Add some more helper functions for LdbDn.
  • BUG 10694: s4:dsdb/extended_dn_in: Don't force DSDB_SEARCH_SHOW_RECYCLED.
  • BUG 10696: Backport autobuild/selftest fixes from master.
  • BUG 10706: s3:smb2_read: let smb2_sendfile_send_data() behave like send_file_readX().
  • BUG 10693: pyldb: Decrement ref counters on py_results and quiet warnings.
  • BUG 10698: Backport drs-crackname fixes from master.
  • BUG 10693: ldb: Use of NULL pointer bugfix.
  • BUG 10703: Backport provision fixes from master.
  • BUG 10693: ldb: Add a env variable to disable RTLD_DEEPBIND.

New in version 4.1.9 (June 23rd, 2014)

  • This is a security release in order to address CVE-2014-0244 (Denial of service - CPU loop) and CVE-2014-3493 (Denial of service - Server crash/memory corruption).

New in version 4.1.8 (June 3rd, 2014)

  • BUG 10548: build: Fix ordering problems with lib-provided and internal RPATHs.
  • BUG 3124: s3: smb2: Fix 'xcopy /d' with samba shares.
  • BUG 10544: s3: lib/util: Fix logic inside set_namearray loops.
  • BUG 10564: Fix lock order violation and file lost.
  • BUG 10577: Fix wildcard unlink to fail if we get an error rather than trying to continue.
  • BUG 10569: dsdb: Do checks for invalid renames in samldb, before repl_meta_data.
  • BUG 10239: s3: nmbd: Reset debug settings after reading config file.
  • BUG 10544: s3: lib/util: set_namearray reads across end of namelist
  • BUG 10556: lib-util: Rename memdup to smb_memdup and fix all callers.
  • BUG 10609: CVE-2014-0239: dns: Don't reply to replies.
  • BUG 10517: Use exit_daemon() to communicate status of startup to systemd.
  • BUG 10590: byteorder: Do not assume PowerPC is big-endian.
  • BUG 10612: printing: Fix purge of all print jobs.
  • BUG 10524: Fix adding NetApps.
  • BUG 10547: idmap_autorid: Fix failure in reverse lookup if ID is from domain range index #0.
  • BUG 10472: script/autobuild: Make use of '--with-perl-{arch,lib}-install-dir'.
  • BUG 10554: Fix read of deleted memory in reply_writeclose()'.
  • BUG 10151: Extra ':' in msg for Waf Cross Compile Build System with Cross-answers command.
  • BUG 10348: Fix empty body in if-statement in continue_domain_open_lookup.
  • BUG 10549: CVE-2014-0178: Malformed FSCTL_SRV_ENUMERATE_SNAPSHOTS response.
  • BUG 10472: wafsamba: Fix the installation on FreeBSD.

New in version 4.0.18 (May 28th, 2014)

  • BUG 10548: build: Fix ordering problems with lib-provided and internal RPATHs.
  • BUG 10577: SMB1 wildcard unlink fail can leave a retry record on the open retry queue.
  • BUG 10564: Fix lock order violation and file lost.
  • BUG 10239: s3-nmbd: Reset debug settings after reading config file.
  • BUG 10544: s3-lib/util: set_namearray reads across end of namelist string.
  • BUG 10556: lib-util: Rename memdup to smb_memdup and fix all callers.
  • BUG 10609: CVE-2014-0239: dns: Don't reply to replies.
  • BUG 10590: byteorder: Do not assume PowerPC is big-endian.
  • BUG 10472: script/autobuild: Make use of '--with-perl-{arch,lib}-install-dir'.
  • BUG 10554: Fix read of deleted memory in reply_writeclose()'.
  • UG 10151: Extra ':' in msg for Waf Cross Compile Build System with Cross-answers command.
  • BUG 10348: Fix empty body in if-statement in continue_domain_open_lookup.
  • BUG 10549: CVE-2014-0178: Malformed FSCTL_SRV_ENUMERATE_SNAPSHOTS response.
  • BUG 10472: wafsamba: Fix the installation on FreeBSD.

New in version 4.0.17 (April 15th, 2014)

  • BUG 9878: Make "force user" work as expected.
  • BUG 9942: Fix problem with server taking too long to respond to a MSG_PRINTER_DRVUPGRADE message.
  • BUG 9993: s3-printing: Fix obvious memory leak in printer_list_get_printer().
  • BUG 10344: SessionLogoff on a signed connection with an outstanding notify request crashes smbd.
  • BUG 10431: Fix STATUS_NO_MEMORY response from Query File Posix Lock request.
  • BUG 10508: smbd: Correctly add remote users into local groups.
  • BUG 10534: Cleanup messages.tdb record after unclean smbd shutdown.
  • BUG 9911: Fix build on AIX with IBM XL C/C++ (gettext detection issues).
  • BUG 10308: Fix String Conversion Errors with Samba 4.1.0 Build on AIX 7.1.
  • smbd: Split create_conn_struct into a fn that does not change the working dir.
  • BUG 10458: Fix 'wbinfo -i' with one-way trust.
  • s3:rpc_server: Minor refactoring of process_request_pdu().
  • BUG 10471: Don't respond with NXDOMAIN to records that exist with another type.
  • BUG 10504: lsa.idl: Define lsa.ForestTrustCollisionInfo and ForestTrustCollisionRecord as public structs.
  • BUG 10439: Increase max netbios name components.
  • BUG 10188: doc: Add "spoolss: architecture" parameter usage.
  • BUG 10484: Initial FSRVP rpcclient requests fail with NT_STATUS_PIPE_NOT_AVAILABLE.
  • BUG 10387: 'net ads search' on high latency networks can return a partial list with no error indication.
  • BUG 10344: SessionLogoff on a signed connection with an outstanding notify request crashes smbd.
  • BUG 10422: max xmit > 64kb leads to segmentation fault.
  • BUG 10444: smbd_server_connection_terminate("CTDB_SRVID_RELEASE_IP") panics from within ctdbd_migrate() with invalid lock_order.
  • BUG 10464: samba4 services not binding on IPv6 addresses causing connection delays.
  • tevent: Fix crash bug in tevent_queue_immediate_trigger().
  • BUG 10378: dfs: Always call create_conn_struct with root privileges.
  • BUG 10472: pidl: waf should have an option for the dir to install perl files and do not glob.
  • BUG 10474: s3-spoolssd: Don't register spoolssd if epmd is not running.
  • BUG 10481: s3-rpc_server: Fix handling of fragmented rpc requests.
  • BUG 10506: Make 'smbreadline' build with readline 6.3.

New in version 4.1.6 (March 12th, 2014)

  • These are security releases in order to address CVE-2013-4496 (Password lockout not enforced for SAMR password changes) and CVE-2013-6442 (smbcacls will remove the ACL on a file or directory when changing owner or group owner.).

New in version 4.1.5 (February 21st, 2014)

  • BUG 10259: Make shadow_copy2 module working with Windows 7.
  • BUG 2662: Make revamped directory handling code 64bit clean.
  • BUG 10320: s3: smbpasswd: Fix crashes on invalid input.
  • BUG 10358: Fix 100% CPU utilization in winbindd when trying to free memory in winbindd_reinit_after_fork.
  • BUG 10406: s3: vfs_dirsort module: Allow dirsort to work when multiple simultaneous directories are open.
  • BUG 10429: s3: modules: streaminfo: As we have no VFS function SMB_VFS_LLISTXATTR we can't cope with a symlink when lp_posix_pathnames() is true.
  • BUG 10087: ntlm_auth sometimes returns the wrong username to mod_ntlm_auth_winbind.
  • BUG 10418: Fix INTERNAL ERROR: Signal 11 in the kdc pid.
  • BUG 10418: Add support for Heimdal's unified krb5 and hdb plugin system.
  • BUG 10384: vfs/glusterfs: In case atime is not passed, set it to the current atime.
  • BUG 10424: vfs_btrfs: Fix incorrect zero length server-side copy request handling.
  • BUG 2191: s3-winbind: Improve performance of wb_fill_pwent_sid2uid_done().
  • BUG 10415: smbd: Fix memory overwrites.
  • BUG 10436: smbd: Fix an ancient oplock bug.
  • BUG 10442: Fix crash bug in smb2_notify code.
  • BUG 10367: Fix several memory leaks.
  • BUG 10418: Cope with first element in hdb_method having a different name in different heimdal versions.

New in version 4.0.15 (February 18th, 2014)

  • BUG 10259: Make shadow_copy2 module working with Windows 7.
  • BUG 10087: ntlm_auth sometimes returns the wrong username to mod_ntlm_auth_winbind.
  • BUG 2662: Make revamped directory handling code 64bit clean.
  • BUG 10358: Fix 100% CPU utilization in winbindd when trying to free memory in winbindd_reinit_after_fork.
  • BUG 10429: s3: modules: streaminfo: As we have no VFS function SMB_VFS_LLISTXATTR we can't cope with a symlink when lp_posix_pathnames() is true.
  • BUG 0280: s3:winbindd: Fix use of uninitialized variables.
  • BUG 10418: Fix INTERNAL ERROR: Signal 11 in the kdc pid.
  • BUG 10418: Add support for Heimdal's unified krb5 and hdb plugin system.
  • BUG 2191: s3-winbind: Improve performance of wb_fill_pwent_sid2uid_done().
  • BUG 10415: smbd: Fix memory overwrites.
  • BUG 10436: smbd: Fix an ancient oplock bug.
  • BUG 10442: Fix crash bug in smb2_notify code.
  • BUG 10418: Cope with first element in hdb_method having a different name in different heimdal versions.

New in version 4.1.4 (January 10th, 2014)

  • BUG 9870: smbd: Allow updates on directory write times on open handles.
  • BUG 10260: smbclient shows no error if deleting a directory with del failed.
  • BUG 10297: smbd: Fix writing to a directory with -wx permissions on a share.
  • BUG 10305: ldb: bad if test in ldb_comparison_fold().
  • BUG 10276: Fix waf build error on AIX with IBM XL C/C++.
  • BUG 10280: s3:winbindd fix use of uninitialized variables.
  • BUG 10281: Fix typos in man pages.
  • BUG 10285: s3-winbindd: Fix DEBUG statement in winbind_msg_offline().
  • BUG 10262: s3-libnetjoin: Use upper-case realm when composing default upn.
  • BUG 10281: Fix numerous typos in man pages.
  • BUG 10271: Send correct job-ID in print job notifications.
  • BUG 10337: vfs_glusterfs: Enable per client log file.
  • BUG 10250: smbd: Fix a talloc hierarchy problem in msg_channel.
  • BUG 10284: smbd: Fix segfaults.
  • BUG 10297: smbd: Fix writing to a directory with -wx permissions on a share.
  • BUG 10311: Fix SMB2 server panic when a smb2 brlock times out.
  • BUG 10298: Reduce smb2_server processing overhead.
  • BUG 10267: Fix printing via local printer drivers with Windows 8.
  • BUG 10310: Fix AIO with SMB2 and locks.
  • BUG 2191: Fix %G/%g substitution in 'template homedir'.
  • BUG 10274: Fix several issues and warnings from analyzer tools.
  • BUG 10286: s3-lib: Fix %G substitution for domain users in smbd.

New in version 4.0.14 (January 8th, 2014)

  • BUG 9870: smbd: Allow updates on directory write times on open handles.
  • BUG 10305: ldb: Fix bad if test in ldb_comparison_fold().
  • BUG 10320: s3:smbpasswd: Fix crashes on invalid input.
  • BUG 10271: Send correct job-ID in print job notifications.
  • BUG 10250: smbd: Fix a talloc hierarchy problem in msg_channel.
  • BUG 10284: smbd: Fix segfault.
  • BUG 10297: smbd: Fix writing to a directory with -wx permissions on a share.
  • BUG 10311: Fix SMB2 server panic when a smb2 brlock times out.
  • BUG 10298: Reduce smb2_server processing overhead.
  • BUG 10330: s3:configure: Require tevent >= 0.9.18 as external library.
  • BUG 10267: spoolss: Accept XPS_PASS datatype used by Windows 8.
  • BUG 10310: Fix AIO with SMB2 and locks.
  • BUG 2191: Fix substution of %G/%g in 'template * homedir'.

New in version 3.6.22 (December 11th, 2013)

  • BUG 10139: Valid utf8 filenames cause "invalid conversion error" messages.
  • BUG 10167: s3-smb2 server: smb2 breaks "smb encryption = mandatory".
  • BUG 10187: Missing talloc_free can leak stackframe in error path.
  • BUG 10247: xattr: Fix listing EAs on *BSD for non-root users.
  • BUG 10118: Raise debug level for being unable to open a printer.
  • BUG 10195: nsswitch: Fix short writes in winbind_write_sock.
  • BUG 10267: Fix Windows 8 printing via local printer drivers.
  • BUG 10194: Make offline logon cache updating for cross child domain group membership.

New in version 4.0.13 (December 10th, 2013)

  • CVE-2013-4408:
  • Samba versions 3.4.0 and above (versions 3.4.0 - 3.4.17, 3.5.0 - 3.5.22, 3.6.0 - 3.6.21, 4.0.0 - 4.0.12 and including 4.1.2) are vulnerable to buffer overrun exploits in the client processing of DCE-RPC packets. This is due to incorrect checking of the DCE-RPC fragment length in the client code.
  • This is a critical vulnerability as the DCE-RPC client code is part of the winbindd authentication and identity mapping daemon, which is commonly configured as part of many server installations (when joined to an Active Directory Domain). A malicious Active Directory Domain Controller or man-in-the-middle attacker impersonating an Active Directory Domain Controller could achieve root-level access by compromising the winbindd process.
  • Samba server versions 3.4.0 - 3.4.17 and versions 3.5.0 - 3.5.22 are also vulnerable to a denial of service attack (server crash) due to a similar error in the server code of those versions.
  • Samba server versions 3.6.0 and above (including all 3.6.x versions, all 4.0.x versions and 4.1.x) are not vulnerable to this problem.
  • In addition range checks were missing on arguments returned from calls to the DCE-RPC functions LookupSids (lsa and samr), LookupNames (lsa and samr) and LookupRids (samr) which could also cause similar problems.
  • As this was found during an internal audit of the Samba code there are no currently known exploits for this problem (as of December 9th 2013).
  • CVE-2012-6150:
  • Winbind allows for the further restriction of authenticated PAM logins using the require_membership_of parameter. System administrators may specify a list of SIDs or groups for which an authenticated user must be a member of. If an authenticated user does not belong to any of the entries, then login should fail. Invalid group name entries are ignored.
  • Samba versions 3.3.10, 3.4.3, 3.5.0 and later incorrectly allow login from authenticated users if the require_membership_of parameter specifies only invalid group names.
  • This is a vulnerability with low impact. All require_membership_of group names must be invalid for this bug to be encountered.

New in version 4.1.3 (December 9th, 2013)

  • CVE-2013-4408:
  • Samba versions 3.4.0 and above (versions 3.4.0 - 3.4.17, 3.5.0 - 3.5.22, 3.6.0 - 3.6.21, 4.0.0 - 4.0.12 and including 4.1.2) are vulnerable to buffer overrun exploits in the client processing of DCE-RPC packets. This is due to incorrect checking of the DCE-RPC fragment length in the client code.
  • This is a critical vulnerability as the DCE-RPC client code is part of the winbindd authentication and identity mapping daemon, which is commonly configured as part of many server installations (when joined to an Active Directory Domain). A malicious Active Directory Domain Controller or man-in-the-middle attacker impersonating an Active Directory Domain Controller could achieve root-level access by compromising the winbindd process.
  • Samba server versions 3.4.0 - 3.4.17 and versions 3.5.0 - 3.5.22 are also vulnerable to a denial of service attack (server crash) due to a similar error in the server code of those versions.
  • Samba server versions 3.6.0 and above (including all 3.6.x versions, all 4.0.x versions and 4.1.x) are not vulnerable to this problem.
  • In addition range checks were missing on arguments returned from calls to the DCE-RPC functions LookupSids (lsa and samr), LookupNames (lsa and samr) and LookupRids (samr) which could also cause similar problems.
  • As this was found during an internal audit of the Samba code there are no currently known exploits for this problem (as of December 9th 2013).
  • CVE-2012-6150:
  • Winbind allows for the further restriction of authenticated PAM logins using the require_membership_of parameter. System administrators may specify a list of SIDs or groups for which an authenticated user must be a member of. If an authenticated user does not belong to any of the entries, then login should fail. Invalid group name entries are ignored.
  • Samba versions 3.3.10, 3.4.3, 3.5.0 and later incorrectly allow login from authenticated users if the require_membership_of parameter specifies only invalid group names.
  • This is a vulnerability with low impact. All require_membership_of group names must be invalid for this bug to be encountered.

New in version 3.6.21 (November 30th, 2013)

  • BUG 10139: Valid utf8 filenames cause "invalid conversion error" messages.
  • BUG 10167: s3-smb2 server: smb2 breaks "smb encryption = mandatory".
  • BUG 10187: Missing talloc_free can leak stackframe in error path.
  • BUG 10247: xattr: Fix listing EAs on *BSD for non-root users.
  • BUG 10118: Raise debug level for being unable to open a printer.
  • BUG 10195: nsswitch: Fix short writes in winbind_write_sock.
  • BUG 10267: Fix Windows 8 printing via local printer drivers.
  • BUG 10194: Make offline logon cache updating for cross child domain group membership.

New in version 4.1.2 (November 22nd, 2013)

  • BUG 10187: Missing talloc_free can leak stackframe in error path.
  • BUG 10196: RW Deny for a specific user is not overriding RW Allow for a group.
  • BUG 10224: vfs_glusterfs: Implement proper mashalling/unmarshalling of ACLs.
  • BUG 10052: dfs_server: Use dsdb_search_one to catch 0 results as well as NO_SUCH_OBJECT errors.
  • BUG 9091: s4-dns: dlz_bind9: Create dns-HOSTNAME account disabled.
  • BUG 10264: s3-winbindd: Fix cache_traverse_validate_fn failure for NDR cache entries.
  • BUG 10224: vfs_glusterfs: Fix excessive debug output from vfs_gluster_open().
  • BUG 10247: xattr: Fix listing EAs on *BSD for non-root users.
  • BUG 10190: Fix memset used with constant zero length parameter.
  • BUG 10195: nsswitch: Fix short writes in winbind_write_sock.
  • BUG 10193: s4:dsdb/rootdse: report 'dnsHostName' instead of 'dNSHostName'.
  • BUG 10232: libcli/smb: Fix smb2cli_ioctl*() against Windows 2008.
  • BUG 10224: VFS plugin was sending the actual size of the volume instead of the total number of block units because of which windows was getting the wrong volume capacity.
  • BUG 10194: Make offline logon cache updating for cross child domain group membership.
  • BUG 10269: util: Remove 32bit macros breaking strict aliasing.
  • BUG 10253: Fix the build of vfs_glusterfs.

New in version 4.0.12 (November 20th, 2013)

  • BUG 10187: Missing talloc_free can leak stackframe in error path.
  • BUG 10196: RW Deny for a specific user is not overriding RW Allow for a group.
  • BUG 10052: Use dsdb_search_one to catch 0 results as well as NO_SUCH_OBJECT errors.
  • BUG 9091: s4-dns: dlz_bind9: Create dns-HOSTNAME account disabled.
  • BUG 10264: s3-winbind: Fix cache_traverse_validate_fn failure for NDR cache entries.
  • BUG 10247: xattr: Fix listing EAs on *BSD for non-root users.
  • BUG 10195: nsswitch: Fix short writes in winbind_write_sock.
  • BUG 9905: ldap_server: Register name and pid at startup.
  • BUG 10193: s4:dsdb/rootdse: report 'dnsHostName' instead of 'dNSHostName'.
  • BUG 10232: libcli/smb: fix smb2cli_ioctl*() against Windows 2008.
  • BUG 10132: pam_winbindd: Add support for the KEYRING ccache type.
  • BUG 10194: winbind: Offline logon cache not updating for cross child domain group membership.
  • BUG 10269: util: Remove 32bit macros breaking strict aliasing.

New in version 3.6.20 (November 13th, 2013)

  • This is a security release in order to address CVE-2013-4475 (ACLs are not checked on opening an alternate data stream on a file or directory).

New in version 4.0.11 (November 12th, 2013)

  • This is a security release in order to address CVE-2013-4475 (ACLs are not checked on opening an alternate data stream on a file or directory) and CVE-2013-4476 (Private key in key.pem world readable).

New in version 4.1.1 (November 11th, 2013)

  • This is a security release in order to address CVE-2013-4475 (ACLs are not checked on opening an alternate data stream on a file or directory) and CVE-2013-4476 (Private key in key.pem world readable).

New in version 4.1.0 (October 12th, 2013)

  • Client tools support SMB2/3
  • Samba 4.1.0 contains the first release of our client tools and client library that work over the new protocols SMB2 or SMB3. Note that SMB3 only works either to a Samba server version 4.0.0 or above, or to a Windows Server running Windows 2012 or Windows 8. The default protocol for smbclient and smbcacls is still SMB1 (the NT1 protocol dialect). An SMB2 or SMB3 connection can be selected in one of two ways. The easiest way to test the new protocol connection is to add the -mMAX_PROTOCOL command line switch to either smbclient or smbcacls. For example, to connect using SMB3 with smbclient a user would type: smbclient //server/share -Uuser%password -mSMB3 Another example of connecting using SMB2 using smbcacls would be: smbcacls //server/share -Uuser%password -mSMB2 filename Note that when connecting using SMB2 or SMB3 protocols the UNIX extensions are no longer available inside the smbclient command set. This is due to UNIX extensions not yet being defined for the SMB2 or SMB3 protocols. The second way to select SMB2 or SMB3 connections is to set the "client max protocol" parameter in the [global] section of your smb.conf. Setting this parameter will cause all client connections from Samba and its client tools to offer the requested max protocol to a server on every connection request. For example, to cause all client tools (including winbindd, rpcclient, and the libsmbclient library) to attempt use SMB3 by default add the line: client max protocol = SMB3 to the [global] section of your smb.conf. This has not been as widely tested as the -mPROTOCOL options, but is intended to work correctly in the final release of 4.1.0.
  • Encrypted transport:
  • Although Samba servers have supported encrypted transport connections using the UNIX extensions for many years, selecting SMB3 transport allows encrypted transport connections to Windows servers that support SMB3, as well as Samba servers. In order to enable this, add the "-e" option to the smbclient command line. For example, to connect to a Windows 2012 server over SMB3 and select an encrypted transport you would use the following command line: smbclient //Win2012Server/share -Uuser%password -mSMB3 -e
  • Directory database replication (AD DC mode):
  • Directory replication has been reworked in order to improve the correctness and efficiency. As a net effect of it, replication with other domain controllers with a heavily modified schema is now possible (ie. Windows 2012 DCs or other Windows DC with exchange installed) and replication didn't fail anymore in such environments.
  • Server-Side Copy Support:
  • Samba 4.1.0 adds support for server-side copy operations via the SMB2 FSCTL_SRV_COPYCHUNK request. Clients making use of server-side copy support, such as Windows Server 2012, should experience considerable performance improvements for file copy operations, as file data need not traverse the network. This feature is enabled by default on the smbd file server.
  • Btrfs Filesystem Integration:
  • The Btrfs VFS module provided with Samba 4.1.0 further improves the performance of server-side copy operations on shares backed by a Btrfs filesystem. It does so by allowing multiple files to share the same on-disk extents, avoiding the unnecessary duplication of source and destination file data during a server-side copy operation. This feature can be explicitly enabled on smbd shares backed by a Btrfs filesystem with the smb.conf parameter: vfs objects = btrfs

New in version 4.0.10 (October 8th, 2013)

  • BUG 10134: Ease file server upgrades from 3.6 and earlier with "acl allow execute always".
  • BUG 10169: Fix build error in scavenger.c.
  • BUG 5917: Make Samba work on site with Read Only Domain Controller.
  • BUG 9166: Starting smbd or nmbd with stdin from /dev/null results in "EOF on stdin".
  • BUG 10063: source3/lib/util.c:1493 leaking memory w/ pam_winbind.so / winbind.
  • BUG 10121: Masks incorrectly applied to UNIX extension permission changes.
  • BUG 10139: Valid utf8 filenames cause "invalid conversion error" messages.
  • BUG #9911 - Build Samba 4.0.x on AIX with IBM XL C/C++.
  • BUG 8077: dsdb: Convert the full string from UTF16 to UTF8, including embedded NULLs.
  • BUG 9091: When replicating DNS for bind9_dlz we need to create the server-DNS account remotely.
  • BUG 9461: python-samba-tool fsmo: Do not give an error on a successful role transfer.
  • BUG 9615: s3-winbindd: fix fallback to ncacn_np in cm_connect_lsat().
  • BUG 9899: s3-winbindd: fix fallback to ncacn_np in cm_connect_lsat().
  • BUG 10147: Better document potential implications of a globally used "valid users".
  • BUG 10118: Samba is chatty about being unable to open a printer.
  • BUG 9599: samba-tool/dns: Pass on additional flags when creating zones.
  • BUG 10086: smbd: Fix async echo handler forking.
  • BUG 10106: Honour output buffer length set by the client for SMB2 GetInfo requests.
  • BUG 10114: Dropbox (write-only-directory) case isn't handled correctly in pathname lookup.
  • BUG 10138: smbd: Clean up share modes after hard crash.
  • BUG 10162: Fix POSIX ACL mapping when setting DENY ACE's from Windows.
  • BUG 9802: Move gencache.tdb to /var/cache/samba.
  • BUG 10030: ::1 added to nameserver on join.
  • BUG 10158: NetBIOS related samba process consumes 100% CPU.
  • BUG 10137: vfs_shadow_copy2 does not display previous versions correctly over SMB2.
  • BUG 10076: docs: Fix variable list in man vfs_crossrename.
  • BUG 10097 - MacOSX 10.9 will not follow path-based DFS referrals handed out by Samba.
  • BUG 10106: Honour output buffer length set by the client for SMB2 GetInfo requests.

New in version 4.1.0 RC4 (September 27th, 2013)

  • BUG 10107: Fix Winbind crashes on DC with trusted AD domains.
  • BUG 5917: Fix working on site with Read Only Domain Controller.
  • BUG 9974: Add SMB2 and SMB3 support for smbclient.
  • BUG 10063: Fix memory leak in source3/lib/util.c:1493.
  • BUG 10121: Masks incorrectly applied to UNIX extension permission changes.
  • BUG 9911: Build Samba 4.0.x on AIX with IBM XL C/C++.
  • BUG 9091: When replicating DNS for bind9_dlz we need to create the server-DNS account remotely.
  • BUG 9615: Winbind unable to retrieve user information from AD.
  • BUG 9899: winbind_lookup_names() fails because of NT_STATUS_CANT_ACCESS_DOMAIN_INFO.
  • BUG 10107: Fix Winbind crashes on DC with trusted AD domains.
  • BUG 10086: smbd: Fix async echo handler forking.
  • BUG 10106: Honour output buffer length set by the client for SMB2 GetInfo requests.
  • BUG 10114: Handle Dropbox (write-only-directory) case correctly in pathname lookup.
  • BUG 10030: ::1 added to nameserver on join.
  • BUG 10000: Add man pages for ntdb tools.
  • BUG 7364: Add man page for vfs_syncops.
  • BUG 7490: Add man page for vfs_linux_xfs_sgid.
  • BUG 10001: Add man page for samba-regedit tool.
  • BUG 10076: Fix variable list in vfs_crossrename man page.
  • BUG 10073: Fix segmentation fault in 'net ads join'.
  • BUG 10082: s3-winbind: Fix a segfault passing NULL to a fstring argument.
  • BUG 10097: MacOSX 10.9 will not follow path-based DFS referrals handed out by Samba.
  • BUG 10106: Honour output buffer length set by the client for SMB2 GetInfo requests.

New in version 3.6.19 (September 26th, 2013)

  • BUG 5917: Make Samba work on site with Read Only Domain Controller.
  • BUG 8955: NetrServerPasswordSet2 timeout is too short.
  • BUG 9899: Fix fallback to ncacn_np in cm_connect_lsat().
  • BUG 9615: Fix fallback to ncacn_np in cm_connect_lsat().
  • BUG 10127: Fix 'smbstatus' as non-root user.
  • BUG 8955: Give machine password changes 10 minutes of time.
  • BUG 10106: Honour output buffer length set by the client for SMB2 GetInfo requests.
  • BUG 10114: Handle Dropbox (write-only-directory) case correctly in pathname lookup.
  • BUG 10076: Fix variable list in man vfs_crossrename.
  • BUG 9994: s3-winbind: Do not delete an existing valid credential cache.
  • BUG 10073: 'net ads join': Fix segmentation fault in create_local_private_krb5_conf_for_domain.
  • BUG 10097: MacOSX 10.9 will not follow path-based DFS referrals handed out by Samba.

New in version 4.1.0 RC3 (September 12th, 2013)

  • Client tools support SMB2/3
  • Encrypted transport
  • Directory database replication (AD DC mode)
  • Server-Side Copy Support
  • Btrfs Filesystem Integration
  • The Samba Web Administration Tool (SWAT) has been removed.

New in version 4.0.9 (August 20th, 2013)

  • BUG 9930: smbd: Cleanup disonnected durable handles.
  • BUG 9992: Fix Windows error 0x800700FE when copying files with xattr names containing ":".
  • BUG 10064: Linux kernel oplock breaks can miss signals.
  • BUG 9820: Fix crash of Winbind after "ls -l /usr/local/samba/var/locks/sysvol".
  • BUG 10014: Fix excessive RID allocation.
  • BUG 10003: s3-lib: Fix segmentation fault while reading incomplete session info.
  • BUG 9678: Windows 8 Roaming profiles fail.
  • BUG 9930: smbd: Cleanup disonnected durable handles.
  • BUG 10015: Add debugclass for DNS server.
  • BUG 9779: Add UPN enumeration to passdb internal API.
  • BUG 10043: Allow to change the default location for Kerberos credential caches.
  • BUG 10073: net ads join: Fix segmentation fault in create_local_private_krb5_conf_for_domain.
  • BUG 10013: smbd: Fix a 100% loop at shutdown time.
  • BUG 9820: Fix crash of Winbind after "ls -l /usr/local/samba/var/locks/sysvol".
  • BUG 10003: s3-lib: Fix segmentation fault while reading incomplete session info.
  • BUG 10015: Fix/improve debug options.
  • BUG 9970: vfs_streams_xattr: Do not attempt to write empty attribute twice.
  • BUG 9994: s3-winbind: Do not delete an existing valid credential cache.
  • BUG 10073: net ads join: Fix segmentation fault in create_local_private_krb5_conf_for_domain.
  • BUG 10064: Linux kernel oplock breaks can miss signals.

New in version 3.6.18 (August 14th, 2013)

  • BUG 9777: vfs_dirsort uses non-stackable calls, dirfd(), malloc instead of talloc and doesn't cope with directories being modified whilst reading.
  • BUG 9678: Windows 8 Roaming profiles fail.
  • BUG 9636: Fix parsing linemarkers in preprocessor output.
  • BUG 9880: Use of wrong RFC2307 primary group field.
  • BUG 9983: Fix output of syslog-facility check.
  • BUG 10064: Linux kernel oplock breaks can miss signals.

New in version 4.1.0 RC2 (August 9th, 2013)

  • Directory database replication (AD DC mode):
  • Directory replication has been reworked in order to improve the correctness and efficiency. As a net effect of it, replication with other domain controllers with a heavily modified schema is now possible (ie. Windows 2012 DCs or other Windows DC with exchange installed) and replication didn't fail anymore in such environments.
  • Server-Side Copy Support:
  • Samba 4.1.0 adds support for server-side copy operations via the SMB2 FSCTL_SRV_COPYCHUNK request. Clients making use of server-side copy support, such as Windows Server 2012, should experience considerable performance improvements for file copy operations, as file data need not traverse the network. This feature is enabled by default on the smbd file server.
  • Btrfs Filesystem Integration:
  • The Btrfs VFS module provided with Samba 4.1.0 further improves the performance of server-side copy operations on shares backed by a Btrfs filesystem. It does so by allowing multiple files to share the same on-disk extents, avoiding the unnecessary duplication of source and destination file data during a server-side copy operation.
  • This feature can be explicitly enabled on smbd shares backed by a Btrfs filesystem with the smb.conf parameter: vfs objects = btrfs

New in version 3.5.22 (August 5th, 2013)

  • This is a security release in order to address CVE-2013-4124 (Samba 3.0.x to 4.0.7 are affected by a denial of service attack on authenticated or guest connections).

New in version 3.6.17 (August 5th, 2013)

  • This is a security release in order to address CVE-2013-4124 (Samba 3.0.x to 4.0.7 are affected by a denial of service attack on authenticated or guest connections).

New in version 4.0.8 (August 5th, 2013)

  • This is a security release in order to address CVE-2013-4124 (Samba 3.0.x to 4.0.7 are affected by a denial of service attack on authenticated or guest connections).

New in version 4.0.7 (July 2nd, 2013)

  • BUG 9909: build: Add missing new line to replaced python shebang line.
  • BUG 9794: Fix a core dump with invalid lock order while opening/editing or copying MS files.
  • BUG 9465: s3-rpc_server: Ensure we are root when starting and using gensec.
  • BUG 9906: Doc fixes for 4.0.
  • BUG 9907: Build fixes for 4.0 found during autoconf or debian packaging work.
  • BUG 9967: Fix crash bug from search of mail=.
  • BUG 9968: Fix build with system Heimdal of samba4kgetcred.
  • BUG 9947: Check for netbios aliases in ad_get_referrals.
  • BUG 9485: Add support for MX queries.
  • BUG 9559: dns: Delete dnsNode objects when they are empty.
  • BUG 9632: dns: Support larger queries when asking forwarder.
  • BUG 8997: Change libreplace GPL source to LGPL.
  • BUG 9900: is_printer_published GUID retrieval.
  • BUG 9910: PIE builds not supported.
  • BUG 9941: Fix a bug of drvupgrade of smbcontrol.
  • BUG 9880: Use of wrong RFC2307 primary group field.
  • BUG 9832: winbind4: talloc use after free.
  • BUG 9953: Fix tevent_poll on 32-bit machines (Coverity ID 989236).
  • BUG 9805: s3:lib/server_mutex: Open mutex.tdb with CLEAR_IF_FIRST.
  • BUG 9929: s4:winbind: Don't leak libnet_context into the main event context.
  • BUG 9881: Check for system libtevent.
  • BUG 9964: docs: Avoid mentioning a possibly misleading option.
  • BUG 9888: More generic check for OpenBSD platform.

New in version 3.6.16 (June 20th, 2013)

  • BUG 9881: Link dbwrap_tool and dbwrap_torture against libtevent.
  • BUG 9722: Properly handle Oplock breaks in compound requests.
  • BUG 9822: Fix crash bug during Win8 sync.
  • BUG 9927: errno gets overwritten in call to check_parent_exists().
  • BUG 8997: Change libreplace GPL source to LGPL.
  • BUG 9900: is_printer_published GUID retrieval.
  • BUG 9941: Fix a bug of drvupgrade of smbcontrol.
  • BUG 9868: Don't know how to make LIBNDR_PREG_OBJ.
  • BUG 9688: Remove "experimental" label on "max protocol=SMB2" parameter.
  • BUG 9881: Check for system libtevent.

New in version 4.0.6 (May 21st, 2013)

  • Jeremy Allison:
  • BUG 9412: SMB2 server doesn't support recvfile.
  • BUG 9722: Properly handle oplock breaks in compound requests.
  • BUG 9777: vfs_dirsort uses non-stackable calls, dirfd(), malloc instead of talloc and doesn't cope with directories being modified whilst reading.
  • BUG 9811: Old DOS SMB CTEMP request uses a non-VFS function to access the filesystem.
  • BUG 9822: Fix crash during Win8 sync.
  • Anand Avati:
  • BUG 9833: Function called in unix_convert() path can overwrite errno.
  • Andrew Bartlett:
  • BUG 9785: Use specified python for runtime installation of Samba.
  • BUG 9834: Fix segfault when loging in with wrong password from w2k8r2.
  • Alexander Bokovoy:
  • BUG 9767: Fix 'net ads join' when called via stdin.
  • David Disseldorp:
  • BUG 9807: wbinfo: Fix segfault in wbinfo_pam_logon.
  • BUG 9830: Fix panic in nt_printer_publish_ads.
  • Volker Lendecke:
  • BUG 9775: Fix segfault for "artificial" conn_structs in vfs_fake_perms.
  • BUG 9809: Package new dbwrap_tool man page.
  • BUG 9824: SMB signing and the async echo responder don't work together.
  • BUG 9832: talloc use after free in winbind4.
  • BUG 9854: Fix NULL pointer dereference in Winbind.
  • BUG 9868: Fix making LIBNDR_PREG_OBJ.
  • Stefan Metzmacher:
  • BUG 9545: Fix the build of vfs_notify_fam.
  • BUG 9803: Change '--with-dmapi' to 'default=auto' to match the autoconf build.
  • BUG 9804: wafsamba: Display the default value in help for SAMBA3_ADD_OPTION.
  • BUG 9382: Add support for PFC_FLAG_OBJECT_UUID when parsing packets.
  • Andreas Schneider:
  • BUG 9139: Fix the username map optimization.
  • BUG 9699: Fix adding case sensitive spn.
  • BUG 9766: Cache name_to_sid/sid_to_name correctly.
  • BUG 9817: Fix 'map untrusted to domain' with NTLMv2.
  • Richard Sharpe:
  • BUG 9722: Properly handle oplock breaks in compound requests.
  • Ralph Wuerthner:
  • BUG 9782: Fix panic when running 'smbtorture smb.base'.

New in version 3.6.15 (May 9th, 2013)

  • BUG 9746: Fix "guest ok", "force user" and "force group" for guest users.
  • BUG 9830: Fix panic in nt_printer_publish_ads.
  • BUG 9854: Fix crash bug in Winbind.
  • BUG 9817: Fix 'map untrusted to domain' with NTLMv2.

New in version 3.6.14 (April 30th, 2013)

  • Jeremy Allison:
  • BUG 9130: Certain xattrs cause Windows error 0x800700FF.
  • BUG 9724: Use is_encrypted_packet() function correctly inside server.
  • BUG 9733: Fix 'smbcontrol close-share' is not working.
  • BUG 9747: Make sure that we only propogate the INHERITED flag when we are allowed to.
  • BUG 9748: Remove unneeded fstat system call from hot read path.
  • BUG 9811: Fix bug in old create temp SMB request. Only use VFS functions.
  • David Disseldorp:
  • BUG 9650: New or deleted CUPS printerqueues are not recognized by Samba.
  • BUG 9807: wbinfo: Fix segfault in wbinfo_pam_logon.
  • Volker Lendecke:
  • BUG 9727: wkssvc: Fix NULL pointer dereference.
  • BUG 9736: smbd: Tune "dir" a bit.
  • BUG 9775: Fix segfault for "artificial" conn_structs.
  • BUG 9809: RHEL SPEC: Package dbwrap_tool man page.
  • Andreas Schneider:
  • BUG 9139: Fix the username map optimization.
  • BUG 9699: Fix adding case sensitive spn.
  • BUG 9723: Add a tool to migrate latin1 printing tdbs to registry.
  • BUG 9735: Fix Winbind separator in upn to username conversion.
  • BUG 9766: Cache name_to_sid/sid_to_name correctly.

New in version 4.0.5 (April 9th, 2013)

  • BUG 9617: libnss-winbindd does not provide pass struct for groups mapped with ID_TYPE_BOTH and vice versa.
  • BUG 9653: idmap_autorid: Fix freeing of non-talloced memory.
  • BUG 9711: s4:winbindd: Do not drop the workgroup name in the getgrnam, getgrent and getgrgid calls.
  • BUG 9130: Certain xattrs cause Windows error 0x800700FF.
  • BUG 9519: Samba returns unexpected error on SMB posix open.
  • BUG 9642: Fix the build of vfs_afsacl.
  • BUG 9695: Backport tevent changes to bring library to version 0.9.18.
  • BUG 9706: Fix large reads/writes from some Linux clients.
  • BUG 9724: is_encrypted_packet() function incorrectly used inside server.
  • BUG 9733: Fix 'smbcontrol close-share'.
  • BUG 9748: Remove unneeded fstat system call from hot read path.
  • BUG 9760: Fix incorrect parsing of SMB2 command codes.
  • BUG 9643: Fix the build with --fake-kaserver.
  • BUG 9644: Fix compile of source3/lib/afs.c.
  • BUG 9669: Fix crash in 'net rpc join' against a Samba 3.0.33 PDC.
  • BUG 9666: Fix filtering of link-local addresses.
  • BUG 9663: 'make test' hangs.
  • BUG 9697: DsReplicaGetInfo fails due to sendto() EMSGSIZE error on UNIX domain socket.
  • BUG 9703: Fix build on solaris8: Do not force a specific perl on pod2man.
  • BUG 9717: Set LD_LIBRARY_PATH in install_with_python.sh.
  • BUG 9718: s4-idmap: Remove requirement that posixAccount or posixGroup be set for rfc2307.
  • BUG 9719: Allow forcing an override of an old @MODULES record.
  • BUG 9720: Do not print the admin password during 'samba-tool classicupgrade'.
  • BUG 9721: Make samba_upgradedns more robust (do not guess addresses when just changing roles).
  • BUG 9725: upgradeprovision and 'samba-tool dbcheck' patches for 4.0.NEXT.
  • BUG 9728: DO NOT install samba_upgradeprovision in 4.0.x.
  • BUG 9739: PIDL: Build fixes for hosts without CPP (Solaris 11).
  • BUG 9740: Add 'samba-tool dbcheck --reset-well-known-acls'.
  • BUG 9267: Can't delegate adding computers to domain.
  • BUG 9636: PIDL: Fix parsing linemarkers in preprocessor output.
  • BUG 9639: Rename internal subsystem pdb_ldap to pdb_ldapsam.
  • BUG 9646: Make SMB2_GETINFO multi-volume aware.
  • BUG 9633: Recursive mget should continue on EPERM.
  • BUG 9656: Work around FreeBSD's getaddrinfo() underscore issue.
  • BUG 9696: Remove incomplete samba_dnsupdate IPv6 link-local address check.
  • BUG 9697: Handle EMSGSIZE on UNIX domain sockets.
  • BUG 7825: Fix GNU ld version detection with old gcc releases.
  • BUG 9039: Never try to map global SAM name.
  • BUG 9701: Fix vfs_catia and update documentation.
  • BUG 9695: Backport tevent changes to bring library to version 0.9.18.
  • BUG 9727: Fix NULL pointer dereference.
  • BUG 9736: Change to smbd/dir.c code gives significant performance increases on large directory listings.
  • BUG 9557: Fix build on AIX.
  • BUG 9625: Reauth-capable client fails to access shares on Windows member.
  • BUG 9695: Backport tevent changes to bring library to version 0.9.18.
  • BUG 9706: Parameter is incorrect on Android.
  • BUG 9664: Fix correct linking of libreplace with cmdline-credentials.
  • BUG 9683: Fix several resource (fd) leaks.
  • BUG 9685: Fix a memory leak in spoolss rpc server.
  • BUG 9686: Fix a possible buffer overrun in pdb_smbpasswd.
  • BUG 9687: Fix several possible null pointer dereferences.
  • BUG 9723: Add a tool to migrate latin1 printing tdbs to registry.
  • BUG 9735: Fix Winbind separator in upn to username conversion.
  • BUG 9758: Don't leak the epm_Map policy handle.
  • BUG 9674: Samba denies owner Read Control when there is a DENY entry while W2K08 does not.
  • BUG 9689: Make sure that domain joins work correctly when the DC disallows NTLM auth.
  • BUG 9704: Fix nss_winbind name on FreeBSD.
  • BUG 9747: Make sure that we only propogate the INHERITED flag when we are allowed to.

New in version 4.0.4 (March 19th, 2013)

  • This is a security release in order to address CVE-2013-1863 (World-writeable files may be created in additional shares on a Samba 4.0 AD DC).

New in version 3.6.13 (March 19th, 2013)

  • Fix two resource leaks in winbindd (bug #9684).
  • Unlink after open causes smbd to panic (bug #9571).

New in version 4.0.3 (February 6th, 2013)

  • Michael Adam:
  • BUG 9568: Document the command line options in dbwrap_tool(1).
  • Jeremy Allison:
  • BUG 9196: defer_open is triggered multiple times on the same request.
  • BUG 9518: conn->share_access appears not be be reset between users.
  • BUG 9550: sigprocmask does not work on FreeBSD to stop further signals in a signal handler.
  • BUG 9572: Fix file corruption during SMB1 read by Mac OSX 10.8.2 clients.
  • BUG 9586: smbd[29175]: disk_free: sys_popen() failed" message logged in /var/log/message many times.
  • BUG 9587: Archive flag is always set on directories.
  • BUG 9588: ACLs are not inherited to directories for DFS shares.
  • Andrew Bartlett:
  • BUG 8909: Fix ACL problem with delegation of privileges and deletion of accounts over LDAP interface.
  • BUG 9461: FSMO seize of naming role fails: NT_STATUS_IO_TIMEOUT.
  • BUG 9564: Fix compilation of Solaris ACL module.
  • BUG 9581: gensec: Allow login without a PAC by default.
  • BUG 9596: Linked attribute handling should be by GUID.
  • BUG 9598: Use pid,task_id as cluster_id in process_single just like process_prefork.
  • BUG 9609: ldb: Ensure to decrement the transaction_active whenever we delete a transaction.
  • BUG 9609: Add 'ldbdump' tool.
  • BUG 9609: ldb: Remove no-longer-existing ltdb_unpack_data_free from ldb_tdb.h.
  • BUG 9609: ldb: Change ltdb_unpack_data to take an ldb_context.
  • BUG 9610: dsdb: Make secrets_tdb_sync cope with -H secrets.ldb.
  • Björn Baumbach:
  • BUG 9512: wafsamba: Use additional xml catalog file.
  • BUG 9517: samba_dnsupdate: Set KRB5_CONFIG for nsupdate command.
  • BUG 9552: smb.conf(5): Update list of available protocols.
  • BUG 9568: Add dbwrap_tool.1 manual page.
  • BUG 9569: ntlm_auth(1): Fix format and make examples visible.
  • Ira Cooper:
  • BUG 9575: Duplicate flags defined in the winbindd protocol.
  • Gönther Deschner:
  • BUG 9474: Downgrade v4 printer driver requests to v3.
  • BUG 9595: s3-winbind: Fix the build of idmap_ldap.
  • David Disseldorp:
  • BUG 9378: Add extra attributes for AD printer publishing.
  • Stephen Gallagher:
  • BUG 9609: ldb: Move doxygen comments for ldb_connect to the right place.
  • Volker Lendecke:
  • BUG 9541: Make use of posix_openpt.
  • BUG 9544: Fix build of vfs_commit and plug in async pwrite support.
  • BUG 9546: Fix aio_suspend detection on FreeBSD.
  • BUG 9548: Correctly detect O_DIRECT.
  • BUG 9549: smbd: Fix memleak in the async echo handler.
  • Stefan Metzmacher:
  • BUG 8909: Fix ACL problem with delegation of privileges and deletion of accounts over LDAP interface.
  • BUG 9105: check_password_quality: Handle non-ASCII characters properly.
  • BUG 9481: samba_upgradeprovision: fix the nTSecurityDescriptor on more containers.
  • BUG 9499: s3:smb2_negprot: set the 'remote_proto' value.
  • BUG 9508: s4:drsuapi: Make sure we report the meta data from the cycle start.
  • BUG 9540: terminate the irpc_servers_byname() result with server_id_set_disconnected().
  • BUG 9598: Fix timeouts of some IRPC calls.
  • BUG 9609: Fix a warning by converting from TDB_DATA to struct ldb_val.
  • Matthieu Patou:
  • BUG 8909: Add documentation.
  • BUG 9565: Adding additional Samba 4.0 DC to W2k8 srv AD domain (in win200 functional level) produces dbcheck errors.
  • Arvid Requate:
  • BUG 9555: s4-resolve: Fix parsing of IPv6/AAAA in dns_lookup.
  • Rusty Russell:
  • BUG 9609: tdb: Add '-e' option to tdbdump (and document it).
  • BUG 9609: tdb: 'tdbdump' should log errors, and fail in that case.
  • BUG 9609: tdb: Add tdb_rescue() to allow an emergency best-effort dump.
  • Samba-JP oota:
  • BUG 9528: Remove superfluous bracket in samba.8.xml.
  • BUG 9530: Fix typo in vfs_tsmsm.8.xml.
  • Andreas Schneider:
  • BUG 9574: Fix a possible null pointer dereference in spoolss.
  • Karolin Seeger:
  • BUG 9591: Correct meta data in ldb manpages.
  • Pavel Shilovsky:
  • BUG 9571: Fix 'smbd' panic triggered by unlink after open.
  • Andrew Tridgell:
  • BUG 9609: ldb: Fix callers for ldb_pack_data() and ldb_unpack_data().
  • BUG 9609: ldb: move ldb_pack.c into common.
  • Jelmer Vernooij:
  • BUG 9503: waf assumes that pythonX.Y-config is a Python script.

New in version 3.5.21 (January 30th, 2013)

  • This is a security release in order to address CVE-2013-0213 (Clickjacking issue in SWAT) and CVE-2013-0214 (Potential XSRF in SWAT).
  • CVE-2013-0213: All current released versions of Samba are vulnerable to clickjacking in the Samba Web Administration Tool (SWAT). When the SWAT pages are integrated into a malicious web page via a frame or iframe and then overlaid by other content, an attacker could trick an administrator to potentially change Samba settings. In order to be vulnerable, SWAT must have been installed and enabled either as a standalone server launched from inetd or xinetd, or as a CGI plugin to Apache. If SWAT has not been installed or enabled (which is the default install state for Samba) this advisory can be ignored.
  • CVE-2013-0214: All current released versions of Samba are vulnerable to a cross-site request forgery in the Samba Web Administration Tool (SWAT). By guessing a user's password and then tricking a user who is authenticated with SWAT into clicking a manipulated URL on a different web page, it is possible to manipulate SWAT.
  • In order to be vulnerable, the attacker needs to know the victim's password. Additionally SWAT must have been installed and enabled either as a standalone server launched from inetd or xinetd, or as a CGI plugin to Apache. If SWAT has not been installed or enabled (which is the default install state for Samba) this advisory can be ignored.

New in version 3.6.12 (January 30th, 2013)

  • This is a security release in order to address CVE-2013-0213 (Clickjacking issue in SWAT) and CVE-2013-0214 (Potential XSRF in SWAT).
  • CVE-2013-0213: All current released versions of Samba are vulnerable to clickjacking in the Samba Web Administration Tool (SWAT). When the SWAT pages are integrated into a malicious web page via a frame or iframe and then overlaid by other content, an attacker could trick an administrator to potentially change Samba settings. In order to be vulnerable, SWAT must have been installed and enabled either as a standalone server launched from inetd or xinetd, or as a CGI plugin to Apache. If SWAT has not been installed or enabled (which is the default install state for Samba) this advisory can be ignored.
  • CVE-2013-0214: All current released versions of Samba are vulnerable to a cross-site request forgery in the Samba Web Administration Tool (SWAT). By guessing a user's password and then tricking a user who is authenticated with SWAT into clicking a manipulated URL on a different web page, it is possible to manipulate SWAT.
  • In order to be vulnerable, the attacker needs to know the victim's password. Additionally SWAT must have been installed and enabled either as a standalone server launched from inetd or xinetd, or as a CGI plugin to Apache. If SWAT has not been installed or enabled (which is the default install state for Samba) this advisory can be ignored.

New in version 4.0.2 (January 30th, 2013)

  • This is a security release in order to address CVE-2013-0213 (Clickjacking issue in SWAT) and CVE-2013-0214 (Potential XSRF in SWAT).
  • CVE-2013-0213: All current released versions of Samba are vulnerable to clickjacking in the Samba Web Administration Tool (SWAT). When the SWAT pages are integrated into a malicious web page via a frame or iframe and then overlaid by other content, an attacker could trick an administrator to potentially change Samba settings. In order to be vulnerable, SWAT must have been installed and enabled either as a standalone server launched from inetd or xinetd, or as a CGI plugin to Apache. If SWAT has not been installed or enabled (which is the default install state for Samba) this advisory can be ignored.
  • CVE-2013-0214: All current released versions of Samba are vulnerable to a cross-site request forgery in the Samba Web Administration Tool (SWAT). By guessing a user's password and then tricking a user who is authenticated with SWAT into clicking a manipulated URL on a different web page, it is possible to manipulate SWAT.
  • In order to be vulnerable, the attacker needs to know the victim's password. Additionally SWAT must have been installed and enabled either as a standalone server launched from inetd or xinetd, or as a CGI plugin to Apache. If SWAT has not been installed or enabled (which is the default install state for Samba) this advisory can be ignored.

New in version 3.6.11 (January 22nd, 2013)

  • Jeremy Allison:
  • BUG 9196: defer_open is triggered multiple times on the same request.
  • BUG 9550: Mask off signals the correct way from the signal handler.
  • Björn Baumbach:
  • BUG 9569: ntlm_auth.1: Fix format and make examples visible.
  • Tsukasa Hamano:
  • BUG 9471: Fix SEGV when using second vfs module.
  • Volker Lendecke:
  • BUG 9548: Correctly detect O_DIRECT.
  • BUG 9546: Fix aio_suspend detection on FreeBSD.

New in version 4.0.1 (January 15th, 2013)

  • This is a security release in order to address CVE-2013-0172.
  • CVE-2013-0172: Samba 4.0.0 as an AD DC may provide authenticated users with write access to LDAP directory objects.
  • In AD, Access Control Entries can be assigned based on the objectClass of the object. If a user or a group the user is a member of has any access based on the objectClass, then that user has write access to that object.
  • Additionally, if a user has write access to any attribute on the object, they may have access to write to all attributes.
  • An important mitigation is that anonymous access is totally disabled by default. The second important mitigation is that normal users are typically only given the problematic per-objectClass right via the "pre-windows 2000 compatible access" group, and Samba 4.0.0 incorrectly does not make "authenticated users" part of this group.
  • Changes since 4.0.0:
  • Bug 9554 - CVE-2013-0172 - Samba 4.0 as an AD DC may provide authenticated users with write access to LDAP directory objects.

New in version 3.5.20 (December 18th, 2012)

  • This is a bugfix release.

New in version 4.0.0 RC3 (October 26th, 2012)

  • Samba 4.0 supports the server-side of the Active Directory logon environment used by Windows 2000 and later, so we can do full domain join and domain logon operations with these clients.
  • Our Domain Controller (DC) implementation includes our own built-in LDAP server and Kerberos Key Distribution Center (KDC) as well as the Samba3-like logon services provided over CIFS. We correctly generate the infamous Kerberos PAC, and include it with the Kerberos tickets we issue.
  • Samba 4.0.0rc3 ships with two distinct file servers. We now use the file server from the Samba 3.x series 'smbd' for all file serving by default.
  • Samba 4.0 also ships with the 'NTVFS' file server. This file server is what was used in all previous releases of Samba 4.0, and is tuned to match the requirements of an AD domain controller. We continue to support this, not only to provide continuity to installations that have deployed it as part of an AD DC, but also as a running example of the NT-FSA architecture we expect to move smbd to in the longer term.
  • For pure file server work, the binaries users would expect from that series (nmbd, winbindd, smbpasswd) continue to be available. When running an AD DC, you only need to run 'samba' (not nmbd/smbd/winbind), as the required services are co-coordinated by this master binary.
  • As DNS is an integral part of Active Directory, we also provide two DNS solutions, a simple internal DNS server for 'out of the box' configurations and a more elaborate BIND plugin using the BIND DLZ mechanism in versions 9.8 and 9.9. During the provision, you can select which backend to use. With the internal backend, your DNS server is good to go. If you chose the BIND_DLZ backend, a configuration file will be generated for bind to make it use this plugin, as well as a file explaining how to set up bind.
  • To provide accurate timestamps to Windows clients, we integrate with the NTP project to provide secured NTP replies. To use you need to start ntpd and configure it with the 'restrict ... ms-sntp' and ntpsigndsocket options.
  • Finally, a new scripting interface has been added to Samba 4, allowing Python programs to interface to Samba's internals, and many tools and internal workings of the DC code is now implemented in python.

New in version 3.5.16 (July 3rd, 2012)

  • This is a bugfix release in the 3.5 release series.

New in version 3.4.2 (October 2nd, 2009)

  • This is a security release in order to address CVE-2009-2813, CVE-2009-2948 and CVE-2009-2906.

New in version 3.3.6 (June 23rd, 2009)

  • Fix for CVE-2009-1888:
  • In Samba 3.0.31 to 3.3.5 (inclusive), an uninitialized read of a data value can potentially affect access control when "dos filemode" is set to "yes".