gmane.network.samba.announce

[ANNOUNCE] Samba 4.0 alpha 20 for CCVE-2012-2111

Andrew Bartlett — 2012-05-01T10:04:09

We are proud to a announce another alpha release of Samba 4.0, alpha 20


THIS IS A SECURITY RELEASE for CVE-2012-2111, which impacts on users 
running the smbd file server from Samba4 alpha releases, but not users
running the AD Domain Controller.

What's new in Samba 4 alpha20
=============================

Samba 4.0 will be the next version of the Samba suite and incorporates
all the technology found in both the Samba4 alpha series and the
stable 3.x series. The primary additional features over Samba 3.6 are
support for the Active Directory logon protocols used by Windows 2000
and above.

SECURITY RELEASE
================

This is a security release in order to address CVE-2012-2111
(Incorrect permission checks when granting/removing privileges can
compromise file server security).

o  CVE-2012-2111:
   Samba 3.4.x to 3.6.4 are affected by a
   vulnerability that allows arbitrary users
   to modify privileges on a file server.

This is in regards to the smbd file server, which is shipped in Samba
4.0 alph

[Announce] Samba 3.6.5, 3.5.15 and 3.4.17 Security Releases Available

Karolin Seeger — 2012-04-30T12:46:35

Release Announcements
=====================

Samba 3.6.5, 3.5.15 and 3.4.17 are security releases in order to
address CVE-2012-2111.

o  CVE-2012-2111:
   Samba 3.4.x to 3.6.4 are affected by a vulnerability that allows arbitrary
   users to modify privileges on a file server.


Changes:
--------


o   Jeremy Allison <jra< at >samba.org>
    * Fix  incorrect permission checks when granting/removing
      privileges (CVE-2012-2111).


The original Security Advisory is available at
http://www.samba.org/samba/security/CVE-2012-2111.

Patches for older versions are available at
http://www.samba.org/samba/history/security.html.


######################################################################
Reporting bugs & Development Discussion
#######################################

Please discuss this release on the samba-technical mailing list or by
joining the #samba-technical IRC channel on irc.freenode.net.

If you do report problems then please try to send high quality
feedback. If you don't provide vital informatio

[ANNOUNCE] Samba 4.0 alpha 19 for CVE-2012-1182

Andrew Bartlett — 2012-04-11T03:06:43

We are proud to a announce another alpha release of Samba 4.0, alpha 19


THIS IS A SECURITY RELEASE for CVE-2012-1182, which impacted on Samba4 as well.


What's new in Samba 4 alpha19
=============================

Samba 4.0 will be the next version of the Samba suite and incorporates
all the technology found in both the Samba4 alpha series and the
stable 3.x series. The primary additional features over Samba 3.6 are
support for the Active Directory logon protocols used by Windows 2000
and above.

WARNINGS
========

Samba4 alpha19 is not a final Samba release, however we are now making
good progress towards a Samba 4.0 release, of which this is a preview.
Be aware the this release contains both the technology of Samba 3.6
(that you can reasonably expect to upgrade existing Samba 3.x releases
to) and the AD domain controller work previously known as 'samba4'.

While binaries for the stable file server are provided in this
release, for a stable, supported file server, Samba3 domain or AD
domain member instal

Re: [Announce] Samba 3.6.4,3.5.14 and 3.4.16 Security Releases Available

Karolin Seeger — 2012-04-10T17:06:34

Further information can be found in the security advisory:
http://www.samba.org/samba/security/CVE-2012-1182

Patches for older versions are available at
http://www.samba.org/samba/history/security.html.

This defect has been tracked in the following bug report:
https://bugzilla.samba.org/show_bug.cgi?id=8815.


On Tue, Apr 10, 2012 at 05:21:19PM +0200, Karolin Seeger wrote:

[Announce] Samba 3.6.4, 3.5.14 and 3.4.16 Security Releases Available

Karolin Seeger — 2012-04-10T15:21:19

Release Announcements
=====================

Samba 3.6.4, 3.5.14 and 3.4.16 are security releases in order to
address CVE-2012-1182.

o  CVE-2012-1182:
   Samba 3.0.x to 3.6.3 are affected by a
   vulnerability that allows remote code
   execution as the "root" user.


Changes:
--------


o   Stefan Metzmacher <metze< at >samba.org>
    *BUG 8815: PIDL based autogenerated code allows overwriting beyond of
     allocated array (CVE-2012-1182).


######################################################################
Reporting bugs & Development Discussion
#######################################

Please discuss this release on the samba-technical mailing list or by
joining the #samba-technical IRC channel on irc.freenode.net.

If you do report problems then please try to send high quality
feedback. If you don't provide vital information to help us track down
the problem then you will probably be ignored.  All bug reports should
be filed under the Samba corresponding product in the project's Bugzilla
database (https:

[ANNOUNCE] Samba 3.5.13 Available for Download

Karolin Seeger — 2012-03-12T19:31:06

Please note that the tarball is available, but the v3-6-stable git branch
and the websites cannot be updated right now because of technical
problems. Thank you for your understanding.

===================================================================
"A great artist is always
 before his time or behind it."

 George Edward Moore
==================================================================


Release Announcements
=====================

This is the latest stable release of Samba 3.5.

Major enhancements in Samba 3.5.13 include:

o  Fix a crash bug in cldap_socket_recv_dgram() (bug #8593).
o  Fully observe password change settings (bug #8561).
o  Fix NT ACL issue (bug #8673).
o  Fix segfault in Winbind if we can't map the last user (bug #8678).


Changes since 3.5.12:
--------------------


o   Michael Adam <obnox< at >samba.org>
    * BUG 8327: Fix config reload to reload shares from registry.


o   Jeremy Allison <jra< at >samba.org>
    * BUG 8139: Ignore SMBecho errors.
    * BUG 8521: Fix Winbind

[ANNOUNCE] Samba 4.0 alpha 18

Andrew Bartlett — 2012-02-24T06:32:49

We are proud to a announce another alpha release of Samba 4.0, alpha 18

What's new in Samba 4.0 alpha18
===============================

Samba 4.0 will be the next version of the Samba suite and incorporates
all the technology found in both the Samba4 alpha series and the
stable 3.x series. The primary additional features over Samba 3.6 are
support for the Active Directory logon protocols used by Windows 2000
and above.

WARNINGS
========

Samba4 alpha18 is not a final Samba release, however we are now making
good progress towards a Samba 4.0 release, of which this is a preview.
Be aware the this release contains both the technology of Samba 3.6
(that you can reasonably expect to upgrade existing Samba 3.x releases
to) and the AD domain controller work previously known as 'samba4'.

While binaries for the stable file server are provided in this
release, for a stable, supported file server, Samba3 domain or AD
domain member installation, please run a Samba 3.x release, as we are
still bedding down the new si

[Announce] Samba 3.6.3 Security Release Available

Karolin Seeger — 2012-01-29T20:50:46

Release Announcements
=====================

This is a security release in order to address
CVE-2012-0817 (Memory leak/Denial of service).

o  CVE-2012-0817:
   The Samba File Serving daemon (smbd) in Samba versions
   3.6.0 to 3.6.2 is affected by a memory leak that can
   cause a server denial of service.


Changes since 3.6.2:
--------------------


o   Jeremy Allison <jra< at >samba.org>
    * BUG 8724: Fix memory leak in parent smbd on connection.


o   Ira Cooper <samba< at >ira.wakeful.net>
    * BUG 8724: Fix memory leak in parent smbd on connection.


######################################################################
Reporting bugs & Development Discussion
#######################################

Please discuss this release on the samba-technical mailing list or by
joining the #samba-technical IRC channel on irc.freenode.net.

If you do report problems then please try to send high quality
feedback. If you don't provide vital information to help us track down
the problem then you will probably be ignored.

[Announce] Samba 3.6.2 Available for Download

Karolin Seeger — 2012-01-25T19:14:06

===================================================================
"Originality is the fine art of remembering
 what you hear but forgetting where you
 heard it."

 Laurence J. Peter
==================================================================


Release Announcements
=====================

This is the latest stable release of Samba 3.6.

Major enhancements in Samba 3.6.2 include:

o  Make Winbind receive user/group information (bug #8371).
o  Several SMB2 fixes.


Changes since 3.6.1:
--------------------


o   Michael Adam <obnox< at >samba.org>
    * BUG 8528: Fix SEGFAULT from net registry export on not zero terminated
      REG_SZ values.


o   Jeremy Allison <jra< at >samba.org>
    * BUG 8541: readlink() on Linux clients fails if the symlink target is
      outside of the share.
    * BUG 8542: smbclient posix_open command fails to return correct info on
      open file.
    * BUG 8548: winbind_samlogon_retry_loop ignores logon_parameters flags.
    * BUG 8561: Password change settings not ful

[Announce] Samba 3.5.12 Available for Download

Karolin Seeger — 2011-11-02T18:58:00

===================================================================
"I am not an economist.
 I am an honest man!"

 Paul McCracken
==================================================================


Release Announcements
=====================

This is the latest stable release of Samba 3.5.

Major enhancements in Samba 3.5.12 include:

o  Fix race condition in Winbind (bug 7844).
o  The VFS ACL modules are no longer experimental but production-ready.


Changes since 3.5.11:
--------------------


o   Jeremy Allison <jra< at >samba.org>
    * BUG 7509: smb_acl_to_posix: ACL is invalid for set (Invalid argument).
    * BUG 7551: Return error of cli_push when 'put - /some/file' is used.
    * BUG 8156: 'net ads join' fails to use the user's kerberos ticket.
    * BUG 8370: Fix vfs_chown_fsp.
    * BUG 8422: Fix infinite loop in ACL module code.
    * BUG 8443: Be smarter about setting default permissions when a ACL_USER_OBJ
      isn't given.
    * BUG 8458: IE9 on Windows 7 cannot download files to

Re: [Samba] [Announce] Samba 3.6.1 Available for Download--SAMBAUpdate

Jeremy Allison — 2011-10-21T16:29:36

Yes, it should just work. But of course prepare backups if
you're worried.

Jeremy.

[Announce] Samba 3.6.1 Available for Download

Karolin Seeger — 2011-10-20T17:41:06

===================================================================
"I'm desperately trying to figure
 out why kamikaze pilots wore
 helmets."

 Dave Edison
==================================================================


Release Announcements
=====================

This is the latest stable release of Samba 3.6.

Major enhancements in Samba 3.6.1 include:

o  Fix smbd crashes triggered by Windows XP clients (bug #8384).
o  Fix a Winbind race leading to 100% CPU load (bug #8409).
o  Several SMB2 fixes.
o  The VFS ACL modules are no longer experimental but production-ready.


Changes since 3.6.0:
--------------------


o   Michael Adam <obnox< at >samba.org>
    * BUG 8368: Fix the fallback to the deprecated spelling idmap:script.


o   Jeremy Allison <jra< at >samba.org>
    * BUG 7509: smb_acl_to_posix: ACL is invalid for set (Invalid argument).
    * BUG 8229: Fix 'widelinks' regression.
    * BUG 8370: Fix vfs_chown_fsp.
    * BUG 8412: Fix "saving as" of MS Office 2007 (Word) documents on Samba

Contributing to Samba: Samba now accepts corporate copyright.

Jeremy Allison — 2011-10-12T00:20:17

Here is a change we're instituting immediately to make it easier
for corporations to contribute code changes to Samba whilst still
retaining copyright ownership of the contributed code.

Feel free to ask any questions on the samba-technical< at >samba.org
list.

We'd like to thank our lawyers at the Software Freedom Law Center
for helping us to make this change.

Regards,

The Samba Team.

-------------------------------------------------------------------
Samba is a project with distributed copyright ownership, which means
we prefer the copyright on parts of Samba to be held by individuals
rather than corporations if possible. There are historical legal
reasons for this, but one of the best ways to explain it is that it's
much easier to work with individuals who have ownership than corporate
legal departments if we ever need to make reasonable compromises with
people using and working with Samba.

We track the ownership of every part of Samba via git, our source code
control system, so we know the provenance of

Re: [ANNOUNCE] Samba 4.0 alpha 17

Andrew Bartlett — 2011-09-17T10:57:52

Remove your existing installed binaries.  The failure is due to us
attempting to load a module (kludge_acl) from the previous installation.

Andrew Bartlett

[ANNOUNCE] Samba 4.0 alpha 17

Andrew Bartlett — 2011-09-13T05:16:12

We are proud to a announce another alpha release of Samba 4.0, alpha 17

What's new in Samba 4.0 alpha17
===============================

Samba 4.0 will be the next version of the Samba suite and incorporates
all the technology found in both the Samba4 alpha series and the
stable 3.x series. The primary additional features over Samba 3.6 are
support for the Active Directory logon protocols used by Windows 2000
and above.

WARNINGS
========

Samba4 alpha17 is not a final Samba release, however we are now making
good progress towards a Samba 4.0 release, of which this is a preview.
Be aware the this release contains both the technology of Samba 3.6
(that you can reasonably expect to upgrade existing Samba 3.x releases
to) and the AD domain controller work previously known as 'samba4'.

While binaries for the stable file server are provided in this
release, for a stable, supported file server, Samba3 domain or AD
domain member installation, please run a Samba 3.x release, as we are
still bedding down the new si

[Announce] Samba 3.4.15 Available for Download

Karolin Seeger — 2011-08-23T18:17:43

=================================================================
"Some cause happiness wherever they go;
 others whenever they go."

 Oscar Wilde
==================================================================


Release Announcements
=====================

This is the latest stable release of Samba 3.4.


Changes since 3.4.14
--------------------


o   David Disseldorp <ddiss< at >suse.de>
    * BUG 7836: Make newly added printers visible to clients,
    * BUG 7994: Make cups async printcap retrieval notify parent smbd of error      status.
    * BUG 8269: Stop spamming log with "Could not find child X -- ignoring"
      messages.


o   Björn Jacke <bj< at >sernet.de>
    * BUG 8362: Fix build issue on old glibc systems.


o   Jim McDonough <jmcd< at >samba.org>
    * BUG 6364: Pull realm from supplied username on libnet join.


o   Stefan Metzmacher <metze< at >samba.org>
    * BUG 8276: Return the used number of sockets in create_listen_fdset().
    * BUG 8347: Fix CVE-2011-2522 regression for HP-UX, AIX and OS

[Announce] Samba 3.6.0 Available for Download

Karolin Seeger — 2011-08-09T12:32:14

===================================================================
"Forgiveness is the economy of the heart...
 Forgiveness saves the expense of anger,
 the cost of hatred, the waste of spirits."

 Hannah More
==================================================================


Release Announcements
=====================

This is the first release of Samba 3.6.0.

Major enhancements in Samba 3.6.0 include:


Changed security defaults
-------------------------

Samba 3.6 has adopted a number of improved security defaults that will
impact on existing users of Samba.

 client ntlmv2 auth = yes
 client use spnego principal = no
 send spnego principal = no

The impact of 'client ntlmv2 auth = yes' is that by default we will not
use NTLM authentication as a client.  This applies to the Samba client
tools such as smbclient and winbind, but does not change the separately
released in-kernel CIFS client.  To re-enable the poorer NTLM encryption
set '--option=clientusentlmv2auth=no' on your smbclient comma

Re: [Announce] Samba 3.5.11 Available for Download - correction

Karolin Seeger — 2011-08-04T19:48:49

Hey folks,

please note, that I listed "Fix DoS in Winbind and smbd with many file
descriptors open (bug #7949)" by accident in the release notes of Samba
3.5.11. This one was already fixed with Samba 3.5.7.

Many thanks to Vincent Danen <vdanen< at >redhat.com> for reporting!

http://samba.org/samba/history/samba-3.5.11.html has been updated
accordingly.

Cheers,
Karolin

On Thu, Aug 04, 2011 at 10:34:06AM +0200, Karolin Seeger wrote:

[Announce] Samba 3.5.11 Available for Download

Karolin Seeger — 2011-08-04T08:34:06

===================================================================
"Birthdays are nature's way of
 telling us to eat more cake."

 Source Unknown
==================================================================


Release Announcements
=====================

This is the latest stable release of Samba 3.5.

Major enhancements in Samba 3.5.11 include:

o  Fix access to Samba shares when Windows security patch KB2536276 is installed
   (bug #7460).
o  Fix DoS in Winbind and smbd with many file descriptors open (bug #7949).
o  Fix Winbind panics if verify_idpool() fails (bug #8253).


Changes since 3.5.10:
--------------------


o   Jeremy Allison <jra< at >samba.org>
    * BUG 7462: Make SA_RESETHAND conditional on its existance.
    * BUG 8254: Make "acl check permissions = no" working in all cases.


o   Gregor Beck <gbeck< at >sernet.de>
    * BUG 8253: Fix Winbind panics if verify_idpool() fails.


o   David Disseldorp <ddiss< at >suse.de>
    * BUG 8269: Stop spamming log with "Could not find child X -- ign

[Announce] Samba 3.6.0rc3 Available for Download

Karolin Seeger — 2011-07-26T20:36:54

Release Announcements
---------------------

This is the third release candidate of Samba 3.6.0.  This is *not*
intended for production environments and is designed for testing
purposes only.  Please report any defects via the Samba bug reporting
system at https://bugzilla.samba.org/.


Major enhancements in Samba 3.6.0 include:


Changed security defaults
-------------------------

Samba 3.6 has adopted a number of improved security defaults that will
impact on existing users of Samba.

 client ntlmv2 auth = yes
 client use spnego principal = no
 send spnego principal = no

The impact of 'client ntlmv2 auth = yes' is that by default we will not
use NTLM authentication as a client.  This applies to the Samba client
tools such as smbclient and winbind, but does not change the separately
released in-kernel CIFS client.  To re-enable the poorer NTLM encryption
set '--option=clientusentlmv2auth=no' on your smbclient command line, or
set 'client ntlmv2 auth = no' in your smb.conf

The impact of 'client use spnego

[Announce] Samba 3.5.10, 3.4.14 and 3.3.16 Security Releases Available

Karolin Seeger — 2011-07-26T18:17:17

Release Announcements
=====================

Samba 3.5.10, 3.4.14 and 3.3.16 are security releases in order to
address CVE-2011-2522 (Cross-Site Request Forgery in SWAT) and
CVE-2011-2694 (Cross-Site Scripting vulnerability in SWAT).


o  CVE-2011-2522:
   The Samba Web Administration Tool (SWAT) in Samba versions
   3.0.x to 3.5.9 are affected by a cross-site request forgery.


o  CVE-2011-2694:
   The Samba Web Administration Tool (SWAT) in Samba versions
   3.0.x to 3.5.9 are affected by a cross-site scripting
   vulnerability.

Please note that SWAT must be enabled in order for these
vulnerabilities to be exploitable. By default, SWAT
is *not* enabled on a Samba install.


Changes
-------


o   Kai Blin <kai< at >samba.org>
    * BUG 8289: SWAT contains a cross-site scripting vulnerability.
    * BUG 8290: CSRF vulnerability in SWAT.



================
Download Details
================

The uncompressed tarballs and patch files have been signed
using GnuPG (ID 6568B7EA).  The source code can be downloaded
fr