+ ==============================
+ Release Notes for Samba 3.5.15
+ April 30, 2012
+ ==============================
+
+
+This is a security release in order to address
+CVE-2012-2111 (Incorrect permission checks when granting/removing
+privileges can compromise file server security).
+
+o CVE-2012-2111:
+ Samba 3.4.x to 3.6.4 are affected by a
+ vulnerability that allows arbitrary users
+ to modify privileges on a file server.
+
+
+Changes since 3.5.14:
+---------------------
+
+
+o Jeremy Allison <jra@samba.org>
+ * Fix incorrect permission checks when granting/removing
+ privileges (CVE-2012-2111).
+
+
+######################################################################
+Reporting bugs & Development Discussion
+#######################################
+
+Please discuss this release on the samba-technical mailing list or by
+joining the #samba-technical IRC channel on irc.freenode.net.
+
+If you do report problems then please try to send high quality
+feedback. If you don't provide vital information to help us track down
+the problem then you will probably be ignored. All bug reports should
+be filed under the Samba 3.5 product in the project's Bugzilla
+database (https://bugzilla.samba.org/).
+
+
+======================================================================
+== Our Code, Our Bugs, Our Responsibility.
+== The Samba Team
+======================================================================
+
+
+Release notes for older releases follow:
+----------------------------------------
+
+ ==============================
+ Release Notes for Samba 3.5.14
+ April 10, 2012
+ ==============================
+
+
+This is a security release in order to address
+CVE-2012-1182 ("root" credential remote code execution).
+
+o CVE-2012-1182:
+ Samba 3.0.x to 3.6.3 are affected by a
+ vulnerability that allows remote code
+ execution as the "root" user.
+
+
+Changes since 3.5.13:
+---------------------
+
+
+o Stefan Metzmacher <metze@samba.org>
+ *BUG 8815: PIDL based autogenerated code allows overwriting beyond of
+ allocated array (CVE-2012-1182).
+
+
+######################################################################
+Reporting bugs & Development Discussion
+#######################################
+
+Please discuss this release on the samba-technical mailing list or by
+joining the #samba-technical IRC channel on irc.freenode.net.
+
+If you do report problems then please try to send high quality
+feedback. If you don't provide vital information to help us track down
+the problem then you will probably be ignored. All bug reports should
+be filed under the Samba 3.5 product in the project's Bugzilla
+database (https://bugzilla.samba.org/).
+
+
+======================================================================
+== Our Code, Our Bugs, Our Responsibility.
+== The Samba Team
+======================================================================
+
+
+----------------------------------------------------------------------
+
+
+ ==============================
+ Release Notes for Samba 3.5.13
+ March 12, 2012
+ ==============================
+
+
+This is the latest stable release of Samba 3.5.
+
+Major enhancements in Samba 3.5.13 include:
+
+o Fix a crash bug in cldap_socket_recv_dgram() (bug #8593).
+o Fully observe password change settings (bug #8561).
+o Fix NT ACL issue (bug #8673).
+o Fix segfault in Winbind if we can't map the last user (bug #8678).
+
+
+Changes since 3.5.12:
+--------------------
+
+
+o Michael Adam <obnox@samba.org>
+ * BUG 8327: Fix config reload to reload shares from registry.
+
+
+o Jeremy Allison <jra@samba.org>
+ * BUG 8139: Ignore SMBecho errors.
+ * BUG 8521: Fix Winbind cache timeout expiry test.
+ * BUG 8561: Fully observe password change settings.
+ * BUG 8631: Fix POSIX ACE x permission mapping to and from a DACL.
+ * BUG 8636: When returning an ACL without SECINFO_DACL requested, we still
+ set SEC_DESC_DACL_PRESENT in the type field.
+ * BUG 8644: Make sure that vfs_acl_xattr and vfs_acl_tdb modules add
+ inheritable entries on a directory with no stored ACL.
+ * BUG 8663: Fix deleting a symlink if the symlink target is outside of the
+ * share.
+ * BUG 8664: Fix renaming a symlink if the symlink target is outside of the
+ share.
+ * BUG 8673: Fix NT ACL issue.
+ * BUG 8679: Make sure that recvfile code path using splice() on Linux
+ does not leave data in the pipe on short write.
+ * BUG 8687: Fix typo in 'net memberships' usage.
+
+
+o Christian Ambach <christian.ambach@de.ibm.com>
+ * BUG 8658: Add timeouts to Winbind cache.
+
+
+o Andrew Bartlett <abartlet@samba.org>
+ * BUG 8727: Do not limit read replies to NBT packet sizes.
+
+
+o Günther Deschner <gd@samba.org>
+ * BUG 8176: Fix perl path.
+ * BUG 8692: Fix malloc/talloc mismatch in ads_keytab_verify_ticket().
+
+
+o Björn Jacke <bj@sernet.de>
+ * BUG 8652: Document the ignore system acls option of vfs_acl_xattr and
+ vfs_acl_tdb.
+
+
+o Jeff Layton <jlayton@redhat.com>
+ * BUG 8648: Document more undocumented mount.cifs options.
+
+
+o Volker Lendecke <vl@samba.org>
+ * BUG 8639: Fix the vfs_commit module.
+ * BUG 8686: Packet validation checks can be done before length validation
+ causing uninitialized memory read.
+
+
+o Stefan Metzmacher <metze@samba.org>
+ * BUG 5326: Fix cli_write_and_x() against OS/2 print shares.
+ * BUG 8562: Fix double free error (talloc).
+ * BUG 8593: Fix a crash bug in cldap_socket_recv_dgram().
+ * BUG 8684: Try ctdbd_init_connection() as root.
+
+
+o Masafumi Nakayama <MASA23@jp.ibm.com>
+ * BUG 563: Fix 'smbclient tar' for files greater than 8GB on BE machines.
+
+
+o Matthieu Patou <mat@matws.net>
+ * BUG 8599: Make WINBINDD_PAM_AUTH_CRAP return valid user session key.
+ * BUG 8771: Make Winbind change faster from DC1 to DC2.
+
+
+o Andreas Schneider <asn@samba.org>
+ * BUG 8608: Don't fail on users without a uid (Winbind).
+ * BUG 8628: Don't duplicate Kerberos service tickets.
+ * BUG 8645: Add missing prefixpath options for mount.cifs manpage.
+ * BUG 8658: Add an update function for Winbind cache.
+ * BUG 8678: Fix segfault in Winbind if we can't map the last user.
+
+
+o Karolin Seeger <kseeger@samba.org>
+ * BUG 7705: Fix rpm build issues on RHEL4.
+
+
+o Richard Sharpe <realrichardsharpe@gmail.com>
+ * BUG 8607: Simplify building modules outside the Samba source tree.
+
+
+######################################################################
+Reporting bugs & Development Discussion
+#######################################
+
+Please discuss this release on the samba-technical mailing list or by
+joining the #samba-technical IRC channel on irc.freenode.net.
+
+If you do report problems then please try to send high quality
+feedback. If you don't provide vital information to help us track down
+the problem then you will probably be ignored. All bug reports should
+be filed under the Samba 3.5 product in the project's Bugzilla
+database (https://bugzilla.samba.org/).
+
+
+======================================================================
+== Our Code, Our Bugs, Our Responsibility.
+== The Samba Team
+======================================================================
+
+
+----------------------------------------------------------------------
+
+
+ ==============================
+ Release Notes for Samba 3.5.12
+ November 2, 2011
+ ==============================
+
+
+This is the latest stable release of Samba 3.5.
+
+Major enhancements in Samba 3.5.12 include:
+
+o Fix race condition in Winbind (bug 7844).
+o The VFS ACL modules are no longer experimental but production-ready.
+
+
+Changes since 3.5.11:
+--------------------
+
+
+o Jeremy Allison <jra@samba.org>
+ * BUG 7509: smb_acl_to_posix: ACL is invalid for set (Invalid argument).
+ * BUG 7551: Return error of cli_push when 'put - /some/file' is used.
+ * BUG 8156: 'net ads join' fails to use the user's kerberos ticket.
+ * BUG 8370: Fix vfs_chown_fsp.
+ * BUG 8422: Fix infinite loop in ACL module code.
+ * BUG 8443: Be smarter about setting default permissions when a ACL_USER_OBJ
+ isn't given.
+ * BUG 8458: IE9 on Windows 7 cannot download files to samba 3.5.11 share.
+ * BUG 8493: DFS breaks zip file extracting unless "follow symlinks = no"
+ set.
+ * BUG 8507: Make smbd correctly honor the "force create mode" bits from a
+ cifsfs create.
+ * BUG 8541: Fix readlink() on Linux clients if the symlink target is
+ outside of the share.
+ * BUG 8542: smbclient posix_open command fails to return correct info on
+ open file.
+
+
+o Pierre Carrier <pcarrier@redhat.com>
+ * BUG 8186: Allow changing the maximum number of simultaneous clients in
+ Winbind through an smb.conf option.
+
+
+o Günther Deschner <gd@samba.org>
+ * BUG 7465: Fix 'net ads join -k' when KRB5CCNAME is not set.
+ * BUG 7888: Deal with buggy 3.0 based PDCs.
+ * BUG 8491: Fix some coverity issues.
+
+
+o David Disseldorp <ddiss@suse.de>
+ * BUG 8480: acl_xattr can free an invalid pointer if no blob is loaded.
+
+
+o Björn Jacke <bj@sernet.de>
+ * BUG 8256: Add man vfs_aio_fork.
+ * BUG 8362: Fix SWAT build issue on old glibc systems.
+ * BUG 8531: Make DSO_EXPORTS_CMD more portable.
+
+
+o Volodymyr Khomenko <Volodymyr_Khomenko@dell.com>
+ * BUG 8515: Disallow "." in can_set_delete_on_close().
+
+
+o Volker Lendecke <vl@samba.org>
+ * BUG 7844: Fix race condition in Winbind.
+ * BUG 8338: Add a fallback for missing open&x support in OS/X Lion.
+ * BUG 8420: Fix getent group if trusted domains are not reachable.
+
+
+o Stefan Metzmacher <metze@samba.org
+ * BUG 8347: Fix regression on HP-UX, AIX and OSF introduced by the fix for
+ CVE-2011-2522.
+ * BUG 8452: Check the wct of the incoming SMBnegprot responses in libsmb.
+ * BUG 8491: Fix some coverity issues.
+
+
+######################################################################
+Reporting bugs & Development Discussion
+#######################################
+
+Please discuss this release on the samba-technical mailing list or by
+joining the #samba-technical IRC channel on irc.freenode.net.
+
+If you do report problems then please try to send high quality
+feedback. If you don't provide vital information to help us track down
+the problem then you will probably be ignored. All bug reports should
+be filed under the Samba 3.5 product in the project's Bugzilla
+database (https://bugzilla.samba.org/).
+
+
+======================================================================
+== Our Code, Our Bugs, Our Responsibility.
+== The Samba Team
+======================================================================
+
+
+----------------------------------------------------------------------
+
+
+ ==============================
+ Release Notes for Samba 3.5.11
+ August 4, 2011
+ ==============================
+
+
+This is the latest stable release of Samba 3.5.
+
+Major enhancements in Samba 3.5.11 include:
+
+o Fix access to Samba shares when Windows security patch KB2536276 is installed
+ (bug #8238).
+o Fix Winbind panics if verify_idpool() fails (bug #8253).
+
+
+Changes since 3.5.10:
+--------------------
+
+
+o Jeremy Allison <jra@samba.org>
+ * BUG 7462: Make SA_RESETHAND conditional on its existance.
+ * BUG 8254: Make "acl check permissions = no" working in all cases.
+
+
+o Gregor Beck <gbeck@sernet.de>
+ * BUG 8253: Fix Winbind panics if verify_idpool() fails.
+
+
+o David Disseldorp <ddiss@suse.de>
+ * BUG 8269: Stop spamming log with "Could not find child X -- ignoring"
+ messages in smbd.
+
+
+o Björn Jacke <bj@sernet.de>
+ * BUG 7460: Include sys/file.h only when available.
+
+
+o Volker Lendecke <vl@samba.org>
+ * BUG 7841: Explicitly pass domain_sid to wbint_LookupRids().
+ * BUG 8238: Fix access to Samba shares when Windows security patch
+ KB2536276 is installed.
+ * BUG 8322: Add HAVE_FUNCTION_ATTRIBUTE_DESTRUCTOR.
+
+
+o Stefan Metzmacher <metze@samba.org>
+ * BUG 7841: Make WINBINDD_LOOKUPRIDS ask the right domain.
+ * BUG 8276: Close all sockets attached to a subnet in close_subnet().
+
+
+######################################################################
+Reporting bugs & Development Discussion
+#######################################
+
+Please discuss this release on the samba-technical mailing list or by
+joining the #samba-technical IRC channel on irc.freenode.net.
+
+If you do report problems then please try to send high quality
+feedback. If you don't provide vital information to help us track down
+the problem then you will probably be ignored. All bug reports should
+be filed under the Samba 3.5 product in the project's Bugzilla
+database (https://bugzilla.samba.org/).
+
+
+======================================================================
+== Our Code, Our Bugs, Our Responsibility.
+== The Samba Team
+======================================================================
+
+
+----------------------------------------------------------------------
+
+
+ ==============================
+ Release Notes for Samba 3.5.10
+ July 26, 2011
+ ==============================
+
+
+This is a security release in order to address
+CVE-2011-2522 (Cross-Site Request Forgery in SWAT) and
+CVE-2011-2694 (Cross-Site Scripting vulnerability in SWAT).
+
+
+o CVE-2011-2522:
+ The Samba Web Administration Tool (SWAT) in Samba versions
+ 3.0.x to 3.5.9 are affected by a cross-site request forgery.
+
+
+o CVE-2011-2694:
+ The Samba Web Administration Tool (SWAT) in Samba versions
+ 3.0.x to 3.5.9 are affected by a cross-site scripting
+ vulnerability.
+
+Please note that SWAT must be enabled in order for these
+vulnerabilities to be exploitable. By default, SWAT
+is *not* enabled on a Samba install.
+
+
+Changes since 3.5.9:
+--------------------
+
+
+o Kai Blin <kai@samba.org>
+ * BUG 8289: SWAT contains a cross-site scripting vulnerability.
+ * BUG 8290: CSRF vulnerability in SWAT.
+
+
+######################################################################
+Reporting bugs & Development Discussion
+#######################################
+
+Please discuss this release on the samba-technical mailing list or by
+joining the #samba-technical IRC channel on irc.freenode.net.
+
+If you do report problems then please try to send high quality
+feedback. If you don't provide vital information to help us track down
+the problem then you will probably be ignored. All bug reports should
+be filed under the Samba 3.5 product in the project's Bugzilla
+database (https://bugzilla.samba.org/).
+
+
+======================================================================
+== Our Code, Our Bugs, Our Responsibility.
+== The Samba Team
+======================================================================
+
+
+----------------------------------------------------------------------
+
+
+ =============================
+ Release Notes for Samba 3.5.9
+ June 14, 2011
+ =============================
+
+
+This is the latest stable release of Samba 3.5.
+
+Major enhancements in Samba 3.5.9 include:
+
+o Sgid bit lost on folder rename (bug #7996).
+o ACL can get lost when files are being renamed (bug #7987).
+o Respect "allow trusted domains = no" in Winbind (bug #6966).
+o Samba now follows Windows behaviour as a Kerberos client,
+ requesting a CIFS/ ticket (bug #7893).
+
+New Kerberos behaviour
+----------------------
+
+A new parameter 'client use spnego principal' defaults to 'no' and
+mean Samba will use CIFS/hostname to obtain a kerberos ticket, acting
+more like Windows when using Kerberos against a CIFS server in
+smbclient, winbind and other Samba client tools. This will change
+which servers we will successfully negotiate kerberos connections to.
+This is due to Samba no longer trusting a server-provided hint which
+is not available from Windows 2008 or later. For correct operation
+with all clients, all aliases for a server should be recorded as a as
+a servicePrincipalName on the server's record in AD.
+
+Changes since 3.5.8:
+--------------------
+
+o Jeremy Allison <jra@samba.org>
+ * BUG 6911: Kerberos authentication from Vista to Samba fails when security
+ blob size is greater than 16 kB.
+ * BUG 7080: Quota only shown when logged as root.
+ * BUG 7528: Fix Solaris with NIS autohome.
+ * BUG 7987: ACL can get lost when files are being renamed.
+ * BUG 7996: sgid bit lost on folder rename.
+ * BUG 8040: Fix 'smbclient' segfaults when a Cyrillic netbios name or
+ workgroup is configured.
+ * BUG 8072: Fix panic in create_file_acl_common.
+ * BUG 8038: Fix is_myname_or_ipaddr() to be robust against strange DNS
+ setups.
+ * BUG 8083: "inherit owner = yes" doesn't interact correctly with
+ vfs_acl_xattr or vfs_acl_tdb module.
+ * BUG 8088: Fix segfault in rpccli_samr_chng_pswd_auth_crap if any input
+ blobs are null.
+ * BUG 8111: CIFS VFS: Fix unexpected error on SMB posix open.
+ * BUG 8157: Fix parsing CUPS printcap files in std_pcap_cache_reload().
+ * BUG 8163: Fix our asn.1 parser to handle negative numbers.
+ * BUG 8211: "inherit owner = yes" doesn't interact correctly with "inherit
+ permissions = yes".
+
+
+o Christian Ambach <ambi@samba.org>
+ * BUG 8008: Fix a segfault in the krb5 locator plugin.
+ * BUG 8012: Use getgrset() instead of initgroups() + getgroups() when
+ getgrouplist() is not defined.
+ * BUG 8031: Convert gpfs:sharemodes and gpfs:leases parameters from a
+ global setting to a per share setting.
+
+
+o Andrew Bartlett <abartlet@samba.org>
+ * BUG 7893: Don't ever ask for machine$ principals as a target.
+
+
+o Björn Baumbach <bb@sernet.de>
+ * BUG 8074: Fix debug message.
+
+
+o Dmitry Butskoy <dmitry@butskoy.name>
+ * BUG 6966: Respect "allow trusted domains = no" in Winbind.
+
+
+o Marc A. Dahlhaus <mad@wol.de>
+ * BUG 8047: Fix mdns registration if "interfaces=" is used.
+
+
+o Günther Deschner <gd@samba.org>
+ * BUG 7993: Make sure we don't crash when publishing a single printer.
+ * BUG 8085: Fix incorrect timeout handling in ncacn_ip_tcp client code.
+ * BUG 8132: Fix filling printers location field when using CUPS.
+
+
+o David Disseldorp <ddiss@suse.de>
+ * BUG 7836: Make newly added printers visible to clients.
+ * BUG 7994: Use printcap IDL for IPC.
+
+
+o Björn Jacke <bj@sernet.de>
+ * BUG 7825: Fix GNU ld version detection with old gcc releases.
+ * BUG 8033: Add explicit configure option whether to enable dmapi
+ support or not.
+
+
+o Sergey Korsak <skif@1plus1.net>
+ * BUG 8099: setpwent() actually does endpwent() on FreeBSD.
+
+
+o Volker Lendecke <vl@samba.org>
+ * BUG 8009: Fix getting username in 'net rap session'.
+ * BUG 8011: Fix memory corruption in shadow_copy2.
+ * BUG 8016: Fix gpfs_get_xattr.
+ * BUG 8042: File creation on OS/X.
+ * BUG 8054: Winbind cache stores/retrieves wrong sizes for 16-bit ints.
+ * BUG 8066: Fix wrong output in 'smbget'.
+ * BUG 8087: Fix wbcChangeUserPasswordEx in RESPONSE mode.
+
+
+o Nikolay Martynov <mar.kolya@gmail.com>
+ * BUG 8010: Fix inode generation so nautilus can count total dir size
+ correctly.
+
+
+o Jim McDonough <jmcd@samba.org>
+ * BUG 6364: Pull realm from supplied username on libnet join.
+ * BUG 8166: Don't lockout users when offline.
+
+
+o Stefan Metzmacher <metze@samba.org>
+ * BUG 7383: Normalize IPv4 mapped IPv6 addresses in both directions.
+ * BUG 8034: SEC_STD_DELETE is always granted to the owner of a file.
+
+
+o Larry Reid <lcreid@jadesystems.ca>
+ * BUG 8055: Can't see Parts of DFS CIFS share.
+
+
+o Simo Sorce <idra@samba.org>
+ * BUG 7610: winbindd_cache.tdb grows too large when scaled.
+
+
+o Martin Vogt <martin.vogt@itwm.fraunhofer.de>
+ * BUG 6762: Fix ctdb on gpfs error with MS Office.
+
+
+
+######################################################################
+Reporting bugs & Development Discussion
+#######################################
+
+Please discuss this release on the samba-technical mailing list or by
+joining the #samba-technical IRC channel on irc.freenode.net.
+
+If you do report problems then please try to send high quality
+feedback. If you don't provide vital information to help us track down
+the problem then you will probably be ignored. All bug reports should
+be filed under the Samba 3.5 product in the project's Bugzilla
+database (https://bugzilla.samba.org/).
+
+
+======================================================================
+== Our Code, Our Bugs, Our Responsibility.
+== The Samba Team
+======================================================================
+
+
+----------------------------------------------------------------------
+
+
+ =============================
+ Release Notes for Samba 3.5.8
+ March 7, 2011
+ =============================
+
+
+This is the latest stable release of Samba 3.5.
+
+Major enhancements in Samba 3.5.8 include:
+
+o Fix Winbind crash bug when no DC is available (bug #7730).
+o Fix finding users on domain members (bug #7743).
+o Fix memory leaks in Winbind (bug #7879).
+o Fix printing with Windows 7 clients (bug #7567).
+
+
+Changes since 3.5.7:
+--------------------
+
+
+o Michael Adam <obnox@samba.org>
+ * BUG 7594: Fix "log=>ndr_pull_error" in 'wbinfo -u' and 'wbinfo -g'.
+ * BUG 7871: Fix 'net ads dns register' in cluster setups.
+ * BUG 7894: Fix sporadic Winbind panic in rpc query_user_list.
+
+
+o Jeremy Allison <jra@samba.org>
+ * BUG 7409: Raise debug level for "reduce_name: couldn't get realpath"
+ messages.
+ * BUG 7716: Store unmodified copies of security descriptors in acl_xattr and
+ acl_tdb modules.
+ * BUG 7733: Fix incorrect unix mode_t caused by invalid client DOS
+ attributes on create.
+ * BUG 7734: Apply appropriate create masks when creating files with "inherit
+ ACLs" set to true.
+ * BUG 7743: Fix finding users on domain members.
+ * BUG 7744: Fix "dfree cache time" parameter.
+ * BUG 7777: Fix requesting lookups for BUILTIN sids.
+ * BUG 7785: Fix atime limit.
+ * BUG 7791: Fix copying files from a SMB share using Gnome vfs and SMB
+ signing.
+ * BUG 7812: ACL inheritance cannot be disabled in vfs_acl_xattr/vfs_acl_tdb.
+ * BUG 7835: vfs_fill_sparse() doesn't use posix_fallocate when strict
+ allocate is on.
+ * BUG 7843: Expand the local SAMs aliases.
+ * BUG 7892: Fix stale lock in open_file_fchmod().
+ * BUG 7950: Revalidate the pathname once re-constructed from a root fsp.
+
+
+o Andrew Bartlett <abartlet@samba.org>
+ * BUG 7356: Fix 'net ads dns register' in Windows 2008 R2 domains.
+
+
+o Björn Baumbach <bb@sernet.de>
+ * BUG 7875: Fix 'nmbd --port'.
+ * BUG 7880: Make 'rpcclient deldriver' delete drivers for all architectures.
+
+
+o Günther Deschner <gd@samba.org>
+ * BUG 7567: Fix printing with Windows 7 clients.
+ * BUG 7641: Handle Windows 9x adddriver calls without config file.
+ * BUG 7945: Let Winbind try to use samlogon validation level 6.
+
+
+o Holger Hetterich <hhetter@novell.com>
+ * BUG 3185: Fix 'testparm' return code when EOF in encountered in param
+ name.
+
+
+o Björn Jacke <bj@sernet.de>
+ * BUG 7821: Fix build of shared libraries on Tru64.
+
+
+o Volker Lendecke <vl@samba.org>
+ * BUG 7066: Fix "Your Password expires today" message for users of trusted
+ domains.
+ * BUG 7262: Fix maintaining of users' groups via UsrMgr.
+ * BUG 7656: Fix scalability problem with hundreds of printers.
+ * BUG 7665: Fix memory leak in the netapi routines.
+ * BUG 7730: Fix Winbind crash bug when no DC is available.
+ * BUG 7774: Fix a getgrent crash with many groups.
+ * BUG 7779: Fix smbd crash caused by expand_msdfs.
+ * BUG 7800: Make Winbind recover from a signing error.
+ * BUG 7817: Fix "force group" with ntlmssp guest session setup.
+ * BUG 7841: Make WINBINDD_LOOKUPRIDS asking the right domain.
+ * BUG 7842: Make WINBINDD_LOOKUPRIDS returning the domain name.
+ * BUG 7855: ntlm_auth: Support clients which offer a spnego mechs we don't
+ support.
+ * BUG 7879: Fix memory leaks in Winbind.
+ * BUG 7881: Fix flaky Winbind against Windows 2008.
+ * BUG 7917: Fix connections from WinCE.
+ * BUG 7940: Fix opening MS Powerpoint files.
+
+
+o Stefan Metzmacher <metze@samba.org>
+ * BUG 7567: Fix printing with Windows 7 clients.
+ * BUG 7855: ntlm_auth: Support clients which offer a spnego mechs we don't
+ support.
+ * BUG 7883: Fix SMB session setups with Kerberos against some closed source
+ SMB servers.
+ * BUG 7896: Don't set SAMR_FIELD_FULL_NAME if we just want to set the
+ account name.
+ * BUG 7899: Don't return "-1" on success in 'net rpc vampire keytab'.
+ * BUG 7942: Fix endless loops caused by inotify.
+ * BUG 7944: Catch lookup_names/sids schannel errors over ncacn_ip_tcp.
+
+
+o Jonathan Nieder <jrnieder@gmail.com>
+ * BUG 6837: Make "rlimit_max below minimum Windows limit" notification less
+ scary.
+
+
+o olivier <olivier@virtscano.fakenet>
+ * BUG 7789: vfs_scannedonly: Switch from mtime to ctime which is more reliable.
+
+
+o Rusty Russell <rusty@rustcorp.com.au>
+ * BUG 7498: Fix updating the time on close in vfs_gpfs.
+
+
+######################################################################
+Reporting bugs & Development Discussion
+#######################################
+
+Please discuss this release on the samba-technical mailing list or by
+joining the #samba-technical IRC channel on irc.freenode.net.
+
+If you do report problems then please try to send high quality
+feedback. If you don't provide vital information to help us track down
+the problem then you will probably be ignored. All bug reports should
+be filed under the Samba 3.5 product in the project's Bugzilla
+database (https://bugzilla.samba.org/).
+
+
+======================================================================
+== Our Code, Our Bugs, Our Responsibility.
+== The Samba Team
+======================================================================
+
+
+----------------------------------------------------------------------
+
+
+ =============================
+ Release Notes for Samba 3.5.7
+ February 28, 2011
+ =============================
+
+
+This is a security release in order to address CVE-2011-0719.
+
+
+o CVE-2011-0719:
+ All current released versions of Samba are vulnerable to
+ a denial of service caused by memory corruption. Range
+ checks on file descriptors being used in the FD_SET macro
+ were not present allowing stack corruption. This can cause
+ the Samba code to crash or to loop attempting to select
+ on a bad file descriptor set.
+
+
+Changes since 3.5.6:
+--------------------
+
+
+o Jeremy Allison <jra@samba.org>
+ * BUG 7949: Fix DoS in Winbind and smbd with many file descriptors open.
+
+
+######################################################################
+Reporting bugs & Development Discussion
+#######################################
+
+Please discuss this release on the samba-technical mailing list or by
+joining the #samba-technical IRC channel on irc.freenode.net.
+
+If you do report problems then please try to send high quality
+feedback. If you don't provide vital information to help us track down
+the problem then you will probably be ignored. All bug reports should
+be filed under the Samba 3.5 product in the project's Bugzilla
+database (https://bugzilla.samba.org/).
+
+
+======================================================================
+== Our Code, Our Bugs, Our Responsibility.
+== The Samba Team
+======================================================================
+
+
+----------------------------------------------------------------------
+
+
=============================
Release Notes for Samba 3.5.6
October 8, 2010
o Fix smbd panic on invalid NetBIOS session request (bug #7698).
o Fix smbd crash caused by "%D" in "printer admin" (bug #7541).
+ o Fix crash bug with invalid SPNEGO token (bug #7694).
o Fix Winbind internal error (bug #7636).
* BUG 7651: Fix mknod and mkfifo failing with "No such file or
directory".
* BUG 7693: Fix smbd changing mode of files on rename.
+ * BUG 7694: Fix crash bug with invalid SPNEGO token.
* BUG 7698: Fix smbd panic on invalid NetBIOS session request.
* BUG 7684: Fix fd leak in libwbclient.so.
* BUG 7688: Fix crash bug in rpcclient.
* BUG 7470: Standardize S_IREAD and S_IWRITE.
+ * BUG 7715: Fix file corruption when setting Samba "write wache wize".
o Jim McDonough <jmcd@samba.org>
======================================================================
-Release notes for older releases follow:
-----------------------------------------
+----------------------------------------------------------------------
+
=============================
Release Notes for Samba 3.5.5