[SCM] Samba Website Repository - branch master updated

Karolin Seeger kseeger at samba.org
Wed Mar 4 13:11:31 MST 2015


The branch, master has been updated
       via  f3d5831 Announce Samba 4.2.0.
      from  6f6d51d news: Add link to the survey.

https://git.samba.org/?p=samba-web.git;a=shortlog;h=master


- Log -----------------------------------------------------------------
commit f3d5831cb8eaffd3683051ff68f4ade09a41eab7
Author: Karolin Seeger <kseeger at samba.org>
Date:   Wed Mar 4 21:11:12 2015 +0100

    Announce Samba 4.2.0.
    
    Signed-off-by: Karolin Seeger <kseeger at samba.org>

-----------------------------------------------------------------------

Summary of changes:
 devel/index.html                        |  30 +-
 generated_news/latest_10_bodies.html    |  24 +-
 generated_news/latest_10_headlines.html |   4 +-
 generated_news/latest_2_bodies.html     |  23 +-
 history/header_history.html             |   1 +
 history/samba-4.2.0.html                | 686 ++++++++++++++++++++++++++++++++
 latest_stable_release.html              |   6 +-
 7 files changed, 729 insertions(+), 45 deletions(-)
 create mode 100755 history/samba-4.2.0.html


Changeset truncated at 500 lines:

diff --git a/devel/index.html b/devel/index.html
index ea57ded..e7ac1bf 100755
--- a/devel/index.html
+++ b/devel/index.html
@@ -17,12 +17,12 @@ original Subversion and CVS trees; this would include 3.0.x and 2.2.x
 versions of Samba, which are no longer in active development.
 </p>
 
-<p>With the release of Samba 4.1.0, the 4.0 series has been turned into
+<p>With the release of Samba 4.2.0, the 4.1 series has been turned into
 maintenance mode, which means severe bug fixes and security fixes only.</p>
 
-<p>There will be security fixes only for the 3.6 series.</p>
+<p>There will be security fixes only for the 4.0 series.</p>
 
-<p>The 3.5 series will be discontinued.</p>
+<p>The 3.6 series will be discontinued.</p>
 
 <p>For more details on the release series, current schedules and release modi,
 please see
@@ -58,30 +58,30 @@ Release Planning</a>.</p>
       <p>This is the current Samba development branch.</p>
     </li>
     <li>
-      <h4><em>v3-6-test</em></h4>
-      <p>This is the current branch for 3.6.x maintenance releases
+      <h4><em>v4-0-test</em></h4>
+      <p>This is the current branch for 4.0.x maintenance releases
 	 (security fixes <em>only</em>).</p>
     </li>
     <li>
-      <h4><em>v3-6-stable</em></h4>
-      <p>This is the current branch for 3.6.x maintenance releases
+      <h4><em>v4-0-stable</em></h4>
+      <p>This is the current branch for 4.0.x maintenance releases
 	 (security fixes <em>only</em>).</p>
     </li>
     <li>
-      <h4><em>v4-0-test</em></h4>
-      <p>This is the current branch for 4.0.x maintenance releases.</p>
+      <h4><em>v4-1-test</em></h4>
+      <p>This is the current branch for 4.1.x development.</p>
     </li>
     <li>
-      <h4><em>v4-0-stable</em></h4>
-      <p>This is the current branch for 4.0.x maintenance releases.</p>
+      <h4><em>v4-1-stable</em></h4>
+      <p>This is the current branch for 4.1.x maintenance releases.</p>
     </li>
     <li>
-      <h4><em>v4-1-test</em></h4>
-      <p>This is the current branch for 4.1.x development.</p>
+      <h4><em>v4-2-test</em></h4>
+      <p>This is the current branch for 4.2.x development.</p>
     </li>
     <li>
-      <h4><em>v4-1-stable</em></h4>
-      <p>This is the current branch for 4.1.x production releases.</p>
+      <h4><em>v4-2-stable</em></h4>
+      <p>This is the current branch for 4.2.x production releases.</p>
     </li>
   </ul>
 
diff --git a/generated_news/latest_10_bodies.html b/generated_news/latest_10_bodies.html
index 3ad1243..3d4226d 100644
--- a/generated_news/latest_10_bodies.html
+++ b/generated_news/latest_10_bodies.html
@@ -1,3 +1,14 @@
+	<h5><a name="4.2.0">04 March 2015</a></h5>
+	<p class="headline">Samba 4.2.0 Available for Download</p>
+	<p>This is the first stable release of the Samba 4.2 series.</p>
+
+<p>The uncompressed tarballs and patch files have been signed
+using GnuPG (ID 6568B7EA).  The source code can be
+<a href="http://samba.org/samba/ftp/stable/samba-4.2.0.tar.gz">downloaded
+now</a>. See <a href="http://samba.org/samba/history/samba-4.0.23.html">
+ the release notes for more info</a>.</p>
+
+
 <h5><a name="survey2015">02 March 2015</a></h5>
 	<p class="headline">Calling all Samba Users: 2015 User Survey</p>
 	<p>What Samba features do you care about most? Do you have problems or
@@ -116,16 +127,3 @@ now</a>. A <a href="http://samba.org/samba/ftp/patches/patch-4.0.22-4.0.23.diffs
 patch against Samba 4.0.22</a> is also available. See
 <a href="http://samba.org/samba/history/samba-4.0.23.html"> the release notes
  for more info</a>.</p>
-
-
-	<h5><a name="4.1.14">01 December 2014</a></h5>
-	<p class="headline">Samba 4.1.14 Available for Download</p>
-	<p>This is the latest stable release of the Samba 4.1 series.</p>
-
-<p>The uncompressed tarballs and patch files have been signed
-using GnuPG (ID 6568B7EA).  The source code can be
-<a href="http://samba.org/samba/ftp/stable/samba-4.1.14.tar.gz">downloaded
-now</a>. A <a href="http://samba.org/samba/ftp/patches/patch-4.1.13-4.1.14.diffs.gz">
-patch against Samba 4.1.13</a> is also available. See
-<a href="http://samba.org/samba/history/samba-4.1.14.html"> the release notes
- for more info</a>.</p>
diff --git a/generated_news/latest_10_headlines.html b/generated_news/latest_10_headlines.html
index 9acb449..e7ea696 100644
--- a/generated_news/latest_10_headlines.html
+++ b/generated_news/latest_10_headlines.html
@@ -1,4 +1,6 @@
 <ul>
+	<li> 04 March 2015 <a href="#4.2.0">Samba 4.2.0 Available for Download</a></li>
+
 	<li> 02 March 2015 <a href="#survey2015">Calling all Samba Users: 2015
 		User Survey</a></li>
 
@@ -21,6 +23,4 @@
 	<li> 20 December 2014 <a href="#4.2.0rc3">Samba 4.2.0rc3 Available for Download</a></li>
 
 	<li> 15 September 2014 <a href="#4.0.22">Samba 4.0.22 Available for Download</a></li>
-
-	<li> 01 December 2014 <a href="#4.1.14">Samba 4.1.14 Available for Download</a></li>
 </ul>
diff --git a/generated_news/latest_2_bodies.html b/generated_news/latest_2_bodies.html
index a80366c..641a31a 100644
--- a/generated_news/latest_2_bodies.html
+++ b/generated_news/latest_2_bodies.html
@@ -1,3 +1,14 @@
+	<h5><a name="4.2.0">04 March 2015</a></h5>
+	<p class="headline">Samba 4.2.0 Available for Download</p>
+	<p>This is the first stable release of the Samba 4.2 series.</p>
+
+<p>The uncompressed tarballs and patch files have been signed
+using GnuPG (ID 6568B7EA).  The source code can be
+<a href="http://samba.org/samba/ftp/stable/samba-4.2.0.tar.gz">downloaded
+now</a>. See <a href="http://samba.org/samba/history/samba-4.0.23.html">
+ the release notes for more info</a>.</p>
+
+
 <h5><a name="survey2015">02 March 2015</a></h5>
 	<p class="headline">Calling all Samba Users: 2015 User Survey</p>
 	<p>What Samba features do you care about most? Do you have problems or
@@ -5,15 +16,3 @@
 	most important to you?</p>
 	<p>The Samba Team invites all users to participate in the
 	<a href="https://www.surveygizmo.com/s3/2020369/Samba-User-Survey-2015">Samba Survey</a>.</p>
-
-
-	<h5><a name="4.2.0rc5">24 February 2015</a></h5>
-	<p class="headline">Samba 4.2.0rc5 Available for Download</p>
-	<p>This is the fifth release candidate of the upcoming Samba 4.2 release
-	series. It includes the fix for CVE-2015-0240 and other bug fixes.</p>
-
-<p>The uncompressed tarballs and patch files have been signed
-using GnuPG (ID 6568B7EA).  The source code can be
-<a href="https://download.samba.org/pub/samba/rc/samba-4.2.0rc5.tar.gz">downloaded
-now</a>. See <a href="https://download.samba.org/pub/samba/rc/WHATSNEW-4.2.0rc5.txt">
-the release notes for more info</a>.</p>
diff --git a/history/header_history.html b/history/header_history.html
index 5c2f874..1445de4 100755
--- a/history/header_history.html
+++ b/history/header_history.html
@@ -10,6 +10,7 @@
 		<li class="navSub">
 			<ul>
 			<li><a href="/samba/security/CVE-2013-0454.html">CVE-2013-0454</a></li>
+			<li><a href="samba-4.2.0.html">samba-4.2.0</a></li>
 			<li><a href="samba-4.1.17.html">samba-4.1.17</a></li>
 			<li><a href="samba-4.1.16.html">samba-4.1.16</a></li>
 			<li><a href="samba-4.1.15.html">samba-4.1.15</a></li>
diff --git a/history/samba-4.2.0.html b/history/samba-4.2.0.html
new file mode 100755
index 0000000..79d7023
--- /dev/null
+++ b/history/samba-4.2.0.html
@@ -0,0 +1,686 @@
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
+    "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml">
+
+<head>
+<title>Samba - Release Notes Archive</title>
+</head>
+
+<body>
+
+   <H2>Samba 4.2.0 Available for Download</H2>
+
+<p>
+<pre>
+                   =============================
+                   Release Notes for Samba 4.2.0
+                           March 04, 2015
+                   =============================
+
+
+This is is the first stable release of Samba 4.2.
+
+Samba 4.2 will be the next version of the Samba suite.
+
+
+Samba User Survey 2015
+======================
+
+https://www.surveygizmo.com/s3/2020369/Samba-User-Survey-2015
+
+Please take our survey. It will help us improve Samba by understanding
+your knowledge and needs. The survey runs until end of March 2015 and
+won't ask for any personal info. The full results will be shared with
+the Samba Team, and statistical summaries will be shared with the
+Samba community after the SambaXP conference (http://sambaxp.org).
+
+
+IMPORTANT NOTE ABOUT THE SUPPORT END OF SAMBA 3
+=================================================
+
+With the final release of Samba 4.2, the last series of Samba 3 has
+been discontinued! People still running 3.6.x or earlier,should
+consider moving to a more recent and maintained version (4.0 - 4.2).
+One of the common misconceptions is that Samba 4.x automatically
+means "Active Directory only": This is wrong!
+
+Acting as an Active Directory Domain Controller is just one of the
+enhancements included in Samba 4.0 and later. Version 4.0 was just the
+next release after the 3.6 series and contains all the features of the
+previous ones - including the NT4-style (classic) domain support. This
+means you can update a Samba 3.x NT4-style PDC to 4.x, just as you've
+updated in the past (e.g. from 3.4.x to 3.5.x). You don't have to move
+your NT4-style domain to an Active Directory!
+
+And of course the possibility remains unchanged, to setup a new NT4-style
+PDC with Samba 4.x, like done in the past (e.g. with openLDAP backend).
+Active Directory support in Samba 4 is additional and does not replace
+any of these features. We do understand the difficulty presented by
+existing LDAP structures and for that reason there isn't a plan to
+decommission the classic PDC support. It remains tested by the continuous
+integration system.
+
+The code that supports the classic Domain Controller is also the same
+code that supports the internal 'Domain' of standalone servers and
+Domain Member Servers. This means that we still use this code, even
+when not acting as an AD Domain Controller. It is also the basis for
+some of the features of FreeIPA and so it gets development attention
+from that direction as well.
+
+
+UPGRADING
+=========
+
+Read the "Winbindd/Netlogon improvements" section (below) carefully!
+
+
+NEW FEATURES
+============
+
+Transparent File Compression
+============================
+
+Samba 4.2.0 adds support for the manipulation of file and folder
+compression flags on the Btrfs filesystem.
+With the Btrfs Samba VFS module enabled, SMB2+ compression flags can
+be set remotely from the Windows Explorer File->Properties->Advanced
+dialog. Files flagged for compression are transparently compressed
+and uncompressed when accessed or modified.
+
+Previous File Versions with Snapper
+===================================
+
+The newly added Snapper VFS module exposes snapshots managed by
+Snapper for use by Samba. This provides the ability for remote
+clients to access shadow-copies via Windows Explorer using the
+"previous versions" dialog.
+
+Winbindd/Netlogon improvements
+==============================
+
+The whole concept of maintaining the netlogon secure channel
+to (other) domain controllers was rewritten in order to maintain
+global state in a netlogon_creds_cli.tdb. This is the proper fix
+for a large number of bugs:
+
+  https://bugzilla.samba.org/show_bug.cgi?id=6563
+  https://bugzilla.samba.org/show_bug.cgi?id=7944
+  https://bugzilla.samba.org/show_bug.cgi?id=7945
+  https://bugzilla.samba.org/show_bug.cgi?id=7568
+  https://bugzilla.samba.org/show_bug.cgi?id=8599
+
+In addition a strong session key is now required by default,
+which means that communication to older servers or clients
+might be rejected by default.
+
+For the client side we have the following new options:
+"require strong key" (yes by default), "reject md5 servers" (no by default).
+E.g. for Samba 3.0.37 you need "require strong key = no" and
+for NT4 DCs you need "require strong key = no" and "client NTLMv2 auth = no",
+
+On the server side (as domain controller) we have the following new options:
+"allow nt4 crypto" (no by default), "reject md5 client" (no by default).
+E.g. in order to allow Samba < 3.0.27 or NT4 members to work
+you need "allow nt4 crypto = yes"
+
+winbindd does not list group memberships for display purposes
+(e.g. getent group <domain\<group>) anymore by default.
+The new default is "winbind expand groups = 0" now,
+the reason for this is the same as for "winbind enum users = no"
+and "winbind enum groups = no". Providing this information is not always
+reliably possible, e.g. if there are trusted domains.
+
+Please consult the smb.conf manpage for more details on these new options.
+
+Winbindd use on the Samba AD DC
+===============================
+
+Winbindd is now used on the Samba AD DC by default, replacing the
+partial rewrite used for winbind operations in Samba 4.0 and 4.1.
+
+This allows more code to be shared, more options to be honoured, and
+paves the way for support for trusted domains in the AD DC.
+
+If required the old internal winbind can be activated by setting
+'server services = +winbind -winbindd'.  Upgrading users with a server
+services parameter specified should ensure they change 'winbind' to
+'winbindd' to obtain the new functionality.
+
+The 'samba' binary still manages the starting of this service, there
+is no need to start the winbindd binary manually.
+
+Winbind now requires secured connections
+========================================
+
+To improve protection against rogue domain controllers we now require
+that when we connect to an AD DC in our forest, that the connection be
+signed using SMB Signing.  Set 'client signing = off' in the smb.conf
+to disable.
+
+Also and DCE/RPC pipes must be sealed, set 'require strong key =
+false' and 'winbind sealed pipes = false' to disable.
+
+Finally, the default for 'client ldap sasl wrapping' has been set to
+'sign', to ensure the integrity of LDAP connections.  Set 'client ldap
+sasl wrapping = plain' to disable.
+
+Larger IO sizes for SMB2/3 by default
+=====================================
+
+The default values for "smb2 max read", "smb2 max write" and "smb2 max trans"
+have been changed to 8388608 (8MiB) in order to match the default of
+Windows 2012R2.
+
+SMB2 leases
+===========
+
+The SMB2 protocol allows clients to aggressively cache files
+locally above and beyond the caching allowed by SMB1 and SMB2 oplocks.
+
+Called SMB2 leases, this can greatly reduce traffic on an SMB2
+connection. Samba 4.2 now implements SMB2 leases.
+
+It can be turned on by setting the parameter "smb2 leases = yes"
+in the [global] section of your smb.conf. This parameter is set
+to off by default until the SMB2 leasing code is declared fully stable.
+
+Improved DCERPC man in the middle detection
+===========================================
+
+The DCERPC header signing has been implemented
+in addition to the dcerpc_sec_verification_trailer
+protection.
+
+Overhauled "net idmap" command
+==============================
+
+The command line interface of the "net idmap" command has been
+made systematic, and subcommands for reading and writing the autorid idmap
+database have been added. Note that the writing commands should be
+used with great care. See the net(8) manual page for details.
+
+tdb improvements
+================
+
+The tdb library, our core mechanism to store Samba-specific data on disk and
+share it between processes, has been improved to support process shared robust
+mutexes on Linux. These mutexes are available on Linux and Solaris and
+significantly reduce the overhead involved with tdb. To enable mutexes for
+tdb, set
+
+dbwrap_tdb_mutexes:* = yes
+
+in the [global] section of your smb.conf.
+
+Tdb file space management has also been made more efficient. This
+will lead to smaller and less fragmented databases.
+
+Messaging improvements
+======================
+
+Our internal messaging subsystem, used for example for things like oplock
+break messages between smbds or setting a process debug level dynamically, has
+been rewritten to use unix domain datagram messages.
+
+Clustering support
+==================
+
+Samba's file server clustering component CTDB is now integrated in the
+Samba tree.  This avoids the confusion of compatibility of Samba and CTDB
+versions as existed previously.
+
+To build the Samba file server with cluster support, use the configure
+command line option --with-cluster-support.  This will build clustered
+file server against the in-tree CTDB and will also build CTDB.
+Building clustered samba with previous versions of CTDB is no longer
+supported.
+
+Samba Registry Editor
+=====================
+
+The utitlity to browse the samba registry has been overhauled by our Google
+Summer of Code student Chris Davis. Now samba-regedit has a
+Midnight-Commander-like theme and UI experience. You can browse keys and edit
+the diffent value types. For a data value type a hexeditor has been
+implemented.
+
+Bad Password Lockout in the AD DC
+=================================
+
+Samba's AD DC now implements bad password lockout (on a per-DC basis).
+
+That is, incorrect password attempts are tracked, and accounts locked
+out if too many bad passwords are submitted.  There is also a grace
+period of 60 minutes on the previous password when used for NTLM
+authentication (matching Windows 2003 SP1: https://support2.microsoft.com/kb/906305).
+
+The relevant settings can be seen using 'samba-tool domain
+passwordsettings show' (the new settings being highlighted):
+
+Password informations for domain 'DC=samba,DC=example,DC=com'
+
+Password complexity: on
+Store plaintext passwords: off
+Password history length: 24
+Minimum password length: 7
+Minimum password age (days): 1
+Maximum password age (days): 42
+* Account lockout duration (mins): 30     *
+* Account lockout threshold (attempts): 0 *
+* Reset account lockout after (mins): 30  *
+
+These values can be set using 'samba-tool domain passwordsettings set'.
+
+Correct defaults in the smb.conf manpages
+=========================================
+
+The default values for smb.conf parameters are now correctly specified
+in the smb.conf manpage, even when they refer to build-time specified
+paths.  Provided Samba is built on a system with the right tools
+(xsltproc in particular) required to generate our man pages, then
+these will be built with the exact same embedded paths as used by the
+configuration parser at runtime.  Additionally, the default values
+read from the smb.conf manpage are checked by our test suite to match
+the values seen in testparm and used by the running binaries.
+
+Consistent behaviour between samba-tool testparm and testparm
+=============================================================
+
+With the exception of the registry backend, which remains only
+available in the file server, the behaviour of the smb.conf parser and
+the tools 'samba-tool testparm' and 'testparm' is now consistent,
+particularly with regard to default values.  Except with regard to
+registry shares, it is no longer needed to use one tool on the AD
+DC, and another on the file server.
+
+VFS WORM module
+===============
+
+A VFS module for basic WORM (Write once read many) support has been
+added. It allows an additional layer on top of a Samba share, that provides
+a basic set of WORM functionality on the client side, to control the
+writeability of files and folders.
+
+As the module is simply an additional layer, share access and permissions
+work like expected - only WORM functionality is added on top. Removing the
+module from the share configuration, removes this layer again. The
+filesystem ACLs are not affected in any way from the module and treated
+as usual.
+
+The module does not provide complete WORM functions, like some archiving
+products do! It is not audit-proof, because the WORM function is only
+available on the client side, when accessing a share through SMB! If
+the same folder is shared by other services like NFS, the access only
+depends on the underlying filesystem ACLs. Equally if you access the
+content directly on the server.
+
+For additional information, see
+https://wiki.samba.org/index.php/VFS/vfs_worm
+
+vfs_fruit, a VFS module for OS X clients
+========================================
+
+A new VFS module that provides enhanced compatibility with Apple SMB
+clients and interoperability with a Netatalk 3 AFP fileserver.
+
+The module features enhanced performance with reliable named streams
+support, interoperability with special characters commonly used by OS
+X client (eg '*', '/'), integrated file locking and Mac metadata
+access with Netatalk 3 and enhanced performance by implementing
+Apple's SMB2 extension codenamed "AAPL".


-- 
Samba Website Repository


More information about the samba-cvs mailing list