Please note, that the 3.0 series will be DISCONTINUED after this release!
There will be neither any bugfix release nor any security release. Updating
to the latest release series is strongly recommended. For more information
on current Samba releases, please see
Major enhancements included in Samba 3.0.36 are:
o Fix Winbind crash on 'getent group' (bug #5906).
o Excel save operation corrupts file ACLs (bug #4308).
o Prevent segmentation fault on joining a very long domain name.
- CVE-2009-1888:
In Samba 3.0.31 to 3.3.5 (inclusive), an uninitialized read of a
data value can potentially affect access control when "dos filemode"
is set to "yes".
This security fix has already been integrated into "pkggsrc" via a patch
previously. The package was only updated to make future maintenance easier.
CVE-2009-1888:
In Samba 3.0.31 to 3.3.5 (inclusive), an uninitialized read of a
data value can potentially affect access control when "dos filemode"
is set to "yes".
bump PKGREVISION
- Fix update of machine account passwords.
- Fix SMB signing issue on Windows Vista with MS Hotfix KB955302.
- Fix Winbind crashes.
- Correctly detect if the current dc is the closest one.
- Add saf_join_store() function to memorize the dc used at join time.
This avoids problems caused by replication delays shortly after
domain joins.
- Fix write list in setups using "security = share".
AIX method was being chosen in preference (on NetBSD 5.0 at least). This
broke net and rpcclient, etc. as they failed to enumerate interfaces
correctly.
- Prevent crash bug in Winbind caused by a race condition
when a child process becomes unresponsive.
- Fix interactive password prompting in the "net" command.
- Documentation clarifications and typographical fixes.
- Correct issues with running Winbind running on a Samba PDC.
- Problems with trusted Windows 2008 domains.
- Difficulty joining an NT4 or Windows 2000 AD domain.
- Fix for CVE-2008-1105.
- Remove man pages for ldb tools not included in Samba 3.0.
- Fix build for pam_smbpass.
- Fix a crash in tdb_wrap_log().
- BUG 5267: Fix for nmbd termination problems when no interfaces
found.
- BUG 5326: OS/2 servers give strange "high word" replies for
print jobs.
- Remove MS-DFS check that required the target host be ourself.
- BUG 5372: Fix high CPU usage of cupsd on large print servers
by using more efficient CUPS queries in smbd.
- Rewrite integer wrap checks to deal with gcc 4.x optimizations.
- BUG 5095: Fix the enforcement of the "Manage Documents" access right.
- Don't free memory from getpass() in mount.cifs.
- BUG 5460: Fix MS-DFS referral problem in server code.
- Fix bug in Winbind that caused the parent to ignore dead children.
- Fix compile warnings.
- Fix build for pam_smbpass.
- Document build fixes.
- BUG 4235: Improve compliance to the Squid helper protocol.
- BUG 5107: Fix handling of large DNS replies on AIX and Solaris.
- Prevent cycle in Wibind's list of children when reaping dead processes.
- BUG 5419: Fix memory leak in ads_do_search_all_args() (merge from v3-2).
- Fix winbind NETLOGON credential chain on a samba dc for w2k8 trusts.
- Fix client connections and negotiation with Windows 2008 DCs
in member server code.
- Add NT_STATUS_DOWNGRADE_DETECTED error code (merge from v3-2).
- BUG 5430: Fix pam_winbind.so on Solaris (requires -lsocket).
- Re-add samr getdispinfoindex parsing which got lost in the glue commit.
- BUG 5461: Implement a very basic _samr_GetDisplayEnumerationIndex().
Corrects interop problem between Citrix PM and a Samba DC.
- BUG 3840: Fix smbclient connecting to NetApp filers when using
whitespace in the user's password.
- BUG 4901: Fix behavior of "ldap passwd sync = only".
- BUG 5317: Fix debug output from domain_client_validate().
- BUG 5338: Fix format string bug in rpcclient.
- Ensure that "wbinfo -a trusted\\user%password" works correctly
on a Samba DC with trusts.
- BUG 5336: Fix SetUsetrInfo(level 25) to update the pwdLastSet
attribute.
- BUG 5350: Fallback to anonymous sessions if not trust password
could be obtained on Samba DCs and member servers.
- BUG 5366: Fix password chat on Sun OpenSolaris (Nevada).
- Fix signing problem in the client with trans requests.
- Fix alignment bug hitting Solaris with "reset in zero vc" activated.
- Fix build with glibc 2.8.
- Enable winbind child processes to do something with signals, in
particular closing and reopening logs on SIGHUP.
- Documentation cleanup after r emerging docs from svn to git and
back-porting from the v3-2 branch.
- Add implementation of machine-authenticated connection to netlogon
pipe used when connecting to win2k and newer domain controllers.
- Fix trusted users on a DC that uses the old idmap syntax.
- Only have Winbind cache domain password policies that were
successfully retrieved.
- Fix alignment bug when marshalling printer data replies.
- Fix DeleteDriverDriverEx() checks to prevent removing in use files.
CHANGES FOR PKGSRC:
==================
Makefile:
+ Modify section that manually handles the ELF symlinks for samba
shared libraries -- add additional libraries that are built (addns,
smbsharemodes) and reorganize so we don't need two loops where one
will do.
+ Pass --with-included-popt to the configure script to force using
the popt distribution included with samba to avoid any library
mismatch errors between samba and any installed popt. This fixes
PR pkg/34444 by Jason Lingohr.
+ Don't build the smbmount programs on Linux -- they're deprecated in
favor of the mount.cifs programs.
+ Remove some pkgviews-related settings -- I'm not supporting pkgviews
installation of samba.
Makefile.patches:
+ Empty out PATCHFILES because we are updating to the latest release
of samba, which has all previous patches for security advisories
already rolled into the main sources.
Makefile.mirrors:
+ Update SAMBA_MIRRORS in Makefile.mirrors to the latest list of FTP
mirrors.
options.mk:
+ Only show the ``acl'' option on platforms that actually support
POSIX ACLs.
+ Add a new ``fam'' option to enable building the notify_fam VFS
module.
patch-ab, patch-ax:
+ Remove patch-ab and update patch-ax -- there's nothing for the
scripts to back up so we don't need to patch the install* scripts
to avoid this.
patch-ae, patch-ah:
+ Update patch-ae and remove patch-ah -- we should definitely check
that PAM_AUTHTOK_RECOVERY_ERR is defined before using its value to
define PAM_AUTHTOK_RECOVER_ERR.
patch-at, patch-au:
+ Fix patch-at and patch-au -- in configure.in, we need to "escape"
left and right brackets or else m4 will strip them away in the
resulting configure script. This should fix the detection of FreeBSD
and NetBSD systems capable of using nss_winbind noted in PR pkg/38076
by Ingo Meyer.
patch-ay:
+ Remove some unnecessary changes -- we can safely just do "mkdir" in
some places because we know the parent and any intermediate directories
exist.
patch-be:
+ Fix a bug in locating WINS_LIST -- nmbd/nmbd_winsserver.c was
referring to WINS_LIST under the state directory in one place and
under the lock directory in another; change all references to be
under the state directory.
patch-db:
+ Add patch to fix the build of samba on older BSDs. Patch supplied
in PR pkg/37487 by John Frear.
All remaining changes to patches/patch-* are simply to remove fuzz.
MAJOR CHANGES FROM VERSION 3.0.26a:
* Fix failure to join Windows 2008 domains.
* Fix Windows Vista (including SP1 RC) inter-op issues.
* Add a new ``administrative share'' service parameter for defining
hidden shares that cannot be managed from Windows.
* Fix for CVS-2007-6015 (already fixed in 3.0.26anb4 in pkgsrc).
* Fix for CVS-2007-5398 (already fixed in 3.0.26anb4 in pkgsrc).
* Fix for CVS-2007-4572 (already fixed in 3.0.26anb4 in pkgsrc). Also
subsequent fix for regression experienced by smbfs clients caused by
the fix for CVS-2007-4572, noted in PR pkg/38300 by Dave Barnes.
* Many other bugs fixed and memory leaks plugged.
o security = share and NTLMv2
Fixes an issues with servers set to "security = share" and Vista
clients that send NTLMv2 responses by default.
o Vista Point-n-Print
Fixes several point-n-print bugs with Vista clients.
o BUG 4361
Fix failure when using the Vista backup utility.
o BUG 4093
Fix expansion of the %a smb.conf variable for Vista clients.
o BUG 4356
Fix MS-DFS referrals with Windows Vista clients.
o BUG 4188
Fix for Vista failing to delete directories on a Samba share.
Bump PKGREVISION.
Major changes since version 3.0.22:
- CVE-2007-0452 (Potential Denial of Service bug in smbd)
- CVE-2007-0453 (Buffer overrun in NSS host lookup Winbind
NSS library on Solaris)
- CVE-2007-0454 (Format string bug in afsacl.so VFS plugin)
- Stability fixes for winbindd
- Portability fixes on FreeBSD and Solaris operating systems.
- Authentication failures in pam_winbind when the AD domain
policy is set to not expire passwords.
- Authorization failures when using smb.conf options such
as "valid users" with the smbpasswd passdb backend.
- Ambiguity with unqualified names in smb.conf parameters
such as "force user" and "valid users".
- Errors in 'net ads join' caused by bad IP address in the list
of domain controllers.
- SMB signing errors in the client and server code.
- Domain join failures when using smbpasswd on a Samba PDC.
- Failure to strip the domain name from groups when 'winbind
use default domain = yes'
- Failure in pam_winbind to correctly parse arguments.
- Bad token creation of local users on member servers not
running winbindd.
- Failure to add users or groups to ACLs using the Windows
object picker.
- Failure in file serving code when 'kernel oplocks = yes'.
- New "createupn" option to "net ads join"
- Rewritten Kerberos keytab generation when 'use kerberos
keytab = yes'
- Improved 'make test'
- New offline mode in winbindd.
- New Kerberos support for pam_winbind.so.
- New handling of unmapped users and groups.
- New non-root share management tools.
- Improved support for local and BUILTIN groups.
- Winbind IDMAP integration with RFC2307 schema objects supported
by Windows 2003 R2.
- Rewritten 'net ads join' to mimic Windows XP without requiring
administrative rights to join a domain.
files-check: No backup copies of the Samba binaries are made.
Before using ln -s, the destination file is removed. This is necessary
for installing the package over an already-installed version.
* Fix CAN-2006-1059 -- samba<3.0.22 exposes the clear text of the
server's machine account credentials in the winbind log files when
the log level is set to 5 or higher.
* Append "-pkgsrc" to the Samba version string so as to distinguish
the official version from the pkgsrc version, which has the
modifications for "state directory" and "passwd expand gecos".
* Modify package so that we automatically determine the name of the
nsswitch modules that are installed by samba with the winbind
option. We extract this information by invoking the config.status
script to get the value that the configure script determined.
o Access checks when deleting printer driver meta-data.
o Several non-default combinations schannel and SPNEGO support.
o Password changes with NT4 and Win2k pre-SP4 clients.
o High load issues on IRIX caused by a bug when interfacing
with kernel oplocks.
o Server crashes in smbd.
o Compile issues on 64-bit platforms.
o Crash bugs on big-endian systems.
o Packaging fixes for RHEL/Fedora, Solaris, & Debian.
o Over 30 bugzilla reports closed.
Bugfixes:
o Address a bug in the oplock code which may cause clients to stall
when multiple users are accessing a share concurrently
o Missing groups in a user's token when logging in via kerberos
o Incompatibilities with newer MS Windows hotfixes and
embedded OS platforms
o Portability and crash bugs.
o Performance issues in winbindd.
Additions:
o Complete NTLMv2 support by consolidating authentication
mechanism used at the CIFS and RPC layers.
o The capability to manage Unix services using the Win32
Service Control API.
o The capability to view external Unix log files via the
Microsoft Event Viewer.
o New libmsrpc share library for application developers.
o Rewrite of CIFS oplock implementation.
o Performance Counter external daemon.
o Winbindd auto-detection query methods when communicating with
a domain controller.
o The ability to enumerate long share names in libsmbclient
applications.
for samba-3.0.20b that are applied as part of this update include:
http://www.samba.org/samba/patches/print_lprm.patchhttp://www.samba.org/samba/patches/quota.patchhttp://www.samba.org/samba/patches/bug3201_wbinfo.patch
This fixes PRs pkg/31352 and pkg/31991. Important changes that were
made as part of porting this Samba release to pkgsrc include the
following:
* The new release model for Samba includes distributing patches for
urgent bug fixes that will be included in the next release of Samba,
and are available at http://www.samba.org/samba/patches/. Since
these patches are rather generically named, we download all DISTFILES
and PATCHFILES for Samba into a ${DISTNAME}-specific directory.
* The default configuration for the samba package no longer builds the
"winbind" portions of samba, which are really only useful when
attempting to unify logons between Unix and Microsoft Windows. When
the "winbind" option is specified, we also build the RID and AD idmap
backends, which allow sharing UIDs/GIDs across Unix machines.
* New package options have been added to the build: "mysql", "pgsql",
and "xml" allow adding optional support for experimental passdb
storage backends, and "winbind" allows for optionally building the
winbindd daemon and associated plugins.
* Two new smb.conf options were added -- "passwd expand gecos" and
"state directory". The first describes whether "&" in the GECOS
field of a passwd db entry is expanded to the login name. The
second describes the location where the persistent-state database
files are stored.
* Luke Mewburn contributed code to allow nss_winbind.so to work properly
on supported NetBSD systems. The FreeBSD NSS winbind code should
probably be replaced with a suitably tweaked version of the NetBSD
code since the latter is much more complete in the functions that are
provided, but I'll leave that to freebsd-pkg-people.
* Samba dumps all of its files into "lock directory", but some of them
need to persist across reboots. We make a distinction between these
files and the temporary files that are re-created by the Samba
daemons when they are restarted -- the former are now stored in a
"state directory" and the latter are stored in the "lock directory".
This is modeled after the Debian patch to Samba located in:
packaging/Debian/debian-unstable/patches/fhs.patch
The "lock directory" default has been moved to ${VARBASE}/run/samba
to emphasize the temporary status of the files stored in that
directory.
* Samba persists in using PAM_AUTHTOK_RECOVER_ERR, when there is almost
universal agreement that PAM_AUTHTOK_RECOVERY_ERR is the right
constant to use. Even the Linux-PAM distribution ensures that
PAM_AUTHTOK_RECOVERY_ERR is correctly defined. To work around this,
we define PAM_AUTHTOK_RECOVER_ERR appropriately in all the places
where it is used.
* The configure script checks for OpenSSL's libcrypto.so by looking
for the symbol "des_set_key". However, libcrypto.so might not
contain that symbol because the DES functions might come from a
separate library, e.g. libdes.so. In this case, the configure script
will think that libcrypto.so is not available, when it actually may
be. Instead, look for EVP_des_cbc, which is always provided by
libcrypto.so.
* Add some missing $(PASSDB_LIBS) references to the Makefile to fix
compilation problems if the experimental passdb backends are statically
compiled into the Samba suite programs.
* Fix compilation problems in sam/idmap_rid.c and sam/idmap_ad.c if the
"rid" and "ad" idmap backends are statically compiled into winbindd.
Changes between version 3.0.14a and 3.0.20b include:
o Reporting files as read-only instead of returning the correct error
code of "access denied"
o File system quota support defects
o Crash bugs caused by incompatibilities on 64-bit systems.
o User Manager interoperability problems.
o Support for several new Win32 rpc pipes.
o New 'net rpc service' tool for managing Win32 services.
o Capability to set the owner on new files and directory based on the
parent's ownership.
o Experimental, asynchronous IO file serving support.
o Support for Microsoft Print Migrator.
o New Winbind IDmap plugin (ad) for retrieving uid and gid from AD
servers which maintain the SFU user and group attributes.
o Rewritten support for POSIX pathnames when utilizing the Linux CIFS
fs client.
o New asynchronous winbindd.
o New Windows NT registry file I/O library.
o New user right (SeTakeOwnershipPrivilege) added.
o New "net share migrate" options.
decide if it's actually libcrypto.so from the OpenSSL distribution.
Samba looks to see if libkrb5.so needs it to link when samba is
configured to build ADS support. However, newer versions of heimdal
don't need the old DES API, and newer versions of OpenSSL don't even
provide the old des_* symbol names in the library, so "des_set_key"
is a poor choice to use to detect libcrypto.so. The only place in
the samba sources where the old DES API is even used is in the AFS
fake kaserver support, which pkgsrc does not (ever) intend to support.
This fixes PR pkg/24456.
Changes from 3.0.10 are huge, please see
http://www.samba.org/samba/history/samba-3.0.14a.html in detail.
pkgsrc changes:
* replace ln command to ${LN}.
* avoid use file for shell's variable.
* remove trailing spaces.
- Added checks surrounding all *alloc() calls to fix CAN-2004-1154.
- Fix long standing memory size bug in bitmap_allocate().
- Remove bogus error check in deferred open file serving
code.
- Fix autoconf script on platforms using a version of GNU ld
that does not include a date stamp in the output of --version.
- Fix the swat install script to deal with the new image
destination directory used by the docs.
Changes:
o Problem updating roaming user profiles.
o Crash in smbd when printing from a Windows 9x client.
o Unresolved symbols in libsmbclient which caused
applications such as KDE's konqueror to fail when
accessing smb:// URLs.
Common bugs fixed in 3.0.8 include:
o Compile fixes for HP-UX
o Fixes for the printer publishing code used when joined to
an AD domain.
o Incompatibilities with file system quotas.
o Several bugs in the spoolss printing code and print system
backends.
o Inconsistencies in the username map functionality when
configured on domain member servers.
o Various compile warnings and errors on various platforms.
o Fixes for kerberos interoperability with Windows 200x
domains when using DES keys.
o Fix for CAN-2004-0930 -- smbd remote DoS vulnerability.
New features included in the 3.0.8 release are:
o New migration functionality added the the net tool
for files/directories, printers, and shares.
o New experimental idmap backend for assigning uids/gids
directly based on the user/group RID when acting as a
member of single domain without any trusts.
o Additional printer migration support for XP/2003 platforms.
o Fixes for two Denial of Service vulnerabalities
(CVE ID# CAN-2004-0807 & CAN-2004-0808).
o Winbind failure to return user entries under certain conditions.
o Syntax errors in the OpenLDAP schema file (samba.schema).
o Printing errors caused by not setting default values for the various
printing commands.
* Disable 'winbind enable local accounts' by default.
o Schannel failure in winbindd.
o Incompatibilities between the 'write list' and 'force user' smb.conf
options.
o Premature optimization of the open_directory() internal function that
broke tools such as the ArcServe backup agent, Macromedia HomeSite,
and Robocopy.
o Sharing violation errors commonly seen when opening when serving
Microsoft Office documents from a Samba file share.
o Browsing problems caused by an apostrophe (') in the computer's
description field.
o Problems creating special file types from UNIX CIFS clients and
enabling 'unix extensions'.
o Fix stalls in smbd caused by inaccessible LDAP servers.
o Remove various memory leaks.
o Fix issues in the password lockout feature.
o Using a cups server other than localhost.
o Maintaining the service principal entry in the system keytab for
integration with other kerberized services. Please refer to the
'use kerberos keytab' entry in smb.conf(5). When using the heimdal
kerberos libraries, you must also specify the following in /etc/krb5.conf:
[libdefaults]
default_keytab_name = FILE:/etc/krb5.keytab
o Support for maintaining individual printer names stored separately
from the printer's sharename.
o Support for maintaining user password history.
o Support for honoring the logon times for user in a Samba domain.
* Reintroduce 'force unknown acl user' parameter. When getting a security
descriptor for a file, if the owner sid is not known, the owner uid is
set to the current uid. Same for group sid.
Common bugs fixed in Samba 3.0.3 include:
o Crash bugs and change notify issues in Samba's printing code.
o Honoring secondary group membership on domain member servers.
o TDB scalability issue surrounding the TDB_CLEAR_IF_FIRST flag.
o Substitution errors for %[UuGg] in smb.conf.
o winbindd crashes when using ADS security mode.
o SMB signing errors.
o Delays in winbindd startup caused by unnecessary
connections to trusted domain controllers.
o Various small memory leaks.
o Winbindd failing due to expired Kerberos tickets.
New features introduced in Samba 3.0.3 include:
o Improved support for i18n character sets.
o Support for account lockout policy based on
bad password attempts.
o Improved support for long password changes (>14
characters) and strong password enforcement.
o Support for Windows aliases (i.e. nested groups).
o Experimental support for storing DOS attribute on files
and folders in Extended Attributes.
o Support for local nested groups via winbindd.
o Specifying options to be passed directly to the CUPS libraries.
And more... please review "WHATSNEW.txt".
o Joining a Samba domain from Pre-SP2 Windows 2000 clients.
o Logging onto a Samba domain from Windows XP clients.
o Problems with the %U and %u smb.conf variables in relation to
Windows 9x/ME clients.
o Kerberos failures due to an invalid in memory keytab detection
test.
o Updates to the ntlm_auth tool.
o Fixes for various SMB signing errors.
o Better separation of WINS and DNS queries for domain controllers.
o Issues with nss_winbind FreeBSD and Solaris.
o Several crash bugs in smbd and winbindd.
o Output formatting fixes for smbclient for better compatibility
with scripts based on the 2.2 version.
* Active Directory support. Samba is able to join a ADS realm as
a member server and authenticate using LDAP/Kerberos.
* Unicode support.
* New, more flexible authentication (passdb) system.
* A new "net" command that is similar to the "net" command in Windows.
* Samba now negotiates NT-style status32 codes on the wire, which
greatly improves error handling.
* Better Windows 2K/2K3/XP printing support.
* Loadable module support for passdb backends and character sets.
* More performant winbindd.
* Support for migrating from a Windows NT4 domain to a Samba domain
and maintaining user, group, and domain SIDs.
* Support for establishing trust relationships with Windows NT4 DCs.
* Initial support for a distributed Winbind architecture using an
LDAP directory for storing SID-to-uid/gid mappings.
* Major updates to the Samba documentation tree.
* Full support for client and server SMB signing to ensure
compatibility with default Windows 2K3 security settings.
* Improvement of ACL mapping features.
* findsmb is a perl script, and we need to substitute the correct path to
the perl interpreter.
* Don't create ${PREFIX}/private during a "make install" as it's a
completely useless directory.
* Don't bother to install the completely outdated Samba HTML documentation
that is superseded by the Samba HOWTO Collection documentation.
Changes since 2.2.8:
Digital Defense, Inc. has alerted the Samba Team to a serious
vulnerability in all stable versions of Samba currently shipping.
The Common Vulnerabilities and Exposures (CVE) project has assigned
the ID CAN-2003-0201 to this defect.
This vulnerability, if exploited correctly, leads to an anonymous
user gaining root access on a Samba serving system. All versions
of Samba up to and including Samba 2.2.8 are vulnerable. An active
exploit of the bug has been reported in the wild.
****************************************
* IMPORTANT: Security bugfix for Samba *
****************************************
The SuSE security audit team, in particular Sebastian Krahmer
<krahmer@suse.de>, has found a flaw in the Samba main smbd code which
could allow an external attacker to remotely and anonymously gain
Super User (root) privileges on a server running a Samba server.
This flaw exists in previous versions of Samba from 2.0.x to 2.2.7a
inclusive. This is a serious problem and all sites should either
upgrade to Samba 2.2.8 immediately or prohibit access to TCP ports 139
and 445. Advice created by Andrew Tridgell, the leader of the Samba
Team, on how to protect an unpatched Samba server is given at the end
of this section.
The SMB/CIFS protocol implemented by Samba is vulnerable to many
attacks, even without specific security holes. The TCP ports 139 and
the new port 445 (used by Win2k and the Samba 3.0 alpha code in
particular) should never be exposed to untrusted networks.
O_RDWR fails in fcbopen case, remember the errno from previous open_file()
call and set errno back to this value if the second open_file() call
fails too
this makes samba report EACCESS instead of confusing ENOENT if creation
of file fails due to insufficient permissions for SMBcreate/SMBmknew call
bump package revision
1) Fix for smbclient reporting negative file sizes on dir command
and negative statistics being reported when using put or get
on large files.
2) Fix bug in determination of allocation size
3) Fix 64bit size problems which prevented copying of files larger
than 2 GBytes.
4) Fix for xcopy /s problem with old DOS clients not sending correct
attributes on subsequent SMBsearch calls.
5) Fix bug in call to standard_sub_advanced giving a 0 length. This
fixes the string overflow in string_sub errors.
6) Correctly handle querygroup rpcclient command
7) fix broken incremental tar in smbtar command
A security hole has been discovered in versions 2.2.2 through 2.2.6
of Samba that could potentially allow an attacker to gain root access
on the target machine. The word "potentially" is used because there
is no known exploit of this bug, and the Samba Team has not been able to
craft one ourselves. However, the seriousness of the problem warrants
this immediate 2.2.7 release.
1) ensure we send the notify message in the same way it is expected
to be received by srv_spoolss_receive_message().
2) attribute matching on truncate only matters when opening truncate
with current SYSTEM|HIDDEN -> NONE. It's fine to truncate on open
with current NONE -> SYSTEM | HIDDEN.
3) Fix bug in rpcclient's deldriver command
4) Don't set global_machine_password_needs_changing if
lp_machine_password_timeout() is set to zero
5) don't parse the BUFFER5 if the buffer length is zero
6) fix core dump if pdbedit is run as non-root or smbpasswd file does
not exist
7) Ensure can_delete() returns correct error code
8) correctly return NT_STATUS_DELETE_PENDING from open code
9) fix bug that assumed dos_unistr2 length was in ucs2 units, not bytes
10) check the long_archi name is not null when deleting a printer driver.
fixes core dump in smbd when using rpcclient's deldriver
11) fix fd leak with kernel change notify on Linux 2.4 kernels
12) must add one to the extra_data size to transfer the 0 string
terminator. This was causing "wbinfo --sequence" to access past the
end of malloced memory
13) fix for large systems allowing more than 65536 files open in
NTcreate&X
14) Fix bug in %U expansion
* Fixes for MS-RPC printing issues affecting Windows 2000 clients
* New support for smb.conf generation in SWAT
* Inclusion of several performance enhancements
* Fixes for several file locking bugs and returned status codes
