+ ===============================
+ Release Notes for Samba 4.17.12
+ October 10, 2023
+ ===============================
+
+
+This is a security release in order to address the following defects:
+
+
+o CVE-2023-3961: Unsanitized pipe names allow SMB clients to connect as root to
+ existing unix domain sockets on the file system.
+ https://www.samba.org/samba/security/CVE-2023-3961.html
+
+o CVE-2023-4091: SMB client can truncate files to 0 bytes by opening files with
+ OVERWRITE disposition when using the acl_xattr Samba VFS
+ module with the smb.conf setting
+ "acl_xattr:ignore system acls = yes"
+ https://www.samba.org/samba/security/CVE-2023-4091.html
+
+o CVE-2023-4154: An RODC and a user with the GET_CHANGES right can view all
+ attributes, including secrets and passwords. Additionally,
+ the access check fails open on error conditions.
+ https://www.samba.org/samba/security/CVE-2023-4154.html
+
+o CVE-2023-42669: Calls to the rpcecho server on the AD DC can request that the
+ server block for a user-defined amount of time, denying
+ service.
+ https://www.samba.org/samba/security/CVE-2023-42669.html
+
+o CVE-2023-42670: Samba can be made to start multiple incompatible RPC
+ listeners, disrupting service on the AD DC.
+ https://www.samba.org/samba/security/CVE-2023-42670.html
+
+
+Changes since 4.17.11
+---------------------
+
+o Jeremy Allison <jra@samba.org>
+ * BUG 15422: CVE-2023-3961.
+
+o Andrew Bartlett <abartlet@samba.org>
+ * BUG 15424: CVE-2023-4154.
+ * BUG 15473: CVE-2023-42670.
+ * BUG 15474: CVE-2023-42669.
+
+o Ralph Boehme <slow@samba.org>
+ * BUG 15439: CVE-2023-4091.
+
+o Christian Merten <christian@merten.dev>
+ * BUG 15424: CVE-2023-4154.
+
+o Stefan Metzmacher <metze@samba.org>
+ * BUG 15424: CVE-2023-4154.
+
+o Andreas Schneider <asn@samba.org>
+ * BUG 15424: CVE-2023-4154.
+
+o Joseph Sutton <josephsutton@catalyst.net.nz>
+ * BUG 15424: CVE-2023-4154.
+
+
+#######################################
+Reporting bugs & Development Discussion
+#######################################
+
+Please discuss this release on the samba-technical mailing list or by
+joining the #samba-technical:matrix.org matrix room, or
+#samba-technical IRC channel on irc.libera.chat.
+
+If you do report problems then please try to send high quality
+feedback. If you don't provide vital information to help us track down
+the problem then you will probably be ignored. All bug reports should
+be filed under the Samba 4.1 and newer product in the project's Bugzilla
+database (https://bugzilla.samba.org/).
+
+
+======================================================================
+== Our Code, Our Bugs, Our Responsibility.
+== The Samba Team
+======================================================================
+
+
+Release notes for older releases follow:
+----------------------------------------
+ ===============================
+ Release Notes for Samba 4.17.11
+ September 07, 2023
+ ===============================
+
+
+This is the latest stable release of the Samba 4.17 release series.
+
+
+Changes since 4.17.10
+---------------------
+
+o Jeremy Allison <jra@samba.org>
+ * BUG 15419: Weird filename can cause assert to fail in
+ openat_pathref_fsp_nosymlink().
+ * BUG 15420: reply_sesssetup_and_X() can dereference uninitialized tmp
+ pointer.
+ * BUG 15430: Missing return in reply_exit_done().
+ * BUG 15432: TREE_CONNECT without SETUP causes smbd to use uninitialized
+ pointer.
+
+o Andrew Bartlett <abartlet@samba.org>
+ * BUG 15401: Improve GetNChanges to address some (but not all "Azure AD
+ Connect") syncronisation tool looping during the initial user sync phase.
+ * BUG 15407: Samba replication logs show (null) DN.
+ * BUG 9959: Windows client join fails if a second container CN=System exists
+ somewhere.
+
+o Ralph Boehme <slow@samba.org>
+ * BUG 15342: Spotlight sometimes returns no results on latest macOS.
+ * BUG 15417: Renaming results in NT_STATUS_SHARING_VIOLATION if previously
+ attempted to remove the destination.
+ * BUG 15427: Spotlight results return wrong date in result list.
+ * BUG 15463: macOS mdfind returns only 50 results.
+
+o Volker Lendecke <vl@samba.org>
+ * BUG 15346: 2-3min delays at reconnect with smb2_validate_sequence_number:
+ bad message_id 2.
+
+o Stefan Metzmacher <metze@samba.org>
+ * BUG 15346: 2-3min delays at reconnect with smb2_validate_sequence_number:
+ bad message_id 2.
+ * BUG 15441: samba-tool ntacl get segfault if aio_pthread appended.
+ * BUG 15446: DCERPC_PKT_CO_CANCEL and DCERPC_PKT_ORPHANED can't be parsed.
+
+o MikeLiu <mikeliu@qnap.com>
+ * BUG 15453: File doesn't show when user doesn't have permission if
+ aio_pthread is loaded.
+
+o Noel Power <noel.power@suse.com>
+ * BUG 15384: net ads lookup (with unspecified realm) fails
+ * BUG 15435: Regression DFS not working with widelinks = true.
+
+o Arvid Requate <requate@univention.de>
+ * BUG 9959: Windows client join fails if a second container CN=System exists
+ somewhere.
+
+o Martin Schwenke <mschwenke@ddn.com>
+ * BUG 15451: ctdb_killtcp fails to work with --enable-pcap and libpcap ≥
+ 1.9.1.
+
+o Jones Syue <jonessyue@qnap.com>
+ * BUG 15441: samba-tool ntacl get segfault if aio_pthread appended.
+ * BUG 15449: mdssvc: Do an early talloc_free() in _mdssvc_open().
+
+
+#######################################
+Reporting bugs & Development Discussion
+#######################################
+
+Please discuss this release on the samba-technical mailing list or by
+joining the #samba-technical:matrix.org matrix room, or
+#samba-technical IRC channel on irc.libera.chat.
+
+If you do report problems then please try to send high quality
+feedback. If you don't provide vital information to help us track down
+the problem then you will probably be ignored. All bug reports should
+be filed under the Samba 4.1 and newer product in the project's Bugzilla
+database (https://bugzilla.samba.org/).
+
+
+======================================================================
+== Our Code, Our Bugs, Our Responsibility.
+== The Samba Team
+======================================================================
+
+
+----------------------------------------------------------------------
+ ===============================
+ Release Notes for Samba 4.17.10
+ July 19, 2023
+ ===============================
+
+
+This is a security release in order to address the following defects:
+
+o CVE-2022-2127: When winbind is used for NTLM authentication, a maliciously
+ crafted request can trigger an out-of-bounds read in winbind
+ and possibly crash it.
+ https://www.samba.org/samba/security/CVE-2022-2127.html
+
+o CVE-2023-3347: SMB2 packet signing is not enforced if an admin configured
+ "server signing = required" or for SMB2 connections to Domain
+ Controllers where SMB2 packet signing is mandatory.
+ https://www.samba.org/samba/security/CVE-2023-3347.html
+
+o CVE-2023-34966: An infinite loop bug in Samba's mdssvc RPC service for
+ Spotlight can be triggered by an unauthenticated attacker by
+ issuing a malformed RPC request.
+ https://www.samba.org/samba/security/CVE-2023-34966.html
+
+o CVE-2023-34967: Missing type validation in Samba's mdssvc RPC service for
+ Spotlight can be used by an unauthenticated attacker to
+ trigger a process crash in a shared RPC mdssvc worker process.
+ https://www.samba.org/samba/security/CVE-2023-34967.html
+
+o CVE-2023-34968: As part of the Spotlight protocol Samba discloses the server-
+ side absolute path of shares and files and directories in
+ search results.
+ https://www.samba.org/samba/security/CVE-2023-34968.html
+
+
+Changes since 4.17.9
+--------------------
+
+o Ralph Boehme <slow@samba.org>
+ * BUG 15072: CVE-2022-2127.
+ * BUG 15340: CVE-2023-34966.
+ * BUG 15341: CVE-2023-34967.
+ * BUG 15388: CVE-2023-34968.
+ * BUG 15397: CVE-2023-3347.
+
+o Volker Lendecke <vl@samba.org>
+ * BUG 15072: CVE-2022-2127.
+
+o Stefan Metzmacher <metze@samba.org>
+ * BUG 15418: Secure channel faulty since Windows 10/11 update 07/2023.
+
+
+#######################################
+Reporting bugs & Development Discussion
+#######################################
+
+Please discuss this release on the samba-technical mailing list or by
+joining the #samba-technical:matrix.org matrix room, or
+#samba-technical IRC channel on irc.libera.chat.
+
+If you do report problems then please try to send high quality
+feedback. If you don't provide vital information to help us track down
+the problem then you will probably be ignored. All bug reports should
+be filed under the Samba 4.1 and newer product in the project's Bugzilla
+database (https://bugzilla.samba.org/).
+
+
+======================================================================
+== Our Code, Our Bugs, Our Responsibility.
+== The Samba Team
+======================================================================
+
+
+----------------------------------------------------------------------
+ ==============================
+ Release Notes for Samba 4.17.9
+ July 06, 2023
+ ==============================
+
+
+This is the latest stable release of the Samba 4.17 release series.
+
+
+Changes since 4.17.8
+--------------------
+
+o Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
+ * BUG 15404: Backport --pidl-developer fixes.
+
+o Ralph Boehme <slow@samba.org>
+ * BUG 15275: smbd_scavenger crashes when service smbd is stopped.
+ * BUG 15378: vfs_fruit might cause a failing open for delete.
+
+o Samuel Cabrero <scabrero@samba.org>
+ * BUG 14030: named crashes on DLZ zone update.
+
+o Volker Lendecke <vl@samba.org>
+ * BUG 15361: winbind recurses into itself via rpcd_lsad.
+ * BUG 15382: cli_list loops 100% CPU against pre-lanman2 servers.
+ * BUG 15391: smbclient leaks fds with showacls.
+
+o Stefan Metzmacher <metze@samba.org>
+ * BUG 15374: aes256 smb3 encryption algorithms are not allowed in
+ smb3_sid_parse().
+ * BUG 15413: winbindd gets stuck on NT_STATUS_RPC_SEC_PKG_ERROR.
+
+o Jones Syue <jonessyue@qnap.com>
+ * BUG 15403: smbget memory leak if failed to download files recursively.
+
+
+#######################################
+Reporting bugs & Development Discussion
+#######################################
+
+Please discuss this release on the samba-technical mailing list or by
+joining the #samba-technical:matrix.org matrix room, or
+#samba-technical IRC channel on irc.libera.chat.
+
+If you do report problems then please try to send high quality
+feedback. If you don't provide vital information to help us track down
+the problem then you will probably be ignored. All bug reports should
+be filed under the Samba 4.1 and newer product in the project's Bugzilla
+database (https://bugzilla.samba.org/).
+
+
+======================================================================
+== Our Code, Our Bugs, Our Responsibility.
+== The Samba Team
+======================================================================
+
+
+----------------------------------------------------------------------
+ ==============================
+ Release Notes for Samba 4.17.8
+ May 11, 2023
+ ==============================
+
+
+This is the latest stable release of the Samba 4.17 release series.
+
+
+Changes since 4.17.7
+--------------------
+
+o Jeremy Allison <jra@samba.org>
+ * BUG 15302: log flood: smbd_calculate_access_mask_fsp: Access denied:
+ message level should be lower.
+ * BUG 15306: Floating point exception (FPE) via cli_pull_send at
+ source3/libsmb/clireadwrite.c.
+
+o Andrew Bartlett <abartlet@samba.org>
+ * BUG 15328: test_tstream_more_tcp_user_timeout_spin fails intermittently on
+ Rackspace GitLab runners.
+ * BUG 15329: Reduce flapping of ridalloc test.
+ * BUG 15351: large_ldap test is unreliable.
+
+o Ralph Boehme <slow@samba.org>
+ * BUG 15143: New filename parser doesn't check veto files smb.conf parameter.
+ * BUG 15354: mdssvc may crash when initializing.
+
+o Volker Lendecke <vl@samba.org>
+ * BUG 15313: Large directory optimization broken for non-lcomp path elements.
+ * BUG 15357: streams_depot fails to create streams.
+ * BUG 15358: shadow_copy2 and streams_depot don't play well together.
+ * BUG 15366: wbinfo -u fails on ad dc with >1000 users.
+
+o Stefan Metzmacher <metze@samba.org>
+ * BUG 15317: winbindd idmap child contacts the domain controller without a
+ need.
+ * BUG 15318: idmap_autorid may fail to map sids of trusted domains for the
+ first time.
+ * BUG 15319: idmap_hash doesn't use ID_TYPE_BOTH for reverse mappings.
+ * BUG 15323: net ads search -P doesn't work against servers in other domains.
+ * BUG 15338: DS ACEs might be inherited to unrelated object classes.
+ * BUG 15353: Temporary smbXsrv_tcon_global.tdb can't be parsed.
+
+o Andreas Schneider <asn@samba.org>
+ * BUG 15360: Setting veto files = /.*/ break listing directories.
+
+o Joseph Sutton <josephsutton@catalyst.net.nz>
+ * BUG 14810: CVE-2020-25720 [SECURITY] Create Child permission should not
+ allow full write to all attributes (additional changes).
+ * BUG 15329: Reduce flapping of ridalloc test.
+
+o Nathaniel W. Turner <nturner@exagrid.com>
+ * BUG 15325: dsgetdcname: assumes local system uses IPv4.
+
+
+#######################################
+Reporting bugs & Development Discussion
+#######################################
+
+Please discuss this release on the samba-technical mailing list or by
+joining the #samba-technical:matrix.org matrix room, or
+#samba-technical IRC channel on irc.libera.chat.
+
+If you do report problems then please try to send high quality
+feedback. If you don't provide vital information to help us track down
+the problem then you will probably be ignored. All bug reports should
+be filed under the Samba 4.1 and newer product in the project's Bugzilla
+database (https://bugzilla.samba.org/).
+
+
+======================================================================
+== Our Code, Our Bugs, Our Responsibility.
+== The Samba Team
+======================================================================
+
+
+----------------------------------------------------------------------
==============================
Release Notes for Samba 4.17.7
March 29, 2023
======================================================================
-Release notes for older releases follow:
-----------------------------------------
+----------------------------------------------------------------------
==============================
Release Notes for Samba 4.17.6
March 09, 2023
git.samba.org / samba.git / blobdiff