The branch, master has been updated via 7a82133 NEWS[4.3.0]: Samba 4.3.0 Available for Download from 1391e83 NEWS[4.2.4]: Samba 4.2.4 Available for Download
https://git.samba.org/?p=samba-web.git;a=shortlog;h=master - Log ----------------------------------------------------------------- commit 7a82133d3192423302952e89f0f6ff80edf37953 Author: Karolin Seeger <ksee...@samba.org> Date: Tue Sep 8 16:51:06 2015 +0200 NEWS[4.3.0]: Samba 4.3.0 Available for Download Signed-off-by: Karolin Seeger <ksee...@samba.org> Signed-off-by: Stefan Metzmacher <me...@samba.org> ----------------------------------------------------------------------- Summary of changes: history/samba-4.3.0.html | 409 ++++++++++++++++++++++++ posted_news/20150908-144549.4.3.0.body.html | 13 + posted_news/20150908-144549.4.3.0.headline.html | 3 + 3 files changed, 425 insertions(+) create mode 100644 history/samba-4.3.0.html create mode 100644 posted_news/20150908-144549.4.3.0.body.html create mode 100644 posted_news/20150908-144549.4.3.0.headline.html Changeset truncated at 500 lines: diff --git a/history/samba-4.3.0.html b/history/samba-4.3.0.html new file mode 100644 index 0000000..2f08dff --- /dev/null +++ b/history/samba-4.3.0.html @@ -0,0 +1,409 @@ +<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" + "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> +<html xmlns="http://www.w3.org/1999/xhtml"> +<head> +<title>Samba 4.3.0 - Release Notes</title> +</head> +<body> +<H2>Samba 4.3.0 Available for Download</H2> +<p> +<a href="https://download.samba.org/pub/samba/stable/samba-4.3.0.tar.gz">Samba 4.3.0 (gzipped)</a><br> +<a href="https://download.samba.org/pub/samba/stable/samba-4.3.0.tar.asc">Signature</a> +</p> +<p><pre> + ============================= + Release Notes for Samba 4.3.0 + September 8, 2015 + ============================= + + +This is the first stable release of Samba 4.3. + + +UPGRADING +========= + +Read the "New FileChangeNotify subsystem" and "smb.conf changes" sections +(below). + + +NEW FEATURES +============ + +Logging +------- + +The logging code now supports logging to multiple backends. In +addition to the previously available syslog and file backends, the +backends for logging to the systemd-journal, lttng and gpfs have been +added. Please consult the section for the 'logging' parameter in the +smb.conf manpage for details. + +Spotlight +--------- + +Support for Apple's Spotlight has been added by integrating with Gnome +Tracker. + +For detailed instructions how to build and setup Samba for Spotlight, +please see the Samba wiki: &lt;https://wiki.samba.org/index.php/Spotlight&gt; + +New FileChangeNotify subsystem +------------------------------ + +Samba now contains a new subsystem to do FileChangeNotify. The +previous system used a central database, notify_index.tdb, to store +all notification requests. In particular in a cluster this turned out +to be a major bottleneck, because some hot records need to be bounced +back and forth between nodes on every change event like a new created +file. + +The new FileChangeNotify subsystem works with a central daemon per +node. Every FileChangeNotify request and every event are handled by an +asynchronous message from smbd to the notify daemon. The notify daemon +maintains a database of all FileChangeNotify requests in memory and +will distribute the notify events accordingly. This database is +asynchronously distributed in the cluster by the notify daemons. + +The notify daemon is supposed to scale a lot better than the previous +implementation. The functional advantage is cross-node kernel change +notify: Files created via NFS will be seen by SMB clients on other +nodes per FileChangeNotify, despite the fact that popular cluster file +systems do not offer cross-node inotify. + +Two changes to the configuration were required for this new subsystem: +The parameters "change notify" and "kernel change notify" are not +per-share anymore but must be set globally. So it is no longer +possible to enable or disable notify per share, the notify daemon has +no notion of a share, it only works on absolute paths. + +New SMB profiling code +---------------------- + +The code for SMB (SMB1, SMB2 and SMB3) profiling uses a tdb instead +of sysv IPC shared memory. This avoids performance problems and NUMA +effects. The profile stats are a bit more detailed than before. + +Improved DCERPC man in the middle detection for kerberos +-------------------------------------------------------- + +The gssapi based kerberos backends for gensec have support for +DCERPC header signing when using DCERPC_AUTH_LEVEL_PRIVACY. + +SMB signing required in winbindd by default +------------------------------------------- + +The effective value for "client signing" is required +by default for winbindd, if the primary domain uses active directory. + +Experimental NTDB was removed +----------------------------- + +The experimental NTDB library introduced in Samba 4.0 has been +removed again. + +Improved support for trusted domains (as AD DC) +----------------------------------------------- + +The support for trusted domains/forests has improved a lot. + +samba-tool got "domain trust" subcommands to manage trusts: + + create - Create a domain or forest trust. + delete - Delete a domain trust. + list - List domain trusts. + namespaces - Manage forest trust namespaces. + show - Show trusted domain details. + validate - Validate a domain trust. + +External trusts between individual domains work in both ways +(inbound and outbound). The same applies to root domains of +a forest trust. The transitive routing into the other forest +is fully functional for kerberos, but not yet supported for NTLMSSP. + +While a lot of things are working fine, there are currently a few limitations: + + - Both sides of the trust need to fully trust each other! + - No SID filtering rules are applied at all! + - This means DCs of domain A can grant domain admin rights + in domain B. + - It's not possible to add users/groups of a trusted domain + into domain groups. + +SMB 3.1.1 supported +------------------- + +Both client and server have support for SMB 3.1.1 now. + +This is the dialect introduced with Windows 10, it improves the secure +negotiation of SMB dialects and features. + +There's also a new optinal encryption algorithm aes-gcm-128, +but for now this is only selected as fallback and aes-ccm-128 +is preferred because of the better performance. This might change +in future versions when hardware encryption will be supported. +See https://bugzilla.samba.org/show_bug.cgi?id=11451. + +New smbclient subcommands +------------------------- + + - Query a directory for change notifications: notify &lt;dir name&gt; + - Server side copy: scopy &lt;source filename&gt; &lt;destination filename&gt; + +New rpcclient subcommands +------------------------- + + netshareenumall - Enumerate all shares + netsharegetinfo - Get Share Info + netsharesetinfo - Set Share Info + netsharesetdfsflags - Set DFS flags + netfileenum - Enumerate open files + netnamevalidate - Validate sharename + netfilegetsec - Get File security + netsessdel - Delete Session + netsessenum - Enumerate Sessions + netdiskenum - Enumerate Disks + netconnenum - Enumerate Connections + netshareadd - Add share + netsharedel - Delete share + +New modules +----------- + + idmap_script - see 'man 8 idmap_script' + vfs_unityed_media - see 'man 8 vfs_unityed_media' + vfs_shell_snap - see 'man 8 vfs_shell_snap' + +New sparsely connected replia graph (Improved KCC) +-------------------------------------------------- + +The Knowledge Consistency Checker (KCC) maintains a replication graph +for DCs across an AD network. The existing Samba KCC uses a fully +connected graph, so that each DC replicates from all the others, which +does not scale well with large networks. In 4.3 there is an +experimental new KCC that creates a sparsely connected replication +graph and closely follows Microsoft's specification. It is turned off +by default. To use the new KCC, set "kccsrv:samba_kcc=true" in +smb.conf and let us know how it goes. You should consider doing this +if you are making a large new network. For small networks there is +little benefit and you can always switch over at a later date. + +Configurable TLS protocol support, with better defaults +------------------------------------------------------- + +The "tls priority" option can be used to change the supported TLS +protocols. The default is to disable SSLv3, which is no longer +considered secure. + +Samba-tool now supports all 7 FSMO roles +------------------------------------------------------- + +Previously "samba-tool fsmo" could only show, transfer or seize the +five well-known FSMO roles: + + Schema Master + Domain Naming Master + RID Master + PDC Emulator + Infrastructure Master + +It can now also show, transfer or seize the DNS infrastructure roles: + + DomainDnsZones Infrastructure Master + ForestDnsZones Infrastructure Master + +CTDB logging changes +-------------------- + +The destination for CTDB logging is now set via a single new +configuration variable CTDB_LOGGING. This replaces CTDB_LOGFILE and +CTDB_SYSLOG, which have both been removed. See ctdbd.conf(5) for +details of CTDB_LOGGING. + +CTDB no longer runs a separate logging daemon. + +CTDB NFS support changes +------------------------ + +CTDB's NFS service management has been combined into a single 60.nfs +event script. This updated 60.nfs script now uses a call-out to +interact with different NFS implementations. See the CTDB_NFS_CALLOUT +option in the ctdbd.conf(5) manual page for details. A default +call-out is provided to interact with the Linux kernel NFS +implementation. The 60.ganesha event script has been removed - a +sample call-out is provided for NFS Ganesha, based on this script. + +The method of configuring NFS RPC checks has been improved. See +ctdb/config/nfs-checks.d/README for details. + +Improved Cross-Compiling Support +-------------------------------- + +A new "hybrid" build configuration mode is added to improve +cross-compilation support. + +A common challenge in cross-compilation is that of obtaining the results +of tests that have to run on the target, during the configuration +phase of the build. The Samba build system already supports the following +means to do so: + + - Executing configure tests using the --cross-execute parameter + - Obtaining the results from an answers file using the --cross-answers + parameter + +The first method has the drawback of inaccurate results if the tests are +run using an emulator, or a need to be connected to a running target +while building, if the tests are to be run on an actual target. The +second method presents a challenge of figuring out the test results. + +The new hybrid mode runs the tests and records the result in an answer file. +To activate this mode, use both --cross-execute and --cross-answers in the +same configure invocation. This mode can be activated once against a +running target, and then the generated answers file can be used in +subsequent builds. + +Also supplied is an example script that can be used as the +cross-execute program. This script copies the test to a running target +and runs the test on the target, obtaining the result. The obtained +results are more accurate than running the test with an emulator, because +they reflect the exact kernel and system libraries that exist on the +target. + +Improved Sparse File Support +---------------------------- +Support for the FSCTL_SET_ZERO_DATA and FSCTL_QUERY_ALLOCATED_RANGES +SMB2 requests has been added to the smbd file server. +This allows for clients to deallocate (hole punch) regions within a +sparse file, and check which portions of a file are allocated. + + +###################################################################### +Changes +####### + +smb.conf changes +---------------- + + Parameter Name Description Default + -------------- ----------- ------- + logging New (empty) + msdfs shuffle referrals New no + smbd profiling level New off + spotlight New no + tls priority New NORMAL:-VERS-SSL3.0 + use ntdb Removed + change notify Changed to [global] + kernel change notify Changed to [global] + client max protocol Changed default SMB3_11 + server max protocol Changed default SMB3_11 + +Removed modules +--------------- + +vfs_notify_fam - see section 'New FileChangeNotify subsystem'. + + +KNOWN ISSUES +============ + +Currently none. + + +CHANGES SINCE 4.2.0rc4 +====================== + +o Andrew Bartlett &lt;abart...@samba.org&gt; + * Bug 10973: No objectClass found in replPropertyMetaData on ordinary + objects (non-deleted) + * Bug 11429: Python bindings don't check integer types + * Bug 11430: Python bindings don't check array sizes + +o Ralph Boehme &lt;s...@samba.org&gt; + * Bug 11467: Handling of 0 byte resource fork stream + +o Volker Lendecke &lt;v...@samba.org&gt; + * Bug 11488: AD samr GetGroupsForUser fails for users with "()" in + their name + +o Stefan Metzmacher &lt;me...@samba.org&gt; + * Bug 11429: Python bindings don't check integer types + +o Matthieu Patou &lt;m...@matws.net&gt; + * Bug 10973: No objectClass found in replPropertyMetaData on ordinary + objects (non-deleted) + + +CHANGES SINCE 4.2.0rc3 +====================== + +o Ralph Boehme &lt;s...@samba.org&gt; + * Bug 11444: Crash in notify_remove caused by change notify = no + +o G&uuml;nther Deschner &lt;g...@samba.org&gt; + * Bug 11411: smbtorture does not build when configured --with-system-mitkrb5 + +o Volker Lendecke &lt;v...@samba.org&gt; + * Bug 11455: fix recursion problem in rep_strtoll in lib/replace/replace.c + * Bug 11464: xid2sid gives inconsistent results + * Bug 11465: ctdb: Fix the build on FreeBSD 10.1 + +o Roel van Meer &lt;r...@1afa.com&gt; + * Bug 11427: nmbd incorrectly matches netbios names as own name + +o Stefan Metzmacher &lt;me...@samba.org&gt; + * Bug 11451: Poor SMB3 encryption performance with AES-GCM + * Bug 11458: --bundled-libraries=!ldb,!pyldb,!pyldb-util doesn't + disable ldb build and install + +o Andreas Schneider &lt;a...@samba.org&gt; + * Bug 9862: Samba "map to guest = Bad uid" doesn't work + + +CHANGES SINCE 4.3.0rc2 +====================== + +o Andrew Bartlett &lt;abart...@samba.org&gt; + * Bug 11436: samba-tool uncaught exception error + * Bug 10493: revert LDAP extended rule 1.2.840.113556.1.4.1941 + LDAP_MATCHING_RULE_IN_CHAIN changes + +o Ralph Boehme &lt;s...@samba.org&gt; + * Bug 11278: Stream names with colon don't work with + fruit:encoding = native + * Bug 11426: net share allowedusers crashes + +o Amitay Isaacs &lt;ami...@gmail.com&gt; + * Bug 11432: Fix crash in nested ctdb banning + * Bug 11434: Cannot build ctdbpmda + * Bug 11431: CTDB's eventscript error handling is broken + +o Stefan Metzmacher &lt;me...@samba.org&gt; + * Bug 11451: Poor SMB3 encryption performance with AES-GCM (part1) + * Bug 11316: tevent_fd needs to be destroyed before closing the fd + +o Arvid Requate &lt;requ...@univention.de&gt; + * Bug 11291: NetApp joined to a Samba/ADDC cannot resolve SIDs + +o Martin Schwenke &lt;mar...@meltin.net&gt; + * Bug 11432: Fix crash in nested ctdb banning + + +CHANGES SINCE 4.3.0rc1 +====================== + +o Jeremy Allison &lt;j...@samba.org&gt; + * BUG 11359: strsep is not available on Solaris + +o Bj&ouml;rn Baumbach &lt;b...@sernet.de&gt; + * BUG 11421: Build with GPFS support is broken + +o Justin Maggard &lt;jmagg...@netgear.com&gt; + * BUG 11320: "force group" with local group not working + +o Martin Schwenke &lt;mar...@meltin.net + * BUG 11424: Build broken with --disable-python + + +</p></pre> +</body> +</html> diff --git a/posted_news/20150908-144549.4.3.0.body.html b/posted_news/20150908-144549.4.3.0.body.html new file mode 100644 index 0000000..666145f --- /dev/null +++ b/posted_news/20150908-144549.4.3.0.body.html @@ -0,0 +1,13 @@ +<!-- BEGIN: posted_news/20150908-144549.4.3.0.body.html --> +<h5><a name="4.3.0">08 September 2015</a></h5> +<p class=headline>Samba 4.3.0 Available for Download</p> +<p> +This is the latest stable release of the Samba 4.3 release series. +</p> +<p> +The uncompressed tarball has been signed using GnuPG (ID 6568B7EA). +The source code can be <a href="https://download.samba.org/pub/samba/stable/samba-4.3.0.tar.gz">downloaded now</a>. +See <a href="https://www.samba.org/samba/history/samba-4.3.0.html">the release notes for more info</a>. +</p> +<!-- END: posted_news/20150908-144549.4.3.0.body.html --> + diff --git a/posted_news/20150908-144549.4.3.0.headline.html b/posted_news/20150908-144549.4.3.0.headline.html new file mode 100644 index 0000000..9fb4a7a --- /dev/null +++ b/posted_news/20150908-144549.4.3.0.headline.html @@ -0,0 +1,3 @@ +<!-- BEGIN: posted_news/20150908-144549.4.3.0.headline.html --> +<li> 08 September 2015 <a href="#4.3.0">Samba 4.3.0 Available for Download</a></li> +<!-- END: posted_news/20150908-144549.4.3.0.headline.html --> -- Samba Website Repository