Release Planning for Samba 3.4

From SambaWiki
The printable version is no longer supported and may have rendering errors. Please update your browser bookmarks and please use the default browser print function instead.

Samba 3.4 is in the maintenance mode, which means there will be bug fix and security releases for this series.

Samba 3.4.13

Release Notes for Samba 3.4.13
April 21, 2011

This is the latest stable release of Samba 3.4.

Major enhancements in Samba 3.4.13 include:

  • Fix Winbind crash caused by null pointer reference bug #8086.
  • Fix incorrect timeout handling in ncacn_ip_tcp client code bug #8085.

(Updated 21-April-2011)

  • Thursday, April 21 - Samba 3.4.13 has been released
 Release Notes Samba 3.4.13

Samba 3.4.12

Release Notes for Samba 3.4.12
February 28, 2011

This is a security release in order to address CVE-2011-0719.

All current released versions of Samba are vulnerable to a denial of service caused by memory corruption. Range checks on file descriptors being used in the FD_SET macro were not present allowing stack corruption. This can cause the Samba code to crash or to loop attempting to select on a bad file descriptor set.

(Updated 28-February-2011)

  • Monday, February 28 - Samba 3.4.12 has been released to address CVE-2011-0719.
 Release Notes Samba 3.4.12

Samba 3.4.11

Release Notes for Samba 3.4.11
January 23 2011

This is the latest stable release of Samba 3.4. It addresses the issue introduced with Samba 3.4.10:

  • Fix connecting to port-139 only servers bug #7881.

(Updated 23-January-2011)

  • Sunday, January 23 - Samba 3.4.11 has been released to fix connections to port-139 only servers (broken in Samba 3.4.10, please see bug #7881 for details)
 Release Notes Samba 3.4.11

Samba 3.4.10

Release Notes for Samba 3.4.10
January 22, 2011

This is the latest stable release of Samba 3.4.

Major enhancements in Samba 3.4.10:

(Updated 22-January-2011)

  • Saturday, January 22 - Samba 3.4.10 has been released
 Release Notes Samba 3.4.10

Samba 3.4.9

Release Notes for Samba 3.4.9
September 14, 2010

This is a security release in order to address CVE-2010-3069.

All current released versions of Samba are vulnerable to a buffer overrun vulnerability. The sid_parse() function (and related dom_sid_parse() function in the source4 code) do not correctly check their input lengths when reading a binary representation of a Windows SID (Security ID). This allows a malicious client to send a sid that can overflow the stack variable that is being used to store the SID in the Samba smbd server.

(Updated 14-September-2010)

  • Tuesday, September 14 - Samba 3.4.9 has been released to address CVE-2010-3069.
 Release Notes Samba 3.4.9

Samba 3.4.8

Release Notes for Samba 3.4.8
May 11, 2010

This is the latest stable release of Samba 3.4.

Major enhancements in Samba 3.4.8 include:

  • Fix Winbind reconnection to it's own domain bug #7295.
  • Fix an uninitialized variable read in smbd bug #7254.
  • Fix smbd crash with CUPS printers and no [printers] share defined bug #7297.
  • Fix NULL pointer dereference in smbd bug #7229.

(Updated 11-March-2010)

  • Tuesday, May 11 - Samba 3.4.8 has been released
 Release Notes Samba 3.4.8

Samba 3.4.7

Release Notes for Samba 3.4.7
March 8, 2010

This is a security release in order to address CVE-2010-0728.

In Samba releases 3.5.0, 3.4.6 and 3.3.11, new code was added to fix a problem with Linux asynchronous IO handling. This code introduced a bad security flaw on Linux platforms if the binaries were built on Linux platforms with libcap support. The flaw caused all smbd processes to inherit CAP_DAC_OVERRIDE capabilities, allowing all file system access to be allowed even when permissions should have denied access.

(Updated 09-March-2010)

  • Monday, March 8 - Samba 3.4.7 has been released to address CVE-2010-0728.
 Release Notes Samba 3.4.7

Samba 3.4.6

Release Notes for Samba 3.4.6
February 24, 2010

This is the latest stable release of Samba 3.4.

Major enhancements in Samba 3.4.6 include:

  • "wide links" and "unix extensions" are incompatible bug #7104.
  • Fix printing with 64 bit clients bug #6888.
  • Fix core dump on Ubuntu 8.04 64 bit bug #7063.
  • Fix failing of smbd to respond to a read or a write caused by Linux asynchronous IO (aio) bug #7067.
  • Fix string buffer overflow causing heap corruption in smbd bug #7096.

(Updated 24-February-2010)

  • Wednesday, February 24 - Samba 3.4.6 has been released
 Release Notes Samba 3.4.6

Samba 3.4.5

Release Notes for Samba 3.4.5
January 19, 2010

This is the latest stable release of Samba 3.4.

Major enhancements in Samba 3.4.5 include:

  • Fix memory leak in smbd bug #7020.
  • Fix changing of ACLs on writable files with "dos filemode=yes" bug #5202.

(Updated 19-January-2010)

  • Tuesday, January 19 - Samba 3.4.5 has been released
 Release Notes Samba 3.4.5

Samba 3.4.4

Release Notes for Samba 3.4.4
January 7, 2010

This is the latest stable release of Samba 3.4.

Major enhancements in Samba 3.4.4 include:

  • Fix interdomain trust relationships with Win2008R2 (bug #6697).
  • Fix Winbind crashes when queried from nss (bug #6889).
  • Fix Winbind crash when retrieving empty group members (bug #7014).
  • Fix "UID range full" error in Winbind (bug #6901).
  • Fix multiple LDAP servers in "idmap backend" and "idmap alloc backend" (bug #6910).

(Updated 07-January-2010)

  • Thursday, January 7 - Samba 3.4.4 has been released
 Release Notes Samba 3.4.4

Samba 3.4.3

Release Notes for Samba 3.4.3
October 29, 2009

This is the latest stable release of Samba 3.4.

Major enhancements in Samba 3.4.3 include:

  • Fix trust relationships to windows 2008 (2008 r2) bug #6711.
  • Fix file corruption using smbclient with NT4 server bug #6606.
  • Fix Windows 7 share access (which defaults to NTLMv2) bug #6680.

(Updated 29-October-2009)

  • Thursday, October 29 - Samba 3.4.3 has been released
 Release Notes Samba 3.4.3

Samba 3.4.2

Release Notes for Samba 3.4.2
October 1, 2009

This is a security release in order to address CVE-2009-2813, CVE-2009-2948 and CVE-2009-2906.

In all versions of Samba later than 3.0.11, connecting to the home share of a user will use the root of the filesystem as the home directory if this user is misconfigured to have an empty home directory in /etc/passwd.
If mount.cifs is installed as a setuid program, a user can pass it a credential or password path to which he or she does not have access and then use the --verbose option to view the first line of that file. All known Samba versions are affected.
Specially crafted SMB requests on authenticated SMB connections can send smbd into a 100% CPU loop, causing a DoS on the Samba server.

(Updated 1-October-2009)

  • Thursday, October 1 - Samba 3.4.2 has been issued as Security Release to address CVE-2009-2906,

CVE-2009-2906 and CVE-2009-2813.

 Release Notes Samba 3.4.2

Samba 3.4.1

Release Notes for Samba 3.4.1
September 9, 2009

This is the latest stable release of Samba 3.4.

Major enhancements in Samba 3.4.1 include:

  • Fix authentication on member servers without Winbind bug #6711(bug #6650).
  • Nautilus fails to copy files from an SMB share bug #6649.
  • Fix connections of Win98 clients bug #6551.
  • Fix interdomain trusts with Windows 2008 R2 DCs bug #6697.
  • Fix Winbind authentication issue bug #6646.

(Updated 9-September-2009)

  • Wednesday, September 9 - Samba 3.4.1 has been released
 Release Notes Samba 3.4.1

Samba 3.4.0

(Updated 3-July-2009)

  • Tuesday, June 2 - Samba 3.4.0pre2 has been released
  • Thursday, April 30 - Samba 3.4.0pre1 has been released
  • Friday, June 19 - Samba 3.4.0rc1 has been released
  • Friday, July 3 - Samba 3.4.0 has been released
 Release Notes Samba 3.4.0