1 files changed, 129 insertions, 4 deletions

diff --git a/WHATSNEW.txt b/WHATSNEW.txt
index ea97e56844f..b53ffe549aa 100644
--- a/WHATSNEW.txt
+++ b/WHATSNEW.txt
@@ -1,6 +1,6 @@
                 ================================
                 Release Notes for Samba 3.0.6rc2
-                            Aug 3, 2004
+                            Aug 5, 2004
                 ================================
 
 This is a release candidate snapshot of the Samba 3.0.5 code
@@ -17,13 +17,38 @@ exact updates.
 
 Common bugs fixed in 3.0.6rc2 include:
 
-  o 
+  o Fix stalls in smbd caused by inaccessible LDAP servers.
+  o Remove various memory leaks.
+  o Fix issues in the password lockout feature.
+  o Merge security fixes for CAN-2004-0600, CAN-2004-0686 
+    from 3.0.5.
 
 New features introduced in this release include:
 
   o Support for maintaining user password history.
-
   
+------------------------
+Password History Support 
+------------------------
+
+The new password history feature allows smbd to check the new 
+password in password change requests against a list of the user's
+previous passwords.  The number of previous passwords to save can be 
+set using pdbedit (4 in this example):
+
+   root# pdbedit -P "password history" -C 4
+
+When using the ldapsam passdb backend, it is vital to secure 
+the following attributes from access by non-administrative 
+users:
+
+   * sambaNTPassword
+   * sambaLMPassword
+   * sambaPasswordHistory
+
+You should refer to your directory server's documentation on how 
+to implement this restriction).
+
 ######################################################################
 Changes
 #######
@@ -37,6 +62,7 @@ smb.conf changes
 
     Parameter Name              Action
     --------------              ------
+    ldap timeout                New
 
     
 commits
@@ -45,9 +71,108 @@ o   Jeremy Allison <jra@samba.org>
     * Add support for storing a user's password history.
       LDAP portion of the code was based on a patch from 
       Jianliang Lu <j.lu@tiesse.com>.
+    * Correct memory leaks found in the password change code.
+    * Fix support for the mknod command with the Linux CIFS client.
+    * Remove support for passing the new password to smbpasswd 
+      on the command line without using the -s option.
+    * Ensure home directory service number is correctly reused
+      (inspired by patches from Michael Collin Nielsen 
+      <michael@hum.aau.dk>).
+    * Fix to stop printing accounts from resetting the bas 
+      password and account lockout flags.
+    * If a account was locked out by an admin (and has a bad 
+      password count of zero) leave it locked out until an admin 
+      unlocks it (but log a message).
+
+
+o   Tom Alsberg <alsbergt@cs.huji.ac.il>
+    * Allow pdbedit to export a single user from a passdb backend.
+    
+
+o   Andrew Bartlett <abartlet@samba.org>  
+    * Improve smbd's internal random number generation.
+    * Fix a few outstanding long password changes in smbd.
+    * Fix LANMAN2 session setup code.
+
+
+o   Gerald Carter <jerry@samba.org>
+    * BUG 1520: Work around bug in Windows XP SP2 RC2 where the 
+      client sends a FindNextPrintChangeNotify() request without 
+      previously sending a FindFirstPrintChangeNotify().  Return 
+      the same error code as Windows 2000 SP4.
+    * BUG 1516: Manually declare ldap_open_with_timeout() to 
+      workaround compiler errors on IRIX (or other systems without 
+      LDAP headers).
+    * Merge security fixes for CAN-2004-0600, CAN-2004-0686 from 
+      3.0.5.
+    * Corrected syntax error in the OID for sambaUnixIdPool, 
+      sambaSidEntry, & sambaIdmapEntry object classes.
+
+
+
+o   Fabien Chevalier <fabien.chevalier@supelec.fr>
+    * Debian BUG 252591: Ensure that the return value from the 
+      number of available interfaces is initialized in case no 
+      interfaces are actually available.
+
+
+o   Guenther Deschner <gd@sernet.de> 
+    * Display share ACL entries from rpcclient.
+
+
+o   Steve French <sfrench@us.ibm.com>
+    * Fix user unmount of shares mount with suid mount.cifs.
+
+
+o   Volker Lendecke <vl@samba.org>
+    * Allow the 'idmap backend' parameter to accept a list of 
+      LDAP servers for failover purposes.
+    * Revert code in smbd to remove a tdb when it has become 
+      corrupted.
+    * Add paranoid checks when mapping SIDs to a uid/gid to 
+      ensure that the type is correct.
+    * Initial work on getting client support for sending mailslot 
+      datagrams.
+    * Add 'ldap timeout' parameter.
+    * Dont always uppercase 'afs username map'.
+    * Expand aliases for getusersids as well.
+
+
+o   James Peach <jpeach@sgi.com>
+    * More iconv detection fixes for IRIX.
+    * Compile fixed for systems that do not have C99/UNIX98 compliant 
+      vsnprintf by default.
+
+
+o   Tim Potter <tpot@samba.org>
+    * BUG 1360: Use -Bsymbolic when creating shared libraries to 
+      avoid conflicts with identical symbols in the global namespace 
+      when loading libnss_wins.so.
+
+
+o   Richard Renard <rrenard@idealx.com>
+    * Save the current password as it is being changed into the 
+      password history list.
+
+
+o   Simo Source <idra@samba.org>
+    * Tidy up parametric options in testparm output.
+
+
+o   Richard Sharpe <rsharpe@samba.org>
+    * Add sigchild handling to winbindd to restart the child 
+      daemon if necessary.
+
+
+o   Tom Shaw <tomisfaraway@gmail.com>
+    * Use winbindd_fill_pwent() consistently.
+
+
+o   Nick Thompson <nickthompson@agere.com>
+    * Protect smbd against broken filesystems which return zero 
+      blocksize.
       
       
-
 Changes for older versions follow below:
 
       --------------------------------------------------