+ ==============================
+ Release Notes for Samba 3.5.11
+ August 4, 2011
+ ==============================
+
+
+This is the latest stable release of Samba 3.5.
+
+Major enhancements in Samba 3.5.11 include:
+
+o Fix access to Samba shares when Windows security patch KB2536276 is installed
+ (bug #7460).
+o Fix DoS in Winbind and smbd with many file descriptors open (bug #7949).
+o Fix Winbind panics if verify_idpool() fails (bug #8253).
+
+
+Changes since 3.5.10:
+--------------------
+
+
+o Jeremy Allison <jra@samba.org>
+ * BUG 7462: Make SA_RESETHAND conditional on its existance.
+ * BUG 8254: Make "acl check permissions = no" working in all cases.
+
+
+o Gregor Beck <gbeck@sernet.de>
+ * BUG 8253: Fix Winbind panics if verify_idpool() fails.
+
+
+o David Disseldorp <ddiss@suse.de>
+ * BUG 8269: Stop spamming log with "Could not find child X -- ignoring"
+ messages in smbd.
+
+
+o Björn Jacke <bj@sernet.de>
+ * BUG 7460: Include sys/file.h only when available.
+
+
+o Volker Lendecke <vl@samba.org>
+ * BUG 7841: Explicitly pass domain_sid to wbint_LookupRids().
+ * BUG 8238: Fix access to Samba shares when Windows security patch
+ KB2536276 is installed.
+ * BUG 8322: Add HAVE_FUNCTION_ATTRIBUTE_DESTRUCTOR.
+
+
+o Stefan Metzmacher <metze@samba.org>
+ * BUG 7841: Make WINBINDD_LOOKUPRIDS ask the right domain.
+ * BUG 7949: Fix DoS in Winbind and smbd with many file descriptors open.
+ * BUG 8276: Close all sockets attached to a subnet in close_subnet().
+
+
+######################################################################
+Reporting bugs & Development Discussion
+#######################################
+
+Please discuss this release on the samba-technical mailing list or by
+joining the #samba-technical IRC channel on irc.freenode.net.
+
+If you do report problems then please try to send high quality
+feedback. If you don't provide vital information to help us track down
+the problem then you will probably be ignored. All bug reports should
+be filed under the Samba 3.5 product in the project's Bugzilla
+database (https://bugzilla.samba.org/).
+
+
+======================================================================
+== Our Code, Our Bugs, Our Responsibility.
+== The Samba Team
+======================================================================
+
+
+Release notes for older releases follow:
+----------------------------------------
+
+ ==============================
+ Release Notes for Samba 3.5.10
+ July 26, 2011
+ ==============================
+
+
+This is a security release in order to address
+CVE-2011-2522 (Cross-Site Request Forgery in SWAT) and
+CVE-2011-2694 (Cross-Site Scripting vulnerability in SWAT).
+
+
+o CVE-2011-2522:
+ The Samba Web Administration Tool (SWAT) in Samba versions
+ 3.0.x to 3.5.9 are affected by a cross-site request forgery.
+
+
+o CVE-2011-2694:
+ The Samba Web Administration Tool (SWAT) in Samba versions
+ 3.0.x to 3.5.9 are affected by a cross-site scripting
+ vulnerability.
+
+Please note that SWAT must be enabled in order for these
+vulnerabilities to be exploitable. By default, SWAT
+is *not* enabled on a Samba install.
+
+
+Changes since 3.5.9:
+--------------------
+
+
+o Kai Blin <kai@samba.org>
+ * BUG 8289: SWAT contains a cross-site scripting vulnerability.
+ * BUG 8290: CSRF vulnerability in SWAT.
+
+
+######################################################################
+Reporting bugs & Development Discussion
+#######################################
+
+Please discuss this release on the samba-technical mailing list or by
+joining the #samba-technical IRC channel on irc.freenode.net.
+
+If you do report problems then please try to send high quality
+feedback. If you don't provide vital information to help us track down
+the problem then you will probably be ignored. All bug reports should
+be filed under the Samba 3.5 product in the project's Bugzilla
+database (https://bugzilla.samba.org/).
+
+
+======================================================================
+== Our Code, Our Bugs, Our Responsibility.
+== The Samba Team
+======================================================================
+
+
+----------------------------------------------------------------------
+
+
=============================
Release Notes for Samba 3.5.9
June 14, 2011
Major enhancements in Samba 3.5.9 include:
-o
+o Sgid bit lost on folder rename (bug #7996).
+o ACL can get lost when files are being renamed (bug #7987).
+o Respect "allow trusted domains = no" in Winbind (bug #6966).
+o Samba now follows Windows behaviour as a Kerberos client,
+ requesting a CIFS/ ticket (bug #7893).
+
+New Kerberos behaviour
+----------------------
+
+A new parameter 'client use spnego principal' defaults to 'no' and
+mean Samba will use CIFS/hostname to obtain a kerberos ticket, acting
+more like Windows when using Kerberos against a CIFS server in
+smbclient, winbind and other Samba client tools. This will change
+which servers we will successfully negotiate kerberos connections to.
+This is due to Samba no longer trusting a server-provided hint which
+is not available from Windows 2008 or later. For correct operation
+with all clients, all aliases for a server should be recorded as a as
+a servicePrincipalName on the server's record in AD.
Changes since 3.5.8:
--------------------
o Jeremy Allison <jra@samba.org>
+ * BUG 6911: Kerberos authentication from Vista to Samba fails when security
+ blob size is greater than 16 kB.
* BUG 7080: Quota only shown when logged as root.
+ * BUG 7528: Fix Solaris with NIS autohome.
* BUG 7987: ACL can get lost when files are being renamed.
* BUG 7996: sgid bit lost on folder rename.
* BUG 8040: Fix 'smbclient' segfaults when a Cyrillic netbios name or
workgroup is configured.
* BUG 8072: Fix panic in create_file_acl_common.
+ * BUG 8038: Fix is_myname_or_ipaddr() to be robust against strange DNS
+ setups.
+ * BUG 8083: "inherit owner = yes" doesn't interact correctly with
+ vfs_acl_xattr or vfs_acl_tdb module.
* BUG 8088: Fix segfault in rpccli_samr_chng_pswd_auth_crap if any input
blobs are null.
+ * BUG 8111: CIFS VFS: Fix unexpected error on SMB posix open.
+ * BUG 8157: Fix parsing CUPS printcap files in std_pcap_cache_reload().
+ * BUG 8163: Fix our asn.1 parser to handle negative numbers.
+ * BUG 8211: "inherit owner = yes" doesn't interact correctly with "inherit
+ permissions = yes".
o Christian Ambach <ambi@samba.org>
global setting to a per share setting.
+o Andrew Bartlett <abartlet@samba.org>
+ * BUG 7893: Don't ever ask for machine$ principals as a target.
+
+
o Björn Baumbach <bb@sernet.de>
* BUG 8074: Fix debug message.
o Günther Deschner <gd@samba.org>
+ * BUG 7993: Make sure we don't crash when publishing a single printer.
* BUG 8085: Fix incorrect timeout handling in ncacn_ip_tcp client code.
+ * BUG 8132: Fix filling printers location field when using CUPS.
+
+
+o David Disseldorp <ddiss@suse.de>
+ * BUG 7836: Make newly added printers visible to clients.
+ * BUG 7994: Use printcap IDL for IPC.
o Björn Jacke <bj@sernet.de>
+ * BUG 7825: Fix GNU ld version detection with old gcc releases.
* BUG 8033: Add explicit configure option whether to enable dmapi
support or not.
+o Sergey Korsak <skif@1plus1.net>
+ * BUG 8099: setpwent() actually does endpwent() on FreeBSD.
+
+
o Volker Lendecke <vl@samba.org>
* BUG 8009: Fix getting username in 'net rap session'.
* BUG 8011: Fix memory corruption in shadow_copy2.
* BUG 8042: File creation on OS/X.
* BUG 8054: Winbind cache stores/retrieves wrong sizes for 16-bit ints.
* BUG 8066: Fix wrong output in 'smbget'.
+ * BUG 8087: Fix wbcChangeUserPasswordEx in RESPONSE mode.
o Nikolay Martynov <mar.kolya@gmail.com>
correctly.
+o Jim McDonough <jmcd@samba.org>
+ * BUG 6364: Pull realm from supplied username on libnet join.
+ * BUG 8166: Don't lockout users when offline.
+
+
o Stefan Metzmacher <metze@samba.org>
+ * BUG 7383: Normalize IPv4 mapped IPv6 addresses in both directions.
* BUG 8034: SEC_STD_DELETE is always granted to the owner of a file.
* BUG 8055: Can't see Parts of DFS CIFS share.
+o Simo Sorce <idra@samba.org>
+ * BUG 7610: winbindd_cache.tdb grows too large when scaled.
+
+
o Martin Vogt <martin.vogt@itwm.fraunhofer.de>
* BUG 6762: Fix ctdb on gpfs error with MS Office.
======================================================================
-Release notes for older releases follow:
-----------------------------------------
+----------------------------------------------------------------------
+
=============================
Release Notes for Samba 3.5.8
git.samba.org / samba.git / blobdiff