Recent Releases
4.21.202 Dec 2024 09:05
minor feature:
Smbd fails to correctly check sharemode against OVERWRITE
Dispositions. Panic in _directory. winexe no longer works with samba 4.21. protocol error - Unclear demessage quot;pad length mismatch quot; for
Invalid bind packet. NetrGetLogonCapabilities QueryLevel 2 needs to be implemented. gss_accept_sec_context() from Heimdal does not imply
GSS_C_MUTUAL_FLAG with GSS_C_DCE_STYLE. winbindd should call process_set_title() for locator child. Update CTDB to track all TCP connections to public IP addresses.
4.21.127 Nov 2024 03:25
minor feature:
DH reconnect error handling can lead to stale sharemode entries. quot;inherit permissions = yes quot; triggers assert() in vfs_default
When creating a stream. Samba 4.21.0 broke FreeIPA domain member integration. Missing conversion for msDS-UserTGTLifetime, msDS-
ComputerTGTLifetime and msDS-ServiceTGTLifetime on quot;samba-tool.
Domain auth policy modify quot. irpc_destructor may crash during shutdown. DH reconnect error handling can lead to stale sharemode entries. Durable handle is not granted when a previous OPEN exists with
NoOplock. Durable handle is granted but reconnect fails. Disconnected durable handles with RH lease should not be purged
by a new non conflicting open. net ads testjoin and other commands use the wrong secrets.tdb in
a cluster. 4.21 using --with-system-mitkrb5 requires MIT krb5 1.16 as rfc
8009 etypes are used. VFS_OPEN_HOW_WITH_BACKUP_INTENT breaks shadow_copy2. Samba 4.20.0 DLZ module crashes BIND on startup. Cannot build libldb lmdb backend on a build without AD DC. Consistent log level for sighup handler.
4.21.022 Nov 2024 23:05
minor feature:
Incorrect FSCTL_QUERY_ALLOCATED_RANGES response when truncated. Bad variable definition for ParseTuple causing test failure for
Smb3UnixTests.test_create_context_reparse. Add new vfs_ceph module (based on low level API). samba-tool can not load the default configuration file. Crash when readlinkat fails. Can apos;t add/delete special keys to keytab for nfs, cifs, http etc. Compound SMB2 requests don apos;t return
NT_STATUS_NETWORK_SESSION_EXPIRED for all requests, confuses
MacOSX clients. Can apos;t add/delete special keys to keytab for nfs, cifs, http etc. --version-, Add new vfs_ceph module (based on low level API), --version-, ldb_version.h is missing from ldb public library, Can not add/delete special keys to keytab for nfs, cifs, http etc, Add new vfs_ceph module (based on low level API), --version-, undefined reference to winbind_lookup_name_ex.
per user veto and hide file syntax is to complex.
Can not add/delete special keys to keytab for nfs, cifs, http etc, per user veto and hide file syntax is to complex.
4.20.220 Jun 2024 10:45
minor feature:
Vfs_widelinks with DFS shares breaks case insensitivity. Samba build is not reproducible. ldb qsort might r/w out of bounds with an intransitive compare
Function. Many qsort() comparison functions are non-transitive, which can
Lead to out-of-bounds access in some circumstances. Need to change gitlab-ci.yml tags in all branches to avoid CI
Bill. We have added new options --vendor-name and --vendor-patch-
Revision arguments to./configure to allow distributions and packagers to
Put their name in the Samba version string so that when deging Samba the
Source of the binary is obvious. CTDB RADOS mutex helper misses namespace support. Dynamic DNS updates with the internal DNS are not working. netr_LogonSamLogonEx returns NR_STATUS_ACCESS_DENIED with
SysvolReady=0. Anonymous smb3 signing/encryption should be allowed (similar to
Windows Server 2022). Panic in dreplsrv_op_pull_source_apply_changes_trigger. s4:nbt_server: does not provide unexpected handling, so winbindd.
Can apos;t use nmb requests instead cldap. winbindd, net ads join and other things don apos;t work on an ipv6
Only host. Segmentation fault when deleting files in vfs_recycle. Panic in vfs_offload_token_db_fetch_fsp(). quot;client use kerberos quot; and --use-kerberos is ignored for the
Machine account. Regression DFS not working with widelinks = true. samba-gpupdate - Invalid NtVer in netlogon_samlogon_response. idmap_ad creates an incorrect local krb5.conf in case of trusted
Domain lookups. The images don apos;t build after the git security release and CentOS
8 Stream is EOL.
4.20.109 May 2024 08:25
minor feature:
Dns update demessage is too noisy. Do not fail PAC validation for RFC8009 checksums types. Improve performance of lookup_groupmem() in idmap_ad. Smbcacls incorrectly propagates inheritance with Inherit-Only
Flag. http library doesn apos;t support apos;chunked transfer encoding apos. Provide a systemd service file for the background queue daemon.
4.20.028 Mar 2024 10:25
minor feature:
Avoid null-dereference with bad claims. ndr_pull_security_ace can leave resource attribute ACE coda
Claim struct undefined. fd_handle_destructor() panics within an smbd_smb2_() if
Vfs_stat_fsp() fails in fd_(). set_nt_acl sometimes fails with NT_STATUS_INVALID_PARAMETER -
Openat() EACCES. fd_handle_destructor() panics within an smbd_smb2_() if
Vfs_stat_fsp() fails in fd_(). libgpo: Segfault in python bindings. Samba AD is missing some authentication policy tests. samba-gpupdate: Correctly implement site support. Remove unsupported quot;Final quot; keyword missing from Python 3.6. Additional witness backports for 4.20.0. Error output with wspsearch. Packet marshalling push support missing for
CTDB_CONTROL_TCP_CLIENT_DISCONNECTED and
CTDB_CONTROL_TCP_CLIENT_PASSED. Remove unsupported quot;Final quot; keyword missing from Python 3.6. Performance regression for NDR parsing of security descriptors. Build and install man page for wspsearch client utility. samba-gpupdate logging doesn apos;t work.
4.19.520 Feb 2024 06:05
minor feature:
Windows 2016 fails to restore previous version of a file from a
Shadow_copy2 snapshot. Symlinks on AIX are broken in 4.19 (and a few version before
That). Fake directory create times has no effect. ctime mixed up with mtime by smbd. samba-gpupdate --rsop fails if machine is not in a site. gpupdate: The root cert import when NDES is not available is
Broken. samba-gpupdate should print a useful message if cepces-submit
Can apos;t be found. samba-gpupdate logging doesn apos;t work. smbpasswd reset permissions only if not 0600.
4.19.430 Jan 2024 18:45
minor feature:
Net changesecretpw cannot set the machine account password if
Secrets.tdb is empty. For generating doc, take, if defined, env XML_CATALOG_FILES. Trivial C typo in nsswitch/winbind_nss_netbsd.c. vfs_linux_xfs is incorrectly named. systemd stumbled over copyright-message at smbd startup. Following intermediate abolute share-local symlinks is broken. ctdb RELEASE_IP causes a crash in release_ip if a connection to
a non-public address disconnects first. shadow_copy2 broken when current fileset apos;s directories are.
Removed. systemd stumbled over copyright-message at smbd startup. ctdb RELEASE_IP causes a crash in release_ip if a connection to
a non-public address disconnects first. smbd does not detect ctdb public ipv6 addresses for multichannel.
Exclusion. apos;force user = localunixuser apos; doesn apos;t work if apos;allow trusted
Domains = no apos; is set. smbget delogging doesn apos;t work. smget: username in the smburl and interactive password entry
Doesn apos;t work. smbget auth function doesn apos;t set values for password prompt
Correctly. ctdb RELEASE_IP causes a crash in release_ip if a connection to
a non-public address disconnects first. Unable to copy and write files from clients to Ceph cluster via
SMB Linux gateway with Ceph VFS module. Multichannel refresh network information.
4.19.328 Nov 2023 06:45
minor feature:
Sid_strings test broken by unix epoch gt; 1700000000. smbd crashes if asked to return full information on of a
Stream handle with delete on disposition set. smbd: order of base_fsp and stream_fsp in
Smb_fname_fsp_destructor(). Improve logging for failover scenarios. Files without quot;read attributes quot; NFS4 ACL permission are not
Listed in directories. CVE-2018-14628 SECURITY Deleted Object tombstones visible in
AD LDAP to normal users. Kerberos TGS-REQ with User2User does not work for normal.
Accounts. vfs_gpfs stat calls fail due to file system permissions. Samba doesn apos;t build with Python 3.12.
4.19.217 Oct 2023 06:45
minor feature:
Use-after-free in aio_del_req_from_fsp during smbd shutdown
After failed IPC FSCTL_PIPE_TRANSCEIVE. clidfs.c do_connect() missing a quot;return quot; after a cli_shutdown()
Call. macOS mdfind returns only 50 results. GETREALFILENAME_CACHE can modify incoming new filename with
Previous cache entry value. libnss_winbind causes memory corruption since samba-4.18,
Impacts sendmail, zabbix, potentially more. ctdbd: setproctitle not initialized messages flooding logs. CVE-2023-5568 Heap buffer overflow with freshness tokens in the
Heimdal KDC in Samba 4.19.
The heimdal KDC doesn apos;t detect s4u2self correctly when fast is
in use.
4.19.005 Sep 2023 03:45
minor feature:
File doesn apos;t show when user doesn apos;t have permission if
Aio_pthread is loaded. ctdb_killtcp fails to work with --enable-pcap and libpcap
1.9.1. Logging to stdout/stderr with DE_SYSLOG_FORMAT_ALWAYS can log
to syslog. samba-tool domain level raise fails unless given a URL. reply_sesssetup_and_X() can dereference uninitialized tmp.
Pointer. missing return in reply_exit_done(). TREE_CONNECT without SETUP causes smbd to use uninitialized
Pointer. Avoid infinite loop in initial user sync with Azure AD Connect
When synchronising a large Samba AD domain. Samba replication logs show (null) DN. 2-3min delays at reconnect with smb2_validate_sequence_number:
Bad message_id 2. DCERPC_PKT_CO_CANCEL and DCERPC_PKT_ORPHANED can apos;t be parsed. CID 1539212 causes real when output contains only
Newlines. KDC encodes INT64 claims incorrectly. mdssvc: Do an early talloc_free() in _mdssvc_open(). Windows client join fails if a second container CN=System exists
Somewhere. regression DFS not working with widelinks = true. Windows client join fails if a second container CN=System exists
Somewhere. Heimdal fails to build on 32-bit FreeBSD. samba-tool ntacl get segfault if aio_pthread appended.
4.18.617 Aug 2023 06:45
minor feature:
Reply_sesssetup_and_X() can dereference uninitialized tmp
Pointer. Missing return in reply_exit_done(). post-exec password redaction for samba-tool is more reliable for
Fully random passwords as it no longer uses regular expressions
Containing the password value itself. Windows client join fails if a second container CN=System exists
Somewhere. Spotlight sometimes returns no results on latest macOS. Renaming results in NT_STATUS_SHARING_VIOLATION if previously
Attempted to remove the destination. Spotlight results return wrong date in result list. quot;net offlinejoin provision quot; does not work as non-root user. rpcserver no longer accepts double backslash in dfs pathname. cm_prepare_connection() calls (fd) for the second time. 2-3min delays at reconnect with smb2_validate_sequence_number:
Bad message_id 2. samba-tool ntacl get segfault if aio_pthread appended. DCERPC_PKT_CO_CANCEL and DCERPC_PKT_ORPHANED can apos;t be parsed. Python tarfile extraction needs change to avoid a warning
CVE-2007-4559 mitigation). Regression DFS not working with widelinks = true. Windows client join fails if a second container CN=System exists.
Somewhere. samba-tool ntacl get segfault if aio_pthread appended. mdssvc: Do an early talloc_free() in _mdssvc_open().
4.18.520 Jul 2023 03:16
minor feature:
CVE-2022-2127. CVE-2023-34966. CVE-2023-34967. CVE-2023-34968. CVE-2023-3347. CVE-2022-2127. Secure channel faulty since Windows 10/11 update 07/2023.
4.18.406 Jul 2023 03:16
minor feature:
Backport --pidl-developer. Named crashes on DLZ zone update. smbcacls and smbcquotas do not check // before the server. cli_list loops 100 CPU against pre-lanman2 servers. smbclient leaks fds with showacls. smbd returns NOT_FOUND when creating files on a r/o filesystem. NSS_WRAPPER_HOSTNAME doesn apos;t match NSS_WRAPPER_HOSTS entry and
Causes test timeouts. net ads lookup (with unspecified realm) fails. Register Samba processes with GPFS. Python tarfile extraction needs change to avoid a warning
CVE-2007-4559 mitigation). The winbind child segfaults when listing users with `winbind.
Scan trusted domains = yes`. Remove comments about deprecated apos;write cache size apos. smbget memory leak if failed to download files recursively.
4.18.301 Jun 2023 03:25
minor feature:
Symlinks to files can have random DOS mode information in a
Directory listing. vfs_fruit might cause a failing open for delete. winbind recurses into itself via rpcd_lsad. wbinfo -u fails on ad dc with gt;1000 users. DS ACEs might be inherited to unrelated object classes. a lot of messages: get_static_share_mode_data:
Get_static_share_mode_data_fn failed: NT_STATUS_NOT_FOUND. aes256 smb3 encryption algorithms are not allowed in
Smb3_sid_parse(). Setting veto files = /. quot;samba-tool domain provision quot; does not run interactive mode if
no arguments are given. dsgetdcname: assumes local system uses IPv4.
4.18.220 Apr 2023 03:16
minor feature:
Log flood: smbd_calculate_access_mask_fsp: Access denied:
Message level should be lower. Floating point exception (FPE) via cli_pull_send at
Source3/libsmb/clireadwrite.c. test_tstream_more_tcp_user_timeout_spin fails intermittently on
Rackspace GitLab runners. Reduce flapping of ridalloc test. large_ldap test is unreliable. New filename parser doesn apos;t check veto files smb.conf parameter. mdssvc may crash when initializing. large directory optimization broken for non-lcomp path elements. streams_depot fails to create streams. shadow_copy2 and streams_depot don apos;t play well together. Flapping tests in samba_tool_drs_show_repl.py. winbindd idmap child contacts the domain controller without a.
Need. idmap_autorid may fail to map sids of trusted domains for the
First time. idmap_hash doesn apos;t use ID_TYPE_BOTH for reverse mappings. net ads search -P doesn apos;t work against servers in other domains. Temporary smbXsrv_tcon_global.tdb can apos;t be parsed. Flapping tests in samba_tool_drs_show_repl.py. Tests use depricated and removed methods like
AssertRegexpMatches.
4.18.130 Mar 2023 03:16
minor feature:
CVE-2023-0225. CVE-2023-0614. ldb wildcard matching makes excessive allocations. large_ldap test is inefficient. CVE-2023-0922. CVE-2023-0614. CVE-2023-0225.
4.18.009 Mar 2023 07:25
minor feature:
Streams_xattr is creating unexpected locks on folders. New samba-dcerpc architecture does not scale gracefully. Avoid that tests fail because other tests didn apos;t do cleanup on
Failure. fd_load() function implicitly the fd where it should not. Improve file_modtime() and around smb3 unix test. Spotlight doesn apos;t work with latest macOS Ventura. Build failure on solaris with tevent 0.14.0 (and ldb 2.7.0).
tevent 0.14.1 and ldb 2.7.1 are already released...), vfs_ceph incorrectly uses fsp_get_io_fd() instead of.
Fsp_get_pathref_fd() in and fstat. test_chdir_cache.sh doesn apos;t work with SMBD_DONT_LOG_STDOUT=1. Improve file_modtime() and around smb3 unix test. Office365 azure Password Sync not working. auth3_generate_session_info_pac leaks wbcAuthUserInfo. With clustering enabled samba-bgqd can core dump due to use
After free.
4.17.517 Feb 2023 06:45
minor feature:
Smbc_getxattr() return value is incorrect. Compound SMB2 FLUSH+requests from MacOSX are not handled
Correctly. synthetic_pathref AFP_AfpInfo failed errors. samba-tool gpo listall fails IPv6 only - finddcs() fails to find
DC when there is only an AAAA record for the DC in DNS. smbd crashes if an FSCTL request is done on a stream handle. DFS links don apos;t work anymore on Mac clients since 4.17. vfs_virusfilter segfault on access, directory edgecase.
accessing NULL value). CVE-2022-38023 SECURITY Samba should refuse RC4 (aka md5).
Based SChannel on NETLOGON (additional changes). U for include directive doesn apos;t work for share listing
netshareenum). Shares missing from netshareenum response in samba 4.17.4. ctdb: use-after-free in run_proc. U for include directive doesn apos;t work for share listing.
netshareenum). Shares missing from netshareenum response in samba 4.17.4. irpc_destructor may crash during shutdown. auth3_generate_session_info_pac leaks wbcAuthUserInfo. smbclient segfaults with use after free on an optimized build. smbstatus leaking files in msg.sock and msg.lock. Leak in wbcCtxPingDc2. Access based share enum does not work in Samba 4.16+. Crash during share enumeration. rep_listxattr on FreeBSD does not properly check for reads off.
End of returned buffer. Avoid relying on C89 features in a few places.
4.17.416 Dec 2022 06:25
minor feature:
Pam_winbind uses time_t and pointers assuming they are of the
Same size. CVE-2022-44640 SECURITY Upstream Heimdal free of
User-controlled pointer in FAST. Heimdal session key selection in AS-REQ examines wrong entry. CVE-2022-37966. filter-subunit is inefficient with large numbers of knownfails. CVE-2022-38023. smbd allows setting FILE_ATTRIBUTE_TEMPORARY on directories. The KDC logic arround msDs-supportedEncryptionTypes differs from
Windows. CVE-2021-20251 SECURITY Bad password count not incremented.
Atomically. CVE-2022-42898 SECURITY krb5_pac_parse() buffer parsing
Vulnerability. libnet: change_password() doesn apos;t work with
Dcerpc_samr_ChangePasswordUser4(). Heimdal session key selection in AS-REQ examines wrong entry. Memory leak in snprintf replacement functions. CVE-2022-37966. CVE-2022-38023. RODC doesn apos;t reset badPwdCount reliable via an RWDC
CVE-2021-20251 regression). pam_winbind uses time_t and pointers assuming they are of the.
Same size. Prevent EBADF errors with vfs_glusterfs. CVE-2022-37966. U for include directive doesn apos;t work for share listing
netshareenum). Stack smashing in net offlinejoin requestodj. Windows 11 22H2 and Samba-AD 4.15 Kerberos login. Heimdal session key selection in AS-REQ examines wrong entry. CVE-2022-37967. CVE-2022-37966. CVE-2022-44640 SECURITY Upstream Heimdal free of.
User-controlled pointer in FAST.
4.17.120 Oct 2022 03:17
minor feature:
CVE-2021-20251 SECURITY Bad password count not incremented
Atomically. smbXsrv_connection_shutdown_send result leaked. Flush on a named stream never completes. Permission denied calling SMBC_getatr when file not exists. Samba 4.5 sometimes cannot be upgraded to Samba 4.6 or later
Over DRS: WERROR_DS_DRA_MISSING_PARENT due to faulty GET_ANC. pytest: add file removal helpers for TestCaseInTempDir. CVE-2021-20251 SECURITY Bad password count not incremented
Atomically. Samba 4.5 sometimes cannot be upgraded to Samba 4.6 or later.
Over DRS: WERROR_DS_DRA_MISSING_PARENT due to faulty GET_ANC. Flush on a named stream never completes. vfs_gpfs silently garbles timestamps gt; year 2106. CVE-2021-20251 SECURITY Bad password count not incremented
Atomically. multi-channel socket passing may hit a race if one of the
Involved processes already existed. memory leak on temporary of struct imessaging_post_state and
Struct tevent_immediate on struct imessaging_context (in
Rpcd_spoolss and maybe others). Since popt1.19 various use after free errors using result of
PoptGetArg are now exposed. Remove special case for O_CREAT in SMB_VFS_OPENAT from
Vfs_glusterfs. GETPWSID in memory cache grows indefinetly with each NTLM auth. CVE-2021-20251 SECURITY Bad password count not incremented
Atomically.
4.17.014 Sep 2022 00:05
minor feature:
Acl_xattr VFS module may unintentionally use filesystem
Permissions instead of ACL from xattr. Missing SMB2-GETINFO access checks from MS-SMB2 3.3.5.20.1. assert failed: !is_named_stream(smb_fname) quot;) at
lib/util/fault.c:197. acl_xattr VFS module may unintentionally use filesystem.
Permissions instead of ACL from xattr. assert failed: !is_named_stream(smb_fname) quot;) at
lib/util/fault.c:197. Cross-node multi-channel reconnects result in SMB2 Negotiate.
Returning NT_STATUS_NOT_SUPPORTED. winbind at info level decan coredump when processing
Wb_lookupusergroups. Make use of glfs_, Possible use after free of connection_struct when iterating
Smbd_server_connection- gt;connections. `net usershare add` fails with flag works with --long but fails
With -l. acl_xattr VFS module may unintentionally use filesystem
Permissions instead of ACL from xattr. Performance regression on contended path based operations. Missing READ_LEASE break could cause data corruption. libsamba-errors uses a wrong version number. SMB1 negotiation can fail to handle connection errors. New filename parser doesn apos;t check veto files smb.conf parameter. 4.17.rc1 still uses symlink-race prone unix_convert()
Backport fileserver related changed to 4.17.0rc2, Manpage for smbstatus json is missing, Backport fileserver related changed to 4.17.0rc2, Performance regression on contended path based operations.
Backport fileserver related changed to 4.17.0rc2, found by coverity in smbstatus json code.
Backport fileserver related changed to 4.17.0rc2.
4.16.508 Sep 2022 08:25
minor feature:
Possible use after free of connection_struct when iterating
Smbd_server_connection- gt;connections. Spotlight RPC service returns wrong response when Spotlight is
Disabled on a share. acl_xattr VFS module may unintentionally use filesystem
Permissions instead of ACL from xattr. Missing SMB2-GETINFO access checks from MS-SMB2 3.3.5.20.1. assert failed: !is_named_stream(smb_fname) quot;) at
lib/util/fault.c:197. Missing READ_LEASE break could cause data corruption. rpcclient can crash using setuserinfo(2). Samba fails to build with glibc 2.36 caused by including.
lt;sys/mount.h gt; in libreplace. SMB1 negotiation can fail to handle connection errors. samba-tool domain join segfault when joining a samba ad domain.
4.16.428 Jul 2022 03:16
minor feature:
CVE-2022-32742. CVE-2022-32746. CVE-2022-2031. CVE-2022-32745. CVE-2022-32746. CVE-2022-2031. CVE-2022-32744.
4.16.319 Jul 2022 03:17
minor feature:
Using vfs_streams_xattr and deleting a file causes a panic. Add support for bind 9.18. logging dsdb audit to specific files does not work. Problem when winbind renews Kerberos. Samba with new lorikeet-heimdal fails to build on gcc 12.1 in
Developer mode. Crash in streams_xattr because fsp- gt;base_fsp- gt;fsp_name is NULL. Crash in rpcd_classic - NULL pointer deference in
Mangle_is_mangled(). smbclient commands del amp; deltree fail with
NT_STATUS_OBJECT_PATH_NOT_FOUND with DFS. check for chown when processing NFSv4 ACL. The pcap background queue process should not be stopped. testparm: typo in idmap rangesize check. net ads info returns LDAP server and LDAP server name as null. ldconfig: /lib64/libsmbconf.so.0 is not a symbolic link. CTDB child process logging does not work as expected.
4.16.214 Jun 2022 03:16
minor feature:
Use pathref fd instead of io fd in vfs_default_durable_cookie. vfs_gpfs with vfs_shadowcopy2 fail to restore file if original
File had been deleted. netgroups support removed. net ads info shows LDAP Server: 0.0.0.0 depending on contacted
Server. Update from 4.15 to 4.16 breaks discovery of homes on
Standalone server from Win and IOS. waf produces incorrect names for python extensions with Python
3.11. smbclient -E doesn apos;t work as advertised. waf produces incorrect names for python extensions with Python
3.11. The samba background daemon doesn apos;t refresh the printcap cache
on startup. Out-by-4 error in smbd read reply max_send clamp.
4.16.103 May 2022 03:16
minor feature:
Share and server swapped in smbget password prompt. Durable handles won apos;t reconnect if the leased file is written
to. rmdir silently fails if directory contains unreadable files and.
Hide unreadable is yes. SMB2__FLAGS_FULL_INFORMATION fails to return information on
Renamed file handle. Need to describe --builtin-libraries= better (compare with
bundled-libraries). vfs_shadow_copy2 breaks quot;smbd async dosmode quot; sync fallback. shadow_copy2 fails listing snapshotted dirs with.
Shadow:inodes. PAM Kerberos authentication incorrectly fails with a clock skew
Error. Username map - samba erroneously applies unix group memberships
to user account entries. KVNO off by 100000. Uninitialized litemask in variable in vfs_gpfs module. vfs_gpfs recalls=no option prevents listing files. smbd doesn apos;t handle UPNs for looking up names.
4.16.005 Apr 2022 07:25
minor feature:
Memory leak in FAST cookie handling. NT_STATUS_ACCESS_DENIED translates into EPERM instead of EACCES
in SMBC_server_internal. Simple bind doesn apos;t work against an RODC (with non-preloaded.
Users). Crash of winbind on RODC. LDAP simple binds should honour quot;old password allowed period quot. S4U2Self requests don apos;t work against servers without FAST
Support. wbinfo -a doesn apos;t work reliable with upn names. A cross-realm kerberos client exchanges fail using KDCs with and
Without FAST. PKINIT: hdb_samba4_audit: Unhandled hdb_auth_status=9 = gt;
INTERNAL_ERROR. Simple bind doesn apos;t work against an RODC (with non-preloaded.
Users). Regression: create krb5 conf = yes doesn apos;t work with a single
KDC. PKINIT: hdb_samba4_audit: Unhandled hdb_auth_status=9 = gt;
INTERNAL_ERROR. Samba does not response STATUS_INVALID_PARAMETER when opening 2.
Objects with same lease key. Listing shares with smbstatus no longer works. ldap simple bind with TLS auditing. Use Heimdal 8.0 (pre) rather than an earlier snapshot. a use-after-free in SMB1 server. Uncached logon on RODC always fails once. Changing the machine password against an RODC likely destroys
The domain join. authsam_make_user_info_dc() steals memory from its struct
Ldb_message, Use Heimdal 8.0 (pre) rather than an earlier snapshot. Use Heimdal 8.0 (pre) rather than an earlier snapshot. Problem when winbind renews Kerberos. DFS for AIX broken. Solaris and AIX acl modules: wrong function arguments. Function aixacl_sys_acl_get_file not declared / coredump. Samba autorid fails to map AD users if id rangesize fits in the
id range only once. CTDB can get stuck in election and recovery. Renaming file on DFS root fails with
NT_STATUS_OBJECT_PATH_NOT_FOUND. NT error code is not set when overwriting a file during rename
in libsmbclient. net ads info shows LDAP Server: 0.0.0.0 depending on contacted.
Server. virusfilter_vfs_openat: Not scanned: Directory or special file. Regression: Samba 4.15.2 on macOS segfaults i
4.15.616 Mar 2022 07:05
minor feature:
Renaming file on DFS root fails with
NT_STATUS_OBJECT_PATH_NOT_FOUND. Samba does not response STATUS_INVALID_PARAMETER when opening 2.
Objects with same lease key. NT error code is not set when overwriting a file during rename
in libsmbclient. ldap simple bind with TLS auditing. net ads info shows LDAP Server: 0.0.0.0 depending on contacted.
Server. Problem when winbind renews Kerberos. pam_winbind will not allow gdm login if password about to expire. virusfilter_vfs_openat: Not scanned: Directory or special file. DFS for AIX broken. Solaris and AIX acl modules: wrong function arguments. Function aixacl_sys_acl_get_file not declared / coredump. Regression: Samba 4.15.2 on macOS segfaults intermittently
During strcpy in tdbsam_getsampwnam. a use-after-free in SMB1 server. smb2_signing_decrypt_pdu() may not decrypt with
Gnutls_aead_cipher_decrypt() from gnutls before 3.5.2. changing the machine password against an RODC likely destroys
The domain join. authsam_make_user_info_dc() steals memory from its struct
Ldb_message, Use Heimdal 8.0 (pre) rather than an earlier snapshot. Samba autorid fails to map AD users if id rangesize fits in the
id range only once.
4.15.420 Jan 2022 03:16
minor feature:
Duplicate SMB file_ids leading to Windows client cache
Poisoning. smbclient -L doesn apos;t set quot;client max protocol quot; to NT1 before
Calling the quot;Reconnecting with SMB1 for workgroup listing quot; path. Missing pop_sec_ctx() in error path inside _directory(). Cross device copy of the crossrename module always fails. symlinkat function from VFS cap module always fails with an
Error. possible fsp pointer deference. kill_tcp_connections does not work. Failed to parse NTLMv2_RESPONSE length 95 - Buffer Size Error -
NT_STATUS_BUFFER_TOO_SMALL. Can apos;t connect to Windows shares not requiring authentication.
Using KDE/Gnome. quot;smbd --build-options quot; no longer works without an smb.conf file. Duplicate SMB file_ids leading to Windows client cache
Poisoning.
4.15.309 Dec 2021 07:05
minor feature:
Recursive directory delete with veto files is broken in 4.15.0. A directory containing dangling symlinks cannot be deleted by
SMB2 alone when they are the only entry in the directory. SIGSEGV in rmdir_internals/synthetic_pathref - dirfsp is used.
Uninitialized in rmdir_internals(). MaxQueryDuration not honoured in Samba AD DC LDAP. The CVE-2020-25717 username map script advice has undesired
Side effects for the local nt token. User with multiple spaces (eg Fred lt;space gt; lt;space gt;Nurk) become
un-deletable. Avoid storing NTTIME_THAW (-2) as value on disk. smbXsrv_client_global record validation leads to crash if.
Existing record points at non-existing process. Crash in vfs_fruit asking for fsp_get_io_fd() for an XATTR call. Samba process doesn apos;t log to logfile. set_ea_dos_attribute() fallback calling
Get_file_handle_for_metadata() triggers locking.tdb assert. Kerberos authentication on standalone server in MIT realm
Broken. Segmentation fault when joining the domain. Support for ROLE_IPA_DC is incomplete. rpcclient cannot connect to ncacn_ip_tcp services anymore
winexe crashes since 4.15.0 after popt parsing. net ads status -P broken in a clustered environment. Memory leak if ioctl(FSCTL_VALIDATE_NEGOTIATE_INFO) fails before.
Smbd_smb2_ioctl_send. smbXsrv_client_global record validation leads to crash if
Existing record points at non-existing process. winbindd doesn apos;t start when quot;allow trusted domains quot; is off. The CVE-2020-25717 username map script advice has undesired
Side effects for the local nt token. rpcclient cannot connect to ncacn_ip_tcp services anymore. smbclient login without password using apos;-N apos; fails with
NT_STATUS_INVALID_PARAMETER on Samba AD DC. A schannel client incorrectly detects a downgrade connecting to
an AES only server. Possible null pointer dereference in winbind. -k legacy option for client tools like smbclient, rpcclient.
Net, etc. Add Debian 11 CI bootstrap support. MaxQueryDuration not honoured in Sa
4.15.128 Oct 2021 03:16
minor feature:
Vfs_shadow_copy2: core dump in make_relative_path. Log clutter from filename_convert_internal. MacOSX compilation. rodc_rwdc test flaps. Provide a for MS CVE-2020-17049 in Samba SECURITY apos;Bronze
Bit apos; S4U2Proxy Constrained Delegation bypass in Samba with embedded
Heimdal. Python ldb.msg_diff() memory handling failure. quot;in quot; operator on ldb.Message is case sensitive. Release LDB 2.4.1 for Samba 4.15.1. samldb_krbtgtnumber_available() looks for incorrect string. Samba support for UF_NO_AUTH_DATA_REQUIRED. Allow special chars like quot;@ quot; in samAccountName when generating.
The salt. Correctly ignore comments in CTDB public addresses file. Provide a for MS CVE-2020-17049 in Samba SECURITY apos;Bronze
Bit apos; S4U2Proxy Constrained Delegation bypass in Samba with embedded
Heimdal. transit path validation. that child winbindd logs to log.winbindd instead of.
Log.wb- lt;DOMAIN gt. Provide a for MS CVE-2020-17049 in Samba SECURITY apos;Bronze
Bit apos; S4U2Proxy Constrained Delegation bypass in Samba with embedded
Heimdal. SMB3 cancel requests should only include the MID together with
AsyncID when AES-128-GMAC is used. MacOSX compilation. Prepare to operate with MIT krb5 gt;= 1.20. Correctly ignore comments in CTDB public addresses file. Provide a for MS CVE-2020-17049 in Samba SECURITY apos;Bronze.
Bit apos; S4U2Proxy Constrained Delegation bypass in Samba with embedded
Heimdal. Python ldb.msg_diff() memory handling failure. quot;in quot; operator on ldb.Message is case sensitive. Heimdal prefers RC4 over AES for machine accounts. rodc_rwdc test flaps. Samba support for UF_NO_AUTH_DATA_REQUIRED. Allow special chars like quot;@ quot; in samAccountName when generating.
The salt. Provide a for MS CVE-2020-17049 in Samba SECURITY apos;Bronze
Bit apos; S4U2Proxy Constrained Delegation bypass in Samba with embedded
Heimdal.
4.15.021 Sep 2021 07:25
minor feature:
All the ways to specify a password are not documented. vfs_btrfs compression support broken. Problems with commandline parsing. smbd crashes when quot;ea support quot; is set to no. quot; client,server smb3 signing,encryption algorithms quot; should
Use the same strings as smbstatus output. Problems with commandline parsing. smbd fails to run as root because it belongs to more than 16
Groups on MacOS X. CTDB flag/status update race conditions. Address a signifcant performance regression in database access
in the AD DC since Samba 4.12. performance regression in lsa_LookupSids3/LookupNames4 since
Samba 4.9 by using an explicit database handle cache. An unuthenticated user can crash the AD DC KDC by omitting the.
Server name in a TGS-REQ. Address flapping samba_tool_drs_showrepl test. Address flapping dsdb_schema_attributes test. An unuthenticated user can crash the AD DC KDC by omitting the
Server name in a TGS-REQ. An unuthenticated user can crash the AD DC KDC by omitting the
Server name in a TGS-REQ. An unuthenticated user can crash the AD DC KDC by omitting the
Server name in a TGS-REQ. An unuthenticated user can crash the AD DC KDC by omitting the
Server name in a TGS-REQ. Shares with variable substitutions cause core dump upon
Connection from MacOS Big Sur 11.5.2. pathref open of a filesystem fifo in the DISABLE_OPATH
Build. A subset of tests from Samba apos;s selftest system were not being
Run, while others were run twice. Some VFS operations on pathref (O_PATH) handles fail on GPFS. net conf list crashes when run as normal user, smbd/winbindd started in daemon mode generate output on
Stderr/stdout. winbindd can crash because idmap child state is not fully
Initialized. Some VFS operations on pathref (O_PATH) handles fail on GPFS. util_sock: assignment of sa_socklen. vfs_streams_depot directory creation permissions and store
Location problems. vfs_ceph openat() doesn apos;t cope with dirfsp != AT_FDCW. smbd panic on force-share during offload write. OpenDi
4.14.725 Aug 2021 10:45
minor feature:
Smbd panic on force-share during offload write. smbd should support copy_file_range() for FSCTL_SRV_COPYCHUNK. returned attributes on fake quota file handle and avoid
Hitting the VFS. vfs_shadow_copy2 inodes not correctly updating inode
Numbers. build on Solaris. Make dos attributes available for unreadable files. Work around special SMB2 READ response behavior of NetApp Ontap
7.3.7. Start the SMB encryption as soon as possible.
4.14.614 Jul 2021 03:16
minor feature:
s3: lib: talloc heirarcy error in parent_smb_fname(). smbd: pathref unlinking in create_file_unixpath(). s3: VFS: default: Add proc_fd apos;s fallback for vfswrap_fchown(). s3: smbd: Remove erroneous TALLOC_FREE(smb_fname_parent) in
Change_file_owner_to_parent() error path. NT_STATUS_FILE_IS_A_DIRECTORY error messages when using
Glusterfs VFS module. s3/modules: fchmod: Fallback to path based chmod if pathref. Spotlight RPC service doesn apos;t work with vfs_glusterfs. gensec_krb5: Restore ipv6 support for kpasswd. smbXsrv_ open,session,tcon : protect
SmbXsrv_ open,session,tcon _global_traverse_fn against invalid records. samba-tool domain backup offline doesn apos;t work against bind DLZ
Backend. netcmd: Use next_free_rid() function to calculate a SID for
Restoring a backup.
4.14.502 Jun 2021 03:15
minor feature:
s3: smbd: SMB1 SMBsplwr doesn apos;t send a reply packet on success. s3: smbd: Ensure POSIX default ACL is mapped into returned
Windows ACL for directory handles. s3: smbd: uninitialized memory read in.
Process_symlink_open() when used with vfs_shadow_copy2(). docs: Expand the quot;log level quot; docs on audit logging. smbd: Correctly initialize timestamp fields. gcc11 compiler. docs-xml: Update smbcacls manpage. docs: Update list of available commands in rpcclient. ctdb: a crash in run_proc_signal_handler(). s3:winbind: For apos;security = ADS apos; require realm/workgroup to be
Set. lib:replace: Do not build strndup test with gcc 11 or newer.
4.14.321 Apr 2021 13:25
minor feature:
s3:modules:vfs_virusfilter: Recent New_VFS changes break
Vfs_virusfilter_openat. build: Notice if flex is missing at configure time. smbd panic when two clients open same file. memory leak in the RPC server. s3: smbd: deferred renames. s3-iremotewinspool: Set the per-request memory context. memory leak in the RPC server. third_party: Update socket_wrapper to version 1.3.2. third_party: Update socket_wrapper to version 1.3.3. samba-gpupdate: Test that sysvol paths download in
Case-insensitive way. smbd: Ensure errno is preserved across fsp destructor. idmap_rfc2307 and idmap_nss return wrong mapping for uid/gid
Conflict. build: Only add -Wl,--as-needed when supported.
4.14.010 Mar 2021 09:05
minor feature:
s3:modules:vfs_virusfilter: Recent talloc changes cause infinite
Start-up failure. s3: VFS: nfs4_acls. Add missing TALLOC_FREE(frame) in error
Path. g_lock: uninitalized variable reads. smbd: In conn_force_tdis_done() when forcing a connection force a full reload of services. dbcheck: Check Deleted Objects and reduce noise in reports about
Expired tombstones. vfs: Restore platform specific POSIX sys_acl_set_file()
Functions. the build on AIX. smbd: Don apos;t overwrite _mode if neither a msdfs symlink nor
Get_dosmode is requested. printer driver upload. classicupgrade: Treat old never expires value right. s3:pysmbd: fd leak in py_smbd_create_file(). smbd share mode double free crash. HEIMDAL: krb5_storage_free(NULL) should work. SAMBA RPC share error. quot;winbind:ignore domains quot; doesn apos;t prevent user login from trusted
Domain. smbd tries to delete files with wrong permissions (uses guest
Instead of user from force user =). s3:idmap_hash: Reliably return ID_TYPE_BOTH. s3:smbd: invalid memory access in
Posix_sys_acl_blob_get_fd().
4.13.427 Jan 2021 10:25
minor feature:
Work around special SMB2 IOCTL response behavior of NetApp Ontap
7.3.7. Temporary DFS share setup doesn apos;t set case parameters in the.
Same way as a regular share definition does. lib: Avoid declaring zero-length VLAs in various messaging
Functions. Do not create an empty DB when accessing a sam.ldb. vfs_fruit may wrong backend fd. Temporary DFS share setup doesn apos;t set case parameters in the
Same way as a regular share definition does. vfs_virusfilter: Allocate separate memory for config char, vfs_fruit may wrong backend fd. Work around special SMB2 IOCTL response behavior of NetApp Ontap
7.3.7. The cache directory for the user gencache should be created.
Recursively. Be more flexible with repository names in CentOS 8 test
Environments.
4.13.317 Dec 2020 06:05
minor feature:
Libcli: smb2: Never print length if smb2_signing_key_valid()
Fails for crypto blob. s3: modules: gluster. the error I made in preventing talloc
Leaks from a function. s3: smbd: Don apos;t overwrite contents of fsp- gt;aio_requests 0 with
NULL via TALLOC_FREE(). s3: spoolss: Make parameters in call to user_ok_token() match.
All other uses. s3: smbd: Quiet log messages from usershares for an unknown
Share. samba process does not honor max log size. vfs_zfsacl: Add missing inherited flag on hidden quot;magic quot;
Everyone@ ACE. s3-libads: Pass timeout to open_socket_out in ms. s3-vfs_glusterfs: Always disable write-behind translator. smbclient: recursive mget. clitar: Use do_list() apos;s recursion in clitar.c. manpages/vfs_glusterfs: Mention silent skipping of write-behind
Translator. vfs_shadow_copy2: Preserve all open flags assuming ROFS. interface: if_index is not parsed correctly.
4.13.204 Nov 2020 06:25
minor feature:
Ctdb-common: Avoid aliasing errors during code optimization.
o : vfs_glusterfs: Avoid data corruption with the write-behind.
Translator. s3: modules: vfs_glusterfs: leak of char
RN: vfs_zfsacl: Only grant DELETE_CHILD if ACL tag is special. smb.conf.5: Add clarification how configuration changes.
Reflected by Samba. daemons: Report status to systemd even when running in
Foreground. DNS Resolver: Support both dnspython before and after 2.0.0. s3-vfs_glusterfs: Refuse connection when write-behind xlator is
Present. provision: Add support for BIND 9.16.x. ctdb-common: Avoid aliasing errors during code optimization. libndr: Avoid assigning duplicate versions to symbols. docs: default value of spoolss:architecture. winbind: a memleak. s4:dsdb:acl_read: Implement quot;List Object quot; mode feature. docs-xml/manpages: Add warning about write-behind translator for
Vfs_glusterfs. vfs_shadow_copy2: Avoid closing snapsdir twice. third_party: Update resolv_wrapper to version 1.1.7. examples:auth: Do not install example plugin. ctdb-recoverd: Drop unnecessary and broken code. RN: vfs_zfsacl: Only grant DELETE_CHILD if ACL tag is special.
4.13.130 Oct 2020 11:45
minor feature:
CVE-2020-14318: s3: smbd: Ensure change notifies can apos;t get set
Unless the directory handle is open for SEC_DIR_LIST. CVE-2020-14383: Remote crash after adding NS or MX records using
apos;samba-tool apos. CVE-2020-14383: Remote crash after adding MX records. CVE-2020-14323: winbind: invalid lookupsids DoS.
4.13.023 Sep 2020 11:25
minor feature:
CVE-2020-1472(ZeroLogon): s3:rpc_server/netlogon: Protect
Netr_ServerPasswordSet2 against unencrypted passwords. CVE-2020-1472(ZeroLogon): s3:rpc_server/netlogon: Support
quot;server require schannel:WORKSTATION = no quot; about unsecure configurations. CVE-2020-1472(ZeroLogon): s4 torture rpc: repeated bytes in.
Client challenge. CVE-2020-1472(ZeroLogon): libcli/auth: Reject weak client
Challenges in netlogon_creds_server_init()
quot;server require schannel:WORKSTATION = no quot. waf: Only use gnutls_aead_cipher_encryptv2() for GnuTLS gt;
3.6.14. s3:smbd: U substitutions if it contains a domain name. The created krb5.conf for apos;net ads join apos; doesn apos;t have a domain.
Entry. build problem if libbsd-dev is not installed. build: Toggle vfs_snapper using quot;--with-shared-modules quot. idmap_ad does not deal properly with a RFC4511 section 4.4.1
Response. PANIC: Assert failed in get_lease_type(). idmap_ad does not deal properly with a RFC4511 section 4.4.1
Response. Deprecate domain logons, SMBv1 things. docs: Add missing winexe manpage. util: Allow symlinks in directory_create_or_exist. ctdb disable/enable can fail due to race condition. dbcheck: Allow a dangling forward link outside our known NCs. Remove deprecated quot;ldap ssl ads quot; smb.conf option. winbind: lookuprids cache problem. kdc:db-glue: Ignore KRB5_PROG_ETYPE_NOSUPP also for
Primary:Kerberos. docs: documentation for require_membership_of of.
Pam_winbind.conf. ctdb-scripts: Use nfsconf as a last resort get nfsd thread
Count.
4.12.719 Sep 2020 07:05
minor feature:
CVE-2020-1472(ZeroLogon): s3:rpc_server/netlogon: Protect
Netr_ServerPasswordSet2 against unencrypted passwords. CVE-2020-1472(ZeroLogon): s3:rpc_server/netlogon: Support
quot;server require schannel:WORKSTATION = no quot; about unsecure configurations. CVE-2020-1472(ZeroLogon): s4 torture rpc: repeated bytes in.
Client challenge. CVE-2020-1472(ZeroLogon): libcli/auth: Reject weak client
Challenges in netlogon_creds_server_init()
quot;server require schannel:WORKSTATION = no quot;.
4.12.614 Aug 2020 10:45
minor feature:
s3: libsmb: SMB2 client rename to a Windows server. dsdb: Allow quot;password hash userPassword schemes = CryptSHA256 quot;
to work on RHEL7. dbcheck: Allow a dangling forward link outside our known NCs. lib/de: Set the correct default backend loglevel to
MAX_DE_LEVEL. PANIC: Assert failed in get_lease_type(). util: build on AIX by ing the order of replace.h include. srvsvc_NetFileEnum asserts with open files. KDC breaks with DES keys still in the database and.
MsDS-SupportedEncryptionTypes 31 indicating support for it. s3:smbd: Make sure vfs_ChDir() always sets
Conn- gt;cwd_fsp- gt;fh- gt;fd = AT_FDCWD. PANIC: Assert failed in get_lease_type(). docs: documentation for require_membership_of of
Pam_winbind.conf. ctdb-scripts: Use nfsconf utility for variable values in CTDB
NFS scripts. s3:winbind:idmap_ad: Make failure to get attrnames for schema.
Mode fatal.
4.12.503 Jul 2020 06:25
minor feature:
Smbd panic on force-share during async io. segfault when using SMBC_opendir_ctx() routine for share
Folder that contains incorrect symbols in any file name. DFS links. Can apos;t use DNS functionality after a Windows DC has been in
Domain. ldapi search to FreeIPA crashes. Add net-ads-join dnshostname=fqdn option. adding msDS-AdditionalDnsHostName to keytab with Windows DC. docs-xml: Update list of posible VFS operations for
Vfs_full_audit. winbindd: a use-after-free when winbind clients exit. Client tools are not able to read gencache anymore.
4.12.320 May 2020 10:45
minor feature:
Smbd panic on force-share during async io. s3: vfs_full_audit: Add missing fcntl entry in vfs_op_names
Array. vfs_io_uring: data corruption with Windows clients. smbd crashes when MacOS Catalina connects if iconv
Initialization fails. Exporting from macOS Adobe Illustrator creates multiple copies. smbd does a chdir() twice per request. smbd mistakenly updates a file apos;s write-time on. vfs_shadow_copy2: implement case canonicalisation in
Shadow_copy2_get_real_filename(). Windows 7 clients problem after upgrading samba file server. s3: Pass DCE RPC handle type to create_policy_hnd. uxsuccess test with new MIT krb5 library 1.18. mit-kdc: Explicitly reject S4U requests. dbwrap_watch: Set rec- gt;value_valid while returning nested
Share_mode_do_locked(). lib:util: smbclient -l basename dir. s3:libads: ads_get_upn(). ctdb: a memleak. Malicous SMB1 server can crash libsmbclient. ldb: Bump version to 2.1.3, LMDB databases can grow without
Bounds, vfs_io_uring: data corruption with Windows clients. s3/librpc/crypto: double free with unresolved credential
Cache. docs-xml: usernames in pam_winbind manpages.
4.12.229 Apr 2020 09:05
minor feature:
CVE-2020-10700: use-after-free in AD DC LDAP server when
ASQ and paged_results combined. CVE-2020-10704: LDAP Denial of Service (stack overflow) in
Samba AD DC.
4.12.108 Apr 2020 22:25
minor feature:
Nmblib: Avoid undefined behaviour in handle_name_ptrs(). samba-tool group: Handle group names with special chars
Correctly. Add missing check for DMAPI offline status in async DOS
Attributes. Starting ctdb node that was powered off hard before results in
Recovery loop. smbd: Ignore set NTACL requests which contain S-1-5-88 NFS ACEs. vfs_recycle: Prevent flooding the log if we apos;re called on
Non-existant paths. librpc: IDL for svcctl_ChangeServiceConfigW. nsswitch: use-after-free causing segfault in
_pam_delete_cred. fruit:time machine max size is broken on arm. CTDB recovery corner cases can cause record resurrection and.
Node banning. s3/utils: double free error with smbtree. CTDB recovery corner cases can cause record resurrection and
Node banning. Starting ctdb node that was powered off hard before results in
Recovery loop. CTDB recovery daemon can crash due to dereference of NULL
Pointer.
4.12.004 Mar 2020 08:45
minor feature:
Dsdb: Correctly handle memory in objectclass_attrs. s3: DFS: Don apos;t allow link deletion on a read-only share. pidl/wscript: configure should insist on Parse::Yapp::Driver. ldb: search with scope ONE and small result sets. build: Do not check if system perl modules should be bundled. smbd fails to handle EINTR from open(2) properly. ldb: version 2.1.1. Set getting and setting of MS-DFS redirects on the filesystem
to go through two new VFS functions SMB_VFS_CREATE_DFS_PATHAT() and
SMB_VFS_READ_DFS_PATHAT(). bootstrap: Remove un-used dependency python3-crypto. CID 1458418 and 1458420. lib: a shutdown crash with quot;clustering = yes quot. Winbind member (source3) fails local SAM auth with empty domain.
Name. winbindd: Handle missing idmap in getgrgid(). Don apos;t use forward declaration for GnuTLS typedefs. Add io_uring vfs module. libcli:smb: Improve check for gnutls_aead_cipher_(en de)cryptv2. s3: lib: nmblib. Clean up and harden nmb packet processing. lib:util: Log mkdir error on correct delevels.
4.11.629 Jan 2020 10:45
minor feature:
Pygpo: Use correct method flags. vfs_ceph_snapshots: root relative path handling. Avoiding bad call flags with python 3.8, using METH_NOARGS
Instead of zero. source4/utils/oLschema2ldif: Include stdint.h before cmocka.h. docs-xml/winbindnssinfo: Clarify interaction with idmap_ad etc. smbd: the build with clang. upgradedns: Ensure lmdb lock files linked. s3: VFS: glusterfs: Reset nlinks for symlink entries during
Readdir. smbc_stat() doesn apos;t return the correct st_mode and also the
Uid/gid is not filled (SMBv1) file. librpc: string length checking in
Ndr_pull_charset_to_null(). ctdb-scripts: Strip square brackets when gathering connection
Info.
4.11.522 Jan 2020 07:05
minor feature:
CVE-2019-14902: Replication of ACLs down subtree on AD Directory
Not automatic. CVE-2019-14907: lib/util: Do not print the failed to convert
String into the logs. CVE-2019-19344: kcc dns scavenging: use after free in
Dns_tombstone_records_zone.
4.11.417 Dec 2019 06:45
minor feature:
s3: libsmb: Ensure SMB1 cli_qpathinfo2() doesn apos;t return an inode
Number. s3: utils: smbtree. Ensure we don apos;t call cli_RNetShareEnum()
on an SMB1 connection. NT_STATUS_ACCESS_DENIED becomes EINVAL when using SMB2 in
SMBC_opendir_ctx. s3: smbd: SMB2 - Ensure we use the correct session_id if.
Encrypting an interim response. Prevent smbd crash after invalid SMB1 negprot. s3:printing: J substition. s3: Remove now unneeded call to cmdline_messaging_context(). Incomplete conversion of former parametric options. sync dosmode fallback in async dosmode codepath. vfs_fruit returns capped resource fork length. libnet_join: Add SPNs for additional-dns-hostnames entries. smbd: Increase a delevel. Prevent azure ad connect from reporting discovery errors:
Reference-value-not-ldap-conformant. krb5_plugin: developer build with newer heimdal system
Library. replace: Only link libnsl and libsocket if requrired. ctdb: Incoming queue can be orphaned causing communication
Breakdown. ldb: Release ldb 2.0.8. Cross-compile will not take
Cross-answers or cross-execute. heimdal-build: Avoid hard-coded /usr/include/heimdal in
Asn1_compile-generated code.
4.11.311 Dec 2019 10:05
minor feature:
CVE-2019-14861: DNSServer RPC server crash. CVE-2019-14870: DelegationNotAllowed not being enforced.
4.11.230 Oct 2019 03:16
minor feature:
CVE-2019-10218 - s3: libsmb: Protect SMB1 and SMB2 client code
From evil server returned names. CVE-2019-14833: Use utf8 characters in the unacceptable
Password. CVE-2019-14847 dsdb: Correct behaviour of ranged_results when
Combined with dirsync. CVE-2019-14833 dsdb: Send full password to check password
Script.
4.11.119 Oct 2019 10:45
minor feature:
Getpwnam and getpwuid need to return data for ID_TYPE_BOTH
Group. smbc_readdirplus() is incompatible with smbc_telldir() and
Smbc_lseekdir(). s3: smbclient: Stop an SMB2-connection from blundering into
SMB1-specific calls. stale file handle error when using mkstemp on a share. spnego fallback from kerberos to ntlmssp in smbd server. Overlinking libreplace against librt and pthread against every.
Binary or library causes. s3-winbindd: forest trusts with additional trust attributes. auth/gensec: non-AES schannel seal. Deleted records can be resurrected during recovery. uncaught exception in classicupgrade. fault.c: Improve fault_report message text pointing to our wiki. s3:client: Use DEVICE_URI, instead of argv 0 , for Device URI. pam_winbind with krb5_auth or wbinfo -K doesn apos;t work for users
of trusted domains/forests. Remove apos;pod2man apos; as it is no longer needed. Joining Active Directory should not use SAMR to set the.
Password. Overlinking libreplace against librt and pthread against every
Binary or library causes. apos;kpasswd apos; fails when built with MIT Kerberos. Exit code of ctdb nodestatus should not be influenced by deleted
Nodes.
4.11.018 Sep 2019 18:05
minor feature:
Ldb: Don apos;t try to save a value that isn apos;t there. ldb: Correct Pigeonhole principle validation in
Ldb_filter_attrs(). ldb dn crash. Deprecate quot;lanman auth = yes quot; and quot;encrypt passwords = no quot. compiling ctdb on older systems lacking POSIX robust
Mutexes. smbd returns bad File-ID on filehandle used to create a file or
Directory. vfs_glusterfs: Use pthreadpool for scheduling aio operations. Add the target server name of SMB 3.1.1 connections as a hint to
Load balancers or servers with quot;multi-tenancy quot; support. byte range locking /regressions. join with don apos;t exists machine account. ctdb-recoverd: Only check for LMASTER nodes in the VNN map. Different Device Id for GlusterFS FUSE mount is causing data
Loss in CTDB cluster. CVE-2019-10197: Permissions check deny can allow user to escape
From the share. ldb: Release ldb 2.0.6 (log database repack so users know what
is happening). docs: Deprecate quot;rndc command quot; for Samba 4.11. ldb: Free memory when repacking database. vfs_default: Use correct flag in vfswrap_fs_file_id. vfs_glusterfs: Initialize st_ex_file_id, st_ex_itime and.
St_ex_iflags. vfs_glusterfs: Enable profiling for file system operations. Backport sambadowngradedatabase for v4.11. CVE-2019-10197: Permissions check deny can allow user to escape
From the share. vfs_gpfs: Implement special case for denying owner access to
ACL. Avoid marking a node as connected before it can receive packets. onnode test failure with ShellCheck gt;= 0.4.7. ctdb-daemon: Stop quot;ctdb stop quot; from completing before freezing.
Databases.
4.10.804 Sep 2019 19:45
minor feature:
CVE-2019-10197: Permissions check deny can allow user to escape
From the share. CVE-2019-10197: Permissions check deny can allow user to escape
From the share.
4.10.723 Aug 2019 14:45
minor feature:
Unable to create or rename file/directory inside shares
Configured with vfs_glusterfs_fuse module. build: Allow build when apos;--disable-gnutls apos; is set. samba-tool: Add apos;import samba.drs_utils apos; to fsmo.py. apos;Error 32 determining PSOs in system apos; message on old DB
With FL upgrade. s4/libnet: joining a Windows pre-2008R2 DC. join: Use a specific attribute order for the DsAddEntry
NTDSDSA object. vfs_catia: Pass stat info to synthetic_smb_fname(). lookup_name: Allow own domain lookup when flags == 0. s4 librpc rpc pyrpc: Ensure tevent_context deleted last. DEC and DEADDC doesn apos;t print into a class specific log
File. Request to keep deprecated option quot;server schannel quot; VMWare Quickprep requires quot;auto quot. dbcheck: Fallback to the default tombstoneLifetime of 180 days. dnsProperty fails to decode values from older Windows versions. samba-tool: Use only one LDAP modify for dns partition fsmo
Role transfer. third_party: Update waf to version 2.0.17. netcmd: Allow apos;drs replicate --local apos; to create partitions. ctdb-config: Depend on /etc/ctdb/nodes file.
4.10.609 Jul 2019 03:15
minor feature:
s3: winbind: crash when invoking winbind idmap scripts. smbd does not correctly parse arguments passed to dfree and
Quota scripts. samba-tool dns: use bytes for inet_ntop. samba-tool domain provision: --interactive module in
Python3. ldb_kv: Skip @ records early in a search full scan. docs: Improve documentation of quot;lanman auth quot; and quot;ntlm auth quot;
Connection. python/ntacls: Use correct quot;state directory quot; smb.conf option
Instead of quot;state dir quot. registry: Add a missing include. SMB guest authentication. AppleDouble conversion breaks Resourceforks. vfs_fruit makes direct use of syscalls like mmap() and pread(). s3:mdssvc: flex compilation error. s3/vfs_glusterfs _fuse : Avoid using NAME_MAX directly:, dsdb:samdb: schemainfo update with relax control. s3:util: Move static file_pload() function to lib/util. smbd: a panic. ldap server: Generate correct referral schemes. s4 dsdb/repl_meta_data: use after free in
Dsdb_audit_add_ldb_value. s4 dsdb: use after free in
Samldb_rename_search_base_callback. dsdb/repl: we need to replicate the whole schema before we can
Apply it. ldb: Release ldb 1.5.5
Schema replication fails if link crosses chunk boundary.
Backwards. apos;samba-tool domain schemaupgrade apos; uses relax control and skips
The schemaInfo update provision. dsdb_audit: avoid printing quot;... remote host Unknown
SID (NULL SID) ... quot; python/ntacls: We only need security.SEC_STD_READ_CONTROL in.
Order to get the ACL. s3:loadparm: Ensure to truncate FS Volume Label at multibyte
Boundary. Using Kerberos credentials to print using spoolss doesn apos;t work. wafsamba: Use native waf timer. ctdb-scripts: tcp_tw_recycle existence check.
4.10.520 Jun 2019 14:45
minor feature:
CVE-2019-12435 rpc/dns: Avoid NULL deference if zone not found
in DnssrvOperation2. CVE-2019-12436 dsdb/paged_results: Ignore successful results.
Without messages.
4.10.423 May 2019 07:05
minor feature:
s3: SMB1: Don apos;t allow recvfile on stream fsp apos;s. py/provision: for Python 2.6. netcmd: apos;passwordsettings --max-pwd-age apos; command. s3:smbd: Don apos;t use recvfile on streams. s3-libnet_join: apos;net ads join apos; to child domain fails when using
quot;-U admin@forestroot quot. vfs_ceph: Explicitly enable libcephfs POSIX ACL support. vfs_ceph: cephwrap_flistxattr() demessage. ctdb-common: Avoid race between fd and signal events. ctdb-common: memory leak in run_proc. lib: Initialize getline() arguments. winbind: overlapping id ranges. lib util de: Increase format buffer to 4KiB. nsswitch pam_winbind: Asan use after free. s4 lib socket: Ensure address string owned by parent struct. s3 rpc_client: Asan stack use after scope. s3:smbd: Handle IO_REPARSE_TAG_DFS in
SMB_FIND_FILE_FULL_DIRECTORY_INFO. smb2_tcon: Avoid STATUS_PENDING completely on tdis. smb2_sesssetup: avoid STATUS_PENDING responses for session.
Setup. smb2_tcon: Avoid STATUS_PENDING completely on tdis. smb2_sesssetup: avoid STATUS_PENDING responses for session
Setup. dbcheck: the err_empty_attribute() check. vfs_snapper: Drop unneeded fstat handler. vfs_default: vfswrap_offload_write_send()
NT_STATUS_INVALID_VIEW_SIZE check. smb2_server: Grant all 8192 credits to clients. smbd: Implement SMB_FILE_NORMALIZED_NAME_INFORMATION handling. s3/vfs_glusterfs: Dynamically determine NAME_MAX. s3: modules: ceph: Use current working directory instead of.
Share path. winbind: Use domain name from lsa query for sid_to_name cache
Entry. memcache: Increase size of default memcache to 512k. docs: Update smbclient manpage for quot;--max-protocol quot. apos;net ads join apos; to child domain fails when using
quot;-U admin@forestroot quot. s3:utils: If share is NULL in smbcacls, don apos;t print it. s3:smbspool: regression printing with Kerberos credentials. ctdb-scripts: CTDB restarts failed NFS RPC services by hand.
Which is incompatible with systemd. ctdb-daemon: Revert quot;We can not assume that just
4.10.209 Apr 2019 06:05
minor feature:
CVE-2019-3870: pysmbd: Ensure a zero umask is set for
smbd.mkdir(). CVE-2018-14629: rpc: winreg: Remove implementations of
SaveKey/RestoreKey.
4.10.105 Apr 2019 07:45
minor feature:
py/kcc_utils: py2.6 compatibility. libcli: permit larger values of DataLength in
SMB2_ENCRYPTION_CAPABILITIES of negotiate response. regfio: Improve handling of malformed registry hive files. ctdb-version: Simplify version string usage. lib: Make fd_load work for non-regular files. dbcheck in the middle of the tombstone garbage collection causes.
Replication failures, dbcheck: add --selftest-check-expired-tombstones
Cmdline option. ndr_spoolss_buf: out of scope use of stack variable in
NDR_SPOOLSS_PUSH_ENUM_OUT(). s4/messaging: undefined reference in linking.
LibMESSAGING-samba4.so. acl_read: regression for empty lists. s4:dlz make b9_has_soa check dc=@ node. s3:client: printing via smbspool backend with kerberos auth. s4:librpc: installation of Samba. s3:lib: the demessage for adding cache entries. s3:utils: Add apos;smbstatus -L --resolve-uids apos; to show username. s3:lib: the demessage for adding cache entries. s3:waf: the detection of makdev() macro on Linux. ctdb-build: Drop creation of.distversion in tarball. ctdb-packaging: Test package requires tcpdump, ctdb package
Should not own system library directory.
4.10.020 Mar 2019 06:45
minor feature:
s4-server: Open and a transaction on sam.ldb at startup. access_check_max_allowed() doesn apos;t process quot;Owner Rights quot; ACEs. sambaundoguididx: Use the right escaped oder unescaped sam ldb
Files. idmap cache pollution with S-1-22- IDs on winbind hickup. lib/winbind_util: Add winbind_xid_to_sid for --without-winbind. lib:util: Move demessage for mkdir failing to log level 1. SMB1 POSIX mkdir does case insensitive name lookup. idmap xid2sid cache. vfs_ceph strict_allocate_ftruncate calls (local FS) ftruncate
And fallocate. messages_dgm: Properly handle receiver re-initialization. man pages: Document prefork process model. CVE-2019-3824 ldb: wildcard_match end of data check. CVE-2019-3824 ldb: version 1.5.4, buildtools/wafsamba: Avoid decode when using python2. notifyd: SIGBUS on sparc. ctdb: Buffer write beyond limits. CVE-2019-3824 ldb: Out of bound read in ldb_wildcard_compare. ctdb-config: Change example recovery lock setting to one that
Fails. recovery lock. smbd: uid: Don apos;t crash if apos;force group apos; is added to an existing
Share connection. s3: VFS: vfs_fruit. the NetAtalk deny mode compatibility
Code. Avoid inefficient one-level searches. The test api.py should not rely on order of entries in dict. ldb: Avoid inefficient one-level searches. tldap: Avoid use after free errors. s3-smbd: Use fruit:model string for mDNS registration. printing: Check lp_load_printers() prior to pcap cache update. waf: Check for libnscd. s3:vfs: Correctly check if OFD locks should be enabled or not. Public ZERO_STRUCT() uses undefined C11 function memset_s(). libcli: dns: Change internal DNS_REQUEST_TIMEOUT from 2 to 10
Seconds. samba-tool SMB/sysvol connections do not work if SMBv1 is
Disabled. join: Throw CommandError instead of Exception for simple errors. s3-vfs: Add glusterfs_fuse vfs module. ctdb: Print locks latency in machinereadable stats. s4:server: Add support for apos;smbcontrol samba shutdown apos. vfs_glusterfs: Adapt to changes in libgfapi signatu
4.9.513 Mar 2019 03:15
minor feature:
Audit_logging: Remove delog header and JSON Authentication:
Pre. upgrade from 4.7 (or earlier) to 4.9. s3: lib: nmbname: Ensure we limit the NetBIOS name correctly.
CID: 1433607. smbd: uid: Don apos;t crash if apos;force group apos; is added to an existing.
Share connection. s3: VFS: vfs_fruit. the NetAtalk deny mode compatibility
Code. s3: SMB1 POSIX mkdir does case insensitive name lookup. s3:utils/smbget recursive download with empty source
Directories. samba-tool drs showrepl: Do not crash if no dnsHostName found. s3:libsmb: cli_smb2_list() can sometimes fail initially on a
Connection. join: Throw CommandError instead of Exception for simple errors. ldb: Avoid inefficient one-level searches. s3: libsmb: use smb2cli_conn_max_trans_size() in
Cli_smb2_list(). tldap: Avoid use after free errors. idmap xid2sid cache churn. access_check_max_allowed() doesn apos;t process quot;Owner Rights quot; ACEs. s3-smbd: Avoid assuming fsp is always intact after _file
Call. s3-vfs-fruit: Add call. s3-smbd: Use fruit:model string for mDNS registration. s3-vfs: add glusterfs_fuse vfs module. printing: Check lp_load_printers() prior to pcap cache update. vfs_ceph: vfs_ceph strict_allocate_ftruncate calls (local FS)
Ftruncate and fallocate. lib/audit_logging: Actually create talloc. netcmd/user: python 3 -gpgme unsupported and replaced by
Python 3 -gpg. dns: Changing onelevel search for wildcard to subtree. samba-tool: Don apos;t print backtrace on simple DNS errors. sambaundoguididx: Use the right escaped oder unescaped sam ldb
Files. ctdb: Print locks latency in machinereadable stats. messages_dgm: Messaging gets stuck when pids are recycled. audit_logging: auth_json_audit required auth_json. man pages: Document prefork process model. CVE-2019-3824 ldb: Release ldb 1.4.6. s3:auth: ignore create_builtin_guests() failing without a valid
Idmap configuration. s3:auth_winbind: Ignore a missing winbindd as NT4 PDC/BDC
Without trusts. s3:auth_winbind: return NT_STATUS_NO_LOGON_SERVERS i
4.9.421 Dec 2018 06:45
minor feature:
Libcli/smb: Don apos;t overwrite status code. wbinfo --group-info apos;NT AUTHORITY System apos; does not work. Session setup reauth fails to sign response. vfs_fruit: Validation of writes on AFP_AfpInfo stream. vfs_shadow_copy2: Nicely deal with attempts to open previous
Version for writing. Restoring previous version of stream with vfs_shadow_copy2 fails
With NT_STATUS_OBJECT_NAME_INVALID fsp- gt;base_fsp- gt;fsp_name. CVE-2018-16853: S4U2Self crash with MIT KDC build. s3-vfs: Prevent NULL pointer dereference in vfs_glusterfs. winbindd: crash when taking profiles. CVE-2018-14629 dns: CNAME loop prevention using counter
Regression. apos;samba-tool user syscpasswords apos; fails on a domain with many DCs. CVE-2018-16853: Do not segfault if client is not set. lib:util: DECLASS pointer initializiation. ctdb-daemon: Exit with error if a database directory does not
Exist. s3:libads: Add net ads leave keep-account option.
4.9.328 Nov 2018 03:15
minor feature:
CVE-2018-16841: heimdal: segfault on PKINIT with
Mis-matching principal. CVE-2018-16853: build: The Samba AD DC, when build with MIT
Kerberos is experimental, CVE-2018-16857: dsdb/util: Correctly treat.
LockOutObservationWindow as 64-bit int. CVE-2018-16857 PEP8: E305: Expected 2 blank lines after
Class or function definition, found 1. CVE-2018-14629: dns: CNAME loop prevention using counter. CVE-2018-16852: NULL pointer de-reference in Samba AD DC
DNS management. CVE-2018-16851: ldap_server: Check ret before manipulating blob.
4.9.209 Nov 2018 03:16
minor feature:
Dsdb: Add comments explaining the limitations of our current
Backlink behaviour. problems running domain backups (handling SMBv2, sites). problems running domain backups (handling SMBv2, sites). testparm: crashes with PANIC: Messaging not initialized on
SLES 12 SP3. Make vfs_fruit able to cleanup AppleDouble files. File saving with vfs_fruit on samba gt;= 4.8.5. Enabling vfs_fruit looses FinderInfo. Cancelling of SMB2 aio reads and writes returns wrong error
NT_STATUS_INTERNAL_ERROR. CTDB recovery record resurrection from inactive nodes and.
Simplify vacuuming. examples: the smb2mount build. libtevent: build due to missing open_memstream on Illiumos. winbindd_cache: timeout calculation for sid lt;- gt;name cache. dsdb encrypted_secrets: Allow quot;ldb:// and quot;mdb:// quot; in file path. Extended DN SID component missing for member after switching
Group membership. Return STATUS_SESSION_EXPIRED error encrypted, if the request
Was encrypted. python: Allow forced signing via smb.SMB(). lib:socket: If returning early, set ifaces. ldb: Bump ldb version to 1.4.3, Python: Ensure ldb.Dn can accept
Utf8 encoded unicode. testparm: crashes with PANIC: Messaging not initialized on
SLES 12 SP3. smbd: DELETE_ON_behaviour on files with READ_ONLY.
Attribute. waf: Add -fstack-clash-protection. winbind: segfault if an invalid passdb backend is
Configured. in CTDB event handling. Misbehaving nodes are sometimes not banned.
4.9.125 Sep 2018 06:45
minor feature:
s3: nmbd: Stop nmbd network announce storm. s3-rpcclient: Use spoolss_init_spoolss_UserLevel1 in winspool
Cmds. CTDB recovery lock has some race conditions. s3-rpc_client: Advertise Windows 7 client info. ctdb-doc: Remove PIDFILE option from ctdbd_wrapper man page.
4.9.014 Sep 2018 06:45
minor feature:
Samba_dnsupdate: Honor apos;dns zone scavenging apos; option, only
Update if needed. wafsamba: apos;make -j lt;jobs gt; apos. s3: VFS: vfs_full_audit: Ensure smb_fname_str_do_log() only
Returns absolute pathnames. s3: util: Do not take over stderr when there is no log file. Durable Reconnect fails because cookie.allow_reconnect is not
Set. krb5-samba: Interdomain trust uses different salt principal. vfs_fruit: Don apos;t unlink the main file. smbd: a memleak in async search ask sharemode. Samba GPO when Trust is enabled. samba-tool: Add quot;virtualKerberosSalt quot; attribute to
apos;user getpassword/syncpasswords apos. CTDB configuration. ctdbd logs an error until it can successfully connect to.
Eventd. s3: smbd: Ensure get_real_filename() copes with empty
Pathnames. samba domain backup online/rename commands force user to specify
Password on CLI. wafsamba/samba_abi: Always hide ABI symbols which must be
Local. a panic if fruit_access_check detects a locking conflict. memory and resource leaks. python: print in dns_invalid.py. Aliasing causes incorrect IPv6 checksum. CTDB configuration. s3: vfs: time_audit: handling of token_blob in
Smb_time_audit_offload_read_recv(). CVE-2018-10858: libsmb: Harden smbc_readdir_internal() against
Returns from malicious servers. CVE-2018-1140: ldbsearch apos;(distinguishedName=abc) apos; and DNS query
With escapes crashes, ldb: Release LDB 1.3.5 for CVE-2018-1140
CVE-2018-10918: cracknames: DoS (NULL pointer de-ref) when.
Not servicePrincipalName is set on a user. CVE-2018-10919: acl_read: unauthorized attribute access via
Searches. ctdb_mutex_ceph_rados_helper: Set SIGINT signal handler. CVE-2018-1139 libcli/auth: Do not allow ntlmv1 over SMB1 when it
is disabled via quot;ntlm auth quot. s3-tldap: do not install test_tldap. ctdb_mutex_ceph_rados_helper: deadlock via lock renewals. CVE-2018-1140 Add NULL check for ldb_dn_get_casefold() in.
Ltdb_index_dn_attr(). ctdb-eventd: CID 1438155. CIDs 1438243, (Unchecked return value) 1
4.8.525 Aug 2018 11:25
minor feature:
Python: pysmbd: Additional error path leak. libsmbclient: Initialize written value before use. ldb: Refuse to build Samba against a newer minor version of
Ldb. s3: libsmbclient: cli_splice() fallback when reading less
Than a complete file. Using quot;sendfile = yes quot; with SMB2 can cause CPU spin. ldb: Release LDB 1.3.6. libsmbclient: Initialize written in cli_splice_fallback(). Durable Handles reconnect fails in a cluster when the cluster
fs uses different device ids. s3: smbd: Always set vuid in check_user_ok(). vfs_fruit: Delete 0 byte size streams if AAPL is enabled. Fail renaming file if that file has open streams. lib: smb_threads: access before init. s3: smbd: path check in.
Smbd_smb2_create_durable_lease_check(). samba-tool trust: Support discovery via netr_GetDcName. ctdb_mutex_ceph_rados_helper: Set SIGINT signal handler. vfs_ceph: Don apos;t lie about flock support. deadlock with ctdb_mutex_ceph_rados_helper. ctdb: build on FreeBSD and AIX. libsmb: CID 1438243 (Unchecked return value), CID 1438244
Unsigned compared against 0), CID 1438245 (Dereference before null check),
CID 1438246 (Unchecked return value). vfs_fruit: a panic if fruit_access_check detects a locking.
Conflict. The current position in the dns name was not advanced past the
apos;. apos; character. samba-tool domain trust: trust compatibility to Windows
Server 1709 and FreeIPA. systemd: Only start smb when network interfaces are up. quotas with SMB2. s3/smbd: Ensure quota code is only called when quota support.
Detected. s3/libsmb: Explicitly set delete_on_token for rmdir. krb5_plugin: Install plugins to krb5 modules dir. s3:winbind: Do not lookup local system accounts in AD. Don apos;t use CTDB_BROADCAST_VNNMAP. ctdb-daemon: Only consider client ID for local database attach. s3:client: Add quot;--quiet quot; option to smbclient. s3: vfs: time_audit: handling of token_blob in
Smb_time_audit_offload_read_recv().
4.8.415 Aug 2018 20:45
minor feature:
CVE-2018-10858: libsmb: Harden smbc_readdir_internal() against
Returns from malicious servers. CVE-2018-1140: ldbsearch apos;(distinguishedName=abc) apos; and DNS query
With escapes crashes, ldb: Release LDB 1.3.5 for CVE-2018-1140
CVE-2018-10918: cracknames: DoS (NULL pointer de-ref) when.
Not servicePrincipalName is set on a user. CVE-2018-10919: acl_read: unauthorized attribute access via
Searches. CVE-2018-1139 libcli/auth: Do not allow ntlmv1 over SMB1 when it
is disabled via quot;ntlm auth quot. CVE-2018-1140 Add NULL check for ldb_dn_get_casefold() in.
Ltdb_index_dn_attr().
4.8.327 Jun 2018 06:05
minor feature:
s3: smbd: SMB2-FLUSH against directories. s3: smbd: printing: Re-implement delete-on-semantics for
Print files missing since 3.5.x. python: talloc frame use in make_simple_acl(). heimdal: lib/krb5: Do not fail set_config_files due to parse
Error. ldb: One-level search was incorrectly falling back to full DB
Scan. ldb: Save a copy of the index result before calling the
Callbacks. No Backtrace given by Samba apos;s AD DC by default. ldb_tdb: Use mem_ctx and so avoid leak onto long-term memory
on duplicated add. s3:smbd: interaction between chown and SD flags. building Samba with gcc 8.1. several mem leaks in ldb_index ldb_search ldb_tdb. libgpo: the build --without-ads. Looking up the user using the UPN results in user name with the
REALM instead of the DOMAIN. broken server side GENSEC_FEATURE_LDAP_STYLE handling.
NTLMSSP NTLM2 packet check failed due to invalid signature!). smbd: Flush dfree memcache on service reload. krb5_wrap: keep_old_entries logic for older Kerberos.
Libraries. Looking up the user using the UPN results in user name with the
REALM instead of the DOMAIN. building Samba with gcc 8.1. s3:utils: Do not segfault on error in DoDNSUpdate(). krb5_plugin: Add winbind localauth plugin for MIT Kerberos. ldb: memory leak on module context.
4.8.217 May 2018 17:45
minor feature:
s3: smbd: Generic for incorrect reporting of stream dos
Attributes on a directory. ceph: VFS: Add asynchronous fsync to ceph module, fake using
Synchronous call. s3: libsmbclient: hard-coded connection error return of
ETIMEDOUT. ldb: Release ldb 1.3.3:
s4-lsa: use-after-free in LSA server. winbindd: Do re-connect if the RPC call fails in the passdb.
Case. s3:cleanupd: Sends MSG_SMB_UNLOCK twice to interested peers. s3:cleanupd: Use MSG_SMB_BRL_VALIDATE to signal cleanupd
Unclean process shutdown. vfs_ceph: add fake async pwrite/pread send/recv hooks. ctdb-client: Remove ununsed functions from old client code. printing: Return the same error code as windows does on upload
Failures. After update to 4.8.0 DC failed with quot;Failed to find our own
NTDS Settings objectGUID quot. nsswitch: memory leak in winbind_open_pipe_sock() when the.
Privileged pipe is not accessable. s4:lsa_lookup: remove TALLOC_FREE(state) after all
Dcesrv_lsa_Lookup Names,Sids _base_map() calls. s3: VFS: memory leak in vfs_ceph. rpc_server: NetSessEnum with stale sessions. s3:smbspool: cmdline argument handling.
4.8.127 Apr 2018 15:45
minor feature:
s3: ldap: Ensure the ADS_STRUCT pointer doesn apos;t get freed on
Error, we don apos;t own it here. s3: smbd: possible directory fd leak if the underlying OS
Doesn apos;t support fdopendir(). Round-tripping ACL get/set through vfs_fruit will increase the
Number of ACE entries without limit. s3: smbd: SMB2: Add DBGC_SMB2_CREDITS class to specifically
Decredit. s3: smbd: Files or directories can apos;t be opened DELETE_ON_ without delete access. s3: smbd: memory leak in vfswrap_getwd(). s3: smbd: Unix extensions attempts to change wrong field in
Fchown call. ms_schema/samba-tool visualize: python2.6 incompatibility. invocation of gnutls_aead_cipher_encrypt(). Windows 10 cannot logon on Samba NT4 domain. winbindd: Recover loss of netlogon secure channel in case the
Peer DC is rebooted. s3:smbd: Don apos;t use the directory cache for SMB2/3. ctdb-client: in client code. ctdb-scripts: Drop quot;net serverid wipe quot; from 50.samba event
Script. s3: lib: messages: Don apos;t use the result of sec_init() before
Calling sec_init(). libads: the build apos;--without-ads apos. winbind: Keep quot;force_reauth quot; in invalidate_cm_connection,
Add apos;smbcontrol disconnect-dc apos. vfs_virusfilter: CIDs 1428738-1428740. dsdb: CID 1034966 Uninitialized scalar variable. rpc_server: core dump in dfsgetinfo. smbclient: notify. smbd panic if the client-supplied channel sequence number
Wraps. Windows 10 cannot logon on Samba NT4 domain. lib/util: Remove unused apos;#include lt;sys/syscall.h gt; apos; from
Tests/tfork.c. build errors with cc from developerstudio 12.5 on Solaris. the picky-developer build on FreeBSD 11. s3:modules: the build of vfs_aixacl2.c. s3:smbd: map nterror on smb2_flush errorpath. lib:replace: linking when libtirpc-devel overwrites system
Headers. winbindd: apos;wbinfo --name-to-sid apos; returns misleading result on
Invalid query. s3:passdb: Do not return OK if we don apos;t have pinfo set up. Allow AESNI to be used on all processor supporting AESNI.
4.8.014 Mar 2018 03:15
minor feature:
CVE-2018-1050: Codenomicon crashes in spoolss server code. CVE-2018-1057: Unprivileged user can change any user (and admin)
Password. nsswitch: wbinfo -m --verbose trust type quot;Local quot. CVE-2018-1057: Unprivileged user can change any user (and admin)
Password. libsmb: Use smb2 tcon if conn_protocol gt;= SMB2_02. s3:smbd: Do not crash if we fail to init the session table. numerous trust related in winbindd and s4 LSA RPC
Server. vfs_fruit: Use off_t, not size_t for TM size calculations. mit-kdb: Support MIT Kerberos 1.16 KDB API changes. build: libceph-common detection. vfs_glusterfs: the wrong pointer being sent in
Glfs_fsync_async. vfs_fileid: the 32-bit build. Unable to authenticate with an empty string domain apos; apos. configure aborts without libnettle/gnutls. winbindd (on an AD DC) should only use netlogon/lsa against
Trusted domains. numerous trust related in winbindd and s4 LSA RPC
Server. A disconnecting winbind client can cause a problem in
The winbind parent child communication. tevent: version 0.9.36. winbind requests could get stuck in the queue of a busy child,
While later requests could get served fine by other children. Minimize the lifetime of winbindd_cli_state- gt; pw,gr ent_state. Avoid using fstrcpy(domain- gt;dcname...) on a char, winbind parent should find the dc of a foreign domain via the
Primary domain. Disable support for CROSS_ORGANIZATION domains. ldb: version 1.3.2. vfs_glusterfs: Add fallocate support for vfs_glusterfs. subnet: Avoid a segfault when renaming subnet objects. RODC may skip objects during replication due to naming
Conflicts. Backport Samba VirusFilter. dbcheck: Add support for restoring missing forward links. python: the build with python3. dbcheck: Add support for restoring missing forward links. packaging: default systemd-dir path. build: Deal with recent glibc sunrpc header removal. repl_meta_data: linked attribute corruption on databases
With unsorted links on expunge. s3/smbd: Remove file system sharemode b
4.7.508 Feb 2018 05:45
minor feature:
This is a major in Samba apos;s ActiveDirectory domain
Controller code. It might happen that AD objects have missing or broken
Linked attributes. This could lead to broken group memberships e.g.
All Samba AD domain controllers set up with Samba 4.6 or lower and then.
Upgraded to 4.7 are affected. The corrupt database can be with
apos;samba-tool dbcheck --cross-ncs -- apos. smbd tries to release not leased oplock during oplock II.
Downgrade. copying file with empty FinderInfo from Windows client
to Samba share with fruit. build: Deal with recent glibc sunrpc header removal. Make Samba work with tirpc and libnsl2. vfs_ceph: Add fs_capabilities hook to avoid local statvfs. Kerberos: PKINIT: Can apos;t decode algorithm parameters in.
ClientPublicValue. ctdb-recovery-helper: Deregister message handler in error
Paths. samba: Only use async signal-safe functions in signal handler. Kerberos: PKINIT: Can apos;t decode algorithm parameters in
ClientPublicValue. repl_meta_data: linked attribute corruption on databases
With unsorted links on expunge. dbcheck: Add functionality to the
Corrupt database. smbd panic when chdir returns error during exit. Make Samba work with tirpc and libnsl2. POSIX ACL support on HPUX and possibly other big-endian OSs.
4.7.423 Dec 2017 05:05
minor feature:
s3: smbclient: Implement apos;volume apos; command over SMB2. s3: libsmb: valgrind read-after-free error in
Cli_smb2__fnum_recv(). s3: libsmb: reversing of oldname/newname paths when creating
a reparse point symlink on Windows from smbclient. Build man page for vfs_zfsacl.8 with Samba. repl_meta_data: Allow delete of an object with dangling.
Backlinks. s4:samba: default to be running samba as a deamon. Performance regression in DNS server with introduction of
DNS wildcard, ldb: Release 1.2.3, vfs_zfsacl: compilation error. quot;smb encrypt quot; setting changes are not fully applied until full.
Smbd restart. winbindd: idmap_rid dependency on trusted domain list. vfs_fruit: Proper VFS-stackable conversion of FinderInfo. winbindd: Dependency on trusted-domain list in winbindd in
Critical auth codepath. repl_meta_data: removing of backlink on deleted objects. ctdb: sock_daemon leaks memory. TCP tickles not getting synchronised on CTDB restart. winbindd: winbind parent and child share a ctdb connection. pthreadpool: deadlock. pthreadpool: starvation after fork. messaging: Always register the unique id. broken linked attribute handling. The KDC on an RWDC doesn apos;t send error replies in some
Situations. libnet_join: apos;net rpc oldjoin apos. g_lock conflict detection broken when processing stale entries. s3:smb2_server: allow logoff,, unlock, cancel and echo
on expired sessions. s3:libads: net ads keytab list fails with quot;Key table name.
Malformed quot. crash in pthreadpool thread after failure from pthread_create. s4:samba: Allow samba daemon to run in foreground. third_party: Link the aesni-intel library with quot;-z noexecstack quot. vfs_glusterfs: include glusterfs/api/glfs.h without relying on
quot;-I quot; options.
4.7.322 Nov 2017 20:25
minor feature:
CVE-2017-14746: s3: smbd: SMB1 use-after-free crash. CVE-2017-15275: s3: smbd: Chain code can return uninitialized
Memory when talloc buffer is grown.
4.7.216 Nov 2017 19:45
minor feature:
Non-smbd processes using kernel oplocks can hang smbd. python: use communicate to Popen deadlock. smbd on disk file corruption under heavy threaded load. tevent: version 0.9.34. s3: smbd: delete-on-after smb2_find.
4.7.103 Nov 2017 22:45
minor feature:
Vfs_glusterfs: exporting subdirs with shadow_copy2. s3: smbd: Currently if getwd() fails after a chdir(), we panic. s3: VFS: Ensure default SMB_VFS_GETWD() call can apos;t return a
Partially completed struct smb_filename. sys_getwd() can leak memory or possibly return the wrong errno
on older systems. apos;smbclient apos; doesn apos;t correctly canonicalize all local names.
Before use. broken linked attribute handling. Missing LDAP query escapes in DNS rpc server. replace: Link to -lbsd when building replace.c by hand. Cannot delete non-ACL files on Solaris/ZFS/NFSv4 ACL filesystem. Map SYNCHRONIZE acl permission statically in zfs_acl vfs module. Samba fails to honor SEC_STD_WRITE_OWNER bit with the
Acl_xattr module. s3/mdssvc: Missing assignment in sl_pack_float. Wrong Samba access checks when changing DOS attributes. samba_runcmd_send() leaves zombie processes on timeout
net: groupmap cleanup should not delete BUILTIN mappings. Enabling vfs_fruit results in loss of Finder tags and other.
Xattrs. man pages: Properly ident lists. smb.conf.5: Sort parameters alphabetically. s3: spoolss: GUID string format on GetPrinter info. Remote serverid check doesn apos;t check for the unique id. CTDB starts consuming memory if there are dead nodes in the
Cluster. ctdb-common: Ignore event scripts with multiple apos;. apos;s. libgpo doesn apos;t sort the GPOs in the correct order. Remote serverid check doesn apos;t check for the unique id. vfs_catia: a potential memleak. file change notification for renames. Samba DNS server does not honour wildcards. Can apos;t change password in samba from a Windows client if Samba
Runs on IPv6 only interface. vfs_fruit: Replace ir() by SMB_VFS_IR. Apple client can apos;t cope with SMB2 async replies when creating
Symlinks. s4:rpc_server:backupkey: Move variable into scope. s4:scripting: ntstatus_gen.h generation on 32bit. s3:vfs_glusterfs: a double free in vfs_gluster_getwd(). resouce leaks and pointer. vfs_solarisacl: build for samba 4.7 an
4.7.025 Sep 2017 17:45
minor feature:
s3: vfs: catia: compression get/set must act only on base file, and
Must cope with fsp==NULL. lib: crypto: Make smbd use the Intel AES instruction set for signing
And encryption. s4-drsuapi: Avoid segfault when replicating as a non-admin with
GUID_DRS_GET_CHANGES. Allow re-index of newer databases with binary GUID TDB keys.
this officially removes support for re-index of the original pack format 0.
Rather than simply segfaulting). Add ldb_ldif_message_redacted_string() to allow deof redacted
Log messages, avoiding showing secret values. ldb: version 1.2.2. schema: Rework dsdb_schema_set_indices_and_attributes() db
Operations. Install dcerpc/__init__.py for all Python environments. s3/smbd: Sticky write time offset miscalculation causes broken
Timestamps
lib/util: Only the event_fd in tfork if the caller didn apos;t.
Call tfork_event_fd(). messaging: Avoid a socket leak after fork. charset: str n casecmp_m() by comparing lower case values. util_runcmd: Free the fde in event handler. ctdb-daemon: implementation of process_exists control. GET_DB_SEQNUM control can cause ctdb to deadlock when databases
Are frozen. ctdb-daemon: Free up record data if a call request is deferred. ctdb-client: Initialize ctdb_ltdb_header completely for empty
Record. vfs_streams_xattr: segfault when running with log level 10. smb.conf: Explain that quot;ntlm auth quot; is a per-passdb setting. s4/lib/tls: Use SHA256 to sign the TLS certificates. Get rid of talloc_autofree_context(). After restarting CTDB, it attaches replicated databases with
Wrong flags. s3:smbclient: Don apos;t try any workgroup listing with
quot;client min protocol = SMB2 quot. s3:libsmb: Don apos;t call cli_NetServerEnum() on SMB2/3 connections
in SMBC_opendir_ctx(). s3:libsmb: Let do_connect() dethe negotiation result.
Similar to quot;session request ok quot. s4:http/gensec: add missing tevent_req_done() to
Gensec_http_ntlm_update_done(). apos;smbclient tarmode apos; with SMB2/3. apos;smbd apos;: Don apos;t use a lo
4.6.821 Sep 2017 11:45
minor feature:
s3: smbd: a read after free if a chained SMB1 call goes
Async. CVE-2017-12163: s3:smbd: Prevent client short SMB1 write from
Writing server memory to file. s3/smbd: Let non_widelink_open() chdir() to directories
Directly. CVE-2017-12151: Keep required encryption across SMB3 dfs
Redirects. CVE-2017-12150: Some code path don apos;t enforce smb signing
When they should.
4.6.711 Aug 2017 01:05
minor feature:
s3: smbd: a read after free if a chained SMB1 call goes async. s4-cldap/netlogon: Match Windows 2012R2 and return
NETLOGON_NT_VERSION_5 when version unspecified. s3/smbd: Let non_widelink_open() chdir() to directories directly. s3/notifyd: Ensure notifyd doesn apos;t return from.
Smbd_notifyd_init. vfs_fruit: Add fruit:model = lt;modelname gt; parametric option. vfs_ceph: cephwrap_chdir(). idmap_ad: Retry query_user exactly once if we get
TLDAP_SERVER_DOWN. s3: libsmb: use-after-free when accessing pointer, smbd: a connection run-down race condition. winbindd changes the local password and gets
NT_STATUS_WRONG_PASSWORD for the remote change. s3:smbd: consistently use talloc_tos() memory for.
Rpc_pipe_open_interface(). smbcacls: Don apos;t fail against a directory on Windows using SMB2. s4-dsdb/netlogon: Allow missing ntver in cldap ping. dnsserver: Stop dns_name_equal doing OOB read. s3:client: The smbspool krb5 wrapper needs negotiate for
Authentication. ctdb-common: Set -on-exec when creating PID file.
4.6.507 Jun 2017 15:45
minor feature:
s3: VFS: Catia: Ensure path name is also converted. s3:smbcacls add prompt for password. vfs_acl_xattr tdb: Ensure create mask is at least 0666 if
Ignore_system_acls is set. Wrong sid- gt;uid mapping for SIDs residing in sIDHistory. vfs_fruit: lp_case_sensitive() does not return a bool. s3/smbd: Update exclusive oplock optimisation to the lease area. s3/smbd: exclusive lease optimisation. Allow passing trusted domain password as plain-text to PASSDB
Layer. systemd: detection of libsystemd. ctdb-readonly: Avoid a tight loop waiting for revoke to
Complete. ctdb-logging: Initialize DELEVEL before changing the value. notify: ordering of events in notifyd. idmap_rfc2307: Lookup of more than two SIDs fails. samba-tool: Let apos;samba-tool user syncpasswords apos; report deletions
Immediately. s3: smbd: inotify_map_mask_to_filter incorrectly indexes an
Array. vfs_expand_msdfs tries to open the remote address as a file
Path. apos;ctdb nodestatus apos; incorrectly displays status for all nodes with
Wrong exit code. ctdb-common: crash in logging initialisation.
4.6.326 Apr 2017 07:05
minor feature:
s3:vfs:shadow_copy2: vfs_shadow_copy2 fails to list snapshots
From shares with GlusterFS backend. for Solaris C compiler. s3: locking: Update oplock optimization for the leases era. Make the Solaris C compiler happy. s3: libgpo: Allow skipping GPO objects that don apos;t have the
Expected LDAP attributes. buffer overflow caused by wrong use of getgroups. lib: de: Avoid negative array access. cleanupdb: a memory read error. streams_xattr and kernel oplocks results in
NT_STATUS_NETWORK_BUSY. winbindd: idmap_autorid allocates ids for unknown SIDs from other.
Backends. vfs_fruit: Resource fork open request with
Flags=O_CREAT O_RDONLY. manpages/vfs_fruit: Document global options. lib/pthreadpool: a memory leak. Lookup-domain for well-known SIDs on a DC. winbindd: error handling in rpc_lookup_sids(). winbindd: Trigger possible passdb_dsdb initialisation. credentials_krb5: use gss_acquire_cred for client-side GSSAPI
Use case. lib/crypto: Implement samba.crypto Python module for RC4. ctdb-readonly: Avoid a tight loop waiting for revoke to
Complete. ctdb_event monitor command crashes if event is not specified. ctdb-docs: documentation of quot;-n quot; option to apos;ctdb tool apos. smbd: smb1 findfirst with DFS. smbd: Do an early exit on negprot failure. winbindd: substitution for apos;template homedir apos. s4:kdc: Disable principal based autodetected referral detection. idmap_autorid: Allocate new domain range if the callers knows
The sid is valid. LINKFLAGS_PYEMBED should not contain -L/some/path. PAM auth with WBFLAG_PAM_GET_PWD_POLICY returns wrong policy for
Trusted domain. rpcclient: Allow -U apos;OTHERDOMAIN user apos; again. winbindd: password policy for pam authentication. s3:gse: Correctly handle external trusts with MIT. auth/credentials: Always set the realm if we set the principal
From the ccache. replace: Include sysmacros.h. s3:vfs_expand_msdfs: Do not open the remote address as a file. s3:libsmb: Only print error message if kerberos use is forced. winbind
4.6.124 Mar 2017 07:05
minor feature:
CVE-2017-2619: Symlink race permits opening files outside share
Directory. CVE-2017-2619: Symlink race permits opening files outside share
Directory.
4.6.008 Mar 2017 23:25
minor feature:
Several found by covscan. s3: smbd: Restart reading the incoming SMB2 fd when the send
Queue is drained. vfs_fruit doesn apos;t work with fruit:metadata=stream. vfs_fruit: Only veto AppleDouble files if quot;fruit:resource quot; is
Set to quot;file quot. vfs_fruit: Enabling AAPL extensions must be a global switch. Re-enable token groups fallback. Samba4 ldap error codes. gensec:spnego: Add demessage for the failed principal. s3:winbindd: endless forest trust scan. winbindd: Find the domain based on the sid within
Wb_lookupusergroups_send(). s3:librpc: Handle gss_min in gse_get_client_auth_token()
Correctly. idmap_hash: Add a deprecation message, improve the idmap_hash
Manpage. several found by covscan. ctdb-logging: CID 1396883 Dereference null return value
NULL_RETURNS). s3: rpc_server/mdssvc: Add attribute quot;kMDItemContentType quot. s3: smbd: Don apos;t loop infinitely on bad-symlink resolution. vfs_fruit: Correct Netatalk metadata xattr on FreeBSD. s3/smbd: Check for invalid access_mask.
Smbd_calculate_access_mask(). vfs_streams_xattr: use fsp, not base_fsp. ctdb-common: use-after-free error in comm_fd_handler(). build: generation of CTDB manpages while creating tarball. Modify smbspool_krb5_wrapper to just fall through to smbspool if
AUTH_INFO_REQUIRED is not set or is not quot;negotiate quot. s3:winbindd: Try a NETLOGON connection with noauth over NCACN_NP.
Against trusted domains. apos;net ads testjoin apos; and smb access fails after winbindd changed the
Trust password. librpc/rpc: regression in
NT_STATUS_RPC_ENUM_VALUE_OUT_OF_RANGE error mapping. netlogon_creds_cli_LogonSamLogon doesn apos;t work without.
Netr_LogonSamLogonEx. winbindd child segfaults on connect to an NT4 domain. s3:winbindd: Make sure cm_prepare_connection() only returns OK
With a valid tree connect. winbindd (as member) requires kerberos against trusted ad domain,
While it shouldn apos;t. Backport pytalloc_GenericObject_reference() related changes to
4.6. dbchecker: Stop ignoring l
4.5.501 Feb 2017 06:05
minor feature:
Ctdb-locking: Explicitly unlock record/db in lock helper. vfs_default: Unlock the right file in copy chunk. ctdb-scripts: remaining uses of quot;ctdb gratiousarp quot. /etc/iproute2/rt_tables gets populated with multiple
apos;default apos; entries.
4.5.420 Jan 2017 06:05
minor feature:
Rename_internals_fsp missing ACL permission-check on destination
Folder. lib: security: se_access_check() incorrectly processes owner
Rights (S-1-3-4) DENY ace entries. s3: ntlm_auth: Don apos;t corrupt the output stream with de messages. s3: libsmb: Add cli_smb2_ftruncate(), plumb into
Cli_ftruncate(). s3/smbd: Remove a misleading error message. vfs_fruit: quot;fruit:resource quot; option spelling, but not
Behaviour. ctdbd_conn: a resource leak. smbd/ioctl: match WS2016 ReFS set compression behaviour. pam: Map more NT password errors to PAM errors. winbindd: Use idmap cache in xids2sids. messaging: dead but not cleaned-up-yet destination sockets. kinit succeeded but ads_sasl_spnego_gensec_bind(KRB5) failed: An
Internal error occurred (with MIT krb5). printing: building with CUPS version older than 1.7. s3:libads: Include system /etc/krb5.conf if we use MIT Kerberos. ctdb ip.
4.5.320 Dec 2016 13:25
minor feature:
CVE-2016-2123: DNS vuln ZDI-CAN-3995. CVE-2016-2125: Don apos;t send delegated credentials to all servers. CVE-2016-2126: auth/kerberos: Only allow known checksum types in
Check_pac_checksum().
4.5.208 Dec 2016 17:05
minor feature:
Vfs:glusterfs: Preallocate result for glfs_realpath. s3: vfs: Remove files/directories after the streams are deleted. s3: vfs_streams_depot: Use conn- gt;connectpath not conn- gt;cwd. s3/smbd: the last resort check that sets the file type
Attribute. dsdb: Create RID Set as SYSTEM. dbcheck: Correct message for orphaned backlinks. build: build with perl on debian sid. errors in extended operations (like allocating a RID Set). spoolss: Use correct values for secdesc and devmode pointers. objectclass_attrs: Only abort on a missing attribute when an
Attribute is both MUST and replicated. provision,dlz-bind: Add support for BIND 9.11.x. ctdb-locking: Reset real-time priority in lock helper. ctdb-scripts: calculation of CTDB_BASE. ctdb-recovery: Avoid NULL dereference in failure case. s3:smbd: Only pass UCF_PREP_CREATEFILE to filename_convert() if
we may create a new file. ctdb-scripts: Debian init in samba eventscript. samba_tool/fsmo: Allocate RID Set when seizing RID manager. s4-auth: Don apos;t check for NULL saltPrincipal if it doesn apos;t need
it. upgradeprovision: Remove objectCategory from constructed attrs. collect_tombstones: Allow links to recycled objects to be.
Deleted. s3-printing: Correctly encode CUPS printer URIs. s3-printing: Allow printer names longer than 16 chars. nss_wins: errno values for HOST_NOT_FOUND. s3-winbind: Do not return NO_MEMORY if we have an empty user
List. s3:spoolss: Add support for COPY_FROM_DIRECTORY in
AddPrinterDriverEx. ctdb-packaging: Move CTDB tests to /usr/local/share/ctdb/tests/. smbd: In ntlm auth, do not map empty domain in case of.
user@realm. ctdb-conn: Add missing variable initialization.
4.5.104 Nov 2016 19:05
minor feature:
Smbd contacts a domain controller for each session. messaging subsystem crash. REGRESSION: smbd segfaults on startup, tevent context being
Freed. s3: cldap: cldap_multi_netlogon_send() fails with one bad IPv6
Address. s3: libsmb: cut and paste error using the wrong structure
Type. Setting specific logger levels in smb.conf makes apos;samba-tool drs
Showrepl apos; crash. Tombstone expunge does not remove old links. s3-printing: migrate printer code. s3/smbd: In call_trans2qfilepathinfo call lstat when dealing
With posix pathnames. s3/smbd: Set FILE_ATTRIBUTE_DIRECTORY as necessary. quot;DriverVersion quot; registry backend parsing incorrect in spoolss. smbd/ioctl: Match WS2016 ReFS get compression behaviour. ctdb-protocol: marshalling for GET_DB_SEQNUM control
Request. ctdb-recovery-helper: Add missing initialisation of ban_credits. CTDB PID file handling is too weak. gencache: Bail out of stabilize if we can not get the allrecord
Lock. smbd: Reset O_NONBLOCK on open files. glusterfs: Avoid tevent_internal.h. source3/lib/msghdr.c, line 208: syntax error before or at: spoolss: caching of printername- gt;sharename. REGRESSION: smbd segfaults on startup, tevent context being
Freed. Let winbindd discard expired kerberos when built against
internal) heimdal. s3/winbindd: using default domain with user@domain.com.
Format. winbind: passing idmap failure from wb_sids2xids back to
Callers. nss_wins has incorrect function definitions for gethostbyname, s3-lib: G substitution in AD member environment. s3-utils: loading smb.conf in smbcquotas. kcc: Don apos;t check schedule if None. Tombstone expunge does not remove old links. vfs_glusterfs: a memory leak in connect path. CTDB IP takeover does not complete if there are no public
Addresses configured. ctdb-packaging: systemd network dependency. CTDB PID file handling is too weak. smbcquotas: error message listing quotas. s3-sysquotas: Correctly restore path when finding mount point. cliquota: param count when setting fs quota.
4.5.009 Sep 2016 02:52
major feature:
This is the first stable release of the Samba 4.5 release series.
NEW FEATURES/CHANGES: Support for LDAP_SERVER_NOTIFICATION_OID; KCC improvements for sparse network replication; VLV - Virtual List View; DRS Replication for the AD DC; samba-tool drs replicate with new options; replPropertyMetaData Changes; linked attributes on deleted objects; improved AD DC performance; other dbcheck improvements; Tombstone Reanimation; multiple DNS Forwarders on the AD DC; password quality plugin support in the AD DC; pwdLastSet is now correctly honoured; net ads dns unregister; samba-tool improvements; SMB 2.1 Leases enabled by default; Open File Description (OFD) Locks; Password sync as Active Directory domain controller; Python crypto requirements; SmartCard/PKINIT improvements; CTDB changes; new shadow_copy2 options (shadow:snapprefix and shadow:delimiter).
REMOVED FEATURES: "only user" and "username" parameters.
UPGRADING: NTLMv1 authentication disabled by default.
KNOWN ISSUES: Bug 12204 - Samba fails to replicate schema 69.
4.4.508 Jul 2016 19:45
minor feature:
CVE-2016-2119: client side SMB2 signing downgrade. Total dcerpc response payload more than 0x400000.
4.4.411 Jun 2016 10:25
minor feature:
SMB3 multichannel: Add implementation of missing channel sequence
Number verification. smbd:: Only remove kernel share modes if they had been
Taken at open. notifyd: Prevent NULL deref segfault in notifyd_peer_destructor. s3: auth: Move the declaration of struct dom_sid tmp_sid to
Function level scope. s3:rpcclient: Make apos;--pw-nt-hash apos; option work. s3:libsmb/clifile: Use correct value for MaxParameterCount for
Setting EAs. case sensitivity over SMB2 or above. s3:libnet:libnet_join: Add netbios aliases as SPNs. vfs_fruit: Add an option that allows disabling POSIX rename
Behaviour. s3-smbd: Support systemd 230. source3: Honor the core soft limit of the OS. SMB3 multichannel: Add implementation of missing channel sequence
Number verification. s3:client:smbspool_krb5_wrapper: the non clearenv build. s3-kerberos: Avoid entering a password change dialogue also when
Using MIT. ldb-samba/ldb_matching_rules: CID 1349424 - Uninitialized
Pointer read. dbwrap_ctdb: ENOENT- gt;NT_STATUS_NOT_FOUND. Correctly set cli- gt;raw_status for libsmbclient in SMB2 code. s3:smbd: anonymous authentication if signing is mandatory. libcli/auth: Let msrpc_parse() return talloc apos;ed empty strings. NTLM Authentication with squid. s3:rpcclient: make use of SMB_SIGNING_IPC_DEFAULT. pdb: segfault in pdb_ldap for missing gecos. Allow apos;samba-tool fsmo apos; to cope with empty or missing fsmo
Roles. packaging: Set default limit for core file size in service
Files. s3-net: Convert the key_name to UTF8 during migration. s3-smbspool: Log to stderr. heimdal: Encode/decode kvno as signed integer. s3-quotas: sysquotas_4B quota fetching for BSD. smbd: dfree: Ignore quota if not enforced. init: Set core file size to unlimited by default. memory leak in share mode locking.
4.4.306 May 2016 04:25
minor feature:
Idmap_hash: Only allow the hash module for default idmap config. s3: libsmb: error where short name length was read as 2
Bytes, should be 1. returning of ldb.MessageElement. cleanupd: Restart as needed. s3:winbindd:idmap: check loadparm in domain_has_idmap_config()
Helper as well. libsmb/pysmb: Add pytalloc-util dependency to the build. winbind: CID 1357100: Unchecked return value. nwrap: the build on Solaris. vfs_catia: memleak. smbd: Avoid large reads beyond EOF. s3:wscript: pylibsmb depends on pycredentials. NT_STATUS_ACCESS_DENIED when accessing Windows public share. Only validate MIC if quot;map to guest quot; is not being used. auth/ntlmssp: Add ntlmssp_ client,server :force_old_spnego
Option for testing. NetAPP SMB servers don apos;t negotiate NTLMSSP_SIGN. Allow anonymous smb connections. ads_sasl_spnego_gensec_bind(KRB5). apos;wbinfo -u apos; and apos;net ads search apos. nss_wins: the hostent setup. build: Mark explicit dependencies on pytalloc-util. the smb2_setinfo to handle FS info types and FSQUOTA
Infolevel. configure: Don apos;t check for inotify on illumos. vfs_acl_common: Avoid setting POSIX ACLs if quot;ignore system acls quot;
is set. smbcquotas: print quot;NO LIMIT quot; only if returned quota value is 0. libads: Record session expiry for spnego sasl binds. Mask general purpose signals for notifyd.
4.4.024 Mar 2016 09:45
minor feature:
Smbd: Enable multi-channel if apos;server multi channel support =
Yes apos; in the config. lib/socket/interfaces: some uninitialied bytes. build: build when apos;--without-quota apos; specified. mkdir can return ACCESS_DENIED incorrectly on create race. Mismatch between local and remote attribute ids lets
Replication fail with custom schema. Talloc: Version 2.1.6. vfs_glusterfs: use after free in AIO callback. net join. Reset TCP Connections during IP failover. s3:smbd: Add negprot remote arch detection for OSX. ldb: Version 1.1.26. quot;trustdom_list_done: Got invalid trustdom response quot; message
Should be avoided. libnet: Make Kerberos domain join site-aware. Quota is not supported on Solaris 10. CVE-2015-7560: Getting and setting Windows ACLs on symlinks can
Change permissions on link target. s3:utils/smbget: option parsing. Access based share enum: handle permission set in configuration
Files. s3:clispnego: confusing warning in spnego_gen_krb5_wrap(). tevent: version 0.9.28: memory leak when old signal action
Restored. s3:libads: setup the msDS-SupportedEncryptionTypes attribute on
Ldap_add. winbindd: Return trust parameters when listing trusts. smbd: Ignore SVHDX create context. passdb: Add linefeed to demessage. lib:socket: CID 1350010: Integer OVERFLOW_BEFORE_WIDEN. lib:socket: CID 1350009: illegal memory accesses
BUFFER_SIZE_WARNING). s3: smbd: posix_acls: check for setting u:g:o entry on a.
Filesystem with no ACL support. s3:utils/smbget: Set default blocksize. lib/socket: improper use of default interface speed. lib/tsocket: Work around sockets not supporting FIONREAD. smbd: CID 1351215 Improper use of negative value. smbd: CID 1351216 Dereference null return value. param: str_list_v3 to accept ; again. libcli: demessage, print sid string for new_ace trustee. s3:smbd:open: Skip redundant call to file_set_dosmode when
Creating a new file. docs: Add manpage for cifsdd. installation path of Samba helper binaries. docs: Add example for domain logins to s
4.3.524 Feb 2016 03:16
minor feature:
s3: smbd: posix_acls: check for setting u:g:o entry on a
Filesystem with no ACL support. s3: smbd: timestamp rounding inside SMB2 create. s3:utils/smbget: recursive download. s3:smbd/oplock: Obey kernel oplock setting when releasing
Oplocks. s3-parm: Clean up defaults when removing global parameters. s3:smbd: Ignore initial allocation size for directory creation. lib/tsocket: Work around sockets not supporting FIONREAD. ctdb: Remove error messages after kernel security update
CVE-2015-8543). param: str_list_v3 to accept quot;; quot; again. Use M2Crypto.RC4.RC4 on platforms without Crypto.Cipher.ARC4. s3:smbd:open: Skip redundant call to file_set_dosmode when.
Creating a new file. winbindd: Handle expired sessions correctly. s3-client: Add a KRB5 wrapper for smbspool. vfs_shadow_copy2: case where snapshots are outside the
Share. smbclient: Query disk usage relative to current directory. smbd: Show correct disk size for different quota and dfree block
Sizes. smbcacls: uninitialized variable. ctdb-scripts: Drop use of quot;smbcontrol winbindd ip-dropped... quot. loadparm: memory leak.
4.3.413 Jan 2016 03:15
minor feature:
Doc: a typo in the smb.conf manpage, explanation of idmap
Config. s3:smbd: a corner case of the symlink verification. s3: libsmb: Correctly initialize the list head when keeping a
List of primary followed by DFS connections. Reduce the memory footprint of empty string options. Update lastLogon and lastLogonTimestamp. vfs_fruit: Enable POSIX directory rename semantics. Copying files with vfs_fruit fails when using vfs_streams_xattr
Without stream preand type suf. smbd: Make quot;hide dot files quot; option work with quot;store dos
Attributes = yes quot. lib/async_req: Do not install async_connect_send_test. Crash: Bad talloc magic value - access after free. samba-tool: uncaught exception if no fSMORoleOwner
Attribute is given. docs: some typos in the idmap backend section. docs: typos in man vfs_gpfs. smbd: Do not disable quot;store dos attributes quot; on-the-fly.
4.3.317 Dec 2015 03:15
minor feature:
CVE-2015-8467: samdb: Match MS15-096 behaviour for
UserAccountControl. CVE-2015-3223: LDAP 00 search expression attack DoS. CVE-2015-5252: insufficient symlink verification (file
Access outside the share). CVE-2015-5299: s3-shadow-copy2: missing access check on
Snapdir. CVE-2015-5330: remote read memory exploit in LDB. CVE-2015-5296: Add man in the middle protection when forcing
Smb encryption on the client side.
4.3.127 Oct 2015 22:45
minor feature:
s3: smbd: our access-based enumeration on quot;hide unreadable quot;
to match Windows. smbd: file name buflen and padding in notify repsonse. s3: smbd: mkdir race condition. s3: smbd: opening/creating :stream files on the root share.
Directory. s3: smbd: NULL pointer introduced by previous apos;raw apos; s3: lsa: lookup_name() logic for unqualified (no DOMAIN
Component) names is incorrect. s3: smbd: a crash in unix_convert(). vfs_fruit: Return value of ad_pack in vfs_fruit.c. s3:locking: Initialize lease pointer in
Share_mode_traverse_fn(). s3:smbstatus: Add stream name to share_entry_forall(). s3:lib: Validate domain name in lookup_wellknown_name(). kerberos: Make sure we only use prompter type when available. winbind: loop. source3/lib/msghdr.c: compiling error on Solaris. s3:ctdbd_conn: make sure we destroy tevent_fd before closing
The socket. s4:lib/messaging: Use apos;msg.lock apos; and apos;msg.sock apos; for messaging
Related subdirs. lib/param: hiding of FLAG_SYNONYM values. nss_winbind: hang on Solaris on big groups. build: Use as-needed linker flag also on OpenBSD. s3: dfs: a crash when the dfs targets are disabled. pam_winbind: a segfault if initialization fails. net: a crash with apos;net ads keytab create apos. vfs_commit: set the fd on open before calling SMB_VFS_FSTAT.
4.2.409 Sep 2015 12:05
minor feature:
Smbd: SMB3 functionality of "smb encrypt". lib: replace: Add strsep function (missing on Solaris). stream names with colon with "fruit:encoding = native". vfs:fruit: Implement copyfile style copy_chunk. s3-net: Use talloc array in share allowedusers. vfs_fruit: Handling of empty resource fork. auth/credentials: If credentials have principal set, they are
Not anonymous anymore. s3-smbd: Reset protocol in smbXsrv_connection_init_tables
Failure paths. ctdb-daemon: Return correct sequence number for
CONTROL_GET_DB_SEQNUM. ctdb-daemon: Improve error handling for running event scripts. lib: rundown of open_socket_out(). Avoid quoting problems in user's DNs. s3-passdb: Respect LOOKUP_NAME_GROUP flag in sid lookup. s3-util: Compare the maximum allowed length of a NetBIOS name. s3:lib: some corner cases of open_socket_out_cleanup(). Backport dcesrv_netr_DsRGetDCNameEx2. s3:libsmb: a in conversion of ea list to ea array. s4:rpc_server/netlogon: for NetApp. s3-auth: "map to guest = Bad uid". s3-smbd: Leave sys_disk_free() if dfree command is used. s3-auth: a possible null pointer dereference. ctdb-scripts: Support monitoring of interestingly named VLANs
on bonds. ctdb-daemon: Check if updates are in flight when releasing all
IPs. ctdb-build: building of PCP PMDA module. s3: winbindd: TALLOC_FREE of uninitialized groups variable.
4.2.315 Jul 2015 03:15
minor feature:
docs: Overhaul the description of "smb encrypt" to include SMB3
encryption. s3: lib: util: Ensure we read a hex number as x, not u. Excessive cli_resolve_path() usage can slow down transmission. winbindd: winbindd_raw_kerberos_login - ensure logon_info
exists in PAC. s3: smbd: Use separate flag to track
become_root()/unbecome_root() state. s3: smbd: Codenomicon crash in do_smb_load_module(). s3:param/loadparm: Fix 'testparm --show-all-parameters'. winbindd: Sync secrets.ldb into secrets.tdb on startup. s3:smb2: Add padding to last command in compound requests. vfs_fruit: Add option "veto_appledouble". smbd/trans2: Add a useful diagnostic for files with bad
encoding. vfs_fruit: Check offset and length for AFP_AfpInfo read
requests. ncacn_http: Fix GNUism. s3-rpc_server: Fix rpc_create_tcpip_sockets() processing of
interfaces. tdb: version 1.3.5: ABI change: tdb_chainlock_read_nonblock()
has been added. s4:lib/tls: Fix build with gnutls 3.4. Add IPv6 support to ADS client side LDAP connects. Add IPv6 support for determining FQDN during ADS join. s3: IPv6 enabled DNS connections for ADS client. s4.2/fsmo.py: Fixed fsmo transfer exception. Fix invalid write in ctdb_lock_context_destructor. smbd: Fix a use-after-free. tstream: Make socketpair nonblocking. tevent: Fix CID 1035381 Unchecked return value. tdb: Fix CID 1034842 and 1034841 Resource leaks. Logon via MS Remote Desktop hangs. tevent: Add a note to tevent_add_fd(). Fix invalid write in ctdb_lock_context_destructor. tevent_fd needs to be destroyed before closing the fd. Build fails on Solaris 11 with " PTHREAD_MUTEX_ROBUST
undeclared". Robust mutex support broken in 1.3.5. s3:smb2_setinfo: Fix memory leak in the defer_rename case. Backport tevent-0.9.25. Backport tdb-1.3.6. s3:auth_domain: Fix talloc problem in
connect_to_domain_password_server(). Group creation: Add msSFU30Name only when --nis-domain was
given. pidl: Make the compilation of PIDL producing the same results
if the content hasn't change. Kerberos
4.2.117 Apr 2015 01:25
minor bugfix:
s3:winbind:grent: Don't stop group enumeration when a group has
no gid. build:wafadmin: Fix use of spaces instead of tabs. s3-winbind: Fix cached user group lookup of trusted domains. s3: lib: ntlmssp: If NTLMSSP_NEGOTIATE_TARGET_INFO isn't set,
cope with servers that don't send the 2 unused fields. s3: client: "client use spnego principal = yes" code checks
wrong name. s3: lib: libsmbclient: If reusing a server struct, check every
cli- gt;timout miliseconds if it's still valid before use. s3: libcli: smb1: Ensure we correctly finish a tevent req if
the writev fails in the SMB1 case. Fix lots of winbindd zombie processes on Solaris platform. s3: libsmbclient: Add missing talloc stackframe. backupkey: Explicitly link to gnutls and gcrypt. backupkey: Use ndr_pull_struct_blob_all(). vfs_fruit: Enhance handling of malformed AppleDouble files. Initialize dwFlags field of DNS_RPC_NODE structure. docs/idmap_rid: Remove deprecated base_rid from example. waf: Fix the build on openbsd. talloc: Version 2.1.2. s4:auth/gensec_gssapi: Let gensec_gssapi_update() return
NT_STATUS_LOGON_FAILURE for unknown errors. Update libwbclient version to 0.12. spoolss: Retrieve published printer GUID if not in registry. replace: Remove superfluous check for gcrypt header. s4-process_model: Do not close random fds while forking. s3-passdb: Fix 'force user' with winbind default domain. brlock: Use 0 instead of empty initializer list. lib: texpect: Fix the build on Solaris. libcli/auth: Match Declaration of
netlogon_creds_cli_context_tmp with implementation. Backport subunit changes.
4.2.005 Mar 2015 07:05
major feature:
doc:man:vfs_glusterfs: improve the configuration section. tevent: Ignore unexpected signal events in the same way the
epoll backend does. debug: Set close-on-exec for the main log file FD. Fix Win8.1 Credentials Manager issue after KB2992611 on Samba
domain. smbd: Stop using vfs_Chdir after SMB_VFS_DISCONNECT. vfs: Add a brief vfs_ceph manpage. tevent: version 0.9.24. ctdb-io: Do not use sys_write to write to client sockets. snprintf: Try to support j. Fix Win8.1 Credentials Manager issue after KB2992611 on Samba
domain. doc-xml: Add 'sharesec' reference to 'access based share
enum'. Enable mutexes in gencache_notrans.tdb. cli_connect_nb_send: Don't segfault on host == NULL. s3: lib, s3: modules: Fix compilation on Solaris. Fix authentication using Kerberos (not AD). CVE-2015-0240: s3: netlogon: Ensure we don't call talloc_free
on an uninitialized pointer. s3: smbclient: Allinfo leaves the file handle open. s3: smbd: leases - losen paranoia check. Stat opens can grant
leases. s3: smbd: SMB2 close. If a file has delete on close, store the
return info before deleting. vfs_glusterfs: Add comments to the pipe(2) code. s3-vfs: Fix developer build of vfs_ceph module. printing/cups: Pack requested-attributes with IPP_TAG_KEYWORD. vfs_snapper: Correctly handles multi-byte DBus strings. libsmb: Provide authinfo domain for encrypted session
referrals. vfs_glusterfs: Implement AIO support. Enable mutexes in gencache_notrans.tdb. nsswitch: Fix soname of linux nss_, s3:smb2_server: protect against integer wrap with "smb2 max
credits = 65535". Make validate_ldb of String(Generalized-Time) accept
millisecond format ".000Z". Use -R linker flag on Solaris, not -rpath. samba-tool: Create NIS enabled users and unixHomeDirectory
attribute. Make Sharepoint search show user documents. Enable mutexes in gencache_notrans.tdb. utils: Fix 'net time' segfault. s3-pam_smbpass: Fix memory leak in pam_sm_authenticate(). CVE-2015-0240: s3-netlogon: Make sure we do not deference a
NULL pointer. v
4.1.1724 Feb 2015 03:45
security:
CVE-2015-0240: talloc free on uninitialized stack pointer
in netlogon server could lead to security vulnerability. CVE-2015-0240: s3-netlogon: Make sure we do not deference
a NULL pointer.
4.1.1617 Jan 2015 20:45
minor feature:
CVE-2014-8143: dsdb-samldb: Check for extended access
rights before we allow changes to userAccountControl.
4.1.1513 Jan 2015 19:45
minor feature:
libcli: SMB2: Pure SMB2-only negprot fix to make us behave as a
Windows client does. Fix profiles tool. idl:drsuapi: Manage all possible lengths of drsuapi_DsBindInfo. pam_winbind: Fix warn_pwd_expire implementation. s4-rpc: dnsserver: Fix enumeration of IPv4 and IPv6 addresses. nsswitch: Fix soname of linux nss_, s4:dsdb/rootdse: Expand extended dn values with the AS_SYSTEM
control. s3:smb2_server: Allow reauthentication without signing. Fix 'domain join' by adding 'drsuapi.DsBindInfoFallBack'
attribute 'supported_extensions'. Fix 'domain join' by adding 'drsuapi.DsBindInfoFallBack'
attribute 'supported_extensions'. winbind: Retry LogonControl RPC in ping-dc after session
expiration. s3-lib: Do not require a password with --use-ccache. s3-smbclient: Return success if we listed the shares. s3-smbstatus: Fix exit code of profile output.
4.1.1402 Dec 2014 09:45
minor feature:
Revert buildtools/wafadmin/Tools/perl.py back to upstream
state. nmbd fails to accept "--piddir" option. s3-nmbd: Fix netbios name truncation. s3: libsmbclient-smb2. MacOSX 10 SMB2 server doesn't set
STATUS_NO_MORE_FILES when handed a non-wildcard path. s3: nmbd: Ensure NetBIOS names are only 15 characters stored. Cleanup add_string_to_array and usage. spoolss: Fix handling of bad EnumJobs levels. spoolss: Fix jobid in level 3 EnumJobs response. s4-dns: Add support for BIND 9.10. nss_winbind: Add getgroupmembership for FreeBSD. pdb_tdb: Fix a TALLOC/SAFE_FREE mixup. pidl/wscript: Remove --with-perl-, s3:smbd: Fix file corruption using "write cache size != 0". vfs_glusterfs: Remove "integer fd" code and store the glfs
pointers. s3-keytab: Fix keytab array NULL termination. S3: source3/smbd/process.c::srv_send_smb() returns true on the
error path.
4.1.1321 Oct 2014 03:18
minor feature:
s3:smbd:open_file: Use a more natural check. s3: winbindd: Old NT Domain code sets struct
winbind_domain- gt;alt_name to be NULL. Ensure this is safe with modern
AD-DCs. pthreadpool: Slightly serialize jobs. s3: smbd: Open logic fix. s3: nmbd: Ensure the main nmbd process doesn't create zombies. s3: lib: Signal handling - ensure smbrun and change password
code save and restore existing SIGCHLD handlers. s3: smb2cli: Query info return length check was reversed. s3-libnet: Make sure we do not overwrite precreated SPNs. docs: Mention incompatibility between kernel oplocks and
streams_xattr. Fix unstrcpy. s3: smbd: streams - Ensure share mode validation ignores
internal opens (op_mid == 0). vfs_media_harmony: Fix a crash bug. registry: Don't leave dangling transactions. s3-winbindd: Use correct realm for trusted domains in idmap
child. idmap_rfc2307: Fix a crash after connection problem to DC. s3-winbindd: Do not use domain SID from LookupSids for
Sids2UnixIDs call. s3-libnet: Add libnet_join_get_machine_spns(). s3-libads: Add all machine account principals to the keytab. nmbd: Send waiting status to systemd. libcli: Fix a segfault calling smbXcli_req_set_pending() on
NULL. nsswitch: Skip groups we were not able to map.
4.1.1103 Aug 2014 13:01
security:
CVE-2014-3560: Fix unstrcpy macro length. Samba 4.0.0 to 4.1.10 are affected by a remote code execution attack on unauthenticated nmbd NetBIOS name services. A malicious browser can send packets that may overwrite the heap of the target nmbd NetBIOS name services daemon. It may be possible to use this to generate a remote code execution vulnerability as the superuser (root).
4.0.2103 Aug 2014 13:00
security:
CVE-2014-3560: Fix unstrcpy macro length. Samba 4.0.0 to 4.1.10 are affected by a remote code execution attack on unauthenticated nmbd NetBIOS name services. A malicious browser can send packets that may overwrite the heap of the target nmbd NetBIOS name services daemon. It may be possible to use this to generate a remote code execution vulnerability as the superuser (root).
4.0.2003 Aug 2014 12:58
major bugfix:
s3: smb2: Fix 'xcopy /d' with samba shares. Samba won't start on a machine configured with only IPv4. s3: SMB2: Fix leak of blocking lock records in the database. SMB1 blocking locks can fail notification on unlock, causing client timeout. s3: smbd: Locking, fix off-by one calculation in brl_pending_overlap(). wbcCredentialCache fails if challenge_blob is not first. rid_array used before status checked - segmentation fault due to null pointer dereference. printing: Fix purge of all print jobs. net/doc: Make clear that net vampire is for NT4 domains only. autobuild: Delete NSS_MODULES in "make clean". msg_channel: Fix a 100 CPU loop. smbstatus: Fix an uninitialized variable. 'RW2' smbtorture test fails when -N is set to 2 due to the invalid status check in the second client. smbd: Avoid double-free in get_print_db_byname. ldb-samba: fix a memory leak in ldif_canonicalise_objectCategory(). wbcCredentialCache fails if challenge_blob is not first. Backport autobuild/selftest fixes from master. s3:smb2_read: let smb2_sendfile_send_data() behave like send_file_readX().
4.1.1003 Aug 2014 12:56
major bugfix:
Backport ldb-1.1.17 + changes from master. s3: libsmbclient: Work around bugs in SLES cifsd and Apple smbx SMB1 servers. Samba won't start on a machine configured with only IPv4. s3: smbd: Prevent file truncation on an open that fails with share mode violation. s3: SMB2: Fix leak of blocking lock records in the database. SMB1 blocking locks can fail notification on unlock, causing client timeout. s3: smbd: Locking, fix off-by one calculation in brl_pending_overlap(). wbcCredentialCache fails if challenge_blob is not first. lib/ldb: Fix compiler warnings. dbcheck: Add check and test for various invalid userParameters values. Simple use case results in "no talloc stackframe around, leaking memory" error. dsdb: Always store and return the userParameters as a array of LE 16-bit values. dsdb: Rename private_data to rootdse_private_data in rootdse. rid_array used before status checked - segmentation fault due to null pointer dereference. ldb: make the successful ldb_transaction_start() message clearer. dsdb: Return NO_SUCH_OBJECT if a basedn is a deleted object. Backport access check related fixes from master. samba-tool: Add --site parameter to provision command. Fix SEGV from improperly formed SUBSTRING/PRESENCE filter. ldb: Do not build libldb-cmdline when using system ldb. s4-openldap: Remove use of talloc_reference in ldb_map_outbound.c net/doc: Make clear that net vampire is for NT4 domains only. s3: Fix missing braces in nfs4_acls.c. Fix "PANIC: assert failed at ../source3/smbd/open.c(1582): ret". msg_channel: Fix a 100 CPU loop. s3: smbd: Prevent file truncation on an open that fails with share mode violation. smbstatus: Fix an uninitialized variable. 'RW2' smbtorture test fails when -N is set to 2 due to the invalid status check in the second client. ldb: Fix 1138330 Dereference null return value, fix CIDs 241329, 240798, 1034791, 1034792 1034910, 1034910). smbd: Avoid double-free in get_print_db_byname. s4:dsdb/samldb: Don't allow 'userParameters' to
4.1.911 Jul 2014 17:25
security:
Security release in order to address CVE-2014-0244 (Denial of service - CPU loop) and CVE-2014-3493 (Denial of service - Server crash/memory corruption)