Samba 4.9.0 file name changes
L.P.H. van Belle
belle at bazuin.nl
Fri Sep 14 12:01:22 UTC 2018
Question.
I noticed a lot of filename changes while creating the debian packages.
Things like :
usr/bin/eventlogadm change to usr/sbin/eventlogadm
usr/sbin/samba_gpoupdate change to usr/sbin/samba-gpupdate
Or usr/lib/*/ctdb/ctdb_event changed to usr/lib/*/ctdb/ctdb-event
usr/lib/*/ctdb/ctdb_eventd changed to usr/lib/*/ctdb/ctdb-eventd
And usr/share/man/man5/ctdbd.conf.5 usr/share/man/man5/ctdb.conf.5
For example.
Are these "name" changes intended?
Just to be sure here.
Greetz,
Louis
> -----Oorspronkelijk bericht-----
> Van: samba-technical
> [mailto:samba-technical-bounces at lists.samba.org] Namens
> Karolin Seeger via samba-technical
> Verzonden: donderdag 13 september 2018 12:19
> Aan: samba-announce at lists.samba.org; samba at lists.samba.org;
> samba-technical at lists.samba.org
> Onderwerp: [Announce] Samba 4.9.0 Available for Download
>
> ========================================================
> "Former police chief of Houston once
> said of me: ?Frank Abagnale could write
> a check on toilet paper, drawn on the
> Confederate States Treasury, sign it
> ?U.R. Hooked? and cash it at any bank
> in town, using a Hong Kong driver?s
> license for identification.?
>
> Frank W. Abagnale, Catch Me If You Can:
> The True Story of a Real Fake
> ========================================================
>
>
> Release Announcements
> ---------------------
>
> =============================
>
> Release Notes for Samba 4.9.0
>
> September 13, 2018
> =============================
>
>
> This is the first stable release of the Samba 4.9 release series.
> Please read the release notes carefully before upgrading.
>
>
> NEW FEATURES/CHANGES
> ====================
>
> 'net ads setspn'
> ----------------
>
> There is a new 'net ads setspn' sub command for managing
> Windows SPN(s)
> on the AD. This command aims to give the basic functionality that is
> provided on windows by 'setspn.exe' e.g. ability to add,
> delete and list
> Windows SPN(s) stored in a Windows AD Computer object.
>
> The format of the command is:
>
> net ads setspn list [machine]
> net ads setspn [add | delete ] SPN [machine]
>
> 'machine' is the name of the computer account on the AD that
> is to be managed.
> If 'machine' is not specified the name of the 'client'
> running the command
> is used instead.
>
> The format of a Windows SPN is
> 'serviceclass/host:port/servicename' (servicename and port
> are optional)
>
> serviceclass/host is generally sufficient to specify a host
> based service.
>
> 'net ads keytab' changes
> ------------------------
>
> net ads keytab add no longer attempts to convert the passed
> serviceclass
> (e.g. nfs, html etc.) into a Windows SPN which is added to
> the Windows AD
> computer object. By default just the keytab file is modified.
>
> A new keytab subcommand 'add_update_ads' has been added to
> preserve the
> legacy behaviour. However the new 'net ads setspn add'
> subcommand should
> really be used instead.
>
> net ads keytab create no longer tries to generate SPN(s) from existing
> entries in a keytab file. If it is required to add Windows SPN(s) then
> 'net ads setspn add' should be used instead.
>
> Local authorization plugin for MIT Kerberos
> -------------------------------------------
>
> This plugin controls the relationship between Kerberos
> principals and AD
> accounts through winbind. The module receives the Kerberos
> principal and the
> local account name as inputs and can then check if they
> match. This can resolve
> issues with canonicalized names returned by Kerberos within
> AD. If the user
> tries to log in as 'alice', but the samAccountName is set to
> ALICE (uppercase),
> Kerberos would return ALICE as the username. Kerberos would
> not be able to map
> 'alice' to 'ALICE' in this case and auth would fail. With
> this plugin, account
> names can be correctly mapped. This only applies to GSSAPI
> authentication,
> not for getting the initial ticket granting ticket.
>
> VFS audit modules
> -----------------
>
> The vfs_full_audit module has changed its default set of
> monitored successful
> and failed operations from "all" to "none". That helps to
> prevent potential
> denial of service caused by simple addition of the module to
> the VFS objects.
>
> Also, modules vfs_audit, vfs_ext_audit and vfs_full_audit now
> accept any valid
> syslog(3) facility, in accordance with the manual page.
>
> Database audit support
> ----------------------
>
> Changes to the Samba AD's sam.ldb database are now logged to
> Samba's debug log
> under the "dsdb_audit" debug class and "dsdb_json_audit" for
> JSON formatted log
> entries.
>
> Transaction commits and roll backs are now logged to Samba's
> debug logs under
> the "dsdb_transaction_audit" debug class and
> "dsdb_transaction_json_audit" for
> JSON formatted log entries.
>
> Password change audit support
> -----------------------------
>
> Password changes in the AD DC are now logged to Samba's debug
> logs under the
> "dsdb_password_audit" debug class and
> "dsdb_password_json_audit" for JSON
> formatted log entries.
>
> Group membership change audit support
> -------------------------------------
>
> Group membership changes on the AD DC are now logged to
> Samba's debug log under the "dsdb_group_audit" debug class and
> "dsdb_group_json_audit" for JSON formatted log entries.
>
> Log Authentication duration
> ---------------------------
>
> For NTLM and Kerberos KDC authentication, the authentication
> duration is now
> logged. Note that the duration is only included in the JSON
> formatted log
> entries.
>
> JSON library Jansson required for the AD DC
> -------------------------------------------
>
> By default, the Jansson JSON library is required for Samba to build.
> It is strictly required for the Samba AD DC, and is optional for
> builds "--without-ad-dc" by specifying "--without-json-audit"
> at configure
> time.
>
> New experimental LMDB LDB backend
> ---------------------------------
>
> A new experimental LDB backend using LMDB is now available.
> This allows
> databases larger than 4Gb (Currently the limit is set to 6Gb,
> but this will be
> increased in a future release). To enable lmdb, provision or
> join a domain using
> the "--backend-store=mdb" option.
>
> This requires that a version of lmdb greater than 0.9.16 is
> installed and that
> samba has not been built with the "--without-ldb-lmdb" option.
>
> Please note this is an experimental feature and is not recommended for
> production deployments.
>
> Password Settings Objects
> -------------------------
>
> Support has been added for Password Settings Objects (PSOs).
> This AD feature is
> also known as Fine-Grained Password Policies (FGPP).
>
> PSOs allow AD administrators to override the domain password
> policy settings
> for specific users, or groups of users. For example, PSOs can
> force certain
> users to have longer password lengths, or relax the
> complexity constraints for
> other users, and so on. PSOs can be applied to groups or to
> individual users.
> When multiple PSOs apply to the same user, essentially the
> PSO with the best
> precedence takes effect.
>
> PSOs can be configured and applied to users/groups using the
> 'samba-tool domain
> passwordsettings pso' set of commands.
>
> Domain backup and restore
> -------------------------
>
> A new 'samba-tool' subcommand has been added that allows
> administrators to
> create a backup-file of their domain DB. In the event of a
> catastrophic failure
> of the domain, this backup-file can be used to restore Samba services.
>
> The new 'samba-tool domain backup online' command takes a
> snapshot of the
> domain DB from a given DC. In the event of a catastrophic DB
> failure, all DCs
> in the domain should be taken offline, and the backup-file
> can then be used to
> recreate a fresh new DC, using the 'samba-tool domain backup
> restore' command.
> Once the backed-up domain DB has been restored on the new DC,
> other DCs can
> then subsequently be joined to the new DC, in order to
> repopulate the Samba
> network.
>
> Domain rename tool
> ------------------
>
> Basic support has been added for renaming a Samba domain. The
> rename feature is
> designed for the following cases:
> 1). Running a temporary alternate domain, in the event of a
> catastrophic
> failure of the regular domain. Using a completely different
> domain name and
> realm means that the original domain and the renamed domain
> can both run at the
> same time, without interfering with each other. This is an
> advantage over
> creating a regular 'online' backup - it means the
> renamed/alternate domain can
> provide core Samba network services, while trouble-shooting
> the fault on the
> original domain can be done in parallel.
> 2). Creating a realistic lab domain or pre-production domain
> for testing.
>
> Note that the renamed tool is currently not intended to
> support a long-term
> rename of the production domain. Currently renaming the GPOs
> is not supported
> and would need to be done manually.
>
> The domain rename is done in two steps: first, the
> 'samba-tool domain backup
> rename' command will clone the domain DB, renaming it in the
> process, and
> producing a backup-file. Then, the 'samba-tool domain backup
> restore' command
> takes the backup-file and restores the renamed DB to disk on
> a fresh DC.
>
> New samba-tool options for diagnosing DRS replication issues
> ------------------------------------------------------------
>
> The 'samba-tool drs showrepl' command has two new options controlling
> the output. With --summary, the command says very little when DRS
> replication is working well. With --json, JSON is produced. These
> options are intended for human and machine audiences, respectively.
>
> The 'samba-tool visualize uptodateness' visualizes replication lag as
> a heat-map matrix based on the DRS uptodateness vectors. This will
> show you if (but not why) changes are failing to replicate to
> some DCs.
>
> Automatic site coverage and GetDCName improvements
> --------------------------------------------------
>
> Samba's AD DC now automatically claims otherwise empty sites based on
> which DC is the nearest in the replication topology.
>
> This, combined with efforts to correctly identify the client side in
> the GetDCName Netlogon call will improve service to sites without a
> local DC.
>
> Improved 'samba-tool computer' command
> --------------------------------------
>
> The 'samba-tool computer' command allow manipulation of computer
> accounts including creating a new computer and resetting the password.
> This allows an 'offline join' of a member server or workstation to the
> Samba AD domain.
>
> New 'samba-tool ou' command
> ---------------------------
>
> The new 'samba-tool ou' command allows to manage organizational units.
>
> Available subcommands are:
> create - Create an organizational unit.
> delete - Delete an organizational unit.
> list - List all organizational units
> listobjects - List all objects in an organizational unit.
> move - Move an organizational unit.
> rename - Rename an organizational unit.
>
> In addition to the ou commands, there are new subcommands for the user
> and group management, which can make use of the organizational units:
> group move - Move a group to an organizational unit/container.
> user move - Move a user to an organizational unit/container.
> user show - Display a user AD object.
>
> Samba performance tool now operates against Microsoft Windows AD
> ----------------------------------------------------------------
>
> The Samba AD performance testing tool 'traffic_reply' can now operate
> against a Windows based AD domain. Previously it only operated
> correctly against Samba.
>
> DNS entries are now cleaned up during DC demote
> -----------------------------------------------
>
> DNS records are now cleaned up as part of the 'samba-tool domain
> demote' including both the default and '--remove-other-dead-server'
> modes.
>
> Additionally, DNS records can be automatically cleaned up for a given
> name with the 'samba-tool dns cleanup' command, which aids in cleaning
> up partially removed DCs.
>
> samba-tool ntacl sysvolreset is now much faster
> -----------------------------------------------
>
> The 'samba-tool ntacl sysvolreset' command, used on the Samba AD DC,
> is now much faster than in previous versions, after an internal
> rework.
>
> Samba now tested with CI GitLab
> -------------------------------
>
> Samba developers now have pre-commit testing available in GitLab,
> giving reviewers confidence that the submitted patches pass a full CI
> before being submitted to the Samba Team's own autobuild system.
>
> Dynamic DNS record scavenging support
> -------------------------------------
>
> It is now possible to enable scavenging of DNS Zones to remove DNS
> records that were dynamically created and have not been touched in
> some time.
>
> This support should however only be enabled on new zones or new
> installations. Sadly old Samba versions suffer from BUG 12451 and
> mark dynamic DNS records as static and static records as dynamic.
> While a dbcheck rule may be able to find these in the future,
> currently a reliable test has not been devised.
>
> Finally, there is not currently a command-line tool to enable this
> feature, currently it should be enabled from the DNS Manager tool from
> Windows. Also the feature needs to have been enabled by
> setting the smb.conf
> parameter "dns zone scavenging = yes".
>
> Improved support for trusted domains (as AD DC)
> -----------------------------------------------
>
> The support for trusted domains/forests has been further improved.
>
> External domain trusts, as well a transitive forest trusts,
> are supported in both directions (inbound and outbound)
> for Kerberos and NTLM authentication.
>
> The following features are new in 4.9 (compared to 4.8):
>
> - It's now possible to add users/groups of a trusted domain
> into domain groups. The group memberships are expanded
> on trust boundaries.
> - foreignSecurityPrincipal objects (FPO) are now automatically
> created when members (as SID) of a trusted domain/forest
> are added to a group.
> - The 'samba-tool group *members' commands allow
> members to be specified as foreign SIDs.
>
> However there are currently still a few limitations:
>
> - Both sides of the trust need to fully trust each other!
> - No SID filtering rules are applied at all!
> - This means DCs of domain A can grant domain admin rights
> in domain B.
> - Selective (CROSS_ORGANIZATION) authentication is
> not supported. It's possible to create such a trust,
> but the KDC and winbindd ignore them.
> - Samba can still only operate in a forest with just
> one single domain.
>
> CTDB changes
> ------------
>
> There are many changes to CTDB in this release.
>
> * Configuration has been completely overhauled
>
> - Daemon and tool options are now specified in a new ctdb.conf
> Samba-style configuration file. See ctdb.conf(5) for details.
>
> - Event script configuration is no longer specified in the top-level
> configuration file. It can now be specified per event script.
> For example, configuration options for the 50.samba event script
> can be placed alongside the event script in a file called
> 50.samba.options. Script options can also be specified in a new
> script.options file. See ctdb-script.options(5) for details.
>
> - Options that affect CTDB startup should be configured in the
> distribution-specific configuration file. See ctdb.sysconfig(5)
> for details.
>
> - Tunable settings are now loaded from ctdb.tunables. Using
> CTDB_SET_TunableVariable=<value> in the main configuration file is
> no longer supported. See ctdb-tunables(7) for details.
>
> A example script to migrate an old-style configuration to the new
> style is available in ctdb/doc/examples/config_migrate.sh.
>
> * The following configuration variables and corresponding ctdbd
> command-line options have been removed and not replaced with
> counterparts in the new configuration scheme:
>
> CTDB_PIDFILE --pidfile
> CTDB_SOCKET --socket
> CTDB_NODES --nlist
> CTDB_PUBLIC_ADDRESSES --public-addresses
> CTDB_EVENT_SCRIPT_DIR --event-script-dir
> CTDB_NOTIFY_SCRIPT --notification-script
> CTDB_PUBLIC_INTERFACE --public-interface
> CTDB_MAX_PERSISTENT_CHECK_ERRORS --max-persistent-check-errors
>
> - The compile-time defaults should be used for the first 6 of these.
> - Use a symbolic link from the configuration directory to specify a
> different location for nodes or public_addresses (e.g. in the
> cluster filesystem).
> - Executable notification scripts in the notify.d/ subdirectory of
> the configuration directory are now run by unconditionally.
> - Interfaces for public IP addresses must always be specified in the
> public_addresses file using the currently supported format.
>
> Some related items that have been removed are:
>
> - The ctdb command's --socket command-line option
> - The ctdb command's CTDB_NODES environment variable
>
> When writing tests there are still mechanisms available to change
> the locations of certain directories and files.
>
> * The following ctdbd.conf and ctdbd options have been replaced by new
> ctdb.conf options:
>
> CTDB_LOGGING/--logging logging -> location
> CTDB_DEBUGLEVEL/-d logging -> log level
> CTDB_TRANSPORT/--transport cluster -> transport
> CTDB_NODE_ADDRESS/--listen cluster ->
> node address
> CTDB_RECOVERY_LOCK/--reclock cluster ->
> recovery lock
> CTDB_DBDIR/--dbdir database ->
> volatile database directory
> CTDB_DBDIR_PERSISTENT/--dbdir-persistent database ->
> peristent database directory
> CTDB_DBDIR_STATE/--dbdir-state database ->
> state database directory
> CTDB_DEBUG_LOCKS database ->
> lock debug script
> CTDB_DEBUG_HUNG_SCRIPT event ->
> debug script
> CTDB_NOSETSCHED/--nosetsched legacy ->
> realtime scheduling
> CTDB_CAPABILITY_RECMASTER/--no-recmaster legacy ->
> recmaster capability
> CTDB_CAPABILITY_LMASTER/--no-lmaster legacy ->
> lmaster capability
> CTDB_START_AS_STOPPED/--start-as-stopped legacy ->
> start as stopped
> CTDB_START_AS_DISABLED/--start-as-disabled legacy ->
> start as disabled
> CTDB_SCRIPT_LOG_LEVEL/--script-log-level legacy ->
> script log level
>
> * Event scripts have moved to the scripts/legacy subdirectory of the
> configuration directory
>
> Event scripts must now end with a ".script" suffix.
>
> * The "ctdb event" command has changed in 2 ways:
>
> - A component is now required for all commands
>
> In this release the only valid component is "legacy".
>
> - There is no longer a default event when running "ctdb
> event status"
>
> Listing the status of the "monitor" event is now done via:
>
> ctdb event status legacy monitor
>
> See ctdb(1) for details.
>
> * The following service-related event script options have been
> removed:
>
> CTDB_MANAGES_SAMBA
> CTDB_MANAGES_WINBIND
>
> CTDB_MANAGES_CLAMD
> CTDB_MANAGES_HTTPD
> CTDB_MANAGES_ISCSI
> CTDB_MANAGES_NFS
> CTDB_MANAGES_VSFTPD
>
> CTDB_MANAGED_SERVICES
>
> Event scripts for services are now disabled by default. To enable
> an event script and, therefore, manage a service use a command like
> the following:
>
> ctdb event script enable legacy 50.samba
>
> * Notification scripts have moved to the scripts/notification
> subdirectory of the configuration directory
>
> Notification scripts must now end with a ".script" suffix.
>
> * Support for setting CTDB_DBDIR=tmpfs has been removed
>
> This feature has not been implemented in the new configuration
> system. If this is desired then a tmpfs filesystem should be
> manually mounted on the directory pointed to by the "volatile
> database directory" option. See ctdb.conf(5) for more details.
>
> * The following tunable options are now ctdb.conf options:
>
> DisabledIPFailover failover -> disabled
> TDBMutexEnabled database -> tdb mutexes
>
> * Support for the NoIPHostOnAllDisabled tunable has been removed
>
> If all nodes are unhealthy or disabled then CTDB will not host
> public IP addresses. That is, CTDB now behaves as if
> NoIPHostOnAllDisabled were set to 1.
>
> * The onnode command's CTDB_NODES_FILE environment variable has been
> removed
>
> The -f option can still be used to specify an alternate node file.
>
> * The 10.external event script has been removed
>
> * The CTDB_SHUTDOWN_TIMEOUT configuration variable has been removed
>
> As with other daemons, if ctdbd does not shut down when requested
> then manual intervention is required. There is no safe way of
> automatically killing ctdbd after a failed shutdown.
>
> * CTDB_SUPPRESS_COREFILE and CTDB_MAX_OPEN_FILES configuration
> variable have been removed
>
> These should be setup in the systemd unit/system file or, for SYSV
> init, in the distribution-specific configuration file for the ctdb
> service.
>
> * CTDB_PARTIALLY_ONLINE_INTERFACES incompatibility no longer enforced
>
> 11.natgw and 91.lvs will no longer fail if
> CTDB_PARTIALLY_ONLINE_INTERFACES=yes. The incompatibility is,
> however, well documented. This option will be removed in future and
> replaced by sensible behaviour where public IP addresses simply
> switch interfaces or become unavailable when interfaces are down.
>
> * Configuration file /etc/ctdb/sysconfig/ctdb is no longer supported
>
> GPO Improvements
> ----------------
>
> The 'samba_gpoupdate' command (used in applying Group Policies to the
> Samba machine itself) has been renamed to "samba_gpupdate" and had the
> syntax changed to better match the same tool on Windows.
>
>
> REMOVED FEATURES
> ================
>
> %
>
> smb.conf changes
> ================
>
> As the most popular Samba install platforms (Linux and FreeBSD) both
> support extended attributes by default, the parameters "map readonly",
> "store dos attributes" and "ea support" have had their
> defaults changed
> to allow better Windows fileserver compatibility in a default install.
>
> Parameter Name Description Default
> -------------- ----------- -------
> map readonly Default changed no
> store dos attributes Default changed yes
> ea support Default changed yes
> full_audit:success Default changed none
> full_audit:failure Default changed none
>
> VFS interface changes
> =====================
>
> The VFS ABI interface version has changed to 39. Function changes
> are:
>
> SMB_VFS_FSYNC: Removed: Only async versions are used.
> SMB_VFS_READ: Removed: Only PREAD or async versions are used.
> SMB_VFS_WRITE: Removed: Only PWRITE or async versions are used.
> SMB_VFS_CHMOD_ACL: Removed: Only CHMOD is used.
> SMB_VFS_FCHMOD_ACL: Removed: Only FCHMOD is used.
>
> Any external VFS modules will need to be updated to match these
> changes in order to work with 4.9.x.
>
> CHANGES SINCE 4.9.0rc5
> ======================
>
> o Björn Baumbach <bb at sernet.de>
> * BUG 13605: samba_dnsupdate: Honor 'dns zone scavenging'
> option, only
> update if needed.
>
> o Andreas Schneider <asn at samba.org>
> * BUG 13606: wafsamba: Fix 'make -j<jobs>'.
> o
> CHANGES SINCE 4.9.0rc4
> ======================
>
> o Jeremy Allison <jra at samba.org>
> * BUG 13565: s3: VFS: vfs_full_audit: Ensure
> smb_fname_str_do_log() only
> returns absolute pathnames.
>
> o Paulo Alcantara <paulo at paulo.ac>
> * BUG 13578: s3: util: Do not take over stderr when there
> is no log file.
>
> o Ralph Boehme <slow at samba.org>
> * BUG 13549: Durable Reconnect fails because
> cookie.allow_reconnect is not
> set.
>
> o Alexander Bokovoy <ab at samba.org>
> * BUG 13539: krb5-samba: Interdomain trust uses different
> salt principal.
>
> o Volker Lendecke <vl at samba.org>
> * BUG 13441: vfs_fruit: Don't unlink the main file.
> * BUG 13602: smbd: Fix a memleak in async search ask sharemode.
>
> o Stefan Metzmacher <metze at samba.org>
> * BUG 11517: Fix Samba GPO issue when Trust is enabled.
> * BUG 13539: samba-tool: Add "virtualKerberosSalt" attribute to
> 'user getpassword/syncpasswords'.
>
> o Martin Schwenke <martin at meltin.net>
> * BUG 13589: Fix CTDB configuration issues.
> * BUG 13592: ctdbd logs an error until it can successfully
> connect to
> eventd.
>
>
> CHANGES SINCE 4.9.0rc3
> ======================
>
> o Jeremy Allison <jra at samba.org>
> * BUG 13585: s3: smbd: Ensure get_real_filename() copes with empty
> pathnames.
>
> o Tim Beale <timbeale at catalyst.net.nz>
> * BUG 13566: samba domain backup online/rename commands
> force user to specify
> password on CLI.
>
> o Alexander Bokovoy <ab at samba.org>
> * BUG 13579: wafsamba/samba_abi: Always hide ABI symbols
> which must be
> local.
>
> o Volker Lendecke <vl at samba.org>
> * BUG 13584: Fix a panic if fruit_access_check detects a
> locking conflict.
>
> o Andreas Schneider <asn at samba.org>
> * BUG 13567: Fix memory and resource leaks.
> * BUG 13580: python: Fix print in dns_invalid.py.
>
> o Martin Schwenke <martin at meltin.net>
> * BUG 13588: Aliasing issue causes incorrect IPv6 checksum.
> * BUG 13589: Fix CTDB configuration issues.
>
> o Ralph Wuerthner <ralph.wuerthner at de.ibm.com>
> * BUG 13568: s3: vfs: time_audit: fix handling of token_blob in
> smb_time_audit_offload_read_recv().
>
>
> CHANGES SINCE 4.9.0rc2
> ======================
>
> o Jeremy Allison <jra at samba.org>
> * BUG 13453: CVE-2018-10858: libsmb: Harden
> smbc_readdir_internal() against
> returns from malicious servers.
>
> o Andrew Bartlett <abartlet at samba.org>
> * BUG 13374: CVE-2018-1140: ldbsearch
> '(distinguishedName=abc)' and DNS query
> with escapes crashes, ldb: Release LDB 1.3.5 for CVE-2018-1140
> * BUG 13552: CVE-2018-10918: cracknames: Fix DoS (NULL
> pointer de-ref) when
> not servicePrincipalName is set on a user.
>
> o Tim Beale <timbeale at catalyst.net.nz>
> * BUG 13434: CVE-2018-10919: acl_read: Fix unauthorized
> attribute access via
> searches.
>
> o Samuel Cabrero <scabrero at suse.de>
> * BUG 13540: ctdb_mutex_ceph_rados_helper: Set SIGINT
> signal handler.
>
> o Günther Deschner <gd at samba.org>
> * BUG 13360: CVE-2018-1139 libcli/auth: Do not allow
> ntlmv1 over SMB1 when it
> is disabled via "ntlm auth".
> * BUG 13529: s3-tldap: do not install test_tldap.
>
> o David Disseldorp <ddiss at samba.org>
> * BUG 13540: ctdb_mutex_ceph_rados_helper: Fix deadlock
> via lock renewals.
>
> o Andrej Gessel <Andrej.Gessel at janztec.com>
> * BUG 13374: CVE-2018-1140 Add NULL check for
> ldb_dn_get_casefold() in
> ltdb_index_dn_attr().
>
> o Amitay Isaacs <amitay at gmail.com>
> * BUG 13554: ctdb-eventd: Fix CID 1438155.
>
> o Volker Lendecke <vl at samba.org>
> * BUG 13553: Fix CIDs 1438243, (Unchecked return value) 1438244
> (Unsigned compared against 0), 1438245 (Dereference
> before null check) and
> 1438246 (Unchecked return value).
> * BUG 13554: ctdb: Fix a cut&paste error.
>
> o Oleksandr Natalenko <oleksandr at redhat.com>
> * BUG 13559: systemd: Only start smb when network
> interfaces are up.
>
> o Noel Power <noel.power at suse.com>
> * BUG 13553: Fix quotas don't work with SMB2.
> * BUG 13563: s3/smbd: Ensure quota code is only called
> when quota support
> detected.
>
> o Anoop C S <anoopcs at redhat.com>
> * BUG 13204: s3/libsmb: Explicitly set delete_on_close
> token for rmdir.
>
> o Andreas Schneider <asn at samba.org>
> * BUG 13561: s3:waf: Install eventlogadm to /usr/sbin.
>
> o Justin Stephenson <jstephen at redhat.com>
> * BUG 13562: Shorten description in vfs_linux_xfs_sgid manual.
>
>
> CHANGES SINCE 4.9.0rc1
> ======================
>
> o Jeremy Allison <jra at samba.org>
> * BUG 13537: s3: smbd: Using "sendfile = yes" with SMB2
> can cause CPU spin.
>
> o Ralph Boehme <slow at samba.org>
> * BUG 13535: s3: smbd: Fix path check in
> smbd_smb2_create_durable_lease_check().
>
> o Alexander Bokovoy <ab at samba.org>
> * BUG 13538: samba-tool trust: Support discovery via
> netr_GetDcName.
> * BUG 13542: s4-dsdb: Only build dsdb Python modules for AD DC.
>
> o Amitay Isaacs <amitay at gmail.com>
> * BUG 13520: Fix portability issues on freebsd.
>
> o Gary Lockyer <gary at catalyst.net.nz>
> * BUG 13536: DNS wildcard search does not handle multiple
> labels correctly.
>
> o Stefan Metzmacher <metze at samba.org>
> * BUG 13308: samba-tool domain trust: Fix trust
> compatibility to Windows
> Server 1709 and FreeIPA.
>
> o Martin Schwenke <martin at meltin.net>
> * BUG 13520: Fix portability issues on freebsd.
> * BUG 13545: ctdb-protocol: Fix CTDB compilation issues.
> * BUG 13546: ctdb-docs: Replace obsolete reference to
> CTDB_DEBUG_HUNG_SCRIPT
> option.
> * BUG 13550: ctdb-doc: Provide an example script for migrating old
> configuration.
> * BUG 13551: ctdb-event: Implement event tool "script
> list" command.
>
>
> KNOWN ISSUES
> ============
>
> https://wiki.samba.org/index.php/Release_Planning_for_Samba_4.
> 9#Release_blocking_bugs
>
>
> #######################################
> Reporting bugs & Development Discussion
> #######################################
>
> Please discuss this release on the samba-technical mailing list or by
> joining the #samba-technical IRC channel on irc.freenode.net.
>
> If you do report problems then please try to send high quality
> feedback. If you don't provide vital information to help us track down
> the problem then you will probably be ignored. All bug reports should
> be filed under the Samba 4.1 and newer product in the
> project's Bugzilla
> database (https://bugzilla.samba.org/).
>
>
> ======================================================================
> == Our Code, Our Bugs, Our Responsibility.
> == The Samba Team
> ======================================================================
>
> ================
> Download Details
> ================
>
> The uncompressed tarballs and patch files have been signed
> using GnuPG (ID 6F33915B6568B7EA). The source code can be downloaded
> from:
>
> https://download.samba.org/pub/samba/stable/
>
> The release notes are available online at:
>
> https://www.samba.org/samba/history/samba-4.9.0.html
>
> Our Code, Our Bugs, Our Responsibility.
> (https://bugzilla.samba.org/)
>
> --Enjoy
> The Samba Team
>
More information about the samba-technical
mailing list