+ ==============================
+ Release Notes for Samba 3.6.12
+ January 30, 2013
+ ==============================
+
+
+This is a security release in order to address
+CVE-2013-0213 (Clickjacking issue in SWAT) and
+CVE-2013-0214 (Potential XSRF in SWAT).
+
+o CVE-2013-0213:
+ All current released versions of Samba are vulnerable to clickjacking in the
+ Samba Web Administration Tool (SWAT). When the SWAT pages are integrated into
+ a malicious web page via a frame or iframe and then overlaid by other content,
+ an attacker could trick an administrator to potentially change Samba settings.
+
+ In order to be vulnerable, SWAT must have been installed and enabled
+ either as a standalone server launched from inetd or xinetd, or as a
+ CGI plugin to Apache. If SWAT has not been installed or enabled (which
+ is the default install state for Samba) this advisory can be ignored.
+
+o CVE-2013-0214:
+ All current released versions of Samba are vulnerable to a cross-site
+ request forgery in the Samba Web Administration Tool (SWAT). By guessing a
+ user's password and then tricking a user who is authenticated with SWAT into
+ clicking a manipulated URL on a different web page, it is possible to manipulate
+ SWAT.
+
+ In order to be vulnerable, the attacker needs to know the victim's password.
+ Additionally SWAT must have been installed and enabled either as a standalone
+ server launched from inetd or xinetd, or as a CGI plugin to Apache. If SWAT has
+ not been installed or enabled (which is the default install state for Samba)
+ this advisory can be ignored.
+
+
+Changes since 3.6.11:
+--------------------
+
+o Kai Blin <kai@samba.org>
+ * BUG 9576: CVE-2013-0213: Fix clickjacking issue in SWAT.
+ * BUG 9577: CVE-2013-0214: Fix potential XSRF in SWAT.
+
+
+######################################################################
+Reporting bugs & Development Discussion
+#######################################
+
+Please discuss this release on the samba-technical mailing list or by
+joining the #samba-technical IRC channel on irc.freenode.net.
+
+If you do report problems then please try to send high quality
+feedback. If you don't provide vital information to help us track down
+the problem then you will probably be ignored. All bug reports should
+be filed under the Samba 3.6 product in the project's Bugzilla
+database (https://bugzilla.samba.org/).
+
+
+======================================================================
+== Our Code, Our Bugs, Our Responsibility.
+== The Samba Team
+======================================================================
+
+Release notes for older releases follow:
+----------------------------------------
+
+ ==============================
+ Release Notes for Samba 3.6.11
+ January 21, 2013
+ ==============================
+
+
+This is is the latest stable release of Samba 3.6.
+
+Major enhancements in Samba 3.6.11 include:
+
+o defer_open is triggered multiple times on the same request (bug #9196).
+o Fix SEGV wh_n using second vfs module (bug #9471).
+
+
+Changes since 3.6.10:
+--------------------
+
+o Jeremy Allison <jra@samba.org>
+ * BUG 9196: defer_open is triggered multiple times on the same request.
+ * BUG 9550: Mask off signals the correct way from the signal handler.
+
+
+o Björn Baumbach <bb@sernet.de>
+ * BUG 9569: ntlm_auth.1: Fix format and make examples visible.
+
+
+o Tsukasa Hamano <hamano@osstech.co.jp>
+ * BUG 9471: Fix SEGV when using second vfs module.
+
+
+o Volker Lendecke <vl@samba.org>
+ * BUG 9548: Correctly detect O_DIRECT.
+ * BUG 9546: Fix aio_suspend detection on FreeBSD.
+
+
+######################################################################
+Reporting bugs & Development Discussion
+#######################################
+
+Please discuss this release on the samba-technical mailing list or by
+joining the #samba-technical IRC channel on irc.freenode.net.
+
+If you do report problems then please try to send high quality
+feedback. If you don't provide vital information to help us track down
+the problem then you will probably be ignored. All bug reports should
+be filed under the Samba 3.6 product in the project's Bugzilla
+database (https://bugzilla.samba.org/).
+
+
+======================================================================
+== Our Code, Our Bugs, Our Responsibility.
+== The Samba Team
+======================================================================
+
+
+----------------------------------------------------------------------
+
+
+ ==============================
+ Release Notes for Samba 3.6.10
+ December 10, 2012
+ ==============================
+
+
+This is is the latest stable release of Samba 3.6.
+
+Major enhancements in Samba 3.6.10 include:
+
+o Respond correctly to FILE_STREAM_INFO requests (bug #9460).
+o Fix segfault when "default devmode" is disabled (bug #9433).
+o Fix segfaults in "log level = 10" on Solaris (bug #9390).
+
+
+Changes since 3.6.9:
+--------------------
+
+o Jeremy Allison <jra@samba.org>
+ * BUG 9236: ACL masks incorrectly applied when setting ACLs.
+ * BUG 9374: Allow smb2.acls torture test to pass against smbd with a POSIX
+ ACLs backend.
+
+
+o Björn Baumbach <bb@sernet.de>
+ * BUG 9345: Manpages: Fix use of <smbconfoption> tag.
+
+
+o Sumit Bose <sbose@redhat.com>
+ * BUG 9367: Use work around for 'winbind use default domain' only if it is
+ set.
+
+
+o Günther Deschner <gd@samba.org>
+ * BUG 9272: 'net ads join' does not provide AES keys in host keytab.
+ * BUG 9426: Lookup nametype 0x20 in rpc_pipe_open_tcp_port().
+ * BUG 9439: Fix ncacn_ip_tcp reconnection code for lsa lookups.
+ * BUG 9451: Allow to force DNS updates using net.
+
+
+o David Disseldorp <ddiss@samba.org>
+ * BUG 9433: Fix segfault when "default devmode" is disabled.
+
+
+o Volker Lendecke <vl@samba.org>
+ * BUG 9359: Optimization needed for SMB2 performance sensitive workloads.
+ * BUG 9422: Large read requests cause server to issue malformed reply.
+ * BUG 9439: Fix ncacn_ip_tcp reconnection code for lsa lookups.
+
+
+o Stefan Metzmacher <metze@samba.org>
+ * BUG 9209: Improve the smb2.create.blob test.
+ * BUG 9272: 'net ads join' does not provide AES keys in host keytab.
+ * BUG 9390: Fix segfaults in "log level = 10" on Solaris.
+ * BUG 9402: lib/addns doesn't work with a bind9 server.
+
+
+o Matthieu Patou <mat@matws.net>
+ * BUG 9418: Fix MD5 detection in the autoconf build.
+
+
+o Andreas Schneider <asn@samba.org>
+ * BUG 8564: Fix segfault in pam_sm_authenticate().
+ * BUG 9326: Fix 'net ads join' message for the dns domain.
+ * BUG 9386: Winbind: Failover if netlogon pipe is not available.
+ * BUG 9436: Fix leaking sockets of SMB connections to a DC.
+
+
+o Richard Sharpe <realrichardsharpe@gmail.com>
+ * BUG 9460: Respond correctly to FILE_STREAM_INFO requests.
+
+
+######################################################################
+Reporting bugs & Development Discussion
+#######################################
+
+Please discuss this release on the samba-technical mailing list or by
+joining the #samba-technical IRC channel on irc.freenode.net.
+
+If you do report problems then please try to send high quality
+feedback. If you don't provide vital information to help us track down
+the problem then you will probably be ignored. All bug reports should
+be filed under the Samba 3.6 product in the project's Bugzilla
+database (https://bugzilla.samba.org/).
+
+
+======================================================================
+== Our Code, Our Bugs, Our Responsibility.
+== The Samba Team
+======================================================================
+
+
+----------------------------------------------------------------------
+
+
+ =============================
+ Release Notes for Samba 3.6.9
+ October 29, 2012
+ =============================
+
+
+This is is the latest stable release of Samba 3.6.
+
+Major enhancements in Samba 3.6.9 include:
+
+o When setting a non-default ACL, don't forget to apply masks to
+ SMB_ACL_USER and SMB_ACL_GROUP entries (bug #9236).
+o Winbind can't fetch user or group info from AD via LDAP (bug #9147).
+o Fix segfault in smbd if user specified ports out for range (bug #9218).
+
+
+Changes since 3.6.8:
+--------------------
+
+o Michael Adam <obnox@samba.org>
+ * BUG 9173: Make SMB2 compound request create/delete_on_close/close work as
+ Windows.
+
+
+o Jeremy Allison <jra@samba.org>
+ * BUG 8966: Fix 'net rpc share allowedusers' to work with 2008r2.
+ * BUG 9016: Connection to outbound trusted domain goes offline.
+ * BUG 9117: 'smbclient' can't connect to a Windows 7 server using NTLMv2.
+ * BUG 9147: Winbind can't fetch user or group info from AD via LDAP.
+ * BUG 9174: Empty SPNEGO packet can cause smbd to crash.
+ * BUG 9189: SMB2 Create doesn't return correct MAX ACCESS access mask in
+ blob.
+ * BUG 9209: Parse of invalid SMB2 create blob can cause smbd crash.
+ * BUG 9213: Bad ASN.1 NegTokenInit packet can cause invalid free.
+ * BUG 9222: Signing cannot be disabled for SMB2 by design, so fix the
+ documentation instead.
+ * BUG 9236: When setting a non-default ACL, don't forget to apply masks to
+ SMB_ACL_USER and SMB_ACL_GROUP entries.
+
+
+o Andrew Bartlett <abartlet@samba.org>
+ * BUG 8788: Initialise ticket to ensure we do not invalid memory.
+
+
+o Ira Cooper <ira@samba.org>
+ * BUG 9173: Compound requests should continue processing.
+
+
+o Günther Deschner <gd@samba.org>
+ * BUG 9177: pam_winbind: Match more return codes when wbcGetPwnam has failed.
+
+
+o Björn Jacke <bj@sernet.de>
+ * BUG 3272: quota: Don't force the block size to 512.
+ * BUG 8107: Add some includes for poll.h.
+ * BUG 8146: Fix wrong test == syntax in configure.
+ * BUG 8344: Fix --with(out)-sendfile-support option handling in autoconf.
+ * BUG 9172: Add quota support for gfs2.
+
+
+o Volker Lendecke <vl@samba.org>
+ * BUG 9188: Fix crash bug in idmap_hash.
+ * BUG 9268: Make tdb robust against improper CLEAR_IF_FIRST restart.
+
+
+o Luca Lorenzetto <lorenzetto-luca@ubuntu-it.org>
+ * BUG 9013: Fix crash on null pam change pw response.
+
+
+o Vladimir Marek <Vladimir.Marek@Oracle.COM>
+ * BUG 9192: Fix service control for non-internal services.
+
+
+o Stefan Metzmacher <metze@samba.org>
+ * BUG 9173: Make SMB2 compound request create/delete_on_close/close work as
+ Windows.
+ * BUG 9196: Don't take 'state->te' as indication for "was_deferred".
+ * BUG 9209: Fix unitialized padding in smb2_create_blob_push_one().
+
+
+o Matthieu Patou <mat@matws.net>
+ * BUG 9259: lib-addns: ensure that allocated buffer are pre set to 0.
+
+
+o Rusty Russell <rusty@rustcorp.com.au>
+ * BUG 9268: Make robust against shrinking tdbs.
+
+
+o Joachim Schmitz <schmitz@hp.com>
+ * BUG 8107: Fix poll replacement to become a msleep replacement.
+
+
+o Andreas Schneider <asn@samba.org>
+ * BUG 8632: Fix builtin forms order to match Windows again.
+ * BUG 8769: Fix RAW printing for normal users.
+ * BUG 9112: Increase debug level for info that the db is empty.
+ * BUG 9154: Open printers with the right access mask.
+ * BUG 9171: Remove non-existent option '-Y' from winbindd manpage.
+ * BUG 9218: Fix segfault in smbd if user specified ports out for range.
+ * BUG 9231: Fix NT_STATUS_IO_TIMEOUT during slow import of printers into
+ registry.
+ * BUG 9280: Add support for reloading systemd services.
+
+
+o Karolin Seeger <kseeger@samba.org>
+ * BUG 9165: Fix makerpms.sh on RHEL.
+
+
+######################################################################
+Reporting bugs & Development Discussion
+#######################################
+
+Please discuss this release on the samba-technical mailing list or by
+joining the #samba-technical IRC channel on irc.freenode.net.
+
+If you do report problems then please try to send high quality
+feedback. If you don't provide vital information to help us track down
+the problem then you will probably be ignored. All bug reports should
+be filed under the Samba 3.6 product in the project's Bugzilla
+database (https://bugzilla.samba.org/).
+
+
+======================================================================
+== Our Code, Our Bugs, Our Responsibility.
+== The Samba Team
+======================================================================
+
+
+----------------------------------------------------------------------
+
+
+ =============================
+ Release Notes for Samba 3.6.8
+ September 17, 2012
+ =============================
+
+
+This is is the latest stable release of Samba 3.6.
+
+Major enhancements in Samba 3.6.8 include:
+
+o Fix crash bug in smbd caused by a blocking lock followed by
+ close (bug #9084).
+o Fix Winbind panic if we couldn't find the domain (bug #9135).
+
+
+Changes since 3.6.7:
+--------------------
+
+o Jeremy Allison <jra@samba.org>
+ * BUG 9058: Fix smbstatus code dump when a file entry has delete tokens.
+ * BUG 9098: Fix refreshing of Kerberos tickets in Winbind.
+ * BUG 9124: Fix setting of "inherited" bit on inherited ACE's.
+
+
+o Christian Ambach <ambi@samba.org>
+ * BUG 9137: Make 'smbclient allinfo' show the snapshot list.
+
+
+o Andrew Bartlett <abartlet@samba.org>
+ * BUG 9066: "Domain Users" incorrectly added as additional group on domain
+ members.
+ * BUG 9067: Use correct RID for "Domain Guests" primary group.
+
+
+o David Binderman <dcb314@hotmail.com>
+ * BUG 9065: Fix bad call to memcpy source3/registry/regfio.c.
+
+
+o David Disseldorp <ddiss@samba.org>
+ * BUG 9123: Fix lprng job tracking errors.
+
+
+o Salvador I. Gonzalez <sgonzalez@codejunkie.net>
+ * BUG 9088: Fix smbclient/tarmode panic when connecting to Windows 2000
+ clients.
+
+
+o Hargagan <shargagan@novell.com>
+ * BUG 9085: Fix NMB registration for a duplicate workstation.
+
+
+o Björn Jacke <bj@sernet.de>
+ * BUG 9037: Open and netbsd have the md5 symbols in libc.
+ * BUG 9144: Fix nfs quota support with Linux nfs4 mounts.
+
+
+o Volker Lendecke <vl@samba.org>
+ * BUG 9037: Fix name clash in MD5 causing the "net ads join" to fail on
+ T4 (sun4v) systems on Solaris 10.
+ * BUG 9058: Backport FSCTL codes from master.
+ * BUG 9084: Fix crash bug in smbd caused by a blocking lock followed by
+ close.
+ * BUG 9150: Valid open requests can cause smbd assert due to incorrect
+ oplock handling on delete requests.
+
+
+o Herb Lewis <hlewis@panasas.com>
+ * BUG 9104: Fix identification of idle clients in Winbind to avoid crashes
+ and NDR parsing errors.
+
+
+o Stefan Metzmacher <metze@samba.org>
+ * BUG 9058: Fix segfault in smbstatus.
+
+
+o Andreas Schneider <asn@samba.org>
+ * BUG 9111: Fix compilation with newer MIT Kerberos which hides internal
+ symbols.
+ * BUG 9112: Fix flooding the logs with records we don't find in pcap.
+ * BUG 9122: Initialize the print backend after we setup winreg.
+ * BUG 9135: Fix Winbind panic if we couldn't find the domain.
+
+
+######################################################################
+Reporting bugs & Development Discussion
+#######################################
+
+Please discuss this release on the samba-technical mailing list or by
+joining the #samba-technical IRC channel on irc.freenode.net.
+
+If you do report problems then please try to send high quality
+feedback. If you don't provide vital information to help us track down
+the problem then you will probably be ignored. All bug reports should
+be filed under the Samba 3.6 product in the project's Bugzilla
+database (https://bugzilla.samba.org/).
+
+
+======================================================================
+== Our Code, Our Bugs, Our Responsibility.
+== The Samba Team
+======================================================================
+
+
+----------------------------------------------------------------------
+
+
=============================
Release Notes for Samba 3.6.7
August 6, 2012
o Jeremy Allison <jra@samba.org>
* BUG 8974: Fix kernel oplocks when uid(file) != uid(process).
- * BUG 8989: Send correct responses to NT Transact Secondary when no data and
- no params for the Trans2 calls are set.
+ * BUG 8989: Send correct responses to NT Transact Secondary when no data
+ and no params for the Trans2 calls are set.
* BUG 9034: Fix typo in set_re_uid() call when USE_SETRESUID selected in
configure.
== The Samba Team
======================================================================
-Release notes for older releases follow:
-----------------------------------------
+
+----------------------------------------------------------------------
+
=============================
Release Notes for Samba 3.6.6