samba - Mar 2016 - [Announce] Samba 4.4.0rc5 Available for Download

Release Announcements
====================
This is the fifth release candidate of Samba 4.4.  This is *not*
intended for production environments and is designed for testing
purposes only.  Please report any defects via the Samba bug reporting
system at https://bugzilla.samba.org/.

Samba 4.4 will be the next version of the Samba suite.


UPGRADING
========
Nothing special.


NEW FEATURES/CHANGES
===================
Asynchronous flush requests
---------------------------

Flush requests from SMB2/3 clients are handled asynchronously and do
not block the processing of other requests. Note that 'strict sync'
has to be set to 'yes' for Samba to honor flush requests from SMB
clients.

s3: smbd
--------

Remove '--with-aio-support' configure option. We no longer would ever
prefer
POSIX-RT aio, use pthread_aio instead.

samba-tool sites
----------------

The 'samba-tool sites' subcommand can now be run against another server
by
specifying an LDB URL using the '-H' option and not against the local
database
only (which is still the default when no URL is given).

samba-tool domain demote
------------------------

Add '--remove-other-dead-server' option to 'samba-tool domain
demote'
subcommand. The new version of this tool now can remove another DC that is
itself offline.  The '--remove-other-dead-server' removes as many
references
to the DC as possible.

samba-tool drs clone-dc-database
--------------------------------

Replicate an initial clone of domain, but do not join it.
This is developed for debugging purposes, but not for setting up another DC.

pdbedit
-------

Add '--set-nt-hash' option to pdbedit to update user password from
nt-hash
hexstring. 'pdbedit -vw' shows also password hashes.

smbstatus
---------

'smbstatus' was enhanced to show the state of signing and encryption for
sessions and shares.

smbget
------
The -u and -p options for user and password were replaced by the -U option that
accepts username[%password] as in many other tools of the Samba suite.
Similary, smbgetrc files do not accept username and password options any more,
only a single "user" option which also accepts user%password
combinations.
The -P option was removed.

s4-rpc_server
-------------

Add a GnuTLS based backupkey implementation.

ntlm_auth
---------

Using the '--offline-logon' enables ntlm_auth to use cached passwords
when the
DC is offline.

Allow '--password' force a local password check for ntlm-server-1 mode.

vfs_offline
-----------

A new VFS module called vfs_offline has been added to mark all files in the
share as offline. It can be useful for shares mounted on top of a remote file
system (either through a samba VFS module or via FUSE).

KCC
---

The Samba KCC has been improved, but is still disabled by default.

DNS
---

There were several improvements concerning the Samba DNS server.

Active Directory
----------------

There were some improvements in the Active Directory area.

WINS nsswitch module
--------------------

The WINS nsswitch module has been rewritten to address memory issues and to
simplify the code. The module now uses libwbclient to do WINS queries. This
means that winbind needs to be running in order to resolve WINS names using
the nss_wins module. This does not affect smbd.

CTDB changes
------------

* CTDB now uses a newly implemented parallel database recovery scheme
  that avoids deadlocks with smbd.

  In certain circumstances CTDB and smbd could deadlock.  The new
  recovery implementation avoid this.  It also provides improved
  recovery performance.

* All files are now installed into and referred to by the paths
  configured at build time.  Therefore, CTDB will now work properly
  when installed into the default location at /usr/local.

* Public CTDB header files are no longer installed, since Samba and
  CTDB are built from within the same source tree.

* CTDB_DBDIR can now be set to tmpfs[:<tmpfs-options>]

  This will cause volatile TDBs to be located in a tmpfs.  This can
  help to avoid performance problems associated with contention on the
  disk where volatile TDBs are usually stored.  See ctdbd.conf(5) for
  more details.

* Configuration variable CTDB_NATGW_SLAVE_ONLY is no longer used.
  Instead, nodes should be annotated with the "slave-only" option in
  the CTDB NAT gateway nodes file.  This file must be consistent
  across nodes in a NAT gateway group.  See ctdbd.conf(5) for more
  details.

* New event script 05.system allows various system resources to be
  monitored

  This can be helpful for explaining poor performance or unexpected
  behaviour.  New configuration variables are
  CTDB_MONITOR_FILESYSTEM_USAGE, CTDB_MONITOR_MEMORY_USAGE and
  CTDB_MONITOR_SWAP_USAGE.  Default values cause warnings to be
  logged.  See the SYSTEM RESOURCE MONITORING CONFIGURATION in
  ctdbd.conf(5) for more information.

  The memory, swap and filesystem usage monitoring previously found in
  00.ctdb and 40.fs_use is no longer available.  Therefore,
  configuration variables CTDB_CHECK_FS_USE, CTDB_MONITOR_FREE_MEMORY,
  CTDB_MONITOR_FREE_MEMORY_WARN and CTDB_CHECK_SWAP_IS_NOT_USED are
  now ignored.

* The 62.cnfs eventscript has been removed.  To get a similar effect
  just do something like this:

      mmaddcallback ctdb-disable-on-quorumLoss \
        --command /usr/bin/ctdb \
        --event quorumLoss --parms "disable"

      mmaddcallback ctdb-enable-on-quorumReached \
        --command /usr/bin/ctdb \
        --event quorumReached --parms "enable"

* The CTDB tunable parameter EventScriptTimeoutCount has been renamed
  to MonitorTimeoutCount

  It has only ever been used to limit timed-out monitor events.

  Configurations containing CTDB_SET_EventScriptTimeoutCount=<n> will
  cause CTDB to fail at startup.  Useful messages will be logged.

* The commandline option "-n all" to CTDB tool has been removed.

  The option was not uniformly implemented for all the commands.
  Instead of command "ctdb ip -n all", use "ctdb ip all".

* All CTDB current manual pages are now correctly installed


REMOVED FEATURES
===============
Public headers
--------------

Several public headers are not installed any longer. They are made for internal
use only. More public headers will very likely be removed in future releases.

The following headers are not installed any longer:
dlinklist.h, gen_ndr/epmapper.h, gen_ndr/mgmt.h, gen_ndr/ndr_atsvc_c.h,
gen_ndr/ndr_epmapper_c.h, gen_ndr/ndr_epmapper.h, gen_ndr/ndr_mgmt_c.h,
gen_ndr/ndr_mgmt.h,gensec.h, ldap_errors.h, ldap_message.h, ldap_ndr.h,
ldap-util.h, pytalloc.h, read_smb.h, registry.h, roles.h, samba_util.h,
smb2_constants.h, smb2_create_blob.h, smb2.h, smb2_lease.h, smb2_signing.h,
smb_cli.h, smb_cliraw.h, smb_common.h, smb_composite.h, smb_constants.h,
smb_raw.h, smb_raw_interfaces.h, smb_raw_signing.h, smb_raw_trans2.h,
smb_request.h, smb_seal.h, smb_signing.h, smb_unix_ext.h, smb_util.h,
torture.h, tstream_smbXcli_np.h.

vfs_smb_traffic_analyzer
------------------------

The SMB traffic analyzer VFS module has been removed, because it is not
maintained any longer and not widely used.

vfs_scannedonly
---------------

The scannedonly VFS module has been removed, because it is not maintained
any longer.

smb.conf changes
----------------

  Parameter Name		Description		Default
  --------------		-----------		-------
  aio max threads               New                     100
  ldap page size		Changed default		1000


KNOWN ISSUES
===========
Currently none.


CHANGES SINCE 4.4.0rc4
=====================
o  Andrew Bartlett <abartlet at samba.org>
   * BUG 11780: mkdir can return ACCESS_DENIED incorrectly on create race.
   * BUG 11783: Mismatch between local and remote attribute ids lets
     replication fail with custom schema.
   * BUG 11789: Talloc: Version 2.1.6.

o  Ira Cooper <ira at samba.org>
   * BUG 11774: vfs_glusterfs: Fix use after free in AIO callback.

o  Günther Deschner <gd at samba.org>
   * BUG 11755: Fix net join.

o  Amitay Isaacs <amitay at gmail.com>
   * BUG 11770: Reset TCP Connections during IP failover.

o  Justin Maggard <jmaggard10 at gmail.com>
   * BUG 11773: s3:smbd: Add negprot remote arch detection for OSX.

o  Stefan Metzmacher <metze at samba.org>
   * BUG 11772: ldb: Version 1.1.26.
   * BUG 11782: "trustdom_list_done: Got invalid trustdom response"
message
     should be avoided.

o  Uri Simchoni <uri at samba.org>
   * BUG 11769: libnet: Make Kerberos domain join site-aware.
   * BUG 11788: Quota is not supported on Solaris 10.


CHANGES SINCE 4.4.0rc3
=====================
o  Jeremy Allison <jra at samba.org>
   * BUG 11648: CVE-2015-7560: Getting and setting Windows ACLs on symlinks can
     change permissions on link target.

o  Christian Ambach <ambi at samba.org>
   * BUG 11767: s3:utils/smbget: Fix option parsing.

o  Alberto Maria Fiaschi <alberto.fiaschi at estar.toscana.it>
   * BUG 8093: Access based share enum: handle permission set in configuration
     files.

o  Stefan Metzmacher <metze at samba.org>
   * BUG 11702: s3:clispnego: Fix confusing warning in spnego_gen_krb5_wrap().
   * BUG 11742: tevent: version 0.9.28: Fix memory leak when old signal action
     restored.
   * BUG 11755: s3:libads: setup the msDS-SupportedEncryptionTypes attribute on
     ldap_add.
   * BUGs 11128, 11686: CVE-2016-0771: Read of uninitialized memory DNS TXT
     handling.

o  Garming Sam <garming at catalyst.net.nz>
   * BUGs 11128, 11686: CVE-2016-0771: Read of uninitialized memory DNS TXT
     handling.

o  Uri Simchoni <uri at samba.org>
   * BUG 11691: winbindd: Return trust parameters when listing trusts.
   * BUG 11753: smbd: Ignore SVHDX create context.
   * BUG 11763: passdb: Add linefeed to debug message.


CHANGES SINCE 4.4.0rc2
=====================
o  Michael Adam <obnox at samba.org>
   * BUG 11723: lib:socket: Fix CID 1350010: Integer OVERFLOW_BEFORE_WIDEN.
   * BUG 11735: lib:socket: Fix CID 1350009: Fix illegal memory accesses
     (BUFFER_SIZE_WARNING).

o  Jeremy Allison <jra at samba.org>
   * BUG 10489: s3: smbd: posix_acls: Fix check for setting u:g:o entry on a
     filesystem with no ACL support.

o  Christian Ambach <ambi at samba.org>
   * BUG 11700: s3:utils/smbget: Set default blocksize.

o  Anoop C S <anoopcs at redhat.com>
   * BUG 11734: lib/socket: Fix improper use of default interface speed.

o  Ralph Boehme <slow at samba.org>
   * BUG 11714: lib/tsocket: Work around sockets not supporting FIONREAD.

o  Volker Lendecke <vl at samba.org>
   * BUG 11724: smbd: Fix CID 1351215 Improper use of negative value.
   * BUG 11725: smbd: Fix CID 1351216 Dereference null return value.
   * BUG 11732: param: Fix str_list_v3 to accept ; again.

o  Noel Power <noel.power at suse.com>
   * BUG 11738: libcli: Fix debug message, print sid string for new_ace trustee.

o  Jose A. Rivera <jarrpa at samba.org>
   * BUG 11727: s3:smbd:open: Skip redundant call to file_set_dosmode when
     creating a new file.

o  Andreas Schneider <asn at samba.org>
   * BUG 11730: docs: Add manpage for cifsdd.
   * BUG 11739: Fix installation path of Samba helper binaries.

o  Berend De Schouwer <berend.de.schouwer at gmail.com>
   * BUG 11643: docs: Add example for domain logins to smbspool man page.

o  Martin Schwenke <martin at meltin.net>
   * BUG 11719: ctdb-scripts: Drop use of "smbcontrol winbindd ip-dropped
..."

o  Hemanth Thummala <hemanth.thummala at nutanix.com>
   * BUG 11708: loadparm: Fix memory leak issue.
   * BUG 11740: Fix memory leak in loadparm.


CHANGES SINCE 4.4.0rc1
=====================
o  Michael Adam <obnox at samba.org>
   * BUG 11715: s3:vfs:glusterfs: Fix build after quota changes.

o  Jeremy Allison <jra at samba.org>
   * BUG 11703: s3: smbd: Fix timestamp rounding inside SMB2 create.

o  Christian Ambach <ambi at samba.org>
   * BUG 11700: Streamline 'smbget' options with the rest of the Samba
utils.

o  Günther Deschner <gd at samba.org>
   * BUG 11696: ctdb: Do not provide a useless pkgconfig file for ctdb.

o  Stefan Metzmacher <metze at samba.org>
   * BUG 11699: Crypto.Cipher.ARC4 is not available on some platforms, fallback
     to M2Crypto.RC4.RC4 then.

o  Amitay Isaacs <amitay at gmail.com>
   * BUG 11705: Sockets with htons(IPPROTO_RAW) and CVE-2015-8543.

o  Andreas Schneider <asn at samba.org>
   * BUG 11690: docs: Add smbspool_krb5_wrapper manpage.

o  Uri Simchoni <uri at samba.org>
   * BUG 11681: smbd: Show correct disk size for different quota and dfree block
     sizes.


#######################################
Reporting bugs & Development Discussion
#######################################

Please discuss this release on the samba-technical mailing list or by
joining the #samba-technical IRC channel on irc.freenode.net.

If you do report problems then please try to send high quality
feedback. If you don't provide vital information to help us track down
the problem then you will probably be ignored.  All bug reports should
be filed under the Samba 4.1 and newer product in the project's Bugzilla
database (https://bugzilla.samba.org/).


======================================================================= Our
Code, Our Bugs, Our Responsibility.
== The Samba Team
=====================================================================

===============Download Details
===============
The uncompressed tarballs and patch files have been signed
using GnuPG (ID 6568B7EA).  The source code can be downloaded
from:

        https://download.samba.org/pub/samba/rc/

The release notes are available online at:

        https://download.samba.org/pub/samba/rc/samba-4.4.0rc5.WHATSNEW.txt

Our Code, Our Bugs, Our Responsibility.
(https://bugzilla.samba.org/)

                        --Enjoy
                        The Samba Team

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 181 bytes
Desc: Digital signature
URL:
<http://lists.samba.org/pipermail/samba/attachments/20160316/6387d576/signature.sig>

Is there a place I can read about the improvements to the DNS service? 
Thanks.

On 3/16/2016 6:03 AM, Karolin Seeger wrote:
> Release Announcements
> ====================>
> This is the fifth release candidate of Samba 4.4.  This is *not*
> intended for production environments and is designed for testing
> purposes only.  Please report any defects via the Samba bug reporting
> system at https://bugzilla.samba.org/.
>
> Samba 4.4 will be the next version of the Samba suite.
>
>
> UPGRADING
> ========>
> Nothing special.
>
>
> NEW FEATURES/CHANGES
> ===================>
> Asynchronous flush requests
> ---------------------------
>
> Flush requests from SMB2/3 clients are handled asynchronously and do
> not block the processing of other requests. Note that 'strict sync'
> has to be set to 'yes' for Samba to honor flush requests from SMB
> clients.
>
> s3: smbd
> --------
>
> Remove '--with-aio-support' configure option. We no longer would
ever prefer
> POSIX-RT aio, use pthread_aio instead.
>
> samba-tool sites
> ----------------
>
> The 'samba-tool sites' subcommand can now be run against another
server by
> specifying an LDB URL using the '-H' option and not against the
local database
> only (which is still the default when no URL is given).
>
> samba-tool domain demote
> ------------------------
>
> Add '--remove-other-dead-server' option to 'samba-tool domain
demote'
> subcommand. The new version of this tool now can remove another DC that is
> itself offline.  The '--remove-other-dead-server' removes as many
references
> to the DC as possible.
>
> samba-tool drs clone-dc-database
> --------------------------------
>
> Replicate an initial clone of domain, but do not join it.
> This is developed for debugging purposes, but not for setting up another
DC.
>
> pdbedit
> -------
>
> Add '--set-nt-hash' option to pdbedit to update user password from
nt-hash
> hexstring. 'pdbedit -vw' shows also password hashes.
>
> smbstatus
> ---------
>
> 'smbstatus' was enhanced to show the state of signing and
encryption for
> sessions and shares.
>
> smbget
> ------
> The -u and -p options for user and password were replaced by the -U option
that
> accepts username[%password] as in many other tools of the Samba suite.
> Similary, smbgetrc files do not accept username and password options any
more,
> only a single "user" option which also accepts user%password
combinations.
> The -P option was removed.
>
> s4-rpc_server
> -------------
>
> Add a GnuTLS based backupkey implementation.
>
> ntlm_auth
> ---------
>
> Using the '--offline-logon' enables ntlm_auth to use cached
passwords when the
> DC is offline.
>
> Allow '--password' force a local password check for ntlm-server-1
mode.
>
> vfs_offline
> -----------
>
> A new VFS module called vfs_offline has been added to mark all files in the
> share as offline. It can be useful for shares mounted on top of a remote
file
> system (either through a samba VFS module or via FUSE).
>
> KCC
> ---
>
> The Samba KCC has been improved, but is still disabled by default.
>
> DNS
> ---
>
> There were several improvements concerning the Samba DNS server.
>
> Active Directory
> ----------------
>
> There were some improvements in the Active Directory area.
>
> WINS nsswitch module
> --------------------
>
> The WINS nsswitch module has been rewritten to address memory issues and to
> simplify the code. The module now uses libwbclient to do WINS queries. This
> means that winbind needs to be running in order to resolve WINS names using
> the nss_wins module. This does not affect smbd.
>
> CTDB changes
> ------------
>
> * CTDB now uses a newly implemented parallel database recovery scheme
>    that avoids deadlocks with smbd.
>
>    In certain circumstances CTDB and smbd could deadlock.  The new
>    recovery implementation avoid this.  It also provides improved
>    recovery performance.
>
> * All files are now installed into and referred to by the paths
>    configured at build time.  Therefore, CTDB will now work properly
>    when installed into the default location at /usr/local.
>
> * Public CTDB header files are no longer installed, since Samba and
>    CTDB are built from within the same source tree.
>
> * CTDB_DBDIR can now be set to tmpfs[:<tmpfs-options>]
>
>    This will cause volatile TDBs to be located in a tmpfs.  This can
>    help to avoid performance problems associated with contention on the
>    disk where volatile TDBs are usually stored.  See ctdbd.conf(5) for
>    more details.
>
> * Configuration variable CTDB_NATGW_SLAVE_ONLY is no longer used.
>    Instead, nodes should be annotated with the "slave-only"
option in
>    the CTDB NAT gateway nodes file.  This file must be consistent
>    across nodes in a NAT gateway group.  See ctdbd.conf(5) for more
>    details.
>
> * New event script 05.system allows various system resources to be
>    monitored
>
>    This can be helpful for explaining poor performance or unexpected
>    behaviour.  New configuration variables are
>    CTDB_MONITOR_FILESYSTEM_USAGE, CTDB_MONITOR_MEMORY_USAGE and
>    CTDB_MONITOR_SWAP_USAGE.  Default values cause warnings to be
>    logged.  See the SYSTEM RESOURCE MONITORING CONFIGURATION in
>    ctdbd.conf(5) for more information.
>
>    The memory, swap and filesystem usage monitoring previously found in
>    00.ctdb and 40.fs_use is no longer available.  Therefore,
>    configuration variables CTDB_CHECK_FS_USE, CTDB_MONITOR_FREE_MEMORY,
>    CTDB_MONITOR_FREE_MEMORY_WARN and CTDB_CHECK_SWAP_IS_NOT_USED are
>    now ignored.
>
> * The 62.cnfs eventscript has been removed.  To get a similar effect
>    just do something like this:
>
>        mmaddcallback ctdb-disable-on-quorumLoss \
>          --command /usr/bin/ctdb \
>          --event quorumLoss --parms "disable"
>
>        mmaddcallback ctdb-enable-on-quorumReached \
>          --command /usr/bin/ctdb \
>          --event quorumReached --parms "enable"
>
> * The CTDB tunable parameter EventScriptTimeoutCount has been renamed
>    to MonitorTimeoutCount
>
>    It has only ever been used to limit timed-out monitor events.
>
>    Configurations containing CTDB_SET_EventScriptTimeoutCount=<n>
will
>    cause CTDB to fail at startup.  Useful messages will be logged.
>
> * The commandline option "-n all" to CTDB tool has been removed.
>
>    The option was not uniformly implemented for all the commands.
>    Instead of command "ctdb ip -n all", use "ctdb ip
all".
>
> * All CTDB current manual pages are now correctly installed
>
>
> REMOVED FEATURES
> ===============>
> Public headers
> --------------
>
> Several public headers are not installed any longer. They are made for
internal
> use only. More public headers will very likely be removed in future
releases.
>
> The following headers are not installed any longer:
> dlinklist.h, gen_ndr/epmapper.h, gen_ndr/mgmt.h, gen_ndr/ndr_atsvc_c.h,
> gen_ndr/ndr_epmapper_c.h, gen_ndr/ndr_epmapper.h, gen_ndr/ndr_mgmt_c.h,
> gen_ndr/ndr_mgmt.h,gensec.h, ldap_errors.h, ldap_message.h, ldap_ndr.h,
> ldap-util.h, pytalloc.h, read_smb.h, registry.h, roles.h, samba_util.h,
> smb2_constants.h, smb2_create_blob.h, smb2.h, smb2_lease.h, smb2_signing.h,
> smb_cli.h, smb_cliraw.h, smb_common.h, smb_composite.h, smb_constants.h,
> smb_raw.h, smb_raw_interfaces.h, smb_raw_signing.h, smb_raw_trans2.h,
> smb_request.h, smb_seal.h, smb_signing.h, smb_unix_ext.h, smb_util.h,
> torture.h, tstream_smbXcli_np.h.
>
> vfs_smb_traffic_analyzer
> ------------------------
>
> The SMB traffic analyzer VFS module has been removed, because it is not
> maintained any longer and not widely used.
>
> vfs_scannedonly
> ---------------
>
> The scannedonly VFS module has been removed, because it is not maintained
> any longer.
>
> smb.conf changes
> ----------------
>
>    Parameter Name		Description		Default
>    --------------		-----------		-------
>    aio max threads               New                     100
>    ldap page size		Changed default		1000
>
>
> KNOWN ISSUES
> ===========>
> Currently none.
>
>
> CHANGES SINCE 4.4.0rc4
> =====================>
> o  Andrew Bartlett <abartlet at samba.org>
>     * BUG 11780: mkdir can return ACCESS_DENIED incorrectly on create race.
>     * BUG 11783: Mismatch between local and remote attribute ids lets
>       replication fail with custom schema.
>     * BUG 11789: Talloc: Version 2.1.6.
>
> o  Ira Cooper <ira at samba.org>
>     * BUG 11774: vfs_glusterfs: Fix use after free in AIO callback.
>
> o  Günther Deschner <gd at samba.org>
>     * BUG 11755: Fix net join.
>
> o  Amitay Isaacs <amitay at gmail.com>
>     * BUG 11770: Reset TCP Connections during IP failover.
>
> o  Justin Maggard <jmaggard10 at gmail.com>
>     * BUG 11773: s3:smbd: Add negprot remote arch detection for OSX.
>
> o  Stefan Metzmacher <metze at samba.org>
>     * BUG 11772: ldb: Version 1.1.26.
>     * BUG 11782: "trustdom_list_done: Got invalid trustdom
response" message
>       should be avoided.
>
> o  Uri Simchoni <uri at samba.org>
>     * BUG 11769: libnet: Make Kerberos domain join site-aware.
>     * BUG 11788: Quota is not supported on Solaris 10.
>
>
> CHANGES SINCE 4.4.0rc3
> =====================>
> o  Jeremy Allison <jra at samba.org>
>     * BUG 11648: CVE-2015-7560: Getting and setting Windows ACLs on
symlinks can
>       change permissions on link target.
>
> o  Christian Ambach <ambi at samba.org>
>     * BUG 11767: s3:utils/smbget: Fix option parsing.
>
> o  Alberto Maria Fiaschi <alberto.fiaschi at estar.toscana.it>
>     * BUG 8093: Access based share enum: handle permission set in
configuration
>       files.
>
> o  Stefan Metzmacher <metze at samba.org>
>     * BUG 11702: s3:clispnego: Fix confusing warning in
spnego_gen_krb5_wrap().
>     * BUG 11742: tevent: version 0.9.28: Fix memory leak when old signal
action
>       restored.
>     * BUG 11755: s3:libads: setup the msDS-SupportedEncryptionTypes
attribute on
>       ldap_add.
>     * BUGs 11128, 11686: CVE-2016-0771: Read of uninitialized memory DNS
TXT
>       handling.
>
> o  Garming Sam <garming at catalyst.net.nz>
>     * BUGs 11128, 11686: CVE-2016-0771: Read of uninitialized memory DNS
TXT
>       handling.
>
> o  Uri Simchoni <uri at samba.org>
>     * BUG 11691: winbindd: Return trust parameters when listing trusts.
>     * BUG 11753: smbd: Ignore SVHDX create context.
>     * BUG 11763: passdb: Add linefeed to debug message.
>
>
> CHANGES SINCE 4.4.0rc2
> =====================>
> o  Michael Adam <obnox at samba.org>
>     * BUG 11723: lib:socket: Fix CID 1350010: Integer
OVERFLOW_BEFORE_WIDEN.
>     * BUG 11735: lib:socket: Fix CID 1350009: Fix illegal memory accesses
>       (BUFFER_SIZE_WARNING).
>
> o  Jeremy Allison <jra at samba.org>
>     * BUG 10489: s3: smbd: posix_acls: Fix check for setting u:g:o entry on
a
>       filesystem with no ACL support.
>
> o  Christian Ambach <ambi at samba.org>
>     * BUG 11700: s3:utils/smbget: Set default blocksize.
>
> o  Anoop C S <anoopcs at redhat.com>
>     * BUG 11734: lib/socket: Fix improper use of default interface speed.
>
> o  Ralph Boehme <slow at samba.org>
>     * BUG 11714: lib/tsocket: Work around sockets not supporting FIONREAD.
>
> o  Volker Lendecke <vl at samba.org>
>     * BUG 11724: smbd: Fix CID 1351215 Improper use of negative value.
>     * BUG 11725: smbd: Fix CID 1351216 Dereference null return value.
>     * BUG 11732: param: Fix str_list_v3 to accept ; again.
>
> o  Noel Power <noel.power at suse.com>
>     * BUG 11738: libcli: Fix debug message, print sid string for new_ace
trustee.
>
> o  Jose A. Rivera <jarrpa at samba.org>
>     * BUG 11727: s3:smbd:open: Skip redundant call to file_set_dosmode when
>       creating a new file.
>
> o  Andreas Schneider <asn at samba.org>
>     * BUG 11730: docs: Add manpage for cifsdd.
>     * BUG 11739: Fix installation path of Samba helper binaries.
>
> o  Berend De Schouwer <berend.de.schouwer at gmail.com>
>     * BUG 11643: docs: Add example for domain logins to smbspool man page.
>
> o  Martin Schwenke <martin at meltin.net>
>     * BUG 11719: ctdb-scripts: Drop use of "smbcontrol winbindd
ip-dropped ..."
>
> o  Hemanth Thummala <hemanth.thummala at nutanix.com>
>     * BUG 11708: loadparm: Fix memory leak issue.
>     * BUG 11740: Fix memory leak in loadparm.
>
>
> CHANGES SINCE 4.4.0rc1
> =====================>
> o  Michael Adam <obnox at samba.org>
>     * BUG 11715: s3:vfs:glusterfs: Fix build after quota changes.
>
> o  Jeremy Allison <jra at samba.org>
>     * BUG 11703: s3: smbd: Fix timestamp rounding inside SMB2 create.
>
> o  Christian Ambach <ambi at samba.org>
>     * BUG 11700: Streamline 'smbget' options with the rest of the
Samba utils.
>
> o  Günther Deschner <gd at samba.org>
>     * BUG 11696: ctdb: Do not provide a useless pkgconfig file for ctdb.
>
> o  Stefan Metzmacher <metze at samba.org>
>     * BUG 11699: Crypto.Cipher.ARC4 is not available on some platforms,
fallback
>       to M2Crypto.RC4.RC4 then.
>
> o  Amitay Isaacs <amitay at gmail.com>
>     * BUG 11705: Sockets with htons(IPPROTO_RAW) and CVE-2015-8543.
>
> o  Andreas Schneider <asn at samba.org>
>     * BUG 11690: docs: Add smbspool_krb5_wrapper manpage.
>
> o  Uri Simchoni <uri at samba.org>
>     * BUG 11681: smbd: Show correct disk size for different quota and dfree
block
>       sizes.
>
>
> #######################################
> Reporting bugs & Development Discussion
> #######################################
>
> Please discuss this release on the samba-technical mailing list or by
> joining the #samba-technical IRC channel on irc.freenode.net.
>
> If you do report problems then please try to send high quality
> feedback. If you don't provide vital information to help us track down
> the problem then you will probably be ignored.  All bug reports should
> be filed under the Samba 4.1 and newer product in the project's
Bugzilla
> database (https://bugzilla.samba.org/).
>
>
> =====================================================================>
== Our Code, Our Bugs, Our Responsibility.
> == The Samba Team
> =====================================================================>
>
> ===============> Download Details
> ===============>
> The uncompressed tarballs and patch files have been signed
> using GnuPG (ID 6568B7EA).  The source code can be downloaded
> from:
>
>          https://download.samba.org/pub/samba/rc/
>
> The release notes are available online at:
>
>         
https://download.samba.org/pub/samba/rc/samba-4.4.0rc5.WHATSNEW.txt
>
> Our Code, Our Bugs, Our Responsibility.
> (https://bugzilla.samba.org/)
>
>                          --Enjoy
>                          The Samba Team
>
>
>
-- 
-James

On Wed, 16 Mar 2016, lingpanda101 at gmail.com wrote:
> Is there a place I can read about the improvements to the DNS service?
I was curious as well, so just looked at:

https://git.samba.org/?p=samba.git;a=history;f=source4/dns_server;hb=HEAD

Not necessarily exactly what is in the release, but probably right 
previous to the last few entries, anyway.
>>  DNS
>>  ---
>>
>>  There were several improvements concerning the Samba DNS server.

When building Samba 4.4.0rc and then doing an install to /usr/local/samba, a
directory "libexec" is being created which then contains a
"samba" directory with a single "smbspool_krb5_wrapper" file
inside (/usr/local/samba/libexec/samba/ smbspool_krb5_wrapper). This is not very
clean, is it?

Since all the files are already inside /usr/local/samba, why repeat
"samba" again inside the tree? Is it possible to clean this before the
final release of Samba 4.4.0?

This doesn't happen with version 4.3.6. The same file is placed in
"/usr/local/samba/bin/smbspool_krb5_wrapper".

A big thank you to the samba developers for the outstanding work.

> When building Samba 4.4.0rc and then doing an install to /usr/local/samba,
a directory "libexec" is being created which then contains a
"samba" directory with a single "smbspool_krb5_wrapper" file
inside (/usr/local/samba/libexec/samba/ smbspool_krb5_wrapper). This is not very
clean, is it?
>
> Since all the files are already inside /usr/local/samba, why repeat
"samba" again inside the tree? Is it possible to clean this before the
final release of Samba 4.4.0?
>
> This doesn't happen with version 4.3.6. The same file is placed in
"/usr/local/samba/bin/smbspool_krb5_wrapper".
Some additional information: if I configure the build with 
"--libexecdir=/usr/local/samba/bin" the file goes into 
"usr/local/samba/bin/samba/smbspool_krb5_wrapper" which also contains
an
unnecessary repetition. That additional "samba" directory seems to be 
hard coded somewhere.