[SCM] Samba Shared Repository - branch v4-13-test updated
Karolin Seeger
kseeger at samba.org
Tue Sep 22 13:42:29 UTC 2020
The branch, v4-13-test has been updated
via cbcc754bc36 VERSION: Bump version up to 4.13.1...
via 3fe82c204f0 VERSION: Disable GIT_SNAPSHOT for the 4.13.0 release.
via 2034fefbc48 WHATSNEW: Add release notes for Samba 4.13.0.
from d8b4efed45c VERSION: Bump version up to 4.13.0rc7...
https://git.samba.org/?p=samba.git;a=shortlog;h=v4-13-test
- Log -----------------------------------------------------------------
commit cbcc754bc36503f1de5b5313fd72653b85dc0a29
Author: Karolin Seeger <kseeger at samba.org>
Date: Tue Sep 22 15:41:37 2020 +0200
VERSION: Bump version up to 4.13.1...
and re-enable GIT_SNAPSHOT.
Signed-off-by: Karolin Seeger <kseeger at samba.org>
commit 3fe82c204f0d88cb6db50b7bd1f798b591a918f8
Author: Karolin Seeger <kseeger at samba.org>
Date: Tue Sep 22 15:33:16 2020 +0200
VERSION: Disable GIT_SNAPSHOT for the 4.13.0 release.
Signed-off-by: Karolin Seeger <kseeger at samba.org>
commit 2034fefbc48444e332d4293e29b34dcceb02d587
Author: Karolin Seeger <kseeger at samba.org>
Date: Tue Sep 22 15:31:49 2020 +0200
WHATSNEW: Add release notes for Samba 4.13.0.
Signed-off-by: Karolin Seeger <kseeger at samba.org>
-----------------------------------------------------------------------
Summary of changes:
VERSION | 4 ++--
WHATSNEW.txt | 73 +++++++++++-------------------------------------------------
2 files changed, 15 insertions(+), 62 deletions(-)
Changeset truncated at 500 lines:
diff --git a/VERSION b/VERSION
index acb82668f4e..a9d8bb4e55a 100644
--- a/VERSION
+++ b/VERSION
@@ -25,7 +25,7 @@
########################################################
SAMBA_VERSION_MAJOR=4
SAMBA_VERSION_MINOR=13
-SAMBA_VERSION_RELEASE=0
+SAMBA_VERSION_RELEASE=1
########################################################
# If a official release has a serious bug #
@@ -87,7 +87,7 @@ SAMBA_VERSION_PRE_RELEASE=
# e.g. SAMBA_VERSION_RC_RELEASE=1 #
# -> "3.0.0rc1" #
########################################################
-SAMBA_VERSION_RC_RELEASE=7
+SAMBA_VERSION_RC_RELEASE=
########################################################
# To mark SVN snapshots this should be set to 'yes' #
diff --git a/WHATSNEW.txt b/WHATSNEW.txt
index b103703144f..5c538f1d63d 100644
--- a/WHATSNEW.txt
+++ b/WHATSNEW.txt
@@ -1,69 +1,21 @@
-Release Announcements
-=====================
+ ==============================
+ Release Notes for Samba 4.13.0
+ September 22, 2020
+ ==============================
-This is the sixth release condidate of Samba 4.13. This is *not*
-intended for production environments and is designed for testing
-purposes only. Please report any defects via the Samba bug reporting
-system at https://bugzilla.samba.org/.
-Samba 4.13 will be the next version of the Samba suite.
+This is the first stable release of the Samba 4.13 release series.
+Please read the release notes carefully before upgrading.
-SECURITY
-========
-o CVE-2020-1472: Unauthenticated domain takeover via netlogon ("ZeroLogon").
-
-The following applies to Samba used as domain controller only (most
-seriously the Active Directory DC, but also the classic/NT4-style DC).
-
-Installations running Samba as a file server only are not directly
-affected by this flaw, though they may need configuration changes to
-continue to talk to domain controllers (see "file servers and domain
-members" below).
-
-The netlogon protocol contains a flaw that allows an authentication
-bypass. This was reported and patched by Microsoft as CVE-2020-1472.
-Since the bug is a protocol level flaw, and Samba implements the
-protocol, Samba is also vulnerable.
-
-However, since version 4.8 (released in March 2018), the default
-behaviour of Samba has been to insist on a secure netlogon channel,
-which is a sufficient fix against the known exploits. This default is
-equivalent to having 'server schannel = yes' in the smb.conf.
-
-Therefore versions 4.8 and above are not vulnerable unless they have
-the smb.conf lines 'server schannel = no' or 'server schannel = auto'.
-
-Samba versions 4.7 and below are vulnerable unless they have 'server
-schannel = yes' in the smb.conf.
-
-Note each domain controller needs the correct settings in its smb.conf.
-
-Vendors supporting Samba 4.7 and below are advised to patch their
-installations and packages to add this line to the [global] section if
-their smb.conf file.
-
-The 'server schannel = yes' smb.conf line is equivalent to Microsoft's
-'FullSecureChannelProtection=1' registry key, the introduction of
-which we understand forms the core of Microsoft's fix.
-
-Some domains employ third-party software that will not work with a
-'server schannel = yes'. For these cases patches are available that
-allow specific machines to use insecure netlogon. For example, the
-following smb.conf:
-
- server schannel = yes
- server require schannel:triceratops$ = no
- server require schannel:greywacke$ = no
-
-will allow only "triceratops$" and "greywacke$" to avoid schannel.
-
-More details can be found here:
-https://www.samba.org/samba/security/CVE-2020-1472.html
+ZeroLogon
+=========
+Please avoid to set "server schannel = no" and "server schannel= auto" on all
+Samba domain controllers due to the wellknown ZeroLogon issue.
-UPGRADING
-=========
+For details please see
+https://www.samba.org/samba/security/CVE-2020-1472.html.
NEW FEATURES/CHANGES
@@ -126,6 +78,7 @@ SMBv1 only protocol options deprecated
A number of smb.conf parameters for less-secure authentication methods
which are only possible over SMBv1 are deprecated in this release.
+
REMOVED FEATURES
================
--
Samba Shared Repository
More information about the samba-cvs
mailing list