X-Git-Url: http://git.samba.org/samba.git/?p=vlendec%2Fsamba-autobuild%2F.git;a=blobdiff_plain;f=WHATSNEW.txt;h=5c2d922cd90407d41b5fa5cafb3dcc89c19f3ea0;hp=515156418cc8a37500391b4d5c599856ad6822e7;hb=87bf24407ab39941d7a827c982bbc13cd09e9321;hpb=9d4ae41fc5052e8074b1f59139813e58ded137bc diff --git a/WHATSNEW.txt b/WHATSNEW.txt index 515156418cc..5c2d922cd90 100644 --- a/WHATSNEW.txt +++ b/WHATSNEW.txt @@ -1,12 +1,299 @@ -Release Announcements -===================== + ============================= + Release Notes for Samba 4.8.3 + June 26, 2018 + ============================= -This is the fourth release candidate of Samba 4.8. This is *not* -intended for production environments and is designed for testing -purposes only. Please report any defects via the Samba bug reporting -system at https://bugzilla.samba.org/. -Samba 4.8 will be the next version of the Samba suite. +This is the latest stable release of the Samba 4.8 release series. + + +Changes since 4.8.2: +-------------------- + +o Jeremy Allison + * BUG 13428: s3: smbd: Fix SMB2-FLUSH against directories. + * BUG 13457: s3: smbd: printing: Re-implement delete-on-close semantics for + print files missing since 3.5.x. + * BUG 13474: python: Fix talloc frame use in make_simple_acl(). + +o Jeffrey Altman + * BUG 11573: heimdal: lib/krb5: Do not fail set_config_files due to parse + error. + +o Andrew Bartlett + * ldb: version 1.3.4 + * BUG 13448: ldb: One-level search was incorrectly falling back to full DB + scan. + * BUG 13452: ldb: Save a copy of the index result before calling the + callbacks. + * BUG 13454: No Backtrace given by Samba's AD DC by default. + * BUG 13471: ldb_tdb: Use mem_ctx and so avoid leak onto long-term memory + on duplicated add. + +o Ralph Boehme + * BUG 13432: s3:smbd: Fix interaction between chown and SD flags. + +o Günther Deschner + * BUG 13437: Fix building Samba with gcc 8.1. + +o Andrej Gessel + * BUG 13475: Fix several mem leaks in ldb_index ldb_search ldb_tdb. + +o Volker Lendecke + * BUG 13331: libgpo: Fix the build --without-ads. + +o Stefan Metzmacher + * BUG 13369: Looking up the user using the UPN results in user name with the + REALM instead of the DOMAIN. + * BUG 13427: Fix broken server side GENSEC_FEATURE_LDAP_STYLE handling + (NTLMSSP NTLM2 packet check failed due to invalid signature!). + +o Christof Schmitt + * BUG 13446: smbd: Flush dfree memcache on service reload. + * BUG 13478: krb5_wrap: Fix keep_old_entries logic for older Kerberos + libraries. + +o Andreas Schneider + * BUG 13369: Looking up the user using the UPN results in user name with the + REALM instead of the DOMAIN. + * BUG 13437: Fix building Samba with gcc 8.1. + * BUG 13440: s3:utils: Do not segfault on error in DoDNSUpdate(). + * BUG 13480: krb5_plugin: Add winbind localauth plugin for MIT Kerberos. + +o Lukas Slebodnik + * BUG 13459: ldb: Fix memory leak on module context. + + +####################################### +Reporting bugs & Development Discussion +####################################### + +Please discuss this release on the samba-technical mailing list or by +joining the #samba-technical IRC channel on irc.freenode.net. + +If you do report problems then please try to send high quality +feedback. If you don't provide vital information to help us track down +the problem then you will probably be ignored. All bug reports should +be filed under the "Samba 4.1 and newer" product in the project's Bugzilla +database (https://bugzilla.samba.org/). + + +====================================================================== +== Our Code, Our Bugs, Our Responsibility. +== The Samba Team +====================================================================== + + +Release notes for older releases follow: +---------------------------------------- + + ============================= + Release Notes for Samba 4.8.2 + May 16, 2018 + ============================= + + +This is the latest stable release of the Samba 4.8 release series. + +Major bug fixes include: +------------------------ + + o After update to 4.8.0 DC failed with "Failed to find our own + NTDS Settings objectGUID" (bug #13335). + +Changes since 4.8.1: +-------------------- + +o Jeremy Allison + * BUG 13380: s3: smbd: Generic fix for incorrect reporting of stream dos + attributes on a directory. + * BUG 13412: ceph: VFS: Add asynchronous fsync to ceph module, fake using + synchronous call. + * BUG 13419: s3: libsmbclient: Fix hard-coded connection error return of + ETIMEDOUT. + +o Andrew Bartlett + * BUG 13306: ldb: Release ldb 1.3.3: + * Fix failure to upgrade to the GUID index DB format. + * Add tests for GUID index behaviour. + * BUG 13420: s4-lsa: Fix use-after-free in LSA server. + * BUG 13430: winbindd: Do re-connect if the RPC call fails in the passdb + case. + +o Ralph Boehme + * BUG 13416: s3:cleanupd: Sends MSG_SMB_UNLOCK twice to interested peers. + * BUG 13414: s3:cleanupd: Use MSG_SMB_BRL_VALIDATE to signal cleanupd + unclean process shutdown. + +o David Disseldorp + * BUG 13425: vfs_ceph: add fake async pwrite/pread send/recv hooks. + +o Amitay Isaacs + * BUG 13411: ctdb-client: Remove ununsed functions from old client code. + +o Björn Jacke + * BUG 13395: printing: Return the same error code as windows does on upload + failures. + +o Gary Lockyer + * BUG 13335: After update to 4.8.0 DC failed with "Failed to find our own + NTDS Settings objectGUID". + +o Stefan Metzmacher + * BUG 13400: nsswitch: Fix memory leak in winbind_open_pipe_sock() when the + privileged pipe is not accessable. + * BUG 13420: s4:lsa_lookup: remove TALLOC_FREE(state) after all + dcesrv_lsa_Lookup{Names,Sids}_base_map() calls. + +o Vandana Rungta + * BUG 13424: s3: VFS: Fix memory leak in vfs_ceph. + +o Christof Schmitt + * BUG 13407: rpc_server: Fix NetSessEnum with stale sessions. + +o Andreas Schneider + * BUG 13417: s3:smbspool: Fix cmdline argument handling. + + +####################################### +Reporting bugs & Development Discussion +####################################### + +Please discuss this release on the samba-technical mailing list or by +joining the #samba-technical IRC channel on irc.freenode.net. + +If you do report problems then please try to send high quality +feedback. If you don't provide vital information to help us track down +the problem then you will probably be ignored. All bug reports should +be filed under the "Samba 4.1 and newer" product in the project's Bugzilla +database (https://bugzilla.samba.org/). + + +====================================================================== +== Our Code, Our Bugs, Our Responsibility. +== The Samba Team +====================================================================== + + +---------------------------------------------------------------------- + + + ============================= + Release Notes for Samba 4.8.1 + April 26, 2018 + ============================= + + +This is the latest stable release of the Samba 4.8 release series. + + +Changes since 4.8.0: +-------------------- + +o Jeremy Allison + * BUG 13244: s3: ldap: Ensure the ADS_STRUCT pointer doesn't get freed on + error, we don't own it here. + * BUG 13270: s3: smbd: Fix possible directory fd leak if the underlying OS + doesn't support fdopendir(). + * BUG 13319: Round-tripping ACL get/set through vfs_fruit will increase the + number of ACE entries without limit. + * BUG 13347: s3: smbd: SMB2: Add DBGC_SMB2_CREDITS class to specifically + debug credit issues. + * BUG 13358: s3: smbd: Files or directories can't be opened DELETE_ON_CLOSE + without delete access. + * BUG 13372: s3: smbd: Fix memory leak in vfswrap_getwd(). + * BUG 13375: s3: smbd: Unix extensions attempts to change wrong field in + fchown call. + +o Björn Baumbach + * BUG 13337: ms_schema/samba-tool visualize: Fix python2.6 incompatibility. + +o Timur I. Bakeyev + * BUG 13352: Fix invocation of gnutls_aead_cipher_encrypt(). + +o Ralph Boehme + * BUG 13328: Windows 10 cannot logon on Samba NT4 domain. + * BUG 13332: winbindd: Recover loss of netlogon secure channel in case the + peer DC is rebooted. + * BUG 13363: s3:smbd: Don't use the directory cache for SMB2/3. + +o Amitay Isaacs + * BUG 13356: ctdb-client: Fix bugs in client code. + * BUG 13359: ctdb-scripts: Drop "net serverid wipe" from 50.samba event + script. + +o Lutz Justen + * BUG 13368: s3: lib: messages: Don't use the result of sec_init() before + calling sec_init(). + +o Volker Lendecke + * BUG 13273: libads: Fix the build '--without-ads'. + * BUG 13332: winbind: Keep "force_reauth" in invalidate_cm_connection, + add 'smbcontrol disconnect-dc'. + * BUG 13343: vfs_virusfilter: Fix CIDs 1428738-1428740. + * BUG 13367: dsdb: Fix CID 1034966 Uninitialized scalar variable. + * BUG 13370: rpc_server: Fix core dump in dfsgetinfo. + * BUG 13382: smbclient: Fix notify. + +o Stefan Metzmacher + * BUG 13215: Fix smbd panic if the client-supplied channel sequence number + wraps. + * BUG 13328: Windows 10 cannot logon on Samba NT4 domain. + * BUG 13342: lib/util: Remove unused '#include ' from + tests/tfork.c. + * BUG 13343: Fix build errors with cc from developerstudio 12.5 on Solaris. + * BUG 13344: Fix the picky-developer build on FreeBSD 11. + * BUG 13345: s3:modules: Fix the build of vfs_aixacl2.c. + +o Anton Nefedov + * BUG 13338: s3:smbd: map nterror on smb2_flush errorpath. + +o Noel Power + * BUG 13341: lib:replace: Fix linking when libtirpc-devel overwrites system + headers. + +o Christof Schmitt + * BUG 13312: winbindd: 'wbinfo --name-to-sid' returns misleading result on + invalid query. + +o Andreas Schneider + * BUG 13376: s3:passdb: Do not return OK if we don't have pinfo set up. + +o Eric Vannier + * BUG 13302: Allow AESNI to be used on all processor supporting AESNI. + + +####################################### +Reporting bugs & Development Discussion +####################################### + +Please discuss this release on the samba-technical mailing list or by +joining the #samba-technical IRC channel on irc.freenode.net. + +If you do report problems then please try to send high quality +feedback. If you don't provide vital information to help us track down +the problem then you will probably be ignored. All bug reports should +be filed under the "Samba 4.1 and newer" product in the project's Bugzilla +database (https://bugzilla.samba.org/). + + +====================================================================== +== Our Code, Our Bugs, Our Responsibility. +== The Samba Team +====================================================================== + + +---------------------------------------------------------------------- + + + ============================= + Release Notes for Samba 4.8.0 + March 13, 2018 + ============================= + + +This is the first stable release of the Samba 4.8 release series. +Please read the release notes carefully before upgrading. UPGRADING @@ -22,6 +309,13 @@ Unlike in previous releases a transparent downgrade is not possible. If you wish to downgrade such a DB to a Samba 4.7 or earlier version, please run the source4/scripting/bin/sambaundoguididx script first. +Domain member setups require winbindd +------------------------------------- + +Setups with "security = domain" or "security = ads" require a +running 'winbindd' now. The fallback that smbd directly contacts +domain controllers is gone. + smbclient reparse point symlink parameters reversed --------------------------------------------------- @@ -143,7 +437,6 @@ dot or xdot, this shows the network as a graph with DCs as vertices and connections edges. Certain types of degenerate edges are shown in different colours or line-styles. - smbclient reparse point symlink parameters reversed --------------------------------------------------- @@ -246,6 +539,19 @@ This new module integrates with Sophos, F-Secure and ClamAV anti-virus software to provide scanning and filtering of files on a Samba share. +Local authorization plugin for MIT Kerberos +------------------------------------------- + +This plugin controls the relationship between Kerberos principals and AD +accounts through winbind. The module receives the Kerberos principal and the +local account name as inputs and can then check if they match. This can resolve +issues with canonicalized names returned by Kerberos within AD. If the user +tries to log in as 'alice', but the samAccountName is set to ALICE (uppercase), +Kerberos would return ALICE as the username. Kerberos would not be able to map +'alice' to 'ALICE' in this case and auth would fail. With this plugin account +names can be correctly mapped. This only applies to GSSAPI authentication, +not for the geting the initial ticket granting ticket. + REMOVED FEATURES ================ @@ -314,8 +620,8 @@ smb.conf changes map untrusted to domain Removed oplock contention limit Removed prefork children New 1 - mdns name New netbios - fruit:time machine New false + mdns name New netbios + fruit:time machine New false profile acls Removed use spnego Removed server schannel Default changed/ yes @@ -325,6 +631,28 @@ smb.conf changes winbind trusted domains only Removed +CHANGES SINCE 4.8.0rc4 +====================== + +o Jeremy Allison + * BUG 11343: CVE-2018-1050: Codenomicon crashes in spoolss server code. + +o Ralph Boehme + * BUG 13272: CVE-2018-1057: Unprivileged user can change any user (and admin) + password. + * BUG 13313: nsswitch: Fix wbinfo -m --verbose trust type "Local". + +o Stefan Metzmacher + * BUG 13272: CVE-2018-1057: Unprivileged user can change any user (and admin) + password. + +o Dan Robertson + * BUG 13310: libsmb: Use smb2 tcon if conn_protocol >= SMB2_02. + +o Andreas Schneider + * BUG 13315: s3:smbd: Do not crash if we fail to init the session table. + + CHANGES SINCE 4.8.0rc3 ======================