Now
MAIN commitmail json YAML
pkgsrc/net/samba4/Makefile@1.111
/
diff
pkgsrc/net/samba4/PLIST@1.34 / diff
pkgsrc/net/samba4/distinfo@1.54 / diff
pkgsrc/net/samba4/options.mk@1.12 / diff
pkgsrc/net/samba4/patches/patch-lib_tsocket_tsocket.h deleted
pkgsrc/net/samba4/patches/patch-lib_tsocket_tsocket__bsd.c deleted
pkgsrc/net/samba4/patches/patch-source3_libsmb_libsmb__stat.c@1.1 / diff
pkgsrc/net/samba4/patches/patch-source4_torture_libsmbclient_libsmbclient.c@1.1 / diff
pkgsrc/net/samba4/PLIST@1.34 / diff
pkgsrc/net/samba4/distinfo@1.54 / diff
pkgsrc/net/samba4/options.mk@1.12 / diff
pkgsrc/net/samba4/patches/patch-lib_tsocket_tsocket.h deleted
pkgsrc/net/samba4/patches/patch-lib_tsocket_tsocket__bsd.c deleted
pkgsrc/net/samba4/patches/patch-source3_libsmb_libsmb__stat.c@1.1 / diff
pkgsrc/net/samba4/patches/patch-source4_torture_libsmbclient_libsmbclient.c@1.1 / diff
samba4: updated to 4.13.2
Changes since 4.13.1
--------------------
* BUG 14486: s3: modules: vfs_glusterfs: Fix leak of char
**lines onto mem_ctx on return.
* BUG 14471: RN: vfs_zfsacl: Only grant DELETE_CHILD if ACL tag is special.
* BUG 14538: smb.conf.5: Add clarification how configuration changes
reflected by Samba.
* BUG 14552: daemons: Report status to systemd even when running in
foreground.
* BUG 14553: DNS Resolver: Support both dnspython before and after 2.0.0.
* BUG 14486: s3-vfs_glusterfs: Refuse connection when write-behind xlator is
present.
* BUG 14487: provision: Add support for BIND 9.16.x.
* BUG 14537: ctdb-common: Avoid aliasing errors during code optimization.
* BUG 14541: libndr: Avoid assigning duplicate versions to symbols.
* BUG 14522: docs: Fix default value of spoolss:architecture.
* BUG 14388: winbind: Fix a memleak.
* BUG 14531: s4:dsdb:acl_read: Implement "List Object" mode feature.
* BUG 14486: docs-xml/manpages: Add warning about write-behind translator for
vfs_glusterfs.
* nsswitch/nsstest.c: Avoid nss function conflicts with glibc nss.h.
* BUG 14530: vfs_shadow_copy2: Avoid closing snapsdir twice.
* BUG 14547: third_party: Update resolv_wrapper to version 1.1.7.
* BUG 14550: examples:auth: Do not install example plugin.
* BUG 14513: ctdb-recoverd: Drop unnecessary and broken code.
* BUG 14471: RN: vfs_zfsacl: Only grant DELETE_CHILD if ACL tag is special.
Changes since 4.13.0
--------------------
* BUG 14434: CVE-2020-14318: s3: smbd: Ensure change notifies can't get set
unless the directory handle is open for SEC_DIR_LIST.
* BUG 12795: CVE-2020-14383: Remote crash after adding NS or MX records using
'samba-tool'.
* BUG 14472: CVE-2020-14383: Remote crash after adding MX records.
* BUG 14436: CVE-2020-14323: winbind: Fix invalid lookupsids DoS.
4.31.0:
NEW FEATURES/CHANGES
====================
Python 3.6 or later required
----------------------------
Samba's minimum runtime requirement for python was raised to Python
3.5 with samba 4.12. Samba 4.13 raises this minimum version to Python
3.6 both to access new features and because this is the oldest version
we test with in our CI infrastructure.
This is also the last release where it will be possible to build Samba
(just the file server) with Python versions 2.6 and 2.7.
As Python 2.7 has been End Of Life upstream since April 2020, Samba
is dropping ALL Python 2.x support in the NEXT release.
Samba 4.14 to be released in March 2021 will require Python 3.6 or
later to build.
wide links functionality
------------------------
For this release, the code implementing the insecure "wide links = yes"
functionality has been moved out of the core smbd code and into a separate
VFS module, vfs_widelinks. Currently this vfs module is implicitly loaded
by smbd as the last but one module before vfs_default if "wide links = yes"
is enabled on the share (note, the existing restrictions on enabling wide
links around the SMB1 "unix extensions" and the "allow insecure wide links"
parameters are still in force). The implicit loading was done to allow
existing users of "wide links = yes" to keep this functionality without
having to make a change to existing working smb.conf files.
Please note that the Samba developers recommend changing any Samba
installations that currently use "wide links = yes" to use bind mounts
as soon as possible, as "wide links = yes" is an inherently insecure
configuration which we would like to remove from Samba. Moving the
feature into a VFS module allows this to be done in a cleaner way
in future.
A future release to be determined will remove this implicit linkage,
causing administrators who need this functionality to have to explicitly
add the vfs_widelinks module into the "vfs objects =" parameter lists.
The release notes will be updated to note this change when it occurs.
NT4-like 'classic' Samba domain controllers
-------------------------------------------
Samba 4.13 deprecates Samba's original domain controller mode.
Sites using Samba as a Domain Controller should upgrade from the
NT4-like 'classic' Domain Controller to a Samba Active Directory DC
to ensure full operation with modern windows clients.
SMBv1 only protocol options deprecated
--------------------------------------
A number of smb.conf parameters for less-secure authentication methods
which are only possible over SMBv1 are deprecated in this release.
Changes since 4.13.1
--------------------
* BUG 14486: s3: modules: vfs_glusterfs: Fix leak of char
**lines onto mem_ctx on return.
* BUG 14471: RN: vfs_zfsacl: Only grant DELETE_CHILD if ACL tag is special.
* BUG 14538: smb.conf.5: Add clarification how configuration changes
reflected by Samba.
* BUG 14552: daemons: Report status to systemd even when running in
foreground.
* BUG 14553: DNS Resolver: Support both dnspython before and after 2.0.0.
* BUG 14486: s3-vfs_glusterfs: Refuse connection when write-behind xlator is
present.
* BUG 14487: provision: Add support for BIND 9.16.x.
* BUG 14537: ctdb-common: Avoid aliasing errors during code optimization.
* BUG 14541: libndr: Avoid assigning duplicate versions to symbols.
* BUG 14522: docs: Fix default value of spoolss:architecture.
* BUG 14388: winbind: Fix a memleak.
* BUG 14531: s4:dsdb:acl_read: Implement "List Object" mode feature.
* BUG 14486: docs-xml/manpages: Add warning about write-behind translator for
vfs_glusterfs.
* nsswitch/nsstest.c: Avoid nss function conflicts with glibc nss.h.
* BUG 14530: vfs_shadow_copy2: Avoid closing snapsdir twice.
* BUG 14547: third_party: Update resolv_wrapper to version 1.1.7.
* BUG 14550: examples:auth: Do not install example plugin.
* BUG 14513: ctdb-recoverd: Drop unnecessary and broken code.
* BUG 14471: RN: vfs_zfsacl: Only grant DELETE_CHILD if ACL tag is special.
Changes since 4.13.0
--------------------
* BUG 14434: CVE-2020-14318: s3: smbd: Ensure change notifies can't get set
unless the directory handle is open for SEC_DIR_LIST.
* BUG 12795: CVE-2020-14383: Remote crash after adding NS or MX records using
'samba-tool'.
* BUG 14472: CVE-2020-14383: Remote crash after adding MX records.
* BUG 14436: CVE-2020-14323: winbind: Fix invalid lookupsids DoS.
4.31.0:
NEW FEATURES/CHANGES
====================
Python 3.6 or later required
----------------------------
Samba's minimum runtime requirement for python was raised to Python
3.5 with samba 4.12. Samba 4.13 raises this minimum version to Python
3.6 both to access new features and because this is the oldest version
we test with in our CI infrastructure.
This is also the last release where it will be possible to build Samba
(just the file server) with Python versions 2.6 and 2.7.
As Python 2.7 has been End Of Life upstream since April 2020, Samba
is dropping ALL Python 2.x support in the NEXT release.
Samba 4.14 to be released in March 2021 will require Python 3.6 or
later to build.
wide links functionality
------------------------
For this release, the code implementing the insecure "wide links = yes"
functionality has been moved out of the core smbd code and into a separate
VFS module, vfs_widelinks. Currently this vfs module is implicitly loaded
by smbd as the last but one module before vfs_default if "wide links = yes"
is enabled on the share (note, the existing restrictions on enabling wide
links around the SMB1 "unix extensions" and the "allow insecure wide links"
parameters are still in force). The implicit loading was done to allow
existing users of "wide links = yes" to keep this functionality without
having to make a change to existing working smb.conf files.
Please note that the Samba developers recommend changing any Samba
installations that currently use "wide links = yes" to use bind mounts
as soon as possible, as "wide links = yes" is an inherently insecure
configuration which we would like to remove from Samba. Moving the
feature into a VFS module allows this to be done in a cleaner way
in future.
A future release to be determined will remove this implicit linkage,
causing administrators who need this functionality to have to explicitly
add the vfs_widelinks module into the "vfs objects =" parameter lists.
The release notes will be updated to note this change when it occurs.
NT4-like 'classic' Samba domain controllers
-------------------------------------------
Samba 4.13 deprecates Samba's original domain controller mode.
Sites using Samba as a Domain Controller should upgrade from the
NT4-like 'classic' Domain Controller to a Samba Active Directory DC
to ensure full operation with modern windows clients.
SMBv1 only protocol options deprecated
--------------------------------------
A number of smb.conf parameters for less-secure authentication methods
which are only possible over SMBv1 are deprecated in this release.