Major features included in the 3.0.25 code base are:
o Significant improvements in the winbind off-line logon support.
o Support for secure DDNS updates as part of the 'net ads join'
process.
o Rewritten IdMap interface which allows for TTL based caching and
per domain backends.
o New plug-in interface for the "winbind nss info" parameter.
o New file change notify subsystem which is able to make use of
inotify on Linux.
o Support for passing Windows security descriptors to a VFS
plug-in allowing for multiple Unix ACL implements to running
side by side on the Same server.
o Improved compatibility with Windows Vista clients including
improved read performance with Linux servers.
o Man pages for IdMap and VFS plug-ins.
Security Fixes included in the Samba 3.0.25 release are:
o CVE-2007-2444
Versions: Samba 3.0.23d - 3.0.25pre2
Local SID/Name translation bug can result in
user privilege elevation
o CVE-2007-2446
Versions: Samba 3.0.0 - 3.0.24
Multiple heap overflows allow remote code execution
o CVE-2007-2447
Versions: Samba 3.0.0 - 3.0.24
Unescaped user input parameters are passed as
arguments to /bin/sh allowing for remote command
execution
PR: ports/112836
Submitted by: maintainer
Approved by: portmgr (self)
- Update to 3.0.23c
Common bugs fixed in 3.0.23c include: [1]
o Authentication failures in pam_winbind when the AD domain
policy is set to not expire passwords.
o Authorization failures when using smb.conf options such
as "valid users" with the smbpasswd passdb backend.
*** net/samba-libsmbclient: [2]
- Small cosmetic changes
*** net/py-samba: [3]
- Reset PORTREVISION back, as master port version bumped
PR: ports/102805 [1]
ports/102806 [2]
ports/102807 [3]
Submitted by: Timur I. Bakeyev <timur@gnu.org> (maintainer)
