3.0.26a. Detailed list of all the changes can be found:
http://www.samba.org/samba/history/samba-3.0.26a.html
Changes are:
o Memory leaks in Winbind's IDMap manager.
o CVE-2007-4138 - Incorrect primary group assignment for domain
users using the rfc2307 or sfu winbind nss info plugin.
o File sharing with Widows 9x clients.
o Winbind running out of file descriptors due to stalled child
processes.
o MS-DFS inter-operability issues.
o Offline caching of files with Windows XP/Vista clients.
o Improper cleanup of expired or invalid byte range locks on files.
o Crashes is idmap_ldap and idmap_rid.
Approved by: shaun (mentor)
Major bug fixes included in Samba 3.0.25a are:
o Missing supplementary Unix group membership when using "force
group".
o Premature expiration of domain user passwords when using a
Samba domain controller.
o Failure to open the Windows object picker against a server
configured to use "security = domain".
* Authentication failures when using security = server.
Plus additional local fixes.
PR: ports/113358
Submitted by: maintainer
Major features included in the 3.0.25 code base are:
o Significant improvements in the winbind off-line logon support.
o Support for secure DDNS updates as part of the 'net ads join'
process.
o Rewritten IdMap interface which allows for TTL based caching and
per domain backends.
o New plug-in interface for the "winbind nss info" parameter.
o New file change notify subsystem which is able to make use of
inotify on Linux.
o Support for passing Windows security descriptors to a VFS
plug-in allowing for multiple Unix ACL implements to running
side by side on the Same server.
o Improved compatibility with Windows Vista clients including
improved read performance with Linux servers.
o Man pages for IdMap and VFS plug-ins.
Security Fixes included in the Samba 3.0.25 release are:
o CVE-2007-2444
Versions: Samba 3.0.23d - 3.0.25pre2
Local SID/Name translation bug can result in
user privilege elevation
o CVE-2007-2446
Versions: Samba 3.0.0 - 3.0.24
Multiple heap overflows allow remote code execution
o CVE-2007-2447
Versions: Samba 3.0.0 - 3.0.24
Unescaped user input parameters are passed as
arguments to /bin/sh allowing for remote command
execution
PR: ports/112836
Submitted by: maintainer
Approved by: portmgr (self)
This release contains fixes for the following security advisories:
o CVE-2007-0452 (Potential Denial of Service bug in smbd)
o CVE-2007-0453 (Buffer overrun in NSS host lookup Winbind
NSS library on Solaris)
o CVE-2007-0454 (Format string bug in afsacl.so VFS plugin)
- Improve RC-file.
PR: ports/108803
Submitted by: maintainer
After recent release of Samba 3.0.23c and corresponding version of
port several problems with it were reported back by the users.
- Fix for the broken OPTIONS menu due overlong line. That addresses PR
ports/103158 and ports/102980
- Fix build on FreeBSD 7. PR ports/102919.
- Several fixes to the rc.d/samba script, as well as a new code.
Should handle 'restart' properly now.
- Remove enforcement of a daemon shutdown during deinstallation due
several requests.
- SAMBA_PRIVATEDIR can now be redefined.
- Warn the user if FAM_SUPPORT is enabled contrary to the selected
OPTIONS. [2]
PR: ports/103170 [1] ports/103276 [2]
Submitted by: Timur I. Bakeyev <timur@gnu.org> (mainainer) [1],
Scot Hetzel <swhetzel@gmail.com> [2]
Approved by: maintainer [2]
- Update to 3.0.23c
Common bugs fixed in 3.0.23c include: [1]
o Authentication failures in pam_winbind when the AD domain
policy is set to not expire passwords.
o Authorization failures when using smb.conf options such
as "valid users" with the smbpasswd passdb backend.
*** net/samba-libsmbclient: [2]
- Small cosmetic changes
*** net/py-samba: [3]
- Reset PORTREVISION back, as master port version bumped
PR: ports/102805 [1]
ports/102806 [2]
ports/102807 [3]
Submitted by: Timur I. Bakeyev <timur@gnu.org> (maintainer)
o Improved 'make test'
o New offline mode in winbindd.
o New Kerberos support for pam_winbind.so.
o New handling of unmapped users and groups.
o New non-root share management tools.
o Improved support for local and BUILTIN groups.
o Winbind IDMAP integration with RFC2307 schema objects supported
by Windows 2003 R2.
o Rewritten 'net ads join' to mimic Windows XP without requiring
administrative rights to join a domain.
PR: ports/100100
Submitted by: maintainer
Common bugs fixed in 3.0.21 include:
o Missing groups in a user's token when logging in via kerberos
o Incompatibilities with newer MS Windows hotfixes and
embedded OS platforms
o Portability and crash bugs.
o Performance issues in winbindd.
New features introduced in Samba 3.0.21 include:
o Complete NTLMv2 support by consolidating authentication
mechanism used at the CIFS and RPC layers.
o The capability to manage Unix services using the Win32
Service Control API.
o The capability to view external Unix log files via the
Microsoft Event Viewer.
o New libmsrpc share library for application developers.
o Rewrite of CIFS oplock implementation.
o Performance Counter external daemon.
o Winbindd auto-detection query methods when communicating with
a domain controller.
o The ability to enumerate long share names in libsmbclient
applications.
PR: ports/91528
Submitted by: Timur I. Bakeyev (maintainer)
Additional features introduced in Samba 3.0.20 include:
o Support for several new Win32 rpc pipes.
o Improved support for OS/2 clients.
o New 'net rpc service' tool for managing Win32 services.
o Capability to set the owner on new files and directory
based on the parent's ownership.
o Experimental, asynchronous IO file serving support.
o Completed Support for Microsoft Print Migrator.
o New Winbind IDmap plugin (ad) for retrieving uid and gid
from AD servers which maintain the SFU user and group
attributes.
o Rewritten support for POSIX pathnames when utilizing
the Linux CIFS fs client.
o New asynchronous winbindd.
o Support for Microsoft Print Migrator.
o New Windows NT registry file I/O library.
o New user right (SeTakeOwnershipPrivilege) added.
o New "net share migrate" options.
PR: 85276
Submitted by: Timur I. Bakeyev (maintainer)
Approved by: perky (mentor)
Currently, ADS support is off for the package builds, as it creates
dependency problems with Kerberos5. Also, an experimental support
for extended attributes is included.
PR: ports/79037
Submitted by: maintainer
o Problem updating roaming user profiles.
o Crash in smbd when printing from a Windows 9x client.
o Unresolved symbols in libsmbclient which caused
applications such as KDE's konqueror to fail when
accessing smb:// URLs.
PR: ports/74223
Submitted by: maintainer
- Resolve kerberos/ldap issues with libsmbclient
- Reenable iconv autodetection
- Add a small patch from Konstantin Reznichenko <kot@premierbank.dp.ua> that fixes
coredump of smbd when user add script is invoked
PR: ports/66617
Submitted by: maintainer
- Rewrite libsmbclient port to not conflict with samba port, stop installing
libsmbclient in samba port
- Split out python extensions into standalone port
PR: ports/65976
Submitted by: Timur I. Bakeyev <timur@gnu.org> (samba-devel maintainer)
Approved by: Koop Mast (samba-libsmbclient maintainer)
using smbd_enable and nmbd_enable and silence warning about samba_enable
not being set.
PR: ports/65598
Submitted by: Timur I. Bakeyev <timur@com.bat.ru> (maintainer)
Requested by: obrien
a lot of imporvements and bugfixes since 3.0.2a.
In addition following problems solved:
o linking agaist libiconv is mandatary now
o more ways of detecting Kerberos5 installation and
LIB_DEPENDS on Heimdal port if none is found -
should address problems with bentoo building as well
o fixed problem when port wasn't compilable when LDAP
wasn't chosen and ADS was.
Submitted by: Timur Bakeyev <timur@gnu.org> (maintainer)
PR: 65237
knob for Kerberos is misleading, as it is necessary only for ADS support;
the installation scripts renamed installed binaries to *.old. Also,
delete the USE_OPENLDAP_VER?= line, it is not only not needed once you
set USE_OPENLDAP=yes, it can positively interfere with LDAP version bumps
PR: ports/64057
Submitted by: Timur I. Bakeyev <timur@gnu.org> (maintainer)
Reviewd by: eik
* No(?) hidden dependencies, configuration variables for almost all available
options, with ability to negate OS defaults (PR 60414).
* Consistent ADS and WINBIND support, with all the necessary pam and nss
modules, as well as with documentation (PR 50039).
* rcNG startup script, that handles start of winbindd as well (PR 44273).
* CONFIGURE_ENV get PREFIX by default (fixes PR 61636 and PR 60254).
* Better support for hier(7) - suplimentary modules went from etc/ to
lib/samba/, log files are in /var/log/samba (PR 60254 and PR 62728).
* libsmbclient installs with all necessary symlinks (PR 60994).
* Incorporate fixes to smb.conf.default from PR 60994.
* Clean installation of manpages(no linux staff).
* Various other small fixes.
* Pass Maintainership to "Timur I. Bakeyev <timur@gnu.org>"
Submitted by: "Timur I. Bakeyev <timur@gnu.org>"
Approved by: dwcjr (old maintainer)
* Add a patch so libsmbclient.[ch] doesn't get installed, thus the CONFICTS
with samba-libsmbclient can be removed
PR: 61445
Submitted by: Koop Mast <kwm@rainbow-runner.nl>
Approved by: dwcjr (maintainer)
