Release Planning for Samba 3.4: Difference between revisions

From SambaWiki
Line 213: Line 213:


== Samba 3.4.0 ==
== Samba 3.4.0 ==
:Release Notes for Samba 3.4.0
:July 3, 2009


===This is the first stable release of Samba 3.4.===


====Major enhancements in Samba 3.4.0 include:====

=====Configuration changes:=====
* The default passdb backend has been changed to 'tdbsam'!

=====General changes:=====
* Samba4 and Samba3 sources are included in the tarball

=====Authentication Changes:=====
* Changed the way smbd handles untrusted domain names given during user authentication.

=====Printing Changes:=====
* Various fixes including printer change notificiation for Samba spoolss print servers.

=====Internal changes:=====
* The remaining hand-marshalled DCE/RPC services (ntsvcs, svcctl, eventlog and spoolss) were replaced by autogenerated code based on PIDL.
* Samba3 and Samba4 do now share a common tevent library.
* The code has been cleaned up and the major basic interfaces are shared with Samba4 now.
* An asynchronous API has been added.


====Configuration changes====

!!! ATTENTION !!!
The default passdb backend has been changed to 'tdbsam'! That breaks existing setups using the 'smbpasswd' backend without explicit declaration! Please use 'passdb backend = smbpasswd' if you would like to stick to the 'smbpasswd' backend or convert your smbpasswd entries using e.g. 'pdbedit -i smbpasswd -e tdbsam'.

The 'tdbsam' backend is much more flexible concerning per user settings like 'profile path' or 'home directory' and there are some commands which do not work with the 'smbpasswd' backend at all.

=====General Changes=====

On the way towards a standalone Samba AD domain controller, Samba3 and Samba4 branches can be built as "merged" build. That's why Samba3 and Samba4 sources are included in the tarball. The merged build is possible in Samba 3.4.0, but
disabled by default. To learn more about the merged build, please see http://wiki.samba.org/index.php/Franky.

According to this one, there is no "source" directory included in the tarball at all. Samba3 sources are located in "source3", Samba4 sources are located in "source4". The libraries have been moved to the toplevel directory.

To build plain Samba3, please change to "source3" and start the build as usual. To build Samba4 as well, please use the "--enable-merged-build" configure option.

=====Authentication Changes=====

Previously, when Samba was a domain member and a client was connecting using an untrusted domain name, such as BOGUS\user smbd would remap the untrusted domain to the primary domain smbd was a member of and attempt authentication
using that DOMAIN\user name. This differed from how a Windows member server would behave. Now, smbd will replace the BOGUS name with it's SAM name. In the case where smbd is acting as a PDC this will be DOMAIN\user. In the case
where smbd is acting as a domain member server this will be WORKSTATION\user. Thus, smbd will never assume that an incoming user name which is not qualified with the same primary domain, is part of smbd's primary domain.

While this behavior matches Windows, it may break some workflows which depended on smbd to always pass through bogus names to the DC for verification. A new parameter "map untrusted to domain" can be enabled to revert to the legacy
behavior.

=====Printing Changes=====

The spoolss subsystem was replaced by autogenerated code based on PIDL. That fixes several printing issues including printer change notificiation on Samba print servers and will stabilize the printing functionality generally. The support for spoolss printing with Windows Vista has been improved.

=====Internal Changes=====

The remaining hand-marshalled DCE/RPC services (ntsvcs, svcctl, eventlog and spoolss) were replaced by autogenerated code based on PIDL.

So Guenther Deschner finally corrected one of the biggest mistakes in the development of Samba: Hand-marshalled RPC stubs.

Thanks a lot! :-)

Samba3 and Samba4 do now share a common tevent library for fd and timer events.

The code has been cleaned up and Samba3 and Samba4 do share the major basic interfaces now. That is why the libraries were moved to the toplevel directory. That is one of the first steps to share code and minimize the gap between
these two versions.

An asynchronous API has been added.



====smb.conf changes====
----------------

Parameter Name Description Default
-------------- ----------- -------
access based share enum New No
dedicated keytab file New ""
kerberos method New default
map untrusted to domain New No
max open files Changed Default auto detected
passdb backend Changed Default tdbsam
perfcount module New ""
use kerberos keytab Removed


====New [sub]commands====
-----------------

net eventlog Import/dump/export native win32 eventlog files.
net rpc service create Create a new service.
net rpc service delete Delete an existing service.
----
('''Updated 3-July-2009''')
('''Updated 3-July-2009''')



Revision as of 13:57, 4 May 2011

Samba 3.4 is in the maintenance mode, which means there will be bug fix and security releases for this series.

Samba 3.4.13

Release Notes for Samba 3.4.13
April 21, 2011

This is the latest stable release of Samba 3.4.

Major enhancements in Samba 3.4.13 include:

  • Fix Winbind crash caused by null pointer reference bug #8086.
  • Fix incorrect timeout handling in ncacn_ip_tcp client code bug #8085.

(Updated 21-April-2011)

  • Thursday, April 21 - Samba 3.4.13 has been released
 Release Notes Samba 3.4.13

Samba 3.4.12

Release Notes for Samba 3.4.12
February 28, 2011

This is a security release in order to address CVE-2011-0719.

All current released versions of Samba are vulnerable to a denial of service caused by memory corruption. Range checks on file descriptors being used in the FD_SET macro were not present allowing stack corruption. This can cause the Samba code to crash or to loop attempting to select on a bad file descriptor set.

(Updated 28-February-2011)

  • Monday, February 28 - Samba 3.4.12 has been released to address CVE-2011-0719.
 Release Notes Samba 3.4.12

Samba 3.4.11

Release Notes for Samba 3.4.11
January 23 2011

This is the latest stable release of Samba 3.4. It addresses the issue introduced with Samba 3.4.10:

  • Fix connecting to port-139 only servers bug #7881.

(Updated 23-January-2011)

  • Sunday, January 23 - Samba 3.4.11 has been released to fix connections to port-139 only servers (broken in Samba 3.4.10, please see bug #7881 for details)
 Release Notes Samba 3.4.11

Samba 3.4.10

Release Notes for Samba 3.4.10
January 22, 2011

This is the latest stable release of Samba 3.4.

Major enhancements in Samba 3.4.10:

(Updated 22-January-2011)

  • Saturday, January 22 - Samba 3.4.10 has been released
 Release Notes Samba 3.4.10

Samba 3.4.9

Release Notes for Samba 3.4.9
September 14, 2010

This is a security release in order to address CVE-2010-3069.

All current released versions of Samba are vulnerable to a buffer overrun vulnerability. The sid_parse() function (and related dom_sid_parse() function in the source4 code) do not correctly check their input lengths when reading a binary representation of a Windows SID (Security ID). This allows a malicious client to send a sid that can overflow the stack variable that is being used to store the SID in the Samba smbd server.

(Updated 14-September-2010)

  • Tuesday, September 14 - Samba 3.4.9 has been released to address CVE-2010-3069.
 Release Notes Samba 3.4.9

Samba 3.4.8

Release Notes for Samba 3.4.8
May 11, 2010

This is the latest stable release of Samba 3.4.

Major enhancements in Samba 3.4.8 include:

  • Fix Winbind reconnection to it's own domain bug #7295.
  • Fix an uninitialized variable read in smbd bug #7254.
  • Fix smbd crash with CUPS printers and no [printers] share defined bug #7297.
  • Fix NULL pointer dereference in smbd bug #7229.

(Updated 11-March-2010)

  • Tuesday, May 11 - Samba 3.4.8 has been released
 Release Notes Samba 3.4.8

Samba 3.4.7

Release Notes for Samba 3.4.7
March 8, 2010

This is a security release in order to address CVE-2010-0728.

In Samba releases 3.5.0, 3.4.6 and 3.3.11, new code was added to fix a problem with Linux asynchronous IO handling. This code introduced a bad security flaw on Linux platforms if the binaries were built on Linux platforms with libcap support. The flaw caused all smbd processes to inherit CAP_DAC_OVERRIDE capabilities, allowing all file system access to be allowed even when permissions should have denied access.

(Updated 09-March-2010)

  • Monday, March 8 - Samba 3.4.7 has been released to address CVE-2010-0728.
 Release Notes Samba 3.4.7

Samba 3.4.6

Release Notes for Samba 3.4.6
February 24, 2010

This is the latest stable release of Samba 3.4.

Major enhancements in Samba 3.4.6 include:

  • "wide links" and "unix extensions" are incompatible bug #7104.
  • Fix printing with 64 bit clients bug #6888.
  • Fix core dump on Ubuntu 8.04 64 bit bug #7063.
  • Fix failing of smbd to respond to a read or a write caused by Linux asynchronous IO (aio) bug #7067.
  • Fix string buffer overflow causing heap corruption in smbd bug #7096.

(Updated 24-February-2010)

  • Wednesday, February 24 - Samba 3.4.6 has been released
 Release Notes Samba 3.4.6

Samba 3.4.5

Release Notes for Samba 3.4.5
January 19, 2010

This is the latest stable release of Samba 3.4.

Major enhancements in Samba 3.4.5 include:

  • Fix memory leak in smbd bug #7020.
  • Fix changing of ACLs on writable files with "dos filemode=yes" bug #5202.

(Updated 19-January-2010)

  • Tuesday, January 19 - Samba 3.4.5 has been released
 Release Notes Samba 3.4.5

Samba 3.4.4

Release Notes for Samba 3.4.4
January 7, 2010

This is the latest stable release of Samba 3.4.

Major enhancements in Samba 3.4.4 include:

  • Fix interdomain trust relationships with Win2008R2 (bug #6697).
  • Fix Winbind crashes when queried from nss (bug #6889).
  • Fix Winbind crash when retrieving empty group members (bug #7014).
  • Fix "UID range full" error in Winbind (bug #6901).
  • Fix multiple LDAP servers in "idmap backend" and "idmap alloc backend" (bug #6910).

(Updated 07-January-2010)

  • Thursday, January 7 - Samba 3.4.4 has been released
 Release Notes Samba 3.4.4

Samba 3.4.3

Release Notes for Samba 3.4.3
October 29, 2009

This is the latest stable release of Samba 3.4.

Major enhancements in Samba 3.4.3 include:

  • Fix trust relationships to windows 2008 (2008 r2) bug #6711.
  • Fix file corruption using smbclient with NT4 server bug #6606.
  • Fix Windows 7 share access (which defaults to NTLMv2) bug #6680.

(Updated 29-October-2009)

  • Thursday, October 29 - Samba 3.4.3 has been released
 Release Notes Samba 3.4.3

Samba 3.4.2

Release Notes for Samba 3.4.2
October 1, 2009

This is a security release in order to address CVE-2009-2813, CVE-2009-2948 and CVE-2009-2906.

In all versions of Samba later than 3.0.11, connecting to the home share of a user will use the root of the filesystem as the home directory if this user is misconfigured to have an empty home directory in /etc/passwd.
If mount.cifs is installed as a setuid program, a user can pass it a credential or password path to which he or she does not have access and then use the --verbose option to view the first line of that file. All known Samba versions are affected.
Specially crafted SMB requests on authenticated SMB connections can send smbd into a 100% CPU loop, causing a DoS on the Samba server.

(Updated 1-October-2009)

  • Thursday, October 1 - Samba 3.4.2 has been issued as Security Release to address CVE-2009-2906,

CVE-2009-2906 and CVE-2009-2813.

 Release Notes Samba 3.4.2

Samba 3.4.1

Release Notes for Samba 3.4.1
September 9, 2009

This is the latest stable release of Samba 3.4.

Major enhancements in Samba 3.4.1 include:

  • Fix authentication on member servers without Winbind bug #6711(bug #6650).
  • Nautilus fails to copy files from an SMB share bug #6649.
  • Fix connections of Win98 clients bug #6551.
  • Fix interdomain trusts with Windows 2008 R2 DCs bug #6697.
  • Fix Winbind authentication issue bug #6646.

(Updated 9-September-2009)

  • Wednesday, September 9 - Samba 3.4.1 has been released
 Release Notes Samba 3.4.1

Samba 3.4.0

Release Notes for Samba 3.4.0
July 3, 2009

This is the first stable release of Samba 3.4.

Major enhancements in Samba 3.4.0 include:

Configuration changes:
  • The default passdb backend has been changed to 'tdbsam'!
General changes:
  • Samba4 and Samba3 sources are included in the tarball
Authentication Changes:
  • Changed the way smbd handles untrusted domain names given during user authentication.
Printing Changes:
  • Various fixes including printer change notificiation for Samba spoolss print servers.
Internal changes:
  • The remaining hand-marshalled DCE/RPC services (ntsvcs, svcctl, eventlog and spoolss) were replaced by autogenerated code based on PIDL.
  • Samba3 and Samba4 do now share a common tevent library.
  • The code has been cleaned up and the major basic interfaces are shared with Samba4 now.
  • An asynchronous API has been added.


Configuration changes

!!! ATTENTION !!! The default passdb backend has been changed to 'tdbsam'! That breaks existing setups using the 'smbpasswd' backend without explicit declaration! Please use 'passdb backend = smbpasswd' if you would like to stick to the 'smbpasswd' backend or convert your smbpasswd entries using e.g. 'pdbedit -i smbpasswd -e tdbsam'.

The 'tdbsam' backend is much more flexible concerning per user settings like 'profile path' or 'home directory' and there are some commands which do not work with the 'smbpasswd' backend at all.

General Changes

On the way towards a standalone Samba AD domain controller, Samba3 and Samba4 branches can be built as "merged" build. That's why Samba3 and Samba4 sources are included in the tarball. The merged build is possible in Samba 3.4.0, but disabled by default. To learn more about the merged build, please see http://wiki.samba.org/index.php/Franky.

According to this one, there is no "source" directory included in the tarball at all. Samba3 sources are located in "source3", Samba4 sources are located in "source4". The libraries have been moved to the toplevel directory.

To build plain Samba3, please change to "source3" and start the build as usual. To build Samba4 as well, please use the "--enable-merged-build" configure option.

Authentication Changes

Previously, when Samba was a domain member and a client was connecting using an untrusted domain name, such as BOGUS\user smbd would remap the untrusted domain to the primary domain smbd was a member of and attempt authentication using that DOMAIN\user name. This differed from how a Windows member server would behave. Now, smbd will replace the BOGUS name with it's SAM name. In the case where smbd is acting as a PDC this will be DOMAIN\user. In the case where smbd is acting as a domain member server this will be WORKSTATION\user. Thus, smbd will never assume that an incoming user name which is not qualified with the same primary domain, is part of smbd's primary domain.

While this behavior matches Windows, it may break some workflows which depended on smbd to always pass through bogus names to the DC for verification. A new parameter "map untrusted to domain" can be enabled to revert to the legacy behavior.

Printing Changes

The spoolss subsystem was replaced by autogenerated code based on PIDL. That fixes several printing issues including printer change notificiation on Samba print servers and will stabilize the printing functionality generally. The support for spoolss printing with Windows Vista has been improved.

Internal Changes

The remaining hand-marshalled DCE/RPC services (ntsvcs, svcctl, eventlog and spoolss) were replaced by autogenerated code based on PIDL.

So Guenther Deschner finally corrected one of the biggest mistakes in the development of Samba: Hand-marshalled RPC stubs.

Thanks a lot! :-)

Samba3 and Samba4 do now share a common tevent library for fd and timer events.

The code has been cleaned up and Samba3 and Samba4 do share the major basic interfaces now. That is why the libraries were moved to the toplevel directory. That is one of the first steps to share code and minimize the gap between these two versions.

An asynchronous API has been added.


smb.conf changes


  Parameter Name                      Description     Default
  --------------                      -----------     -------
  access based share enum	       New	       No
  dedicated keytab file	       New	       ""
  kerberos method		       New	       default
  map untrusted to domain	       New	       No
  max open files		       Changed Default auto detected
  passdb backend		       Changed Default tdbsam
  perfcount module		       New	       ""
  use kerberos keytab		       Removed


New [sub]commands


  net eventlog			Import/dump/export native win32 eventlog files.
  net rpc service create	Create a new service.
  net rpc service delete	Delete an existing service.

(Updated 3-July-2009)

  • Tuesday, June 2 - Samba 3.4.0pre2 has been released
  • Thursday, April 30 - Samba 3.4.0pre1 has been released
  • Friday, June 19 - Samba 3.4.0rc1 has been released
  • Friday, July 3 - Samba 3.4.0 has been released
 Release Notes Samba 3.4.0