[SCM] Samba Website Repository - branch master updated
Karolin Seeger
kseeger at samba.org
Tue Sep 8 14:53:48 UTC 2015
The branch, master has been updated
via 7a82133 NEWS[4.3.0]: Samba 4.3.0 Available for Download
from 1391e83 NEWS[4.2.4]: Samba 4.2.4 Available for Download
https://git.samba.org/?p=samba-web.git;a=shortlog;h=master
- Log -----------------------------------------------------------------
commit 7a82133d3192423302952e89f0f6ff80edf37953
Author: Karolin Seeger <kseeger at samba.org>
Date: Tue Sep 8 16:51:06 2015 +0200
NEWS[4.3.0]: Samba 4.3.0 Available for Download
Signed-off-by: Karolin Seeger <kseeger at samba.org>
Signed-off-by: Stefan Metzmacher <metze at samba.org>
-----------------------------------------------------------------------
Summary of changes:
history/samba-4.3.0.html | 409 ++++++++++++++++++++++++
posted_news/20150908-144549.4.3.0.body.html | 13 +
posted_news/20150908-144549.4.3.0.headline.html | 3 +
3 files changed, 425 insertions(+)
create mode 100644 history/samba-4.3.0.html
create mode 100644 posted_news/20150908-144549.4.3.0.body.html
create mode 100644 posted_news/20150908-144549.4.3.0.headline.html
Changeset truncated at 500 lines:
diff --git a/history/samba-4.3.0.html b/history/samba-4.3.0.html
new file mode 100644
index 0000000..2f08dff
--- /dev/null
+++ b/history/samba-4.3.0.html
@@ -0,0 +1,409 @@
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
+ "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml">
+<head>
+<title>Samba 4.3.0 - Release Notes</title>
+</head>
+<body>
+<H2>Samba 4.3.0 Available for Download</H2>
+<p>
+<a href="https://download.samba.org/pub/samba/stable/samba-4.3.0.tar.gz">Samba 4.3.0 (gzipped)</a><br>
+<a href="https://download.samba.org/pub/samba/stable/samba-4.3.0.tar.asc">Signature</a>
+</p>
+<p><pre>
+ =============================
+ Release Notes for Samba 4.3.0
+ September 8, 2015
+ =============================
+
+
+This is the first stable release of Samba 4.3.
+
+
+UPGRADING
+=========
+
+Read the "New FileChangeNotify subsystem" and "smb.conf changes" sections
+(below).
+
+
+NEW FEATURES
+============
+
+Logging
+-------
+
+The logging code now supports logging to multiple backends. In
+addition to the previously available syslog and file backends, the
+backends for logging to the systemd-journal, lttng and gpfs have been
+added. Please consult the section for the 'logging' parameter in the
+smb.conf manpage for details.
+
+Spotlight
+---------
+
+Support for Apple's Spotlight has been added by integrating with Gnome
+Tracker.
+
+For detailed instructions how to build and setup Samba for Spotlight,
+please see the Samba wiki: <https://wiki.samba.org/index.php/Spotlight>
+
+New FileChangeNotify subsystem
+------------------------------
+
+Samba now contains a new subsystem to do FileChangeNotify. The
+previous system used a central database, notify_index.tdb, to store
+all notification requests. In particular in a cluster this turned out
+to be a major bottleneck, because some hot records need to be bounced
+back and forth between nodes on every change event like a new created
+file.
+
+The new FileChangeNotify subsystem works with a central daemon per
+node. Every FileChangeNotify request and every event are handled by an
+asynchronous message from smbd to the notify daemon. The notify daemon
+maintains a database of all FileChangeNotify requests in memory and
+will distribute the notify events accordingly. This database is
+asynchronously distributed in the cluster by the notify daemons.
+
+The notify daemon is supposed to scale a lot better than the previous
+implementation. The functional advantage is cross-node kernel change
+notify: Files created via NFS will be seen by SMB clients on other
+nodes per FileChangeNotify, despite the fact that popular cluster file
+systems do not offer cross-node inotify.
+
+Two changes to the configuration were required for this new subsystem:
+The parameters "change notify" and "kernel change notify" are not
+per-share anymore but must be set globally. So it is no longer
+possible to enable or disable notify per share, the notify daemon has
+no notion of a share, it only works on absolute paths.
+
+New SMB profiling code
+----------------------
+
+The code for SMB (SMB1, SMB2 and SMB3) profiling uses a tdb instead
+of sysv IPC shared memory. This avoids performance problems and NUMA
+effects. The profile stats are a bit more detailed than before.
+
+Improved DCERPC man in the middle detection for kerberos
+--------------------------------------------------------
+
+The gssapi based kerberos backends for gensec have support for
+DCERPC header signing when using DCERPC_AUTH_LEVEL_PRIVACY.
+
+SMB signing required in winbindd by default
+-------------------------------------------
+
+The effective value for "client signing" is required
+by default for winbindd, if the primary domain uses active directory.
+
+Experimental NTDB was removed
+-----------------------------
+
+The experimental NTDB library introduced in Samba 4.0 has been
+removed again.
+
+Improved support for trusted domains (as AD DC)
+-----------------------------------------------
+
+The support for trusted domains/forests has improved a lot.
+
+samba-tool got "domain trust" subcommands to manage trusts:
+
+ create - Create a domain or forest trust.
+ delete - Delete a domain trust.
+ list - List domain trusts.
+ namespaces - Manage forest trust namespaces.
+ show - Show trusted domain details.
+ validate - Validate a domain trust.
+
+External trusts between individual domains work in both ways
+(inbound and outbound). The same applies to root domains of
+a forest trust. The transitive routing into the other forest
+is fully functional for kerberos, but not yet supported for NTLMSSP.
+
+While a lot of things are working fine, there are currently a few limitations:
+
+ - Both sides of the trust need to fully trust each other!
+ - No SID filtering rules are applied at all!
+ - This means DCs of domain A can grant domain admin rights
+ in domain B.
+ - It's not possible to add users/groups of a trusted domain
+ into domain groups.
+
+SMB 3.1.1 supported
+-------------------
+
+Both client and server have support for SMB 3.1.1 now.
+
+This is the dialect introduced with Windows 10, it improves the secure
+negotiation of SMB dialects and features.
+
+There's also a new optinal encryption algorithm aes-gcm-128,
+but for now this is only selected as fallback and aes-ccm-128
+is preferred because of the better performance. This might change
+in future versions when hardware encryption will be supported.
+See https://bugzilla.samba.org/show_bug.cgi?id=11451.
+
+New smbclient subcommands
+-------------------------
+
+ - Query a directory for change notifications: notify <dir name>
+ - Server side copy: scopy <source filename> <destination filename>
+
+New rpcclient subcommands
+-------------------------
+
+ netshareenumall - Enumerate all shares
+ netsharegetinfo - Get Share Info
+ netsharesetinfo - Set Share Info
+ netsharesetdfsflags - Set DFS flags
+ netfileenum - Enumerate open files
+ netnamevalidate - Validate sharename
+ netfilegetsec - Get File security
+ netsessdel - Delete Session
+ netsessenum - Enumerate Sessions
+ netdiskenum - Enumerate Disks
+ netconnenum - Enumerate Connections
+ netshareadd - Add share
+ netsharedel - Delete share
+
+New modules
+-----------
+
+ idmap_script - see 'man 8 idmap_script'
+ vfs_unityed_media - see 'man 8 vfs_unityed_media'
+ vfs_shell_snap - see 'man 8 vfs_shell_snap'
+
+New sparsely connected replia graph (Improved KCC)
+--------------------------------------------------
+
+The Knowledge Consistency Checker (KCC) maintains a replication graph
+for DCs across an AD network. The existing Samba KCC uses a fully
+connected graph, so that each DC replicates from all the others, which
+does not scale well with large networks. In 4.3 there is an
+experimental new KCC that creates a sparsely connected replication
+graph and closely follows Microsoft's specification. It is turned off
+by default. To use the new KCC, set "kccsrv:samba_kcc=true" in
+smb.conf and let us know how it goes. You should consider doing this
+if you are making a large new network. For small networks there is
+little benefit and you can always switch over at a later date.
+
+Configurable TLS protocol support, with better defaults
+-------------------------------------------------------
+
+The "tls priority" option can be used to change the supported TLS
+protocols. The default is to disable SSLv3, which is no longer
+considered secure.
+
+Samba-tool now supports all 7 FSMO roles
+-------------------------------------------------------
+
+Previously "samba-tool fsmo" could only show, transfer or seize the
+five well-known FSMO roles:
+
+ Schema Master
+ Domain Naming Master
+ RID Master
+ PDC Emulator
+ Infrastructure Master
+
+It can now also show, transfer or seize the DNS infrastructure roles:
+
+ DomainDnsZones Infrastructure Master
+ ForestDnsZones Infrastructure Master
+
+CTDB logging changes
+--------------------
+
+The destination for CTDB logging is now set via a single new
+configuration variable CTDB_LOGGING. This replaces CTDB_LOGFILE and
+CTDB_SYSLOG, which have both been removed. See ctdbd.conf(5) for
+details of CTDB_LOGGING.
+
+CTDB no longer runs a separate logging daemon.
+
+CTDB NFS support changes
+------------------------
+
+CTDB's NFS service management has been combined into a single 60.nfs
+event script. This updated 60.nfs script now uses a call-out to
+interact with different NFS implementations. See the CTDB_NFS_CALLOUT
+option in the ctdbd.conf(5) manual page for details. A default
+call-out is provided to interact with the Linux kernel NFS
+implementation. The 60.ganesha event script has been removed - a
+sample call-out is provided for NFS Ganesha, based on this script.
+
+The method of configuring NFS RPC checks has been improved. See
+ctdb/config/nfs-checks.d/README for details.
+
+Improved Cross-Compiling Support
+--------------------------------
+
+A new "hybrid" build configuration mode is added to improve
+cross-compilation support.
+
+A common challenge in cross-compilation is that of obtaining the results
+of tests that have to run on the target, during the configuration
+phase of the build. The Samba build system already supports the following
+means to do so:
+
+ - Executing configure tests using the --cross-execute parameter
+ - Obtaining the results from an answers file using the --cross-answers
+ parameter
+
+The first method has the drawback of inaccurate results if the tests are
+run using an emulator, or a need to be connected to a running target
+while building, if the tests are to be run on an actual target. The
+second method presents a challenge of figuring out the test results.
+
+The new hybrid mode runs the tests and records the result in an answer file.
+To activate this mode, use both --cross-execute and --cross-answers in the
+same configure invocation. This mode can be activated once against a
+running target, and then the generated answers file can be used in
+subsequent builds.
+
+Also supplied is an example script that can be used as the
+cross-execute program. This script copies the test to a running target
+and runs the test on the target, obtaining the result. The obtained
+results are more accurate than running the test with an emulator, because
+they reflect the exact kernel and system libraries that exist on the
+target.
+
+Improved Sparse File Support
+----------------------------
+Support for the FSCTL_SET_ZERO_DATA and FSCTL_QUERY_ALLOCATED_RANGES
+SMB2 requests has been added to the smbd file server.
+This allows for clients to deallocate (hole punch) regions within a
+sparse file, and check which portions of a file are allocated.
+
+
+######################################################################
+Changes
+#######
+
+smb.conf changes
+----------------
+
+ Parameter Name Description Default
+ -------------- ----------- -------
+ logging New (empty)
+ msdfs shuffle referrals New no
+ smbd profiling level New off
+ spotlight New no
+ tls priority New NORMAL:-VERS-SSL3.0
+ use ntdb Removed
+ change notify Changed to [global]
+ kernel change notify Changed to [global]
+ client max protocol Changed default SMB3_11
+ server max protocol Changed default SMB3_11
+
+Removed modules
+---------------
+
+vfs_notify_fam - see section 'New FileChangeNotify subsystem'.
+
+
+KNOWN ISSUES
+============
+
+Currently none.
+
+
+CHANGES SINCE 4.2.0rc4
+======================
+
+o Andrew Bartlett <abartlet at samba.org>
+ * Bug 10973: No objectClass found in replPropertyMetaData on ordinary
+ objects (non-deleted)
+ * Bug 11429: Python bindings don't check integer types
+ * Bug 11430: Python bindings don't check array sizes
+
+o Ralph Boehme <slow at samba.org>
+ * Bug 11467: Handling of 0 byte resource fork stream
+
+o Volker Lendecke <vl at samba.org>
+ * Bug 11488: AD samr GetGroupsForUser fails for users with "()" in
+ their name
+
+o Stefan Metzmacher <metze at samba.org>
+ * Bug 11429: Python bindings don't check integer types
+
+o Matthieu Patou <mat at matws.net>
+ * Bug 10973: No objectClass found in replPropertyMetaData on ordinary
+ objects (non-deleted)
+
+
+CHANGES SINCE 4.2.0rc3
+======================
+
+o Ralph Boehme <slow at samba.org>
+ * Bug 11444: Crash in notify_remove caused by change notify = no
+
+o Günther Deschner <gd at samba.org>
+ * Bug 11411: smbtorture does not build when configured --with-system-mitkrb5
+
+o Volker Lendecke <vl at samba.org>
+ * Bug 11455: fix recursion problem in rep_strtoll in lib/replace/replace.c
+ * Bug 11464: xid2sid gives inconsistent results
+ * Bug 11465: ctdb: Fix the build on FreeBSD 10.1
+
+o Roel van Meer <roel at 1afa.com>
+ * Bug 11427: nmbd incorrectly matches netbios names as own name
+
+o Stefan Metzmacher <metze at samba.org>
+ * Bug 11451: Poor SMB3 encryption performance with AES-GCM
+ * Bug 11458: --bundled-libraries=!ldb,!pyldb,!pyldb-util doesn't
+ disable ldb build and install
+
+o Andreas Schneider <asn at samba.org>
+ * Bug 9862: Samba "map to guest = Bad uid" doesn't work
+
+
+CHANGES SINCE 4.3.0rc2
+======================
+
+o Andrew Bartlett <abartlet at samba.org>
+ * Bug 11436: samba-tool uncaught exception error
+ * Bug 10493: revert LDAP extended rule 1.2.840.113556.1.4.1941
+ LDAP_MATCHING_RULE_IN_CHAIN changes
+
+o Ralph Boehme <slow at samba.org>
+ * Bug 11278: Stream names with colon don't work with
+ fruit:encoding = native
+ * Bug 11426: net share allowedusers crashes
+
+o Amitay Isaacs <amitay at gmail.com>
+ * Bug 11432: Fix crash in nested ctdb banning
+ * Bug 11434: Cannot build ctdbpmda
+ * Bug 11431: CTDB's eventscript error handling is broken
+
+o Stefan Metzmacher <metze at samba.org>
+ * Bug 11451: Poor SMB3 encryption performance with AES-GCM (part1)
+ * Bug 11316: tevent_fd needs to be destroyed before closing the fd
+
+o Arvid Requate <requate at univention.de>
+ * Bug 11291: NetApp joined to a Samba/ADDC cannot resolve SIDs
+
+o Martin Schwenke <martin at meltin.net>
+ * Bug 11432: Fix crash in nested ctdb banning
+
+
+CHANGES SINCE 4.3.0rc1
+======================
+
+o Jeremy Allison <jra at samba.org>
+ * BUG 11359: strsep is not available on Solaris
+
+o Björn Baumbach <bb at sernet.de>
+ * BUG 11421: Build with GPFS support is broken
+
+o Justin Maggard <jmaggard at netgear.com>
+ * BUG 11320: "force group" with local group not working
+
+o Martin Schwenke <martin at meltin.net
+ * BUG 11424: Build broken with --disable-python
+
+
+</p></pre>
+</body>
+</html>
diff --git a/posted_news/20150908-144549.4.3.0.body.html b/posted_news/20150908-144549.4.3.0.body.html
new file mode 100644
index 0000000..666145f
--- /dev/null
+++ b/posted_news/20150908-144549.4.3.0.body.html
@@ -0,0 +1,13 @@
+<!-- BEGIN: posted_news/20150908-144549.4.3.0.body.html -->
+<h5><a name="4.3.0">08 September 2015</a></h5>
+<p class=headline>Samba 4.3.0 Available for Download</p>
+<p>
+This is the latest stable release of the Samba 4.3 release series.
+</p>
+<p>
+The uncompressed tarball has been signed using GnuPG (ID 6568B7EA).
+The source code can be <a href="https://download.samba.org/pub/samba/stable/samba-4.3.0.tar.gz">downloaded now</a>.
+See <a href="https://www.samba.org/samba/history/samba-4.3.0.html">the release notes for more info</a>.
+</p>
+<!-- END: posted_news/20150908-144549.4.3.0.body.html -->
+
diff --git a/posted_news/20150908-144549.4.3.0.headline.html b/posted_news/20150908-144549.4.3.0.headline.html
new file mode 100644
index 0000000..9fb4a7a
--- /dev/null
+++ b/posted_news/20150908-144549.4.3.0.headline.html
@@ -0,0 +1,3 @@
+<!-- BEGIN: posted_news/20150908-144549.4.3.0.headline.html -->
+<li> 08 September 2015 <a href="#4.3.0">Samba 4.3.0 Available for Download</a></li>
+<!-- END: posted_news/20150908-144549.4.3.0.headline.html -->
--
Samba Website Repository
More information about the samba-cvs
mailing list