1 <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
2 "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
3 <html xmlns="http://www.w3.org/1999/xhtml">
5 <title>Samba 4.15.3 - Release Notes</title>
8 <H2>Samba 4.15.3 Available for Download</H2>
10 <a href="https://download.samba.org/pub/samba/stable/samba-4.15.3.tar.gz">Samba 4.15.3 (gzipped)</a><br>
11 <a href="https://download.samba.org/pub/samba/stable/samba-4.15.3.tar.asc">Signature</a>
14 <a href="https://download.samba.org/pub/samba/patches/samba-4.15.2-4.15.3.diffs.gz">Patch (gzipped) against Samba 4.15.2</a><br>
15 <a href="https://download.samba.org/pub/samba/patches/samba-4.15.2-4.15.3.diffs.asc">Signature</a>
19 ==============================
20 Release Notes for Samba 4.15.3
22 ==============================
25 This is the latest stable release of the Samba 4.15 release series.
30 There have been a few regressions in the security release 4.15.2:
32 o CVE-2020-25717: A user on the domain can become root on domain members.
33 https://www.samba.org/samba/security/CVE-2020-25717.html
35 The instructions have been updated and some workarounds
36 initially adviced for 4.15.2 are no longer required and
37 should be reverted in most cases.
39 o BUG-14902: User with multiple spaces (eg Fred<space><space>Nurk) become
40 un-deletable. While this release should fix this bug, it is
41 adviced to have a look at the bug report for more detailed
42 information, see https://bugzilla.samba.org/show_bug.cgi?id=14902.
47 o Jeremy Allison <jra@samba.org>
48 * BUG 14878: Recursive directory delete with veto files is broken in 4.15.0.
49 * BUG 14879: A directory containing dangling symlinks cannot be deleted by
50 SMB2 alone when they are the only entry in the directory.
51 * BUG 14892: SIGSEGV in rmdir_internals/synthetic_pathref - dirfsp is used
52 uninitialized in rmdir_internals().
54 o Andrew Bartlett <abartlet@samba.org>
55 * BUG 14694: MaxQueryDuration not honoured in Samba AD DC LDAP.
56 * BUG 14901: The CVE-2020-25717 username map [script] advice has undesired
57 side effects for the local nt token.
58 * BUG 14902: User with multiple spaces (eg Fred<space><space>Nurk) become
61 o Ralph Boehme <slow@samba.org>
62 * BUG 14127: Avoid storing NTTIME_THAW (-2) as value on disk.
63 * BUG 14882: smbXsrv_client_global record validation leads to crash if
64 existing record points at non-existing process.
65 * BUG 14890: Crash in vfs_fruit asking for fsp_get_io_fd() for an XATTR call.
66 * BUG 14897: Samba process doesn't log to logfile.
67 * BUG 14907: set_ea_dos_attribute() fallback calling
68 get_file_handle_for_metadata() triggers locking.tdb assert.
69 * BUG 14922: Kerberos authentication on standalone server in MIT realm
71 * BUG 14923: Segmentation fault when joining the domain.
73 o Alexander Bokovoy <ab@samba.org>
74 * BUG 14903: Support for ROLE_IPA_DC is incomplete.
76 o Günther Deschner <gd@samba.org>
77 * BUG 14767: rpcclient cannot connect to ncacn_ip_tcp services anymore
78 * BUG 14893: winexe crashes since 4.15.0 after popt parsing.
80 o Volker Lendecke <vl@samba.org>
81 * BUG 14908: net ads status -P broken in a clustered environment.
83 o Stefan Metzmacher <metze@samba.org>
84 * BUG 14788: Memory leak if ioctl(FSCTL_VALIDATE_NEGOTIATE_INFO) fails before
86 * BUG 14882: smbXsrv_client_global record validation leads to crash if
87 existing record points at non-existing process.
88 * BUG 14899: winbindd doesn't start when "allow trusted domains" is off.
89 * BUG 14901: The CVE-2020-25717 username map [script] advice has undesired
90 side effects for the local nt token.
92 o Andreas Schneider <asn@samba.org>
93 * BUG 14767: rpcclient cannot connect to ncacn_ip_tcp services anymore.
94 * BUG 14883: smbclient login without password using '-N' fails with
95 NT_STATUS_INVALID_PARAMETER on Samba AD DC.
96 * BUG 14912: A schannel client incorrectly detects a downgrade connecting to
98 * BUG 14921: Possible null pointer dereference in winbind.
100 o Andreas Schneider <asn@cryptomilk.org>
101 * BUG 14846: Fix -k legacy option for client tools like smbclient, rpcclient,
104 o Martin Schwenke <martin@meltin.net>
105 * BUG 14872: Add Debian 11 CI bootstrap support.
107 o Joseph Sutton <josephsutton@catalyst.net.nz>
108 * BUG 14694: MaxQueryDuration not honoured in Samba AD DC LDAP.
109 * BUG 14901: The CVE-2020-25717 username map [script] advice has undesired
110 side effects for the local nt token.
112 o Andrew Walker <awalker@ixsystems.com>
113 * BUG 14888: Crash in recycle_unlink_internal().