Difference between revisions of "Release Planning for Samba 3.5"

m (Protected "Release Planning for Samba 3.5" ([edit=sysop] (indefinite) [move=sysop] (indefinite)))
Line 8: Line 8:
  
 
== Samba 3.5.9 ==
 
== Samba 3.5.9 ==
:Release Notes for Samba 3.5.9:
 
:June 14, 2011:
 
 
===This is the latest stable release of Samba 3.5.===
 
 
====Major enhancements in Samba 3.5.9 include:====
 
 
*  Sgid bit lost on folder rename [https://bugzilla.samba.org/show_bug.cgi?id=7996 bug #7996].
 
*  ACL can get lost when files are being renamed [https://bugzilla.samba.org/show_bug.cgi?id=7987 bug #7987].
 
*  Respect "allow trusted domains = no" in Winbind [https://bugzilla.samba.org/show_bug.cgi?id=6966 bug #6966].
 
*  Samba now follows Windows behaviour as a kerberos client, requesting a CIFS/ ticket [https://bugzilla.samba.org/show_bug.cgi?id=7893 bug #7893].
 
*  Kerberos authentication fails when security blobsize is greater than 16 kB [https://bugzilla.samba.org/show_bug.cgi?id=6911 bug #6911].
 
 
====New Kerberos behaviour====
 
 
A new parameter 'client use spnego principal' defaults to 'no' and means Samba will use CIFS/hostname to obtain a kerberos ticket, acting more like Windows when using Kerberos against a CIFS server in smbclient, Winbind and other Samba client tools.  This will change which servers we will successfully negotiate Kerberos connections to. This is due to Samba no longer trusting a server-provided hint which is not available from Windows 2008 or later.  For correct operation with all clients, all aliases for a server should be recorded as a as a servicePrincipalName on the server's record in AD.
 
 
----
 
 
('''Updated 14-June-2011''')
 
('''Updated 14-June-2011''')
  
Line 32: Line 14:
  
 
== Samba 3.5.8 ==
 
== Samba 3.5.8 ==
:Release Notes for Samba 3.5.8:
 
:March 7, 2011:
 
 
===This is the latest stable release of Samba 3.5.===
 
 
====Major enhancements in Samba 3.5.8 include:====
 
 
*  Fix Winbind crash bug when no DC is available [https://bugzilla.samba.org/show_bug.cgi?id=7730 bug #7730].
 
*  Fix finding users on domain members [https://bugzilla.samba.org/show_bug.cgi?id=7743 bug #7743].
 
*  Fix memory leaks in Winbind [https://bugzilla.samba.org/show_bug.cgi?id=7879 bug #7879].
 
*  Fix printing with Windows 7 clients [https://bugzilla.samba.org/show_bug.cgi?id=7567 bug #7567].
 
 
 
('''Updated 07-March-2011''')
 
('''Updated 07-March-2011''')
  
Line 50: Line 20:
  
 
== Samba 3.5.7 ==
 
== Samba 3.5.7 ==
:Release Notes for Samba 3.5.7:
 
:February 28, 2011:
 
 
===This is a security release in order to address CVE-2011-0719.===
 
 
* [http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0719 CVE-2011-0719]:
 
: All current released versions of Samba are vulnerable to a denial of service caused by memory corruption. Range checks on file descriptors being used in the FD_SET macro were not present allowing stack corruption. This can cause the Samba code to crash or to loop attempting to select on a bad file descriptor set.
 
 
----
 
 
('''Updated 28-February-2011''')
 
('''Updated 28-February-2011''')
  
Line 65: Line 26:
  
 
== Samba 3.5.6 ==
 
== Samba 3.5.6 ==
:Release Notes for Samba 3.5.6:
 
:October 8, 2010:
 
 
===This is the latest stable release of Samba 3.5.===
 
 
====Major enhancements in Samba 3.5.6 include:====
 
 
* Fix smbd panic on invalid NetBIOS session request [https://bugzilla.samba.org/show_bug.cgi?id=7698 bug #7698].
 
* Fix smbd crash caused by "%D" in "printer admin" [https://bugzilla.samba.org/show_bug.cgi?id=7541 bug #7541)].
 
* Fix crash bug with invalid SPNEGO token [https://bugzilla.samba.org/show_bug.cgi?id=7694 bug #7694].
 
* Fix Winbind internal error [https://bugzilla.samba.org/show_bug.cgi?id=7636 bug #7636].
 
 
----
 
 
('''Updated 08-October-2010''')
 
('''Updated 08-October-2010''')
  
Line 84: Line 32:
  
 
== Samba 3.5.5 ==
 
== Samba 3.5.5 ==
:Release Notes for Samba 3.5.5:
 
:September 14, 2010:
 
 
===This is a security release in order to address CVE-2010-3069.===
 
 
 
*  [http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3069 CVE-2010-3069]:
 
:  All current released versions of Samba are vulnerable to a buffer overrun vulnerability. The sid_parse() function (and related dom_sid_parse() function in the source4 code) do not correctly check their input lengths when reading a binary representation of a Windows SID (Security ID). This allows a malicious client to send a sid that can overflow the stack variable that is being used to store the SID in the Samba smbd server.
 
 
----
 
 
('''Updated 14-September-2010''')
 
('''Updated 14-September-2010''')
  
Line 100: Line 38:
  
 
== Samba 3.5.4 ==
 
== Samba 3.5.4 ==
:Release Notes for Samba 3.5.4:
 
:June 23, 2010:
 
 
===This is the latest stable release of Samba 3.5.===
 
 
====Major enhancements in Samba 3.5.4 include:====
 
 
* Fix smbd crash when sambaLMPassword and sambaNTPassword entries missing from ldap [https://bugzilla.samba.org/show_bug.cgi?id=7448 bug #7448].
 
* Fix init_sam_from_ldap storing group in sid2uid cache [https://bugzilla.samba.org/show_bug.cgi?id=7507 bug #7507].
 
----
 
 
('''Updated 23-June-2010''')
 
('''Updated 23-June-2010''')
  
Line 116: Line 44:
  
 
== Samba 3.5.3 ==
 
== Samba 3.5.3 ==
:Release Notes for Samba 3.5.3:
 
===This is the latest stable release of Samba 3.5.===
 
 
====Major enhancements in Samba 3.5.3 include:====
 
 
* Fix MS-DFS functionality [https://bugzilla.samba.org/show_bug.cgi?id=7339 bug #7339].
 
* Fix a Winbind crash when scanning trusts [https://bugzilla.samba.org/show_bug.cgi?id=7389 bug #7389].
 
* Fix problems with SIGCHLD handling in Winbind [https://bugzilla.samba.org/show_bug.cgi?id=7317 bug #7317].
 
----
 
 
('''Updated 19-May-2010''')
 
('''Updated 19-May-2010''')
  
Line 131: Line 50:
  
 
== Samba 3.5.2 ==
 
== Samba 3.5.2 ==
:Release Notes for Samba 3.5.2:
 
:April 7, 2010:
 
 
 
===This is the latest stable release of Samba 3.5.===
 
 
====Major enhancements in Samba 3.5.2 include:====
 
 
* Fix smbd segfaults in _netr_SamLogon for clients sending null domain [https://bugzilla.samba.org/show_bug.cgi?id=7237 bug #7237].
 
* Fix smbd segfaults in "waiting for connections" message [https://bugzilla.samba.org/show_bug.cgi?id=7251 bug #7251].
 
* Fix an uninitialized variable read in smbd [https://bugzilla.samba.org/show_bug.cgi?id=7254 bug #7254].
 
* Fix a memleak in Winbind [https://bugzilla.samba.org/show_bug.cgi?id=7278 bug #7278].
 
* Fix Winbind reconnection to it's own domain [https://bugzilla.samba.org/show_bug.cgi?id=7295 bug #7295].
 
----
 
 
('''Updated 07-April-2010''')
 
('''Updated 07-April-2010''')
  
Line 151: Line 56:
  
 
== Samba 3.5.1 ==
 
== Samba 3.5.1 ==
:Release Notes for Samba 3.5.1:
 
:March 8, 2010:
 
 
===This is a security release in order to address CVE-2010-0728.===
 
 
*  [http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0728 CVE-2010-0728]:
 
:  In Samba releases 3.5.0, 3.4.6 and 3.3.11, new code was added to fix a problem with Linux asynchronous IO handling. This code introduced a bad security flaw on Linux platforms if the binaries were built on Linux platforms with libcap support. The flaw caused all smbd processes to inherit CAP_DAC_OVERRIDE capabilities, allowing all file system access to be allowed even when permissions should have denied access.
 
 
----
 
 
('''Updated 09-March-2010''')
 
('''Updated 09-March-2010''')
  
Line 166: Line 62:
  
 
== Samba 3.5.0 ==
 
== Samba 3.5.0 ==
:Release Notes for Samba 3.5.0:
 
:March 1, 2010:
 
 
===This is the first stable release of Samba 3.5.===
 
 
 
====Major enhancements in Samba 3.5.0 include:====
 
 
=====General changes:=====
 
* Add support for full Windows timestamp resolution
 
* The Using Samba HTML book has been removed.
 
* 'net', 'smbclient' and libsmbclient can use credentials cached by Winbind.
 
* The default value of "wide links" has been changed to "no".
 
 
=====Protocol changes:=====
 
* Experimental implementation of SMB2
 
 
=====Printing Changes:=====
 
* Add encryption support for connections to a CUPS server
 
 
=====Winbind changes:=====
 
* Major refactoring
 
* Asynchronous
 
 
=====VFS modules:=====
 
* New vfs_scannedonly module has been added.
 
 
 
====General changes:====
 
 
Support for full Windows timestamp resolution has been added. This effectively makes us use Windows' full 100ns timestamp resolution if supported by the kernel (2.6.22 and higher) and the glibc (2.6 and higher).
 
 
The Using Samba HTML book has been removed from the Samba tarball. It is still available at http://www.samba.org/samba/docs/using_samba/toc.html.
 
 
Samba client tools like 'net', 'smbclient' and libsmbclient can use the user credentials cached by Winbind at logon time. This is very useful e.g. when connecting to a Samba server using Nautilus without re-entering username and password. This feature is enabled by default and can be disabled per application by setting the LIBSMBCLIENT_NO_CCACHE environment variable.
 
 
The default value of "wide links" has been changed to "no" to avoid an insecure default configuration ("wide links = yes" and "unix extensions = yes"). For more details, please see http://www.samba.org/samba/news/symlink_attack.html.
 
 
 
====Protocol changes====
 
 
An EXPERIMENTAL implementation of the SMB2 protocol has been added. SMB2 can be enabled by setting "max protocol = smb2". SMB2 is a new implementation of the SMB protocol used by Windows Vista and higher.
 
 
====Printing Changes====
 
 
A new parameter "cups encrypt" has been added to control whether connections to CUPS servers will be encrypted or not. The default is to use unencrypted connections.
 
 
====Winbind changes====
 
 
The Winbind daemon has been refactored internally to be asynchronous. The new Winbind will not be blocked by running 'getent group' or 'getent passwd'.
 
 
====VFS modules====
 
 
A new VFS module "scannedonly" has been added. This is a filter that talks to an antivirus-engine and stores whether a file is clean or not. Users do only see clean files on their filesystem.
 
 
 
===Changes===
 
 
====smb.conf changes====
 
 
  Parameter Name                      Description    Default
 
  --------------                      -----------    -------
 
  create krb5 conf       New       yes
 
  ctdb timeout       New       0
 
  cups encrypt       New       no
 
  debug hires timestamp       Changed Default yes
 
  ldap deref       New       auto
 
  ldap follow referral       New       auto
 
  nmbd bind explicit broadcast       New       no
 
  wide links       Changed Default no
 
 
====New configure options====
 
 
--enable-external-libtdb Enable external tdb
 
--enable-netapi Turn on netapi support
 
--enable-pthreadpool Enable pthreads pool helper support
 
--with-cifsumount Include umount.cifs (Linux only) support
 
--with-codepagedir=DIR Where to put codepages
 
 
----
 
 
('''Updated 01-March-2010''')
 
('''Updated 01-March-2010''')
  
 
* Monday, March 1 - Samba 3.5.0 has been released
 
* Monday, March 1 - Samba 3.5.0 has been released
 
   [http://www.samba.org/samba/history/samba-3.5.0.html Release Notes Samba 3.5.0]
 
   [http://www.samba.org/samba/history/samba-3.5.0.html Release Notes Samba 3.5.0]

Revision as of 19:44, 12 July 2011

Samba 3.5. is the current release series.

Samba 3.5.10

(Updated 11-July-2011)

  • Tuesday, July 12 - Planned release date for Samba 3.5.10 - delayed

Samba 3.5.9

(Updated 14-June-2011)

  • Tuesday, June 14 - Samba 3.5.9 has been released
 Release Notes Samba 3.5.9

Samba 3.5.8

(Updated 07-March-2011)

  • Monday, March 7 - Samba 3.5.8 has been released
 Release Notes Samba 3.5.8

Samba 3.5.7

(Updated 28-February-2011)

  • Monday, February 28 - Samba 3.5.7 has been released to address CVE-2011-0719.
 Release Notes Samba 3.5.7

Samba 3.5.6

(Updated 08-October-2010)

  • Friday, October 8 - Samba 3.5.6 has been released
 Release Notes Samba 3.5.6

Samba 3.5.5

(Updated 14-September-2010)

  • Tuesday, September 14 - Samba 3.5.5 has been released to address CVE-2010-3069.
 Release Notes Samba 3.5.5

Samba 3.5.4

(Updated 23-June-2010)

  • Wednesday, June 23 - Samba 3.5.4 has been released
 Release Notes Samba 3.5.4

Samba 3.5.3

(Updated 19-May-2010)

  • Wednesday, May 19 - Samba 3.5.3 has been released
 Release Notes Samba 3.5.3

Samba 3.5.2

(Updated 07-April-2010)

  • Wednesday, April 7 - Samba 3.5.2 has been released
 Release Notes Samba 3.5.2

Samba 3.5.1

(Updated 09-March-2010)

  • Monday, March 8 - Samba 3.5.1 has been released to address CVE-2010-0728.
 Release Notes Samba 3.5.1

Samba 3.5.0

(Updated 01-March-2010)

  • Monday, March 1 - Samba 3.5.0 has been released
 Release Notes Samba 3.5.0