[SCM] Samba Website Repository - branch master updated

Karolin Seeger kseeger at samba.org
Tue Mar 3 10:13:44 UTC 2020


The branch, master has been updated
       via  f3b2fc8 Add Samba 4.12.0 to the list.
       via  5e29b90 NEWS[4.12.0]: Samba 4.12.0 Available for Download
      from  4791250 NEWS[4.12.0rc4]: Samba 4.12.0rc4 Available for Download

https://git.samba.org/?p=samba-web.git;a=shortlog;h=master


- Log -----------------------------------------------------------------
commit f3b2fc83991e52c72adf8aac0e2a6d4de4be7e6b
Author: Karolin Seeger <kseeger at samba.org>
Date:   Tue Mar 3 11:13:26 2020 +0100

    Add Samba 4.12.0 to the list.
    
    Signed-off-by: Karolin Seeger <kseeger at samba.org>

commit 5e29b90ecff2968038cbc53838213f24b3e8ccc2
Author: Karolin Seeger <kseeger at samba.org>
Date:   Tue Mar 3 11:11:37 2020 +0100

    NEWS[4.12.0]: Samba 4.12.0 Available for Download
    
    Signed-off-by: Karolin Seeger <kseeger at samba.org>

-----------------------------------------------------------------------

Summary of changes:
 history/header_history.html                      |   1 +
 history/samba-4.12.0.html                        | 354 +++++++++++++++++++++++
 posted_news/20200303-101249.4.12.0.body.html     |  12 +
 posted_news/20200303-101249.4.12.0.headline.html |   3 +
 4 files changed, 370 insertions(+)
 create mode 100644 history/samba-4.12.0.html
 create mode 100644 posted_news/20200303-101249.4.12.0.body.html
 create mode 100644 posted_news/20200303-101249.4.12.0.headline.html


Changeset truncated at 500 lines:

diff --git a/history/header_history.html b/history/header_history.html
index c700772..fec8857 100755
--- a/history/header_history.html
+++ b/history/header_history.html
@@ -9,6 +9,7 @@
 		<li><a href="/samba/history/">Release Notes</a>
 		<li class="navSub">
 			<ul>
+			<li><a href="samba-4.12.0.html">samba-4.12.0</a></li>
 			<li><a href="samba-4.11.6.html">samba-4.11.6</a></li>
 			<li><a href="samba-4.11.5.html">samba-4.11.5</a></li>
 			<li><a href="samba-4.11.4.html">samba-4.11.4</a></li>
diff --git a/history/samba-4.12.0.html b/history/samba-4.12.0.html
new file mode 100644
index 0000000..d14aa5f
--- /dev/null
+++ b/history/samba-4.12.0.html
@@ -0,0 +1,354 @@
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
+ "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml">
+<head>
+<title>Samba 4.12.0 - Release Notes</title>
+</head>
+<body>
+<H2>Samba 4.12.0 Available for Download</H2>
+<p>
+<a href="https://download.samba.org/pub/samba/stable/samba-4.12.0.tar.gz">Samba 4.12.0 (gzipped)</a><br>
+<a href="https://download.samba.org/pub/samba/stable/samba-4.12.0.tar.asc">Signature</a>
+</p>
+<p>
+<pre>
+                   ==============================
+                   Release Notes for Samba 4.12.0
+                           March 03, 2019
+		   ==============================
+
+
+This is the first stable release of the Samba 4.12 release series.
+Please read the release notes carefully before upgrading.
+
+
+NEW FEATURES/CHANGES
+====================
+
+Python 3.5 Required
+-------------------
+
+Samba's minimum runtime requirement for python was raised to Python
+3.4 with samba 4.11.  Samba 4.12 raises this minimum version to Python
+3.5 both to access new features and because this is the oldest version
+we test with in our CI infrastructure.
+
+(Build time support for the file server with Python 2.6 has not
+changed)
+
+Removing in-tree cryptography: GnuTLS 3.4.7 required
+----------------------------------------------------
+
+Samba is making efforts to remove in-tree cryptographic functionality,
+and to instead rely on externally maintained libraries.  To this end,
+Samba has chosen GnuTLS as our standard cryptographic provider.
+
+Samba now requires GnuTLS 3.4.7 to be installed (including development
+headers at build time) for all configurations, not just the Samba AD
+DC.
+
+Thanks to this work Samba no longer ships an in-tree DES
+implementation and on GnuTLS 3.6.5 or later Samba will include no
+in-tree cryptography other than the MD4 hash and that
+implemented in our copy of Heimdal.
+
+Using GnuTLS for SMB3 encryption you will notice huge performance and copy
+speed improvements. Tests with the CIFS Kernel client from Linux Kernel 5.3
+show a 3x speed improvement for writing and a 2.5x speed improvement for reads!
+
+NOTE WELL: The use of GnuTLS means that Samba will honour the
+system-wide 'FIPS mode' (a reference to the US FIPS-140 cryptographic
+standard) and so will not operate in many still common situations if
+this system-wide parameter is in effect, as many of our protocols rely
+on outdated cryptography.
+
+A future Samba version will mitigate this to some extent where good
+cryptography effectively wraps bad cryptography, but for now that above
+applies.
+
+zlib library is now required to build Samba
+-------------------------------------------
+
+Samba no longer includes a local copy of zlib in our source tarball.
+By removing this we do not need to ship (even where we did not
+build) the old, broken zip encryption code found there.
+
+New Spotlight backend for Elasticsearch
+---------------------------------------
+
+Support for the macOS specific Spotlight search protocol has been enhanced
+significantly. Starting with 4.12 Samba supports using Elasticsearch as search
+backend. Various new parameters have been added to configure this:
+
+  spotlight backend = noindex | elasticsearch | tracker
+  elasticsearch:address = ADDRESS
+  elasticsearch:port = PORT
+  elasticsearch:use tls = BOOLEAN
+  elasticsearch:index = INDEXNAME
+  elasticsearch:mappings = PATH
+  elasticsearch:max results = NUMBER
+
+Samba also ships a Spotlight client command "mdfind" which can be used to search
+any SMB server that runs the Spotlight RPC service. See the manpage of mdfind
+for details.
+
+Note that when upgrading existing installations that are using the previous
+default Spotlight backend Gnome Tracker must explicitly set "spotlight backend =
+tracker" as the new default is "noindex".
+
+'net ads kerberos pac save' and 'net eventlog export'
+-----------------------------------------------------
+
+The 'net ads kerberos pac save' and 'net eventlog export' tools will
+no longer silently overwrite an existing file during data export.  If
+the filename given exits, an error will be shown.
+
+Fuzzing
+-------
+
+A large number of fuzz targets have been added to Samba, and Samba has
+been registered in Google's oss-fuzz cloud fuzzing service.  In
+particular, we now have good fuzzing coverage of our generated NDR
+parsing code.
+
+A large number of issues have been found and fixed thanks to this
+effort.
+
+'samba-tool' improvements add contacts as member to groups
+----------------------------------------------------------
+
+Previously 'samba-tool group addmemers' can just add users, groups and
+computers as members to groups. But also contacts can be members of
+groups. Samba 4.12 adds the functionality to add contacts to
+groups. Since contacts have no sAMAccountName, it's possible that
+there are more than one contact with the same name in different
+organizational units. Therefore it's necessary to have an option to
+handle group members by their DN.
+
+To get the DN of an object there is now the "--full-dn" option available
+for all necessary commands.
+
+The MS Windows UI allows to search for specific types of group members
+when searching for new members for a group. This feature is included
+here with the new samba-tool group addmembers "--object-type=OBJECTYPE"
+option. The different types are selected accordingly to the Windows
+UI. The default samba-toole behaviour shouldn't be changed.
+
+Allow filtering by OU or subtree in samba-tool
+----------------------------------------------
+
+A new "--base-dn" and "--member-base-dn" option is added to relevant
+samba-tool user, group and ou management commands to allow operation
+on just one part of the AD tree, such as a single OU.
+
+VFS
+===
+
+SMB_VFS_NTIMES
+--------------
+
+Samba now uses a sentinel value based on utimensat(2) UTIME_OMIT to denote
+to-be-ignored timestamp variables passed to the SMB_VFS_NTIMES() VFS function.
+
+VFS modules can check whether any of the time values inside a struct
+smb_file_time is to be ignored by calling is_omit_timespec() on the value.
+
+'io_uring' vfs module
+---------------------
+
+The module makes use of the new io_uring infrastructure
+(intruduced in Linux 5.1), see https://lwn.net/Articles/776703/
+
+Currently this implements SMB_VFS_{PREAD,PWRITE,FSYNC}_SEND/RECV
+and avoids the overhead of the userspace threadpool in the default
+vfs backend. See also vfs_io_uring(8).
+
+In order to build the module you need the liburing userspace library
+and its developement headers installed, see
+https://git.kernel.dk/cgit/liburing/
+
+At runtime you'll need a Linux kernel with version 5.1 or higher.
+Note that 5.4.14 and 5.4.15 have a regression that breaks the Samba
+module! The regression was fixed in Linux 5.4.16 again.
+
+MS-DFS changes in the VFS
+-------------------------
+
+This release changes set getting and setting of MS-DFS redirects
+on the filesystem to go through two new VFS functions:
+
+SMB_VFS_CREATE_DFS_PATHAT()
+SMB_VFS_READ_DFS_PATHAT()
+
+instead of smbd explicitly storing MS-DFS redirects inside
+symbolic links on the filesystem. The underlying default
+implementations of this has not changed, the redirects are
+still stored inside symbolic links on the filesystem, but
+moving the creation and reading of these links into the VFS
+as first-class functions now allows alternate methods of
+storing them (maybe in extended attributes) for OEMs who
+don't want to mis-use filesystem symbolic links in this
+way.
+
+
+CTDB changes
+============
+
+* The ctdb_mutex_fcntl_helper periodically re-checks the lock file
+
+  The re-check period is specified using a 2nd argument to this
+  helper.  The default re-check period is 5s.
+
+  If the file no longer exists or the inode number changes then the
+  helper exits.  This triggers an election.
+
+
+REMOVED FEATURES
+================
+
+The smb.conf parameter "write cache size" has been removed.
+
+Since the in-memory write caching code was written, our write path has
+changed significantly. In particular we have gained very flexible
+support for async I/O, with the new linux io_uring interface in
+development.  The old write cache concept which cached data in main
+memory followed by a blocking pwrite no longer gives any improvement
+on modern systems, and may make performance worse on memory-contrained
+systems, so this functionality should not be enabled in core smbd
+code.
+
+In addition, it complicated the write code, which is a performance
+critical code path.
+
+If required for specialist purposes, it can be recreated as a VFS
+module.
+
+Retiring DES encryption types in Kerberos.
+------------------------------------------
+With this release, support for DES encryption types has been removed from
+Samba, and setting DES_ONLY flag for an account will cause Kerberos
+authentication to fail for that account (see RFC-6649).
+
+Samba-DC: DES keys no longer saved in DB.
+-----------------------------------------
+When a new password is set for an account, Samba DC will store random keys
+in DB instead of DES keys derived from the password.  If the account is being
+migrated to Windbows or to an older version of Samba in order to use DES keys,
+the password must be reset to make it work.
+
+Heimdal-DC: removal of weak-crypto.
+-----------------------------------
+Following removal of DES encryption types from Samba, the embedded Heimdal
+build has been updated to not compile weak crypto code (HEIM_WEAK_CRYPTO).
+
+vfs_netatalk: The netatalk VFS module has been removed.
+-------------------------------------------------------
+
+The netatalk VFS module has been removed. It was unmaintained and is not needed
+any more.
+
+BIND9_FLATFILE deprecated
+-------------------------
+
+The BIND9_FLATFILE DNS backend is deprecated in this release and will
+be removed in the future.  This was only practically useful on a single
+domain controller or under expert care and supervision.
+
+This release removes the 'rndc command' smb.conf parameter, which
+supported this configuration by writing out a list of DCs permitted to
+make changes to the DNS Zone and nudging the 'named' server if a new
+DC was added to the domain.  Administrators using BIND9_FLATFILE will
+need to maintain this manually from now on.
+
+
+smb.conf changes
+================
+
+  Parameter Name                     Description                Default
+  --------------                     -----------                -------
+
+  elasticsearch:address              New                        localhost
+  elasticsearch:port                 New                        9200
+  elasticsearch:use tls              New                        No
+  elasticsearch:index                New                        _all
+  elasticsearch:mappings             New                        DATADIR/elasticsearch_mappings.json
+  elasticsearch:max results          New                        100
+  nfs4:acedup                        Changed default            merge
+  rndc command                       Removed
+  write cache size                   Removed
+  spotlight backend		     New			noindex
+
+
+CHANGES SINCE 4.12.0rc4
+=======================
+
+o  Andrew Bartlett <abartlet at samba.org>
+   * BUG 14258: dsdb: Correctly handle memory in objectclass_attrs.
+
+
+CHANGES SINCE 4.12.0rc3
+=======================
+
+o  Jeremy Allison <jra at samba.org>
+   * BUG 14269: s3: DFS: Don't allow link deletion on a read-only share.
+
+o  Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
+   * BUG 14284: pidl/wscript: configure should insist on Parse::Yapp::Driver.
+
+o  Andrew Bartlett <abartlet at samba.org>
+   * BUG 14270: ldb: Fix search with scope ONE and small result sets.
+   * BUG 14284: build: Do not check if system perl modules should be bundled.
+
+o  Volker Lendecke <vl at samba.org>
+   * BUG 14285: smbd fails to handle EINTR from open(2) properly.
+
+o  Stefan Metzmacher <metze at samba.org>
+   * BUG 14270: ldb: version 2.1.1.
+
+
+CHANGES SINCE 4.12.0rc2
+=======================
+
+o  Jeremy Allison <jra at samba.org>
+   * BUG 14282: Set getting and setting of MS-DFS redirects on the filesystem
+     to go through two new VFS functions SMB_VFS_CREATE_DFS_PATHAT() and
+     SMB_VFS_READ_DFS_PATHAT().
+
+o  Andrew Bartlett <abartlet at samba.org>
+   * BUG 14255: bootstrap: Remove un-used dependency python3-crypto.
+
+o  Volker Lendecke <vl at samba.org>
+   * BUG 14247: Fix CID 1458418 and 1458420.
+   * BUG 14281: lib: Fix a shutdown crash with "clustering = yes".
+
+o  Stefan Metzmacher <metze at samba.org>
+   * BUG 14247: Winbind member (source3) fails local SAM auth with empty domain
+     name.
+   * BUG 14265: winbindd: Handle missing idmap in getgrgid().
+   * BUG 14271: Don't use forward declaration for GnuTLS typedefs.
+   * BUG 14280: Add io_uring vfs module.
+
+o  Andreas Schneider <asn at samba.org>
+   * BUG 14250: libcli:smb: Improve check for gnutls_aead_cipher_(en|de)cryptv2.
+
+
+CHANGES SINCE 4.12.0rc1
+=======================
+
+o  Jeremy Allison <jra at samba.org>
+   * BUG 14239: s3: lib: nmblib. Clean up and harden nmb packet processing.
+
+o  Andreas Schneider <asn at samba.org>
+   * BUG 14253: lib:util: Log mkdir error on correct debug levels.
+
+
+KNOWN ISSUES
+============
+
+https://wiki.samba.org/index.php/Release_Planning_for_Samba_4.12#Release_blocking_bugs
+
+
+</pre>
+</p>
+</body>
+</html>
diff --git a/posted_news/20200303-101249.4.12.0.body.html b/posted_news/20200303-101249.4.12.0.body.html
new file mode 100644
index 0000000..80d61f6
--- /dev/null
+++ b/posted_news/20200303-101249.4.12.0.body.html
@@ -0,0 +1,12 @@
+<!-- BEGIN: posted_news/20200303-101249.4.12.0.body.html -->
+<h5><a name="4.12.0">03 March 2020</a></h5>
+<p class=headline>Samba 4.12.0 Available for Download</p>
+<p>
+This is the latest stable release of the Samba 4.12 release series.
+</p>
+<p>
+The uncompressed tarball has been signed using GnuPG (ID 6F33915B6568B7EA).
+The source code can be <a href="https://download.samba.org/pub/samba/stable/samba-4.12.0.tar.gz">downloaded now</a>.
+See <a href="https://www.samba.org/samba/history/samba-4.12.0.html">the release notes for more info</a>.
+</p>
+<!-- END: posted_news/20200303-101249.4.12.0.body.html -->
diff --git a/posted_news/20200303-101249.4.12.0.headline.html b/posted_news/20200303-101249.4.12.0.headline.html
new file mode 100644
index 0000000..2d13306
--- /dev/null
+++ b/posted_news/20200303-101249.4.12.0.headline.html
@@ -0,0 +1,3 @@
+<!-- BEGIN: posted_news/20200303-101249.4.12.0.headline.html -->
+<li> 03 March 2020 <a href="#4.12.0">Samba 4.12.0 Available for Download</a></li>
+<!-- END: posted_news/20200303-101249.4.12.0.headline.html -->


-- 
Samba Website Repository



More information about the samba-cvs mailing list