============================== Release Notes for Samba 4.9.18 January 21, 2020 ============================== This is a security release in order to address the following defects: o CVE-2019-14902: Replication of ACLs set to inherit down a subtree on AD Directory not automatic. o CVE-2019-14907: Crash after failed character conversion at log level 3 or above. o CVE-2019-19344: Use after free during DNS zone scavenging in Samba AD DC. ======= Details ======= o CVE-2019-14902: The implementation of ACL inheritance in the Samba AD DC was not complete, and so absent a 'full-sync' replication, ACLs could get out of sync between domain controllers. o CVE-2019-14907: When processing untrusted string input Samba can read past the end of the allocated buffer when printing a "Conversion error" message to the logs. o CVE-2019-19344: During DNS zone scavenging (of expired dynamic entries) there is a read of memory after it has been freed. For more details and workarounds, please refer to the security advisories. Changes since 4.9.17: --------------------- o Andrew Bartlett * BUG 12497: CVE-2019-14902: Replication of ACLs down subtree on AD Directory not automatic. * BUG 14208: CVE-2019-14907: lib/util: Do not print the failed to convert string into the logs. o Gary Lockyer * BUG 14050: CVE-2019-19344: kcc dns scavenging: Fix use after free in dns_tombstone_records_zone. ####################################### Reporting bugs & Development Discussion ####################################### Please discuss this release on the samba-technical mailing list or by joining the #samba-technical IRC channel on irc.freenode.net. If you do report problems then please try to send high quality feedback. If you don't provide vital information to help us track down the problem then you will probably be ignored. All bug reports should be filed under the "Samba 4.1 and newer" product in the project's Bugzilla database (https://bugzilla.samba.org/). ====================================================================== == Our Code, Our Bugs, Our Responsibility. == The Samba Team ====================================================================== Release notes for older releases follow: ---------------------------------------- ============================== Release Notes for Samba 4.9.17 December 10, 2019 ============================== This is a security release in order to address the following defects: o CVE-2019-14861: Samba AD DC zone-named record Denial of Service in DNS management server (dnsserver). o CVE-2019-14870: DelegationNotAllowed not being enforced in protocol transition on Samba AD DC. ======= Details ======= o CVE-2019-14861: An authenticated user can crash the DCE/RPC DNS management server by creating records with matching the zone name. o CVE-2019-14870: The DelegationNotAllowed Kerberos feature restriction was not being applied when processing protocol transition requests (S4U2Self), in the AD DC KDC. For more details and workarounds, please refer to the security advisories. Changes since 4.9.16: --------------------- o Andrew Bartlett * BUG 14138: CVE-2019-14861: Fix DNSServer RPC server crash. o Isaac Boukris * BUG 14187: CVE-2019-14870: DelegationNotAllowed not being enforced. ####################################### Reporting bugs & Development Discussion ####################################### Please discuss this release on the samba-technical mailing list or by joining the #samba-technical IRC channel on irc.freenode.net. If you do report problems then please try to send high quality feedback. If you don't provide vital information to help us track down the problem then you will probably be ignored. All bug reports should be filed under the "Samba 4.1 and newer" product in the project's Bugzilla database (https://bugzilla.samba.org/). ====================================================================== == Our Code, Our Bugs, Our Responsibility. == The Samba Team ====================================================================== ---------------------------------------------------------------------- ============================== Release Notes for Samba 4.9.16 November 27, 2019 ============================== This is an additional bug fix release to address bug #14175 (CTDB: Incoming queue can be orphaned causing communication breakdown). Please see https://bugzilla.samba.org/show_bug.cgi?id=14175 for details. Changes since 4.9.15: --------------------- o Volker Lendecke * BUG 14175: ctdb: Avoid communication breakdown on node reconnect. o Martin Schwenke * BUG 14175: ctdb: Incoming queue can be orphaned causing communication breakdown. ####################################### Reporting bugs & Development Discussion ####################################### Please discuss this release on the samba-technical mailing list or by joining the #samba-technical IRC channel on irc.freenode.net. If you do report problems then please try to send high quality feedback. If you don't provide vital information to help us track down the problem then you will probably be ignored. All bug reports should be filed under the "Samba 4.1 and newer" product in the project's Bugzilla database (https://bugzilla.samba.org/). ====================================================================== == Our Code, Our Bugs, Our Responsibility. == The Samba Team ====================================================================== ---------------------------------------------------------------------- ============================== Release Notes for Samba 4.9.15 October 29, 2019 ============================== This is a security release in order to address the following defects: o CVE-2019-10218: Client code can return filenames containing path separators. o CVE-2019-14833: Samba AD DC check password script does not receive the full password. o CVE-2019-14847: User with "get changes" permission can crash AD DC LDAP server via dirsync. ======= Details ======= o CVE-2019-10218: Malicious servers can cause Samba client code to return filenames containing path separators to calling code. o CVE-2019-14833: When the password contains multi-byte (non-ASCII) characters, the check password script does not receive the full password string. o CVE-2019-14847: Users with the "get changes" extended access right can crash the AD DC LDAP server by requesting an attribute using the range= syntax. For more details and workarounds, please refer to the security advisories. Changes since 4.9.14: --------------------- o Jeremy Allison * BUG 14071: CVE-2019-10218 - s3: libsmb: Protect SMB1 and SMB2 client code from evil server returned names. o Andrew Bartlett * BUG 12438: CVE-2019-14833: Use utf8 characters in the unacceptable password. * BUG 14040: CVE-2019-14847 dsdb: Correct behaviour of ranged_results when combined with dirsync. o Björn Baumbach * BUG 12438: CVE-2019-14833 dsdb: Send full password to check password script. ####################################### Reporting bugs & Development Discussion ####################################### Please discuss this release on the samba-technical mailing list or by joining the #samba-technical IRC channel on irc.freenode.net. If you do report problems then please try to send high quality feedback. If you don't provide vital information to help us track down the problem then you will probably be ignored. All bug reports should be filed under the "Samba 4.1 and newer" product in the project's Bugzilla database (https://bugzilla.samba.org/). ====================================================================== == Our Code, Our Bugs, Our Responsibility. == The Samba Team ====================================================================== ---------------------------------------------------------------------- ============================== Release Notes for Samba 4.9.14 October 22, 2019 ============================== This is the last bugfix release of the Samba 4.9 release series. There will be security releases only beyond this point. Changes since 4.9.13: --------------------- o Jeremy Allison * BUG 14094: smbc_readdirplus() is incompatible with smbc_telldir() and smbc_lseekdir(). o Douglas Bagnall * BUG 13978: s4/scripting: MORE py3 compatible print functions. o Andrew Bartlett * ldb: release ldb 1.4.8 * BUG 13959: ldb_tdb fails to check error return when parsing pack formats. * BUG 13978: undoguididx: Add "or later" to warning about using tools from Samba 4.8. o Ralph Boehme * BUG 14038: ctdb: Fix compilation on systems with glibc robust mutexes. o Isaac Boukris * BUG 14106: Fix spnego fallback from kerberos to ntlmssp in smbd server. o Poornima G * BUG 14098: vfs_glusterfs: Use pthreadpool for scheduling aio operations. o Aaron Haslett * BUG 13977: ldb: baseinfo pack format check on init. * BUG 13978: sambaundoguidindex is untested and py2-only. o Amitay Isaacs * BUG 14147: ctdb-vacuum: Process all records not deleted on a remote node. o Björn Jacke * BUG 14139: Fault.c: Improve fault_report message text pointing to our wiki. o Stefan Metzmacher * BUG 14055: libcli/smb: send SMB2_NETNAME_NEGOTIATE_CONTEXT_ID. o Martin Schwenke * BUG 14084: ctdb-tcp: Mark node as disconnected if incoming connection goes away. * BUG 14087: 'ctdb stop' command completes before databases are frozen. * BUG 14129: Exit code of ctdb nodestatus should not be influenced by deleted nodes. o Evgeny Sinelnikov * BUG 14007: s3:ldap: Fix join with don't exists machine account. ####################################### Reporting bugs & Development Discussion ####################################### Please discuss this release on the samba-technical mailing list or by joining the #samba-technical IRC channel on irc.freenode.net. If you do report problems then please try to send high quality feedback. If you don't provide vital information to help us track down the problem then you will probably be ignored. All bug reports should be filed under the "Samba 4.1 and newer" product in the project's Bugzilla database (https://bugzilla.samba.org/). ====================================================================== == Our Code, Our Bugs, Our Responsibility. == The Samba Team ====================================================================== ---------------------------------------------------------------------- ============================== Release Notes for Samba 4.9.13 September 03, 2019 ============================== This is a security release in order to address the following defect: o CVE-2019-10197: Combination of parameters and permissions can allow user to escape from the share path definition. ======= Details ======= o CVE-2019-10197: Under certain parameter configurations, when an SMB client accesses a network share and the user does not have permission to access the share root directory, it is possible for the user to escape from the share to see the complete '/' filesystem. Unix permission checks in the kernel are still enforced. Changes since 4.9.12: --------------------- o Jeremy Allison * BUG 14035: CVE-2019-10197: Permissions check deny can allow user to escape from the share. o Stefan Metzmacher * BUG 14035: CVE-2019-10197: Permissions check deny can allow user to escape from the share. ####################################### Reporting bugs & Development Discussion ####################################### Please discuss this release on the samba-technical mailing list or by joining the #samba-technical IRC channel on irc.freenode.net. If you do report problems then please try to send high quality feedback. If you don't provide vital information to help us track down the problem then you will probably be ignored. All bug reports should be filed under the "Samba 4.1 and newer" product in the project's Bugzilla database (https://bugzilla.samba.org/). ====================================================================== == Our Code, Our Bugs, Our Responsibility. == The Samba Team ====================================================================== ---------------------------------------------------------------------- ============================== Release Notes for Samba 4.9.12 August 27, 2019 ============================== This is the latest stable release of the Samba 4.9 release series. Changes since 4.9.11: --------------------- o Michael Adam * BUG 13972: vfs:glusterfs_fuse: Different Device Id for GlusterFS FUSE mount is causing data loss in CTDB cluster. * BUG 14010: vfs:glusterfs_fuse: Unable to create or rename file/directory inside shares configured with vfs_glusterfs_fuse module. o Björn Baumbach * BUG 13973: samba-tool: Add 'import samba.drs_utils' to fsmo.py. o Tim Beale * BUG 14008: dsdb: Handle DB corner-case where PSO container doesn't exist. * BUG 14021: s4/libnet: Fix joining a Windows pre-2008R2 DC. o Ralph Boehme * BUG 14015: vfs_catia: Pass stat info to synthetic_smb_fname(). * BUG 14033: Samba 4.9 doesn't build with libtevent 0.9.39. o Alexander Bokovoy * BUG 14091: lookup_name: Allow own domain lookup when flags == 0. o Isaac Boukris * BUG 11362: Add PrimaryGroupId to group array in DC response. o Anoop C S * BUG 14035: vfs_glusterfs: Enable profiling for file system operations. o Stefan Metzmacher * BUG 13915: DEBUGC and DEBUGADDC doesn't print into a class specific log file. * BUG 13949: Request to keep deprecated option "server schannel", VMWare Quickprep requires "auto". * BUG 13967: dbcheck: Fallback to the default tombstoneLifetime of 180 days. * BUG 13969: dnsProperty fails to decode values from older Windows versions. * BUG 13973: samba-tool: fsmo transfer is not reliable for the dns related partitions role transfer. o Christof Schmitt * BUG 14032: vfs_gpfs: Fix NFSv4 ACL for owner with IDMAP_TYPE_BOTH. o Rafael David Tinoco * BUG 14017: ctdb-config: Depend on /etc/ctdb/nodes file. ####################################### Reporting bugs & Development Discussion ####################################### Please discuss this release on the samba-technical mailing list or by joining the #samba-technical IRC channel on irc.freenode.net. If you do report problems then please try to send high quality feedback. If you don't provide vital information to help us track down the problem then you will probably be ignored. All bug reports should be filed under the "Samba 4.1 and newer" product in the project's Bugzilla database (https://bugzilla.samba.org/). ====================================================================== == Our Code, Our Bugs, Our Responsibility. == The Samba Team ====================================================================== ---------------------------------------------------------------------- ============================== Release Notes for Samba 4.9.11 July 03, 2019 ============================== This is the latest stable release of the Samba 4.9 release series. In yesterday's Samba 4.9.10 release, LDAP_REFERRAL_SCHEME_OPAQUE was added to db_module.h in order to fix bug #12478. Unfortunately, the ldb version was not raised. Samba >= 4.9.10 is no longer able to build with ldb 1.4.6. This version includes the new ldb version. Please note that there are just the version bumps in ldb and Samba, no code change. If you don't build Samba with an external ldb library, you can ignore this release and keep using 4.9.10. Changes since 4.9.10: --------------------- o Stefan Metzmacher * BUG 12478: ldb: Release ldb 1.4.7. ####################################### Reporting bugs & Development Discussion ####################################### Please discuss this release on the samba-technical mailing list or by joining the #samba-technical IRC channel on irc.freenode.net. If you do report problems then please try to send high quality feedback. If you don't provide vital information to help us track down the problem then you will probably be ignored. All bug reports should be filed under the "Samba 4.1 and newer" product in the project's Bugzilla database (https://bugzilla.samba.org/). ====================================================================== == Our Code, Our Bugs, Our Responsibility. == The Samba Team ====================================================================== ---------------------------------------------------------------------- ============================== Release Notes for Samba 4.9.10 July 02, 2019 ============================== This is the latest stable release of the Samba 4.9 release series. Changes since 4.9.9: -------------------- o Jeremy Allison * BUG 13938: s3: SMB1: Don't allow recvfile on stream fsp's. * BUG 13956: s3: winbind: Fix crash when invoking winbind idmap scripts. * BUG 13964: smbd does not correctly parse arguments passed to dfree and quota scripts. o Andrew Bartlett * BUG 13981: docs: Improve documentation of "lanman auth" and "ntlm auth" connection. o Björn Baumbach * BUG 14002: python/ntacls: Use correct "state directory" smb.conf option instead of "state dir". o Ralph Boehme * BUG 13840: registry: Add a missing include. * BUG 13938: s3:smbd: Don't use recvfile on streams. * BUG 13944: SMB guest authentication may fail. * BUG 13958: AppleDouble conversion breaks Resourceforks. * BUG 13964: s3: lib: Rename all uses of file_pload_XXX -> file_ploadv_XXX. * BUG 13968: vfs_fruit makes direct use of syscalls like mmap() and pread(). * BUG 13987: s3:mdssvc: Fix flex compilation error. o Günther Deschner * BUG 13872: s3/vfs_glusterfs[_fuse]: Avoid using NAME_MAX directly. o David Disseldorp * BUG 13940: vfs_ceph: Fix cephwrap_flistxattr() debug message. o Aaron Haslett * BUG 13799: dsdb:samdb: Schemainfo update with relax control. o Amitay Isaacs * BUG 13943: ctdb-common: Fix memory leak in run_proc. o Aliaksei Karaliou * BUG 13964: smbd does not correctly parse arguments passed to dfree and quota scripts. o Volker Lendecke * BUG 13903: winbind: Fix overlapping id ranges. * BUG 13957: smbd: Fix a panic. o Gary Lockyer * BUG 12478: ldap server: Generate correct referral schemes. * BUG 13902: lib util debug: Increase format buffer to 4KiB. * BUG 13941: Fix use after free detected by AddressSanitizer. * BUG 13942: s4 dsdb: Fix use after free in samldb_rename_search_base_callback. o Stefan Metzmacher * BUG 12204: Samba fails to replicate schema 69. * BUG 13713: Schema replication fails if link crosses chunk boundary backwards. * BUG 13799: 'samba-tool domain schemaupgrade' uses relax control and skips the schemaInfo update. * BUG 13916: dsdb:audit_log: avoid printing "... remote host [Unknown] SID [(NULL SID)] ...". * BUG 13917: python/ntacls: We only need security.SEC_STD_READ_CONTROL in order to get the ACL. * BUG 13919: smbd: Implement SMB_FILE_NORMALIZED_NAME_INFORMATION handling. o Shyamsunder Rathi * BUG 13947: s3:loadparm: Ensure to truncate FS Volume Label at multibyte boundary. o Robert Sander * BUG 13918: s3: modules: ceph: Use current working directory instead of share path. o Christof Schmitt * BUG 13831: Fix inconsistent output from wbinfo --sid-to-name depending on cache state. o Andreas Schneider * BUG 13937: Fix several issues detected by GCC 9. * BUG 13939: s3:smbspool: Fix regression printing with Kerberos credentials. o Martin Schwenke * BUG 13923: ctdb-tools: Fix ctdb dumpmemory to avoid printing trailing NUL. * BUG 13930: ctdb-daemon: Never use 0 as a client ID. * BUG 13943: ctdb-common: Fix memory leak. o Rafael David Tinoco * BUG 13984: ctdb-scripts: Fix tcp_tw_recycle existence check. o Ralph Wuerthner * BUG 13904: Log early startup failures. ####################################### Reporting bugs & Development Discussion ####################################### Please discuss this release on the samba-technical mailing list or by joining the #samba-technical IRC channel on irc.freenode.net. If you do report problems then please try to send high quality feedback. If you don't provide vital information to help us track down the problem then you will probably be ignored. All bug reports should be filed under the "Samba 4.1 and newer" product in the project's Bugzilla database (https://bugzilla.samba.org/). ====================================================================== == Our Code, Our Bugs, Our Responsibility. == The Samba Team ====================================================================== ============================= Release Notes for Samba 4.9.9 June 19, 2019 ============================= This is a security release in order to address the following defect: o CVE-2019-12435 (Samba AD DC Denial of Service in DNS management server (dnsserver)) ======= Details ======= o CVE-2019-12435: An authenticated user can crash the Samba AD DC's RPC server process via a NULL pointer dereference. For more details and workarounds, please refer to the security advisory. Changes since 4.9.8: -------------------- o Douglas Bagnall * BUG 13922: CVE-2019-12435 rpc/dns: Avoid NULL deference if zone not found in DnssrvOperation2. ####################################### Reporting bugs & Development Discussion ####################################### Please discuss this release on the samba-technical mailing list or by joining the #samba-technical IRC channel on irc.freenode.net. If you do report problems then please try to send high quality feedback. If you don't provide vital information to help us track down the problem then you will probably be ignored. All bug reports should be filed under the "Samba 4.1 and newer" product in the project's Bugzilla database (https://bugzilla.samba.org/). ====================================================================== == Our Code, Our Bugs, Our Responsibility. == The Samba Team ====================================================================== ---------------------------------------------------------------------- ============================= Release Notes for Samba 4.9.8 May 14, 2019 ============================= This is a security release in order to address the following defect: o CVE-2018-16860 (Samba AD DC S4U2Self/S4U2Proxy unkeyed checksum) ======= Details ======= o CVE-2018-16860: The checksum validation in the S4U2Self handler in the embedded Heimdal KDC did not first confirm that the checksum was keyed, allowing replacement of the requested target (client) principal. For more details and workarounds, please refer to the security advisory. Changes since 4.9.7: -------------------- o Isaac Boukris * BUG 13685: CVE-2018-16860: Heimdal KDC: Reject PA-S4U2Self with unkeyed checksum. ####################################### Reporting bugs & Development Discussion ####################################### Please discuss this release on the samba-technical mailing list or by joining the #samba-technical IRC channel on irc.freenode.net. If you do report problems then please try to send high quality feedback. If you don't provide vital information to help us track down the problem then you will probably be ignored. All bug reports should be filed under the "Samba 4.1 and newer" product in the project's Bugzilla database (https://bugzilla.samba.org/). ====================================================================== == Our Code, Our Bugs, Our Responsibility. == The Samba Team ====================================================================== ---------------------------------------------------------------------- ============================= Release Notes for Samba 4.9.7 May 1, 2019 ============================= This is the latest stable release of the Samba 4.9 release series. Changes since 4.9.6: -------------------- o Douglas Bagnall * BUG 13837: py/kcc_utils: py2.6 compatibility. * BUG 13882: py/provision: Fix for Python 2.6. o Andrew Bartlett * BUG 13840: regfio: Update code near recent changes to match README.Coding. o Günther Deschner * BUG 13861: 'net ads join' to child domain fails when using "-U admin@forestroot". o David Disseldorp * BUG 13858: vfs_snapper: Drop unneeded fstat handler. * BUG 13896: vfs_ceph: Explicitly enable libcephfs POSIX ACL support. o Philipp Gesang * BUG 13869: libcli: Permit larger values of DataLength in SMB2_ENCRYPTION_CAPABILITIES of negotiate response. o Michael Hanselmann * BUG 13840: regfio: Improve handling of malformed registry hive files. o Amitay Isaacs * BUG 13895: ctdb-common: Avoid race between fd and signal events. o Volker Lendecke * BUG 13813: Fix idmap cache pollution with S-1-22- IDs on winbind hickup. o Marcos Mello * BUG 11568: Send status to systemd on daemon start. o Stefan Metzmacher * BUG 10097: s3:smbd: Handle IO_REPARSE_TAG_DFS in SMB_FIND_FILE_FULL_DIRECTORY_INFO. * BUG 10344: smb2_tcon: Avoid STATUS_PENDING completely on tdis. * BUG 12844: smb2_tcon: Avoid STATUS_PENDING responses for tree connect. * BUG 12845: smb2_sesssetup: Avoid STATUS_PENDING responses for session setup. * BUG 13698: smb2_tcon: Avoid STATUS_PENDING responses for tree connect. * BUG 13796: smb2_sesssetup: Avoid STATUS_PENDING responses for session setup. * BUG 13816: dbcheck in the middle of the tombstone garbage collection causes replication failures. * BUG 13818: ndr_spoolss_buf: Fix out of scope use of stack variable in NDR_SPOOLSS_PUSH_ENUM_OUT(). * BUG 13862: vfs_default: Fix vfswrap_offload_write_send() NT_STATUS_INVALID_VIEW_SIZE check. * BUG 13863: smb2_server: Grant all 8192 credits to clients. o Noel Power * python/samba: extra ndr_unpack needs bytes function o Anoop C S * BUG 13872: s3/vfs_glusterfs[_fuse]: Dynamically determine NAME_MAX. o Christof Schmitt * passdb: Update ABI to 0.27.2. * BUG 13813: lib/winbind_util: Add winbind_xid_to_sid for --without-winbind. * BUG 13865: memcache: Increase size of default memcache to 512k. o Andreas Schneider * BUG 13823: lib:util: Move debug message for mkdir failing to log level 1. * BUG 13832: Printing via smbspool backend with Kerberos auth fails. * BUG 13847: s4:librpc: Fix installation of Samba. * BUG 13848: s3:lib: Fix the debug message for adding cache entries. * BUG 13853: s3:waf: Fix the detection of makdev() macro on Linux. * BUG 13857: docs: Update smbclient manpage for --max-protocol. * BUG 13861: 'net ads join' to child domain fails when using "-U admin@forestroot". o Zhu Shangzhong * BUG 13839: ctdb: Initialize addr struct to zero before reparsing as IPV4. o Martin Schwenke * BUG 13838: ctdb package should not own system library directory. * BUG 13860: CTDB restarts failed NFS RPC services by hand, which is incompatible with systemd. * BUG 13888: ctdb-daemon: Revert "We can not assume that just because we could complete a TCP handshake". ####################################### Reporting bugs & Development Discussion ####################################### Please discuss this release on the samba-technical mailing list or by joining the #samba-technical IRC channel on irc.freenode.net. If you do report problems then please try to send high quality feedback. If you don't provide vital information to help us track down the problem then you will probably be ignored. All bug reports should be filed under the "Samba 4.1 and newer" product in the project's Bugzilla database (https://bugzilla.samba.org/). ====================================================================== == Our Code, Our Bugs, Our Responsibility. == The Samba Team ====================================================================== ---------------------------------------------------------------------- ============================= Release Notes for Samba 4.9.6 April 8, 2019 ============================= This is a security release in order to address the following defects: o CVE-2019-3870 (World writable files in Samba AD DC private/ dir) o CVE-2019-3880 (Save registry file outside share as unprivileged user) ======= Details ======= o CVE-2019-3870: During the provision of a new Active Directory DC, some files in the private/ directory are created world-writable. o CVE-2019-3880: Authenticated users with write permission can trigger a symlink traversal to write or detect files outside the Samba share. For more details and workarounds, please refer to the security advisories. Changes since 4.9.5: -------------------- o Andrew Bartlett * BUG 13834: CVE-2019-3870: pysmbd: Ensure a zero umask is set for smbd.mkdir(). o Jeremy Allison * BUG 13851: CVE-2018-14629: rpc: winreg: Remove implementations of SaveKey/RestoreKey. ####################################### Reporting bugs & Development Discussion ####################################### Please discuss this release on the samba-technical mailing list or by joining the #samba-technical IRC channel on irc.freenode.net. If you do report problems then please try to send high quality feedback. If you don't provide vital information to help us track down the problem then you will probably be ignored. All bug reports should be filed under the "Samba 4.1 and newer" product in the project's Bugzilla database (https://bugzilla.samba.org/). ====================================================================== == Our Code, Our Bugs, Our Responsibility. == The Samba Team ====================================================================== ---------------------------------------------------------------------- ============================= Release Notes for Samba 4.9.5 March 12, 2019 ============================= Changes since 4.9.4: -------------------- o Andrew Bartlett * BUG 13714: audit_logging: Remove debug log header and JSON Authentication: prefix. * BUG 13760: Fix upgrade from 4.7 (or earlier) to 4.9. o Jeremy Allison * BUG 11495: s3: lib: nmbname: Ensure we limit the NetBIOS name correctly. CID: 1433607. * BUG 13690: smbd: uid: Don't crash if 'force group' is added to an existing share connection. * BUG 13770: s3: VFS: vfs_fruit. Fix the NetAtalk deny mode compatibility code. * BUG 13803: s3: SMB1 POSIX mkdir does case insensitive name lookup. o Christian Ambach * BUG 13199: s3:utils/smbget fix recursive download with empty source directories. o Douglas Bagnall * BUG 13716: samba-tool drs showrepl: Do not crash if no dnsHostName found. o Tim Beale * BUG 13736: s3:libsmb: cli_smb2_list() can sometimes fail initially on a connection. * BUG 13747: join: Throw CommandError instead of Exception for simple errors. * BUG 13762: ldb: Avoid inefficient one-level searches. o Ralph Boehme * BUG 13736: s3: libsmb: use smb2cli_conn_max_trans_size() in cli_smb2_list(). * BUG 13776: tldap: Avoid use after free errors. * BUG 13802: Fix idmap xid2sid cache churn. * BUG 13812: access_check_max_allowed() doesn't process "Owner Rights" ACEs. o Günther Deschner * BUG 13720: s3-smbd: Avoid assuming fsp is always intact after close_file call. * BUG 13725: s3-vfs-fruit: Add close call. * BUG 13746: s3-smbd: Use fruit:model string for mDNS registration. * BUG 13774: s3-vfs: add glusterfs_fuse vfs module. o David Disseldorp * BUG 13766: printing: Check lp_load_printers() prior to pcap cache update. * BUG 13807: vfs_ceph: vfs_ceph strict_allocate_ftruncate calls (local FS) ftruncate and fallocate. o Philipp Gesang * BUG 13737: lib/audit_logging: Actually create talloc. o Joe Guo * BUG 13728: netcmd/user: python[3]-gpgme unsupported and replaced by python[3]-gpg. o Aaron Haslett * BUG 13738: dns: Changing onelevel search for wildcard to subtree. o Björn Jacke * BUG 13721: samba-tool: Don't print backtrace on simple DNS errors. * BUG 13759: sambaundoguididx: Use the right escaped oder unescaped sam ldb files. o Volker Lendecke * BUG 13742: ctdb: Print locks latency in machinereadable stats. * BUG 13786: messages_dgm: Messaging gets stuck when pids are recycled. o Gary Lockyer * BUG 13715: audit_logging: auth_json_audit required auth_json. * BUG 13765: man pages: Document prefork process model. * BUG 13773: CVE-2019-3824 ldb: Release ldb 1.4.6. o Stefan Metzmacher * BUG 13697: s3:auth: ignore create_builtin_guests() failing without a valid idmap configuration. * BUG 13722: s3:auth_winbind: Ignore a missing winbindd as NT4 PDC/BDC without trusts. * BUG 13723: s3:auth_winbind: return NT_STATUS_NO_LOGON_SERVERS if winbindd is not available. * BUG 13752: s4:server: Add support for 'smbcontrol samba shutdown' and 'smbcontrol debug/debuglevel'. o Noel Power * BUG 13616: Python: Ensure ldb.Dn can doesn't rencoded str with py2. o Anoop C S * BUG 13330: vfs_glusterfs: Adapt to changes in libgfapi signatures. * BUG 13774: s3-vfs: Use ENOATTR in errno comparison for getxattr. o Jiří Šašek * BUG 13704: notifyd: Fix SIGBUS on sparc. o Christof Schmitt * BUG 13787: waf: Check for libnscd. o Andreas Schneider * BUG 13770: s3:vfs: Correctly check if OFD locks should be enabled or not. o Martin Schwenke * BUG 13717: lib/util: Count a trailing line that doesn't end in a newline. * BUG 13800: Recovery lock bug fixes. o Justin Stephenson * BUG 13726: s3: net: Do not set NET_FLAGS_ANONYMOUS with -k. * BUG 13727: s3:libsmb: Honor disable_netbios option in smbsock_connect_send. o Ralph Wuerthner * BUG 13741: vfs_fileid: Fix get_connectpath_ino. * BUG 13744: vfs_fileid: Fix fsname_norootdir algorithm. ####################################### Reporting bugs & Development Discussion ####################################### Please discuss this release on the samba-technical mailing list or by joining the #samba-technical IRC channel on irc.freenode.net. If you do report problems then please try to send high quality feedback. If you don't provide vital information to help us track down the problem then you will probably be ignored. All bug reports should be filed under the "Samba 4.1 and newer" product in the project's Bugzilla database (https://bugzilla.samba.org/). ====================================================================== == Our Code, Our Bugs, Our Responsibility. == The Samba Team ====================================================================== ---------------------------------------------------------------------- ============================= Release Notes for Samba 4.9.4 December 20, 2018 ============================= Major bug fixes include: ------------------------ o dns: Fix CNAME loop prevention using counter regression (bug #13600). Changes since 4.9.3: -------------------- o Ralph Boehme * BUG 9175: libcli/smb: Don't overwrite status code. * BUG 12164: wbinfo --group-info 'NT AUTHORITY\System' does not work. * BUG 13661: Session setup reauth fails to sign response. * BUG 13677: vfs_fruit: Validation of writes on AFP_AfpInfo stream. * BUG 13688: vfs_shadow_copy2: Nicely deal with attempts to open previous version for writing. * BUG 13455: Restoring previous version of stream with vfs_shadow_copy2 fails with NT_STATUS_OBJECT_NAME_INVALID fsp->base_fsp->fsp_name. o Isaac Boukris * BUG 13571: CVE-2018-16853: Fix S4U2Self crash with MIT KDC build. o Günther Deschner * BUG 13708: s3-vfs: Prevent NULL pointer dereference in vfs_glusterfs. o Joe Guo * PEP8: fix E231: missing whitespace after ','. o Volker Lendecke * BUG 13629: winbindd: Fix crash when taking profiles. o Stefan Metzmacher * BUG 13600: CVE-2018-14629 dns: Fix CNAME loop prevention using counter regression. o Garming Sam * BUG 13686: 'samba-tool user syscpasswords' fails on a domain with many DCs. o Andreas Schneider * BUG 13571: CVE-2018-16853: Do not segfault if client is not set. * BUG 13679: lib:util: Fix DEBUGCLASS pointer initializiation. o Martin Schwenke * BUG 13696: ctdb-daemon: Exit with error if a database directory does not exist. o Justin Stephenson * BUG 13498: s3:libads: Add net ads leave keep-account option. ####################################### Reporting bugs & Development Discussion ####################################### Please discuss this release on the samba-technical mailing list or by joining the #samba-technical IRC channel on irc.freenode.net. If you do report problems then please try to send high quality feedback. If you don't provide vital information to help us track down the problem then you will probably be ignored. All bug reports should be filed under the "Samba 4.1 and newer" product in the project's Bugzilla database (https://bugzilla.samba.org/). ====================================================================== == Our Code, Our Bugs, Our Responsibility. == The Samba Team ====================================================================== ---------------------------------------------------------------------- ============================= Release Notes for Samba 4.9.3 November 27, 2018 ============================= This is a security release in order to address the following defects: o CVE-2018-14629 (Unprivileged adding of CNAME record causing loop in AD Internal DNS server) o CVE-2018-16841 (Double-free in Samba AD DC KDC with PKINIT) o CVE-2018-16851 (NULL pointer de-reference in Samba AD DC LDAP server) o CVE-2018-16852 (NULL pointer de-reference in Samba AD DC DNS servers) o CVE-2018-16853 (Samba AD DC S4U2Self crash in experimental MIT Kerberos configuration (unsupported)) o CVE-2018-16857 (Bad password count in AD DC not always effective) ======= Details ======= o CVE-2018-14629: All versions of Samba from 4.0.0 onwards are vulnerable to infinite query recursion caused by CNAME loops. Any dns record can be added via ldap by an unprivileged user using the ldbadd tool, so this is a security issue. o CVE-2018-16841: When configured to accept smart-card authentication, Samba's KDC will call talloc_free() twice on the same memory if the principal in a validly signed certificate does not match the principal in the AS-REQ. This is only possible after authentication with a trusted certificate. talloc is robust against further corruption from a double-free with talloc_free() and directly calls abort(), terminating the KDC process. There is no further vulnerability associated with this issue, merely a denial of service. o CVE-2018-16851: During the processing of an LDAP search before Samba's AD DC returns the LDAP entries to the client, the entries are cached in a single memory object with a maximum size of 256MB. When this size is reached, the Samba process providing the LDAP service will follow the NULL pointer, terminating the process. There is no further vulnerability associated with this issue, merely a denial of service. o CVE-2018-16852: During the processing of an DNS zone in the DNS management DCE/RPC server, the internal DNS server or the Samba DLZ plugin for BIND9, if the DSPROPERTY_ZONE_MASTER_SERVERS property or DSPROPERTY_ZONE_SCAVENGING_SERVERS property is set, the server will follow a NULL pointer and terminate. There is no further vulnerability associated with this issue, merely a denial of service. o CVE-2018-16853: A user in a Samba AD domain can crash the KDC when Samba is built in the non-default MIT Kerberos configuration. With this advisory we clarify that the MIT Kerberos build of the Samba AD DC is considered experimental. Therefore the Samba Team will not issue security patches for this configuration. o CVE-2018-16857: AD DC Configurations watching for bad passwords (to restrict brute forcing of passwords) in a window of more than 3 minutes may not watch for bad passwords at all. For more details and workarounds, please refer to the security advisories. Changes since 4.9.2: -------------------- o Andrew Bartlett * BUG 13628: CVE-2018-16841: heimdal: Fix segfault on PKINIT with mis-matching principal. * BUG 13678: CVE-2018-16853: build: The Samba AD DC, when build with MIT Kerberos is experimental o Tim Beale * BUG 13683: CVE-2018-16857: dsdb/util: Correctly treat lockOutObservationWindow as 64-bit int. o Joe Guo * BUG 13683: CVE-2018-16857 PEP8: Fix E305: Expected 2 blank lines after class or function definition, found 1. o Aaron Haslett * BUG 13600: CVE-2018-14629: dns: CNAME loop prevention using counter. o Gary Lockyer * BUG 13669: CVE-2018-16852: Fix NULL pointer de-reference in Samba AD DC DNS management. o Garming Sam * BUG 13674: CVE-2018-16851: ldap_server: Check ret before manipulating blob. ####################################### Reporting bugs & Development Discussion ####################################### Please discuss this release on the samba-technical mailing list or by joining the #samba-technical IRC channel on irc.freenode.net. If you do report problems then please try to send high quality feedback. If you don't provide vital information to help us track down the problem then you will probably be ignored. All bug reports should be filed under the "Samba 4.1 and newer" product in the project's Bugzilla database (https://bugzilla.samba.org/). ====================================================================== == Our Code, Our Bugs, Our Responsibility. == The Samba Team ====================================================================== ---------------------------------------------------------------------- ============================= Release Notes for Samba 4.9.2 November 08, 2018 ============================= This is the latest stable release of the Samba 4.9 release series. Changes since 4.9.1: -------------------- o Andrew Bartlett * BUG 13418: dsdb: Add comments explaining the limitations of our current backlink behaviour. * BUG 13621: Fix problems running domain backups (handling SMBv2, sites). o Tim Beale * BUG 13621: Fix problems running domain backups (handling SMBv2, sites). o Ralph Boehme * BUG 13465: testparm: Fix crashes with PANIC: Messaging not initialized on SLES 12 SP3. * BUG 13642: Make vfs_fruit able to cleanup AppleDouble files. * BUG 13646: File saving issues with vfs_fruit on samba >= 4.8.5. * BUG 13649: Enabling vfs_fruit looses FinderInfo. * BUG 13667: Cancelling of SMB2 aio reads and writes returns wrong error NT_STATUS_INTERNAL_ERROR. o Amitay Isaacs * BUG 13641: Fix CTDB recovery record resurrection from inactive nodes and simplify vacuuming. o Volker Lendecke * BUG 13465: examples: Fix the smb2mount build. * BUG 13629: libtevent: Fix build due to missing open_memstream on Illiumos. * BUG 13662: winbindd_cache: Fix timeout calculation for sid<->name cache. o Gary Lockyer * BUG 13653: dsdb encrypted_secrets: Allow "ldb:// and "mdb://" in file path. o Stefan Metzmacher * BUG 13418: Extended DN SID component missing for member after switching group membership. * BUG 13624: Return STATUS_SESSION_EXPIRED error encrypted, if the request was encrypted. o David Mulder * BUG 13621: python: Allow forced signing via smb.SMB(). * BUG 13665: lib:socket: If returning early, set ifaces. o Noel Power * BUG 13616: ldb: Bump ldb version to 1.4.3, Python: Ensure ldb.Dn can accept utf8 encoded unicode. o Christof Schmitt * BUG 13465: testparm: Fix crashes with PANIC: Messaging not initialized on SLES 12 SP3. * BUG 13673: smbd: Fix DELETE_ON_CLOSE behaviour on files with READ_ONLY attribute. o Andreas Schneider * BUG 13601: waf: Add -fstack-clash-protection. * BUG 13668: winbind: Fix segfault if an invalid passdb backend is configured. o Martin Schwenke * BUG 13659: Fix bugs in CTDB event handling. * BUG 13670: Misbehaving nodes are sometimes not banned. ####################################### Reporting bugs & Development Discussion ####################################### Please discuss this release on the samba-technical mailing list or by joining the #samba-technical IRC channel on irc.freenode.net. If you do report problems then please try to send high quality feedback. If you don't provide vital information to help us track down the problem then you will probably be ignored. All bug reports should be filed under the "Samba 4.1 and newer" product in the project's Bugzilla database (https://bugzilla.samba.org/). ====================================================================== == Our Code, Our Bugs, Our Responsibility. == The Samba Team ====================================================================== ---------------------------------------------------------------------- ============================= Release Notes for Samba 4.9.1 September 24, 2018 ============================= This is the latest stable release of the Samba 4.9 release series. Major enhancements include: --------------------------- o s3: nmbd: Stop nmbd network announce storm (bug #13620). Changes since 4.9.0: -------------------- o Andrew Bartlett * BUG 13620: s3: nmbd: Stop nmbd network announce storm. o Günther Deschner * BUG 13597: s3-rpcclient: Use spoolss_init_spoolss_UserLevel1 in winspool cmds. o Martin Schwenke * BUG 13617: CTDB recovery lock has some race conditions. o Justin Stephenson * BUG 13597: s3-rpc_client: Advertise Windows 7 client info. o Ralph Wuerthner * BUG 13610: ctdb-doc: Remove PIDFILE option from ctdbd_wrapper man page. ####################################### Reporting bugs & Development Discussion ####################################### Please discuss this release on the samba-technical mailing list or by joining the #samba-technical IRC channel on irc.freenode.net. If you do report problems then please try to send high quality feedback. If you don't provide vital information to help us track down the problem then you will probably be ignored. All bug reports should be filed under the "Samba 4.1 and newer" product in the project's Bugzilla database (https://bugzilla.samba.org/). ====================================================================== == Our Code, Our Bugs, Our Responsibility. == The Samba Team ====================================================================== ---------------------------------------------------------------------- ============================= Release Notes for Samba 4.9.0 September 13, 2018 ============================= This is the first stable release of the Samba 4.9 release series. Please read the release notes carefully before upgrading. NEW FEATURES/CHANGES ==================== 'net ads setspn' ---------------- There is a new 'net ads setspn' sub command for managing Windows SPN(s) on the AD. This command aims to give the basic functionality that is provided on windows by 'setspn.exe' e.g. ability to add, delete and list Windows SPN(s) stored in a Windows AD Computer object. The format of the command is: net ads setspn list [machine] net ads setspn [add | delete ] SPN [machine] 'machine' is the name of the computer account on the AD that is to be managed. If 'machine' is not specified the name of the 'client' running the command is used instead. The format of a Windows SPN is 'serviceclass/host:port/servicename' (servicename and port are optional) serviceclass/host is generally sufficient to specify a host based service. 'net ads keytab' changes ------------------------ net ads keytab add no longer attempts to convert the passed serviceclass (e.g. nfs, html etc.) into a Windows SPN which is added to the Windows AD computer object. By default just the keytab file is modified. A new keytab subcommand 'add_update_ads' has been added to preserve the legacy behaviour. However the new 'net ads setspn add' subcommand should really be used instead. net ads keytab create no longer tries to generate SPN(s) from existing entries in a keytab file. If it is required to add Windows SPN(s) then 'net ads setspn add' should be used instead. Local authorization plugin for MIT Kerberos ------------------------------------------- This plugin controls the relationship between Kerberos principals and AD accounts through winbind. The module receives the Kerberos principal and the local account name as inputs and can then check if they match. This can resolve issues with canonicalized names returned by Kerberos within AD. If the user tries to log in as 'alice', but the samAccountName is set to ALICE (uppercase), Kerberos would return ALICE as the username. Kerberos would not be able to map 'alice' to 'ALICE' in this case and auth would fail. With this plugin, account names can be correctly mapped. This only applies to GSSAPI authentication, not for getting the initial ticket granting ticket. VFS audit modules ----------------- The vfs_full_audit module has changed its default set of monitored successful and failed operations from "all" to "none". That helps to prevent potential denial of service caused by simple addition of the module to the VFS objects. Also, modules vfs_audit, vfs_ext_audit and vfs_full_audit now accept any valid syslog(3) facility, in accordance with the manual page. Database audit support ---------------------- Changes to the Samba AD's sam.ldb database are now logged to Samba's debug log under the "dsdb_audit" debug class and "dsdb_json_audit" for JSON formatted log entries. Transaction commits and roll backs are now logged to Samba's debug logs under the "dsdb_transaction_audit" debug class and "dsdb_transaction_json_audit" for JSON formatted log entries. Password change audit support ----------------------------- Password changes in the AD DC are now logged to Samba's debug logs under the "dsdb_password_audit" debug class and "dsdb_password_json_audit" for JSON formatted log entries. Group membership change audit support ------------------------------------- Group membership changes on the AD DC are now logged to Samba's debug log under the "dsdb_group_audit" debug class and "dsdb_group_json_audit" for JSON formatted log entries. Log Authentication duration --------------------------- For NTLM and Kerberos KDC authentication, the authentication duration is now logged. Note that the duration is only included in the JSON formatted log entries. JSON library Jansson required for the AD DC ------------------------------------------- By default, the Jansson JSON library is required for Samba to build. It is strictly required for the Samba AD DC, and is optional for builds "--without-ad-dc" by specifying "--without-json-audit" at configure time. New experimental LMDB LDB backend --------------------------------- A new experimental LDB backend using LMDB is now available. This allows databases larger than 4Gb (Currently the limit is set to 6Gb, but this will be increased in a future release). To enable lmdb, provision or join a domain using the "--backend-store=mdb" option. This requires that a version of lmdb greater than 0.9.16 is installed and that samba has not been built with the "--without-ldb-lmdb" option. Please note this is an experimental feature and is not recommended for production deployments. Password Settings Objects ------------------------- Support has been added for Password Settings Objects (PSOs). This AD feature is also known as Fine-Grained Password Policies (FGPP). PSOs allow AD administrators to override the domain password policy settings for specific users, or groups of users. For example, PSOs can force certain users to have longer password lengths, or relax the complexity constraints for other users, and so on. PSOs can be applied to groups or to individual users. When multiple PSOs apply to the same user, essentially the PSO with the best precedence takes effect. PSOs can be configured and applied to users/groups using the 'samba-tool domain passwordsettings pso' set of commands. Domain backup and restore ------------------------- A new 'samba-tool' subcommand has been added that allows administrators to create a backup-file of their domain DB. In the event of a catastrophic failure of the domain, this backup-file can be used to restore Samba services. The new 'samba-tool domain backup online' command takes a snapshot of the domain DB from a given DC. In the event of a catastrophic DB failure, all DCs in the domain should be taken offline, and the backup-file can then be used to recreate a fresh new DC, using the 'samba-tool domain backup restore' command. Once the backed-up domain DB has been restored on the new DC, other DCs can then subsequently be joined to the new DC, in order to repopulate the Samba network. Domain rename tool ------------------ Basic support has been added for renaming a Samba domain. The rename feature is designed for the following cases: 1). Running a temporary alternate domain, in the event of a catastrophic failure of the regular domain. Using a completely different domain name and realm means that the original domain and the renamed domain can both run at the same time, without interfering with each other. This is an advantage over creating a regular 'online' backup - it means the renamed/alternate domain can provide core Samba network services, while trouble-shooting the fault on the original domain can be done in parallel. 2). Creating a realistic lab domain or pre-production domain for testing. Note that the renamed tool is currently not intended to support a long-term rename of the production domain. Currently renaming the GPOs is not supported and would need to be done manually. The domain rename is done in two steps: first, the 'samba-tool domain backup rename' command will clone the domain DB, renaming it in the process, and producing a backup-file. Then, the 'samba-tool domain backup restore' command takes the backup-file and restores the renamed DB to disk on a fresh DC. New samba-tool options for diagnosing DRS replication issues ------------------------------------------------------------ The 'samba-tool drs showrepl' command has two new options controlling the output. With --summary, the command says very little when DRS replication is working well. With --json, JSON is produced. These options are intended for human and machine audiences, respectively. The 'samba-tool visualize uptodateness' visualizes replication lag as a heat-map matrix based on the DRS uptodateness vectors. This will show you if (but not why) changes are failing to replicate to some DCs. Automatic site coverage and GetDCName improvements -------------------------------------------------- Samba's AD DC now automatically claims otherwise empty sites based on which DC is the nearest in the replication topology. This, combined with efforts to correctly identify the client side in the GetDCName Netlogon call will improve service to sites without a local DC. Improved 'samba-tool computer' command -------------------------------------- The 'samba-tool computer' command allow manipulation of computer accounts including creating a new computer and resetting the password. This allows an 'offline join' of a member server or workstation to the Samba AD domain. New 'samba-tool ou' command --------------------------- The new 'samba-tool ou' command allows to manage organizational units. Available subcommands are: create - Create an organizational unit. delete - Delete an organizational unit. list - List all organizational units listobjects - List all objects in an organizational unit. move - Move an organizational unit. rename - Rename an organizational unit. In addition to the ou commands, there are new subcommands for the user and group management, which can make use of the organizational units: group move - Move a group to an organizational unit/container. user move - Move a user to an organizational unit/container. user show - Display a user AD object. Samba performance tool now operates against Microsoft Windows AD ---------------------------------------------------------------- The Samba AD performance testing tool 'traffic_reply' can now operate against a Windows based AD domain. Previously it only operated correctly against Samba. DNS entries are now cleaned up during DC demote ----------------------------------------------- DNS records are now cleaned up as part of the 'samba-tool domain demote' including both the default and '--remove-other-dead-server' modes. Additionally, DNS records can be automatically cleaned up for a given name with the 'samba-tool dns cleanup' command, which aids in cleaning up partially removed DCs. samba-tool ntacl sysvolreset is now much faster ----------------------------------------------- The 'samba-tool ntacl sysvolreset' command, used on the Samba AD DC, is now much faster than in previous versions, after an internal rework. Samba now tested with CI GitLab ------------------------------- Samba developers now have pre-commit testing available in GitLab, giving reviewers confidence that the submitted patches pass a full CI before being submitted to the Samba Team's own autobuild system. Dynamic DNS record scavenging support ------------------------------------- It is now possible to enable scavenging of DNS Zones to remove DNS records that were dynamically created and have not been touched in some time. This support should however only be enabled on new zones or new installations. Sadly old Samba versions suffer from BUG 12451 and mark dynamic DNS records as static and static records as dynamic. While a dbcheck rule may be able to find these in the future, currently a reliable test has not been devised. Finally, there is not currently a command-line tool to enable this feature, currently it should be enabled from the DNS Manager tool from Windows. Also the feature needs to have been enabled by setting the smb.conf parameter "dns zone scavenging = yes". Improved support for trusted domains (as AD DC) ----------------------------------------------- The support for trusted domains/forests has been further improved. External domain trusts, as well a transitive forest trusts, are supported in both directions (inbound and outbound) for Kerberos and NTLM authentication. The following features are new in 4.9 (compared to 4.8): - It's now possible to add users/groups of a trusted domain into domain groups. The group memberships are expanded on trust boundaries. - foreignSecurityPrincipal objects (FPO) are now automatically created when members (as SID) of a trusted domain/forest are added to a group. - The 'samba-tool group *members' commands allow members to be specified as foreign SIDs. However there are currently still a few limitations: - Both sides of the trust need to fully trust each other! - No SID filtering rules are applied at all! - This means DCs of domain A can grant domain admin rights in domain B. - Selective (CROSS_ORGANIZATION) authentication is not supported. It's possible to create such a trust, but the KDC and winbindd ignore them. - Samba can still only operate in a forest with just one single domain. CTDB changes ------------ There are many changes to CTDB in this release. * Configuration has been completely overhauled - Daemon and tool options are now specified in a new ctdb.conf Samba-style configuration file. See ctdb.conf(5) for details. - Event script configuration is no longer specified in the top-level configuration file. It can now be specified per event script. For example, configuration options for the 50.samba event script can be placed alongside the event script in a file called 50.samba.options. Script options can also be specified in a new script.options file. See ctdb-script.options(5) for details. - Options that affect CTDB startup should be configured in the distribution-specific configuration file. See ctdb.sysconfig(5) for details. - Tunable settings are now loaded from ctdb.tunables. Using CTDB_SET_TunableVariable= in the main configuration file is no longer supported. See ctdb-tunables(7) for details. A example script to migrate an old-style configuration to the new style is available in ctdb/doc/examples/config_migrate.sh. * The following configuration variables and corresponding ctdbd command-line options have been removed and not replaced with counterparts in the new configuration scheme: CTDB_PIDFILE --pidfile CTDB_SOCKET --socket CTDB_NODES --nlist CTDB_PUBLIC_ADDRESSES --public-addresses CTDB_EVENT_SCRIPT_DIR --event-script-dir CTDB_NOTIFY_SCRIPT --notification-script CTDB_PUBLIC_INTERFACE --public-interface CTDB_MAX_PERSISTENT_CHECK_ERRORS --max-persistent-check-errors - The compile-time defaults should be used for the first 6 of these. - Use a symbolic link from the configuration directory to specify a different location for nodes or public_addresses (e.g. in the cluster filesystem). - Executable notification scripts in the notify.d/ subdirectory of the configuration directory are now run by unconditionally. - Interfaces for public IP addresses must always be specified in the public_addresses file using the currently supported format. Some related items that have been removed are: - The ctdb command's --socket command-line option - The ctdb command's CTDB_NODES environment variable When writing tests there are still mechanisms available to change the locations of certain directories and files. * The following ctdbd.conf and ctdbd options have been replaced by new ctdb.conf options: CTDB_LOGGING/--logging logging -> location CTDB_DEBUGLEVEL/-d logging -> log level CTDB_TRANSPORT/--transport cluster -> transport CTDB_NODE_ADDRESS/--listen cluster -> node address CTDB_RECOVERY_LOCK/--reclock cluster -> recovery lock CTDB_DBDIR/--dbdir database -> volatile database directory CTDB_DBDIR_PERSISTENT/--dbdir-persistent database -> peristent database directory CTDB_DBDIR_STATE/--dbdir-state database -> state database directory CTDB_DEBUG_LOCKS database -> lock debug script CTDB_DEBUG_HUNG_SCRIPT event -> debug script CTDB_NOSETSCHED/--nosetsched legacy -> realtime scheduling CTDB_CAPABILITY_RECMASTER/--no-recmaster legacy -> recmaster capability CTDB_CAPABILITY_LMASTER/--no-lmaster legacy -> lmaster capability CTDB_START_AS_STOPPED/--start-as-stopped legacy -> start as stopped CTDB_START_AS_DISABLED/--start-as-disabled legacy -> start as disabled CTDB_SCRIPT_LOG_LEVEL/--script-log-level legacy -> script log level * Event scripts have moved to the scripts/legacy subdirectory of the configuration directory Event scripts must now end with a ".script" suffix. * The "ctdb event" command has changed in 2 ways: - A component is now required for all commands In this release the only valid component is "legacy". - There is no longer a default event when running "ctdb event status" Listing the status of the "monitor" event is now done via: ctdb event status legacy monitor See ctdb(1) for details. * The following service-related event script options have been removed: CTDB_MANAGES_SAMBA CTDB_MANAGES_WINBIND CTDB_MANAGES_CLAMD CTDB_MANAGES_HTTPD CTDB_MANAGES_ISCSI CTDB_MANAGES_NFS CTDB_MANAGES_VSFTPD CTDB_MANAGED_SERVICES Event scripts for services are now disabled by default. To enable an event script and, therefore, manage a service use a command like the following: ctdb event script enable legacy 50.samba * Notification scripts have moved to the scripts/notification subdirectory of the configuration directory Notification scripts must now end with a ".script" suffix. * Support for setting CTDB_DBDIR=tmpfs has been removed This feature has not been implemented in the new configuration system. If this is desired then a tmpfs filesystem should be manually mounted on the directory pointed to by the "volatile database directory" option. See ctdb.conf(5) for more details. * The following tunable options are now ctdb.conf options: DisabledIPFailover failover -> disabled TDBMutexEnabled database -> tdb mutexes * Support for the NoIPHostOnAllDisabled tunable has been removed If all nodes are unhealthy or disabled then CTDB will not host public IP addresses. That is, CTDB now behaves as if NoIPHostOnAllDisabled were set to 1. * The onnode command's CTDB_NODES_FILE environment variable has been removed The -f option can still be used to specify an alternate node file. * The 10.external event script has been removed * The CTDB_SHUTDOWN_TIMEOUT configuration variable has been removed As with other daemons, if ctdbd does not shut down when requested then manual intervention is required. There is no safe way of automatically killing ctdbd after a failed shutdown. * CTDB_SUPPRESS_COREFILE and CTDB_MAX_OPEN_FILES configuration variable have been removed These should be setup in the systemd unit/system file or, for SYSV init, in the distribution-specific configuration file for the ctdb service. * CTDB_PARTIALLY_ONLINE_INTERFACES incompatibility no longer enforced 11.natgw and 91.lvs will no longer fail if CTDB_PARTIALLY_ONLINE_INTERFACES=yes. The incompatibility is, however, well documented. This option will be removed in future and replaced by sensible behaviour where public IP addresses simply switch interfaces or become unavailable when interfaces are down. * Configuration file /etc/ctdb/sysconfig/ctdb is no longer supported GPO Improvements ---------------- The 'samba_gpoupdate' command (used in applying Group Policies to the Samba machine itself) has been renamed to "samba_gpupdate" and had the syntax changed to better match the same tool on Windows. New glusterfs_fuse VFS module ----------------------------- The new vfs_glusterfs_fuse module improves performance when Samba accesses a glusterfs volume mounted via FUSE (Filesystem in Userspace as part of the Linux kernel). It achieves that by leveraging a mechanism to retrieve the appropriate case of filenames by querying a specific extended attribute in the filesystem. No extra configuration is required to use this module, only glusterfs_fuse needs to be set in the "vfs objects" parameter. Further details can be found in the vfs_glusterfs_fuse(8) manpage. This new vfs_glusterfs_fuse module does not replace the existing vfs_glusterfs module, it just provides an additional, alternative mechanism to access a Gluster volume. REMOVED FEATURES ================ % smb.conf changes ================ As the most popular Samba install platforms (Linux and FreeBSD) both support extended attributes by default, the parameters "map readonly", "store dos attributes" and "ea support" have had their defaults changed to allow better Windows fileserver compatibility in a default install. Parameter Name Description Default -------------- ----------- ------- map readonly Default changed no store dos attributes Default changed yes ea support Default changed yes full_audit:success Default changed none full_audit:failure Default changed none VFS interface changes ===================== The VFS ABI interface version has changed to 39. Function changes are: SMB_VFS_FSYNC: Removed: Only async versions are used. SMB_VFS_READ: Removed: Only PREAD or async versions are used. SMB_VFS_WRITE: Removed: Only PWRITE or async versions are used. SMB_VFS_CHMOD_ACL: Removed: Only CHMOD is used. SMB_VFS_FCHMOD_ACL: Removed: Only FCHMOD is used. Any external VFS modules will need to be updated to match these changes in order to work with 4.9.x. CHANGES SINCE 4.9.0rc5 ====================== o Björn Baumbach * BUG 13605: samba_dnsupdate: Honor 'dns zone scavenging' option, only update if needed. o Andreas Schneider * BUG 13606: wafsamba: Fix 'make -j'. o CHANGES SINCE 4.9.0rc4 ====================== o Jeremy Allison * BUG 13565: s3: VFS: vfs_full_audit: Ensure smb_fname_str_do_log() only returns absolute pathnames. o Paulo Alcantara * BUG 13578: s3: util: Do not take over stderr when there is no log file. o Ralph Boehme * BUG 13549: Durable Reconnect fails because cookie.allow_reconnect is not set. o Alexander Bokovoy * BUG 13539: krb5-samba: Interdomain trust uses different salt principal. o Volker Lendecke * BUG 13441: vfs_fruit: Don't unlink the main file. * BUG 13602: smbd: Fix a memleak in async search ask sharemode. o Stefan Metzmacher * BUG 11517: Fix Samba GPO issue when Trust is enabled. * BUG 13539: samba-tool: Add "virtualKerberosSalt" attribute to 'user getpassword/syncpasswords'. o Martin Schwenke * BUG 13589: Fix CTDB configuration issues. * BUG 13592: ctdbd logs an error until it can successfully connect to eventd. CHANGES SINCE 4.9.0rc3 ====================== o Jeremy Allison * BUG 13585: s3: smbd: Ensure get_real_filename() copes with empty pathnames. o Tim Beale * BUG 13566: samba domain backup online/rename commands force user to specify password on CLI. o Alexander Bokovoy * BUG 13579: wafsamba/samba_abi: Always hide ABI symbols which must be local. o Volker Lendecke * BUG 13584: Fix a panic if fruit_access_check detects a locking conflict. o Andreas Schneider * BUG 13567: Fix memory and resource leaks. * BUG 13580: python: Fix print in dns_invalid.py. o Martin Schwenke * BUG 13588: Aliasing issue causes incorrect IPv6 checksum. * BUG 13589: Fix CTDB configuration issues. o Ralph Wuerthner * BUG 13568: s3: vfs: time_audit: fix handling of token_blob in smb_time_audit_offload_read_recv(). CHANGES SINCE 4.9.0rc2 ====================== o Jeremy Allison * BUG 13453: CVE-2018-10858: libsmb: Harden smbc_readdir_internal() against returns from malicious servers. o Andrew Bartlett * BUG 13374: CVE-2018-1140: ldbsearch '(distinguishedName=abc)' and DNS query with escapes crashes, ldb: Release LDB 1.3.5 for CVE-2018-1140 * BUG 13552: CVE-2018-10918: cracknames: Fix DoS (NULL pointer de-ref) when not servicePrincipalName is set on a user. o Tim Beale * BUG 13434: CVE-2018-10919: acl_read: Fix unauthorized attribute access via searches. o Samuel Cabrero * BUG 13540: ctdb_mutex_ceph_rados_helper: Set SIGINT signal handler. o Günther Deschner * BUG 13360: CVE-2018-1139 libcli/auth: Do not allow ntlmv1 over SMB1 when it is disabled via "ntlm auth". * BUG 13529: s3-tldap: do not install test_tldap. o David Disseldorp * BUG 13540: ctdb_mutex_ceph_rados_helper: Fix deadlock via lock renewals. o Andrej Gessel * BUG 13374: CVE-2018-1140 Add NULL check for ldb_dn_get_casefold() in ltdb_index_dn_attr(). o Amitay Isaacs * BUG 13554: ctdb-eventd: Fix CID 1438155. o Volker Lendecke * BUG 13553: Fix CIDs 1438243, (Unchecked return value) 1438244 (Unsigned compared against 0), 1438245 (Dereference before null check) and 1438246 (Unchecked return value). * BUG 13554: ctdb: Fix a cut&paste error. o Oleksandr Natalenko * BUG 13559: systemd: Only start smb when network interfaces are up. o Noel Power * BUG 13553: Fix quotas don't work with SMB2. * BUG 13563: s3/smbd: Ensure quota code is only called when quota support detected. o Anoop C S * BUG 13204: s3/libsmb: Explicitly set delete_on_close token for rmdir. o Andreas Schneider * BUG 13561: s3:waf: Install eventlogadm to /usr/sbin. o Justin Stephenson * BUG 13562: Shorten description in vfs_linux_xfs_sgid manual. CHANGES SINCE 4.9.0rc1 ====================== o Jeremy Allison * BUG 13537: s3: smbd: Using "sendfile = yes" with SMB2 can cause CPU spin. o Ralph Boehme * BUG 13535: s3: smbd: Fix path check in smbd_smb2_create_durable_lease_check(). o Alexander Bokovoy * BUG 13538: samba-tool trust: Support discovery via netr_GetDcName. * BUG 13542: s4-dsdb: Only build dsdb Python modules for AD DC. o Amitay Isaacs * BUG 13520: Fix portability issues on freebsd. o Gary Lockyer * BUG 13536: DNS wildcard search does not handle multiple labels correctly. o Stefan Metzmacher * BUG 13308: samba-tool domain trust: Fix trust compatibility to Windows Server 1709 and FreeIPA. o Martin Schwenke * BUG 13520: Fix portability issues on freebsd. * BUG 13545: ctdb-protocol: Fix CTDB compilation issues. * BUG 13546: ctdb-docs: Replace obsolete reference to CTDB_DEBUG_HUNG_SCRIPT option. * BUG 13550: ctdb-doc: Provide an example script for migrating old configuration. * BUG 13551: ctdb-event: Implement event tool "script list" command. KNOWN ISSUES ============ https://wiki.samba.org/index.php/Release_Planning_for_Samba_4.9#Release_blocking_bugs ####################################### Reporting bugs & Development Discussion ####################################### Please discuss this release on the samba-technical mailing list or by joining the #samba-technical IRC channel on irc.freenode.net. If you do report problems then please try to send high quality feedback. If you don't provide vital information to help us track down the problem then you will probably be ignored. All bug reports should be filed under the Samba 4.1 and newer product in the project's Bugzilla database (https://bugzilla.samba.org/). ====================================================================== == Our Code, Our Bugs, Our Responsibility. == The Samba Team ======================================================================