Softpedia >Linux >Communications >Filesharing >Samba >  Changelog

Samba Changelog

What's new in Samba 4.4.4

Jun 7, 2016
  • BUG 11809: SMB3 multichannel: Add implementation of missing channel sequence number verification.
  • BUG 11919: smbd:close: Only remove kernel share modes if they had been taken at open.
  • BUG 11930: notifyd: Prevent NULL deref segfault in notifyd_peer_destructor.
  • BUG 10618: s3: auth: Move the declaration of struct dom_sid tmp_sid to function level scope.
  • BUG 10796: s3:rpcclient: Make '--pw-nt-hash' option work.
  • BUG 11354: s3:libsmb/clifile: Use correct value for MaxParameterCount for setting EAs.
  • BUG 11438: Fix case sensitivity issues over SMB2 or above.
  • BUG 1703: s3:libnet:libnet_join: Add netbios aliases as SPNs.
  • BUG 11721: vfs_fruit: Add an option that allows disabling POSIX rename behaviour.
  • BUG 11936: s3-smbd: Support systemd 230.
  • BUG 11907: source3: Honor the core soft limit of the OS.
  • BUG 11809: SMB3 multichannel: Add implementation of missing channel sequence number verification.
  • BUG 11864: s3:client:smbspool_krb5_wrapper: Fix the non clearenv build.
  • BUG 11906: s3-kerberos: Avoid entering a password change dialogue also when using MIT.
  • BUG 11890: ldb-samba/ldb_matching_rules: Fix CID 1349424 - Uninitialized pointer read.
  • BUG 11844: dbwrap_ctdb: Fix ENOENT->NT_STATUS_NOT_FOUND.
  • BUG 11276: Correctly set cli->raw_status for libsmbclient in SMB2 code.
  • BUG 11910: s3:smbd: Fix anonymous authentication if signing is mandatory.
  • BUG 11912: libcli/auth: Let msrpc_parse() return talloc'ed empty strings.
  • BUG 11914: Fix NTLM Authentication issue with squid.
  • BUG 11927: s3:rpcclient: make use of SMB_SIGNING_IPC_DEFAULT.
  • BUG 11530: pdb: Fix segfault in pdb_ldap for missing gecos.
  • BUG 11613: Allow 'samba-tool fsmo' to cope with empty or missing fsmo roles.
  • BUG 11907: packaging: Set default limit for core file size in service files.
  • BUG 11922: s3-net: Convert the key_name to UTF8 during migration.
  • BUG 11935: s3-smbspool: Log to stderr.
  • BUG 11900: heimdal: Encode/decode kvno as signed integer.
  • BUG 11931: s3-quotas: Fix sysquotas_4B quota fetching for BSD.
  • BUG 11937: smbd: dfree: Ignore quota if not enforced.
  • BUG 11907: init: Set core file size to unlimited by default.
  • BUG 11934: Fix memory leak in share mode locking.

New in Samba 4.3.4 (Jan 12, 2016)

  • BUG 11619: doc: Fix a typo in the smb.conf manpage, explanation of idmap config.
  • BUG 11647: s3:smbd: Fix a corner case of the symlink verification.
  • BUG 11624: s3: libsmb: Correctly initialize the list head when keeping a list of primary followed by DFS connections.
  • BUG 11625: Reduce the memory footprint of empty string options.
  • BUG 11659: Update lastLogon and lastLogonTimestamp.
  • BUG 11065: vfs_fruit: Enable POSIX directory rename semantics.
  • BUG 11466: Copying files with vfs_fruit fails when using vfs_streams_xattr without stream prefix and type suffix.
  • BUG 11645: smbd: Make "hide dot files" option work with "store dos attributes = yes".
  • BUG 11639: lib/async_req: Do not install async_connect_send_test.
  • BUG 11394: Crash: Bad talloc magic value - access after free.
  • BUG 11613: samba-tool: Fix uncaught exception if no fSMORoleOwner attribute is given.
  • BUG 11619: docs: Fix some typos in the idmap backend section.
  • BUG 11641: docs: Fix typos in man vfs_gpfs.
  • BUG 11649: smbd: Do not disable "store dos attributes" on-the-fly.

New in Samba 4.3.3 (Dec 17, 2015)

  • CVE-2015-3223 (Denial of service in Samba Active Directory server)
  • CVE-2015-5252 (Insufficient symlink verification in smbd)
  • CVE-2015-5299 (Missing access control check in shadow copy code)
  • CVE-2015-5296 (Samba client requesting encryption vulnerable to downgrade attack)
  • CVE-2015-8467 (Denial of service attack against Windows Active Directory server)
  • CVE-2015-5330 (Remote memory read in Samba LDAP server)

New in Samba 4.3.2 (Dec 2, 2015)

  • BUG 11577: ctdb: Open the RO tracking db with perms 0600 instead of 0000.
  • BUG 11452: s3-smbd: Fix old DOS client doing wildcard delete - gives an attribute type of zero.
  • BUG 11565: auth: gensec: Fix a memory leak.
  • BUG 11566: lib: util: Make non-critical message a warning.
  • BUG 11589: s3: smbd: If EAs are turned off on a share don't allow an SMB2 create containing them.
  • BUG 11615: s3: smbd: have_file_open_below() fails to enumerate open files below an open directory handle.
  • BUG 11562: s4:lib/messaging: Use correct path for names.tdb.
  • BUG 11564: async_req: Fix non-blocking connect().
  • BUG 11243: vfs_gpfs: Re-enable share modes.
  • BUG 11570: smbd: Send SMB2 oplock breaks unencrypted.
  • BUG 11612: winbind: Fix crash on invalid idmap configs.
  • BUG 11584: manpage: Correct small typo error.
  • BUG 11327: dcerpc.idl: Accept invalid dcerpc_bind_nak pdus.
  • BUG 11581: s3:smb2_server: Make the logic of SMB2_CANCEL DLIST_REMOVE() clearer.
  • BUG 9912: Changing log level of two entries to DBG_NOTICE.
  • BUG 11581: s3-smbd: Fix use after issue in smbd_smb2_request_dispatch().
  • BUG 11569: Fix winbindd crashes with samlogon for trusted domain user.
  • BUG 11597: Backport some valgrind fixes from upstream master.
  • BUG 11563: Fix segfault of 'net ads (join|leave) -S INVALID' with nss_wins.
  • BUG 11511: Add libreplace dependency to texpect, fixes a linking error on Solaris.
  • BUG 11512: s4: Fix linking of 'smbtorture' on Solaris.
  • BUG 11608: auth: Consistent handling of well-known alias as primary gid.

New in Samba 4.3.1 (Oct 20, 2015)

  • BUG 10252: s3: smbd: Fix our access-based enumeration on "hide unreadable" to match Windows.
  • BUG 10634: smbd: Fix file name buflen and padding in notify repsonse.
  • BUG 11486: s3: smbd: Fix mkdir race condition.
  • BUG 11522: s3: smbd: Fix opening/creating :stream files on the root share directory.
  • BUG 11535: s3: smbd: Fix NULL pointer bug introduced by previous 'raw'
  • stream fix (bug #11522).
  • BUG 11555: s3: lsa: lookup_name() logic for unqualified (no DOMAIN\ component) names is incorrect.
  • BUG 11535: s3: smbd: Fix a crash in unix_convert().
  • BUG 11543: vfs_fruit: Return value of ad_pack in vfs_fruit.c.
  • BUG 11549: s3:locking: Initialize lease pointer in share_mode_traverse_fn().
  • BUG 11550: s3:smbstatus: Add stream name to share_entry_forall().
  • BUG 11555: s3:lib: Validate domain name in lookup_wellknown_name().
  • BUG 11038: kerberos: Make sure we only use prompter type when available.
  • BUG 11038: winbind: Fix 100% loop.
  • BUG 11053: source3/lib/msghdr.c: Fix compiling error on Solaris.
  • BUG 11316: s3:ctdbd_conn: make sure we destroy tevent_fd before closing the socket.
  • BUG 11515: s4:lib/messaging: Use 'msg.lock' and 'msg.sock' for messaging related subdirs.
  • BUG 11526: lib/param: Fix hiding of FLAG_SYNONYM values.
  • BUG 10365: nss_winbind: Fix hang on Solaris on big groups.
  • BUG 11355: build: Use as-needed linker flag also on OpenBSD.
  • BUG 11509: s3: dfs: Fix a crash when the dfs targets are disabled.
  • BUG 11502: pam_winbind: Fix a segfault if initialization fails.
  • BUG 11528: net: Fix a crash with 'net ads keytab create'.
  • BUG 11547: vfs_commit: set the fd on open before calling SMB_VFS_FSTAT.

New in Samba 4.3.0 (Sep 8, 2015)

  • Logging:
  • The logging code now supports logging to multiple backends. In addition to the previously available syslog and file backends, the backends for logging to the systemd-journal, lttng and gpfs have been added. Please consult the section for the 'logging' parameter in the smb.conf manpage for details.
  • Spotlight:
  • Support for Apple's Spotlight has been added by integrating with Gnome Tracker.
  • For detailed instructions how to build and setup Samba for Spotlight, please see the Samba wiki:
  • New FileChangeNotify subsystem:
  • Samba now contains a new subsystem to do FileChangeNotify. The previous system used a central database, notify_index.tdb, to store all notification requests. In particular in a cluster this turned out to be a major bottleneck, because some hot records need to be bounced back and forth between nodes on every change event like a new created file.
  • The new FileChangeNotify subsystem works with a central daemon per node. Every FileChangeNotify request and every event are handled by an asynchronous message from smbd to the notify daemon. The notify daemon maintains a database of all FileChangeNotify requests in memory and will distribute the notify events accordingly. This database is asynchronously distributed in the cluster by the notify daemons.
  • The notify daemon is supposed to scale a lot better than the previous implementation. The functional advantage is cross-node kernel change notify: Files created via NFS will be seen by SMB clients on other nodes per FileChangeNotify, despite the fact that popular cluster file systems do not offer cross-node inotify.
  • Two changes to the configuration were required for this new subsystem: The parameters "change notify" and "kernel change notify" are not per-share anymore but must be set globally. So it is no longer possible to enable or disable notify per share, the notify daemon has no notion of a share, it only works on absolute paths.
  • New SMB profiling code:
  • The code for SMB (SMB1, SMB2 and SMB3) profiling uses a tdb instead of sysv IPC shared memory. This avoids performance problems and NUMA effects. The profile stats are a bit more detailed than before.
  • Improved DCERPC man in the middle detection for kerberos:
  • The gssapi based kerberos backends for gensec have support for DCERPC header signing when using DCERPC_AUTH_LEVEL_PRIVACY.
  • SMB signing required in winbindd by default:
  • The effective value for "client signing" is required by default for winbindd, if the primary domain uses active directory.
  • Experimental NTDB was removed:
  • The experimental NTDB library introduced in Samba 4.0 has been removed again.
  • Improved support for trusted domains (as AD DC):
  • The support for trusted domains/forests has improved a lot.
  • samba-tool got "domain trust" subcommands to manage trusts:
  • create - Create a domain or forest trust.
  • delete - Delete a domain trust.
  • list - List domain trusts.
  • namespaces - Manage forest trust namespaces.
  • show - Show trusted domain details.
  • validate - Validate a domain trust.
  • External trusts between individual domains work in both ways (inbound and outbound). The same applies to root domains of a forest trust. The transitive routing into the other forest is fully functional for kerberos, but not yet supported for NTLMSSP.
  • While a lot of things are working fine, there are currently a few limitations:
  • - Both sides of the trust need to fully trust each other!
  • - No SID filtering rules are applied at all!
  • - This means DCs of domain A can grant domain admin rights in domain B.
  • - It's not possible to add users/groups of a trusted domain into domain groups.
  • SMB 3.1.1 supported:
  • Both client and server have support for SMB 3.1.1 now.
  • This is the dialect introduced with Windows 10, it improves the secure negotiation of SMB dialects and features.
  • There's also a new optinal encryption algorithm aes-gcm-128, but for now this is only selected as fallback and aes-ccm-128 is preferred because of the better performance. This might change in future versions when hardware encryption will be supported. See https://bugzilla.samba.org/show_bug.cgi?id=11451.
  • New smbclient subcommands:
  • - Query a directory for change notifications: notify
  • - Server side copy: scopy
  • New rpcclient subcommands:
  • netshareenumall - Enumerate all shares
  • netsharegetinfo - Get Share Info
  • netsharesetinfo - Set Share Info
  • netsharesetdfsflags - Set DFS flags
  • netfileenum - Enumerate open files
  • netnamevalidate - Validate sharename
  • netfilegetsec - Get File security
  • netsessdel - Delete Session
  • netsessenum - Enumerate Sessions
  • netdiskenum - Enumerate Disks
  • netconnenum - Enumerate Connections
  • netshareadd - Add share
  • netsharedel - Delete share
  • New modules:
  • idmap_script - see 'man 8 idmap_script'
  • vfs_unityed_media - see 'man 8 vfs_unityed_media'
  • vfs_shell_snap - see 'man 8 vfs_shell_snap'
  • New sparsely connected replia graph (Improved KCC):
  • The Knowledge Consistency Checker (KCC) maintains a replication graph for DCs across an AD network. The existing Samba KCC uses a fully connected graph, so that each DC replicates from all the others, which does not scale well with large networks. In 4.3 there is an experimental new KCC that creates a sparsely connected replication graph and closely follows Microsoft's specification. It is turned off by default. To use the new KCC, set "kccsrv:samba_kcc=true" in smb.conf and let us know how it goes. You should consider doing this if you are making a large new network. For small networks there is little benefit and you can always switch over at a later date.
  • Configurable TLS protocol support, with better defaults:
  • The "tls priority" option can be used to change the supported TLS protocols. The default is to disable SSLv3, which is no longer considered secure.
  • Samba-tool now supports all 7 FSMO roles:
  • Previously "samba-tool fsmo" could only show, transfer or seize the five well-known FSMO roles:
  • Schema Master
  • Domain Naming Master
  • RID Master
  • PDC Emulator
  • Infrastructure Master
  • It can now also show, transfer or seize the DNS infrastructure roles:
  • DomainDnsZones Infrastructure Master
  • ForestDnsZones Infrastructure Master
  • CTDB logging changes:
  • The destination for CTDB logging is now set via a single new configuration variable CTDB_LOGGING. This replaces CTDB_LOGFILE and CTDB_SYSLOG, which have both been removed. See ctdbd.conf(5) for details of CTDB_LOGGING.
  • CTDB no longer runs a separate logging daemon.
  • CTDB NFS support changes:
  • CTDB's NFS service management has been combined into a single 60.nfsevent script. This updated 60.nfs script now uses a call-out to interact with different NFS implementations. See the CTDB_NFS_CALLOUT option in the ctdbd.conf(5) manual page for details. A default call-out is provided to interact with the Linux kernel NFS implementation. The 60.ganesha event script has been removed - a sample call-out is provided for NFS Ganesha, based on this script.
  • The method of configuring NFS RPC checks has been improved. See ctdb/config/nfs-checks.d/README for details.
  • Improved Cross-Compiling Support:
  • A new "hybrid" build configuration mode is added to improve cross-compilation support.
  • A common challenge in cross-compilation is that of obtaining the results of tests that have to run on the target, during the configuration phase of the build. The Samba build system already supports the following means to do so:
  • - Executing configure tests using the --cross-execute parameter
  • - Obtaining the results from an answers file using the --cross-answers parameter
  • The first method has the drawback of inaccurate results if the tests are run using an emulator, or a need to be connected to a running target while building, if the tests are to be run on an actual target. The second method presents a challenge of figuring out the test results.
  • The new hybrid mode runs the tests and records the result in an answer file. To activate this mode, use both --cross-execute and --cross-answers in the same configure invocation. This mode can be activated once against a running target, and then the generated answers file can be used in subsequent builds.
  • Also supplied is an example script that can be used as the cross-execute program. This script copies the test to a running target and runs the test on the target, obtaining the result. The obtained results are more accurate than running the test with an emulator, because they reflect the exact kernel and system libraries that exist on the target.
  • Improved Sparse File Support:
  • Support for the FSCTL_SET_ZERO_DATA and FSCTL_QUERY_ALLOCATED_RANGES SMB2 requests has been added to the smbd file server. This allows for clients to deallocate (hole punch) regions within a sparse file, and check which portions of a file are allocated.
  • smb.conf changes:
  • Parameter Name Description Default
  • -------------- ----------- -------
  • logging New (empty)
  • msdfs shuffle referrals New no
  • smbd profiling level New off
  • spotlight New no
  • tls priority New NORMAL:-VERS-SSL3.0
  • use ntdb Removed
  • change notify Changed to [global]
  • kernel change notify Changed to [global]
  • client max protocol Changed default SMB3_11
  • server max protocol Changed default SMB3_11
  • Removed modules:
  • vfs_notify_fam - see section 'New FileChangeNotify subsystem'.

New in Samba 4.2.3 (Jul 14, 2015)

  • BUG 11366: docs: Overhaul the description of "smb encrypt" to include SMB3 encryption.
  • BUG 11068: s3: lib: util: Ensure we read a hex number as %x, not %u.
  • BUG 11295: Excessive cli_resolve_path() usage can slow down transmission.
  • BUG 11328: winbindd: winbindd_raw_kerberos_login - ensure logon_info exists in PAC.
  • BUG 11339: s3: smbd: Use separate flag to track become_root()/unbecome_root() state.
  • BUG 11342: s3: smbd: Codenomicon crash in do_smb_load_module().
  • BUG 11170: s3:param/loadparm: Fix 'testparm --show-all-parameters'.
  • BUG 10991: winbindd: Sync secrets.ldb into secrets.tdb on startup.
  • BUG 11277: s3:smb2: Add padding to last command in compound requests.
  • BUG 11305: vfs_fruit: Add option "veto_appledouble".
  • BUG 11323: smbd/trans2: Add a useful diagnostic for files with bad encoding.
  • BUG 11363: vfs_fruit: Check offset and length for AFP_AfpInfo read requests.
  • BUG 11371: ncacn_http: Fix GNUism.
  • BUG 11245: s3-rpc_server: Fix rpc_create_tcpip_sockets() processing of interfaces.
  • BUG 11331: tdb: version 1.3.5: ABI change: tdb_chainlock_read_nonblock() has been added.
  • BUG 8780: s4:lib/tls: Fix build with gnutls 3.4.
  • BUG 11281: Add IPv6 support to ADS client side LDAP connects.
  • BUG 11282: Add IPv6 support for determining FQDN during ADS join.
  • BUG 11283: s3: IPv6 enabled DNS connections for ADS client.
  • BUG 10924: s4.2/fsmo.py: Fixed fsmo transfer exception.
  • BUG 11293: Fix invalid write in ctdb_lock_context_destructor.
  • BUG 11218: smbd: Fix a use-after-free.
  • BUG 11312: tstream: Make socketpair nonblocking.
  • BUG 11330: tevent: Fix CID 1035381 Unchecked return value.
  • BUG 11331: tdb: Fix CID 1034842 and 1034841 Resource leaks.
  • BUG 11061: Logon via MS Remote Desktop hangs.
  • BUG 11141: tevent: Add a note to tevent_add_fd().
  • BUG 11293: Fix invalid write in ctdb_lock_context_destructor.
  • BUG 11316: tevent_fd needs to be destroyed before closing the fd.
  • BUG 11319: Build fails on Solaris 11 with "‘PTHREAD_MUTEX_ROBUST’ undeclared".
  • BUG 11326: Robust mutex support broken in 1.3.5.
  • BUG 11329: s3:smb2_setinfo: Fix memory leak in the defer_rename case.
  • BUG 11330: Backport tevent-0.9.25.
  • BUG 11331: Backport tdb-1.3.6.
  • BUG 11367: s3:auth_domain: Fix talloc problem in connect_to_domain_password_server().
  • BUG 11315: Group creation: Add msSFU30Name only when --nis-domain was given.
  • BUG 11356: pidl: Make the compilation of PIDL producing the same results if the content hasn't change.
  • BUG 11328: Kerberos auth info3 should contain resource group ids available from pac_logon.
  • BUG 11330: lib: tevent: Fix compile error in Solaris ports backend.
  • BUG 11313: idmap_rfc2307: Fix wbinfo '--gid-to-sid' query.
  • BUG 11324: Change sharesec output back to previous format.
  • BUG 11358: winbindd: Disconnect child process if request is cancelled at main process.
  • BUG 11330: Backport tevent-0.9.25.
  • BUG 11217: s3-unix_msg: Remove socket file after closing socket fd.

New in Samba 4.2.2 (May 27, 2015)

  • BUG 11182: s3:smbXsrv: refactor duplicate code into smbXsrv_session_clear_and_logoff().
  • BUG 11260: gencache: don't fail gencache_stabilize if there were records to delete.
  • BUG 11186: s3: libsmbclient: After getting attribute server, ensure main srv pointer is still valid.
  • BUG 11236: s4: rpc: Refactor dcesrv_alter() function into setup and send steps.
  • BUG 11240: s3: smbd: Incorrect file size returned in the response of "FILE_SUPERSEDE Create".
  • BUG 11249: Mangled names do not work with acl_xattr.
  • BUG 11254: nmbd rewrites browse.dat when not required.
  • BUG 11213: vfs_fruit: add option "nfs_aces" that controls the NFS ACEs stuff.
  • BUG 11224: s3:smbd: Add missing tevent_req_nterror.
  • BUG 11243: vfs: kernel_flock and named streams.
  • BUG 11244: vfs_gpfs: Error code path doesn't call END_PROFILE.
  • BUG 11284: s4: libcli/finddcs_cldap: continue processing CLDAP until all addresses are used.
  • BUG 11201: ctdb: check for talloc_asprintf() failure.:w
  • BUG 11210: spoolss: purge the printer name cache on name change.
  • BUG 11204: CTDB statd-callout does not scale.
  • BUG 11221: vfs_fruit: also map characters below 0x20.
  • BUG 11201: ctdb: Coverity fix for CID 1291643.
  • BUG 11225: Multiplexed RPC connections are not handled by DCERPC server.
  • BUG 11226: Fix terminate connection behavior for asynchronous endpoint with PUSH notification flavors.
  • BUG 11007: ctdb-scripts: Fix bashism in ctdbd_wrapper script.
  • BUG 11201: ctdb: Fix CIDs 1125615, 1125634, 1125613, 1288201 and 1125553.
  • BUG 11257: SMB2 should cancel pending NOTIFY calls with DELETE_PENDING if the directory is deleted.
  • BUG 11141: s3:winbindd: make sure we remove pending io requests before closing client sockets.
  • BUG 11182: Fix panic triggered by smbd_smb2_request_notify_done() -> smbXsrv_session_find_channel() in smbd.
  • BUG 11237: 'sharesec' output no longer matches input format.
  • BUG 11200: waf: Fix systemd detection.
  • BUG 11202: CTDB: Fix portability issues.
  • BUG 11203: CTDB: Fix some IPv6-related issues.
  • BUG 11204: CTDB statd-callout does not scale.
  • BUG 11234: 'net ads dns gethostbyname' crashes with an error in TALLOC_FREE if you enter invalid values.
  • BUG 11267: libads: record service ticket endtime for sealed ldap connections.
  • BUG 11033: lib/util: Include DEBUG macro in internal header files before samba_util.h.

New in Samba 4.2.1 (Apr 16, 2015)

  • BUG 8905: s3:winbind:grent: Don't stop group enumeration when a group has no gid.
  • BUG 10476: build:wafadmin: Fix use of spaces instead of tabs.
  • BUG 11143: s3-winbind: Fix cached user group lookup of trusted domains.
  • BUG 10016: s3: lib: ntlmssp: If NTLMSSP_NEGOTIATE_TARGET_INFO isn't set, cope with servers that don't send the 2 unused fields.
  • BUG 10888: s3: client: "client use spnego principal = yes" code checks wrong name.
  • BUG 11079: s3: lib: libsmbclient: If reusing a server struct, check every cli->timout miliseconds if it's still valid before use.
  • BUG 11173: s3: libcli: smb1: Ensure we correctly finish a tevent req if the writev fails in the SMB1 case.
  • BUG 11175: Fix lots of winbindd zombie processes on Solaris platform.
  • BUG 11177: s3: libsmbclient: Add missing talloc stackframe.
  • BUG 11135: backupkey: Explicitly link to gnutls and gcrypt.
  • BUG 11174: backupkey: Use ndr_pull_struct_blob_all().
  • BUG 11125: vfs_fruit: Enhance handling of malformed AppleDouble files.
  • BUG 9791: Initialize dwFlags field of DNS_RPC_NODE structure.
  • BUG 11169: docs/idmap_rid: Remove deprecated base_rid from example.
  • BUG 10476: waf: Fix the build on openbsd.
  • BUG 11144: talloc: Version 2.1.2.
  • BUG 11164: s4:auth/gensec_gssapi: Let gensec_gssapi_update() return NT_STATUS_LOGON_FAILURE for unknown errors.
  • BUG 11149: Update libwbclient version to 0.12.
  • BUG 11018: spoolss: Retrieve published printer GUID if not in registry.
  • BUG 11135: replace: Remove superfluous check for gcrypt header.
  • BUG 11180: s4-process_model: Do not close random fds while forking.
  • BUG 11185: s3-passdb: Fix 'force user' with winbind default domain.
  • BUG 11153: brlock: Use 0 instead of empty initializer list.
  • BUG 11092: lib: texpect: Fix the build on Solaris.
  • BUG 11140: libcli/auth: Match Declaration of netlogon_creds_cli_context_tmp with implementation.
  • BUG 11137: Backport subunit changes.

New in Samba 4.2.0 (Mar 6, 2015)

  • Transparent File Compression
  • Previous File Versions with Snapper
  • Winbindd/Netlogon improvements
  • Winbindd use on the Samba AD DC
  • Winbind now requires secured connections
  • Larger IO sizes for SMB2/3 by default
  • SMB2 leases
  • Improved DCERPC man in the middle detection
  • Overhauled "net idmap" command
  • tdb improvements
  • Messaging improvements
  • Clustering support
  • Samba Registry Editor
  • Bad Password Lockout in the AD DC
  • Correct defaults in the smb.conf manpages
  • Consistent behaviour between samba-tool testparm and testparm
  • VFS WORM module
  • vfs_fruit, a VFS module for OS X clients
  • smbclient archival improvements

New in Samba 4.1.17 (Feb 23, 2015)

  • This is a security release in order to address CVE-2015-0240 (Unexpected code execution in smbd).
  • CVE-2015-0240: All versions of Samba from 3.5.0 to 4.2.0rc4 are vulnerable to an unexpected code execution vulnerability in the smbd file server daemon.
  • A malicious client could send packets that may set up the stack in such a way that the freeing of memory in a subsequent anonymous netlogon packet could allow execution of arbitrary code. This code would execute with root privileges.
  • Changes since 4.1.16:
  • BUG 11077: CVE-2015-0240: talloc free on uninitialized stack pointer in netlogon server could lead to security vulnerability.
  • BUG 11077: CVE-2015-0240: s3-netlogon: Make sure we do not deference a NULL pointer.

New in Samba 4.1.15 (Jan 12, 2015)

  • BUG 10966: libcli: SMB2: Pure SMB2-only negprot fix to make us behave as a Windows client does.
  • BUG 10982 s3: smbd/modules: Fix *allocate* calls to follow POSIX error return convention.
  • BUG 9629: Fix profiles tool.
  • BUG 11006: idl:drsuapi: Manage all possible lengths of drsuapi_DsBindInfo.
  • BUG 9056: pam_winbind: Fix warn_pwd_expire implementation.
  • BUG 10952: s4-rpc: dnsserver: Fix enumeration of IPv4 and IPv6 addresses.
  • BUG 9299: nsswitch: Fix soname of linux nss_*.so.2 modules.
  • BUG 10949: s4:dsdb/rootdse: Expand extended dn values with the AS_SYSTEM control.
  • BUG 10958: s3:smb2_server: Allow reauthentication without signing.
  • BUG 11006: Fix 'domain join' by adding 'drsuapi.DsBindInfoFallBack' attribute 'supported_extensions'.
  • BUG 11006: Fix 'domain join' by adding 'drsuapi.DsBindInfoFallBack' attribute 'supported_extensions'.
  • BUG 11034: winbind: Retry LogonControl RPC in ping-dc after session expiration.
  • BUG 10279: s3-lib: Do not require a password with --use-ccache.
  • BUG 10960: s3-smbclient: Return success if we listed the shares.
  • BUG 10961: s3-smbstatus: Fix exit code of profile output.

New in Samba 4.1.14 (Dec 1, 2014)

  • BUG 10472: Revert buildtools/wafadmin/Tools/perl.py back to upstream state.
  • BUG 10711: nmbd fails to accept "--piddir" option.
  • BUG 10896: s3-nmbd: Fix netbios name truncation.
  • BUG 10904: s3: libsmbclient-smb2. MacOSX 10 SMB2 server doesn't set STATUS_NO_MORE_FILES when handed a non-wildcard path.
  • BUG 10920: s3: nmbd: Ensure NetBIOS names are only 15 characters stored.
  • BUG 10942: Cleanup add_string_to_array and usage.
  • BUG 10898: spoolss: Fix handling of bad EnumJobs levels.
  • BUG 10905: spoolss: Fix jobid in level 3 EnumJobs response.
  • BUG 10620: s4-dns: Add support for BIND 9.10.
  • BUG 10835: nss_winbind: Add getgroupmembership for FreeBSD.
  • BUG 10932: pdb_tdb: Fix a TALLOC/SAFE_FREE mixup.
  • BUG 10472: pidl/wscript: Remove --with-perl-* options.
  • BUG 10921: s3:smbd: Fix file corruption using "write cache size != 0".
  • BUG 10889: vfs_glusterfs: Remove "integer fd" code and store the glfs pointers.
  • BUG 10933: s3-keytab: Fix keytab array NULL termination.
  • BUG 10880: S3: source3/smbd/process.c::srv_send_smb() returns true on the error path.

New in Samba 4.1.13 (Oct 20, 2014)

  • BUG 10809: s3:smbd:open_file: Use a more natural check.
  • BUG 10717: s3: winbindd: Old NT Domain code sets struct winbind_domain->alt_name to be NULL. Ensure this is safe with modern AD-DCs.
  • BUG 10779: pthreadpool: Slightly serialize jobs.
  • BUG 10809: s3: smbd: Open logic fix.
  • BUG 10830: s3: nmbd: Ensure the main nmbd process doesn't create zombies.
  • BUG 10831: s3: lib: Signal handling - ensure smbrun and change password code save and restore existing SIGCHLD handlers.
  • BUG 10848: s3: smb2cli: Query info return length check was reversed.
  • BUG 9984: s3-libnet: Make sure we do not overwrite precreated SPNs.
  • BUG 10814: docs: Mention incompatibility between kernel oplocks and streams_xattr.
  • BUG 10735: Fix unstrcpy.
  • BUG 10797: s3: smbd: streams - Ensure share mode validation ignores internal opens (op_mid == 0).
  • BUG 10813: vfs_media_harmony: Fix a crash bug.
  • BUG 10860: registry: Don't leave dangling transactions.
  • BUG 10826: s3-winbindd: Use correct realm for trusted domains in idmap child.
  • BUG 10837: idmap_rfc2307: Fix a crash after connection problem to DC.
  • BUG 10838: s3-winbindd: Do not use domain SID from LookupSids for Sids2UnixIDs call.
  • BUG 9984: s3-libnet: Add libnet_join_get_machine_spns().
  • BUG 9985: s3-libads: Add all machine account principals to the keytab.
  • BUG 10816: nmbd: Send waiting status to systemd.
  • BUG 10817: libcli: Fix a segfault calling smbXcli_req_set_pending() on NULL.
  • BUG 10824: nsswitch: Skip groups we were not able to map.

New in Samba 4.1.12 (Sep 8, 2014)

  • BUG 10369: build: Fix configure to honour '--without-dmapi'.
  • BUG 10737: s3:idmap: Don't log missing range config if range checking not requested.
  • BUG 10741: Fix flapping VFS gpfs offline bit.
  • BUG 3204: s3: winbindd: On new client connect, prune idle or hung connections older than "winbind request timeout". Add new parameter "winbind request timeout".
  • BUG 10640: lib: tevent: make TEVENT_SIG_INCREMENT atomic.
  • BUG 10650: Make "case sensitive = True" option working with "max protocol = SMB2" or higher in large directories.
  • BUG 10716: Fix smbd crashes when filename contains non-ascii character.
  • BUG 10728: 'net time': Fix usage and core dump.
  • BUG 10773: s3: smbd: POSIX ACLs. Remove incorrect check for SECINFO_PROTECTED_DACL in incoming security_information flags in posix_get_nt_acl_common().
  • BUG 10794: vfs_dirsort: Fix an off-by-one error that can cause uninitialized memory read.
  • BUG 10543: s3: Enforce a positive allocation_file_size for non-empty files.
  • BUG 10466: provision: Correctly provision the SOA record minimum TTL.
  • BUG 10652: Samba 4 consuming a lot of CPU when re-reading printcap info.
  • BUG 10787: dosmode: Fix FSCTL_SET_SPARSE request validation.
  • BUG 10742: s4-rpc: dnsserver: Allow . to be specified for @ record.
  • BUG 10731: sys_poll_intr: Fix timeout arithmetic.
  • BUG 10778: s3:libsmb: Set a max charge for SMB2 connections.
  • BUG 10716: lib: strings: Simplify strcasecmp.
  • BUG 10758: lib: Remove unused nstrcpy.
  • BUG 10782: smbd: Properly initialize mangle_hash.
  • BUG 9831: s4:setup/dns_update_list: make use of the new substitution variables.
  • BUG 10723: Allow netr_ServerReqChallenge() and netr_ServerAuthenticate3() on different connections.
  • BUG 10749: s4-rpc: dnsserver: Handle updates of tombstoned dnsNode objects.
  • BUG 10751: s4-rpc: dnsserver: return DNS_RANK_NS_GLUE recors when explicitly asked for.
  • BUG 10773: libcli/security: Add better detection of SECINFO_[UN]PROTECTED_[D|S]ACL in get_sec_info().
  • BUG 10761: docs: Fix typos in smb.conf (inherit acls).
  • BUG 10755: samba: Retain case sensitivity of cifs client.
  • BUG 9570: passdb: Fix NT_STATUS_NO_SUCH_GROUP.
  • BUG 10759: Fix a memory leak in cli_set_mntpoint().
  • BUG 10777: Don't discard result of checking grouptype.

New in Samba 4.1.11 (Aug 1, 2014)

  • Samba 4.1.11 and 4.0.21 are security releases in order to address CVE-2014-3560 (Remote code execution in nmbd).

New in Samba 4.1.10 (Jul 29, 2014)

  • BUG 10693: Backport ldb-1.1.17 + changes from master.
  • BUG 10587: s3: libsmbclient: Work around bugs in SLES cifsd and Apple smbx SMB1 servers.
  • BUG 10653: Samba won't start on a machine configured with only IPv4.
  • BUG 10671: s3: smbd: Prevent file truncation on an open that fails with share mode violation.
  • BUG 10673: s3: SMB2: Fix leak of blocking lock records in the database.
  • BUG 10684: SMB1 blocking locks can fail notification on unlock, causing client timeout.
  • BUG 10685: s3: smbd: Locking, fix off-by one calculation in brl_pending_overlap().
  • BUG 10692: wbcCredentialCache fails if challenge_blob is not first.
  • BUG 10693: lib/ldb: Fix compiler warnings.
  • BUG 8077: dbcheck: Add check and test for various invalid userParameters values.
  • BUG 8449: Simple use case results in "no talloc stackframe around, leaking memory" error.)
  • BUG 10130: dsdb: Always store and return the userParameters as a array of LE 16-bit values.
  • BUG 10582: dsdb: Rename private_data to rootdse_private_data in rootdse.
  • BUG 10627: rid_array used before status checked - segmentation fault due to null pointer dereference.
  • BUG 10693: ldb: make the successful ldb_transaction_start() message clearer.
  • BUG 10694: dsdb: Return NO_SUCH_OBJECT if a basedn is a deleted object.
  • BUG 10700: Backport access check related fixes from master.
  • BUG 10674: samba-tool: Add --site parameter to provision command.
  • BUG 10693: Fix SEGV from improperly formed SUBSTRING/PRESENCE filter.
  • BUG 10693: ldb: Do not build libldb-cmdline when using system ldb.
  • BUG 10693: s4-openldap: Remove use of talloc_reference in ldb_map_outbound.c
  • BUG 3263: net/doc: Make clear that net vampire is for NT4 domains only.
  • BUG s3: Fix missing braces in nfs4_acls.c.
  • BUG 10593: Fix "PANIC: assert failed at ../source3/smbd/open.c(1582): ret".
  • BUG 10663: msg_channel: Fix a 100% CPU loop.
  • BUG 10671: s3: smbd: Prevent file truncation on an open that fails with share mode violation.
  • BUG 10680: smbstatus: Fix an uninitialized variable.
  • BUG 10687: 'RW2' smbtorture test fails when -N is set to 2 due to the invalid status check in the second client.
  • BUG 10693: ldb: Fix 1138330 Dereference null return value, fix CIDs 241329, 240798, 1034791, 1034792 1034910, 1034910).
  • BUG 10699: smbd: Avoid double-free in get_print_db_byname.
  • BUG 8077: s4:dsdb/samldb: Don't allow 'userParameters' to be modified over LDAP for now.
  • BUG 9763: s4:dsdb/repl_meta_data: Make sure objectGUID can't be deleted.
  • BUG 10469: ldb-samba: fix a memory leak in ldif_canonicalise_objectCategory().
  • BUG 10294: s4:repl_meta_data: fix array assignment in replmd_process_linked_attribute().
  • BUG 10536: dbchecker: Verify and fix broken dn values.
  • BUG 10692: wbcCredentialCache fails if challenge_blob is not first.
  • BUG 10693: ldb:pyldb: Add some more helper functions for LdbDn.
  • BUG 10694: s4:dsdb/extended_dn_in: Don't force DSDB_SEARCH_SHOW_RECYCLED.
  • BUG 10696: Backport autobuild/selftest fixes from master.
  • BUG 10706: s3:smb2_read: let smb2_sendfile_send_data() behave like send_file_readX().
  • BUG 10693: pyldb: Decrement ref counters on py_results and quiet warnings.
  • BUG 10698: Backport drs-crackname fixes from master.
  • BUG 10693: ldb: Use of NULL pointer bugfix.
  • BUG 10703: Backport provision fixes from master.
  • BUG 10693: ldb: Add a env variable to disable RTLD_DEEPBIND.

New in Samba 4.1.9 (Jun 23, 2014)

  • This is a security release in order to address CVE-2014-0244 (Denial of service - CPU loop) and CVE-2014-3493 (Denial of service - Server crash/memory corruption).

New in Samba 4.1.8 (Jun 3, 2014)

  • BUG 10548: build: Fix ordering problems with lib-provided and internal RPATHs.
  • BUG 3124: s3: smb2: Fix 'xcopy /d' with samba shares.
  • BUG 10544: s3: lib/util: Fix logic inside set_namearray loops.
  • BUG 10564: Fix lock order violation and file lost.
  • BUG 10577: Fix wildcard unlink to fail if we get an error rather than trying to continue.
  • BUG 10569: dsdb: Do checks for invalid renames in samldb, before repl_meta_data.
  • BUG 10239: s3: nmbd: Reset debug settings after reading config file.
  • BUG 10544: s3: lib/util: set_namearray reads across end of namelist
  • BUG 10556: lib-util: Rename memdup to smb_memdup and fix all callers.
  • BUG 10609: CVE-2014-0239: dns: Don't reply to replies.
  • BUG 10517: Use exit_daemon() to communicate status of startup to systemd.
  • BUG 10590: byteorder: Do not assume PowerPC is big-endian.
  • BUG 10612: printing: Fix purge of all print jobs.
  • BUG 10524: Fix adding NetApps.
  • BUG 10547: idmap_autorid: Fix failure in reverse lookup if ID is from domain range index #0.
  • BUG 10472: script/autobuild: Make use of '--with-perl-{arch,lib}-install-dir'.
  • BUG 10554: Fix read of deleted memory in reply_writeclose()'.
  • BUG 10151: Extra ':' in msg for Waf Cross Compile Build System with Cross-answers command.
  • BUG 10348: Fix empty body in if-statement in continue_domain_open_lookup.
  • BUG 10549: CVE-2014-0178: Malformed FSCTL_SRV_ENUMERATE_SNAPSHOTS response.
  • BUG 10472: wafsamba: Fix the installation on FreeBSD.

New in Samba 4.0.18 (May 28, 2014)

  • BUG 10548: build: Fix ordering problems with lib-provided and internal RPATHs.
  • BUG 10577: SMB1 wildcard unlink fail can leave a retry record on the open retry queue.
  • BUG 10564: Fix lock order violation and file lost.
  • BUG 10239: s3-nmbd: Reset debug settings after reading config file.
  • BUG 10544: s3-lib/util: set_namearray reads across end of namelist string.
  • BUG 10556: lib-util: Rename memdup to smb_memdup and fix all callers.
  • BUG 10609: CVE-2014-0239: dns: Don't reply to replies.
  • BUG 10590: byteorder: Do not assume PowerPC is big-endian.
  • BUG 10472: script/autobuild: Make use of '--with-perl-{arch,lib}-install-dir'.
  • BUG 10554: Fix read of deleted memory in reply_writeclose()'.
  • UG 10151: Extra ':' in msg for Waf Cross Compile Build System with Cross-answers command.
  • BUG 10348: Fix empty body in if-statement in continue_domain_open_lookup.
  • BUG 10549: CVE-2014-0178: Malformed FSCTL_SRV_ENUMERATE_SNAPSHOTS response.
  • BUG 10472: wafsamba: Fix the installation on FreeBSD.

New in Samba 4.0.17 (Apr 15, 2014)

  • BUG 9878: Make "force user" work as expected.
  • BUG 9942: Fix problem with server taking too long to respond to a MSG_PRINTER_DRVUPGRADE message.
  • BUG 9993: s3-printing: Fix obvious memory leak in printer_list_get_printer().
  • BUG 10344: SessionLogoff on a signed connection with an outstanding notify request crashes smbd.
  • BUG 10431: Fix STATUS_NO_MEMORY response from Query File Posix Lock request.
  • BUG 10508: smbd: Correctly add remote users into local groups.
  • BUG 10534: Cleanup messages.tdb record after unclean smbd shutdown.
  • BUG 9911: Fix build on AIX with IBM XL C/C++ (gettext detection issues).
  • BUG 10308: Fix String Conversion Errors with Samba 4.1.0 Build on AIX 7.1.
  • smbd: Split create_conn_struct into a fn that does not change the working dir.
  • BUG 10458: Fix 'wbinfo -i' with one-way trust.
  • s3:rpc_server: Minor refactoring of process_request_pdu().
  • BUG 10471: Don't respond with NXDOMAIN to records that exist with another type.
  • BUG 10504: lsa.idl: Define lsa.ForestTrustCollisionInfo and ForestTrustCollisionRecord as public structs.
  • BUG 10439: Increase max netbios name components.
  • BUG 10188: doc: Add "spoolss: architecture" parameter usage.
  • BUG 10484: Initial FSRVP rpcclient requests fail with NT_STATUS_PIPE_NOT_AVAILABLE.
  • BUG 10387: 'net ads search' on high latency networks can return a partial list with no error indication.
  • BUG 10344: SessionLogoff on a signed connection with an outstanding notify request crashes smbd.
  • BUG 10422: max xmit > 64kb leads to segmentation fault.
  • BUG 10444: smbd_server_connection_terminate("CTDB_SRVID_RELEASE_IP") panics from within ctdbd_migrate() with invalid lock_order.
  • BUG 10464: samba4 services not binding on IPv6 addresses causing connection delays.
  • tevent: Fix crash bug in tevent_queue_immediate_trigger().
  • BUG 10378: dfs: Always call create_conn_struct with root privileges.
  • BUG 10472: pidl: waf should have an option for the dir to install perl files and do not glob.
  • BUG 10474: s3-spoolssd: Don't register spoolssd if epmd is not running.
  • BUG 10481: s3-rpc_server: Fix handling of fragmented rpc requests.
  • BUG 10506: Make 'smbreadline' build with readline 6.3.

New in Samba 4.1.6 (Mar 12, 2014)

  • These are security releases in order to address CVE-2013-4496 (Password lockout not enforced for SAMR password changes) and CVE-2013-6442 (smbcacls will remove the ACL on a file or directory when changing owner or group owner.).

New in Samba 4.1.5 (Feb 21, 2014)

  • BUG 10259: Make shadow_copy2 module working with Windows 7.
  • BUG 2662: Make revamped directory handling code 64bit clean.
  • BUG 10320: s3: smbpasswd: Fix crashes on invalid input.
  • BUG 10358: Fix 100% CPU utilization in winbindd when trying to free memory in winbindd_reinit_after_fork.
  • BUG 10406: s3: vfs_dirsort module: Allow dirsort to work when multiple simultaneous directories are open.
  • BUG 10429: s3: modules: streaminfo: As we have no VFS function SMB_VFS_LLISTXATTR we can't cope with a symlink when lp_posix_pathnames() is true.
  • BUG 10087: ntlm_auth sometimes returns the wrong username to mod_ntlm_auth_winbind.
  • BUG 10418: Fix INTERNAL ERROR: Signal 11 in the kdc pid.
  • BUG 10418: Add support for Heimdal's unified krb5 and hdb plugin system.
  • BUG 10384: vfs/glusterfs: In case atime is not passed, set it to the current atime.
  • BUG 10424: vfs_btrfs: Fix incorrect zero length server-side copy request handling.
  • BUG 2191: s3-winbind: Improve performance of wb_fill_pwent_sid2uid_done().
  • BUG 10415: smbd: Fix memory overwrites.
  • BUG 10436: smbd: Fix an ancient oplock bug.
  • BUG 10442: Fix crash bug in smb2_notify code.
  • BUG 10367: Fix several memory leaks.
  • BUG 10418: Cope with first element in hdb_method having a different name in different heimdal versions.

New in Samba 4.0.15 (Feb 18, 2014)

  • BUG 10259: Make shadow_copy2 module working with Windows 7.
  • BUG 10087: ntlm_auth sometimes returns the wrong username to mod_ntlm_auth_winbind.
  • BUG 2662: Make revamped directory handling code 64bit clean.
  • BUG 10358: Fix 100% CPU utilization in winbindd when trying to free memory in winbindd_reinit_after_fork.
  • BUG 10429: s3: modules: streaminfo: As we have no VFS function SMB_VFS_LLISTXATTR we can't cope with a symlink when lp_posix_pathnames() is true.
  • BUG 0280: s3:winbindd: Fix use of uninitialized variables.
  • BUG 10418: Fix INTERNAL ERROR: Signal 11 in the kdc pid.
  • BUG 10418: Add support for Heimdal's unified krb5 and hdb plugin system.
  • BUG 2191: s3-winbind: Improve performance of wb_fill_pwent_sid2uid_done().
  • BUG 10415: smbd: Fix memory overwrites.
  • BUG 10436: smbd: Fix an ancient oplock bug.
  • BUG 10442: Fix crash bug in smb2_notify code.
  • BUG 10418: Cope with first element in hdb_method having a different name in different heimdal versions.

New in Samba 4.1.4 (Jan 10, 2014)

  • BUG 9870: smbd: Allow updates on directory write times on open handles.
  • BUG 10260: smbclient shows no error if deleting a directory with del failed.
  • BUG 10297: smbd: Fix writing to a directory with -wx permissions on a share.
  • BUG 10305: ldb: bad if test in ldb_comparison_fold().
  • BUG 10276: Fix waf build error on AIX with IBM XL C/C++.
  • BUG 10280: s3:winbindd fix use of uninitialized variables.
  • BUG 10281: Fix typos in man pages.
  • BUG 10285: s3-winbindd: Fix DEBUG statement in winbind_msg_offline().
  • BUG 10262: s3-libnetjoin: Use upper-case realm when composing default upn.
  • BUG 10281: Fix numerous typos in man pages.
  • BUG 10271: Send correct job-ID in print job notifications.
  • BUG 10337: vfs_glusterfs: Enable per client log file.
  • BUG 10250: smbd: Fix a talloc hierarchy problem in msg_channel.
  • BUG 10284: smbd: Fix segfaults.
  • BUG 10297: smbd: Fix writing to a directory with -wx permissions on a share.
  • BUG 10311: Fix SMB2 server panic when a smb2 brlock times out.
  • BUG 10298: Reduce smb2_server processing overhead.
  • BUG 10267: Fix printing via local printer drivers with Windows 8.
  • BUG 10310: Fix AIO with SMB2 and locks.
  • BUG 2191: Fix %G/%g substitution in 'template homedir'.
  • BUG 10274: Fix several issues and warnings from analyzer tools.
  • BUG 10286: s3-lib: Fix %G substitution for domain users in smbd.

New in Samba 4.0.14 (Jan 8, 2014)

  • BUG 9870: smbd: Allow updates on directory write times on open handles.
  • BUG 10305: ldb: Fix bad if test in ldb_comparison_fold().
  • BUG 10320: s3:smbpasswd: Fix crashes on invalid input.
  • BUG 10271: Send correct job-ID in print job notifications.
  • BUG 10250: smbd: Fix a talloc hierarchy problem in msg_channel.
  • BUG 10284: smbd: Fix segfault.
  • BUG 10297: smbd: Fix writing to a directory with -wx permissions on a share.
  • BUG 10311: Fix SMB2 server panic when a smb2 brlock times out.
  • BUG 10298: Reduce smb2_server processing overhead.
  • BUG 10330: s3:configure: Require tevent >= 0.9.18 as external library.
  • BUG 10267: spoolss: Accept XPS_PASS datatype used by Windows 8.
  • BUG 10310: Fix AIO with SMB2 and locks.
  • BUG 2191: Fix substution of %G/%g in 'template * homedir'.

New in Samba 3.6.22 (Dec 11, 2013)

  • BUG 10139: Valid utf8 filenames cause "invalid conversion error" messages.
  • BUG 10167: s3-smb2 server: smb2 breaks "smb encryption = mandatory".
  • BUG 10187: Missing talloc_free can leak stackframe in error path.
  • BUG 10247: xattr: Fix listing EAs on *BSD for non-root users.
  • BUG 10118: Raise debug level for being unable to open a printer.
  • BUG 10195: nsswitch: Fix short writes in winbind_write_sock.
  • BUG 10267: Fix Windows 8 printing via local printer drivers.
  • BUG 10194: Make offline logon cache updating for cross child domain group membership.

New in Samba 4.0.13 (Dec 10, 2013)

  • CVE-2013-4408:
  • Samba versions 3.4.0 and above (versions 3.4.0 - 3.4.17, 3.5.0 - 3.5.22, 3.6.0 - 3.6.21, 4.0.0 - 4.0.12 and including 4.1.2) are vulnerable to buffer overrun exploits in the client processing of DCE-RPC packets. This is due to incorrect checking of the DCE-RPC fragment length in the client code.
  • This is a critical vulnerability as the DCE-RPC client code is part of the winbindd authentication and identity mapping daemon, which is commonly configured as part of many server installations (when joined to an Active Directory Domain). A malicious Active Directory Domain Controller or man-in-the-middle attacker impersonating an Active Directory Domain Controller could achieve root-level access by compromising the winbindd process.
  • Samba server versions 3.4.0 - 3.4.17 and versions 3.5.0 - 3.5.22 are also vulnerable to a denial of service attack (server crash) due to a similar error in the server code of those versions.
  • Samba server versions 3.6.0 and above (including all 3.6.x versions, all 4.0.x versions and 4.1.x) are not vulnerable to this problem.
  • In addition range checks were missing on arguments returned from calls to the DCE-RPC functions LookupSids (lsa and samr), LookupNames (lsa and samr) and LookupRids (samr) which could also cause similar problems.
  • As this was found during an internal audit of the Samba code there are no currently known exploits for this problem (as of December 9th 2013).
  • CVE-2012-6150:
  • Winbind allows for the further restriction of authenticated PAM logins using the require_membership_of parameter. System administrators may specify a list of SIDs or groups for which an authenticated user must be a member of. If an authenticated user does not belong to any of the entries, then login should fail. Invalid group name entries are ignored.
  • Samba versions 3.3.10, 3.4.3, 3.5.0 and later incorrectly allow login from authenticated users if the require_membership_of parameter specifies only invalid group names.
  • This is a vulnerability with low impact. All require_membership_of group names must be invalid for this bug to be encountered.

New in Samba 4.1.3 (Dec 9, 2013)

  • CVE-2013-4408:
  • Samba versions 3.4.0 and above (versions 3.4.0 - 3.4.17, 3.5.0 - 3.5.22, 3.6.0 - 3.6.21, 4.0.0 - 4.0.12 and including 4.1.2) are vulnerable to buffer overrun exploits in the client processing of DCE-RPC packets. This is due to incorrect checking of the DCE-RPC fragment length in the client code.
  • This is a critical vulnerability as the DCE-RPC client code is part of the winbindd authentication and identity mapping daemon, which is commonly configured as part of many server installations (when joined to an Active Directory Domain). A malicious Active Directory Domain Controller or man-in-the-middle attacker impersonating an Active Directory Domain Controller could achieve root-level access by compromising the winbindd process.
  • Samba server versions 3.4.0 - 3.4.17 and versions 3.5.0 - 3.5.22 are also vulnerable to a denial of service attack (server crash) due to a similar error in the server code of those versions.
  • Samba server versions 3.6.0 and above (including all 3.6.x versions, all 4.0.x versions and 4.1.x) are not vulnerable to this problem.
  • In addition range checks were missing on arguments returned from calls to the DCE-RPC functions LookupSids (lsa and samr), LookupNames (lsa and samr) and LookupRids (samr) which could also cause similar problems.
  • As this was found during an internal audit of the Samba code there are no currently known exploits for this problem (as of December 9th 2013).
  • CVE-2012-6150:
  • Winbind allows for the further restriction of authenticated PAM logins using the require_membership_of parameter. System administrators may specify a list of SIDs or groups for which an authenticated user must be a member of. If an authenticated user does not belong to any of the entries, then login should fail. Invalid group name entries are ignored.
  • Samba versions 3.3.10, 3.4.3, 3.5.0 and later incorrectly allow login from authenticated users if the require_membership_of parameter specifies only invalid group names.
  • This is a vulnerability with low impact. All require_membership_of group names must be invalid for this bug to be encountered.

New in Samba 3.6.21 (Nov 30, 2013)

  • BUG 10139: Valid utf8 filenames cause "invalid conversion error" messages.
  • BUG 10167: s3-smb2 server: smb2 breaks "smb encryption = mandatory".
  • BUG 10187: Missing talloc_free can leak stackframe in error path.
  • BUG 10247: xattr: Fix listing EAs on *BSD for non-root users.
  • BUG 10118: Raise debug level for being unable to open a printer.
  • BUG 10195: nsswitch: Fix short writes in winbind_write_sock.
  • BUG 10267: Fix Windows 8 printing via local printer drivers.
  • BUG 10194: Make offline logon cache updating for cross child domain group membership.

New in Samba 4.1.2 (Nov 22, 2013)

  • BUG 10187: Missing talloc_free can leak stackframe in error path.
  • BUG 10196: RW Deny for a specific user is not overriding RW Allow for a group.
  • BUG 10224: vfs_glusterfs: Implement proper mashalling/unmarshalling of ACLs.
  • BUG 10052: dfs_server: Use dsdb_search_one to catch 0 results as well as NO_SUCH_OBJECT errors.
  • BUG 9091: s4-dns: dlz_bind9: Create dns-HOSTNAME account disabled.
  • BUG 10264: s3-winbindd: Fix cache_traverse_validate_fn failure for NDR cache entries.
  • BUG 10224: vfs_glusterfs: Fix excessive debug output from vfs_gluster_open().
  • BUG 10247: xattr: Fix listing EAs on *BSD for non-root users.
  • BUG 10190: Fix memset used with constant zero length parameter.
  • BUG 10195: nsswitch: Fix short writes in winbind_write_sock.
  • BUG 10193: s4:dsdb/rootdse: report 'dnsHostName' instead of 'dNSHostName'.
  • BUG 10232: libcli/smb: Fix smb2cli_ioctl*() against Windows 2008.
  • BUG 10224: VFS plugin was sending the actual size of the volume instead of the total number of block units because of which windows was getting the wrong volume capacity.
  • BUG 10194: Make offline logon cache updating for cross child domain group membership.
  • BUG 10269: util: Remove 32bit macros breaking strict aliasing.
  • BUG 10253: Fix the build of vfs_glusterfs.

New in Samba 4.0.12 (Nov 20, 2013)

  • BUG 10187: Missing talloc_free can leak stackframe in error path.
  • BUG 10196: RW Deny for a specific user is not overriding RW Allow for a group.
  • BUG 10052: Use dsdb_search_one to catch 0 results as well as NO_SUCH_OBJECT errors.
  • BUG 9091: s4-dns: dlz_bind9: Create dns-HOSTNAME account disabled.
  • BUG 10264: s3-winbind: Fix cache_traverse_validate_fn failure for NDR cache entries.
  • BUG 10247: xattr: Fix listing EAs on *BSD for non-root users.
  • BUG 10195: nsswitch: Fix short writes in winbind_write_sock.
  • BUG 9905: ldap_server: Register name and pid at startup.
  • BUG 10193: s4:dsdb/rootdse: report 'dnsHostName' instead of 'dNSHostName'.
  • BUG 10232: libcli/smb: fix smb2cli_ioctl*() against Windows 2008.
  • BUG 10132: pam_winbindd: Add support for the KEYRING ccache type.
  • BUG 10194: winbind: Offline logon cache not updating for cross child domain group membership.
  • BUG 10269: util: Remove 32bit macros breaking strict aliasing.

New in Samba 3.6.20 (Nov 13, 2013)

  • This is a security release in order to address CVE-2013-4475 (ACLs are not checked on opening an alternate data stream on a file or directory).

New in Samba 4.0.11 (Nov 12, 2013)

  • This is a security release in order to address CVE-2013-4475 (ACLs are not checked on opening an alternate data stream on a file or directory) and CVE-2013-4476 (Private key in key.pem world readable).

New in Samba 4.1.1 (Nov 11, 2013)

  • This is a security release in order to address CVE-2013-4475 (ACLs are not checked on opening an alternate data stream on a file or directory) and CVE-2013-4476 (Private key in key.pem world readable).

New in Samba 4.1.0 (Oct 12, 2013)

  • Client tools support SMB2/3
  • Samba 4.1.0 contains the first release of our client tools and client library that work over the new protocols SMB2 or SMB3. Note that SMB3 only works either to a Samba server version 4.0.0 or above, or to a Windows Server running Windows 2012 or Windows 8. The default protocol for smbclient and smbcacls is still SMB1 (the NT1 protocol dialect). An SMB2 or SMB3 connection can be selected in one of two ways. The easiest way to test the new protocol connection is to add the -mMAX_PROTOCOL command line switch to either smbclient or smbcacls. For example, to connect using SMB3 with smbclient a user would type: smbclient //server/share -Uuser%password -mSMB3 Another example of connecting using SMB2 using smbcacls would be: smbcacls //server/share -Uuser%password -mSMB2 filename Note that when connecting using SMB2 or SMB3 protocols the UNIX extensions are no longer available inside the smbclient command set. This is due to UNIX extensions not yet being defined for the SMB2 or SMB3 protocols. The second way to select SMB2 or SMB3 connections is to set the "client max protocol" parameter in the [global] section of your smb.conf. Setting this parameter will cause all client connections from Samba and its client tools to offer the requested max protocol to a server on every connection request. For example, to cause all client tools (including winbindd, rpcclient, and the libsmbclient library) to attempt use SMB3 by default add the line: client max protocol = SMB3 to the [global] section of your smb.conf. This has not been as widely tested as the -mPROTOCOL options, but is intended to work correctly in the final release of 4.1.0.
  • Encrypted transport:
  • Although Samba servers have supported encrypted transport connections using the UNIX extensions for many years, selecting SMB3 transport allows encrypted transport connections to Windows servers that support SMB3, as well as Samba servers. In order to enable this, add the "-e" option to the smbclient command line. For example, to connect to a Windows 2012 server over SMB3 and select an encrypted transport you would use the following command line: smbclient //Win2012Server/share -Uuser%password -mSMB3 -e
  • Directory database replication (AD DC mode):
  • Directory replication has been reworked in order to improve the correctness and efficiency. As a net effect of it, replication with other domain controllers with a heavily modified schema is now possible (ie. Windows 2012 DCs or other Windows DC with exchange installed) and replication didn't fail anymore in such environments.
  • Server-Side Copy Support:
  • Samba 4.1.0 adds support for server-side copy operations via the SMB2 FSCTL_SRV_COPYCHUNK request. Clients making use of server-side copy support, such as Windows Server 2012, should experience considerable performance improvements for file copy operations, as file data need not traverse the network. This feature is enabled by default on the smbd file server.
  • Btrfs Filesystem Integration:
  • The Btrfs VFS module provided with Samba 4.1.0 further improves the performance of server-side copy operations on shares backed by a Btrfs filesystem. It does so by allowing multiple files to share the same on-disk extents, avoiding the unnecessary duplication of source and destination file data during a server-side copy operation. This feature can be explicitly enabled on smbd shares backed by a Btrfs filesystem with the smb.conf parameter: vfs objects = btrfs

New in Samba 4.0.10 (Oct 8, 2013)

  • BUG 10134: Ease file server upgrades from 3.6 and earlier with "acl allow execute always".
  • BUG 10169: Fix build error in scavenger.c.
  • BUG 5917: Make Samba work on site with Read Only Domain Controller.
  • BUG 9166: Starting smbd or nmbd with stdin from /dev/null results in "EOF on stdin".
  • BUG 10063: source3/lib/util.c:1493 leaking memory w/ pam_winbind.so / winbind.
  • BUG 10121: Masks incorrectly applied to UNIX extension permission changes.
  • BUG 10139: Valid utf8 filenames cause "invalid conversion error" messages.
  • BUG #9911 - Build Samba 4.0.x on AIX with IBM XL C/C++.
  • BUG 8077: dsdb: Convert the full string from UTF16 to UTF8, including embedded NULLs.
  • BUG 9091: When replicating DNS for bind9_dlz we need to create the server-DNS account remotely.
  • BUG 9461: python-samba-tool fsmo: Do not give an error on a successful role transfer.
  • BUG 9615: s3-winbindd: fix fallback to ncacn_np in cm_connect_lsat().
  • BUG 9899: s3-winbindd: fix fallback to ncacn_np in cm_connect_lsat().
  • BUG 10147: Better document potential implications of a globally used "valid users".
  • BUG 10118: Samba is chatty about being unable to open a printer.
  • BUG 9599: samba-tool/dns: Pass on additional flags when creating zones.
  • BUG 10086: smbd: Fix async echo handler forking.
  • BUG 10106: Honour output buffer length set by the client for SMB2 GetInfo requests.
  • BUG 10114: Dropbox (write-only-directory) case isn't handled correctly in pathname lookup.
  • BUG 10138: smbd: Clean up share modes after hard crash.
  • BUG 10162: Fix POSIX ACL mapping when setting DENY ACE's from Windows.
  • BUG 9802: Move gencache.tdb to /var/cache/samba.
  • BUG 10030: ::1 added to nameserver on join.
  • BUG 10158: NetBIOS related samba process consumes 100% CPU.
  • BUG 10137: vfs_shadow_copy2 does not display previous versions correctly over SMB2.
  • BUG 10076: docs: Fix variable list in man vfs_crossrename.
  • BUG 10097 - MacOSX 10.9 will not follow path-based DFS referrals handed out by Samba.
  • BUG 10106: Honour output buffer length set by the client for SMB2 GetInfo requests.

New in Samba 4.1.0 RC4 (Sep 27, 2013)

  • BUG 10107: Fix Winbind crashes on DC with trusted AD domains.
  • BUG 5917: Fix working on site with Read Only Domain Controller.
  • BUG 9974: Add SMB2 and SMB3 support for smbclient.
  • BUG 10063: Fix memory leak in source3/lib/util.c:1493.
  • BUG 10121: Masks incorrectly applied to UNIX extension permission changes.
  • BUG 9911: Build Samba 4.0.x on AIX with IBM XL C/C++.
  • BUG 9091: When replicating DNS for bind9_dlz we need to create the server-DNS account remotely.
  • BUG 9615: Winbind unable to retrieve user information from AD.
  • BUG 9899: winbind_lookup_names() fails because of NT_STATUS_CANT_ACCESS_DOMAIN_INFO.
  • BUG 10107: Fix Winbind crashes on DC with trusted AD domains.
  • BUG 10086: smbd: Fix async echo handler forking.
  • BUG 10106: Honour output buffer length set by the client for SMB2 GetInfo requests.
  • BUG 10114: Handle Dropbox (write-only-directory) case correctly in pathname lookup.
  • BUG 10030: ::1 added to nameserver on join.
  • BUG 10000: Add man pages for ntdb tools.
  • BUG 7364: Add man page for vfs_syncops.
  • BUG 7490: Add man page for vfs_linux_xfs_sgid.
  • BUG 10001: Add man page for samba-regedit tool.
  • BUG 10076: Fix variable list in vfs_crossrename man page.
  • BUG 10073: Fix segmentation fault in 'net ads join'.
  • BUG 10082: s3-winbind: Fix a segfault passing NULL to a fstring argument.
  • BUG 10097: MacOSX 10.9 will not follow path-based DFS referrals handed out by Samba.
  • BUG 10106: Honour output buffer length set by the client for SMB2 GetInfo requests.

New in Samba 3.6.19 (Sep 26, 2013)

  • BUG 5917: Make Samba work on site with Read Only Domain Controller.
  • BUG 8955: NetrServerPasswordSet2 timeout is too short.
  • BUG 9899: Fix fallback to ncacn_np in cm_connect_lsat().
  • BUG 9615: Fix fallback to ncacn_np in cm_connect_lsat().
  • BUG 10127: Fix 'smbstatus' as non-root user.
  • BUG 8955: Give machine password changes 10 minutes of time.
  • BUG 10106: Honour output buffer length set by the client for SMB2 GetInfo requests.
  • BUG 10114: Handle Dropbox (write-only-directory) case correctly in pathname lookup.
  • BUG 10076: Fix variable list in man vfs_crossrename.
  • BUG 9994: s3-winbind: Do not delete an existing valid credential cache.
  • BUG 10073: 'net ads join': Fix segmentation fault in create_local_private_krb5_conf_for_domain.
  • BUG 10097: MacOSX 10.9 will not follow path-based DFS referrals handed out by Samba.

New in Samba 4.1.0 RC3 (Sep 12, 2013)

  • Client tools support SMB2/3
  • Encrypted transport
  • Directory database replication (AD DC mode)
  • Server-Side Copy Support
  • Btrfs Filesystem Integration
  • The Samba Web Administration Tool (SWAT) has been removed.

New in Samba 4.0.9 (Aug 20, 2013)

  • BUG 9930: smbd: Cleanup disonnected durable handles.
  • BUG 9992: Fix Windows error 0x800700FE when copying files with xattr names containing ":".
  • BUG 10064: Linux kernel oplock breaks can miss signals.
  • BUG 9820: Fix crash of Winbind after "ls -l /usr/local/samba/var/locks/sysvol".
  • BUG 10014: Fix excessive RID allocation.
  • BUG 10003: s3-lib: Fix segmentation fault while reading incomplete session info.
  • BUG 9678: Windows 8 Roaming profiles fail.
  • BUG 9930: smbd: Cleanup disonnected durable handles.
  • BUG 10015: Add debugclass for DNS server.
  • BUG 9779: Add UPN enumeration to passdb internal API.
  • BUG 10043: Allow to change the default location for Kerberos credential caches.
  • BUG 10073: net ads join: Fix segmentation fault in create_local_private_krb5_conf_for_domain.
  • BUG 10013: smbd: Fix a 100% loop at shutdown time.
  • BUG 9820: Fix crash of Winbind after "ls -l /usr/local/samba/var/locks/sysvol".
  • BUG 10003: s3-lib: Fix segmentation fault while reading incomplete session info.
  • BUG 10015: Fix/improve debug options.
  • BUG 9970: vfs_streams_xattr: Do not attempt to write empty attribute twice.
  • BUG 9994: s3-winbind: Do not delete an existing valid credential cache.
  • BUG 10073: net ads join: Fix segmentation fault in create_local_private_krb5_conf_for_domain.
  • BUG 10064: Linux kernel oplock breaks can miss signals.

New in Samba 3.6.18 (Aug 14, 2013)

  • BUG 9777: vfs_dirsort uses non-stackable calls, dirfd(), malloc instead of talloc and doesn't cope with directories being modified whilst reading.
  • BUG 9678: Windows 8 Roaming profiles fail.
  • BUG 9636: Fix parsing linemarkers in preprocessor output.
  • BUG 9880: Use of wrong RFC2307 primary group field.
  • BUG 9983: Fix output of syslog-facility check.
  • BUG 10064: Linux kernel oplock breaks can miss signals.

New in Samba 4.1.0 RC2 (Aug 9, 2013)

  • Directory database replication (AD DC mode):
  • Directory replication has been reworked in order to improve the correctness and efficiency. As a net effect of it, replication with other domain controllers with a heavily modified schema is now possible (ie. Windows 2012 DCs or other Windows DC with exchange installed) and replication didn't fail anymore in such environments.
  • Server-Side Copy Support:
  • Samba 4.1.0 adds support for server-side copy operations via the SMB2 FSCTL_SRV_COPYCHUNK request. Clients making use of server-side copy support, such as Windows Server 2012, should experience considerable performance improvements for file copy operations, as file data need not traverse the network. This feature is enabled by default on the smbd file server.
  • Btrfs Filesystem Integration:
  • The Btrfs VFS module provided with Samba 4.1.0 further improves the performance of server-side copy operations on shares backed by a Btrfs filesystem. It does so by allowing multiple files to share the same on-disk extents, avoiding the unnecessary duplication of source and destination file data during a server-side copy operation.
  • This feature can be explicitly enabled on smbd shares backed by a Btrfs filesystem with the smb.conf parameter: vfs objects = btrfs

New in Samba 3.5.22 (Aug 5, 2013)

  • This is a security release in order to address CVE-2013-4124 (Samba 3.0.x to 4.0.7 are affected by a denial of service attack on authenticated or guest connections).

New in Samba 3.6.17 (Aug 5, 2013)

  • This is a security release in order to address CVE-2013-4124 (Samba 3.0.x to 4.0.7 are affected by a denial of service attack on authenticated or guest connections).

New in Samba 4.0.8 (Aug 5, 2013)

  • This is a security release in order to address CVE-2013-4124 (Samba 3.0.x to 4.0.7 are affected by a denial of service attack on authenticated or guest connections).

New in Samba 4.0.7 (Jul 2, 2013)

  • BUG 9909: build: Add missing new line to replaced python shebang line.
  • BUG 9794: Fix a core dump with invalid lock order while opening/editing or copying MS files.
  • BUG 9465: s3-rpc_server: Ensure we are root when starting and using gensec.
  • BUG 9906: Doc fixes for 4.0.
  • BUG 9907: Build fixes for 4.0 found during autoconf or debian packaging work.
  • BUG 9967: Fix crash bug from search of mail=.
  • BUG 9968: Fix build with system Heimdal of samba4kgetcred.
  • BUG 9947: Check for netbios aliases in ad_get_referrals.
  • BUG 9485: Add support for MX queries.
  • BUG 9559: dns: Delete dnsNode objects when they are empty.
  • BUG 9632: dns: Support larger queries when asking forwarder.
  • BUG 8997: Change libreplace GPL source to LGPL.
  • BUG 9900: is_printer_published GUID retrieval.
  • BUG 9910: PIE builds not supported.
  • BUG 9941: Fix a bug of drvupgrade of smbcontrol.
  • BUG 9880: Use of wrong RFC2307 primary group field.
  • BUG 9832: winbind4: talloc use after free.
  • BUG 9953: Fix tevent_poll on 32-bit machines (Coverity ID 989236).
  • BUG 9805: s3:lib/server_mutex: Open mutex.tdb with CLEAR_IF_FIRST.
  • BUG 9929: s4:winbind: Don't leak libnet_context into the main event context.
  • BUG 9881: Check for system libtevent.
  • BUG 9964: docs: Avoid mentioning a possibly misleading option.
  • BUG 9888: More generic check for OpenBSD platform.

New in Samba 3.6.16 (Jun 20, 2013)

  • BUG 9881: Link dbwrap_tool and dbwrap_torture against libtevent.
  • BUG 9722: Properly handle Oplock breaks in compound requests.
  • BUG 9822: Fix crash bug during Win8 sync.
  • BUG 9927: errno gets overwritten in call to check_parent_exists().
  • BUG 8997: Change libreplace GPL source to LGPL.
  • BUG 9900: is_printer_published GUID retrieval.
  • BUG 9941: Fix a bug of drvupgrade of smbcontrol.
  • BUG 9868: Don't know how to make LIBNDR_PREG_OBJ.
  • BUG 9688: Remove "experimental" label on "max protocol=SMB2" parameter.
  • BUG 9881: Check for system libtevent.

New in Samba 4.0.6 (May 21, 2013)

  • Jeremy Allison:
  • BUG 9412: SMB2 server doesn't support recvfile.
  • BUG 9722: Properly handle oplock breaks in compound requests.
  • BUG 9777: vfs_dirsort uses non-stackable calls, dirfd(), malloc instead of talloc and doesn't cope with directories being modified whilst reading.
  • BUG 9811: Old DOS SMB CTEMP request uses a non-VFS function to access the filesystem.
  • BUG 9822: Fix crash during Win8 sync.
  • Anand Avati:
  • BUG 9833: Function called in unix_convert() path can overwrite errno.
  • Andrew Bartlett:
  • BUG 9785: Use specified python for runtime installation of Samba.
  • BUG 9834: Fix segfault when loging in with wrong password from w2k8r2.
  • Alexander Bokovoy:
  • BUG 9767: Fix 'net ads join' when called via stdin.
  • David Disseldorp:
  • BUG 9807: wbinfo: Fix segfault in wbinfo_pam_logon.
  • BUG 9830: Fix panic in nt_printer_publish_ads.
  • Volker Lendecke:
  • BUG 9775: Fix segfault for "artificial" conn_structs in vfs_fake_perms.
  • BUG 9809: Package new dbwrap_tool man page.
  • BUG 9824: SMB signing and the async echo responder don't work together.
  • BUG 9832: talloc use after free in winbind4.
  • BUG 9854: Fix NULL pointer dereference in Winbind.
  • BUG 9868: Fix making LIBNDR_PREG_OBJ.
  • Stefan Metzmacher:
  • BUG 9545: Fix the build of vfs_notify_fam.
  • BUG 9803: Change '--with-dmapi' to 'default=auto' to match the autoconf build.
  • BUG 9804: wafsamba: Display the default value in help for SAMBA3_ADD_OPTION.
  • BUG 9382: Add support for PFC_FLAG_OBJECT_UUID when parsing packets.
  • Andreas Schneider:
  • BUG 9139: Fix the username map optimization.
  • BUG 9699: Fix adding case sensitive spn.
  • BUG 9766: Cache name_to_sid/sid_to_name correctly.
  • BUG 9817: Fix 'map untrusted to domain' with NTLMv2.
  • Richard Sharpe:
  • BUG 9722: Properly handle oplock breaks in compound requests.
  • Ralph Wuerthner:
  • BUG 9782: Fix panic when running 'smbtorture smb.base'.

New in Samba 3.6.15 (May 9, 2013)

  • BUG 9746: Fix "guest ok", "force user" and "force group" for guest users.
  • BUG 9830: Fix panic in nt_printer_publish_ads.
  • BUG 9854: Fix crash bug in Winbind.
  • BUG 9817: Fix 'map untrusted to domain' with NTLMv2.

New in Samba 3.6.14 (Apr 30, 2013)

  • Jeremy Allison:
  • BUG 9130: Certain xattrs cause Windows error 0x800700FF.
  • BUG 9724: Use is_encrypted_packet() function correctly inside server.
  • BUG 9733: Fix 'smbcontrol close-share' is not working.
  • BUG 9747: Make sure that we only propogate the INHERITED flag when we are allowed to.
  • BUG 9748: Remove unneeded fstat system call from hot read path.
  • BUG 9811: Fix bug in old create temp SMB request. Only use VFS functions.
  • David Disseldorp:
  • BUG 9650: New or deleted CUPS printerqueues are not recognized by Samba.
  • BUG 9807: wbinfo: Fix segfault in wbinfo_pam_logon.
  • Volker Lendecke:
  • BUG 9727: wkssvc: Fix NULL pointer dereference.
  • BUG 9736: smbd: Tune "dir" a bit.
  • BUG 9775: Fix segfault for "artificial" conn_structs.
  • BUG 9809: RHEL SPEC: Package dbwrap_tool man page.
  • Andreas Schneider:
  • BUG 9139: Fix the username map optimization.
  • BUG 9699: Fix adding case sensitive spn.
  • BUG 9723: Add a tool to migrate latin1 printing tdbs to registry.
  • BUG 9735: Fix Winbind separator in upn to username conversion.
  • BUG 9766: Cache name_to_sid/sid_to_name correctly.

New in Samba 4.0.5 (Apr 9, 2013)

  • BUG 9617: libnss-winbindd does not provide pass struct for groups mapped with ID_TYPE_BOTH and vice versa.
  • BUG 9653: idmap_autorid: Fix freeing of non-talloced memory.
  • BUG 9711: s4:winbindd: Do not drop the workgroup name in the getgrnam, getgrent and getgrgid calls.
  • BUG 9130: Certain xattrs cause Windows error 0x800700FF.
  • BUG 9519: Samba returns unexpected error on SMB posix open.
  • BUG 9642: Fix the build of vfs_afsacl.
  • BUG 9695: Backport tevent changes to bring library to version 0.9.18.
  • BUG 9706: Fix large reads/writes from some Linux clients.
  • BUG 9724: is_encrypted_packet() function incorrectly used inside server.
  • BUG 9733: Fix 'smbcontrol close-share'.
  • BUG 9748: Remove unneeded fstat system call from hot read path.
  • BUG 9760: Fix incorrect parsing of SMB2 command codes.
  • BUG 9643: Fix the build with --fake-kaserver.
  • BUG 9644: Fix compile of source3/lib/afs.c.
  • BUG 9669: Fix crash in 'net rpc join' against a Samba 3.0.33 PDC.
  • BUG 9666: Fix filtering of link-local addresses.
  • BUG 9663: 'make test' hangs.
  • BUG 9697: DsReplicaGetInfo fails due to sendto() EMSGSIZE error on UNIX domain socket.
  • BUG 9703: Fix build on solaris8: Do not force a specific perl on pod2man.
  • BUG 9717: Set LD_LIBRARY_PATH in install_with_python.sh.
  • BUG 9718: s4-idmap: Remove requirement that posixAccount or posixGroup be set for rfc2307.
  • BUG 9719: Allow forcing an override of an old @MODULES record.
  • BUG 9720: Do not print the admin password during 'samba-tool classicupgrade'.
  • BUG 9721: Make samba_upgradedns more robust (do not guess addresses when just changing roles).
  • BUG 9725: upgradeprovision and 'samba-tool dbcheck' patches for 4.0.NEXT.
  • BUG 9728: DO NOT install samba_upgradeprovision in 4.0.x.
  • BUG 9739: PIDL: Build fixes for hosts without CPP (Solaris 11).
  • BUG 9740: Add 'samba-tool dbcheck --reset-well-known-acls'.
  • BUG 9267: Can't delegate adding computers to domain.
  • BUG 9636: PIDL: Fix parsing linemarkers in preprocessor output.
  • BUG 9639: Rename internal subsystem pdb_ldap to pdb_ldapsam.
  • BUG 9646: Make SMB2_GETINFO multi-volume aware.
  • BUG 9633: Recursive mget should continue on EPERM.
  • BUG 9656: Work around FreeBSD's getaddrinfo() underscore issue.
  • BUG 9696: Remove incomplete samba_dnsupdate IPv6 link-local address check.
  • BUG 9697: Handle EMSGSIZE on UNIX domain sockets.
  • BUG 7825: Fix GNU ld version detection with old gcc releases.
  • BUG 9039: Never try to map global SAM name.
  • BUG 9701: Fix vfs_catia and update documentation.
  • BUG 9695: Backport tevent changes to bring library to version 0.9.18.
  • BUG 9727: Fix NULL pointer dereference.
  • BUG 9736: Change to smbd/dir.c code gives significant performance increases on large directory listings.
  • BUG 9557: Fix build on AIX.
  • BUG 9625: Reauth-capable client fails to access shares on Windows member.
  • BUG 9695: Backport tevent changes to bring library to version 0.9.18.
  • BUG 9706: Parameter is incorrect on Android.
  • BUG 9664: Fix correct linking of libreplace with cmdline-credentials.
  • BUG 9683: Fix several resource (fd) leaks.
  • BUG 9685: Fix a memory leak in spoolss rpc server.
  • BUG 9686: Fix a possible buffer overrun in pdb_smbpasswd.
  • BUG 9687: Fix several possible null pointer dereferences.
  • BUG 9723: Add a tool to migrate latin1 printing tdbs to registry.
  • BUG 9735: Fix Winbind separator in upn to username conversion.
  • BUG 9758: Don't leak the epm_Map policy handle.
  • BUG 9674: Samba denies owner Read Control when there is a DENY entry while W2K08 does not.
  • BUG 9689: Make sure that domain joins work correctly when the DC disallows NTLM auth.
  • BUG 9704: Fix nss_winbind name on FreeBSD.
  • BUG 9747: Make sure that we only propogate the INHERITED flag when we are allowed to.

New in Samba 4.0.4 (Mar 19, 2013)

  • This is a security release in order to address CVE-2013-1863 (World-writeable files may be created in additional shares on a Samba 4.0 AD DC).

New in Samba 3.6.13 (Mar 19, 2013)

  • Fix two resource leaks in winbindd (bug #9684).
  • Unlink after open causes smbd to panic (bug #9571).

New in Samba 4.0.3 (Feb 6, 2013)

  • Michael Adam:
  • BUG 9568: Document the command line options in dbwrap_tool(1).
  • Jeremy Allison:
  • BUG 9196: defer_open is triggered multiple times on the same request.
  • BUG 9518: conn->share_access appears not be be reset between users.
  • BUG 9550: sigprocmask does not work on FreeBSD to stop further signals in a signal handler.
  • BUG 9572: Fix file corruption during SMB1 read by Mac OSX 10.8.2 clients.
  • BUG 9586: smbd[29175]: disk_free: sys_popen() failed" message logged in /var/log/message many times.
  • BUG 9587: Archive flag is always set on directories.
  • BUG 9588: ACLs are not inherited to directories for DFS shares.
  • Andrew Bartlett:
  • BUG 8909: Fix ACL problem with delegation of privileges and deletion of accounts over LDAP interface.
  • BUG 9461: FSMO seize of naming role fails: NT_STATUS_IO_TIMEOUT.
  • BUG 9564: Fix compilation of Solaris ACL module.
  • BUG 9581: gensec: Allow login without a PAC by default.
  • BUG 9596: Linked attribute handling should be by GUID.
  • BUG 9598: Use pid,task_id as cluster_id in process_single just like process_prefork.
  • BUG 9609: ldb: Ensure to decrement the transaction_active whenever we delete a transaction.
  • BUG 9609: Add 'ldbdump' tool.
  • BUG 9609: ldb: Remove no-longer-existing ltdb_unpack_data_free from ldb_tdb.h.
  • BUG 9609: ldb: Change ltdb_unpack_data to take an ldb_context.
  • BUG 9610: dsdb: Make secrets_tdb_sync cope with -H secrets.ldb.
  • Björn Baumbach:
  • BUG 9512: wafsamba: Use additional xml catalog file.
  • BUG 9517: samba_dnsupdate: Set KRB5_CONFIG for nsupdate command.
  • BUG 9552: smb.conf(5): Update list of available protocols.
  • BUG 9568: Add dbwrap_tool.1 manual page.
  • BUG 9569: ntlm_auth(1): Fix format and make examples visible.
  • Ira Cooper:
  • BUG 9575: Duplicate flags defined in the winbindd protocol.
  • Gönther Deschner:
  • BUG 9474: Downgrade v4 printer driver requests to v3.
  • BUG 9595: s3-winbind: Fix the build of idmap_ldap.
  • David Disseldorp:
  • BUG 9378: Add extra attributes for AD printer publishing.
  • Stephen Gallagher:
  • BUG 9609: ldb: Move doxygen comments for ldb_connect to the right place.
  • Volker Lendecke:
  • BUG 9541: Make use of posix_openpt.
  • BUG 9544: Fix build of vfs_commit and plug in async pwrite support.
  • BUG 9546: Fix aio_suspend detection on FreeBSD.
  • BUG 9548: Correctly detect O_DIRECT.
  • BUG 9549: smbd: Fix memleak in the async echo handler.
  • Stefan Metzmacher:
  • BUG 8909: Fix ACL problem with delegation of privileges and deletion of accounts over LDAP interface.
  • BUG 9105: check_password_quality: Handle non-ASCII characters properly.
  • BUG 9481: samba_upgradeprovision: fix the nTSecurityDescriptor on more containers.
  • BUG 9499: s3:smb2_negprot: set the 'remote_proto' value.
  • BUG 9508: s4:drsuapi: Make sure we report the meta data from the cycle start.
  • BUG 9540: terminate the irpc_servers_byname() result with server_id_set_disconnected().
  • BUG 9598: Fix timeouts of some IRPC calls.
  • BUG 9609: Fix a warning by converting from TDB_DATA to struct ldb_val.
  • Matthieu Patou:
  • BUG 8909: Add documentation.
  • BUG 9565: Adding additional Samba 4.0 DC to W2k8 srv AD domain (in win200 functional level) produces dbcheck errors.
  • Arvid Requate:
  • BUG 9555: s4-resolve: Fix parsing of IPv6/AAAA in dns_lookup.
  • Rusty Russell:
  • BUG 9609: tdb: Add '-e' option to tdbdump (and document it).
  • BUG 9609: tdb: 'tdbdump' should log errors, and fail in that case.
  • BUG 9609: tdb: Add tdb_rescue() to allow an emergency best-effort dump.
  • Samba-JP oota:
  • BUG 9528: Remove superfluous bracket in samba.8.xml.
  • BUG 9530: Fix typo in vfs_tsmsm.8.xml.
  • Andreas Schneider:
  • BUG 9574: Fix a possible null pointer dereference in spoolss.
  • Karolin Seeger:
  • BUG 9591: Correct meta data in ldb manpages.
  • Pavel Shilovsky:
  • BUG 9571: Fix 'smbd' panic triggered by unlink after open.
  • Andrew Tridgell:
  • BUG 9609: ldb: Fix callers for ldb_pack_data() and ldb_unpack_data().
  • BUG 9609: ldb: move ldb_pack.c into common.
  • Jelmer Vernooij:
  • BUG 9503: waf assumes that pythonX.Y-config is a Python script.

New in Samba 3.5.21 (Jan 30, 2013)

  • This is a security release in order to address CVE-2013-0213 (Clickjacking issue in SWAT) and CVE-2013-0214 (Potential XSRF in SWAT).
  • CVE-2013-0213: All current released versions of Samba are vulnerable to clickjacking in the Samba Web Administration Tool (SWAT). When the SWAT pages are integrated into a malicious web page via a frame or iframe and then overlaid by other content, an attacker could trick an administrator to potentially change Samba settings. In order to be vulnerable, SWAT must have been installed and enabled either as a standalone server launched from inetd or xinetd, or as a CGI plugin to Apache. If SWAT has not been installed or enabled (which is the default install state for Samba) this advisory can be ignored.
  • CVE-2013-0214: All current released versions of Samba are vulnerable to a cross-site request forgery in the Samba Web Administration Tool (SWAT). By guessing a user's password and then tricking a user who is authenticated with SWAT into clicking a manipulated URL on a different web page, it is possible to manipulate SWAT.
  • In order to be vulnerable, the attacker needs to know the victim's password. Additionally SWAT must have been installed and enabled either as a standalone server launched from inetd or xinetd, or as a CGI plugin to Apache. If SWAT has not been installed or enabled (which is the default install state for Samba) this advisory can be ignored.

New in Samba 3.6.12 (Jan 30, 2013)

  • This is a security release in order to address CVE-2013-0213 (Clickjacking issue in SWAT) and CVE-2013-0214 (Potential XSRF in SWAT).
  • CVE-2013-0213: All current released versions of Samba are vulnerable to clickjacking in the Samba Web Administration Tool (SWAT). When the SWAT pages are integrated into a malicious web page via a frame or iframe and then overlaid by other content, an attacker could trick an administrator to potentially change Samba settings. In order to be vulnerable, SWAT must have been installed and enabled either as a standalone server launched from inetd or xinetd, or as a CGI plugin to Apache. If SWAT has not been installed or enabled (which is the default install state for Samba) this advisory can be ignored.
  • CVE-2013-0214: All current released versions of Samba are vulnerable to a cross-site request forgery in the Samba Web Administration Tool (SWAT). By guessing a user's password and then tricking a user who is authenticated with SWAT into clicking a manipulated URL on a different web page, it is possible to manipulate SWAT.
  • In order to be vulnerable, the attacker needs to know the victim's password. Additionally SWAT must have been installed and enabled either as a standalone server launched from inetd or xinetd, or as a CGI plugin to Apache. If SWAT has not been installed or enabled (which is the default install state for Samba) this advisory can be ignored.

New in Samba 4.0.2 (Jan 30, 2013)

  • This is a security release in order to address CVE-2013-0213 (Clickjacking issue in SWAT) and CVE-2013-0214 (Potential XSRF in SWAT).
  • CVE-2013-0213: All current released versions of Samba are vulnerable to clickjacking in the Samba Web Administration Tool (SWAT). When the SWAT pages are integrated into a malicious web page via a frame or iframe and then overlaid by other content, an attacker could trick an administrator to potentially change Samba settings. In order to be vulnerable, SWAT must have been installed and enabled either as a standalone server launched from inetd or xinetd, or as a CGI plugin to Apache. If SWAT has not been installed or enabled (which is the default install state for Samba) this advisory can be ignored.
  • CVE-2013-0214: All current released versions of Samba are vulnerable to a cross-site request forgery in the Samba Web Administration Tool (SWAT). By guessing a user's password and then tricking a user who is authenticated with SWAT into clicking a manipulated URL on a different web page, it is possible to manipulate SWAT.
  • In order to be vulnerable, the attacker needs to know the victim's password. Additionally SWAT must have been installed and enabled either as a standalone server launched from inetd or xinetd, or as a CGI plugin to Apache. If SWAT has not been installed or enabled (which is the default install state for Samba) this advisory can be ignored.

New in Samba 3.6.11 (Jan 22, 2013)

  • Jeremy Allison:
  • BUG 9196: defer_open is triggered multiple times on the same request.
  • BUG 9550: Mask off signals the correct way from the signal handler.
  • Björn Baumbach:
  • BUG 9569: ntlm_auth.1: Fix format and make examples visible.
  • Tsukasa Hamano:
  • BUG 9471: Fix SEGV when using second vfs module.
  • Volker Lendecke:
  • BUG 9548: Correctly detect O_DIRECT.
  • BUG 9546: Fix aio_suspend detection on FreeBSD.

New in Samba 4.0.1 (Jan 15, 2013)

  • This is a security release in order to address CVE-2013-0172.
  • CVE-2013-0172: Samba 4.0.0 as an AD DC may provide authenticated users with write access to LDAP directory objects.
  • In AD, Access Control Entries can be assigned based on the objectClass of the object. If a user or a group the user is a member of has any access based on the objectClass, then that user has write access to that object.
  • Additionally, if a user has write access to any attribute on the object, they may have access to write to all attributes.
  • An important mitigation is that anonymous access is totally disabled by default. The second important mitigation is that normal users are typically only given the problematic per-objectClass right via the "pre-windows 2000 compatible access" group, and Samba 4.0.0 incorrectly does not make "authenticated users" part of this group.
  • Changes since 4.0.0:
  • Bug 9554 - CVE-2013-0172 - Samba 4.0 as an AD DC may provide authenticated users with write access to LDAP directory objects.

New in Samba 3.5.20 (Dec 18, 2012)

  • This is a bugfix release.

New in Samba 4.0.0 RC3 (Oct 26, 2012)

  • Samba 4.0 supports the server-side of the Active Directory logon environment used by Windows 2000 and later, so we can do full domain join and domain logon operations with these clients.
  • Our Domain Controller (DC) implementation includes our own built-in LDAP server and Kerberos Key Distribution Center (KDC) as well as the Samba3-like logon services provided over CIFS. We correctly generate the infamous Kerberos PAC, and include it with the Kerberos tickets we issue.
  • Samba 4.0.0rc3 ships with two distinct file servers. We now use the file server from the Samba 3.x series 'smbd' for all file serving by default.
  • Samba 4.0 also ships with the 'NTVFS' file server. This file server is what was used in all previous releases of Samba 4.0, and is tuned to match the requirements of an AD domain controller. We continue to support this, not only to provide continuity to installations that have deployed it as part of an AD DC, but also as a running example of the NT-FSA architecture we expect to move smbd to in the longer term.
  • For pure file server work, the binaries users would expect from that series (nmbd, winbindd, smbpasswd) continue to be available. When running an AD DC, you only need to run 'samba' (not nmbd/smbd/winbind), as the required services are co-coordinated by this master binary.
  • As DNS is an integral part of Active Directory, we also provide two DNS solutions, a simple internal DNS server for 'out of the box' configurations and a more elaborate BIND plugin using the BIND DLZ mechanism in versions 9.8 and 9.9. During the provision, you can select which backend to use. With the internal backend, your DNS server is good to go. If you chose the BIND_DLZ backend, a configuration file will be generated for bind to make it use this plugin, as well as a file explaining how to set up bind.
  • To provide accurate timestamps to Windows clients, we integrate with the NTP project to provide secured NTP replies. To use you need to start ntpd and configure it with the 'restrict ... ms-sntp' and ntpsigndsocket options.
  • Finally, a new scripting interface has been added to Samba 4, allowing Python programs to interface to Samba's internals, and many tools and internal workings of the DC code is now implemented in python.

New in Samba 3.5.16 (Jul 3, 2012)

  • This is a bugfix release in the 3.5 release series.

New in Samba 3.4.2 (Oct 2, 2009)

  • This is a security release in order to address CVE-2009-2813, CVE-2009-2948 and CVE-2009-2906.

New in Samba 3.3.6 (Jun 23, 2009)

  • Fix for CVE-2009-1888:
  • In Samba 3.0.31 to 3.3.5 (inclusive), an uninitialized read of a data value can potentially affect access control when "dos filemode" is set to "yes".