/
WHATSNEW.txt
1559 lines (1123 loc) · 56.2 KB
/
WHATSNEW.txt
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
590
591
592
593
594
595
596
597
598
599
600
601
602
603
604
605
606
607
608
609
610
611
612
613
614
615
616
617
618
619
620
621
622
623
624
625
626
627
628
629
630
631
632
633
634
635
636
637
638
639
640
641
642
643
644
645
646
647
648
649
650
651
652
653
654
655
656
657
658
659
660
661
662
663
664
665
666
667
668
669
670
671
672
673
674
675
676
677
678
679
680
681
682
683
684
685
686
687
688
689
690
691
692
693
694
695
696
697
698
699
700
701
702
703
704
705
706
707
708
709
710
711
712
713
714
715
716
717
718
719
720
721
722
723
724
725
726
727
728
729
730
731
732
733
734
735
736
737
738
739
740
741
742
743
744
745
746
747
748
749
750
751
752
753
754
755
756
757
758
759
760
761
762
763
764
765
766
767
768
769
770
771
772
773
774
775
776
777
778
779
780
781
782
783
784
785
786
787
788
789
790
791
792
793
794
795
796
797
798
799
800
801
802
803
804
805
806
807
808
809
810
811
812
813
814
815
816
817
818
819
820
821
822
823
824
825
826
827
828
829
830
831
832
833
834
835
836
837
838
839
840
841
842
843
844
845
846
847
848
849
850
851
852
853
854
855
856
857
858
859
860
861
862
863
864
865
866
867
868
869
870
871
872
873
874
875
876
877
878
879
880
881
882
883
884
885
886
887
888
889
890
891
892
893
894
895
896
897
898
899
900
901
902
903
904
905
906
907
908
909
910
911
912
913
914
915
916
917
918
919
920
921
922
923
924
925
926
927
928
929
930
931
932
933
934
935
936
937
938
939
940
941
942
943
944
945
946
947
948
949
950
951
952
953
954
955
956
957
958
959
960
961
962
963
964
965
966
967
968
969
970
971
972
973
974
975
976
977
978
979
980
981
982
983
984
985
986
987
988
989
990
991
992
993
994
995
996
997
998
999
1000
==============================
Release Notes for Samba 4.8.12
May 14, 2019
==============================
This is a security release in order to address the following defect:
o CVE-2018-16860 (Samba AD DC S4U2Self/S4U2Proxy unkeyed checksum)
=======
Details
=======
o CVE-2018-16860:
The checksum validation in the S4U2Self handler in the embedded Heimdal KDC
did not first confirm that the checksum was keyed, allowing replacement of
the requested target (client) principal.
For more details and workarounds, please refer to the security advisory.
Changes since 4.8.11:
---------------------
o Isaac Boukris <iboukris@gmail.com>
* BUG 13685: CVE-2018-16860: Heimdal KDC: Reject PA-S4U2Self with unkeyed
checksum.
#######################################
Reporting bugs & Development Discussion
#######################################
Please discuss this release on the samba-technical mailing list or by
joining the #samba-technical IRC channel on irc.freenode.net.
If you do report problems then please try to send high quality
feedback. If you don't provide vital information to help us track down
the problem then you will probably be ignored. All bug reports should
be filed under the "Samba 4.1 and newer" product in the project's Bugzilla
database (https://bugzilla.samba.org/).
======================================================================
== Our Code, Our Bugs, Our Responsibility.
== The Samba Team
======================================================================
Release notes for older releases follow:
----------------------------------------
==============================
Release Notes for Samba 4.8.11
April 8, 2019
==============================
This is a security release in order to address the following defect:
o CVE-2019-3880 (Save registry file outside share as unprivileged user)
=======
Details
=======
o CVE-2018-14629:
Authenticated users with write permission
can trigger a symlink traversal to write
or detect files outside the Samba share.
For more details and workarounds, please refer to the security advisory.
Changes since 4.8.10:
---------------------
o Jeremy Allison <jra@samba.org>
* BUG 13851: CVE-2018-14629: rpc: winreg: Remove implementations of
SaveKey/RestoreKey.
#######################################
Reporting bugs & Development Discussion
#######################################
Please discuss this release on the samba-technical mailing list or by
joining the #samba-technical IRC channel on irc.freenode.net.
If you do report problems then please try to send high quality
feedback. If you don't provide vital information to help us track down
the problem then you will probably be ignored. All bug reports should
be filed under the "Samba 4.1 and newer" product in the project's Bugzilla
database (https://bugzilla.samba.org/).
======================================================================
== Our Code, Our Bugs, Our Responsibility.
== The Samba Team
======================================================================
----------------------------------------------------------------------
==============================
Release Notes for Samba 4.8.10
April 4, 2019
==============================
This is the latest stable release of the Samba 4.8 release series.
Please note that this will very likely be the last bugfix release of the
Samba 4.8 release series. There will be security releases beyond this point
only.
Changes since 4.8.9:
--------------------
o Jeremy Allison <jra@samba.org>
* BUG 13690: smbd: uid: Don't crash if 'force group' is added to an existing
share connection.
* BUG 13770: s3: VFS: vfs_fruit. Fix the NetAtalk deny mode compatibility
code.
* BUG 13803: SMB1 POSIX mkdir does case insensitive name lookup.
o Tim Beale <timbeale@catalyst.net.nz>
* ldb: Bump ldb version to 1.3.7.
* BUG 13686: 'samba-tool user syscpasswords' fails on a domain with many DCs.
* BUG 13762: Performance regression in LDB one-level searches.
o Ralph Boehme <slow@samba.org>
* BUG 13776: tldap: Avoid use after free errors.
* BUG 13802: Fix idmap xid2sid cache churn.
* BUG 13812: access_check_max_allowed() doesn't process "Owner Rights" ACEs.
o Günther Deschner <gd@samba.org>
* BUG 13746: s3-smbd: use fruit:model string for mDNS registration.
o David Disseldorp <ddiss@samba.org>
* BUG 13766: Printcap still processed with "load printers" disabled.
* BUG 13807: vfs_ceph strict_allocate_ftruncate calls (local FS) ftruncate
and fallocate.
o Joe Guo <joeg@catalyst.net.nz>
* BUG 13728: netcmd/user: python[3]-gpgme unsupported and replaced by
python[3]-gpg.
o Amitay Isaacs <amitay@gmail.com>
* BUG 13520: Fix portability issues on freebsd.
o Björn Jacke <bj@sernet.de>
* BUG 13759: sambaundoguididx: Use the right escaped oder unescaped sam ldb
files.
o Volker Lendecke <vl@samba.org>
* BUG 13786: messages_dgm: Properly handle receiver re-initialization.
* BUG 13813: Fix idmap cache pollution with S-1-22- IDs on winbind hickup.
o Gary Lockyer <gary@catalyst.net.nz>
* BUG 13773: CVE-2019-3824 ldb: Release ldb 1.3.8, ldb: Out of bound read in
ldb_wildcard_compare.
o Marcos Mello <marcosfrm@gmail.com>
* BUG 11568: Send status to systemd on daemon start.
o Stefan Metzmacher <metze@samba.org>
* BUG 13816: dbcheck in the middle of the tombstone garbage collection causes
replication failures.
* BUG 13818: An out of scope usage of a stack variable may cause corruption
in EnumPrinter*.
o Noel Power <noel.power@suse.com>
* python/samba: Extra ndr_unpack needs bytes function.
o Jiří Šašek <jiri.sasek@oracle.com>
* BUG 13704: notifyd: Fix SIGBUS on sparc.
o Christof Schmitt <cs@samba.org>
* BUG 13787: waf: Check for libnscd.
* BUG 13813: lib/winbind_util: Add winbind_xid_to_sid for --without-winbind.
* passdb: Update ABI to 0.27.2.
o Andreas Schneider <asn@samba.org>
* BUG 13770: s3:vfs: Correctly check if OFD locks should be enabled or not.
* BUG 13823: lib:util: Move debug message for mkdir failing to log level 1.
* BUG 13832: Fix printing via smbspool backend with kerberos auth.
* BUG 13847: s4:librpc: Fix installation of Samba.
* BUG 13848: s3:lib: Fix the debug message for adding cache entries.
* BUG 13853: s3:waf: Fix the detection of makdev() macro on Linux.
o Zhu Shangzhong <zhu.shangzhong@zte.com.cn>
* BUG 13839: ctdb: Initialize addr struct to zero before reparsing as IPV4.
#######################################
Reporting bugs & Development Discussion
#######################################
Please discuss this release on the samba-technical mailing list or by
joining the #samba-technical IRC channel on irc.freenode.net.
If you do report problems then please try to send high quality
feedback. If you don't provide vital information to help us track down
the problem then you will probably be ignored. All bug reports should
be filed under the "Samba 4.1 and newer" product in the project's Bugzilla
database (https://bugzilla.samba.org/).
======================================================================
== Our Code, Our Bugs, Our Responsibility.
== The Samba Team
======================================================================
----------------------------------------------------------------------
=============================
Release Notes for Samba 4.8.9
February 7, 2019
=============================
This is the latest stable release of the Samba 4.8 release series.
Changes since 4.8.8:
--------------------
o Jeremy Allison <jra@samba.org>
* BUG 11495: s3: lib: nmbname: Ensure we limit the NetBIOS name correctly.
CID: 1433607.
o Christian Ambach <ambi@samba.org>
* BUG 13199: s3:utils/smbget: Fix recursive download with empty source
directories.
o Tim Beale <timbeale@catalyst.net.nz>
* BUG 13736: s3:libsmb: cli_smb2_list() can sometimes fail initially on a
connection.
* BUG 13747: join: Throw CommandError instead of Exception for simple errors.
o Ralph Boehme <slow@samba.org>
* BUG 13688: Windows 2016 fails to restore previous version of a file from a
shadow_copy2 snapshot.
* BUG 13455: Restoring previous version of stream with vfs_shadow_copy2 fails
with NT_STATUS_OBJECT_NAME_INVALID.
* BUG 13736: s3: libsmb: Use smb2cli_conn_max_trans_size() in
cli_smb2_list().
o Günther Deschner <gd@samba.org>
* BUG 13708: s3-vfs: Prevent NULL pointer dereference in vfs_glusterfs.
* BUG 13720: s3-smbd: Avoid assuming fsp is always intact after close_file
call.
* BUG 13725: s3-vfs-fruit,s3-vfs-streams_xattr: Add close call.
* BUG 13774: s3-vfs: Add glusterfs_fuse vfs module.
o Aaron Haslett <aaronhaslett@catalyst.net.nz>
* BUG 13738: dns: Changing onelevel search for wildcard to subtree.
o Stefan Metzmacher <metze@samba.org>
* BUG 13722: s3:auth_winbind: Ignore a missing winbindd as NT4 PDC/BDC
without trusts.
* BUG 13723: s3:auth_winbind: Return NT_STATUS_NO_LOGON_SERVERS if winbindd
is not available.
* BUG 13752: s4:messaging: Add support 'smbcontrol <pid> debug/debuglevel'.
o Anoop C S <anoopcs@redhat.com>
* BUG 13330: vfs_glusterfs: Adapt to changes in libgfapi signatures.
* BUG 13774: s3-vfs: Use ENOATTR in errno comparison for getxattr.
o Martin Schwenke <martin@meltin.net>
* BUG 13717: lib/util: Count a trailing line that doesn't end in a newline.
o Ralph Wuerthner <ralph.wuerthner@de.ibm.com>
* BUG 13741: vfs_fileid: Fix get_connectpath_ino.
* BUG 13744: vfs_fileid: Fix fsname_norootdir algorithm.
#######################################
Reporting bugs & Development Discussion
#######################################
Please discuss this release on the samba-technical mailing list or by
joining the #samba-technical IRC channel on irc.freenode.net.
If you do report problems then please try to send high quality
feedback. If you don't provide vital information to help us track down
the problem then you will probably be ignored. All bug reports should
be filed under the "Samba 4.1 and newer" product in the project's Bugzilla
database (https://bugzilla.samba.org/).
======================================================================
== Our Code, Our Bugs, Our Responsibility.
== The Samba Team
======================================================================
----------------------------------------------------------------------
=============================
Release Notes for Samba 4.8.8
December 13, 2018
=============================
This is the latest stable release of the Samba 4.8 release series.
Major bug fixes include:
------------------------
o dns: Fix CNAME loop prevention using counter regression (bug #13600).
Changes since 4.8.7:
--------------------
o Jeremy Allison <jra@samba.org>
* BUG 13633: s3: smbd: Prevent valgrind errors in smbtorture3 POSIX test.
o Andrew Bartlett <abartlet@samba.org>
* BUG 13418: dsdb: Add comments explaining the limitations of our current
backlink behaviour.
* BUG 13495: dbcheck: Use symbolic control name for
DSDB_CONTROL_DBCHECK_FIX_DUPLICATE_LINKS.
o Tim Beale <timbeale@catalyst.net.nz>
* BUG 13495: dbchecker: Fixing up incorrect DNs wasn't working.
o Ralph Boehme <slow@samba.org>
* BUG 9175: libcli/smb: Don't overwrite status code.
* BUG 12164: 'wbinfo --group-info' 'NT AUTHORITY\System' does not work.
* BUG 13175: Fix accessing ZFS snapshot directories over SMB.
* BUG 13642: vfs_fruit should be able to cleanup AppleDouble files.
* BUG 13465: testparm crashes with PANIC: Messaging not initialized on
SLES 12 SP3.
* BUG 13646: File saving issues with vfs_fruit on samba >= 4.8.5.
* BUG 13649: Enabling vfs_fruit looses FinderInfo.
* BUG 13661: Session setup reauth fails to sign response.
* BUG 13667: Cancelling of SMB2 aio reads and writes returns wrong error
NT_STATUS_INTERNAL_ERROR.
* BUG 13677: Fix copy with vfs_fruit if AFP_AfpInfo stream file
size > 60bytes.
o Isaac Boukris <iboukris@gmail.com>
* BUG 13571: CVE-2018-16853: Fix S4U2Self crash with MIT KDC build.
o Amitay Isaacs <amitay@gmail.com>
* BUG 13641: Fix CTDB recovery record resurrection from inactive nodes and
simplify vacuuming.
* BUG 13659: Fix bugs in CTDB event handling.
o Volker Lendecke <vl@samba.org>
* BUG 13465: examples: Fix the smb2mount build.
* BUG 13662: winbindd_cache: Fix timeout calculation for sid<->name cache.
o Stefan Metzmacher <metze@samba.org>
* BUG 13418: Extended DN SID component missing for member after switching
group membership.
* BUG 13600: CVE-2018-14629 dns: Fix CNAME loop prevention using counter
regression.
* BUG 13624: STATUS_SESSION_EXPIRED error is returned unencrypted, if the
request was encrypted.
o Christof Schmitt <cs@samba.org>
* BUG 13465: testparm crashes with PANIC: Messaging not initialized on
SLES 12 SP3.
* BUG 13673: smbd: Fix DELETE_ON_CLOSE behaviour on files with READ_ONLY
attribute.
o Andreas Schneider <asn@samba.org>
* BUG 13571: CVE-2018-16853: Fix S4U2Self crash with MIT KDC build.
* BUG 13679: Fix a segfault in pyglue.
o Martin Schwenke <martin@meltin.net>
* BUG 13670: ctdb-recovery: Ban a node that causes recovery failure.
#######################################
Reporting bugs & Development Discussion
#######################################
Please discuss this release on the samba-technical mailing list or by
joining the #samba-technical IRC channel on irc.freenode.net.
If you do report problems then please try to send high quality
feedback. If you don't provide vital information to help us track down
the problem then you will probably be ignored. All bug reports should
be filed under the "Samba 4.1 and newer" product in the project's Bugzilla
database (https://bugzilla.samba.org/).
======================================================================
== Our Code, Our Bugs, Our Responsibility.
== The Samba Team
======================================================================
----------------------------------------------------------------------
=============================
Release Notes for Samba 4.8.7
November 27, 2018
=============================
This is a security release in order to address the following defects:
o CVE-2018-14629 (Unprivileged adding of CNAME record causing loop in AD
Internal DNS server)
o CVE-2018-16841 (Double-free in Samba AD DC KDC with PKINIT)
o CVE-2018-16851 (NULL pointer de-reference in Samba AD DC LDAP server)
o CVE-2018-16853 (Samba AD DC S4U2Self crash in experimental MIT Kerberos
configuration (unsupported))
=======
Details
=======
o CVE-2018-14629:
All versions of Samba from 4.0.0 onwards are vulnerable to infinite
query recursion caused by CNAME loops. Any dns record can be added via
ldap by an unprivileged user using the ldbadd tool, so this is a
security issue.
o CVE-2018-16841:
When configured to accept smart-card authentication, Samba's KDC will call
talloc_free() twice on the same memory if the principal in a validly signed
certificate does not match the principal in the AS-REQ.
This is only possible after authentication with a trusted certificate.
talloc is robust against further corruption from a double-free with
talloc_free() and directly calls abort(), terminating the KDC process.
There is no further vulnerability associated with this issue, merely a
denial of service.
o CVE-2018-16851:
During the processing of an LDAP search before Samba's AD DC returns
the LDAP entries to the client, the entries are cached in a single
memory object with a maximum size of 256MB. When this size is
reached, the Samba process providing the LDAP service will follow the
NULL pointer, terminating the process.
There is no further vulnerability associated with this issue, merely a
denial of service.
o CVE-2018-16853:
A user in a Samba AD domain can crash the KDC when Samba is built in the
non-default MIT Kerberos configuration.
With this advisory we clarify that the MIT Kerberos build of the Samba
AD DC is considered experimental. Therefore the Samba Team will not
issue security patches for this configuration.
For more details and workarounds, please refer to the security advisories.
Changes since 4.8.6:
--------------------
o Andrew Bartlett <abartlet@samba.org>
* BUG 13628: CVE-2018-16841: heimdal: Fix segfault on PKINIT with
mis-matching principal.
* BUG 13678: CVE-2018-16853: build: The Samba AD DC, when build with MIT
Kerberos is experimental
o Aaron Haslett <aaronhaslett@catalyst.net.nz>
* BUG 13600: CVE-2018-14629: dns: CNAME loop prevention using counter.
o Garming Sam <garming@catalyst.net.nz>
* BUG 13674: CVE-2018-16851: ldap_server: Check ret before manipulating blob.
#######################################
Reporting bugs & Development Discussion
#######################################
Please discuss this release on the samba-technical mailing list or by
joining the #samba-technical IRC channel on irc.freenode.net.
If you do report problems then please try to send high quality
feedback. If you don't provide vital information to help us track down
the problem then you will probably be ignored. All bug reports should
be filed under the "Samba 4.1 and newer" product in the project's Bugzilla
database (https://bugzilla.samba.org/).
======================================================================
== Our Code, Our Bugs, Our Responsibility.
== The Samba Team
======================================================================
----------------------------------------------------------------------
=============================
Release Notes for Samba 4.8.6
October 9, 2018
=============================
This is the latest stable release of the Samba 4.8 release series.
Changes since 4.8.5:
--------------------
o Paulo Alcantara <paulo@paulo.ac>
* BUG 13578: s3: util: Do not take over stderr when there is no log file.
o Jeremy Allison <jra@samba.org>
* BUG 13585: s3: smbd: Ensure get_real_filename() copes with empty pathnames.
o Ralph Boehme <slow@samba.org>
* BUG 13441: vfs_fruit: delete 0 byte size streams if AAPL is enabled.
* BUG 13549: s3:smbd: Durable Reconnect fails because cookie.allow_reconnect
is not set.
o Alexander Bokovoy <ab@samba.org>
* BUG 13539: krb5-samba: Interdomain trust uses different salt principal.
o Volker Lendecke <vl@samba.org>
* BUG 13362: Fix possible memory leak in the Samba process.
* BUG 13441: vfs_fruit: Don't unlink the main file.
* BUG 13602: smbd: Fix a memleak in async search ask sharemode.
o Stefan Metzmacher <metze@samba.org>
* BUG 11517: Fix Samba GPO issue when Trust is enabled.
* BUG 13539: samba-tool: Add virtualKerberosSalt attribute to 'user
getpassword/syncpasswords'.
o Andreas Schneider <asn@samba.org>
* BUG 13606: wafsamba: Fix 'make -j<jobs>'.
o Martin Schwenke <martin@meltin.net>
* BUG 13592: ctdbd logs an error until it can successfully connect to
eventd.
* BUG 13617: Fix race conditions in CTDB recovery lock.
#######################################
Reporting bugs & Development Discussion
#######################################
Please discuss this release on the samba-technical mailing list or by
joining the #samba-technical IRC channel on irc.freenode.net.
If you do report problems then please try to send high quality
feedback. If you don't provide vital information to help us track down
the problem then you will probably be ignored. All bug reports should
be filed under the "Samba 4.1 and newer" product in the project's Bugzilla
database (https://bugzilla.samba.org/).
======================================================================
== Our Code, Our Bugs, Our Responsibility.
== The Samba Team
======================================================================
----------------------------------------------------------------------
=============================
Release Notes for Samba 4.8.5
August 24, 2018
=============================
This is the latest stable release of the Samba 4.8 release series.
Changes since 4.8.4:
--------------------
o Jeremy Allison <jra@samba.org>
* BUG 13474: python: pysmbd: Additional error path leak fix.
* BUG 13511: libsmbclient: Initialize written value before use.
* BUG 13527: s3: libsmbclient: Fix cli_splice() fallback when reading less
than a complete file.
* BUG 13537: Using "sendfile = yes" with SMB2 can cause CPU spin.
o Andrew Bartlett <abartlet@samba.org>
* BUG 13519: ldb: Refuse to build Samba against a newer minor version of
ldb.
* BUG 13575: ldb: Release LDB 1.3.6.
o Bailey Berro <baileyberro@chromium.org>
* BUG 13511: libsmbclient: Initialize written in cli_splice_fallback().
o Ralph Boehme <slow@samba.org>
* BUG 13318: Durable Handles reconnect fails in a cluster when the cluster
fs uses different device ids.
* BUG 13351: s3: smbd: Always set vuid in check_user_ok().
* BUG 13441: vfs_fruit: Delete 0 byte size streams if AAPL is enabled.
* BUG 13451: Fail renaming file if that file has open streams.
* BUG 13505: lib: smb_threads: Fix access before init bug.
* BUG 13535: s3: smbd: Fix path check in
smbd_smb2_create_durable_lease_check().
o Alexander Bokovoy <ab@samba.org>
* BUG 13538: samba-tool trust: Support discovery via netr_GetDcName.
o Samuel Cabrero <scabrero@suse.de>
* BUG 13540: ctdb_mutex_ceph_rados_helper: Set SIGINT signal handler.
o David Disseldorp <ddiss@samba.org>
* BUG 13506: vfs_ceph: Don't lie about flock support.
* BUG 13540: Fix deadlock with ctdb_mutex_ceph_rados_helper.
o Amitay Isaacs <amitay@gmail.com>
* BUG 13493: ctdb: Fix build on FreeBSD and AIX.
o Volker Lendecke <vl@samba.org>
* BUG 13553: libsmb: Fix CID 1438243 (Unchecked return value), CID 1438244
(Unsigned compared against 0), CID 1438245 (Dereference before null check),
CID 1438246 (Unchecked return value).
* BUG 13584: vfs_fruit: Fix a panic if fruit_access_check detects a locking
conflict.
o Gary Lockyer <gary@catalyst.net.nz>
* BUG 13536: The current position in the dns name was not advanced past the
'.' character.
o Stefan Metzmacher <metze@samba.org>
* BUG 13308: samba-tool domain trust: Fix trust compatibility to Windows
Server 1709 and FreeIPA.
o Oleksandr Natalenko <oleksandr@redhat.com>
* BUG 13559: systemd: Only start smb when network interfaces are up.
o Noel Power <noel.power@suse.com>
* BUG 13553: Fix quotas with SMB2.
* BUG 13563: s3/smbd: Ensure quota code is only called when quota support
detected.
o Anoop C S <anoopcs@redhat.com>
* BUG 13204: s3/libsmb: Explicitly set delete_on_close token for rmdir.
o Andreas Schneider <asn@samba.org>
* BUG 13489: krb5_plugin: Install plugins to krb5 modules dir.
* BUG 13503: s3:winbind: Do not lookup local system accounts in AD.
o Martin Schwenke <martin@meltin.net>
* BUG 13499: Don't use CTDB_BROADCAST_VNNMAP.
* BUG 13500: ctdb-daemon: Only consider client ID for local database attach.
o Justin Stephenson <jstephen@redhat.com>
* BUG 13485: s3:client: Add "--quiet" option to smbclient.
o Ralph Wuerthner <ralph.wuerthner@de.ibm.com>
* BUG 13568: s3: vfs: time_audit: Fix handling of token_blob in
smb_time_audit_offload_read_recv().
#######################################
Reporting bugs & Development Discussion
#######################################
Please discuss this release on the samba-technical mailing list or by
joining the #samba-technical IRC channel on irc.freenode.net.
If you do report problems then please try to send high quality
feedback. If you don't provide vital information to help us track down
the problem then you will probably be ignored. All bug reports should
be filed under the "Samba 4.1 and newer" product in the project's Bugzilla
database (https://bugzilla.samba.org/).
======================================================================
== Our Code, Our Bugs, Our Responsibility.
== The Samba Team
======================================================================
----------------------------------------------------------------------
=============================
Release Notes for Samba 4.8.4
August 14, 2018
=============================
This is a security release in order to address the following defects:
o CVE-2018-1139 (Weak authentication protocol allowed.)
o CVE-2018-1140 (Denial of Service Attack on DNS and LDAP server.)
o CVE-2018-10858 (Insufficient input validation on client directory
listing in libsmbclient.)
o CVE-2018-10918 (Denial of Service Attack on AD DC DRSUAPI server.)
o CVE-2018-10919 (Confidential attribute disclosure from the AD LDAP
server.)
=======
Details
=======
o CVE-2018-1139:
Vulnerability that allows authentication via NTLMv1 even if disabled.
o CVE-2018-1140:
Missing null pointer checks may crash the Samba AD DC, both over
DNS and LDAP.
o CVE-2018-10858:
A malicious server could return a directory entry that could corrupt
libsmbclient memory.
o CVE-2018-10918:
Missing null pointer checks may crash the Samba AD DC, over the
authenticated DRSUAPI RPC service.
o CVE-2018-10919:
Missing access control checks allow discovery of confidential attribute
values via authenticated LDAP search expressions.
Changes since 4.8.3:
--------------------
o Jeremy Allison <jra@samba.org>
* BUG 13453: CVE-2018-10858: libsmb: Harden smbc_readdir_internal() against
returns from malicious servers.
o Andrew Bartlett <abartlet@samba.org>
* BUG 13374: CVE-2018-1140: ldbsearch '(distinguishedName=abc)' and DNS query
with escapes crashes, ldb: Release LDB 1.3.5 for CVE-2018-1140
* BUG 13552: CVE-2018-10918: cracknames: Fix DoS (NULL pointer de-ref) when
not servicePrincipalName is set on a user.
o Tim Beale <timbeale@catalyst.net.nz>
* BUG 13434: CVE-2018-10919: acl_read: Fix unauthorized attribute access via
searches.
o Günther Deschner <gd@samba.org>
* BUG 13360: CVE-2018-1139 libcli/auth: Do not allow ntlmv1 over SMB1 when it
is disabled via "ntlm auth".
o Andrej Gessel <Andrej.Gessel@janztec.com>
* BUG 13374: CVE-2018-1140 Add NULL check for ldb_dn_get_casefold() in
ltdb_index_dn_attr().
#######################################
Reporting bugs & Development Discussion
#######################################
Please discuss this release on the samba-technical mailing list or by
joining the #samba-technical IRC channel on irc.freenode.net.
If you do report problems then please try to send high quality
feedback. If you don't provide vital information to help us track down
the problem then you will probably be ignored. All bug reports should
be filed under the "Samba 4.1 and newer" product in the project's Bugzilla
database (https://bugzilla.samba.org/).
======================================================================
== Our Code, Our Bugs, Our Responsibility.
== The Samba Team
======================================================================
----------------------------------------------------------------------
=============================
Release Notes for Samba 4.8.3
June 26, 2018
=============================
This is the latest stable release of the Samba 4.8 release series.
Changes since 4.8.2:
--------------------
o Jeremy Allison <jra@samba.org>
* BUG 13428: s3: smbd: Fix SMB2-FLUSH against directories.
* BUG 13457: s3: smbd: printing: Re-implement delete-on-close semantics for
print files missing since 3.5.x.
* BUG 13474: python: Fix talloc frame use in make_simple_acl().
o Jeffrey Altman <jaltman@secure-endpoints.com>
* BUG 11573: heimdal: lib/krb5: Do not fail set_config_files due to parse
error.
o Andrew Bartlett <abartlet@samba.org>
* ldb: version 1.3.4
* BUG 13448: ldb: One-level search was incorrectly falling back to full DB
scan.
* BUG 13452: ldb: Save a copy of the index result before calling the
callbacks.
* BUG 13454: No Backtrace given by Samba's AD DC by default.
* BUG 13471: ldb_tdb: Use mem_ctx and so avoid leak onto long-term memory
on duplicated add.
o Ralph Boehme <slow@samba.org>
* BUG 13432: s3:smbd: Fix interaction between chown and SD flags.
o Günther Deschner <gd@samba.org>
* BUG 13437: Fix building Samba with gcc 8.1.
o Andrej Gessel <Andrej.Gessel@janztec.com>
* BUG 13475: Fix several mem leaks in ldb_index ldb_search ldb_tdb.
o Volker Lendecke <vl@samba.org>
* BUG 13331: libgpo: Fix the build --without-ads.
o Stefan Metzmacher <metze@samba.org>
* BUG 13369: Looking up the user using the UPN results in user name with the
REALM instead of the DOMAIN.
* BUG 13427: Fix broken server side GENSEC_FEATURE_LDAP_STYLE handling
(NTLMSSP NTLM2 packet check failed due to invalid signature!).
o Christof Schmitt <cs@samba.org>
* BUG 13446: smbd: Flush dfree memcache on service reload.
* BUG 13478: krb5_wrap: Fix keep_old_entries logic for older Kerberos
libraries.
o Andreas Schneider <asn@samba.org>
* BUG 13369: Looking up the user using the UPN results in user name with the
REALM instead of the DOMAIN.
* BUG 13437: Fix building Samba with gcc 8.1.
* BUG 13440: s3:utils: Do not segfault on error in DoDNSUpdate().
* BUG 13480: krb5_plugin: Add winbind localauth plugin for MIT Kerberos.
o Lukas Slebodnik <lslebodn@fedoraproject.org>
* BUG 13459: ldb: Fix memory leak on module context.
#######################################
Reporting bugs & Development Discussion
#######################################
Please discuss this release on the samba-technical mailing list or by
joining the #samba-technical IRC channel on irc.freenode.net.
If you do report problems then please try to send high quality
feedback. If you don't provide vital information to help us track down
the problem then you will probably be ignored. All bug reports should
be filed under the "Samba 4.1 and newer" product in the project's Bugzilla
database (https://bugzilla.samba.org/).
======================================================================
== Our Code, Our Bugs, Our Responsibility.
== The Samba Team
======================================================================
----------------------------------------------------------------------
=============================
Release Notes for Samba 4.8.2
May 16, 2018
=============================
This is the latest stable release of the Samba 4.8 release series.
Major bug fixes include:
------------------------
o After update to 4.8.0 DC failed with "Failed to find our own
NTDS Settings objectGUID" (bug #13335).
Changes since 4.8.1:
--------------------
o Jeremy Allison <jra@samba.org>
* BUG 13380: s3: smbd: Generic fix for incorrect reporting of stream dos
attributes on a directory.
* BUG 13412: ceph: VFS: Add asynchronous fsync to ceph module, fake using
synchronous call.
* BUG 13419: s3: libsmbclient: Fix hard-coded connection error return of
ETIMEDOUT.
o Andrew Bartlett <abartlet@samba.org>
* BUG 13306: ldb: Release ldb 1.3.3:
* Fix failure to upgrade to the GUID index DB format.
* Add tests for GUID index behaviour.
* BUG 13420: s4-lsa: Fix use-after-free in LSA server.
* BUG 13430: winbindd: Do re-connect if the RPC call fails in the passdb
case.
o Ralph Boehme <slow@samba.org>
* BUG 13416: s3:cleanupd: Sends MSG_SMB_UNLOCK twice to interested peers.
* BUG 13414: s3:cleanupd: Use MSG_SMB_BRL_VALIDATE to signal cleanupd
unclean process shutdown.
o David Disseldorp <ddiss@samba.org>
* BUG 13425: vfs_ceph: add fake async pwrite/pread send/recv hooks.
o Amitay Isaacs <amitay@gmail.com>
* BUG 13411: ctdb-client: Remove ununsed functions from old client code.
o Björn Jacke <bjacke@samba.org>
* BUG 13395: printing: Return the same error code as windows does on upload
failures.
o Gary Lockyer <gary@catalyst.net.nz>
* BUG 13335: After update to 4.8.0 DC failed with "Failed to find our own
NTDS Settings objectGUID".
o Stefan Metzmacher <metze@samba.org>
* BUG 13400: nsswitch: Fix memory leak in winbind_open_pipe_sock() when the
privileged pipe is not accessable.
* BUG 13420: s4:lsa_lookup: remove TALLOC_FREE(state) after all
dcesrv_lsa_Lookup{Names,Sids}_base_map() calls.
o Vandana Rungta <vrungta@amazon.com>
* BUG 13424: s3: VFS: Fix memory leak in vfs_ceph.
o Christof Schmitt <cs@samba.org>
* BUG 13407: rpc_server: Fix NetSessEnum with stale sessions.
o Andreas Schneider <asn@samba.org>
* BUG 13417: s3:smbspool: Fix cmdline argument handling.
#######################################
Reporting bugs & Development Discussion
#######################################
Please discuss this release on the samba-technical mailing list or by
joining the #samba-technical IRC channel on irc.freenode.net.
If you do report problems then please try to send high quality
feedback. If you don't provide vital information to help us track down
the problem then you will probably be ignored. All bug reports should
be filed under the "Samba 4.1 and newer" product in the project's Bugzilla
database (https://bugzilla.samba.org/).
======================================================================
== Our Code, Our Bugs, Our Responsibility.
== The Samba Team
======================================================================
----------------------------------------------------------------------
=============================
Release Notes for Samba 4.8.1
April 26, 2018
=============================
This is the latest stable release of the Samba 4.8 release series.
Changes since 4.8.0:
--------------------
o Jeremy Allison <jra@samba.org>
* BUG 13244: s3: ldap: Ensure the ADS_STRUCT pointer doesn't get freed on
error, we don't own it here.
* BUG 13270: s3: smbd: Fix possible directory fd leak if the underlying OS
doesn't support fdopendir().
* BUG 13319: Round-tripping ACL get/set through vfs_fruit will increase the
number of ACE entries without limit.
* BUG 13347: s3: smbd: SMB2: Add DBGC_SMB2_CREDITS class to specifically
debug credit issues.
* BUG 13358: s3: smbd: Files or directories can't be opened DELETE_ON_CLOSE
without delete access.
* BUG 13372: s3: smbd: Fix memory leak in vfswrap_getwd().
* BUG 13375: s3: smbd: Unix extensions attempts to change wrong field in
fchown call.
o Björn Baumbach <bb@sernet.de>
* BUG 13337: ms_schema/samba-tool visualize: Fix python2.6 incompatibility.
o Timur I. Bakeyev <timur@iXsystems.com>
* BUG 13352: Fix invocation of gnutls_aead_cipher_encrypt().
o Ralph Boehme <slow@samba.org>
* BUG 13328: Windows 10 cannot logon on Samba NT4 domain.
* BUG 13332: winbindd: Recover loss of netlogon secure channel in case the
peer DC is rebooted.
* BUG 13363: s3:smbd: Don't use the directory cache for SMB2/3.
o Amitay Isaacs <amitay@gmail.com>