Major bug fixes included in Samba 3.0.25a are:
o Missing supplementary Unix group membership when using "force
group".
o Premature expiration of domain user passwords when using a
Samba domain controller.
o Failure to open the Windows object picker against a server
configured to use "security = domain".
* Authentication failures when using security = server.
Plus additional local fixes.
PR: ports/113358
Submitted by: maintainer
Major features included in the 3.0.25 code base are:
o Significant improvements in the winbind off-line logon support.
o Support for secure DDNS updates as part of the 'net ads join'
process.
o Rewritten IdMap interface which allows for TTL based caching and
per domain backends.
o New plug-in interface for the "winbind nss info" parameter.
o New file change notify subsystem which is able to make use of
inotify on Linux.
o Support for passing Windows security descriptors to a VFS
plug-in allowing for multiple Unix ACL implements to running
side by side on the Same server.
o Improved compatibility with Windows Vista clients including
improved read performance with Linux servers.
o Man pages for IdMap and VFS plug-ins.
Security Fixes included in the Samba 3.0.25 release are:
o CVE-2007-2444
Versions: Samba 3.0.23d - 3.0.25pre2
Local SID/Name translation bug can result in
user privilege elevation
o CVE-2007-2446
Versions: Samba 3.0.0 - 3.0.24
Multiple heap overflows allow remote code execution
o CVE-2007-2447
Versions: Samba 3.0.0 - 3.0.24
Unescaped user input parameters are passed as
arguments to /bin/sh allowing for remote command
execution
PR: ports/112836
Submitted by: maintainer
Approved by: portmgr (self)
This release contains fixes for the following security advisories:
o CVE-2007-0452 (Potential Denial of Service bug in smbd)
o CVE-2007-0453 (Buffer overrun in NSS host lookup Winbind
NSS library on Solaris)
o CVE-2007-0454 (Format string bug in afsacl.so VFS plugin)
- Improve RC-file.
PR: ports/108803
Submitted by: maintainer
After recent release of Samba 3.0.23c and corresponding version of
port several problems with it were reported back by the users.
- Fix for the broken OPTIONS menu due overlong line. That addresses PR
ports/103158 and ports/102980
- Fix build on FreeBSD 7. PR ports/102919.
- Several fixes to the rc.d/samba script, as well as a new code.
Should handle 'restart' properly now.
- Remove enforcement of a daemon shutdown during deinstallation due
several requests.
- SAMBA_PRIVATEDIR can now be redefined.
- Warn the user if FAM_SUPPORT is enabled contrary to the selected
OPTIONS. [2]
PR: ports/103170 [1] ports/103276 [2]
Submitted by: Timur I. Bakeyev <timur@gnu.org> (mainainer) [1],
Scot Hetzel <swhetzel@gmail.com> [2]
Approved by: maintainer [2]
- Update to 3.0.23c
Common bugs fixed in 3.0.23c include: [1]
o Authentication failures in pam_winbind when the AD domain
policy is set to not expire passwords.
o Authorization failures when using smb.conf options such
as "valid users" with the smbpasswd passdb backend.
*** net/samba-libsmbclient: [2]
- Small cosmetic changes
*** net/py-samba: [3]
- Reset PORTREVISION back, as master port version bumped
PR: ports/102805 [1]
ports/102806 [2]
ports/102807 [3]
Submitted by: Timur I. Bakeyev <timur@gnu.org> (maintainer)
Common bugs fixed in 3.0.23b include:
o Ambiguity with unqualified names in smb.conf parameters
such as "force user" and "valid users".
o Errors in 'net ads join' caused by bad IP address in the list
of domain controllers.
o SMB signing errors in the client and server code.
o Domain join failures when using smbpasswd on a Samba PDC.
Common bugs fixed in 3.0.23a include:
o Failure to strip the domain name from groups when 'winbind
use default domain = yes'
o Failure in pam_winbind to correctly parse arguments.
o Bad token creation of local users on member servers not
running winbindd.
o Failure to add users or groups to ACLs using the Windows
object picker.
o Failure in file serving code when 'kernel oplocks = yes'.
New features in 3.0.23a include:
o New "createupn" option to "net ads join"
o Rewritten Kerberos keytab generation when 'use kerberos
keytab = yes'
PR: ports/102040
Submitted by: maintainer
o Improved 'make test'
o New offline mode in winbindd.
o New Kerberos support for pam_winbind.so.
o New handling of unmapped users and groups.
o New non-root share management tools.
o Improved support for local and BUILTIN groups.
o Winbind IDMAP integration with RFC2307 schema objects supported
by Windows 2003 R2.
o Rewritten 'net ads join' to mimic Windows XP without requiring
administrative rights to join a domain.
PR: ports/100100
Submitted by: maintainer
Common bugs fixed in 3.0.21 include:
o Missing groups in a user's token when logging in via kerberos
o Incompatibilities with newer MS Windows hotfixes and
embedded OS platforms
o Portability and crash bugs.
o Performance issues in winbindd.
New features introduced in Samba 3.0.21 include:
o Complete NTLMv2 support by consolidating authentication
mechanism used at the CIFS and RPC layers.
o The capability to manage Unix services using the Win32
Service Control API.
o The capability to view external Unix log files via the
Microsoft Event Viewer.
o New libmsrpc share library for application developers.
o Rewrite of CIFS oplock implementation.
o Performance Counter external daemon.
o Winbindd auto-detection query methods when communicating with
a domain controller.
o The ability to enumerate long share names in libsmbclient
applications.
PR: ports/91528
Submitted by: Timur I. Bakeyev (maintainer)
in bsd.autotools.mk essentially makes this a no-op given that all the
old variables set a USE_AUTOTOOLS_COMPAT variable, which is parsed in
exactly the same way as USE_AUTOTOOLS itself.
Moreover, USE_AUTOTOOLS has already been extensively tested by the GNOME
team -- all GNOME 2.12.x ports use it.
Preliminary documentation can be found at:
http://people.FreeBSD.org/~ade/autotools.txt
which is in the process of being SGMLized before introduction into the
Porters Handbook.
Light blue touch-paper. Run.
Changes:
o A crash bug in winbindd
o Reporting files as read-only instead of returning the
correct error code of "access denied"
o File system quota support defects
o Stability problems with winbindd.
o Crash bugs caused by incompatibilities on 64-bit systems.
o User Manager interoperability problems.
PR: ports/87517
Submitted by: maintainer
Additional features introduced in Samba 3.0.20 include:
o Support for several new Win32 rpc pipes.
o Improved support for OS/2 clients.
o New 'net rpc service' tool for managing Win32 services.
o Capability to set the owner on new files and directory
based on the parent's ownership.
o Experimental, asynchronous IO file serving support.
o Completed Support for Microsoft Print Migrator.
o New Winbind IDmap plugin (ad) for retrieving uid and gid
from AD servers which maintain the SFU user and group
attributes.
o Rewritten support for POSIX pathnames when utilizing
the Linux CIFS fs client.
o New asynchronous winbindd.
o Support for Microsoft Print Migrator.
o New Windows NT registry file I/O library.
o New user right (SeTakeOwnershipPrivilege) added.
o New "net share migrate" options.
PR: 85276
Submitted by: Timur I. Bakeyev (maintainer)
Approved by: perky (mentor)
Currently, ADS support is off for the package builds, as it creates
dependency problems with Kerberos5. Also, an experimental support
for extended attributes is included.
PR: ports/79037
Submitted by: maintainer
All ports depending on postgresql shall use the USE_PGSQL=yes knob
defined in Mk/bsd.ports.mk. Bumping portrevisions where needed.
PR: 75344
Approved by: portmgr@ (kris), ade & sean (mentors)
o Problem updating roaming user profiles.
o Crash in smbd when printing from a Windows 9x client.
o Unresolved symbols in libsmbclient which caused
applications such as KDE's konqueror to fail when
accessing smb:// URLs.
PR: ports/74223
Submitted by: maintainer
This patch originally developed by miraclelinux.com team for v3.0.2a.
I integrated it to apply to v3.0.4. All complains about this knob
should be sent to me, not maintainer nor miraclelinux.com team.
No response from: maintainer
- Resolve kerberos/ldap issues with libsmbclient
- Reenable iconv autodetection
- Add a small patch from Konstantin Reznichenko <kot@premierbank.dp.ua> that fixes
coredump of smbd when user add script is invoked
PR: ports/66617
Submitted by: maintainer
- Rewrite libsmbclient port to not conflict with samba port, stop installing
libsmbclient in samba port
- Split out python extensions into standalone port
PR: ports/65976
Submitted by: Timur I. Bakeyev <timur@gnu.org> (samba-devel maintainer)
Approved by: Koop Mast (samba-libsmbclient maintainer)
using smbd_enable and nmbd_enable and silence warning about samba_enable
not being set.
PR: ports/65598
Submitted by: Timur I. Bakeyev <timur@com.bat.ru> (maintainer)
Requested by: obrien
a lot of imporvements and bugfixes since 3.0.2a.
In addition following problems solved:
o linking agaist libiconv is mandatary now
o more ways of detecting Kerberos5 installation and
LIB_DEPENDS on Heimdal port if none is found -
should address problems with bentoo building as well
o fixed problem when port wasn't compilable when LDAP
wasn't chosen and ADS was.
Submitted by: Timur Bakeyev <timur@gnu.org> (maintainer)
PR: 65237
