Release Notes for Samba 4.10.5
This is a security release in order to address the following defects:
o CVE-2019-12435 (Samba AD DC Denial of Service in DNS management server
(dnsserver))
o CVE-2019-12436 (Samba AD DC LDAP server crash (paged searches))
Details
=======
o CVE-2019-12435:
An authenticated user can crash the Samba AD DC's RPC server process via a
NULL pointer dereference.
o CVE-2019-12436:
An user with read access to the directory can cause a NULL pointer
dereference using the paged search control.
For more details and workarounds, please refer to the security advisories.
Samba 4.10.3, 4.9.8 and 4.8.12 Security Releases Available
These are security releases in order to address CVE-2018-16860 (Samba AD DC S4U2Self/S4U2Proxy unkeyed checksum).
from mmoll in https://github.com/NetBSD/pkgsrc/pull/46
I am not adding the SunOS part because the files are in the non-OS specific
PLIST, now (the SunOS entries seem to be duplicated)
Release Notes for Samba 4.10.2
This is a security release in order to address the following defects:
o CVE-2019-3870 (World writable files in Samba AD DC private/ dir)
o CVE-2019-3880 (Save registry file outside share as unprivileged user)
Details
o CVE-2019-3870:
During the provision of a new Active Directory DC, some files in the private/
directory are created world-writable.
o CVE-2019-3880:
Authenticated users with write permission can trigger a symlink traversal to
write or detect files outside the Samba share.
For more details and workarounds, please refer to the security advisories.
Changes since 4.10.1:
* BUG 13834: CVE-2019-3870: pysmbd: Ensure a zero umask is set for
smbd.mkdir().
* BUG 13851: CVE-2018-14629: rpc: winreg: Remove implementations of
SaveKey/RestoreKey.
Release Notes for Samba 4.10.0
This is the first stable release of the Samba 4.10 release series.
Please read the release notes carefully before upgrading.
NEW FEATURES/CHANGES
====================
GPO Improvements
----------------
A new 'samba-tool gpo backup' command has been added that can export a
set of Group Policy Objects from a domain in a generalised XML format.
A corresponding 'samba-tool gpo restore' command has been added to
rebuild the Group Policy Objects from the XML after generalization.
(The administrator needs to correct the values of XML entities between
the backup and restore to account for the change in domain).
KDC prefork
-----------
The KDC now supports the pre-fork process model and worker processes will be
forked for the KDC when the pre-fork process model is selected for samba.
Prefork 'prefork children'
--------------------------
The default value for this smdb.conf parameter has been increased from 1 to
4.
Netlogon prefork
----------------
DCERPC now supports pre-forked NETLOGON processes. The netlogon processes are
pre-forked when the prefork process model is selected for samba.
Offline domain backups
----------------------
The 'samba-tool domain backup' command has been extended with a new 'offline'
option. This safely creates a backup of the local DC's database directly from
disk. The main benefits of an offline backup are it's quicker, it stores more
database details (for forensic purposes), and the samba process does not have
to be running when the backup is made. Refer to the samba-tool help for more
details on using this command.
Group membership statistics
---------------------------
A new 'samba-tool group stats' command has been added. This provides summary
information about how the users are spread across groups in your domain.
The 'samba-tool group list --verbose' command has also been updated to include
the number of users in each group.
Paged results LDAP control
--------------------------
The behaviour of the paged results control (1.2.840.113556.1.4.319, RFC2696)
has been changed to more closely match Windows servers, to improve memory
usage. Paged results may be used internally (or is requested by the user) by
LDAP libraries or tools that deal with large result sizes, for example, when
listing all the objects in the database.
Previously, results were returned as a snapshot of the database but now,
some changes made to the set of results while paging may be reflected in the
responses. If strict inter-record consistency is required in answers (which is
not possible on Windows with large result sets), consider avoiding the paged
results control or alternatively, it might be possible to enforce restrictions
using the LDAP filter expression.
For further details see https://wiki.samba.org/index.php/Paged_Results
Prefork process restart
-----------------------
The pre-fork process model now restarts failed processes. The delay between
restart attempts is controlled by the "prefork backoff increment" (default = 10)
and "prefork maximum backoff" (default = 120) smbd.conf parameters. A linear
back off strategy is used with "prefork backoff increment" added to the
delay between restart attempts up until it reaches "prefork maximum backoff".
Using the default sequence the restart delays (in seconds) are:
0, 10, 20, ..., 120, 120, ...
Standard process model
----------------------
When using the standard process model samba forks a new process to handle ldap
and netlogon connections. Samba now honours the 'max smbd processes' smb.conf
parameter. The default value of 0, indicates there is no limit. The limit
is applied individually to netlogon and ldap. When the process limit is
exceeded Samba drops new connections immediately.
python3 support
---------------
This is the first release of Samba which has full support for Python 3.
Samba 4.10 still has support for Python 2, however, Python 3 will be used by
default, i.e. 'configure' & 'make' will execute using python3.
To build Samba with python2 you *must* set the 'PYTHON' environment variable
for both the 'configure' and 'make' steps, i.e.
'PYTHON=python2 ./configure'
'PYTHON=python2 make'
This will override the python3 default.
Alternatively, it is possible to produce Samba Python bindings for both
Python 2 and Python 3. To do so, specify '--extra-python=/usr/bin/python2'
as part of the 'configure' command. Note that python3 will still be used as
the default in this case.
Note that Samba 4.10 supports Python 3.4 onwards.
Future Python support
---------------------
Samba 4.10 will be the last release that comes with full support for
Python 2. Unfortunately, the Samba Team doesn't have the resources to support
both Python 2 and Python 3 long-term.
Samba 4.11 will not have any runtime support for Python 2. This means if
you use Python 2 bindings it is time to migrate to Python 3 now.
If you are building Samba using the '--disable-python' option (i.e. you're
excluding all the run-time Python support), then this will continue to work
on a system that supports either python2 or python3.
Also note that Samba 4.11 will most likely only support Python 3.6 onwards.
JSON logging
------------
Authentication messages now contain the Windows Event Id "eventId" and logon
type "logonType". The supported event codes and logon types are:
Event codes:
4624 Successful logon
4625 Unsuccessful logon
Logon Types:
2 Interactive
3 Network
8 NetworkCleartext
The version number for Authentication messages is now 1.1, changed from 1.0
Password change messages now contain the Windows Event Id "eventId", the
supported event Id's are:
4723 Password changed
4724 Password reset
The version number for PasswordChange messages is now 1.1, changed from 1.0
Group membership change messages now contain the Windows Event Id "eventId",
the supported event Id's are:
4728 A member was added to a security enabled global group
4729 A member was removed from a security enabled global group
4732 A member was added to a security enabled local group
4733 A member was removed from a security enabled local group
4746 A member was added to a security disabled local group
4747 A member was removed from a security disabled local group
4751 A member was added to a security disabled global group
4752 A member was removed from a security disabled global group
4756 A member was added to a security enabled universal group
4757 A member was removed from a security enabled universal group
4761 A member was added to a security disabled universal group
4762 A member was removed from a security disabled universal group
The version number for GroupChange messages is now 1.1, changed from 1.0. Also
A GroupChange message is generated when a new user is created to log that the
user has been added to their primary group.
The leading "JSON <message type>:" and source file prefix of the JSON formatted
log entries has been removed to make the parsing of the JSON log messages
easier. JSON log entries now start with 2 spaces followed by an opening brace
i.e. " {"
SMBv2 samba-tool support
------------------------
On previous releases, some samba-tool commands would not work against a remote
DC that had SMBv1 disabled. SMBv2 support has now been added for samba-tool.
The affected commands are 'samba-tool domain backup|rename' and the
'samba-tool gpo' set of commands.
New glusterfs_fuse VFS module
-----------------------------
The new vfs_glusterfs_fuse module improves performance when Samba
accesses a glusterfs volume mounted via FUSE (Filesystem in Userspace
as part of the Linux kernel). It achieves that by leveraging a
mechanism to retrieve the appropriate case of filenames by querying a
specific extended attribute in the filesystem. No extra configuration
is required to use this module, only glusterfs_fuse needs to be set in
the "vfs objects" parameter. Further details can be found in the
vfs_glusterfs_fuse(8) manpage. This new vfs_glusterfs_fuse module does
not replace the existing vfs_glusterfs module, it just provides an
additional, alternative mechanism to access a Gluster volume.
REMOVED FEATURES
================
MIT Kerberos build of the AD DC
-------------------------------
While not removed, the MIT Kerberos build of the Samba AD DC is still
considered experimental. Because Samba will not issue security
patches for this configuration, such builds now require the explicit
configure option: --with-experimental-mit-ad-dc
For further details see
https://wiki.samba.org/index.php/Running_a_Samba_AD_DC_with_MIT_Kerberos_KDC
samba_backup
------------
The samba_backup script has been removed. This has now been replaced by the
'samba-tool domain backup offline' command.
SMB client Python bindings
--------------------------
The SMB client python bindings are now deprecated and will be removed in future
Samba releases. This will only affects users that may have used the Samba
Python bindings to write their own utilities, i.e. users with a custom Python
script that includes the line 'from samba import smb'.
Changes since 4.9.4:
* audit_logging: Remove debug log header and JSON Authentication:
prefix.
* Fix upgrade from 4.7 (or earlier) to 4.9.
* s3: lib: nmbname: Ensure we limit the NetBIOS name correctly.
CID: 1433607.
* smbd: uid: Don't crash if 'force group' is added to an existing
share connection.
* s3: VFS: vfs_fruit. Fix the NetAtalk deny mode compatibility
code.
* s3: SMB1 POSIX mkdir does case insensitive name lookup.
* s3:utils/smbget fix recursive download with empty source
directories.
* samba-tool drs showrepl: Do not crash if no dnsHostName found.
* s3:libsmb: cli_smb2_list() can sometimes fail initially on a
connection.
* join: Throw CommandError instead of Exception for simple errors.
* ldb: Avoid inefficient one-level searches.
* s3: libsmb: use smb2cli_conn_max_trans_size() in
cli_smb2_list().
* tldap: Avoid use after free errors.
* Fix idmap xid2sid cache churn.
* access_check_max_allowed() doesn't process "Owner Rights" ACEs.
* s3-smbd: Avoid assuming fsp is always intact after close_file
call.
* s3-vfs-fruit: Add close call.
* s3-smbd: Use fruit:model string for mDNS registration.
* s3-vfs: add glusterfs_fuse vfs module.
* printing: Check lp_load_printers() prior to pcap cache update.
* vfs_ceph: vfs_ceph strict_allocate_ftruncate calls (local FS)
ftruncate and fallocate.
* lib/audit_logging: Actually create talloc.
* netcmd/user: python[3]-gpgme unsupported and replaced by
python[3]-gpg.
* dns: Changing onelevel search for wildcard to subtree.
* samba-tool: Don't print backtrace on simple DNS errors.
* sambaundoguididx: Use the right escaped oder unescaped sam ldb
files.
* ctdb: Print locks latency in machinereadable stats.
* messages_dgm: Messaging gets stuck when pids are recycled.
* audit_logging: auth_json_audit required auth_json.
* man pages: Document prefork process model.
* CVE-2019-3824 ldb: Release ldb 1.4.6.
* s3:auth: ignore create_builtin_guests() failing without a valid
idmap configuration.
* s3:auth_winbind: Ignore a missing winbindd as NT4 PDC/BDC
without trusts.
* s3:auth_winbind: return NT_STATUS_NO_LOGON_SERVERS if winbindd
is not available.
* s4:server: Add support for 'smbcontrol samba shutdown' and
'smbcontrol <pid> debug/debuglevel'.
* Python: Ensure ldb.Dn can doesn't rencoded str with py2.
* vfs_glusterfs: Adapt to changes in libgfapi signatures.
* s3-vfs: Use ENOATTR in errno comparison for getxattr.
* notifyd: Fix SIGBUS on sparc.
* waf: Check for libnscd.
* s3:vfs: Correctly check if OFD locks should be enabled or not.
* lib/util: Count a trailing line that doesn't end in a newline.
* Recovery lock bug fixes.
* s3: net: Do not set NET_FLAGS_ANONYMOUS with -k.
* s3:libsmb: Honor disable_netbios option in smbsock_connect_send.
* vfs_fileid: Fix get_connectpath_ino.
* vfs_fileid: Fix fsname_norootdir algorithm.
Twine is a utility for publishing Python packages on PyPI. It provides build
system independent uploads of source and binary distribution artifacts for both
new and existing projects.
PkgSrc changes:
* fix building on Darwin and probably other systems as well
* install manpages
* use correct install_name on Darwin
* does not collide with p5-Parse-Yapp anymore
* use cmocka and libgcrypt
* clean-ups
Release Notes for Samba 4.9.4
Major bug fixes include:
o dns: Fix CNAME loop prevention using counter regression.
Changes since 4.9.3:
* BUG 9175: libcli/smb: Don't overwrite status code.
* BUG 12164: wbinfo --group-info 'NT AUTHORITY\System' does not work.
* BUG 13661: Session setup reauth fails to sign response.
* BUG 13677: vfs_fruit: Validation of writes on AFP_AfpInfo stream.
* BUG 13688: vfs_shadow_copy2: Nicely deal with attempts to open previous
version for writing.
* BUG 13455: Restoring previous version of stream with vfs_shadow_copy2 fails
with NT_STATUS_OBJECT_NAME_INVALID fsp->base_fsp->fsp_name.
* BUG 13571: CVE-2018-16853: Fix S4U2Self crash with MIT KDC build.
* BUG 13708: s3-vfs: Prevent NULL pointer dereference in vfs_glusterfs.
* PEP8: fix E231: missing whitespace after ','.
* BUG 13629: winbindd: Fix crash when taking profiles.
* BUG 13600: CVE-2018-14629 dns: Fix CNAME loop prevention using counter
regression.
* BUG 13686: 'samba-tool user syscpasswords' fails on a domain with many DCs.
* BUG 13571: CVE-2018-16853: Do not segfault if client is not set.
* BUG 13679: lib:util: Fix DEBUGCLASS pointer initializiation.
* BUG 13696: ctdb-daemon: Exit with error if a database directory does not
exist.
* BUG 13498: s3:libads: Add net ads leave keep-account option.
=============================
Release Notes for Samba 4.9.3
November 27, 2018
=============================
This is a security release in order to address the following defects:
o CVE-2018-14629 (Unprivileged adding of CNAME record causing loop in AD
Internal DNS server)
o CVE-2018-16841 (Double-free in Samba AD DC KDC with PKINIT)
o CVE-2018-16851 (NULL pointer de-reference in Samba AD DC LDAP server)
o CVE-2018-16852 (NULL pointer de-reference in Samba AD DC DNS servers)
o CVE-2018-16853 (Samba AD DC S4U2Self crash in experimental MIT Kerberos
configuration (unsupported))
o CVE-2018-16857 (Bad password count in AD DC not always effective)
=======
Details
=======
o CVE-2018-14629:
All versions of Samba from 4.0.0 onwards are vulnerable to infinite
query recursion caused by CNAME loops. Any dns record can be added via
ldap by an unprivileged user using the ldbadd tool, so this is a
security issue.
o CVE-2018-16841:
When configured to accept smart-card authentication, Samba's KDC will call
talloc_free() twice on the same memory if the principal in a validly signed
certificate does not match the principal in the AS-REQ.
This is only possible after authentication with a trusted certificate.
talloc is robust against further corruption from a double-free with
talloc_free() and directly calls abort(), terminating the KDC process.
There is no further vulnerability associated with this issue, merely a
denial of service.
o CVE-2018-16851:
During the processing of an LDAP search before Samba's AD DC returns
the LDAP entries to the client, the entries are cached in a single
memory object with a maximum size of 256MB. When this size is
reached, the Samba process providing the LDAP service will follow the
NULL pointer, terminating the process.
There is no further vulnerability associated with this issue, merely a
denial of service.
o CVE-2018-16852:
During the processing of an DNS zone in the DNS management DCE/RPC server,
the internal DNS server or the Samba DLZ plugin for BIND9, if the
DSPROPERTY_ZONE_MASTER_SERVERS property or DSPROPERTY_ZONE_SCAVENGING_SERVERS
property is set, the server will follow a NULL pointer and terminate.
There is no further vulnerability associated with this issue, merely a
denial of service.
o CVE-2018-16853:
A user in a Samba AD domain can crash the KDC when Samba is built in the
non-default MIT Kerberos configuration.
With this advisory we clarify that the MIT Kerberos build of the Samba
AD DC is considered experimental. Therefore the Samba Team will not
issue security patches for this configuration.
o CVE-2018-16857:
AD DC Configurations watching for bad passwords (to restrict brute forcing
of passwords) in a window of more than 3 minutes may not watch for bad
passwords at all.
For more details and workarounds, please refer to the security advisories.
Performing substitutions during post-patch breaks tools such as mkpatches,
making it very difficult to regenerate correct patches after making changes,
and often leading to substituted string replacements being committed.
I'd like to install net/samba4 and net/freeradius on the same server.
But devel/talloc on which net/freeradius depends conflicts bundled talloc
library used in net/samba.
net/samba also should use devel/talloc package.
Bump PKGREVISION.
This should be the last part of the renaming operation for print/cups to
print/cups-base.
Rationale: packages depending on CUPS but not relying on a functional
printing setup only need to depend on print/cups-base (equivalent to the
former print/cups). The new print/cups now depends on print/cups-base
and on print/cups-filters, thus directly providing a functional printing
setup. This bump reflects this change of dependency.
As discussed on tech-pkg@
This is with the notable exception of meta-pkgs/desktop-gnome, which I
believe implies a fully functional cups.
This is still missing revision bumps - I'll be right there (first time I
am doing this on so many packages at a time).
As discussed on tech-pkg@
=============================
Release Notes for Samba 4.6.8
September 20, 2017
=============================
This is a security release in order to address the following defects:
o CVE-2017-12150 (SMB1/2/3 connections may not require signing where they
should)
o CVE-2017-12151 (SMB3 connections don't keep encryption across DFS redirects)
o CVE-2017-12163 (Server memory information leak over SMB1)
=======
Details
=======
o CVE-2017-12150:
A man in the middle attack may hijack client connections.
o CVE-2017-12151:
A man in the middle attack can read and may alter confidential
documents transferred via a client connection, which are reached
via DFS redirect when the original connection used SMB3.
o CVE-2017-12163:
Client with write access to a share can cause server memory contents to be
written into a file or printer.
For more details and workarounds, please see the security advisories:
o https://www.samba.org/samba/security/CVE-2017-12150.html
o https://www.samba.org/samba/security/CVE-2017-12151.html
o https://www.samba.org/samba/security/CVE-2017-12163.html
Changes since 4.6.7:
--------------------
o Jeremy Allison <jra@samba.org>
* BUG 12836: s3: smbd: Fix a read after free if a chained SMB1 call goes
async.
* BUG 13020: CVE-2017-12163: s3:smbd: Prevent client short SMB1 write from
writing server memory to file.
o Ralph Boehme <slow@samba.org>
* BUG 12885: s3/smbd: Let non_widelink_open() chdir() to directories
directly.
o Stefan Metzmacher <metze@samba.org>
* BUG 12996: CVE-2017-12151: Keep required encryption across SMB3 dfs
redirects.
* BUG 12997: CVE-2017-12150: Some code path don't enforce smb signing
when they should.
4.6.7 (2017/08/09): the latest stable release of the Samba 4.6 release series.
Changes since 4.6.6
---------------------
o Jeremy Allison <jra@samba.org>
* BUG 12836: s3: smbd: Fix a read after free if a chained SMB1 call goes async.
o Andrew Bartlett <abartlet@samba.org>
* BUG 11392: s4-cldap/netlogon: Match Windows 2012R2 and return
NETLOGON_NT_VERSION_5 when version unspecified.
o Ralph Boehme <slow@samba.org>
* BUG 12885: s3/smbd: Let non_widelink_open() chdir() to directories directly.
* BUG 12910: s3/notifyd: Ensure notifyd doesn't return from
smbd_notifyd_init.
o Günther Deschner <gd@samba.org>
* BUG 12840: vfs_fruit: Add fruit:model = <modelname> parametric option.
o David Disseldorp <ddiss@samba.org>
* BUG 12911: vfs_ceph: Fix cephwrap_chdir().
o Dustin L. Howett
* BUG 12720: idmap_ad: Retry query_user exactly once if we get
TLDAP_SERVER_DOWN.
o Thomas Jarosch <thomas.jarosch@intra2net.com>
* BUG 12927: s3: libsmb: Fix use-after-free when accessing pointer *p.
o Volker Lendecke <vl@samba.org>
* BUG 12925: smbd: Fix a connection run-down race condition.
o Stefan Metzmacher <metze@samba.org>
* BUG 12782: winbindd changes the local password and gets
NT_STATUS_WRONG_PASSWORD for the remote change.
* BUG 12890: s3:smbd: consistently use talloc_tos() memory for
rpc_pipe_open_interface().
o Noel Power <noel.power@suse.com>
* BUG 12937: smbcacls: Don't fail against a directory on Windows using SMB2.
o Arvid Requate <requate@univention.de>
* BUG 11392: s4-dsdb/netlogon: Allow missing ntver in cldap ping.
o Garming Sam <garming@catalyst.net.nz>
* BUG 12813: dnsserver: Stop dns_name_equal doing OOB read.
o Andreas Schneider <asn@samba.org>
* BUG 12886: s3:client: The smbspool krb5 wrapper needs negotiate for
authentication.
o Martin Schwenke <martin@meltin.net>
* BUG 12898: ctdb-common: Set close-on-exec when creating PID file.
4.6.6 (2017/07/12): security release in order to address the following defect:
o CVE-2017-11103 (Orpheus' Lyre mutual authentication validation bypass)
Changes since 4.6.5:
---------------------
o Jeffrey Altman <jaltman@secure-endpoints.com>
* BUG 12894: CVE-2017-11103: Orpheus' Lyre KDC-REP service name validation
4.6.5 (2017/06/06): the latest stable release of the Samba 4.6 release series.
Changes since 4.6.4:
---------------------
o Jeremy Allison <jra@samba.org>
* BUG 12804: s3: VFS: Catia: Ensure path name is also converted.
o Christian Ambach <ambi@samba.org>
* BUG 12765: s3:smbcacls add prompt for password.
o Ralph Boehme <slow@samba.org>
* BUG 12562: vfs_acl_xattr|tdb: Ensure create mask is at least 0666 if
ignore_system_acls is set.
* BUG 12702: Wrong sid->uid mapping for SIDs residing in sIDHistory.
* BUG 12749: vfs_fruit: lp_case_sensitive() does not return a bool.
* BUG 12766: s3/smbd: Update exclusive oplock optimisation to the lease area.
* BUG 12798: s3/smbd: Fix exclusive lease optimisation.
o Alexander Bokovoy <ab@samba.org>
* BUG 12751: Allow passing trusted domain password as plain-text to PASSDB
layer.
* BUG 12764: systemd: Fix detection of libsystemd.
o Amitay Isaacs <amitay@gmail.com>
* BUG 12697: ctdb-readonly: Avoid a tight loop waiting for revoke to
complete.
* BUG 12770: ctdb-logging: Initialize DEBUGLEVEL before changing the value.
o Shilpa Krishnareddy <skrishnareddy@panzura.com>
* BUG 12756: notify: Fix ordering of events in notifyd.
o Volker Lendecke <vl@samba.org>
* BUG 12757: idmap_rfc2307: Lookup of more than two SIDs fails.
o Stefan Metzmacher <metze@samba.org>
* BUG 12767: samba-tool: Let 'samba-tool user syncpasswords' report deletions
immediately.
o Doug Nazar <nazard@nazar.ca>
* BUG 12760: s3: smbd: inotify_map_mask_to_filter incorrectly indexes an
array.
o Andreas Schneider <asn@samba.org>
* BUG 12687: vfs_expand_msdfs tries to open the remote address as a file
path.
o Martin Schwenke <martin@meltin.net>
* BUG 12802: 'ctdb nodestatus' incorrectly displays status for all nodes with
wrong exit code.
* BUG 12814: ctdb-common: Fix crash in logging initialisation.
Pkgsrc changes:
* Adapt PLIST, new .so installed.
Upstream changes:
Changes since 4.6.3:
---------------------
o Volker Lendecke <vl@samba.org>
* BUG 12780: CVE-2017-7494: Avoid remote code execution from a writable
share.
Changes since 4.6.2:
--------------------
o Michael Adam <obnox@samba.org>
* BUG 12743: s3:vfs:shadow_copy2: vfs_shadow_copy2 fails to list snapshots
from shares with GlusterFS backend.
o Jeremy Allison <jra@samba.org>
* BUG 12559: Fix for Solaris C compiler.
* BUG 12628: s3: locking: Update oplock optimization for the leases era.
* BUG 12693: Make the Solaris C compiler happy.
* BUG 12695: s3: libgpo: Allow skipping GPO objects that don't have the
expected LDAP attributes.
* BUG 12747: Fix buffer overflow caused by wrong use of getgroups.
o Hanno Boeck <hanno@hboeck.de>
* BUG 12746: lib: debug: Avoid negative array access.
* BUG 12748: cleanupdb: Fix a memory read error.
o Ralph Boehme <slow@samba.org>
* BUG 7537: streams_xattr and kernel oplocks results in
NT_STATUS_NETWORK_BUSY.
* BUG 11961: winbindd: idmap_autorid allocates ids for unknown SIDs from
other backends.
* BUG 12565: vfs_fruit: Resource fork open request with
flags=O_CREAT|O_RDONLY.
* BUG 12615: manpages/vfs_fruit: Document global options.
* BUG 12624: lib/pthreadpool: Fix a memory leak.
* BUG 12727: Lookup-domain for well-known SIDs on a DC.
* BUG 12728: winbindd: Fix error handling in rpc_lookup_sids().
* BUG 12729: winbindd: Trigger possible passdb_dsdb initialisation.
o Alexander Bokovoy <ab@samba.org>
* BUG 12611: credentials_krb5: use gss_acquire_cred for client-side GSSAPI
use case.
* BUG 12690: lib/crypto: Implement samba.crypto Python module for RC4.
o Amitay Isaacs <amitay@gmail.com>
* BUG 12697: ctdb-readonly: Avoid a tight loop waiting for revoke to
complete.
* BUG 12723: ctdb_event monitor command crashes if event is not specified.
* BUG 12733: ctdb-docs: Fix documentation of "-n" option to 'ctdb tool'.
o Volker Lendecke <vl@samba.org>
* BUG 12558: smbd: Fix smb1 findfirst with DFS.
* BUG 12610: smbd: Do an early exit on negprot failure.
* BUG 12699: winbindd: Fix substitution for 'template homedir'.
o Stefan Metzmacher <metze@samba.org>
* BUG 12554: s4:kdc: Disable principal based autodetected referral detection.
* BUG 12613: idmap_autorid: Allocate new domain range if the callers knows
the sid is valid.
* BUG 12724: LINKFLAGS_PYEMBED should not contain -L/some/path.
* BUG 12725: PAM auth with WBFLAG_PAM_GET_PWD_POLICY returns wrong policy for
trusted domain.
* BUG 12731: rpcclient: Allow -U'OTHERDOMAIN\user' again.
o Christof Schmitt <cs@samba.org>
* BUG 12725: winbindd: Fix password policy for pam authentication.
o Andreas Schneider <asn@samba.org>
* BUG 12554: s3:gse: Correctly handle external trusts with MIT.
* BUG 12611: auth/credentials: Always set the realm if we set the principal
from the ccache.
* BUG 12686: replace: Include sysmacros.h.
* BUG 12687: s3:vfs_expand_msdfs: Do not open the remote address as a file.
* BUG 12704: s3:libsmb: Only print error message if kerberos use is forced.
* BUG 12708: winbindd: Child process crashes when kerberos-authenticating
a user with wrong password.
o Uri Simchoni <uri@samba.org>
* BUG 12715: vfs_fruit: Office document opens as read-only on macOS due to
CNID semantics.
* BUG 12737: vfs_acl_xattr: Fix failure to get ACL on Linux if memory is
fragmented.
