Major features included in the 3.0.25 code base are:
o Significant improvements in the winbind off-line logon support.
o Support for secure DDNS updates as part of the 'net ads join'
process.
o Rewritten IdMap interface which allows for TTL based caching and
per domain backends.
o New plug-in interface for the "winbind nss info" parameter.
o New file change notify subsystem which is able to make use of
inotify on Linux.
o Support for passing Windows security descriptors to a VFS
plug-in allowing for multiple Unix ACL implements to running
side by side on the Same server.
o Improved compatibility with Windows Vista clients including
improved read performance with Linux servers.
o Man pages for IdMap and VFS plug-ins.
Security Fixes included in the Samba 3.0.25 release are:
o CVE-2007-2444
Versions: Samba 3.0.23d - 3.0.25pre2
Local SID/Name translation bug can result in
user privilege elevation
o CVE-2007-2446
Versions: Samba 3.0.0 - 3.0.24
Multiple heap overflows allow remote code execution
o CVE-2007-2447
Versions: Samba 3.0.0 - 3.0.24
Unescaped user input parameters are passed as
arguments to /bin/sh allowing for remote command
execution
PR: ports/112836
Submitted by: maintainer
Approved by: portmgr (self)
After recent release of Samba 3.0.23c and corresponding version of
port several problems with it were reported back by the users.
- Fix for the broken OPTIONS menu due overlong line. That addresses PR
ports/103158 and ports/102980
- Fix build on FreeBSD 7. PR ports/102919.
- Several fixes to the rc.d/samba script, as well as a new code.
Should handle 'restart' properly now.
- Remove enforcement of a daemon shutdown during deinstallation due
several requests.
- SAMBA_PRIVATEDIR can now be redefined.
- Warn the user if FAM_SUPPORT is enabled contrary to the selected
OPTIONS. [2]
PR: ports/103170 [1] ports/103276 [2]
Submitted by: Timur I. Bakeyev <timur@gnu.org> (mainainer) [1],
Scot Hetzel <swhetzel@gmail.com> [2]
Approved by: maintainer [2]
Additional features introduced in Samba 3.0.20 include:
o Support for several new Win32 rpc pipes.
o Improved support for OS/2 clients.
o New 'net rpc service' tool for managing Win32 services.
o Capability to set the owner on new files and directory
based on the parent's ownership.
o Experimental, asynchronous IO file serving support.
o Completed Support for Microsoft Print Migrator.
o New Winbind IDmap plugin (ad) for retrieving uid and gid
from AD servers which maintain the SFU user and group
attributes.
o Rewritten support for POSIX pathnames when utilizing
the Linux CIFS fs client.
o New asynchronous winbindd.
o Support for Microsoft Print Migrator.
o New Windows NT registry file I/O library.
o New user right (SeTakeOwnershipPrivilege) added.
o New "net share migrate" options.
PR: 85276
Submitted by: Timur I. Bakeyev (maintainer)
Approved by: perky (mentor)
