1 =============================
2 Release Notes for Samba 4.9.4
4 =============================
7 Major bug fixes include:
8 ------------------------
10 o dns: Fix CNAME loop prevention using counter regression (bug #13600).
16 o Ralph Boehme <slow@samba.org>
17 * BUG 9175: libcli/smb: Don't overwrite status code.
18 * BUG 12164: wbinfo --group-info 'NT AUTHORITY\System' does not work.
19 * BUG 13661: Session setup reauth fails to sign response.
20 * BUG 13677: vfs_fruit: Validation of writes on AFP_AfpInfo stream.
21 * BUG 13688: vfs_shadow_copy2: Nicely deal with attempts to open previous
23 * BUG 13455: Restoring previous version of stream with vfs_shadow_copy2 fails
24 with NT_STATUS_OBJECT_NAME_INVALID fsp->base_fsp->fsp_name.
26 o Isaac Boukris <iboukris@gmail.com>
27 * BUG 13571: CVE-2018-16853: Fix S4U2Self crash with MIT KDC build.
29 o Günther Deschner <gd@samba.org>
30 * BUG 13708: s3-vfs: Prevent NULL pointer dereference in vfs_glusterfs.
32 o Joe Guo <joeg@catalyst.net.nz>
33 * PEP8: fix E231: missing whitespace after ','.
35 o Volker Lendecke <vl@samba.org>
36 * BUG 13629: winbindd: Fix crash when taking profiles.
38 o Stefan Metzmacher <metze@samba.org>
39 * BUG 13600: CVE-2018-14629 dns: Fix CNAME loop prevention using counter
42 o Garming Sam <garming@catalyst.net.nz>
43 * BUG 13686: 'samba-tool user syscpasswords' fails on a domain with many DCs.
45 o Andreas Schneider <asn@samba.org>
46 * BUG 13571: CVE-2018-16853: Do not segfault if client is not set.
47 * BUG 13679: lib:util: Fix DEBUGCLASS pointer initializiation.
49 o Martin Schwenke <martin@meltin.net>
50 * BUG 13696: ctdb-daemon: Exit with error if a database directory does not
53 o Justin Stephenson <jstephen@redhat.com>
54 * BUG 13498: s3:libads: Add net ads leave keep-account option.
57 #######################################
58 Reporting bugs & Development Discussion
59 #######################################
61 Please discuss this release on the samba-technical mailing list or by
62 joining the #samba-technical IRC channel on irc.freenode.net.
64 If you do report problems then please try to send high quality
65 feedback. If you don't provide vital information to help us track down
66 the problem then you will probably be ignored. All bug reports should
67 be filed under the "Samba 4.1 and newer" product in the project's Bugzilla
68 database (https://bugzilla.samba.org/).
71 ======================================================================
72 == Our Code, Our Bugs, Our Responsibility.
74 ======================================================================
77 Release notes for older releases follow:
78 ----------------------------------------
80 =============================
81 Release Notes for Samba 4.9.3
83 =============================
86 This is a security release in order to address the following defects:
88 o CVE-2018-14629 (Unprivileged adding of CNAME record causing loop in AD
90 o CVE-2018-16841 (Double-free in Samba AD DC KDC with PKINIT)
91 o CVE-2018-16851 (NULL pointer de-reference in Samba AD DC LDAP server)
92 o CVE-2018-16852 (NULL pointer de-reference in Samba AD DC DNS servers)
93 o CVE-2018-16853 (Samba AD DC S4U2Self crash in experimental MIT Kerberos
94 configuration (unsupported))
95 o CVE-2018-16857 (Bad password count in AD DC not always effective)
103 All versions of Samba from 4.0.0 onwards are vulnerable to infinite
104 query recursion caused by CNAME loops. Any dns record can be added via
105 ldap by an unprivileged user using the ldbadd tool, so this is a
109 When configured to accept smart-card authentication, Samba's KDC will call
110 talloc_free() twice on the same memory if the principal in a validly signed
111 certificate does not match the principal in the AS-REQ.
113 This is only possible after authentication with a trusted certificate.
115 talloc is robust against further corruption from a double-free with
116 talloc_free() and directly calls abort(), terminating the KDC process.
118 There is no further vulnerability associated with this issue, merely a
122 During the processing of an LDAP search before Samba's AD DC returns
123 the LDAP entries to the client, the entries are cached in a single
124 memory object with a maximum size of 256MB. When this size is
125 reached, the Samba process providing the LDAP service will follow the
126 NULL pointer, terminating the process.
128 There is no further vulnerability associated with this issue, merely a
132 During the processing of an DNS zone in the DNS management DCE/RPC server,
133 the internal DNS server or the Samba DLZ plugin for BIND9, if the
134 DSPROPERTY_ZONE_MASTER_SERVERS property or DSPROPERTY_ZONE_SCAVENGING_SERVERS
135 property is set, the server will follow a NULL pointer and terminate.
137 There is no further vulnerability associated with this issue, merely a
141 A user in a Samba AD domain can crash the KDC when Samba is built in the
142 non-default MIT Kerberos configuration.
144 With this advisory we clarify that the MIT Kerberos build of the Samba
145 AD DC is considered experimental. Therefore the Samba Team will not
146 issue security patches for this configuration.
149 AD DC Configurations watching for bad passwords (to restrict brute forcing
150 of passwords) in a window of more than 3 minutes may not watch for bad
153 For more details and workarounds, please refer to the security advisories.
159 o Andrew Bartlett <abartlet@samba.org>
160 * BUG 13628: CVE-2018-16841: heimdal: Fix segfault on PKINIT with
161 mis-matching principal.
162 * BUG 13678: CVE-2018-16853: build: The Samba AD DC, when build with MIT
163 Kerberos is experimental
165 o Tim Beale <timbeale@catalyst.net.nz>
166 * BUG 13683: CVE-2018-16857: dsdb/util: Correctly treat
167 lockOutObservationWindow as 64-bit int.
169 o Joe Guo <joeg@catalyst.net.nz>
170 * BUG 13683: CVE-2018-16857 PEP8: Fix E305: Expected 2 blank lines after
171 class or function definition, found 1.
173 o Aaron Haslett <aaronhaslett@catalyst.net.nz>
174 * BUG 13600: CVE-2018-14629: dns: CNAME loop prevention using counter.
176 o Gary Lockyer <gary@catalyst.net.nz>
177 * BUG 13669: CVE-2018-16852: Fix NULL pointer de-reference in Samba AD DC
180 o Garming Sam <garming@catalyst.net.nz>
181 * BUG 13674: CVE-2018-16851: ldap_server: Check ret before manipulating blob.
184 #######################################
185 Reporting bugs & Development Discussion
186 #######################################
188 Please discuss this release on the samba-technical mailing list or by
189 joining the #samba-technical IRC channel on irc.freenode.net.
191 If you do report problems then please try to send high quality
192 feedback. If you don't provide vital information to help us track down
193 the problem then you will probably be ignored. All bug reports should
194 be filed under the "Samba 4.1 and newer" product in the project's Bugzilla
195 database (https://bugzilla.samba.org/).
198 ======================================================================
199 == Our Code, Our Bugs, Our Responsibility.
201 ======================================================================
204 ----------------------------------------------------------------------
207 =============================
208 Release Notes for Samba 4.9.2
210 =============================
213 This is the latest stable release of the Samba 4.9 release series.
219 o Andrew Bartlett <abartlet@samba.org>
220 * BUG 13418: dsdb: Add comments explaining the limitations of our current
222 * BUG 13621: Fix problems running domain backups (handling SMBv2, sites).
224 o Tim Beale <timbeale@catalyst.net.nz>
225 * BUG 13621: Fix problems running domain backups (handling SMBv2, sites).
227 o Ralph Boehme <slow@samba.org>
228 * BUG 13465: testparm: Fix crashes with PANIC: Messaging not initialized on
230 * BUG 13642: Make vfs_fruit able to cleanup AppleDouble files.
231 * BUG 13646: File saving issues with vfs_fruit on samba >= 4.8.5.
232 * BUG 13649: Enabling vfs_fruit looses FinderInfo.
233 * BUG 13667: Cancelling of SMB2 aio reads and writes returns wrong error
234 NT_STATUS_INTERNAL_ERROR.
236 o Amitay Isaacs <amitay@gmail.com>
237 * BUG 13641: Fix CTDB recovery record resurrection from inactive nodes and
240 o Volker Lendecke <vl@samba.org>
241 * BUG 13465: examples: Fix the smb2mount build.
242 * BUG 13629: libtevent: Fix build due to missing open_memstream on Illiumos.
243 * BUG 13662: winbindd_cache: Fix timeout calculation for sid<->name cache.
245 o Gary Lockyer <gary@catalyst.net.nz>
246 * BUG 13653: dsdb encrypted_secrets: Allow "ldb:// and "mdb://" in file path.
248 o Stefan Metzmacher <metze@samba.org>
249 * BUG 13418: Extended DN SID component missing for member after switching
251 * BUG 13624: Return STATUS_SESSION_EXPIRED error encrypted, if the request
254 o David Mulder <dmulder@suse.com>
255 * BUG 13621: python: Allow forced signing via smb.SMB().
256 * BUG 13665: lib:socket: If returning early, set ifaces.
258 o Noel Power <noel.power@suse.com>
259 * BUG 13616: ldb: Bump ldb version to 1.4.3, Python: Ensure ldb.Dn can accept
260 utf8 encoded unicode.
262 o Christof Schmitt <cs@samba.org>
263 * BUG 13465: testparm: Fix crashes with PANIC: Messaging not initialized on
265 * BUG 13673: smbd: Fix DELETE_ON_CLOSE behaviour on files with READ_ONLY
268 o Andreas Schneider <asn@samba.org>
269 * BUG 13601: waf: Add -fstack-clash-protection.
270 * BUG 13668: winbind: Fix segfault if an invalid passdb backend is
273 o Martin Schwenke <martin@meltin.net>
274 * BUG 13659: Fix bugs in CTDB event handling.
275 * BUG 13670: Misbehaving nodes are sometimes not banned.
278 #######################################
279 Reporting bugs & Development Discussion
280 #######################################
282 Please discuss this release on the samba-technical mailing list or by
283 joining the #samba-technical IRC channel on irc.freenode.net.
285 If you do report problems then please try to send high quality
286 feedback. If you don't provide vital information to help us track down
287 the problem then you will probably be ignored. All bug reports should
288 be filed under the "Samba 4.1 and newer" product in the project's Bugzilla
289 database (https://bugzilla.samba.org/).
292 ======================================================================
293 == Our Code, Our Bugs, Our Responsibility.
295 ======================================================================
298 ----------------------------------------------------------------------
301 =============================
302 Release Notes for Samba 4.9.1
304 =============================
307 This is the latest stable release of the Samba 4.9 release series.
310 Major enhancements include:
311 ---------------------------
313 o s3: nmbd: Stop nmbd network announce storm (bug #13620).
319 o Andrew Bartlett <abartlet@samba.org>
320 * BUG 13620: s3: nmbd: Stop nmbd network announce storm.
322 o Günther Deschner <gd@samba.org>
323 * BUG 13597: s3-rpcclient: Use spoolss_init_spoolss_UserLevel1 in winspool
326 o Martin Schwenke <martin@meltin.net>
327 * BUG 13617: CTDB recovery lock has some race conditions.
329 o Justin Stephenson <jstephen@redhat.com>
330 * BUG 13597: s3-rpc_client: Advertise Windows 7 client info.
332 o Ralph Wuerthner <ralph.wuerthner@de.ibm.com>
333 * BUG 13610: ctdb-doc: Remove PIDFILE option from ctdbd_wrapper man page.
336 #######################################
337 Reporting bugs & Development Discussion
338 #######################################
340 Please discuss this release on the samba-technical mailing list or by
341 joining the #samba-technical IRC channel on irc.freenode.net.
343 If you do report problems then please try to send high quality
344 feedback. If you don't provide vital information to help us track down
345 the problem then you will probably be ignored. All bug reports should
346 be filed under the "Samba 4.1 and newer" product in the project's Bugzilla
347 database (https://bugzilla.samba.org/).
350 ======================================================================
351 == Our Code, Our Bugs, Our Responsibility.
353 ======================================================================
356 ----------------------------------------------------------------------
359 =============================
360 Release Notes for Samba 4.9.0
362 =============================
365 This is the first stable release of the Samba 4.9 release series.
366 Please read the release notes carefully before upgrading.
375 There is a new 'net ads setspn' sub command for managing Windows SPN(s)
376 on the AD. This command aims to give the basic functionality that is
377 provided on windows by 'setspn.exe' e.g. ability to add, delete and list
378 Windows SPN(s) stored in a Windows AD Computer object.
380 The format of the command is:
382 net ads setspn list [machine]
383 net ads setspn [add | delete ] SPN [machine]
385 'machine' is the name of the computer account on the AD that is to be managed.
386 If 'machine' is not specified the name of the 'client' running the command
389 The format of a Windows SPN is
390 'serviceclass/host:port/servicename' (servicename and port are optional)
392 serviceclass/host is generally sufficient to specify a host based service.
394 'net ads keytab' changes
395 ------------------------
397 net ads keytab add no longer attempts to convert the passed serviceclass
398 (e.g. nfs, html etc.) into a Windows SPN which is added to the Windows AD
399 computer object. By default just the keytab file is modified.
401 A new keytab subcommand 'add_update_ads' has been added to preserve the
402 legacy behaviour. However the new 'net ads setspn add' subcommand should
403 really be used instead.
405 net ads keytab create no longer tries to generate SPN(s) from existing
406 entries in a keytab file. If it is required to add Windows SPN(s) then
407 'net ads setspn add' should be used instead.
409 Local authorization plugin for MIT Kerberos
410 -------------------------------------------
412 This plugin controls the relationship between Kerberos principals and AD
413 accounts through winbind. The module receives the Kerberos principal and the
414 local account name as inputs and can then check if they match. This can resolve
415 issues with canonicalized names returned by Kerberos within AD. If the user
416 tries to log in as 'alice', but the samAccountName is set to ALICE (uppercase),
417 Kerberos would return ALICE as the username. Kerberos would not be able to map
418 'alice' to 'ALICE' in this case and auth would fail. With this plugin, account
419 names can be correctly mapped. This only applies to GSSAPI authentication,
420 not for getting the initial ticket granting ticket.
425 The vfs_full_audit module has changed its default set of monitored successful
426 and failed operations from "all" to "none". That helps to prevent potential
427 denial of service caused by simple addition of the module to the VFS objects.
429 Also, modules vfs_audit, vfs_ext_audit and vfs_full_audit now accept any valid
430 syslog(3) facility, in accordance with the manual page.
432 Database audit support
433 ----------------------
435 Changes to the Samba AD's sam.ldb database are now logged to Samba's debug log
436 under the "dsdb_audit" debug class and "dsdb_json_audit" for JSON formatted log
439 Transaction commits and roll backs are now logged to Samba's debug logs under
440 the "dsdb_transaction_audit" debug class and "dsdb_transaction_json_audit" for
441 JSON formatted log entries.
443 Password change audit support
444 -----------------------------
446 Password changes in the AD DC are now logged to Samba's debug logs under the
447 "dsdb_password_audit" debug class and "dsdb_password_json_audit" for JSON
448 formatted log entries.
450 Group membership change audit support
451 -------------------------------------
453 Group membership changes on the AD DC are now logged to
454 Samba's debug log under the "dsdb_group_audit" debug class and
455 "dsdb_group_json_audit" for JSON formatted log entries.
457 Log Authentication duration
458 ---------------------------
460 For NTLM and Kerberos KDC authentication, the authentication duration is now
461 logged. Note that the duration is only included in the JSON formatted log
464 JSON library Jansson required for the AD DC
465 -------------------------------------------
467 By default, the Jansson JSON library is required for Samba to build.
468 It is strictly required for the Samba AD DC, and is optional for
469 builds "--without-ad-dc" by specifying "--without-json-audit" at configure
472 New experimental LMDB LDB backend
473 ---------------------------------
475 A new experimental LDB backend using LMDB is now available. This allows
476 databases larger than 4Gb (Currently the limit is set to 6Gb, but this will be
477 increased in a future release). To enable lmdb, provision or join a domain using
478 the "--backend-store=mdb" option.
480 This requires that a version of lmdb greater than 0.9.16 is installed and that
481 samba has not been built with the "--without-ldb-lmdb" option.
483 Please note this is an experimental feature and is not recommended for
484 production deployments.
486 Password Settings Objects
487 -------------------------
489 Support has been added for Password Settings Objects (PSOs). This AD feature is
490 also known as Fine-Grained Password Policies (FGPP).
492 PSOs allow AD administrators to override the domain password policy settings
493 for specific users, or groups of users. For example, PSOs can force certain
494 users to have longer password lengths, or relax the complexity constraints for
495 other users, and so on. PSOs can be applied to groups or to individual users.
496 When multiple PSOs apply to the same user, essentially the PSO with the best
497 precedence takes effect.
499 PSOs can be configured and applied to users/groups using the 'samba-tool domain
500 passwordsettings pso' set of commands.
502 Domain backup and restore
503 -------------------------
505 A new 'samba-tool' subcommand has been added that allows administrators to
506 create a backup-file of their domain DB. In the event of a catastrophic failure
507 of the domain, this backup-file can be used to restore Samba services.
509 The new 'samba-tool domain backup online' command takes a snapshot of the
510 domain DB from a given DC. In the event of a catastrophic DB failure, all DCs
511 in the domain should be taken offline, and the backup-file can then be used to
512 recreate a fresh new DC, using the 'samba-tool domain backup restore' command.
513 Once the backed-up domain DB has been restored on the new DC, other DCs can
514 then subsequently be joined to the new DC, in order to repopulate the Samba
520 Basic support has been added for renaming a Samba domain. The rename feature is
521 designed for the following cases:
522 1). Running a temporary alternate domain, in the event of a catastrophic
523 failure of the regular domain. Using a completely different domain name and
524 realm means that the original domain and the renamed domain can both run at the
525 same time, without interfering with each other. This is an advantage over
526 creating a regular 'online' backup - it means the renamed/alternate domain can
527 provide core Samba network services, while trouble-shooting the fault on the
528 original domain can be done in parallel.
529 2). Creating a realistic lab domain or pre-production domain for testing.
531 Note that the renamed tool is currently not intended to support a long-term
532 rename of the production domain. Currently renaming the GPOs is not supported
533 and would need to be done manually.
535 The domain rename is done in two steps: first, the 'samba-tool domain backup
536 rename' command will clone the domain DB, renaming it in the process, and
537 producing a backup-file. Then, the 'samba-tool domain backup restore' command
538 takes the backup-file and restores the renamed DB to disk on a fresh DC.
540 New samba-tool options for diagnosing DRS replication issues
541 ------------------------------------------------------------
543 The 'samba-tool drs showrepl' command has two new options controlling
544 the output. With --summary, the command says very little when DRS
545 replication is working well. With --json, JSON is produced. These
546 options are intended for human and machine audiences, respectively.
548 The 'samba-tool visualize uptodateness' visualizes replication lag as
549 a heat-map matrix based on the DRS uptodateness vectors. This will
550 show you if (but not why) changes are failing to replicate to some DCs.
552 Automatic site coverage and GetDCName improvements
553 --------------------------------------------------
555 Samba's AD DC now automatically claims otherwise empty sites based on
556 which DC is the nearest in the replication topology.
558 This, combined with efforts to correctly identify the client side in
559 the GetDCName Netlogon call will improve service to sites without a
562 Improved 'samba-tool computer' command
563 --------------------------------------
565 The 'samba-tool computer' command allow manipulation of computer
566 accounts including creating a new computer and resetting the password.
567 This allows an 'offline join' of a member server or workstation to the
570 New 'samba-tool ou' command
571 ---------------------------
573 The new 'samba-tool ou' command allows to manage organizational units.
575 Available subcommands are:
576 create - Create an organizational unit.
577 delete - Delete an organizational unit.
578 list - List all organizational units
579 listobjects - List all objects in an organizational unit.
580 move - Move an organizational unit.
581 rename - Rename an organizational unit.
583 In addition to the ou commands, there are new subcommands for the user
584 and group management, which can make use of the organizational units:
585 group move - Move a group to an organizational unit/container.
586 user move - Move a user to an organizational unit/container.
587 user show - Display a user AD object.
589 Samba performance tool now operates against Microsoft Windows AD
590 ----------------------------------------------------------------
592 The Samba AD performance testing tool 'traffic_reply' can now operate
593 against a Windows based AD domain. Previously it only operated
594 correctly against Samba.
596 DNS entries are now cleaned up during DC demote
597 -----------------------------------------------
599 DNS records are now cleaned up as part of the 'samba-tool domain
600 demote' including both the default and '--remove-other-dead-server'
603 Additionally, DNS records can be automatically cleaned up for a given
604 name with the 'samba-tool dns cleanup' command, which aids in cleaning
605 up partially removed DCs.
607 samba-tool ntacl sysvolreset is now much faster
608 -----------------------------------------------
610 The 'samba-tool ntacl sysvolreset' command, used on the Samba AD DC,
611 is now much faster than in previous versions, after an internal
614 Samba now tested with CI GitLab
615 -------------------------------
617 Samba developers now have pre-commit testing available in GitLab,
618 giving reviewers confidence that the submitted patches pass a full CI
619 before being submitted to the Samba Team's own autobuild system.
621 Dynamic DNS record scavenging support
622 -------------------------------------
624 It is now possible to enable scavenging of DNS Zones to remove DNS
625 records that were dynamically created and have not been touched in
628 This support should however only be enabled on new zones or new
629 installations. Sadly old Samba versions suffer from BUG 12451 and
630 mark dynamic DNS records as static and static records as dynamic.
631 While a dbcheck rule may be able to find these in the future,
632 currently a reliable test has not been devised.
634 Finally, there is not currently a command-line tool to enable this
635 feature, currently it should be enabled from the DNS Manager tool from
636 Windows. Also the feature needs to have been enabled by setting the smb.conf
637 parameter "dns zone scavenging = yes".
639 Improved support for trusted domains (as AD DC)
640 -----------------------------------------------
642 The support for trusted domains/forests has been further improved.
644 External domain trusts, as well a transitive forest trusts,
645 are supported in both directions (inbound and outbound)
646 for Kerberos and NTLM authentication.
648 The following features are new in 4.9 (compared to 4.8):
650 - It's now possible to add users/groups of a trusted domain
651 into domain groups. The group memberships are expanded
653 - foreignSecurityPrincipal objects (FPO) are now automatically
654 created when members (as SID) of a trusted domain/forest
655 are added to a group.
656 - The 'samba-tool group *members' commands allow
657 members to be specified as foreign SIDs.
659 However there are currently still a few limitations:
661 - Both sides of the trust need to fully trust each other!
662 - No SID filtering rules are applied at all!
663 - This means DCs of domain A can grant domain admin rights
665 - Selective (CROSS_ORGANIZATION) authentication is
666 not supported. It's possible to create such a trust,
667 but the KDC and winbindd ignore them.
668 - Samba can still only operate in a forest with just
674 There are many changes to CTDB in this release.
676 * Configuration has been completely overhauled
678 - Daemon and tool options are now specified in a new ctdb.conf
679 Samba-style configuration file. See ctdb.conf(5) for details.
681 - Event script configuration is no longer specified in the top-level
682 configuration file. It can now be specified per event script.
683 For example, configuration options for the 50.samba event script
684 can be placed alongside the event script in a file called
685 50.samba.options. Script options can also be specified in a new
686 script.options file. See ctdb-script.options(5) for details.
688 - Options that affect CTDB startup should be configured in the
689 distribution-specific configuration file. See ctdb.sysconfig(5)
692 - Tunable settings are now loaded from ctdb.tunables. Using
693 CTDB_SET_TunableVariable=<value> in the main configuration file is
694 no longer supported. See ctdb-tunables(7) for details.
696 A example script to migrate an old-style configuration to the new
697 style is available in ctdb/doc/examples/config_migrate.sh.
699 * The following configuration variables and corresponding ctdbd
700 command-line options have been removed and not replaced with
701 counterparts in the new configuration scheme:
703 CTDB_PIDFILE --pidfile
706 CTDB_PUBLIC_ADDRESSES --public-addresses
707 CTDB_EVENT_SCRIPT_DIR --event-script-dir
708 CTDB_NOTIFY_SCRIPT --notification-script
709 CTDB_PUBLIC_INTERFACE --public-interface
710 CTDB_MAX_PERSISTENT_CHECK_ERRORS --max-persistent-check-errors
712 - The compile-time defaults should be used for the first 6 of these.
713 - Use a symbolic link from the configuration directory to specify a
714 different location for nodes or public_addresses (e.g. in the
716 - Executable notification scripts in the notify.d/ subdirectory of
717 the configuration directory are now run by unconditionally.
718 - Interfaces for public IP addresses must always be specified in the
719 public_addresses file using the currently supported format.
721 Some related items that have been removed are:
723 - The ctdb command's --socket command-line option
724 - The ctdb command's CTDB_NODES environment variable
726 When writing tests there are still mechanisms available to change
727 the locations of certain directories and files.
729 * The following ctdbd.conf and ctdbd options have been replaced by new
732 CTDB_LOGGING/--logging logging -> location
733 CTDB_DEBUGLEVEL/-d logging -> log level
734 CTDB_TRANSPORT/--transport cluster -> transport
735 CTDB_NODE_ADDRESS/--listen cluster -> node address
736 CTDB_RECOVERY_LOCK/--reclock cluster -> recovery lock
737 CTDB_DBDIR/--dbdir database -> volatile database directory
738 CTDB_DBDIR_PERSISTENT/--dbdir-persistent database -> peristent database directory
739 CTDB_DBDIR_STATE/--dbdir-state database -> state database directory
740 CTDB_DEBUG_LOCKS database -> lock debug script
741 CTDB_DEBUG_HUNG_SCRIPT event -> debug script
742 CTDB_NOSETSCHED/--nosetsched legacy -> realtime scheduling
743 CTDB_CAPABILITY_RECMASTER/--no-recmaster legacy -> recmaster capability
744 CTDB_CAPABILITY_LMASTER/--no-lmaster legacy -> lmaster capability
745 CTDB_START_AS_STOPPED/--start-as-stopped legacy -> start as stopped
746 CTDB_START_AS_DISABLED/--start-as-disabled legacy -> start as disabled
747 CTDB_SCRIPT_LOG_LEVEL/--script-log-level legacy -> script log level
749 * Event scripts have moved to the scripts/legacy subdirectory of the
750 configuration directory
752 Event scripts must now end with a ".script" suffix.
754 * The "ctdb event" command has changed in 2 ways:
756 - A component is now required for all commands
758 In this release the only valid component is "legacy".
760 - There is no longer a default event when running "ctdb event status"
762 Listing the status of the "monitor" event is now done via:
764 ctdb event status legacy monitor
766 See ctdb(1) for details.
768 * The following service-related event script options have been
780 CTDB_MANAGED_SERVICES
782 Event scripts for services are now disabled by default. To enable
783 an event script and, therefore, manage a service use a command like
786 ctdb event script enable legacy 50.samba
788 * Notification scripts have moved to the scripts/notification
789 subdirectory of the configuration directory
791 Notification scripts must now end with a ".script" suffix.
793 * Support for setting CTDB_DBDIR=tmpfs has been removed
795 This feature has not been implemented in the new configuration
796 system. If this is desired then a tmpfs filesystem should be
797 manually mounted on the directory pointed to by the "volatile
798 database directory" option. See ctdb.conf(5) for more details.
800 * The following tunable options are now ctdb.conf options:
802 DisabledIPFailover failover -> disabled
803 TDBMutexEnabled database -> tdb mutexes
805 * Support for the NoIPHostOnAllDisabled tunable has been removed
807 If all nodes are unhealthy or disabled then CTDB will not host
808 public IP addresses. That is, CTDB now behaves as if
809 NoIPHostOnAllDisabled were set to 1.
811 * The onnode command's CTDB_NODES_FILE environment variable has been
814 The -f option can still be used to specify an alternate node file.
816 * The 10.external event script has been removed
818 * The CTDB_SHUTDOWN_TIMEOUT configuration variable has been removed
820 As with other daemons, if ctdbd does not shut down when requested
821 then manual intervention is required. There is no safe way of
822 automatically killing ctdbd after a failed shutdown.
824 * CTDB_SUPPRESS_COREFILE and CTDB_MAX_OPEN_FILES configuration
825 variable have been removed
827 These should be setup in the systemd unit/system file or, for SYSV
828 init, in the distribution-specific configuration file for the ctdb
831 * CTDB_PARTIALLY_ONLINE_INTERFACES incompatibility no longer enforced
833 11.natgw and 91.lvs will no longer fail if
834 CTDB_PARTIALLY_ONLINE_INTERFACES=yes. The incompatibility is,
835 however, well documented. This option will be removed in future and
836 replaced by sensible behaviour where public IP addresses simply
837 switch interfaces or become unavailable when interfaces are down.
839 * Configuration file /etc/ctdb/sysconfig/ctdb is no longer supported
844 The 'samba_gpoupdate' command (used in applying Group Policies to the
845 Samba machine itself) has been renamed to "samba_gpupdate" and had the
846 syntax changed to better match the same tool on Windows.
857 As the most popular Samba install platforms (Linux and FreeBSD) both
858 support extended attributes by default, the parameters "map readonly",
859 "store dos attributes" and "ea support" have had their defaults changed
860 to allow better Windows fileserver compatibility in a default install.
862 Parameter Name Description Default
863 -------------- ----------- -------
864 map readonly Default changed no
865 store dos attributes Default changed yes
866 ea support Default changed yes
867 full_audit:success Default changed none
868 full_audit:failure Default changed none
870 VFS interface changes
871 =====================
873 The VFS ABI interface version has changed to 39. Function changes
876 SMB_VFS_FSYNC: Removed: Only async versions are used.
877 SMB_VFS_READ: Removed: Only PREAD or async versions are used.
878 SMB_VFS_WRITE: Removed: Only PWRITE or async versions are used.
879 SMB_VFS_CHMOD_ACL: Removed: Only CHMOD is used.
880 SMB_VFS_FCHMOD_ACL: Removed: Only FCHMOD is used.
882 Any external VFS modules will need to be updated to match these
883 changes in order to work with 4.9.x.
885 CHANGES SINCE 4.9.0rc5
886 ======================
888 o Björn Baumbach <bb@sernet.de>
889 * BUG 13605: samba_dnsupdate: Honor 'dns zone scavenging' option, only
892 o Andreas Schneider <asn@samba.org>
893 * BUG 13606: wafsamba: Fix 'make -j<jobs>'.
895 CHANGES SINCE 4.9.0rc4
896 ======================
898 o Jeremy Allison <jra@samba.org>
899 * BUG 13565: s3: VFS: vfs_full_audit: Ensure smb_fname_str_do_log() only
900 returns absolute pathnames.
902 o Paulo Alcantara <paulo@paulo.ac>
903 * BUG 13578: s3: util: Do not take over stderr when there is no log file.
905 o Ralph Boehme <slow@samba.org>
906 * BUG 13549: Durable Reconnect fails because cookie.allow_reconnect is not
909 o Alexander Bokovoy <ab@samba.org>
910 * BUG 13539: krb5-samba: Interdomain trust uses different salt principal.
912 o Volker Lendecke <vl@samba.org>
913 * BUG 13441: vfs_fruit: Don't unlink the main file.
914 * BUG 13602: smbd: Fix a memleak in async search ask sharemode.
916 o Stefan Metzmacher <metze@samba.org>
917 * BUG 11517: Fix Samba GPO issue when Trust is enabled.
918 * BUG 13539: samba-tool: Add "virtualKerberosSalt" attribute to
919 'user getpassword/syncpasswords'.
921 o Martin Schwenke <martin@meltin.net>
922 * BUG 13589: Fix CTDB configuration issues.
923 * BUG 13592: ctdbd logs an error until it can successfully connect to
927 CHANGES SINCE 4.9.0rc3
928 ======================
930 o Jeremy Allison <jra@samba.org>
931 * BUG 13585: s3: smbd: Ensure get_real_filename() copes with empty
934 o Tim Beale <timbeale@catalyst.net.nz>
935 * BUG 13566: samba domain backup online/rename commands force user to specify
938 o Alexander Bokovoy <ab@samba.org>
939 * BUG 13579: wafsamba/samba_abi: Always hide ABI symbols which must be
942 o Volker Lendecke <vl@samba.org>
943 * BUG 13584: Fix a panic if fruit_access_check detects a locking conflict.
945 o Andreas Schneider <asn@samba.org>
946 * BUG 13567: Fix memory and resource leaks.
947 * BUG 13580: python: Fix print in dns_invalid.py.
949 o Martin Schwenke <martin@meltin.net>
950 * BUG 13588: Aliasing issue causes incorrect IPv6 checksum.
951 * BUG 13589: Fix CTDB configuration issues.
953 o Ralph Wuerthner <ralph.wuerthner@de.ibm.com>
954 * BUG 13568: s3: vfs: time_audit: fix handling of token_blob in
955 smb_time_audit_offload_read_recv().
958 CHANGES SINCE 4.9.0rc2
959 ======================
961 o Jeremy Allison <jra@samba.org>
962 * BUG 13453: CVE-2018-10858: libsmb: Harden smbc_readdir_internal() against
963 returns from malicious servers.
965 o Andrew Bartlett <abartlet@samba.org>
966 * BUG 13374: CVE-2018-1140: ldbsearch '(distinguishedName=abc)' and DNS query
967 with escapes crashes, ldb: Release LDB 1.3.5 for CVE-2018-1140
968 * BUG 13552: CVE-2018-10918: cracknames: Fix DoS (NULL pointer de-ref) when
969 not servicePrincipalName is set on a user.
971 o Tim Beale <timbeale@catalyst.net.nz>
972 * BUG 13434: CVE-2018-10919: acl_read: Fix unauthorized attribute access via
975 o Samuel Cabrero <scabrero@suse.de>
976 * BUG 13540: ctdb_mutex_ceph_rados_helper: Set SIGINT signal handler.
978 o Günther Deschner <gd@samba.org>
979 * BUG 13360: CVE-2018-1139 libcli/auth: Do not allow ntlmv1 over SMB1 when it
980 is disabled via "ntlm auth".
981 * BUG 13529: s3-tldap: do not install test_tldap.
983 o David Disseldorp <ddiss@samba.org>
984 * BUG 13540: ctdb_mutex_ceph_rados_helper: Fix deadlock via lock renewals.
986 o Andrej Gessel <Andrej.Gessel@janztec.com>
987 * BUG 13374: CVE-2018-1140 Add NULL check for ldb_dn_get_casefold() in
988 ltdb_index_dn_attr().
990 o Amitay Isaacs <amitay@gmail.com>
991 * BUG 13554: ctdb-eventd: Fix CID 1438155.
993 o Volker Lendecke <vl@samba.org>
994 * BUG 13553: Fix CIDs 1438243, (Unchecked return value) 1438244
995 (Unsigned compared against 0), 1438245 (Dereference before null check) and
996 1438246 (Unchecked return value).
997 * BUG 13554: ctdb: Fix a cut&paste error.
999 o Oleksandr Natalenko <oleksandr@redhat.com>
1000 * BUG 13559: systemd: Only start smb when network interfaces are up.
1002 o Noel Power <noel.power@suse.com>
1003 * BUG 13553: Fix quotas don't work with SMB2.
1004 * BUG 13563: s3/smbd: Ensure quota code is only called when quota support
1007 o Anoop C S <anoopcs@redhat.com>
1008 * BUG 13204: s3/libsmb: Explicitly set delete_on_close token for rmdir.
1010 o Andreas Schneider <asn@samba.org>
1011 * BUG 13561: s3:waf: Install eventlogadm to /usr/sbin.
1013 o Justin Stephenson <jstephen@redhat.com>
1014 * BUG 13562: Shorten description in vfs_linux_xfs_sgid manual.
1017 CHANGES SINCE 4.9.0rc1
1018 ======================
1020 o Jeremy Allison <jra@samba.org>
1021 * BUG 13537: s3: smbd: Using "sendfile = yes" with SMB2 can cause CPU spin.
1023 o Ralph Boehme <slow@samba.org>
1024 * BUG 13535: s3: smbd: Fix path check in
1025 smbd_smb2_create_durable_lease_check().
1027 o Alexander Bokovoy <ab@samba.org>
1028 * BUG 13538: samba-tool trust: Support discovery via netr_GetDcName.
1029 * BUG 13542: s4-dsdb: Only build dsdb Python modules for AD DC.
1031 o Amitay Isaacs <amitay@gmail.com>
1032 * BUG 13520: Fix portability issues on freebsd.
1034 o Gary Lockyer <gary@catalyst.net.nz>
1035 * BUG 13536: DNS wildcard search does not handle multiple labels correctly.
1037 o Stefan Metzmacher <metze@samba.org>
1038 * BUG 13308: samba-tool domain trust: Fix trust compatibility to Windows
1039 Server 1709 and FreeIPA.
1041 o Martin Schwenke <martin@meltin.net>
1042 * BUG 13520: Fix portability issues on freebsd.
1043 * BUG 13545: ctdb-protocol: Fix CTDB compilation issues.
1044 * BUG 13546: ctdb-docs: Replace obsolete reference to CTDB_DEBUG_HUNG_SCRIPT
1046 * BUG 13550: ctdb-doc: Provide an example script for migrating old
1048 * BUG 13551: ctdb-event: Implement event tool "script list" command.
1054 https://wiki.samba.org/index.php/Release_Planning_for_Samba_4.9#Release_blocking_bugs
1057 #######################################
1058 Reporting bugs & Development Discussion
1059 #######################################
1061 Please discuss this release on the samba-technical mailing list or by
1062 joining the #samba-technical IRC channel on irc.freenode.net.
1064 If you do report problems then please try to send high quality
1065 feedback. If you don't provide vital information to help us track down
1066 the problem then you will probably be ignored. All bug reports should
1067 be filed under the Samba 4.1 and newer product in the project's Bugzilla
1068 database (https://bugzilla.samba.org/).
1071 ======================================================================
1072 == Our Code, Our Bugs, Our Responsibility.
1074 ======================================================================