Changelog for samba-winbind-4.8.2-14.1.i586.rpm :
Wed May 16 14:00:00 2018 mdbuildAATTuse.startmail.com
- This is the latest stable release of the Samba 4.8 release series.
Major bug fixes include:
o After update to 4.8.0 DC failed with \"Failed to find our own
NTDS Settings objectGUID\" (bug #13335).
Changes since 4.8.1:
o Jeremy Allison

* BUG 13380: s3: smbd: Generic fix for incorrect reporting of stream dos
attributes on a directory.

* BUG 13412: ceph: VFS: Add asynchronous fsync to ceph module, fake using
synchronous call.

* BUG 13419: s3: libsmbclient: Fix hard-coded connection error return of
ETIMEDOUT.
o Andrew Bartlett

* BUG 13306: ldb: Release ldb 1.3.3:

* Fix failure to upgrade to the GUID index DB format.

* Add tests for GUID index behaviour.

* BUG 13420: s4-lsa: Fix use-after-free in LSA server.

* BUG 13430: winbindd: Do re-connect if the RPC call fails in the passdb
case.
o Ralph Boehme

* BUG 13416: s3:cleanupd: Sends MSG_SMB_UNLOCK twice to interested peers.

* BUG 13414: s3:cleanupd: Use MSG_SMB_BRL_VALIDATE to signal cleanupd
unclean process shutdown.
o David Disseldorp

* BUG 13425: vfs_ceph: add fake async pwrite/pread send/recv hooks.
o Amitay Isaacs

* BUG 13411: ctdb-client: Remove ununsed functions from old client code.
o Björn Jacke

* BUG 13395: printing: Return the same error code as windows does on upload
failures.
o Gary Lockyer

* BUG 13335: After update to 4.8.0 DC failed with \"Failed to find our own
NTDS Settings objectGUID\".
o Stefan Metzmacher

* BUG 13400: nsswitch: Fix memory leak in winbind_open_pipe_sock() when the
privileged pipe is not accessable.

* BUG 13420: s4:lsa_lookup: remove TALLOC_FREE(state) after all
dcesrv_lsa_Lookup{Names,Sids}_base_map() calls.
o Vandana Rungta

* BUG 13424: s3: VFS: Fix memory leak in vfs_ceph.
o Christof Schmitt

* BUG 13407: rpc_server: Fix NetSessEnum with stale sessions.
o Andreas Schneider

* BUG 13417: s3:smbspool: Fix cmdline argument handling.

Thu Apr 26 14:00:00 2018 mdbuildAATTuse.startmail.com
- Changes since 4.8.0:
o Jeremy Allison

* BUG 13244: s3: ldap: Ensure the ADS_STRUCT pointer doesn\'t get freed on
error, we don\'t own it here.

* BUG 13270: s3: smbd: Fix possible directory fd leak if the underlying OS
doesn\'t support fdopendir().

* BUG 13319: Round-tripping ACL get/set through vfs_fruit will increase the
number of ACE entries without limit.

* BUG 13347: s3: smbd: SMB2: Add DBGC_SMB2_CREDITS class to specifically
debug credit issues.

* BUG 13358: s3: smbd: Files or directories can\'t be opened DELETE_ON_CLOSE
without delete access.

* BUG 13372: s3: smbd: Fix memory leak in vfswrap_getwd().

* BUG 13375: s3: smbd: Unix extensions attempts to change wrong field in
fchown call.
o Björn Baumbach

* BUG 13337: ms_schema/samba-tool visualize: Fix python2.6 incompatibility.
o Timur I. Bakeyev

* BUG 13352: Fix invocation of gnutls_aead_cipher_encrypt().
o Ralph Boehme

* BUG 13328: Windows 10 cannot logon on Samba NT4 domain.

* BUG 13332: winbindd: Recover loss of netlogon secure channel in case the
peer DC is rebooted.

* BUG 13363: s3:smbd: Don\'t use the directory cache for SMB2/3.
o Amitay Isaacs

* BUG 13356: ctdb-client: Fix bugs in client code.

* BUG 13359: ctdb-scripts: Drop \"net serverid wipe\" from 50.samba event
script.
o Lutz Justen

* BUG 13368: s3: lib: messages: Don\'t use the result of sec_init() before
calling sec_init().
o Volker Lendecke

* BUG 13273: libads: Fix the build \'--without-ads\'.

* BUG 13332: winbind: Keep \"force_reauth\" in invalidate_cm_connection,
add \'smbcontrol disconnect-dc\'.

* BUG 13343: vfs_virusfilter: Fix CIDs 1428738-1428740.

* BUG 13367: dsdb: Fix CID 1034966 Uninitialized scalar variable.

* BUG 13370: rpc_server: Fix core dump in dfsgetinfo.

* BUG 13382: smbclient: Fix notify.
o Stefan Metzmacher

* BUG 13215: Fix smbd panic if the client-supplied channel sequence number
wraps.

* BUG 13328: Windows 10 cannot logon on Samba NT4 domain.

* BUG 13342: lib/util: Remove unused \'#include \' from
tests/tfork.c.

* BUG 13343: Fix build errors with cc from developerstudio 12.5 on Solaris.

* BUG 13344: Fix the picky-developer build on FreeBSD 11.

* BUG 13345: s3:modules: Fix the build of vfs_aixacl2.c.
o Anton Nefedov

* BUG 13338: s3:smbd: map nterror on smb2_flush errorpath.
o Noel Power

* BUG 13341: lib:replace: Fix linking when libtirpc-devel overwrites system
headers.
o Christof Schmitt

* BUG 13312: winbindd: \'wbinfo --name-to-sid\' returns misleading result on
invalid query.
o Andreas Schneider

* BUG 13376: s3:passdb: Do not return OK if we don\'t have pinfo set up.
o Eric Vannier

* BUG 13302: Allow AESNI to be used on all processor supporting AESNI.

Tue Apr 17 14:00:00 2018 mdbuildAATTuse.startmail.com
- Changes since 4.7.6:
o Jeremy Allison

* BUG 13206: s4:auth_sam: Allow logons with an empty domain name.

* BUG 13244: s3: ldap: Ensure the ADS_STRUCT pointer doesn\'t get freed on
error, we don\'t own it here.

* BUG 13270: s3: smbd: Fix possible directory fd leak if the underlying
OS doesn\'t support fdopendir().

* BUG 13319: Round-tripping ACL get/set through vfs_fruit will increase
the number of ACE entries without limit.

* BUG 13347: s3: smbd: SMB2: Add DBGC_SMB2_CREDITS class to specifically
debug credit issues.

* BUG 13358: s3: smbd: Files or directories can\'t be opened DELETE_ON_CLOSE
without delete access.

* BUG 13372: s3: smbd: Fix memory leak in vfswrap_getwd().

* BUG 13375: s3: smbd: Unix extensions attempts to change wrong field
in fchown call.
o Ralph Boehme

* BUG 13363: s3:smbd: Don\'t use the directory cache for SMB2/3.
o Günther Deschner

* BUG 13277: build: Fix libceph-common detection.
o David Disseldorp

* BUG 13250: build: Fix ceph_statx check when configured with libcephfs_dir.
o Poornima G

* BUG 13297: vfs_glusterfs: Fix the wrong pointer being sent in
glfs_fsync_async.
o Amitay Isaacs

* BUG 13359: ctdb-scripts: Drop \'net serverid wipe\' from 50.samba event
script.
o Lutz Justen

* BUG 13368: s3: lib: messages: Don\'t use the result of sec_init() before
calling sec_init().
o Volker Lendecke

* BUG 13215: smbd can panic if the client-supplied channel sequence number
wraps.

* BUG 13367: dsdb: Fix CID 1034966 Uninitialized scalar variable.
o Stefan Metzmacher

* BUG 13206: s3:libsmb: Allow -U\"\\\\administrator\" to work.

* BUG 13328: Windows 10 cannot logon on Samba NT4 domain.
o David Mulder

* BUG 13050: smbc_opendir should not return EEXIST with invalid login
credentials.
o Anton Nefedov

* BUG 13338: s3:smbd: map nterror on smb2_flush errorpath.
o Dan Robertson

* BUG 13310: libsmb: Use smb2 tcon if conn_protocol >= SMB2_02.
o Garming Sam

* BUG 13031: subnet: Avoid a segfault when renaming subnet objects.
o Christof Schmitt

* BUG 13312: \'wbinfo --name-to-sid\' returns misleading result on invalid
query.
o Andreas Schneider

* BUG 13315: s3:smbd: Do not crash if we fail to init the session table.
o Eric Vannier

* BUG 13302: Allow AESNI to be used on all processor supporting AESNI.

Tue Mar 13 13:00:00 2018 mdbuildAATTuse.startmail.com
- This is a security release in order to address the following defects:
o CVE-2018-1050 (Denial of Service Attack on external print server.)
o CVE-2018-1057 (Authenticated users can change other users\' password.)

Wed Feb 7 13:00:00 2018 mdbuildAATTuse.startmail.com
-
This is the latest stable release of the Samba 4.7 release series.
Major enhancements include:
o BUG 13228: This is a major issue in Samba\'s ActiveDirectory domain
controller code. It might happen that AD objects have missing or broken
linked attributes. This could lead to broken group memberships e.g.
All Samba AD domain controllers set up with Samba 4.6 or lower and then
upgraded to 4.7 are affected. The corrupt database can be fixed with
\'samba-tool dbcheck --cross-ncs --fix\'.
Changes since 4.7.4:
o Jeremy Allison

* BUG 13193: smbd tries to release not leased oplock during oplock II
downgrade.
o Ralph Boehme

* BUG 13181: Fix copying file with empty FinderInfo from Windows client
to Samba share with fruit.
o Günther Deschner

* BUG 10976: build: Deal with recent glibc sunrpc header removal.

* BUG 13238: Make Samba work with tirpc and libnsl2.
o David Disseldorp

* BUG 13208: vfs_ceph: Add fs_capabilities hook to avoid local statvfs.
o Love Hornquist Astrand

* BUG 12986: Kerberos: PKINIT: Can\'t decode algorithm parameters in
clientPublicValue.
o Amitay Isaacs

* BUG 13188: ctdb-recovery-helper: Deregister message handler in error
paths.
o Volker Lendecke

* BUG 13240: samba: Only use async signal-safe functions in signal handler.
o Stefan Metzmacher

* BUG 12986: Kerberos: PKINIT: Can\'t decode algorithm parameters in
clientPublicValue.

* BUG 13228: repl_meta_data: Fix linked attribute corruption on databases
with unsorted links on expunge. dbcheck: Add functionality to fix the
corrupt database.
o Christof Schmitt

* BUG 13189: Fix smbd panic when chdir returns error during exit.
o Andreas Schneider

* BUG 13238: Make Samba work with tirpc and libnsl2.
o Uri Simchoni

* BUG 13176: Fix POSIX ACL support on HPUX and possibly other big-endian OSs.

Fri Dec 22 13:00:00 2017 mdbuildAATTuse.startmail.com
-
smbclient reparse point symlink parameters reversed
A bug in smbclient caused the \'symlink\' command to reverse the
meaning of the new name and link target parameters when creating a
reparse point symlink against a Windows server.
This only affects using the smbclient \'symlink\' command against
a Windows server, not a Samba server using the UNIX extensions
(the parameter order is correct in that case) so no existing
user scripts that depend on creating symlinks on Samba servers
need to change.
As this is a little used feature the ordering of these parameters
has been reversed to match the parameter ordering of the UNIX
extensions \'symlink\' command. This means running \'symlink\' against
both Windows and Samba now uses the same paramter ordering in both
cases.
The usage message for this command has also been improved to remove confusion.
Changes since 4.7.3:
o Jeremy Allison

* BUG 13140: s3: smbclient: Implement \'volume\' command over SMB2.

* BUG 13171: s3: libsmb: Fix valgrind read-after-free error in
cli_smb2_close_fnum_recv().

* BUG 13172: s3: libsmb: Fix reversing of oldname/newname paths when creating
a reparse point symlink on Windows from smbclient.
o Timur I. Bakeyev

* BUG 12934: Build man page for vfs_zfsacl.8 with Samba.
o Andrew Bartlett

* BUG 13095: repl_meta_data: Allow delete of an object with dangling
backlinks.

* BUG 13129: s4:samba: Fix default to be running samba as a deamon.

* BUG 13191: Performance regression in DNS server with introduction of
DNS wildcard, ldb: Release 1.2.3
o Ralph Boehme

* BUG 6133: vfs_zfsacl: Fix compilation error.

* BUG 13051: \"smb encrypt\" setting changes are not fully applied until full
smbd restart.

* BUG 13052: winbindd: Fix idmap_rid dependency on trusted domain list.

* BUG 13155: vfs_fruit: Proper VFS-stackable conversion of FinderInfo.

* BUG 13173: winbindd: Dependency on trusted-domain list in winbindd in
critical auth codepath.
o Andrej Gessel

* BUG 13120: repl_meta_data: Fix removing of backlink on deleted objects.
o Amitay Isaacs
\"
* BUG 13153: ctdb: sock_daemon leaks memory.

* BUG 13154: TCP tickles not getting synchronised on CTDB restart.
o Volker Lendecke

* BUG 13150: winbindd: winbind parent and child share a ctdb connection.

* BUG 13170: pthreadpool: Fix deadlock.

* BUG 13179: pthreadpool: Fix starvation after fork.

* BUG 13180: messaging: Always register the unique id.
o Gary Lockyer

* 13129: s4/smbd: set the process group.
o Stefan Metzmacher

* BUG 13095: Fix broken linked attribute handling.

* BUG 13132: The KDC on an RWDC doesn\'t send error replies in some
situations.

* BUG 13149: libnet_join: Fix \'net rpc oldjoin\'.

* BUG 13195: g_lock conflict detection broken when processing stale entries.

* BUG 13197: s3:smb2_server: allow logoff, close, unlock, cancel and echo
on expired sessions.
o Noel Power

* BUG 13166: s3:libads: net ads keytab list fails with \"Key table name
malformed\".
o Christof Schmitt

* BUG 13170: Fix crash in pthreadpool thread after failure from pthread_create.
o Andreas Schneider

* BUG 13129: s4:samba: Allow samba daemon to run in foreground.

* BUG 13174: third_party: Link the aesni-intel library with \"-z noexecstack\".
o Niels de Vos

* BUG 13125: vfs_glusterfs: include glusterfs/api/glfs.h without relying on
\"-I\" options.

Wed Nov 22 13:00:00 2017 mdbuildAATTuse.startmail.com
-
This is a security release in order to address the following defects:
o CVE-2017-14746 (Use-after-free vulnerability.)
o CVE-2017-15275 (Server heap memory information leak.)
=======
Details
=======
o CVE-2017-14746:
All versions of Samba from 4.0.0 onwards are vulnerable to a use after
free vulnerability, where a malicious SMB1 request can be used to
control the contents of heap memory via a deallocated heap pointer. It
is possible this may be used to compromise the SMB server.
o CVE-2017-15275:
All versions of Samba from 3.6.0 onwards are vulnerable to a heap
memory information leak, where server allocated heap memory may be
returned to the client without being cleared.
There is no known vulnerability associated with this error, but
uncleared heap memory may contain previously used data that may help
an attacker compromise the server via other methods. Uncleared heap
memory may potentially contain password hashes or other high-value
data.
For more details and workarounds, please see the security advisories:
o https://www.samba.org/samba/security/CVE-2017-14746.html
o https://www.samba.org/samba/security/CVE-2017-15275.html
Changes since 4.7.2:
o Jeremy Allison

* BUG 13041: CVE-2017-14746: s3: smbd: Fix SMB1 use-after-free crash bug.

* BUG 13077: CVE-2017-15275: s3: smbd: Chain code can return uninitialized
memory when talloc buffer is grown.

Wed Nov 15 13:00:00 2017 mdbuildAATTuse.startmail.com
- Changes since 4.7.1:
o Jeremy Allison

* BUG 13121: Non-smbd processes using kernel oplocks can hang smbd.
o Joe Guo

* BUG 13127: python: use communicate to fix Popen deadlock.
o Volker Lendecke

* BUG 13130: smbd on disk file corruption bug under heavy threaded load.
o Stefan Metzmacher

* BUG 13130: tevent: version 0.9.34.
o Ralph Wuerthner

* BUG 13118: s3: smbd: Fix delete-on-close after smb2_find.

Sun Nov 5 13:00:00 2017 mdbuildAATTuse.startmail.com
- Changes since 4.7.0:
o Michael Adam

* BUG 13091: vfs_glusterfs: Fix exporting subdirs with shadow_copy2.
o Jeremy Allison

* BUG 13027: s3: smbd: Currently if getwd() fails after a chdir(), we panic.

* BUG 13068: s3: VFS: Ensure default SMB_VFS_GETWD() call can\'t return a
partially completed struct smb_filename.

* BUG 13069: sys_getwd() can leak memory or possibly return the wrong errno
on older systems.

* BUG 13093: \'smbclient\' doesn\'t correctly canonicalize all local names
before use.
o Douglas Bagnall

* BUG 13095: Fix broken linked attribute handling.
o Andrew Bartlett

* BUG 12994: Missing LDAP query escapes in DNS rpc server.

* BUG 13087: replace: Link to -lbsd when building replace.c by hand.
o Ralph Boehme

* BUG 6133: Cannot delete non-ACL files on Solaris/ZFS/NFSv4 ACL filesystem.

* BUG 7909: Map SYNCHRONIZE acl permission statically in zfs_acl vfs module.

* BUG 7933: Samba fails to honor SEC_STD_WRITE_OWNER bit with the
acl_xattr module.

* BUG 12991: s3/mdssvc: Missing assignment in sl_pack_float.

* BUG 12995: Wrong Samba access checks when changing DOS attributes.

* BUG 13062: samba_runcmd_send() leaves zombie processes on timeout

* BUG 13065: net: groupmap cleanup should not delete BUILTIN mappings.

* BUG 13076: Enabling vfs_fruit results in loss of Finder tags and other
xattrs.
o Alexander Bokovoy

* BUG 9613: man pages: Properly ident lists.

* BUG 13081: smb.conf.5: Sort parameters alphabetically.
o Samuel Cabrero

* BUG 12993: s3: spoolss: Fix GUID string format on GetPrinter info.
o Amitay Isaacs

* BUG 13042: Remote serverid check doesn\'t check for the unique id.

* BUG 13056: CTDB starts consuming memory if there are dead nodes in the
cluster.

* BUG 13070: ctdb-common: Ignore event scripts with multiple \'.\'s.
o Lutz Justen

* BUG 13046: libgpo doesn\'t sort the GPOs in the correct order.
o Volker Lendecke

* BUG 13042: Remote serverid check doesn\'t check for the unique id.

* BUG 13090: vfs_catia: Fix a potential memleak.

* BUG 12903: Fix file change notification for renames.
o Gary Lockyer

* BUG 12952: Samba DNS server does not honour wildcards.
o Stefan Metzmacher

* BUG 13079: Can\'t change password in samba from a Windows client if Samba
runs on IPv6 only interface.
o Anoop C S

* BUG 13086: vfs_fruit: Replace closedir() by SMB_VFS_CLOSEDIR.
o Christof Schmitt

* BUG 13047: Apple client can\'t cope with SMB2 async replies when creating
symlinks.
o Andreas Schneider

* BUG 12959: s4:rpc_server:backupkey: Move variable into scope.

* BUG 13099: s4:scripting: Fix ntstatus_gen.h generation on 32bit.

* BUG 13100: s3:vfs_glusterfs: Fix a double free in vfs_gluster_getwd().

* BUG 13101: Fix resouce leaks and pointer issues.
o Jorge Schrauwen

* BUG 13049: vfs_solarisacl: Fix build for samba 4.7 and up.

Thu Sep 21 14:00:00 2017 mdbuildAATTuse.startmail.com
- \'smbclient\' changes
\'smbclient\' no longer prints a \'Domain=[...] OS=[Windows 6.1] Server=[...]\'
banner when connecting to the first server. With SMB2 and Kerberos,
there\'s no way to print this information reliably. Now we avoid it at all
consistently. In interactive sessions the following banner is now presented
to the user: \'Try \"help\" do get a list of possible commands.\'.
The default for \"client max protocol\" has changed to \"SMB3_11\",
which means that \'smbclient\' (and related commands) will work against
servers without SMB1 support.
It\'s possible to use the \'-m/--max-protocol\' option to overwrite
the \"client max protocol\" option temporarily.
Note that the \'-e/--encrypt\' option also works with most SMB3 servers
(e.g. Windows >= 2012 and Samba >= 4.0.0), so the SMB1 unix extensions
are not required for encryption.
The change to SMB3_11 as default also means \'smbclient\' no longer
negotiates SMB1 unix extensions by default, when talking to a Samba server with
\"unix extensions = yes\". As a result, some commands are not available, e.g.
\'posix_encrypt\', \'posix_open\', \'posix_mkdir\', \'posix_rmdir\', \'posix_unlink\',
\'posix_whoami\', \'getfacl\' and \'symlink\'. Using \"-mNT1\" reenables them, if the
server supports SMB1.
Note the default (\"CORE\") for \"client min protocol\" hasn\'t changed,
so it\'s still possible to connect to SMB1-only servers by default.
\'smbclient\' learned a new command \'deltree\' that is able to do
a recursive deletion of a directory tree.
NEW FEATURES/CHANGES
====================
Whole DB read locks: Improved LDAP and replication consistency
Prior to Samba 4.7 and ldb 1.2.0, the LDB database layer used by Samba
erroneously did not take whole-DB read locks to protect search
and DRS replication operations.
While each object returned remained subject to a record-level lock (so
would remain consistent to itself), under a race condition with a
rename or delete, it and any links (like the member attribute) to it
would not be returned.
The symptoms of this issue include:
Replication failures with this error showing in the client side logs:
error during DRS repl ADD: No objectClass found in replPropertyMetaData for
Failed to commit objects:
WERR_GEN_FAILURE/NT_STATUS_INVALID_NETWORK_RESPONSE
A crash of the server, in particular the rpc_server process with
INTERNAL ERROR: Signal 11
LDAP read inconsistency
A DN subject to a search at the same time as it is being renamed
may not appear under either the old or new name, but will re-appear
for a subsequent search.
See https://bugzilla.samba.org/show_bug.cgi?id=12858 for more details
and updated advise on database recovery for affected installations.
Samba AD with MIT Kerberos
After four years of development, Samba finally supports compiling and
running Samba AD with MIT Kerberos. You can enable it with:
./configure --with-system-mitkrb5
Samba requires version 1.15.1 of MIT Kerberos to build with AD DC support.
The krb5-devel and krb5-server packages are required.
The feature set is not on par with the Heimdal build but the most important
things, like forest and external trusts, are working. Samba uses the KDC binary
provided by MIT Kerberos.
Missing features, compared to Heimdal, are:

* PKINIT support

* S4U2SELF/S4U2PROXY support

* RODC support (not fully working with Heimdal either)
The Samba AD process will take care of starting the MIT KDC and it will load a
KDB (Kerberos Database) driver to access the Samba AD database. When
provisioning an AD DC using \'samba-tool\' it will take care of creating a correct
kdc.conf file for the MIT KDC.
For further details, see:
https://wiki.samba.org/index.php/Running_a_Samba_AD_DC_with_MIT_Kerberos_KDC
Dynamic RPC port range
The dynamic port range for RPC services has been changed from the old default
value \"1024-1300\" to \"49152-65535\". This port range is not only used by a
Samba AD DC, but also applies to all other server roles including NT4-style
domain controllers. The new value has been defined by Microsoft in Windows
Server 2008 and newer versions. To make it easier for Administrators to control
those port ranges we use the same default and make it configurable with the
option: \"rpc server dynamic port range\".
The \"rpc server port\" option sets the first available port from the new
\"rpc server dynamic port range\" option. The option \"rpc server port\" only
applies to Samba provisioned as an AD DC.
Authentication and Authorization audit support
Detailed authentication and authorization audit information is now
logged to Samba\'s debug logs under the \"auth_audit\" debug class,
including in particular the client IP address triggering the audit
line. Additionally, if Samba is compiled against the jansson JSON
library, a JSON representation is logged under the \"auth_json_audit\"
debug class.
Audit support is comprehensive for all authentication and
authorisation of user accounts in the Samba Active Directory Domain
Controller, as well as the implicit authentication in password
changes. In the file server and classic/NT4 domain controller, NTLM
authentication, SMB and RPC authorization is covered, however password
changes are not at this stage, and this support is not currently
backed by a testsuite.
For further details, see:
https://wiki.samba.org/index.php/Setting_up_Audit_Logging
Multi-process LDAP Server
The LDAP server in the AD DC now honours the process model used for
the rest of the \'samba\' process, rather than being forced into a single
process. This aids in Samba\'s ability to scale to larger numbers of AD
clients and the AD DC\'s overall resiliency, but will mean that there is a
fork()ed child for every LDAP client, which may be more resource
intensive in some situations. If you run Samba in a
resource-constrained VM, consider allocating more RAM and swap space.
Improved Read-Only Domain Controller (RODC) Support
Support for RODCs in Samba AD until now has been experimental. With this latest
version, many of the critical bugs have been fixed and the RODC can be used in
DC environments requiring no writable behaviour. RODCs now correctly support
bad password lockouts and password disclosure auditing through the
msDS-RevealedUsers attribute.
The fixes made to the RWDC will also allow Windows RODC to function more
correctly and to avoid strange data omissions such as failures to replicate
groups or updated passwords. Password changes are currently rejected at the
RODC, although referrals should be given over LDAP. While any bad passwords can
trigger domain-wide lockout, good passwords which have not been replicated yet
for a password change can only be used via NTLM on the RODC (and not Kerberos).
The reliability of RODCs locating a writable partner still requires some
improvements and so the \'password server\' configuration option is generally
recommended on the RODC.
Samba 4.7 is the first Samba release to be secure as an RODC or when
hosting an RODC. If you have been using earlier Samba versions to
host or be an RODC, please upgrade.
In particular see https://bugzilla.samba.org/show_bug.cgi?id=12977 for
details on the security implications for password disclosure to an
RODC using earlier versions.
Additional password hashes stored in supplementalCredentials
A new config option \'password hash userPassword schemes\' has been added to
enable generation of SHA-256 and SHA-512 hashes (without storing the plaintext
password with reversible encryption). This builds upon previous work to improve
password sync for the AD DC (originally using GPG).
The user command of \'samba-tool\' has been updated in order to be able to
extract these additional hashes, as well as extracting the (HTTP) WDigest
hashes that we had also been storing in supplementalCredentials.
Improvements to DNS during Active Directory domain join
The \'samba-tool\' domain join command will now add the A and GUID DNS records
(on both the local and remote servers) during a join if possible via RPC. This
should allow replication to proceed more smoothly post-join.
The mname element of the SOA record will now also be dynamically generated to
point to the local read-write server. \'samba_dnsupdate\' should now be more
reliable as it will now find the appropriate name server even when resolv.conf
points to a forwarder.
Significant AD performance and replication improvements
Previously, replication of group memberships was been an incredibly expensive
process for the AD DC. This was mostly due to unnecessary CPU time being spent
parsing member linked attributes. The database now stores these linked
attributes in sorted form to perform efficient searches for existing members.
In domains with a large number of group memberships, a join can now be
completed in half the time compared with Samba 4.6.
LDAP search performance has also improved, particularly in the unindexed search
case. Parsing and processing of security descriptors should now be more
efficient, improving replication but also overall performance.
Query record for open file or directory
The record attached to an open file or directory in Samba can be
queried through the \'net tdb locking\' command. In clustered Samba this
can be useful to determine the file or directory triggering
corresponding \"hot\" record warnings in ctdb.
Removal of lpcfg_register_defaults_hook()
The undocumented and unsupported function lpcfg_register_defaults_hook()
that was used by external projects to call into Samba and modify
smb.conf default parameter settings has been removed. If your project
was using this call please raise the issue on
samba-technicalAATTlists.samba.org in order to design a supported
way of obtaining the same functionality.
Change of loadable module interface
The _init function of all loadable modules in Samba has changed
from:
NTSTATUS _init(void);
to:
NTSTATUS _init(TALLOC_CTX
*);
This allows a program loading a module to pass in a long-lived
talloc context (which must be guaranteed to be alive for the
lifetime of the module). This allows modules to avoid use of
the talloc_autofree_context() (which is inherently thread-unsafe)
and still be valgrind-clean on exit. Modules that don\'t need to
free long-lived data on exit should use the NULL talloc context.
SHA256 LDAPS Certificates
The self-signed certificate generated for use on LDAPS will now be
generated with a SHA256 self-signature, not a SHA1 self-signature.
Replacing this certificate with a certificate signed by a trusted
CA is still highly recommended.
CTDB changes
------------

* CTDB no longer allows mixed minor versions in a cluster
See the AllowMixedVersions tunable option in ctdb-tunables(7) and also
https://wiki.samba.org/index.php/Upgrading_a_CTDB_cluster#Policy

* CTDB now ignores hints from Samba about TDB flags when attaching to databases
CTDB will use the correct flags depending on the type of database.
For clustered databases, the smb.conf setting
dbwrap_tdb_mutexes:
*=true will be ignored. Instead, CTDB continues
to use the TDBMutexEnabled tunable.

* New configuration variable CTDB_NFS_CHECKS_DIR
See ctdbd.conf(5) for more details.

* The CTDB_SERVICE_AUTOSTARTSTOP configuration variable has been
removed
To continue to manage/unmanage services while CTDB is running:
- Start service by hand and then flag it as managed
- Mark service as unmanaged and shut it down by hand
- In some cases CTDB does something fancy - e.g. start Samba under
\"nice\", so care is needed. One technique is to disable the
eventscript, mark as managed, run the startup event by hand and then
re-enable the eventscript.

* The CTDB_SCRIPT_DEBUGLEVEL configuration variable has been removed

* The example NFS Ganesha call-out has been improved

* A new \"replicated\" database type is available
Replicated databases are intended for CTDB\'s internal use to
replicate state data across the cluster, but may find other
uses. The data in replicated databases is valid for the lifetime of
CTDB and cleared on first attach.
Using x86_64 Accelerated AES Crypto Instructions
Samba on x86_64 can now be configured to use the Intel accelerated AES
instruction set, which has the potential to make SMB3 signing and
encryption much faster on client and server. To enable this, configure
Samba using the new option --accel-aes=intelaesni.
This is a temporary solution that is being included to allow users
to enjoy the benefits of Intel accelerated AES on the x86_64 platform,
but the longer-term solution will be to move Samba to a fully supported
external crypto library.
The third_party/aesni-intel code will be removed from Samba as soon as
external crypto library performance reaches parity.
The default is to build without setting --accel-aes, which uses the
existing Samba software AES implementation.
Parameter changes
The \"strict sync\" global parameter has been changed from
a default of \"no\" to \"yes\". This means smbd will by default
obey client requests to synchronize unwritten data in operating
system buffers safely onto disk. This is a safer default setting
for modern SMB1/2/3 clients.
The \'ntlm auth\' option default is renamed to \'ntlmv2-only\', reflecting
the previous behaviour. Two new values have been provided,
\'mschapv2-and-ntlmv2-only\' (allowing MSCHAPv2 while denying NTLMv1)
and \'disabled\', totally disabling NTLM authentication and password
changes.
smb.conf changes
================
Parameter Name Description Default
- ------------- ----------- -------
allow unsafe cluster upgrade New parameter no
auth event notification New parameter no
auth methods Deprecated
client max protocol Effective SMB3_11
default changed
map untrusted to domain New value/ auto
Default changed/
Deprecated
mit kdc command New parameter
profile acls Deprecated
rpc server dynamic port range New parameter 49152-65535
strict sync Default changed yes
password hash userPassword schemes New parameter
ntlm auth New values ntlmv2-only
KNOWN ISSUES
============
https://wiki.samba.org/inFdex.php/Release_Planning_for_Samba_4.7#Release_blocking_bugs
CHANGES SINCE 4.7.0rc6
======================
o CVE-2017-12150:
A man in the middle attack may hijack client connections.
o CVE-2017-12151:
A man in the middle attack can read and may alter confidential
documents transferred via a client connection, which are reached
via DFS redirect when the original connection used SMB3.
o CVE-2017-12163:
Client with write access to a share can cause server memory contents to be
written into a file or printer.
CHANGES SINCE 4.7.0rc5
======================
o Jeremy Allison

* BUG 13003: s3: vfs: catia: compression get/set must act only on base file, and
must cope with fsp==NULL.

* BUG 13008: lib: crypto: Make smbd use the Intel AES instruction set for signing
and encryption.
o Andrew Bartlett

* BUG 12946: s4-drsuapi: Avoid segfault when replicating as a non-admin with
GUID_DRS_GET_CHANGES.

* BUG 13015: Allow re-index of newer databases with binary GUID TDB keys
(this officially removes support for re-index of the original pack format 0,
rather than simply segfaulting).

* BUG 13017: Add ldb_ldif_message_redacted_string() to allow debug of redacted
log messages, avoiding showing secret values.

* BUG 13023: ldb: version 1.2.2.

* BUG 13025: schema: Rework dsdb_schema_set_indices_and_attributes() db
operations.
o Alexander Bokovoy

* BUG 13030: Install dcerpc/__init__.py for all Python environments.
o Ralph Boehme

* BUG 13024: s3/smbd: Sticky write time offset miscalculation causes broken
timestamps

* BUG 13037: lib/util: Only close the event_fd in tfork if the caller didn\'t
call tfork_event_fd().
o Volker Lendecke

* BUG 13006: messaging: Avoid a socket leak after fork.
o Stefan Metzmacher

* BUG 13018: charset: Fix str[n]casecmp_m() by comparing lower case values.
o Gary Lockyer

* BUG 13037: util_runcmd: Free the fde in event handler.
o Amitay Isaacs

* BUG 13012: ctdb-daemon: Fix implementation of process_exists control.

* BUG 13021: GET_DB_SEQNUM control can cause ctdb to deadlock when databases
are frozen.

* BUG 13029: ctdb-daemon: Free up record data if a call request is deferred.

* BUG 13036: ctdb-client: Initialize ctdb_ltdb_header completely for empty
record.
o Christof Schmitt

* BUG 13032: vfs_streams_xattr: Fix segfault when running with log level 10.
CHANGES SINCE 4.7.0rc4
======================
o Andrew Bartlett

* BUG 12929: smb.conf: Explain that \"ntlm auth\" is a per-passdb setting.

* BUG 12953: s4/lib/tls: Use SHA256 to sign the TLS certificates.
o Jeremy Allison

* BUG 12932: Get rid of talloc_autofree_context().
o Amitay Isaacs

* BUG 12978: After restarting CTDB, it attaches replicated databases with
wrong flags.
o Stefan Metzmacher

* BUG 12863: s3:smbclient: Don\'t try any workgroup listing with
\"client min protocol = SMB2\".

* BUG 12876: s3:libsmb: Don\'t call cli_NetServerEnum() on SMB2/3 connections
in SMBC_opendir_ctx().

* BUG 12881: s3:libsmb: Let do_connect() debug the negotiation result
similar to \"session request ok\".

* BUG 12919: s4:http/gensec: add missing tevent_req_done() to
gensec_http_ntlm_update_done().

* BUG 12968: Fix \'smbclient tarmode\' with SMB2/3.

* BUG 12973: \'smbd\': Don\'t use a lot of CPU on startup of a connection.
o Christof Schmitt

* BUG 12983: vfs_default: Fix passing of errno from async calls.
o Andreas Schneider

* BUG 12629: s3:utils: Do not report an invalid range for AD DC role.

* BUG 12704: s3:libsmb: Let get_ipc_connect() use
CLI_FULL_CONNECTION_FORCE_SMB1.

* BUG 12930: Fix build issues with GCC 7.1.

* BUG 12950: s3:script: Untaint user supplied data in modprinter.pl.

* BUG 12956: s3:libads: Fix changing passwords with Kerberos.

* BUG 12975: Fix changing the password with \'smbpasswd\' as a local user on
a domain member.
CHANGES SINCE 4.7.0rc3
======================
o Jeremy Allison

* BUG 12913: Implement cli_smb2_setatr() by calling cli_smb2_setpathinfo().
o Andrew Bartlett

* BUG 11392: s4-cldap/netlogon: Match Windows 2012R2 and return
NETLOGON_NT_VERSION_5 when version unspecified.

* BUG 12855: dsdb: Do not force a re-index of sam.ldb on upgrade to 4.7.

* BUG 12904: dsdb: Fix dsdb_next_callback to correctly use ldb_module_done()
etc.

* BUG 12939: s4-rpc_server: Improve debug of new endpoints.
o Ralph Boehme

* BUG 12791: Fix kernel oplocks issues with named streams.

* BUG 12944: vfs_gpfs: Handle EACCES when fetching DOS attributes from xattr.
o Bob Campbell

* BUG 12842: samdb/cracknames: Support user and service principal as desired
format.
o David Disseldorp

* BUG 12911: vfs_ceph: Fix cephwrap_chdir().
o Gary Lockyer

* BUG 12865: Track machine account ServerAuthenticate3.
o Marc Muehlfeld

* BUG 12947: python: Fix incorrect kdc.conf parameter name in kerberos.py.
o Noel Power

* BUG 12937: s3/utils: \'smbcacls\' failed to detect DIRECTORIES using SMB2
(Windows only).
o Arvid Requate

* BUG 11392: s4-dsdb/netlogon: Allow missing ntver in cldap ping.
o Anoop C S

* BUG 12936: source3/client: Fix typo in help message displayed by default.
o Andreas Schneider

* BUG 12930: Fix building with GCC 7.1.1.
CHANGES SINCE 4.7.0rc2
======================
o Jeremy Allison

* BUG 12836: s3: smbd: Fix a read after free if a chained SMB1 call goes
async.

* BUG 12899: s3: libsmb: Reverse sense of \'clear all attributes\', ignore
attribute change in SMB2 to match SMB1.

* BUG 12914: s3: smbclient: Add new command deltree.
o Ralph Boehme

* BUG 12885: s3/smbd: Let non_widelink_open() chdir() to directories
directly.

* BUG 12887: Remove SMB_VFS_STRICT_UNLOCK noop from the VFS.

* BUG 12891: Enable TDB mutexes in dbwrap and ctdb.

* BUG 12897: vfs_fruit: don\'t use MS NFS ACEs with Windows clients.

* BUG 12910: s3/notifyd: Ensure notifyd doesn\'t return from
smbd_notifyd_init.
o Alexander Bokovoy

* BUG 12905: Build py3 versions of other rpc modules.
o Günther Deschner

* BUG 12840: vfs_fruit: Add \"fruit:model = \" parametric option.
o Dustin L. Howett

* BUG 12720: idmap_ad: Retry query_user exactly once if we get
TLDAP_SERVER_DOWN.
o Amitay Isaacs

* BUG 12891: dbwrap_ctdb: Fix calculation of persistent flag.
o Thomas Jarosch

* BUG 12927: s3: libsmb: Fix use-after-free when accessing pointer
*p.
o Volker Lendecke

* BUG 12925: smbd: Fix a connection run-down race condition.
o Stefan Metzmacher

* tevent: version 0.9.33: make tevent_req_print() more robust against crashes.

* ldb: version 1.2.1

* BUG 12882: Do not install _ldb_text.py if we have system libldb.

* BUG 12890: s3:smbd: consistently use talloc_tos() memory for
rpc_pipe_open_interface().

* BUG 12900: Fix index out of bound in ldb_msg_find_common_values.
o Rowland Penny

* BUG 12884: Easily edit a users object in AD, as if using \'ldbedit\'.
o Bernhard M. Wiedemann

* BUG 12906: s3: drop build_env
o Andreas Schneider

* BUG 12882: waf: Do not install _ldb_text.py if we have system libldb.
o Martin Schwenke

* BUG 12898: ctdb-common: Set close-on-exec when creating PID file.
CHANGES SINCE 4.7.0rc1
======================
o Jeffrey Altman

* BUG 12894: CVE-2017-11103: Orpheus\' Lyre KDC-REP service name validation

Mon Aug 28 14:00:00 2017 mdbuildAATTuse.startmail.com
- Changes since 4.6.6:
o Jeremy Allison

* BUG 12836: s3: smbd: Fix a read after free if a chained SMB1 call goes async.
o Andrew Bartlett

* BUG 11392: s4-cldap/netlogon: Match Windows 2012R2 and return
NETLOGON_NT_VERSION_5 when version unspecified.
o Ralph Boehme

* BUG 12885: s3/smbd: Let non_widelink_open() chdir() to directories directly.

* BUG 12910: s3/notifyd: Ensure notifyd doesn\'t return from
smbd_notifyd_init.
o Günther Deschner

* BUG 12840: vfs_fruit: Add fruit:model = parametric option.
o David Disseldorp

* BUG 12911: vfs_ceph: Fix cephwrap_chdir().
o Dustin L. Howett

* BUG 12720: idmap_ad: Retry query_user exactly once if we get
TLDAP_SERVER_DOWN.
o Thomas Jarosch

* BUG 12927: s3: libsmb: Fix use-after-free when accessing pointer
*p.
o Volker Lendecke

* BUG 12925: smbd: Fix a connection run-down race condition.
o Stefan Metzmacher

* BUG 12782: winbindd changes the local password and gets
NT_STATUS_WRONG_PASSWORD for the remote change.

* BUG 12890: s3:smbd: consistently use talloc_tos() memory for
rpc_pipe_open_interface().
o Noel Power

* BUG 12937: smbcacls: Don\'t fail against a directory on Windows using SMB2.
o Arvid Requate

* BUG 11392: s4-dsdb/netlogon: Allow missing ntver in cldap ping.
o Garming Sam

* BUG 12813: dnsserver: Stop dns_name_equal doing OOB read.
o Andreas Schneider

* BUG 12886: s3:client: The smbspool krb5 wrapper needs negotiate for
authentication.
o Martin Schwenke

* BUG 12898: ctdb-common: Set close-on-exec when creating PID file.

Wed Jul 12 14:00:00 2017 mdbuildAATTuse.startmail.com
- This is a security release in order to address the following defect:
o CVE-2017-11103 (Orpheus\' Lyre mutual authentication validation bypass)
=======
Details
=======
o CVE-2017-11103 (Heimdal):
All versions of Samba from 4.0.0 onwards using embedded Heimdal
Kerberos are vulnerable to a man-in-the-middle attack impersonating
a trusted server, who may gain elevated access to the domain by
returning malicious replication or authorization data.
Samba binaries built against MIT Kerberos are not vulnerable.
Changes since 4.6.5:
o Jeffrey Altman

* BUG 12894: CVE-2017-11103: Orpheus\' Lyre KDC-REP service name validation

Tue Jun 6 14:00:00 2017 mdbuildAATTuse.startmail.com
- Changes since 4.6.4:
o Jeremy Allison

* BUG 12804: s3: VFS: Catia: Ensure path name is also converted.
o Christian Ambach

* BUG 12765: s3:smbcacls add prompt for password.
o Ralph Boehme

* BUG 12562: vfs_acl_xattr|tdb: Ensure create mask is at least 0666 if
ignore_system_acls is set.

* BUG 12702: Wrong sid->uid mapping for SIDs residing in sIDHistory.

* BUG 12749: vfs_fruit: lp_case_sensitive() does not return a bool.

* BUG 12766: s3/smbd: Update exclusive oplock optimisation to the lease area.

* BUG 12798: s3/smbd: Fix exclusive lease optimisation.
o Alexander Bokovoy

* BUG 12751: Allow passing trusted domain password as plain-text to PASSDB
layer.

* BUG 12764: systemd: Fix detection of libsystemd.
o Amitay Isaacs

* BUG 12697: ctdb-readonly: Avoid a tight loop waiting for revoke to
complete.

* BUG 12770: ctdb-logging: Initialize DEBUGLEVEL before changing the value.
o Shilpa Krishnareddy

* BUG 12756: notify: Fix ordering of events in notifyd.
o Volker Lendecke

* BUG 12757: idmap_rfc2307: Lookup of more than two SIDs fails.
o Stefan Metzmacher

* BUG 12767: samba-tool: Let \'samba-tool user syncpasswords\' report deletions
immediately.
o Doug Nazar

* BUG 12760: s3: smbd: inotify_map_mask_to_filter incorrectly indexes an
array.
o Andreas Schneider

* BUG 12687: vfs_expand_msdfs tries to open the remote address as a file
path.
o Martin Schwenke

* BUG 12802: \'ctdb nodestatus\' incorrectly displays status for all nodes with
wrong exit code.

* BUG 12814: ctdb-common: Fix crash in logging initialisation.

Wed May 24 14:00:00 2017 mdbuildAATTuse.startmail.com
-
o CVE-2017-7494 (Remote code execution from a writable share)
=======
Details
=======
o CVE-2017-7494:
All versions of Samba from 3.5.0 onwards are vulnerable to a remote
code execution vulnerability, allowing a malicious client to upload a
shared library to a writable share, and then cause the server to load
and execute it.
Changes since 4.6.3:
o Volker Lendecke

* BUG 12780: CVE-2017-7494: Avoid remote code execution from a writable
share.

Tue Apr 25 14:00:00 2017 mdbuildAATTuse.startmail.com
- Changes since 4.6.2:
o Michael Adam

* BUG 12743: s3:vfs:shadow_copy2: vfs_shadow_copy2 fails to list snapshots
from shares with GlusterFS backend.
o Jeremy Allison

* BUG 12559: Fix for Solaris C compiler.

* BUG 12628: s3: locking: Update oplock optimization for the leases era.

* BUG 12693: Make the Solaris C compiler happy.

* BUG 12695: s3: libgpo: Allow skipping GPO objects that don\'t have the
expected LDAP attributes.

* BUG 12747: Fix buffer overflow caused by wrong use of getgroups.
o Hanno Boeck

* BUG 12746: lib: debug: Avoid negative array access.

* BUG 12748: cleanupdb: Fix a memory read error.
o Ralph Boehme

* BUG 7537: streams_xattr and kernel oplocks results in
NT_STATUS_NETWORK_BUSY.

* BUG 11961: winbindd: idmap_autorid allocates ids for unknown SIDs from other
backends.

* BUG 12565: vfs_fruit: Resource fork open request with
flags=O_CREAT|O_RDONLY.

* BUG 12615: manpages/vfs_fruit: Document global options.

* BUG 12624: lib/pthreadpool: Fix a memory leak.

* BUG 12727: Lookup-domain for well-known SIDs on a DC.

* BUG 12728: winbindd: Fix error handling in rpc_lookup_sids().

* BUG 12729: winbindd: Trigger possible passdb_dsdb initialisation.
o Alexander Bokovoy

* BUG 12611: credentials_krb5: use gss_acquire_cred for client-side GSSAPI
use case.

* BUG 12690: lib/crypto: Implement samba.crypto Python module for RC4.
o Amitay Isaacs

* BUG 12697: ctdb-readonly: Avoid a tight loop waiting for revoke to
complete.

* BUG 12723: ctdb_event monitor command crashes if event is not specified.

* BUG 12733: ctdb-docs: Fix documentation of \"-n\" option to \'ctdb tool\'.
o Volker Lendecke

* BUG 12558: smbd: Fix smb1 findfirst with DFS.

* BUG 12610: smbd: Do an early exit on negprot failure.

* BUG 12699: winbindd: Fix substitution for \'template homedir\'.
o Stefan Metzmacher

* BUG 12554: s4:kdc: Disable principal based autodetected referral detection.

* BUG 12613: idmap_autorid: Allocate new domain range if the callers knows
the sid is valid.

* BUG 12724: LINKFLAGS_PYEMBED should not contain -L/some/path.

* BUG 12725: PAM auth with WBFLAG_PAM_GET_PWD_POLICY returns wrong policy for
trusted domain.

* BUG 12731: rpcclient: Allow -U\'OTHERDOMAIN\\user\' again.
o Christof Schmitt

* BUG 12725: winbindd: Fix password policy for pam authentication.
o Andreas Schneider

* BUG 12554: s3:gse: Correctly handle external trusts with MIT.

* BUG 12611: auth/credentials: Always set the realm if we set the principal
from the ccache.

* BUG 12686: replace: Include sysmacros.h.

* BUG 12687: s3:vfs_expand_msdfs: Do not open the remote address as a file.

* BUG 12704: s3:libsmb: Only print error message if kerberos use is forced.

* BUG 12708: winbindd: Child process crashes when kerberos-authenticating
a user with wrong password.
o Uri Simchoni

* BUG 12715: vfs_fruit: Office document opens as read-only on macOS due to
CNID semantics.

* BUG 12737: vfs_acl_xattr: Fix failure to get ACL on Linux if memory is
fragmented.

Fri Mar 31 14:00:00 2017 mdbuildAATTuse.startmail.com
- This is a bug fix release to address a regression introduced by the security
fixes for CVE-2017-2619 (Symlink race allows access outside share definition).
Please see https://bugzilla.samba.org/show_bug.cgi?id=12721 for details.
Changes since 4.6.1:
o Jeremy Allison

* BUG 12721: Fix regression with \"follow symlinks = no\".

Thu Mar 23 13:00:00 2017 mdbuildAATTuse.startmail.com
-
Changes since 4.6.0:
o Jeremy Allison

* BUG 12496: CVE-2017-2619: Symlink race permits opening files outside share
directory.
o Ralph Boehme

* BUG 12496: CVE-2017-2619: Symlink race permits opening files outside share
directory.
-

Fri Feb 3 13:00:00 2017 mdbuildAATTuse.startmail.com
- Changes since 4.5.4:
o Amitay Isaacs

* BUG 12469: ctdb-locking: Explicitly unlock record/db in lock helper.
o Björn Jacke

* BUG 12535: vfs_default: Unlock the right file in copy chunk.
o Martin Schwenke

* BUG 12512: ctdb-scripts: Fix remaining uses of \"ctdb gratiousarp\".

* BUG 12516: /etc/iproute2/rt_tables gets populated with multiple
\'default\' entries.
Changes since 4.5.3:
o Jeremy Allison

* BUG 12460: rename_internals_fsp missing ACL permission-check on destination
folder.

* BUG 12466: lib: security: se_access_check() incorrectly processes owner
rights (S-1-3-4) DENY ace entries.

* BUG 12467: s3: ntlm_auth: Don\'t corrupt the output stream with debug
messages.

* BUG 12479: s3: libsmb: Add cli_smb2_ftruncate(), plumb into
cli_ftruncate().
o Ralph Boehme

* BUG 12396: s3/smbd: Remove a misleading error message.

* BUG 12412: vfs_fruit: Fix \"fruit:resource\" option spelling, but not
behaviour.

* BUG 12485: ctdbd_conn: Fix a resource leak.
o David Disseldorp

* BUG 12144: smbd/ioctl: match WS2016 ReFS set compression behaviour.
o Björn Jacke

* BUG 2210: pam: Map more NT password errors to PAM errors.
o Volker Lendecke

* BUG 12484: winbindd: Use idmap cache in xids2sids.

* BUG 12509: messaging: Fix dead but not cleaned-up-yet destination sockets.
o Stefan Metzmacher

* BUG 12480: kinit succeeded but ads_sasl_spnego_gensec_bind(KRB5) failed: An
internal error occurred (with MIT krb5).
o Andreas Schneider

* BUG 12183: printing: Fix building with CUPS version older than 1.7.

* BUG 12441: s3:libads: Include system /etc/krb5.conf if we use MIT Kerberos.
o Martin Schwenke

* BUG 12470: Fix ctdb ip bugs.
This is a security release in order to address the following defects:
o CVE-2016-2123 (Samba NDR Parsing ndr_pull_dnsp_name Heap-based Buffer
Overflow Remote Code Execution Vulnerability).
o CVE-2016-2125 (Unconditional privilege delegation to Kerberos servers in
trusted realms).
o CVE-2016-2126 (Flaws in Kerberos PAC validation can trigger privilege
elevation).
=======
Details
=======
o CVE-2016-2123:
The Samba routine ndr_pull_dnsp_name contains an integer wrap problem,
leading to an attacker-controlled memory overwrite. ndr_pull_dnsp_name
parses data from the Samba Active Directory ldb database. Any user
who can write to the dnsRecord attribute over LDAP can trigger this
memory corruption.
By default, all authenticated LDAP users can write to the dnsRecord
attribute on new DNS objects. This makes the defect a remote privilege
escalation.
o CVE-2016-2125
Samba client code always requests a forwardable ticket
when using Kerberos authentication. This means the
target server, which must be in the current or trusted
domain/realm, is given a valid general purpose Kerberos
\"Ticket Granting Ticket\" (TGT), which can be used to
fully impersonate the authenticated user or service.
o CVE-2016-2126
A remote, authenticated, attacker can cause the winbindd process
to crash using a legitimate Kerberos ticket due to incorrect
handling of the arcfour-hmac-md5 PAC checksum.
A local service with access to the winbindd privileged pipe can
cause winbindd to cache elevated access permissions.
Changes since 4.5.2:
o Volker Lendecke

* BUG 12409: CVE-2016-2123: Fix DNS vuln ZDI-CAN-3995.
o Stefan Metzmacher

* BUG 12445: CVE-2016-2125: Don\'t send delegated credentials to all servers.

* BUG 12446: CVE-2016-2126: auth/kerberos: Only allow known checksum types in
check_pac_checksum().
Changes since 4.5.1:
o Michael Adam

* BUG 12404: vfs:glusterfs: Preallocate result for glfs_realpath.
o Jeremy Allison

* BUG 12384: s3: vfs: Remove files/directories after the streams are deleted.

* BUG 12387: s3: vfs_streams_depot: Use conn->connectpath not conn->cwd.

* BUG 12436: s3/smbd: Fix the last resort check that sets the file type
attribute.
o Andrew Bartlett

* BUG 9954: dsdb: Create RID Set as SYSTEM.

* BUG 12297: dbcheck: Correct message for orphaned backlinks.

* BUG 12395: build: Fix build with perl on debian sid.

* BUG 12398: Fix errors in extended operations (like allocating a RID Set).
o Günther Deschner

* BUG 11197: spoolss: Use correct values for secdesc and devmode pointers.
o Clive Ferreira

* BUG 12394: objectclass_attrs: Only abort on a missing attribute when an
attribute is both MUST and replicated.
o Amitay Isaacs

* BUG 12366: provision,dlz-bind: Add support for BIND 9.11.x.

* BUG 12392: ctdb-locking: Reset real-time priority in lock helper.

* BUG 12407: ctdb-scripts: Fix calculation of CTDB_BASE.

* BUG 12434: ctdb-recovery: Avoid NULL dereference in failure case.
o Stefan Metzmacher

* BUG 10297: s3:smbd: Only pass UCF_PREP_CREATEFILE to filename_convert() if
we may create a new file.
o Mathieu Parent

* BUG 12371: ctdb-scripts: Fix Debian init in samba eventscript.
o Garming Sam

* BUG 9954: samba_tool/fsmo: Allocate RID Set when seizing RID manager.

* BUG 10882: s4-auth: Don\'t check for NULL saltPrincipal if it doesn\'t need
it.

* BUG 12297: upgradeprovision: Remove objectCategory from constructed attrs.

* BUG 12385: collect_tombstones: Allow links to recycled objects to be
deleted.
o Andreas Schneider

* BUG 12183: s3-printing: Correctly encode CUPS printer URIs.

* BUG 12195: s3-printing: Allow printer names longer than 16 chars.

* BUG 12269: nss_wins: Fix errno values for HOST_NOT_FOUND.

* BUG 12405: s3-winbind: Do not return NO_MEMORY if we have an empty user
list.

* BUG 12415: s3:spoolss: Add support for COPY_FROM_DIRECTORY in
AddPrinterDriverEx.
o Martin Schwenke

* BUG 12104: ctdb-packaging: Move CTDB tests to /usr/local/share/ctdb/tests/.
o Uri Simchoni

* BUG 12375: smbd: In ntlm auth, do not map empty domain in case of
\\userAATTrealm.
o Ralph Wuerthner

* BUG 12372: ctdb-conn: Add missing variable initialization.
- Update to 4.4.5
+ Stefan Metzmacher

* BUG 11860: CVE-2016-2119: Fix client side SMB2 signing downgrade.

* BUG 11948: Total dcerpc response payload more than 0x400000.
- Update to 4.4.4
+ Michael Adam

* BUG 11809: SMB3 multichannel: Add implementation of missing channel sequence
number verification.

* BUG 11919: smbd:close: Only remove kernel share modes if they had been
taken at open.

* BUG 11930: notifyd: Prevent NULL deref segfault in notifyd_peer_destructor.
+ Jeremy Allison

* BUG 10618: s3: auth: Move the declaration of struct dom_sid tmp_sid to
function level scope.
+ Christian Ambach

* BUG 10796: s3:rpcclient: Make \'--pw-nt-hash\' option work.

* BUG 11354: s3:libsmb/clifile: Use correct value for MaxParameterCount for
setting EAs.

* BUG 11438: Fix case sensitivity issues over SMB2 or above.
+ Ralph Boehme

* BUG 1703: s3:libnet:libnet_join: Add netbios aliases as SPNs.

* BUG 11721: vfs_fruit: Add an option that allows disabling POSIX rename
behaviour.
+ Alexander Bokovoy

* BUG 11936: s3-smbd: Support systemd 230.
+ Ira Cooper

* BUG 11907: source3: Honor the core soft limit of the OS.
+ Günther Deschner

* BUG 11809: SMB3 multichannel: Add implementation of missing channel sequence
number verification.

* BUG 11864: s3:client:smbspool_krb5_wrapper: Fix the non clearenv build.

* BUG 11906: s3-kerberos: Avoid entering a password change dialogue also when
using MIT.
+ Robin Hack

* BUG 11890: ldb-samba/ldb_matching_rules: Fix CID 1349424 - Uninitialized
pointer read.
+ Volker Lendecke

* BUG 11844: dbwrap_ctdb: Fix ENOENT->NT_STATUS_NOT_FOUND.
+ Robin McCorkell

* BUG 11276: Correctly set cli->raw_status for libsmbclient in SMB2 code.
+ Stefan Metzmacher

* BUG 11910: s3:smbd: Fix anonymous authentication if signing is mandatory.

* BUG 11912: libcli/auth: Let msrpc_parse() return talloc\'ed empty strings.

* BUG 11914: Fix NTLM Authentication issue with squid.

* BUG 11927: s3:rpcclient: make use of SMB_SIGNING_IPC_DEFAULT.
+ Luca Olivetti

* BUG 11530: pdb: Fix segfault in pdb_ldap for missing gecos.
+ Rowland Penny

* BUG 11613: Allow \'samba-tool fsmo\' to cope with empty or missing fsmo
roles.
+ Anoop C S

* BUG 11907: packaging: Set default limit for core file size in service
files.
+ Andreas Schneider

* BUG 11922: s3-net: Convert the key_name to UTF8 during migration.

* BUG 11935: s3-smbspool: Log to stderr.
+ Uri Simchoni

* BUG 11900: heimdal: Encode/decode kvno as signed integer.

* BUG 11931: s3-quotas: Fix sysquotas_4B quota fetching for BSD.

* BUG 11937: smbd: dfree: Ignore quota if not enforced.
+ Raghavendra Talur

* BUG 11907: init: Set core file size to unlimited by default.
+ Hemanth Thummala

* BUG 11934: Fix memory leak in share mode locking.
- Update to 4.4.3
- Update to 4.4.2
+ + A man-in-the-middle can downgrade NTLMSSP authentication;
+ CVE-2016-2110; (bso#11688); (bsc#973031).
+ + Domain controller netlogon member computer can be spoofed;
+ CVE-2016-2111; (bso#11749); (bsc#973032).
+ + LDAP conenctions vulnerable to downgrade and MITM attack;
+ CVE-2016-2112; (bso#11644); (bsc#973033).
+ + TLS certificate validation missing; CVE-2016-2113; (bso#11752);
+ (bsc#973034).
+ + Named pipe IPC vulnerable to MITM attacks; CVE-2016-2115;
+ (bso#11756); (bsc#973036).
+ + \"Badlock\" DCERPC impersonation of authenticated account possible;
+ CVE-2016-2118; (bso#11804); (bsc#971965).
+ + DCERPC server and client vulnerable to DOS and MITM attacks;
+ CVE-2015-5370; (bso#11344); (bsc#936862).
- Update to 4.4.0.
+ + Read of uninitialized memory DNS TXT handling; (bso#11128); (bso#11686);
+ CVE-2016-0771.
+ + Getting and setting Windows ACLs on symlinks can change permissions on link
+ target; (bso#11648); CVE-2015-7560.
+ + Sockets with htons(IPPROTO_RAW); (bso#11705); CVE-2015-8543.
+ + s3: smbd: posix_acls: Fix check for setting u:g:o entry on a filesystem
+ with no ACL support; (bso#10489).
+ + docs: Add example for domain logins to smbspool man page; (bso#11643).
+ + smbd: Show correct disk size for different quota and dfree block sizes;
+ (bso#11681).
+ + docs: Add smbspool_krb5_wrapper manpage; (bso#11690).
+ + winbindd: Return trust parameters when listing trusts; (bso#11691).
+ + ctdb: Do not provide a useless pkgconfig file for ctdb; (bso#11696).
+ + Crypto.Cipher.ARC4 is not available on some platforms, fallback to
+ M2Crypto.RC4.RC4 then; (bso#11699).
+ + s3:utils/smbget: Set default blocksize; (bso#11700).
+ + Streamline \'smbget\' options with the rest of the Samba utils; (bso#11700).
+ + s3:clispnego: Fix confusing warning in spnego_gen_krb5_wrap(); (bso#11702).
+ + s3: smbd: Fix timestamp rounding inside SMB2 create; (bso#11703).
+ + loadparm: Fix memory leak issue; (bso#11708).
+ + lib/tsocket: Work around sockets not supporting FIONREAD; (bso#11714).
+ + s3:vfs:glusterfs: Fix build after quota changes; (bso#11715).
+ + ctdb-scripts: Drop use of \"smbcontrol winbindd ip-dropped ...\"; (bso#11719).
+ + lib:socket: Fix CID 1350010: Integer OVERFLOW_BEFORE_WIDEN; (bso#11723).
+ + smbd: Fix CID 1351215 Improper use of negative value; (bso#11724).
+ + smbd: Fix CID 1351216 Dereference null return value; (bso#11725).
+ + s3:smbd:open: Skip redundant call to file_set_dosmode when creating a new
+ file; (bso#11727).
+ + docs: Add manpage for cifsdd; (bso#11730).
+ + param: Fix str_list_v3 to accept ; again; (bso#11732).
+ + lib/socket: Fix improper use of default interface speed; (bso#11734).
+ + lib:socket: Fix CID 1350009: Fix illegal memory accesses
+ (BUFFER_SIZE_WARNING); (bso#11735).
+ + libcli: Fix debug message, print sid string for new_ace trustee;
+ (bso#11738).
+ + Fix installation path of Samba helper binaries; (bso#11739).
+ + Fix memory leak in loadparm; (bso#11740).
+ + tevent: version 0.9.28: Fix memory leak when old signal action restored;
+ (bso#11742).
+ + smbd: Ignore SVHDX create context; (bso#11753).
+ + Fix net join; (bso#11755).
+ + s3:libads: setup the msDS-SupportedEncryptionTypes attribute on ldap_add;
+ (bso#11755).
+ + passdb: Add linefeed to debug message; (bso#11763).
+ + s3:utils/smbget: Fix option parsing; (bso#11767).
+ + libnet: Make Kerberos domain join site-aware; (bso#11769).
+ + Reset TCP Connections during IP failover; (bso#11770).
+ + ldb: Version 1.1.26; (bso#11772).
+ + s3:smbd: Add negprot remote arch detection for OSX; (bso#11773).
+ + vfs_glusterfs: Fix use after free in AIO callback; (bso#11774).
+ + mkdir can return ACCESS_DENIED incorrectly on create race; (bso#11780).
+ + \"trustdom_list_done: Got invalid trustdom response\" message should be
+ avoided; (bso#11782).
+ + Mismatch between local and remote attribute ids lets replication fail with
+ custom schema; (bso#11783).
+ + Quota is not supported on Solaris 10; (bso#11788).
+ + Talloc: Version 2.1.6; (bso#11789).
+ + smbd: Enable multi-channel if \'server multi channel support = yes\' in the
+ config; (bso#11796).
+ + build: Fix build when \'--without-quota\' specified; (bso#11798).
+ + lib/socket/interfaces: Fix some uninitialied bytes; (bso#11802).
+ + Access based share enum: handle permission set in configuration files;
+ (bso#8093).
+ + See also WHATSNEW.txt from the samba-doc package.
- Update to 4.3.6.
+ Getting and setting Windows ACLs on symlinks can change permissions on link
target; CVE-2015-7560; (bso#11648); (bsc#968222).
+ Fix Out-of-bounds read in internal DNS server; CVE-2016-0771;
(bso#11128); (bso#11686); (bsc#968223).
- Update to 4.3.5.
+ s3:utils/smbget: Fix recursive download; (bso#6482).
+ s3: smbd: posix_acls: Fix check for setting u:g:o entry on a filesystemi
with no ACL support; (bso#10489).
+ s3:smbd/oplock: Obey kernel oplock setting when releasing oplocks;
(bso#11400).
+ vfs_shadow_copy2: Fix case where snapshots are outside the share;
(bso#11580).
+ smbclient: Query disk usage relative to current directory; (bso#11662).
+ winbindd: Handle expired sessions correctly; (bso#11670).
+ smbd: Show correct disk size for different quota and dfree block sizes;
(bso#11681).
+ smbcacls: Fix uninitialized variable; (bso#11682).
+ s3:smbd: Ignore initial allocation size for directory creation;
(bso#11684).
+ s3-client: Add a KRB5 wrapper for smbspool; (bso#11690).
+ s3-parm: Clean up defaults when removing global parameters; (bso#11693).
+ Use M2Crypto.RC4.RC4 on platforms without Crypto.Cipher.ARC4; (bso#11699).
+ s3: smbd: Fix timestamp rounding inside SMB2 create; (bso#11703).
+ ctdb: Remove error messages after kernel security update; CVE-2015-8543;
(bso#11705).
+ loadparm: Fix memory leak issue; (bso#11708).
+ lib/tsocket: Work around sockets not supporting FIONREAD; (bso#11714).
+ ctdb-scripts: Drop use of \"smbcontrol winbindd ip-dropped ...\";
(bso#11719).
+ s3:smbd:open: Skip redundant call to file_set_dosmode when creating a new
file; (bso#11727).
+ param: Fix str_list_v3 to accept \";\" again; (bso#11732).
- Update to 4.3.4.
o Michael Adam

* BUG 11619: doc: Fix a typo in the smb.conf manpage, explanation of idmap
config.

* BUG 11647: s3:smbd: Fix a corner case of the symlink verification.
o Jeremy Allison

* BUG 11624: s3: libsmb: Correctly initialize the list head when keeping a
list of primary followed by DFS connections.

* BUG 11625: Reduce the memory footprint of empty string options.
o Douglas Bagnall

* BUG 11659: Update lastLogon and lastLogonTimestamp.
o Ralph Boehme

* BUG 11065: vfs_fruit: Enable POSIX directory rename semantics.

* BUG 11466: Copying files with vfs_fruit fails when using vfs_streams_xattr
without stream prefix and type suffix.

* BUG 11645: smbd: Make \"hide dot files\" option work with \"store dos
attributes = yes\".
o Günther Deschner

* BUG 11639: lib/async_req: Do not install async_connect_send_test.
o Stefan Metzmacher

* BUG 11394: Crash: Bad talloc magic value - access after free.
o Rowland Penny

* BUG 11613: samba-tool: Fix uncaught exception if no fSMORoleOwner
attribute is given.
o Karolin Seeger

* BUG 11619: docs: Fix some typos in the idmap backend section.

* BUG 11641: docs: Fix typos in man vfs_gpfs.
o Uri Simchoni

* BUG 11649: smbd: Do not disable \"store dos attributes\" on-the-fly.

Sun Dec 20 13:00:00 2015 mdbuildAATTuse.startmail.com
- Update to 4.3.3.
+ Malicious request can cause Samba LDAP server to hang, spinning using CPU;
CVE-2015-3223; (bso#11325); (bnc#958581).
+ Remote read memory exploit in LDB; CVE-2015-5330; (bso#11599);
(bnc#958586).
+ Insufficient symlink verification (file access outside the share);
CVE-2015-5252; (bso#11395); (bnc#958582).
+ No man in the middle protection when forcing smb encryption on the client
side; CVE-2015-5296; (bso#11536); (bnc#958584).
+ Currently the snapshot browsing is not secure thru windows previous version
(shadow_copy2); CVE-2015-5299; (bso#11529); (bnc#958583).
+ Fix Microsoft MS15-096 to prevent machine accounts from being changed into
user accounts; CVE-2015-8467; (bso#11552); (bnc#958585).
- Add directorys & permissions for \"ntpd_signed\" & \"/var/lib/samba/private/dns\" to samba-tmpfiles.conf
- Add BuildRequires / Requires: bind & ntp
- Changed Source (source_location)
- Changed tmp-files: /var/run -> /run
Sun Oct 25 20:19:33 UTC 2015 -
- Update to 4.3.2.
+ vfs_gpfs: Re-enable share modes; (bso#11243).
+ dcerpc.idl: Accept invalid dcerpc_bind_nak pdus; (bso#11327).
+ s3-smbd: Fix old DOS client doing wildcard delete - gives an attribute
type of zero; (bso#11452).
+ Add libreplace dependency to texpect, fixes a linking error on Solaris;
(bso#11511).
+ s4: Fix linking of \'smbtorture\' on Solaris; (bso#11512).
+ s4:lib/messaging: Use correct path for names.tdb; (bso#11562).
+ Fix segfault of \'net ads (join|leave) -S INVALID\' with nss_wins;
(bso#11563).
+ async_req: Fix non-blocking connect(); (bso#11564).
+ auth: gensec: Fix a memory leak; (bso#11565).
+ lib: util: Make non-critical message a warning; (bso#11566).
+ Fix winbindd crashes with samlogon for trusted domain user; (bso#11569).
+ smbd: Send SMB2 oplock breaks unencrypted; (bso#11570).
+ ctdb: Open the RO tracking db with perms 0600 instead of 0000; (bso#11577).
+ s3:smb2_server: Make the logic of SMB2_CANCEL DLIST_REMOVE() clearer;
(bso#11581).
+ s3-smbd: Fix use after issue in smbd_smb2_request_dispatch(); (bso#11581).
+ manpage: Correct small typo error; (bso#11584).
+ s3: smbd: If EAs are turned off on a share don\'t allow an SMB2 create
containing them; (bso#11589).
+ Backport some valgrind fixes from upstream master; (bso#11597).
+ auth: Consistent handling of well-known alias as primary gid; (bso#11608).
+ winbind: Fix crash on invalid idmap configs; (bso#11612).
+ s3: smbd: have_file_open_below() fails to enumerate open files below an
open directory handle; (bso#11615).
+ Changing log level of two entries to DBG_NOTICE; (bso#9912).
Sonday Oct 25 21:08:15 UTC 2015 -
- Update to 4.3.1
+ s3: smbd: Fix our access-based enumeration on \"hide unreadable\" to match
Windows; (bso#10252).
+ nss_winbind: Fix hang on Solaris on big groups; (bso#10365).
+ smbd: Fix file name buflen and padding in notify repsonse; (bso#10634).
+ kerberos: Make sure we only use prompter type when available;
winbind: Fix 100% loop; (bso#11038).
+ source3/lib/msghdr.c: Fix compiling error on Solaris; (bso#11053).
+ s3:ctdbd_conn: make sure we destroy tevent_fd before closing the socket;
(bso#11316).
+ s3: smbd: Fix mkdir race condition; (bso#11486).
+ pam_winbind: Fix a segfault if initialization fails; (bso#11502).
+ s3: dfs: Fix a crash when the dfs targets are disabled; (bso#11509).
+ s4:lib/messaging: Use \'msg.lock\' and \'msg.sock\' for messaging related
subdirs; (bso#11515).
+ s3: smbd: Fix opening/creating :stream files on the root share directory;
(bso#11522).
+ lib/param: Fix hiding of FLAG_SYNONYM values; (bso#11526).
+ net: Fix a crash with \'net ads keytab create\'; (bso#11528).
+ s3: smbd: Fix a crash in unix_convert(); (bso#11535).
+ s3: smbd: Fix NULL pointer bug introduced by previous \'raw\' stream fix
(bso#11522); (bso#11535).
+ vfs_fruit: Return value of ad_pack in vfs_fruit.c; (bso#11543).
+ vfs_commit: set the fd on open before calling SMB_VFS_FSTAT; (bso#11547).
+ s3:locking: Initialize lease pointer in share_mode_traverse_fn();
(bso#11549).
+ s3:smbstatus: Add stream name to share_entry_forall(); (bso#11550).
+ s3:lib: Validate domain name in lookup_wellknown_name(); (bso#11555).
+ s3: lsa: lookup_name() logic for unqualified (no DOMAIN component) names
is incorrect; (bso#11555).