From adbba72c332b59f4ffe87cb25c5ec7f8d90148dc Mon Sep 17 00:00:00 2001 From: Karolin Seeger Date: Fri, 12 Jun 2009 10:15:51 +0200 Subject: [PATCH] WHATSNEW: Attach older 3.3 release notes. Karolin --- WHATSNEW.txt | 1310 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 1310 insertions(+) diff --git a/WHATSNEW.txt b/WHATSNEW.txt index bbfb3674cda..d5326632e1f 100644 --- a/WHATSNEW.txt +++ b/WHATSNEW.txt @@ -106,3 +106,1313 @@ database (https://bugzilla.samba.org/). == The Samba Team ====================================================================== + +Release notes for older releases follow: +---------------------------------------- + + + ============================= + Release Notes for Samba 3.3.4 + April, 29 2009 + ============================= + + +This is the latest bugfix release of the Samba 3.3 series. + +Major enhancements in Samba 3.3.4 include: + + o Fix domain logins for WinXP clients pre SP3 (bug #6263). + o Fix samr_OpenDomain access checks (bug #6089). + o Fix usrmgr.exe creating a user (bug #6243). + + +###################################################################### +Changes +####### + + +Changes since 3.3.3: +-------------------- + + +o Michael Adam + * net conf: Save share name as given, not as lower case only. + * Prevent creation of registry keys containing the '/' character. + + +o Jeremy Allison + * BUG 6089: Fix samr_OpenDomain access checks. + * BUG 6254: Fix IPv6 PUT/GET errors to an SMB server (3.3) with + "msdfs root" set to "yes". + * BUG 6279: Fix Winbind crash. + * Allow pdbedit to change a user rid/sid. + * When doing a cli_ulogoff don't invalidate the cnum, invalidate the vuid. + * Don't access a freed structure when logging off and re-using a vuid. + + +o Günther Deschner + * BUG 5329: Add "net rpc service delete/create". + * BUG 6238: Make sure wbcLogoffUserParams are properly initialized before + freed. + * BUG 6263: Fix domain logins for WinXP clients pre SP3. + * BUG 6286: Call init function for builtin idmap modules before probing for + them as shared modules. + * Try to to fix password_expired flag handling. + * Make sure to grey out change fields in the netdomjoin-gui when not + running as root. + + +o Jim McDonough + * Don't look up local user for remote changes, even when root. + + +o Volker Lendecke + * BUG 6243: Fix usrmgr.exe creating a user. + * Use procid_str in debug messages for better cluster-debuggability. + * Use cluster-aware procid_is_me instead of comparing pids. + * Fix smbd crash for close_on_completion. + * Fix a memleak in an unlikely error path in change_notify_create(). + * Do not use the file system GET_REAL_FILENAME for mangled names. + + +o Stefan Metzmacher + * Fix a crash bug if we timeout in net rpc trustdom list. + * Add '--request-timeout' option to net. + + +o Martin Schwenke + * In net_conf_import, start a transaction when importing a single share. + + +o Simo Sorce + * Fix writing of roaming profiles with "profile acls" set to "yes". + + +###################################################################### +Reporting bugs & Development Discussion +####################################### + +Please discuss this release on the samba-technical mailing list or by +joining the #samba-technical IRC channel on irc.freenode.net. + +If you do report problems then please try to send high quality +feedback. If you don't provide vital information to help us track down +the problem then you will probably be ignored. All bug reports should +be filed under the Samba 3.3 product in the project's Bugzilla +database (https://bugzilla.samba.org/). + + +====================================================================== +== Our Code, Our Bugs, Our Responsibility. +== The Samba Team +====================================================================== + + +---------------------------------------------------------------------- + + + ============================= + Release Notes for Samba 3.3.3 + April, 1 2009 + ============================= + +This is the latest bugfix release release of the Samba 3.3 series. + +Major enhancements in Samba 3.3.3 include: + + o Migrating from 3.0.x to 3.3.x can fail to update passdb.tdb + correctly (bug #6195). + o Fix serving of files with colons to CIFS/VFS client (bug #6196). + o Fix "map readonly" (bug #6186). + + +###################################################################### +Changes +####### + + +Changes since 3.3.2: +-------------------- + + +o Michael Adam + * BUG 6195: Don't let smbd child processes panic. + * Add backend_requires_messaging() method to libsmbconf. + * Add methods is_writeable() and wrapper smbconf_is_writeable() to libsmbconf. + * Fall back to file backend when no valid backend was found. + * Fix a memleak in dbwrap_rbt. + * Provide transaction_start|commit|cancel fns for the registry tdb. + * Speed up "net conf drop". + * Speed up "net conf import". + * Add transactions to the libsmbconf API. + * Reduce memory usage of "net conf import". + * Registry cleanup. + * Fix handling of SAMBA_VERSION_VENDOR_PATCH. + * Fix build of pam_winbind.so with static linking. + * Tidy up some convert_string_internal error cases. + + +o Jeremy Allison + * BUG 6186: Fix map readonly. + * BUG 6195: Migrating from 3.0.x to 3.3.x can fail to update passdb.tdb + correctly. + * BUG 6196: Unable to serve files with colons to Linux CIFS/VFS client. + * BUG 6224: nmbd waits 5 minutes at startup before checking if it needs + to run elections. + * Allow DFS client paths to work when POSIX pathnames have been + selected. + * Try and fix the build farm RAW-STREAMS errors. + * Ensure files starting with multiple dots are hidden. + + +o Günther Deschner + * BUG 6102: NetQueryDisplayInformation could return wrong information. + * BUG 6193: Avoid messing with sync_context in libnet_samsync_delta(). + * Fix notify_printer_status_byname. + * Fix Coverity IDs 722, 762, 774, 775, 776. + + +o Björn Jacke + * Fix build on old Heimdal based systems. + * Fix compile warning. + * Use parentheses in if condition to make negation clear. + + +o Andy Kelk + * Add dirsort module. + + +o Steve Langasek + * BUG 6147: Fix detection of the GNU ld version. + + +o Volker Lendecke + * BUG 6097: Fix smbd segfault. + * BUG 6130: Don't crash in winbindd_rpc lookup_groupmem() on unmapped + members. + * BUG 6139: Add missing whitespace in mount.cifs error message. + * Fix a malloc/talloc mismatch when cli_initialise() fails. + * Fix a valgrind error. + * Speed up "net conf list". + * Add sorted subkey cache. + * Use StrCaseCmp in the dirsort module. + * Document the dirsort module. + * Fix the build on HP/UX. + * Disable dns_sd by default. + * Add avahi detection to configure. + * Add event avahi binding. + * Use avahi to register _smb._tcp in smbd. + * Fix two memleaks in the encryption code. + * Fix a scary "fill_share_mode_lock failed" message. + + +o Derrell Lipman + * BUG 6228: Fix SMBC_open_ctx failure due to path resolve failure doesn't set + errno. + + +o Stefan Metzmacher + * Don't use reserved words in smbconftort. + * Fix smb signing for fragmented trans/trans2/nttrans requests. + + +o Tim Prouty + * Parse_packet can return NULL which is then dereferenced in + match_mailslot_name. + + +o Timur + * Format the header check for netinet/ip.h more nicely. + * Fix detection of netinet/ip.h on FreeBSD. + + +o Alexander Zagrebin + * Missing break in conversion function prevents tdb password database + update. + + +###################################################################### +Reporting bugs & Development Discussion +####################################### + +Please discuss this release on the samba-technical mailing list or by +joining the #samba-technical IRC channel on irc.freenode.net. + +If you do report problems then please try to send high quality +feedback. If you don't provide vital information to help us track down +the problem then you will probably be ignored. All bug reports should +be filed under the Samba 3.3 product in the project's Bugzilla +database (https://bugzilla.samba.org/). + + +====================================================================== +== Our Code, Our Bugs, Our Responsibility. +== The Samba Team +====================================================================== + + +---------------------------------------------------------------------- + + + ============================= + Release Notes for Samba 3.3.2 + March, 12 2009 + ============================= + +This is the latest bugfix release release of the Samba 3.3 series. + +Major enhancements in Samba 3.3.2 include: + + * Fix "force group" (bug #6155). + * Fix saving of files on Samba share using MS Office 2007 (bug #6160). + * Fix guest authentication in setups with "security = share" and + "guest ok = yes" when Winbind is running. + * Fix corruptions of source path in tar mode of smbclient (bug #6161). + + +###################################################################### +Changes +####### + + +Changes since 3.3.1: +-------------------- + + +o Jeremy Allison + * BUG 6082: Fix renaming and deleting of directories using Windows clients. + * BUG 6154: Make ZFS honor admin users. + * BUG 6155: Fix "force group". + * BUG 6160: Fix saving of files on Samba share using MS Office 2007. + * BUG 6161: Fix corruptions of source path in tar mode of smbclient. + * Fix some NetBSD warnings. + * Fix bug in processing of open modes in POSIX open. + * Fix use of streams modules with CIFSFS client. + * Ensure ACL modules work with POSIX paths. + * Use fsp->posix_open in preference if we have it. + * Fix more POSIX path lstat calls. + + +o Andrew Tridgell + * Fix a bug in message handling for the change notify code. + + +o Steven Danneman + * Fix guest authentication in setups with "security = share" and "guest ok = + yes" when Winbind is running. + + +o Steve French + * BUG 4640: Fix guest mounts in mount.cifs. + * Fix displaying the version string properly when no other parameters passed + in in mount.cifs. + + +o Björn Jacke + * Prefer gssapi header files from subdirectory. + + +o Volker Lendecke + * BUG 6124: Fix the build on IRIX. + * BUG 6176: winbindd -n should disable the winbind idmap cache. + * Add a vfs_preopen module to hide fs latencies. + * Don't log NDR_PRINT_DEBUG at level 0, this always ends up in syslog. + * Fix a valgrind error / segfault in dns_register_smbd(). + + +o Stefan Metzmacher + * Fix build on SLES8. + * Decremented by 1 for ntcancel requests. + + +o Tim Prouty + * Fix creation of core files. + + +o Dan Sledz + * Fix first mapping of uids/gids in Winbind. + + +o Bo Yang + * Initialize the id_map status in idmap_ldap to avoid surprise. + * Fix initialization of idmap status. + + +###################################################################### +Reporting bugs & Development Discussion +####################################### + +Please discuss this release on the samba-technical mailing list or by +joining the #samba-technical IRC channel on irc.freenode.net. + +If you do report problems then please try to send high quality +feedback. If you don't provide vital information to help us track down +the problem then you will probably be ignored. All bug reports should +be filed under the Samba 3.3 product in the project's Bugzilla +database (https://bugzilla.samba.org/). + + +====================================================================== +== Our Code, Our Bugs, Our Responsibility. +== The Samba Team +====================================================================== + + +---------------------------------------------------------------------- + + + ============================= + Release Notes for Samba 3.3.1 + February, 24 2009 + ============================= + +This is the latest bugfix release release of the Samba 3.3 series. + +Major enhancements in Samba 3.3.1 include: + + * Fix net ads join when "ldap ssl = start tls" (bug #6073). + * Fix renaming/deleting of files using Windows clients (bug #6082). + * Fix renaming/deleting a "not matching/resolving" symlink (bug #6090). + * Fix remotely adding a share via the Windows MMC. + + +###################################################################### +Changes +####### + +smb.conf changes +---------------- + + Parameter Name Description Default + -------------- ----------- ------- + ldap ssl ads New No + + +Changes since 3.3.0: +-------------------- + + +o Jeremy Allison + * BUG 6082: Fix renaming/deleting of files using Windows clients. + * BUG 6069: Fix build with too many arguments. + * BUG 6090: Fix renaming/deleting a "not matching/resolving" symlink. + * BUG 6099: Try to fix domain join of Win7 Beta. + * BUG 6117: Fix core dump of pdbedit -a. + * BUG 6133: Fix deletion of non-ACL files on Solaris/ZFS/NFSv4 ACL + filesystem. + * Fix Coverity IDs 115, 116, 117, 602. + * Fix warning (bad handler prototype). + * Unify the detection of the timespec code in configure.in, and the + application of it in time.c. + * Correctly use chroot(). + * Parameterize in local.h the MAX_RPC_DATA_SIZE, and ensure that "offered" + read from the rpc packet in spoolss is under that size. + * Backport the semantics of when to delete alternate data streams on a file + truncate. + * Fix printf warnings. + * Fix warnings on Solaris. + + +o Michael Adam + * BUG 6066: netinet/ip.h present but cannot be compiled on Solaris. + * BUG 6073: Prevent ads_connect() from using SSL unless explicitly + requested. + * Fix 'getent passwd' to allocate new uids. + * Fix 'getent group' to allocate new gids. + * Remove check for sharename being a username in 'net conf + addshare'. + + +o Guenther Deschner + * Fix Coverity ID 848. + * Remove unused ENUM_HND from 'net'. + * Fix getform command asprintf return code in rpcclient. + * Fix memleak in get_remote_printer_publishing_data(). + * Remove duplicate prototypes for generated rpc server functions. + + +o Holger Hetterich + * Enable total anonymization in vfs_smb_traffic_analyzer. + + +o Bjoern Jacke + * Fix build with external dns_sd libraries. + * Fix configure check "sub-second timestamps without struct timespec". + * Add configure check for AIX style sub-second resolution support. + * Add configure check for Tru64 sub-second timestamp resolution. + * Add Tru64 sub-second resolution timestamp support. + * Enable IPv6 support for NetBSD and FreeBSD. + * Use correct BSD evironment variable. + + +o Guenter Kukkukk + * Don't try and delete a default ACL from a file. + + +o Volker Lendecke + * BUG 5798: CFLAGS info lost in configure. + * Fix Coverity IDs 740, 742, 744, 745, 876, 879, 880. + * Fix remotely adding a share via the Windows MMC. + * Avoid valgrind errors. + * Fix 'net rpc join' for users with the SeMachineAccountPrivilege. + * Fix resume handle for _samr_EnumDomainGroups. + * Fix a buffer handling bug when adding lots of registry keys. + * Fix a O(n^2) algorithm in regdb_fetch_keys(). + + +o Jeff Layton + * Initialize rc to 0 in main in mount.cifs. + + +o Derrell Lipman + * BUG 6069: Add a fstatvfs function for libsmbclient. + * Eliminate compiler warnings. + + +o Glenn Machin + * Don't miss an absolute pathname as a kerberos keytab path. + + +o Stefan Metzmacher + * BUG 6100: Implement _netr_LogonGetCapabilities() with + NT_STATUS_NOT_IMPLEMENTED. + * Make Samba work with older ctdb versions. + * Add S-1-22-X-Y sids to the local token. + + +o Lars Mueller + * Conditional install of the cifs.upcall man page. + * Adjust regex to match variable names including underscores. + + +o Shirish Pargaonkar + * BUG 4370: Clean-up entries in /etc/mtab after unmount. + * Add fakemount (-f) and nomtab (-n) flags to mount.cifs. + + +o Ted Percival + * Fix a crash during name resolution. + + +o Tim Prouty + * Fix "assignment discards qualifiers from pointer target type" + warnings. + * Fix SMB_VFS_RECVFILE/SENDFILE macros. + + +o Karolin Seeger + * Change "ldap ssl:ads" parameter to "ldap ssl ads". + * Add manpages for vfs_acl_xattr and vfs_acl_tdb. + + +o Dan Sledz + * Fix double free caused by incorrect talloc_steal usage. + + +o Simo Sorce + * Build ldbrename. + + +o Aravind Srinivasan + * Make nmbd check all available interfaces for WINS before failing. + + +o Miguel Suarez + * Fix compilation of vfs_default on systems that do not support utimes(). + + +o Yasuma Takeda + * BUG 5920: Fix the calculation of the memcpy length. + * BUG 6098: Fix ads_find_dc() in setups with "security = domain". + + +o Bo Yang + * Make libsmbclient work with DFS. + + +###################################################################### +Reporting bugs & Development Discussion +####################################### + +Please discuss this release on the samba-technical mailing list or by +joining the #samba-technical IRC channel on irc.freenode.net. + +If you do report problems then please try to send high quality +feedback. If you don't provide vital information to help us track down +the problem then you will probably be ignored. All bug reports should +be filed under the Samba 3.3 product in the project's Bugzilla +database (https://bugzilla.samba.org/). + + +====================================================================== +== Our Code, Our Bugs, Our Responsibility. +== The Samba Team +====================================================================== + + +---------------------------------------------------------------------- + + + ============================= + Release Notes for Samba 3.3.0 + January, 27 2009 + ============================= + +This is the first stable release of Samba 3.3.0. + +Major enhancements in Samba 3.3.0 include: + + General changes: + o The passdb tdbsam version has been raised. + + Configuration/installation: + o Splitting of library directory into library directory and separate + modules directory. + o The default value of "ldap ssl" has been changed to "start tls". + + File Serving: + o Extended Cluster support. + o New experimental VFS modules "vfs_acl_xattr" and "vfs_acl_tdb" + to store NTFS ACLs on Samba file servers. + + Winbind: + o Simplified idmap configuration. + o New idmap backends "adex" and "hash". + o Added new parameter "winbind reconnect delay". + o Added support for user and group aliasing. + o Added support for multiple domains to idmap_ad. + + Administrative tools: + o The destination "all" of smbcontrol does now affect all running + daemons including nmbd and winbindd. + o New 'net rpc vampire keytab' and 'net rpc vampire ldif' commands. + o The 'net' utility can now use kerberos for joining and authentication. + o The 'wbinfo' utility can now add, modify and remove identity mapping entries. + + Libraries: + o NetApi library implements various new calls for User- and Group + Account Management. + o libsmbclient does now determine case sensitivity based on file system + attributes. + + +General changes +=============== + +The passdb tdbsam version has been raised as among other things the RID counter +has been moved from the winbindd_idmap.tdb to the passdb.tdb file to make +"passdb backend = tdbsam" working in clustered environments. + +Please note that an updated passdb.tdb file is _not_ compatible with Samba +versions before 3.3.0! Please backup your passdb.tdb file if +you use "passdb backend = tdbsam". That can be achieved by running + +'tdbbackup /etc/samba/passdb.tdb' + +before the update. + + +Configure changes +================= + +The configure option "--with-libdir" has been removed. The library +directory can still be specified by using the existing "--libdir" option. +A new option "--with-modulesdir" has been added to allow the specification +of a separate directory for the shared modules. + + +Configuration changes +===================== + +The default value of "ldap ssl" has been changed to "start tls". This means, +Samba will use the LDAPv3 StartTLS extended operation (RFC2830) for +communicating with directory servers by default. If your directory servers +do not support this extended operation, you will have to set +"ldap ssl = no". Otherwise, Samba could not contact the directory servers +anymore! + + +Winbind idmap backend changes +============================= + +The idmap configuration has changed with version 3.3 to something that +allows a smoother upgrade path from pre-3.0.25 configurations that use +"idmap backend". The reason for this change is that to many, also to Samba +developers, the 3.0.25 style configuration with "idmap config" turned out +to be very complex. Version 3.3 no longer deprecates the "idmap backend" +parameter, instead with "idmap backend" the default idmap backend is +specified. + +Accordingly, the "idmap config : default = yes" setting is no +longer being looked at. + +The alloc backend defaults to the default backend, which should be able to +allocate IDs. In the default distribution the tdb and ldap backends can +allocate, the ad and rid backends can not. The idmap alloc range is now +being set with the "old" parameters "idmap uid" and "idmap gid". + +The "idmap domains" parameter has been removed. + + +winbind reconnect delay +======================= + +This is a new parameter which specifies the number of seconds the Winbind +daemon will wait between attempts to contact a Domain controller for a domain +that is determined to be down or not contactable. + + +Winbind's Name Aliasing +======================= + +Name aliasing in Winbind is a feature that allows an administrator to +map a fully qualified user or group name from a Windows domain to a +convenient short name for Unix access. This is similar to the username +map functionality supported by smbd but is primary intended for +clients and servers making use of Winbind's PAM and NSS libraries. + +For example, the user "DOMAIN\fred" has been mapped to the Unix name +"freddie". + + $ getent passwd "DOMAIN\fred" + freddie:x:1000:1001:Fred Jones:/home/freddie:/bin/bash + + $ getent passwd freddie + freddie:x:1000:1001:Fred Jones:/home/freddie:/bin/bash + +The name aliasing support is provided by individual nss_info plugins. +For example, the new "adex" plugin reads the uid attribute from Active +Directory to make a short login name to the fully qualified name. +While the new "hash" module utilizes a local file to map "short_name += QUALIFIED\name". Both user and group name mapping is supported. +Please refer to the "winbind nss info" option in smb.conf(5) and +to individual plugin man pages for further details. + + +idmap_hash +========== + +The idmap_hash plugin provides similar support as the idmap_rid +module. However, uids and gids are generated from the full domain +SID using a hashing algorithm that maps the lower 19 bits from the user +or group RID to bits 0 - 19 in the Unix id and hashes 96 bits from +the domain SID to bits 20 - 30 in the Unix id. The result is a 31 bit +uid or gid that is consistent across machines and provides support for +trusted domains. + +Please refer to the idmap_hash(8) man page for more details. + + +idmap_adex +========== + +The adex idmap/nss_info plugin is an adaptation of the Likewise +Enterprise plugin with support for OU based cells removed +(since the Windows pieces to manage the cells are not available). + +This plugin supports + + * The RFC2307 schema for users and groups. + * Connections to trusted domains + * Global catalog searches + * Cross forest trusts + * User and group aliases + +Prerequisite: Add the following attributes to the Partial Attribute +Set in global catalog: + + * uidNumber + * uid + * gidNumber + +A basic config using the current trunk code would look like: + +[global] + idmap backend = adex + idmap uid = 10000 - 29999 + idmap gid = 10000 - 29999 + winbind nss info = adex + + winbind normalize names = yes + winbind refresh tickets = yes + template homedir = /home/%D/%U + template shell = /bin/bash + +Please refer to the idmap_adex(8) man page for more details. + + +Libraries +========= + +libsmbclient will now treat file names case-sensitive by default if the filesystem +we are connecting to supports case sensitivity. This change of behavior is +considered a bug fix, as it was previously possible to accidentally overwrite a +file that had the same case-insensitive name but a different case-sensitive name +as a previously-existing file, while creating a new file. + +If it is not possible to detect if the filesystem supports case sensitivity, +the user-specified option value will be used. + + +###################################################################### +Changes +####### + +smb.conf changes +---------------- + + Parameter Name Description Default + -------------- ----------- ------- + cups connection timeout New 30 + idmap config DOM:range Removed + idmap domains Removed + init logon delayed hosts New "" + init logon delay New 100 + ldap ssl Changed Default start tls + share modes Deprecated + winbind reconnect delay New 30 + + +Changes since 3.3.0rc2: +----------------------- + + +o Jeremy Allison + * BUG 4308: Fix corrupting of file ACLs during Excel save operations. + * BUG 5979: Fix level 2 oplocks being granted improperly. + * BUG 5980: Race condition when granting level2 oplocks can cause break + notify to be missed. + * BUG 5986: Editing a stream is broken (rename problems). + * BUG 5990: Strict allocate should be checked before ftruncate. + * BUG 6009: Setting "min receivefile size = 1" breaks writes. + * BUG 6016: Alternate Data Streams / Extended Attributes seem to conflict. + * BUG 6017: Fix magic scripts. + * BUG 6019: Fix file corruption in Clustered SMB/NFS environment managed via + CTDB. + * BUG 6021: smbclient du command does not recuse properly. + * BUG 6024: Deprecate the "share modes" parameter. + * BUG 6030: Add missing header in Status page. + * BUG 6035: Fix possible race between fcntl F_SETLKW and alarm delivery. + * BUG 6040: Calling Samba print server with an aliased DNS-name fails. + * Fix gcc 4.3.2 warnings. + * Fix more asprintf errors and error code paths. + * Attempt to fix crash seen with new CUPS async printcap loading code. + * Add winbindd_reinit_after_fork(), cleaning out all possible events + in a forked child. + * Make winbindd_cm.c use winbindd_reinit_after_fork(). + * Fix race condition in alarm lock processing. + * Fixes crash bug in SWAT. + + +o Michael Adam + * Fix build of pam_winbind.so on older Linux systems. + * Packaging RHEL-CTDB: Fix build of [u]mount.cifs. + * Prevent access to root filesystem when connecting with empty service name. + * Fix distclean target and add realdistclean target in the docs build. + * Add manpage for idmap_tdb2. + * Clarify idmap manpages. + + +o Kai Blin + * BUG 5953: Fix smbclient crashes. + + +o Gerald (Jerry) Carter + * Fix "allow trusted domain" so it disables trusted domains. + * Return immediately on a failed GC connection in ads_connect. + + +o SATOH Fumiyasu + * Fix gmem->numgids and gmem->maxgids breakage on Solaris 64-bit. + * Fix SIGBUS on non-x86 CPUs in libsmbclient. + * Fix a compile-time warning. + + +o Holger Hetterich + * Add a simple tdb integrity check to tdbtool. + + +o Björn Jacke + * Correct the description of the "ldap timeout" parameter. + + +o Volker Lendecke + * BUG 5913: Fix build error with at least GCC 4.2.2. + * BUG 5933: Fix incrementing/decrementing of num_validated_vuids. + * BUG 5953: Make cli_send_smb_direct_writeX use writev. + * BUG 5965: Fix creation of the first share using SWAT. + * BUG 5969: Optimize smbclient put command. + * BUG 6012: Add "get_real_filename" to full_audit. + * BUG 6014: Fix segfault when calling mget without arguments. + * Fix a spinning smbd when printing. + * Fix a memory leak in cups_pull_comment_location. + * Fix a valgrind error. + * Fix a "ignoring function call result" warning. + * Fix some C++ warnings. + * Fix an ancient uninitialized variable read. + * Fix a bad memleak in vfs_full_audit. + + +o Derrell Lipman + * BUG 6022: Make smbc_urlencode and smbc_urldecode in libsmbclient. + * Determine case sensitivity based on file system attributes. + + +o Stefan Metzmacher + * net_status: Use dbwrap to open sessionid.tdb. + * Fix dbwrap_store_uint32() to match dbwrap_store_int32(). + * Make marshalling struct samu from and to a buffer more generic. + * Store the next rid counter in passdb.tdb instead of winbind_idmap.tdb. + * Register the client connection via CTDB_CONTROL_TCP_ADD. + * Don't need to call messaging_reinit() twice. + * Raise TDBSAM_VERSION. + * Add manpage for vfs_fileid. + * Rename 'fd_event' to 'winbindd_fd_event' to avoid confusion. + * Recreate the per domain check_online_event without relying on global + state. + * Handle the smb signing states the same in the krb5 and ntlmssp cases. + * Re-add 'fileid:algorithm' option to vfs_fileid. + * Fix CTDB IPv6 support in cluster setups. + * Reinit_after_fork() should reinit the event context before the + messaging context. + * Fix PCAP support in socket_wrapper. + + +o Lars Müller + * Tweak with pam defines of older Linux versions. + + +o Tim Prouty + * Fix stream marshalling to return the correct streaminfo status. + * Allow renames of streams via NTRENAME and fix stream error codes on + rename. + * Remove a few unnecessary checks from the streams xattr module. + * Remove a few unnecessary checks from the streams depot module and fix to + work with NTRENAME. + + +o Andreas Schneider + * Fix a segfault if ? is there but the options are NULL. + * Avoid flooding of syslog with failing pam_putenv messages. + + +o Karolin Seeger + * BUG 6000: Avoid bashism in perfcount.init. + * Change default value of "ldap ssl" to "start tls". + * Update version number in the manpages. + * Fix several small issues and typos in the manpages. + * Check if Unix account exists before asking for the password in smbpasswd. + + +o Todd Stecher + * Fix memory leaks and other fixes found by Coverity. + + +o Bo Yang + * Clean event context after child is forked. + * Fix broken krb5 refresh chain. + * Set entry->refresh_time to make ccache_regain_all_now() work correctly. + * Refresh sequence number as soon as possible. + * Don't set child->requests to NULL in parent after fork. + * Don't send message to any other child in child process. + * Fix bug in get_dc_name_via_netlogon(), null pointer reference. + + + +"Changes since" sections of 3.3 previews and release candidates follow: +======================================================================= + +Changes since 3.3.0rc1: +------------------------ + +o Jeremy Allison + * BUG 1254: Fix "write list" in setups using "security = share". + * BUG 5937: Fix filenames with "*" char hiding other files. + * BUG 5953: Fix segfaults in smbclient. + * Fix usrmgr opening a user object as non-root. + + +o Michael Adam + * BUG 3661: Add support for trusted domains to idmap_ad. + * Fix default backend handling for ad backends. + * Fix potential segfault in vfs_tsmsm. + * Fix several RHEL CTDB packaging issues. + + +o Guenther Deschner + * BUG 5957: Do not abort rename process on valid rename script. + * Fix various potential memleaks in samr_SetUserInfo. + * Fix access bits in netapi. + + +o Steve French + * BUG 5934: Use USER environment in mount.cifs when no user is specified. + * variable + + +o SATOH Fumiyasu + * BUG 5688: LPQ process is orphaned if socket address parameter is invalid. + * Vars for signals must be volatile sig_atomic_t. + + +o Henning Henkel + * BUG 5929: Fix build of vfs_prealloc with option --with-cluster-support and + GPFS. + + +o Tomasz Krasuski + * BUG 5928: Fix 'testparm --version'. + + +o Jeff Layton + * Allow mounts to ipv6 capable servers in mount.cifs. + + +o Volker Lendecke + * Fix crash bug when freeing a non-malloc'ed buffer if the client sends a + non-encrypted packet with the crypto state set. + * Fix error code when smbclient puts a file over an existing directory. + * Pass the get_real_filename operation through the VFS. + + +o Stefan Metzmacher + * BUG 5749: Re-set acctflags while joining. + * Fix several issues concerning Alternate Data Streams. + * Fix valgrind bug lp_parm_const_string(). + * Fix setting of trust passwords using 'net rpc trustdom add'. + * Correctly detect if the current dc is the closest one. + + +o Tim Prouty + * Fix a delete on close divergence from windows. + + +o Dan Sledz + * Fix logging to syslog. + + +o Yasuma Takeda + * BUG 5944: Fix starting of nmbd with "socket address" set to "". + + +o Bo Yang + * Fix script installmo.sh when no .po file exists. + + +---------------------------------------------------- + +Changes since 3.3.0pre2: +------------------------ + +o Michael Adam + * Fix eventlog crash. + * Make keytab filename argument mandatory to "net rpc vampire keytab". + * Add domain prefix to username in lookup_groupmem(). + * Honour "winbind use default domain" in lookup_groupmem(). + * Sanely handle NULL domain in add_member(). + * Don't list the domain twice when expanding internal aliases. + * Prevent negative GM/ cache entries due to broken connections. + * Use the reconnect methods instead of the rpc methods directly. + + +o Jeremy Allison + * BUG 5080: Fix access to cups-printers with cups 1.3.4. + * BUG 5814: Fix Winbind crash bug while doing "rescan_trusted_domain". + * BUG 5818: Sort ACEs in smbcacl output properly and honor inheritance. + * BUG 5825: Fix account locking with an LDAP backend. + * BUG 5826: Fix truncated filenames when accessing old servers. + * BUG 5873: Fix ACL inheritance. + * BUG 5889: Fix "delete veto files = no". + * BUG 5891: Fix smbd crash when viewing the eventlog exported by "eventlog + list". + * BUG 5900: Fix vfs_readonly. + * BUG 5903: Fix breaking of file contents in vfs_streams_xattr. + * BUG 5904: Fix SIGABRT while servicing getaddrinfo() request caused by + libnss_wins. + * BUG 5914: Fix redefinition of struct name_list. + * Correctly fix smbclient to terminate on eof from server. + * Fix client timeout when searching for a large number of cups printers. + * Unify access checks for lsa server functions. + * Remove the requirement for ldap call made as root. + * Cope with MAXIMUM_ALLOWED_ACCESS requests when opening handles. + * Fix net rpc vampire, based on an *amazing* piece of debugging work by + "Cooper S. Blake" . + * Fix memory leak in error path, spotted by Martin Zielinski . + * Add vfs_acl_tdb.c module to do ACLs completely in userspace. + * Use fxattr calls whenever possible (trying to work around the strange + Linux kernel oplock bug). + + +o Kai Blin + * BUG 5892: Fix net rap printq info documentation. + * Add placeholder functions to libwbclient. + + +o Gerald (Jerry) Carter + * Use the same prerequisite for DDNS update as Windows XP. + * Make "lwinet ads dns register" honor the "interfaces" parameter. + + +o Steven Danneman + * Add options to manage identity mapping entries to wbinfo and Winbind. + * Fix to allow setting of NULL DACL/SACL. + + +o Guenther Deschner + * BUG 5888: Fix remote rpc service management. + * Ensure consistency when reporting password complexity. + * Fix _lsa_GetUserName. + * Fix access check in _samr_QuerySecurity(). + * _samr_DeleteUser needs to wipe out the user_handle on success. + * NetGroupEnum_r needs to handle servers with no groups. + * Fix numerous netapi issues. + * Add support for partial and delta netlogon replication in + "net rpc vampire". + * Add automatic machine password update in Winbind for member servers. + * Add German internalization for pam_winbind. + * Add Winbind krb5 locator plugin manpage. + * Add new wbclient wbcLookupDomainControllerEx call. + * Use autogenerated DCE/RPC routines for one more call on SVCCTL + named pipe. + * Use autogenerated NBT routines from Samba4 for Mailslot/CLDAP + parsing. + * Fix Winbind password change code for Windows 2000 DCs. + * Fix PNP_HwProfInfo NDR parsing. + * Add wbclient wbcLogonUser and wbcLogoffUserEx functions. + * Add automatic home directory creation for pam_winbind. + + +o Mathias Dietz + * Search for gpfs functions in both libgpfs_gpl.so an libgpfs.so. + + +o Dina Fine + * BUG 5908: Fix internal change notify on share directories. + + +o Nils Goroll + * BUG 5135: Prevent calling POSIX ACL vfs methods on zfs share. + * BUG 5446: Prevent calling POSIX ACL vfs methods on zfs share. + + +o Jeff Layton + * Have uppercase_string return success on NULL pointer in mount.cifs. + * Make mount.cifs return codes match the return codes for /bin/mount. + + +o Volker Lendecke + * BUG 5691: Fig smbd panic on Solaris. + * BUG 5840: Fix segfault in "rpcclient lsaaddacctrights". + * BUG 5860: safe_strcpy gives a nasty error message for overlong strings. + * Fix the offset checks in the trans routines (CVE-2008-4314). + * Fix a potential NULL deref in found by the IBM Checker. + * Fix an uninitialized variable found by the IBM Checker. + * Fix an unlikely memleak found by the IBM Checker. + * Fix some missing error handlings. + * Add workaround for domain joins using a netbios name which is different + from the hostname. + * Fix a valgrind error in idmap_ad_sids_to_unixids(). + * Make memcache_add_talloc NULL out the source pointer. + * Fix memleak in memcache_add_talloc found by Martin Zielinski . + * Fix memleak in calculate_next_machine_pwd_change. + + +o Jeff Layton + * mount.cifs: use lock/unlock_mtab scheme from util-linux-ng mount prog. + + +o Derrell Lipman + * BUG 5805: Don't close stdout when calling setup_logging multiple times. + + +o Stefan Metzmacher + * Return an error instead of crashing when no realm is given. + + +o TAKAHASHI Motonobu + * 5901: Fix default value for streams_depot location. + + +o Tim Prouty + * Fix several build warnings. + + +o Andreas Schneider + * Delete the krb5 ccname variable from the PAM environment if set. + * Add a function out of pam_sm_close_session to delete the credentials. + * Fix circular dependency error with autoconf 2.6.3. + + +o Davide Sfriso + * BUG 5906: Fix Winbind crash bug during 'getent group' on PDC. + + +o Dan Sledz + * Add FreeBSD configure check for backtrace_symbols. + * Allow SYSLOG_FACILITY to be modified with a new configure option called + --with-syslog-facility. + + +o Joe Smith + * Fix typo in source/utils/net_rap.c. + + +o Martin Schwenke + * Prevent make errors for picky makes when $(EXTRA_ALL_TARGETS) is empty. + * Add @CIFSUPCALL_PROGS@ to "all" target so cifs.upcall gets built at + compile time rather than install time. + + +o Yasuma Takeda + * BUG 5909: Fix MS-DFS links containing multibyte characters on Vista. + + +o Bo Yang + * Fix broken msgids in ntstatus_errors. + * i18n/l10n pam_winbind + + +---------------------------------------------------- + +Changes since 3.3.0pre1: +------------------------ + +o Michael Adam + + * BUG 5492: Fix RHEL SPEC file by removing libmsrpc stuff. + * BUG 5507: Fix several issues in the RHEL SPEC file. + + +o Jeremy Allison + * BUG 5729: Explicitly allow "-valid". + * BUG 5737: Fix winbindd crash in an unusual failure mode. + * BUG 5751: Fix showing of ACLs on DFS in (lib)smbclient. + * BUG 5762: Fix opening of mangled directory name (resulted + 'is a stream name'). + * BUG 5783: Fix FindFirst where search pattern == mangled filename. + * BUG 5790: Fix returning of STATUS_OBJECT_NAME_NOT_FOUND on set file + disposition. + * BUG 5797: Fix moving of readonly files. + * Fix crashes when looking up a non-existant uid. + * Fix getting/setting of NT ACLs on a file. + * Add st_birthtime and friends for accurate create times on *BSD + and MacOSX). + * Fix the wcache_invalidate_samlogon calls. + * Clarify usage of "force create mode". + * Get smbd to look (read-only) into the winbindd cache for uid/gid <--> sid + mappings. + * Write times code update. + * Add experimental version of VFS module acl_xattr. + * Fix rename_open_files. + * Make SMB traffic analyzer VFS module more efficient. + + +o Gerald W. Carter + * Fix segfault when calling nss_get_info() with a NULL ads structure. + * Add support for name aliasing in Winbind. + * Add the idmap/nss-info provider from Likewise Open. + * Allow an admin to define the "uid" attribute for a RFC2307 + user object in AD to be the username alias. + * Add new idmap backend "adex" to support RFC2307 enabled AD forests. + * Add new idmap backend "hash". + + +o Steven Danneman + * Fix build warnings. + * Cleanup of DC enumeration in get_dcs(). + + +o Guenther Deschner + * BUG 5710: Fix changing of machine account passwords. + * BUG 5784: Fix pam_winbind build issue on Solaris. + * Fix invalid sid copy (hit when enumerating sibling domains) in Winbind. + * Fix double installation of cifs.upcall. + * Add change-user-password command to wbinfo. + * Fix segfault in _srvsvc_NetShareAdd. + + +o James Ding + * BUG 5736: Fix Winbind crash bug with trusted domains. + + +o Ephi Dror + * Correct the netsamlogon_clear_cached_user function. + + +o Holger Hetterich + * Add new VFS module to analyze SMB traffic to record write and read + operations on the Samba server. + + +o Jeff Layton + * Fix build warnings in cifs.upcall. + + +o Volker Lendecke + * BUG 5707: Do proper error handling if the socket is closed. + * BUG 5778: Don't define 'strlcat' and 'strlcpy' if it's already defined. + * Fix Coverity IDs 587 and 589. + * Increase the default positive idmap cache time to a week. + * Fix calculation of useable_space for trans2 and nttrans replies. + * Add mapping of generic bits when setting an NFSv4 ACL. + + +o Stefan Metzmacher + * Some write time fixes. + + +o Karolin Seeger + * Add new parameter "cups connection timeout". + + +o Simo Sorce + * Fix enumeration of nested group memberships in Winbind. + This affected only setups using "security = ads". + + +o Timur + * Fix cut and paste error in quota code. + * Fix display of POSIX ACLs. + * Fix aio on FreeBSD. + + +o Andrew Tridgell + * Fix permissions of group_mapping.ldb (CVE-2008-3789). + * Avoid a race condition in glibc between AIO and setresuid(). + * Add missing become root for AIO operations. + * Fix an errno handling bug that could lead to an infinite loop. + * Fix logic of tsmsm_sendfile(). + * Fix handling of arbitrary new PAC types. + * Fix segfault on startup with trusted domains. + * Fix segfault on the CTDB destructor code. + * Fix memory leak. + * Re-add "winbind:ignore domains". + + +o Jelmer Vernooij + * Fix segfault (Debian bug #431696). + + +o Qiao Yang + * Fix a memleak. + + +###################################################################### +Reporting bugs & Development Discussion +####################################### + +Please discuss this release on the samba-technical mailing list or by +joining the #samba-technical IRC channel on irc.freenode.net. + +If you do report problems then please try to send high quality +feedback. If you don't provide vital information to help us track down +the problem then you will probably be ignored. All bug reports should +be filed under the Samba 3.3 product in the project's Bugzilla +database (https://bugzilla.samba.org/). + + +====================================================================== +== Our Code, Our Bugs, Our Responsibility. +== The Samba Team +====================================================================== + -- 2.11.4.GIT