- ===============================
- Release Notes for Samba 3.5.0rc3
- February 19, 2010
+ =============================
+ Release Notes for Samba 3.5.5
+ September 14, 2010
+ =============================
+
+
+This is a security release in order to address CVE-2010-3069.
+
+
+o CVE-2010-3069:
+ All current released versions of Samba are vulnerable to
+ a buffer overrun vulnerability. The sid_parse() function
+ (and related dom_sid_parse() function in the source4 code)
+ do not correctly check their input lengths when reading a
+ binary representation of a Windows SID (Security ID). This
+ allows a malicious client to send a sid that can overflow
+ the stack variable that is being used to store the SID in the
+ Samba smbd server.
+
+
+Changes since 3.5.4
+--------------------
+
+
+o Jeremy Allison <jra@samba.org>
+ * BUG 7669: Fix for CVE-2010-3069.
+
+
+o Andrew Bartlett <abartlet@samba.org>
+ * BUG 7669: Fix for CVE-2010-3069.
+
+
+######################################################################
+Reporting bugs & Development Discussion
+#######################################
+
+Please discuss this release on the samba-technical mailing list or by
+joining the #samba-technical IRC channel on irc.freenode.net.
+
+If you do report problems then please try to send high quality
+feedback. If you don't provide vital information to help us track down
+the problem then you will probably be ignored. All bug reports should
+be filed under the Samba 3.5 product in the project's Bugzilla
+database (https://bugzilla.samba.org/).
+
+
+======================================================================
+== Our Code, Our Bugs, Our Responsibility.
+== The Samba Team
+======================================================================
+
+
+Release notes for older releases follow:
+----------------------------------------
+
+ =============================
+ Release Notes for Samba 3.5.4
+ June 23, 2010
+ =============================
+
+
+This is the latest stable release of Samba 3.5.
+
+Major enhancements in Samba 3.5.4 include:
+
+ o Fix smbd crash when sambaLMPassword and sambaNTPassword entries missing
+ from ldap (bug #7448).
+ o Fix init_sam_from_ldap storing group in sid2uid cache (bug #7507).
+
+
+Changes since 3.5.3
+-------------------
+
+
+o Michael Adam <obnox@samba.org>
+ * BUG 7507: Fix init_sam_from_ldap storing group in sid2uid cache.
+
+
+o Jeremy Allison <jra@samba.org>
+ * BUG 7188: Make ea data checks identical for trans2open and trans2mkdir.
+ * BUG 7410: Samba sends "raw" inode number as uniqueid with unix extensions.
+ * BUG 7449: Fix spnego returning incorrect mechListMIC string.
+
+
+o Günther Deschner <gd@samba.org>
+ * BUG 7341: Fix Winbind over IPv6.
+ * BUG 7459: Fix some crash bugs and missing error codes in AddDriver paths.
+ * BUG 7479: Fix crash bug in _samr_QueryUserInfo{2} level 18.
+ * BUG 7517: Fix session setup from linux kernel cifs clients with
+ "sec=ntlmv2".
+
+
+o Olaf Flebbe <o.flebbe@science-computing.de>
+ * BUG 7209: Fix build on RHEL5.
+
+
+o Björn Jacke <bj@sernet.de>
+ * BUG 7427: Using IBM xl_C compiler produces wrong results in configure.
+ * BUG 7503: Fix calculation of st_blocks in vfs_streams_xattr.
+ * BUG 7504: Fix numerous build issues.
+
+
+o Volker Lendecke <vl@samba.org>
+ * BUG 7253: Fix Samba login cache problem on Sparc Architecture.
+ * BUG 7262: Fix editing users' groups via UsrMgr.
+
+
+o Buchan Milne <bgmilne@mandriva.org>
+ * BUG 7500: Fix 'not a string literal' warning in netdomjoin-gui.
+
+
+o Matthieu Patou <mat@matws.net>
+ * BUG 7099: Allow previous password to be stored and use it to check
+ tickets.
+
+
+o Andreas Schneider <asn@samba.org>
+ * BUG 7423: Fix printing large formats.
+
+
+o Roel van Meer <rolek@bokxing.nl>
+ * BUG 7448: Fix smbd crash when sambaLMPassword and sambaNTPassword entries
+ missing from ldap.
+
+
+######################################################################
+Reporting bugs & Development Discussion
+#######################################
+
+Please discuss this release on the samba-technical mailing list or by
+joining the #samba-technical IRC channel on irc.freenode.net.
+
+If you do report problems then please try to send high quality
+feedback. If you don't provide vital information to help us track down
+the problem then you will probably be ignored. All bug reports should
+be filed under the Samba 3.5 product in the project's Bugzilla
+database (https://bugzilla.samba.org/).
+
+
+======================================================================
+== Our Code, Our Bugs, Our Responsibility.
+== The Samba Team
+======================================================================
+
+
+----------------------------------------------------------------------
+
+
+ =============================
+ Release Notes for Samba 3.5.3
+ May 19, 2010
+ =============================
+
+
+This is the latest stable release of Samba 3.5.
+
+Major enhancements in Samba 3.5.3 include:
+
+ o Fix MS-DFS functionality (bug #7339).
+ o Fix a Winbind crash when scanning trusts (bug #7389).
+ o Fix problems with SIGCHLD handling in Winbind (bug #7317).
+
+
+Changes since 3.5.2
+-------------------
+
+
+o Jeremy Allison <jra@samba.org>
+ * BUG 7288: Fix SMB job IDs in CUPS job names.
+ * BUG 7339: Fix MS-DFS functionality.
+
+
+o Andrew Bartlett <abartlet@samba.org>
+ * BUG 7354: Fix CLDAP tsocket problem on Solaris.
+
+
+o Ira Cooper <samba@ira.wakeful.net>
+ * BUG 7384: Fix bitmap leak in dptr_Close.
+
+
+o Günther Deschner <gd@samba.org>
+ * BUG 7277: Fix exporting printers via 'cupsaddsmb' command.
+ * BUG 7417: Fix setting of passwords via 'net rpc user password' command.
+ * BUG 7418: Fix 'net rpc printer list' command.
+
+
+o Olaf Flebbe <o.flebbe@science-computing.de>
+ * BUG 7421: Rename mod_name to module_name.
+
+
+o Björn Jacke <bj@sernet.de>
+ * BUG 7352: Make TIME_T_MAX defines consistent.
+ * BUG 7385: Fix building with Solaris' gcc.
+
+
+o Jeff Layton <jlayton@redhat.com>
+ * BUG 7315: Fix segfault in mount.cifs.
+
+
+o Volker Lendecke <vl@samba.org>
+ * BUG 7357: Re-fix a bug with smbd serving a windows terminal server.
+ * BUG 7389: Fix a Winbind crash when scanning trusts.
+ * BUG 7398: Fix rename problems with full_audit VFS module.
+
+
+o Jim McDonough <jmcd@samba.org>
+ * BUG 7378: Display an error on 'net conf import' failures.
+
+
+o Stefan Metzmacher <metze@samba.org>
+ * BUG 7196: Add replacement for IPV6_V6ONLY on linux systems with broken
+ headers.
+ * BUG 7317: Fix problems with SIGCHLD handling in Winbind.
+ * BUG 7354: Fix CLDAP tsocket problem on Solaris.
+
+
+o Luca Olivetti <luca@wetron.es>
+ * BUG 7263: Fix cups encryption setting.
+
+
+######################################################################
+Reporting bugs & Development Discussion
+#######################################
+
+Please discuss this release on the samba-technical mailing list or by
+joining the #samba-technical IRC channel on irc.freenode.net.
+
+If you do report problems then please try to send high quality
+feedback. If you don't provide vital information to help us track down
+the problem then you will probably be ignored. All bug reports should
+be filed under the Samba 3.5 product in the project's Bugzilla
+database (https://bugzilla.samba.org/).
+
+
+======================================================================
+== Our Code, Our Bugs, Our Responsibility.
+== The Samba Team
+======================================================================
+
+
+----------------------------------------------------------------------
+
+
+ =============================
+ Release Notes for Samba 3.5.2
+ April 7, 2010
+ =============================
+
+
+This is the latest stable release of Samba 3.5.
+
+Major enhancements in Samba 3.5.2 include:
+
+ o Fix smbd segfaults in _netr_SamLogon for clients sending null domain
+ (bug #7237).
+ o Fix smbd segfaults in "waiting for connections" message (bug #7251).
+ o Fix an uninitialized variable read in smbd (bug #7254).
+ o Fix a memleak in Winbind (bug #7278).
+ o Fix Winbind reconnection to it's own domain (bug #7295).
+
+
+Changes since 3.5.1
+-------------------
+
+
+o Michael Adam <obnox@samba.org>
+ * BUG 7231: Fix automatic building of vfs_tsmsm if gpfs and dmapi are
+ present.
+ * BUG 7232: Fix race conditions in CTDB persistent transactions.
+ * BUG 7313: Make 'net conf addshare' atomic.
+ * BUG 7314: Eliminate race condition in creating/scanning sorted subkeys in
+ the registry backend.
+
+
+o Jeremy Allison <jra@samba.org>
+ * BUG 7075: Fix bug in vfs_scannedonly rmdir implementation.
+ * BUG 7159: Fix handling of bad server data returns in client rpc_transport.
+ * BUG 7234: Symlink delete fails but incorrectly reports success to client.
+ * BUG 7255: Fix "printer admin" functionality.
+ * BUG 7283: Fix smbd segfault if using vfs_acl_tdb.
+ * BUG 7297: Fix smbd crashes with CUPS printers and no [printers] share defined.
+ * BUG 7310: Fix DOS attribute inconsistency with MS Office.
+
+
+o Kai Blin <kai@samba.org>
+ * BUG 7290: Fix core dump in 'ntlm_auth' with "gss-spnego" helper.
+
+
+o Günther Deschner <gd@samba.org>
+ * BUG 6727: Fix several printing issues.
+ * BUG 7237: Fix smbd segfaults in _netr_SamLogon for clients sending
+ null domain.
+ * BUG 7256: Fix value-needed calculation in_spoolss_EnumPrinterData().
+ * BUG 7258: Fix _winreg_QueryValue crash bugs and implement Windows
+ behavior.
+
+
+o Holger Hetterich <hhetter@novell.com>
+ * BUG 7203: Fix 'net share' command.
+
+
+o Michael Karcher <samba@mkarcher.dialup.fu-berlin.de>
+ * BUG 7269: Fix job management commands for CUPS queues.
+
+
+o Jeff Layton <jlayton@redhat.com>
+ * BUG 6853: Fix race condition in mount.cifs that allows user to replace
+ mountpoint with a symlink.
+
+
+o Volker Lendecke <vl@samba.org>
+ * BUG 5198: Fix parsing of the gecos field.
+ * BUG 7202: Fix access by multi-threaded applications.
+ * BUG 7212: Fix returning of group members with 'getent group'.
+ * BUG 7216: Fix the build of net_afs.c with --fake-kaserver=yes.
+ * BUG 7229: Fix a NULL pointer dereference in smbd.
+ * BUG 7232: Fix race conditions in CTDB persistent transactions.
+ * BUG 7254: Fix an uninitialized variable read in smbd.
+ * BUG 7278: Fix a memleak in Winbind.
+
+
+o Roel van Meer <rolek@alt001.com>
+ * BUG 6814: Fix valgrind warning.
+
+
+o Stefan Metzmacher <metze@samba.org>
+ * BUG 7170: Never mark external domains as internal in Winbind.
+ * BUG 7225: Make Winbind logs more verbose for troubleshooting.
+ * BUG 7251: Fix smbd segfault in "waiting for connections" message.
+ * BUG 7295: Fix Winbind reconnection to it's own domain.
+ * BUG 7316: Winbind possibly segfaults when trying a trusted domain without
+ inbound trust.
+
+
+o SATOH Fumiyasu <fumiyas@osstech.co.jp>
+ * BUG 1206: Fix segfault if hide files or veto files has no ".AppleDouble".
+
+
+o Simo Sorce <idra@samba.org>
+ * BUG 7204: Fix DN parsing name was always null.
+
+
+o Andrew Tridgell <tridge@samba.org>
+ * BUG 7312: Many disconnecting clients render clustered Samba unusuable
+ for some time.
+
+
+o Bo Yang <boyang@samba.org>
+ * BUG 7206: Signals are processed twice in child.
+
+
+
+######################################################################
+Reporting bugs & Development Discussion
+#######################################
+
+Please discuss this release on the samba-technical mailing list or by
+joining the #samba-technical IRC channel on irc.freenode.net.
+
+If you do report problems then please try to send high quality
+feedback. If you don't provide vital information to help us track down
+the problem then you will probably be ignored. All bug reports should
+be filed under the Samba 3.5 product in the project's Bugzilla
+database (https://bugzilla.samba.org/).
+
+
+======================================================================
+== Our Code, Our Bugs, Our Responsibility.
+== The Samba Team
+======================================================================
+
+----------------------------------------------------------------------
+
+ =============================
+ Release Notes for Samba 3.5.1
+ March 8, 2010
+ =============================
+
+
+This is a security release in order to address CVE-2010-0728.
+
+
+o CVE-2010-0728:
+ In Samba releases 3.5.0, 3.4.6 and 3.3.11, new code
+ was added to fix a problem with Linux asynchronous IO handling.
+ This code introduced a bad security flaw on Linux platforms if the
+ binaries were built on Linux platforms with libcap support.
+ The flaw caused all smbd processes to inherit CAP_DAC_OVERRIDE
+ capabilities, allowing all file system access to be allowed
+ even when permissions should have denied access.
+
+
+Changes since 3.5.0
+-------------------
+
+
+o Jeremy Allison <jra@samba.org>
+ * BUG 7222: Fix for CVE-2010-0728.
+
+
+######################################################################
+Reporting bugs & Development Discussion
+#######################################
+
+Please discuss this release on the samba-technical mailing list or by
+joining the #samba-technical IRC channel on irc.freenode.net.
+
+If you do report problems then please try to send high quality
+feedback. If you don't provide vital information to help us track down
+the problem then you will probably be ignored. All bug reports should
+be filed under the Samba 3.5 product in the project's Bugzilla
+database (https://bugzilla.samba.org/).
+
+
+======================================================================
+== Our Code, Our Bugs, Our Responsibility.
+== The Samba Team
+======================================================================
+
+
+----------------------------------------------------------------------
+
+
+ =============================
+ Release Notes for Samba 3.5.0
+ March 1, 2010
===============================
-This is the third release candidate of Samba 3.5. This is *not*
-intended for production environments and is designed for testing
-purposes only. Please report any defects via the Samba bug reporting
-system at https://bugzilla.samba.org/.
+This is the first stable release of Samba 3.5.
+
Major enhancements in Samba 3.5.0 include:
* Implement the new SMB2 protocol (experimental).
+Changes since 3.5.0rc3
+----------------------
+
+
+o Günther Deschner <gd@samba.org>
+ * BUG 7181: Fix 'net ads dns' usage calls.
+ * BUG 7182: Fix uninitialized variable in wkssvc_enumerateusers.
+
+
+o Volker Lendecke <vl@samba.org>
+ * BUG 7145: Fix duplicate sam and unix accounts.
+ * BUG 7166: Avoid calling cli_alloc_mid twice in cli_smb_req_iov_send.
+
+
+o Stefan Metzmacher <metze@samba.org>
+ * BUG 7160: Keep the the correct negotiate_flags on the cli->dc structure.
+
+
Changes since 3.5.0rc2
----------------------
== Our Code, Our Bugs, Our Responsibility.
== The Samba Team
======================================================================
-
git.samba.org / samba.git / blobdiff