3.0.26a. Detailed list of all the changes can be found:
http://www.samba.org/samba/history/samba-3.0.26a.html
Changes are:
o Memory leaks in Winbind's IDMap manager.
o CVE-2007-4138 - Incorrect primary group assignment for domain
users using the rfc2307 or sfu winbind nss info plugin.
o File sharing with Widows 9x clients.
o Winbind running out of file descriptors due to stalled child
processes.
o MS-DFS inter-operability issues.
o Offline caching of files with Windows XP/Vista clients.
o Improper cleanup of expired or invalid byte range locks on files.
o Crashes is idmap_ldap and idmap_rid.
Approved by: shaun (mentor)
Major features included in the 3.0.25 code base are:
o Significant improvements in the winbind off-line logon support.
o Support for secure DDNS updates as part of the 'net ads join'
process.
o Rewritten IdMap interface which allows for TTL based caching and
per domain backends.
o New plug-in interface for the "winbind nss info" parameter.
o New file change notify subsystem which is able to make use of
inotify on Linux.
o Support for passing Windows security descriptors to a VFS
plug-in allowing for multiple Unix ACL implements to running
side by side on the Same server.
o Improved compatibility with Windows Vista clients including
improved read performance with Linux servers.
o Man pages for IdMap and VFS plug-ins.
Security Fixes included in the Samba 3.0.25 release are:
o CVE-2007-2444
Versions: Samba 3.0.23d - 3.0.25pre2
Local SID/Name translation bug can result in
user privilege elevation
o CVE-2007-2446
Versions: Samba 3.0.0 - 3.0.24
Multiple heap overflows allow remote code execution
o CVE-2007-2447
Versions: Samba 3.0.0 - 3.0.24
Unescaped user input parameters are passed as
arguments to /bin/sh allowing for remote command
execution
PR: ports/112836
Submitted by: maintainer
Approved by: portmgr (self)
o Improved 'make test'
o New offline mode in winbindd.
o New Kerberos support for pam_winbind.so.
o New handling of unmapped users and groups.
o New non-root share management tools.
o Improved support for local and BUILTIN groups.
o Winbind IDMAP integration with RFC2307 schema objects supported
by Windows 2003 R2.
o Rewritten 'net ads join' to mimic Windows XP without requiring
administrative rights to join a domain.
PR: ports/100100
Submitted by: maintainer
Common bugs fixed in 3.0.21 include:
o Missing groups in a user's token when logging in via kerberos
o Incompatibilities with newer MS Windows hotfixes and
embedded OS platforms
o Portability and crash bugs.
o Performance issues in winbindd.
New features introduced in Samba 3.0.21 include:
o Complete NTLMv2 support by consolidating authentication
mechanism used at the CIFS and RPC layers.
o The capability to manage Unix services using the Win32
Service Control API.
o The capability to view external Unix log files via the
Microsoft Event Viewer.
o New libmsrpc share library for application developers.
o Rewrite of CIFS oplock implementation.
o Performance Counter external daemon.
o Winbindd auto-detection query methods when communicating with
a domain controller.
o The ability to enumerate long share names in libsmbclient
applications.
PR: ports/91528
Submitted by: Timur I. Bakeyev (maintainer)
Additional features introduced in Samba 3.0.20 include:
o Support for several new Win32 rpc pipes.
o Improved support for OS/2 clients.
o New 'net rpc service' tool for managing Win32 services.
o Capability to set the owner on new files and directory
based on the parent's ownership.
o Experimental, asynchronous IO file serving support.
o Completed Support for Microsoft Print Migrator.
o New Winbind IDmap plugin (ad) for retrieving uid and gid
from AD servers which maintain the SFU user and group
attributes.
o Rewritten support for POSIX pathnames when utilizing
the Linux CIFS fs client.
o New asynchronous winbindd.
o Support for Microsoft Print Migrator.
o New Windows NT registry file I/O library.
o New user right (SeTakeOwnershipPrivilege) added.
o New "net share migrate" options.
PR: 85276
Submitted by: Timur I. Bakeyev (maintainer)
Approved by: perky (mentor)
a lot of imporvements and bugfixes since 3.0.2a.
In addition following problems solved:
o linking agaist libiconv is mandatary now
o more ways of detecting Kerberos5 installation and
LIB_DEPENDS on Heimdal port if none is found -
should address problems with bentoo building as well
o fixed problem when port wasn't compilable when LDAP
wasn't chosen and ADS was.
Submitted by: Timur Bakeyev <timur@gnu.org> (maintainer)
PR: 65237
