[SCM] Samba Website Repository - branch master updated

Karolin Seeger kseeger at samba.org
Tue Sep 22 13:52:49 UTC 2020 

The branch, master has been updated
       via  60bc596 Add Samba 4.13.0.
       via  2bf27f2 NEWS[4.13.0]: Samba 4.13.0 Available for Download
      from  a537429 Add release notes for Samba 4.10.18 and 4.11.13.

https://git.samba.org/?p=samba-web.git;a=shortlog;h=master


- Log -----------------------------------------------------------------
commit 60bc5961f91083f5520db66fe25c0796552de9ea
Author: Karolin Seeger <kseeger at samba.org>
Date:   Tue Sep 22 15:52:35 2020 +0200

    Add Samba 4.13.0.
    
    Signed-off-by: Karolin Seeger <kseeger at samba.org>

commit 2bf27f2649f2361d94b939c4fc7f21935f95a46d
Author: Karolin Seeger <kseeger at samba.org>
Date:   Tue Sep 22 15:44:44 2020 +0200

    NEWS[4.13.0]: Samba 4.13.0 Available for Download
    
    Signed-off-by: Karolin Seeger <kseeger at samba.org>

-----------------------------------------------------------------------

Summary of changes:
 history/header_history.html                      |   1 +
 history/samba-4.13.0.html                        | 224 +++++++++++++++++++++++
 posted_news/20200922-135123.4.13.0.body.html     |  12 ++
 posted_news/20200922-135123.4.13.0.headline.html |   3 +
 4 files changed, 240 insertions(+)
 create mode 100644 history/samba-4.13.0.html
 create mode 100644 posted_news/20200922-135123.4.13.0.body.html
 create mode 100644 posted_news/20200922-135123.4.13.0.headline.html


Changeset truncated at 500 lines:

diff --git a/history/header_history.html b/history/header_history.html
index ace0b76..8a2ebaa 100755
--- a/history/header_history.html
+++ b/history/header_history.html
@@ -9,6 +9,7 @@
 		<li><a href="/samba/history/">Release Notes</a>
 		<li class="navSub">
 			<ul>
+			<li><a href="samba-4.13.0.html">samba-4.13.0</a></li>
 			<li><a href="samba-4.12.7.html">samba-4.12.7</a></li>
 			<li><a href="samba-4.12.6.html">samba-4.12.6</a></li>
 			<li><a href="samba-4.12.5.html">samba-4.12.5</a></li>
diff --git a/history/samba-4.13.0.html b/history/samba-4.13.0.html
new file mode 100644
index 0000000..69bc78c
--- /dev/null
+++ b/history/samba-4.13.0.html
@@ -0,0 +1,224 @@
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
+ "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml">
+<head>
+<title>Samba 4.13.0 - Release Notes</title>
+</head>
+<body>
+<H2>Samba 4.13.0 Available for Download</H2>
+<p>
+<a href="https://download.samba.org/pub/samba/stable/samba-4.13.0.tar.gz">Samba 4.13.0 (gzipped)</a><br>
+<a href="https://download.samba.org/pub/samba/stable/samba-4.13.0.tar.asc">Signature</a>
+</p>
+<p>
+<pre>
+                   ==============================
+                   Release Notes for Samba 4.13.0
+                          September 22, 2020
+                   ==============================
+
+
+This is the first stable release of the Samba 4.13 release series.
+Please read the release notes carefully before upgrading.
+
+
+ZeroLogon
+=========
+
+Please avoid to set "server schannel = no" and "server schannel= auto" on all
+Samba domain controllers due to the wellknown ZeroLogon issue.
+
+For details please see
+https://www.samba.org/samba/security/CVE-2020-1472.html.
+
+
+NEW FEATURES/CHANGES
+====================
+
+Python 3.6 or later required
+----------------------------
+
+Samba's minimum runtime requirement for python was raised to Python
+3.5 with samba 4.12.  Samba 4.13 raises this minimum version to Python
+3.6 both to access new features and because this is the oldest version
+we test with in our CI infrastructure.
+
+This is also the last release where it will be possible to build Samba
+(just the file server) with Python versions 2.6 and 2.7.
+
+As Python 2.7 has been End Of Life upstream since April 2020, Samba
+is dropping ALL Python 2.x support in the NEXT release.
+
+Samba 4.14 to be released in March 2021 will require Python 3.6 or
+later to build.
+
+wide links functionality
+------------------------
+
+For this release, the code implementing the insecure "wide links = yes"
+functionality has been moved out of the core smbd code and into a separate
+VFS module, vfs_widelinks. Currently this vfs module is implicitly loaded
+by smbd as the last but one module before vfs_default if "wide links = yes"
+is enabled on the share (note, the existing restrictions on enabling wide
+links around the SMB1 "unix extensions" and the "allow insecure wide links"
+parameters are still in force). The implicit loading was done to allow
+existing users of "wide links = yes" to keep this functionality without
+having to make a change to existing working smb.conf files.
+
+Please note that the Samba developers recommend changing any Samba
+installations that currently use "wide links = yes" to use bind mounts
+as soon as possible, as "wide links = yes" is an inherently insecure
+configuration which we would like to remove from Samba. Moving the
+feature into a VFS module allows this to be done in a cleaner way
+in future.
+
+A future release to be determined will remove this implicit linkage,
+causing administrators who need this functionality to have to explicitly
+add the vfs_widelinks module into the "vfs objects =" parameter lists.
+The release notes will be updated to note this change when it occurs.
+
+NT4-like 'classic' Samba domain controllers
+-------------------------------------------
+
+Samba 4.13 deprecates Samba's original domain controller mode.
+
+Sites using Samba as a Domain Controller should upgrade from the
+NT4-like 'classic' Domain Controller to a Samba Active Directory DC
+to ensure full operation with modern windows clients.
+
+SMBv1 only protocol options deprecated
+--------------------------------------
+
+A number of smb.conf parameters for less-secure authentication methods
+which are only possible over SMBv1 are deprecated in this release.
+
+
+REMOVED FEATURES
+================
+
+The deprecated "ldap ssl ads" smb.conf option has been removed.
+
+The deprecated "server schannel" smb.conf option will very likely
+removed in the final 4.13.0 release.
+
+
+smb.conf changes
+================
+
+  Parameter Name                      Description                Default
+  --------------                      -----------                -------
+  ldap ssl ads                        Removed
+  smb2 disable lock sequence checking Added                      No
+  smb2 disable oplock break retry     Added                      No
+  domain logons                       Deprecated                 no
+  raw NTLMv2 auth                     Deprecated                 no
+  client plaintext auth               Deprecated                 no
+  client NTLMv2 auth                  Deprecated                 yes
+  client lanman auth                  Deprecated                 no
+  client use spnego                   Deprecated                 yes
+  server schannel                     To be removed in 4.13.0
+  server require schannel:COMPUTER    Added
+
+
+CHANGES SINCE 4.13.0rc5
+=======================
+
+o  Jeremy Allison <jra at samba.org>
+   * BUG 14497: CVE-2020-1472(ZeroLogon): s3:rpc_server/netlogon: Protect
+     netr_ServerPasswordSet2 against unencrypted passwords.
+
+o  Günther Deschner <gd at samba.org>
+   * BUG 14497: CVE-2020-1472(ZeroLogon): s3:rpc_server/netlogon: Support
+     "server require schannel:WORKSTATION$ = no" about unsecure configurations.
+
+o  Gary Lockyer <gary at catalyst.net.nz>
+   * BUG 14497: CVE-2020-1472(ZeroLogon): s4 torture rpc: repeated bytes in
+     client challenge.
+
+o  Stefan Metzmacher <metze at samba.org>
+   * BUG 14497: CVE-2020-1472(ZeroLogon): libcli/auth: Reject weak client
+     challenges in netlogon_creds_server_init()
+     "server require schannel:WORKSTATION$ = no".
+
+
+CHANGES SINCE 4.13.0rc4
+=======================
+
+o  Andreas Schneider <asn at samba.org>
+   * BUG 14399: waf: Only use gnutls_aead_cipher_encryptv2() for GnuTLS >
+     3.6.14.
+   * BUG 14467: s3:smbd: Fix %U substitutions if it contains a domain name.
+   * BUG 14479: The created krb5.conf for 'net ads join' doesn't have a domain
+     entry.
+
+o  Stefan Metzmacher <metze at samba.org>
+   * BUG 14482: Fix build problem if libbsd-dev is not installed.
+
+
+CHANGES SINCE 4.13.0rc3
+=======================
+
+o  David Disseldorp <ddiss at samba.org>
+   * BUG 14437: build: Toggle vfs_snapper using "--with-shared-modules".
+
+o  Volker Lendecke <vl at samba.org>
+   * BUG 14465: idmap_ad does not deal properly with a RFC4511 section 4.4.1
+     response.
+
+o  Stefan Metzmacher <metze at samba.org>
+   * BUG 14428: PANIC: Assert failed in get_lease_type().
+   * BUG 14465: idmap_ad does not deal properly with a RFC4511 section 4.4.1
+     response.
+
+
+CHANGES SINCE 4.13.0rc2
+=======================
+
+o  Andrew Bartlett <abartlet at samba.org>
+   * BUG 14460: Deprecate domain logons, SMBv1 things.
+
+o  Günther Deschner <gd at samba.org>
+   * BUG 14318: docs: Add missing winexe manpage.
+
+o  Christof Schmitt <cs at samba.org>
+   * BUG 14166: util: Allow symlinks in directory_create_or_exist.
+
+o  Martin Schwenke <martin at meltin.net>
+   * BUG 14466: ctdb disable/enable can fail due to race condition.
+
+
+CHANGES SINCE 4.13.0rc1
+=======================
+
+o  Andrew Bartlett <abartlet at samba.org>
+   * BUG 14450: dbcheck: Allow a dangling forward link outside our known NCs.
+
+o  Isaac Boukris <iboukris at gmail.com>
+   * BUG 14462: Remove deprecated "ldap ssl ads" smb.conf option.
+
+o  Volker Lendecke <vl at samba.org>
+   * BUG 14435: winbind: Fix lookuprids cache problem.
+
+o  Stefan Metzmacher <metze at samba.org>
+   * BUG 14354: kdc:db-glue: Ignore KRB5_PROG_ETYPE_NOSUPP also for
+     Primary:Kerberos.
+
+o  Andreas Schneider <asn at samba.org>
+   * BUG 14358: docs: Fix documentation for require_membership_of of
+     pam_winbind.conf.
+
+o  Martin Schwenke <martin at meltin.net>
+   * BUG 14444: ctdb-scripts: Use nfsconf as a last resort get nfsd thread
+     count.
+
+
+KNOWN ISSUES
+============
+
+https://wiki.samba.org/index.php/Release_Planning_for_Samba_4.13#Release_blocking_bugs
+
+
+</pre>
+</p>
+</body>
+</html>
diff --git a/posted_news/20200922-135123.4.13.0.body.html b/posted_news/20200922-135123.4.13.0.body.html
new file mode 100644
index 0000000..fff1ed1
--- /dev/null
+++ b/posted_news/20200922-135123.4.13.0.body.html
@@ -0,0 +1,12 @@
+<!-- BEGIN: posted_news/20200922-135123.4.13.0.body.html -->
+<h5><a name="4.13.0">22 September 2020</a></h5>
+<p class=headline>Samba 4.13.0 Available for Download</p>
+<p>
+This is the latest stable release of the Samba 4.13 release series.
+</p>
+<p>
+The uncompressed tarball has been signed using GnuPG (ID 6F33915B6568B7EA).
+The source code can be <a href="https://download.samba.org/pub/samba/stable/samba-4.13.0.tar.gz">downloaded now</a>.
+See <a href="https://www.samba.org/samba/history/samba-4.13.0.html">the release notes for more info</a>.
+</p>
+<!-- END: posted_news/20200922-135123.4.13.0.body.html -->
diff --git a/posted_news/20200922-135123.4.13.0.headline.html b/posted_news/20200922-135123.4.13.0.headline.html
new file mode 100644
index 0000000..417e416
--- /dev/null
+++ b/posted_news/20200922-135123.4.13.0.headline.html
@@ -0,0 +1,3 @@
+<!-- BEGIN: posted_news/20200922-135123.4.13.0.headline.html -->
+<li> 22 September 2020 <a href="#4.13.0">Samba 4.13.0 Available for Download</a></li>
+<!-- END: posted_news/20200922-135123.4.13.0.headline.html -->


-- 
Samba Website Repository

More information about the samba-cvs mailing list