Dear release team,
This is a request for a freeze exception for the new upstream version of
samba 3.2.1. Samba 3.2.1 is a stable point release of the recent Samba 3.2
branch; while this is not guaranteed to be a bugfix only branch, the changes
here are not extraneous. diffstat of the source/ directory (i.e., excluding
the documentation) gives:
56 files changed, 774 insertions(+), 517 deletions(-)
Almost all of these changes are straightforward bugfixes, some of which are
certainly severity: important despite being unfiled. Highlighting those
changes that are not straightforward, for consideration:
* Improve processing of registry shares.
* Canonicalize servername in the printer functions to remove leading
'\\' characters.
* Fix option processing in smbcacls - add POPT_COMMON_CONNECTION.
* Re-activate 'acl group control' parameter and make it only apply
to owning group.
* Make ntimes function more like POSIX and allow NULL arg.
* Fix error message if trying to join with a non-privileged user.
* Cleanup some duplicate code by passing the password to the wbinfo_auth*
functions.
* Allow SID with 0 in subauthority to be converted properly.
* Add broadcasting of the debug message to all winbindd children.
* Allow authentication and memory credential refresh after password
change from gdm/xdm.
* Allow %u parameters for print job username.
The first of these is a rather sizeable change (117 insertions(+), 32
deletions(-)), but it's also a change regarding a new feature, so there's
minimal risk of regression.
And I believe this next change corresponds to Debian bug #493752:
* Fix trusted domain handling in Winbindd.
The full WHATSNEW.txt (== release notes) for this release is attached.
Is this acceptable? Note that over the course of a stable release, samba
will typically have a large number of security uploads due to the size and
complexity of the code base, so on balance this diff, though large, is not
necessarily larger than the delta that would eventually be allowed through
via SRU anyway; and it's impossible to predict whether accepting these
changes now will make a difference for security fixes later. I think that
this early in the freeze, we're better off taking the new upstream version
here.
If that's not ok, then we maintainers will need to cherry-pick a number of
these changes anyway; more work for us, with an IMHO minimal decrease in the
risk of regression.
I also have one Debian-specific change on my radar currently, to try to get
the size of these packages down size they've bloated significantly with the
newest upstream branch.
Thanks,
--
Steve Langasek Give me a lever long enough and a Free OS
Debian Developer to set it on, and I can move the world.
Ubuntu Developer http://www.debian.org/
[EMAIL PROTECTED] [EMAIL PROTECTED]
==============================
Release Notes for Samba 3.2.1
August 5, 2008
==============================
This is the second stable release of Samba 3.2.
Major bug fixes included in Samba 3.2.1 are:
o Race condition in Winbind leading to a crash.
o Regression in Winbindd offline mode.
o Flushing of smb.conf when creating a new share using SWAT.
o Setting of ACEs in setups with "dos filemode = yes".
######################################################################
Changes
#######
Changes since 3.2.0
-------------------
o Michael Adam <[EMAIL PROTECTED]>
* BUG 5608: Fix link creation for libtalloc.so.1 (and friends) on
Solaris 8.
* BUG 5594: Fix "make test" by adding and using a new testparm
switch "--skip-logic-checks".
* Fix creation of libaddns.a, libsmbclient.a and libsharemodes.a.
* Update the section about net conf in the net(8) manpage.
* Improve processing of registry shares.
* Fix listing of registry shares with testparm.
* Fix several build issues.
o Jeremy Allison <[EMAIL PROTECTED]>
* BUG 5578: Fix error from strlcat.
* BUG 5613: Fix flushing of smb.conf when creating a new share using SWAT.
* Ensure consistent use of pdb_get_nt_passwd instead of
pdb_get_lanman_passwd.
* Remove worrying warning message when safe_strcpy tries to copy a
pseaudo interface name that's too long.
* Canonicalize servername in the printer functions to remove leading
'\\' characters.
* Fix option processing in smbcacls - add POPT_COMMON_CONNECTION.
* Fix bug creating files using DOS clients with mixed case files.
* Fix uninitialized variable.
o Yannick Bergeron <[EMAIL PROTECTED]>
* Fix compile error on AIX 6.1
o Jim Brown <[EMAIL PROTECTED]>
* Fix SGI compiler warnings.
o Günther Deschner <[EMAIL PROTECTED]>
* BUG 5616: Fix session keys also in rpccli_netr_LogonSamLogonEx wrapper.
* BUG 5570: Fix bogus error message during AD domain join.
* Fix trusted domain handling in Winbindd.
* Fix build warning.
o SATOH Fumiyasu <[EMAIL PROTECTED]>
* BUG 5202: Fix setting of ACEs for users/groups with write access
in setups with 'dos filemode = yes'.
* Re-activate 'acl group control' parameter and make it only apply
to owning group.
o Volodymyr Khomenko <[EMAIL PROTECTED]>
* Make ntimes function more like POSIX and allow NULL arg.
o Volker Lendecke <[EMAIL PROTECTED]>
* BUG 5512: Fix alignment problems on sparc.
* BUG 5616: Fix share connections in setups with
"server signing = mandatory" or SMB signing set on the client side.
* Fix a race condition in Winbind leading to a crash.
* Fix a segfault in base64_encode_data_blob.
* Fix some uninitialized variable references via ndr_print.
* Fix error message if trying to join with a non-privileged user.
* Fix setups using "include = registry" without [global] settings
in the registry.
* Fix "net sam rights" on domain member servers.
* Add documentation for the vfs streams modules.
o Herb Lewis <[EMAIL PROTECTED]>
* Cleanup some duplicate code by passing the password to the wbinfo_auth*
functions.
* Allow SID with 0 in subauthority to be converted properly.
o Zach Loafman <[EMAIL PROTECTED]>
* Set sin[6]_family instead of ss_family in in[6]_addr_to_sockaddr_storage.
* Fix realpath() check so that it doesn't generate a core() when it fails.
o Jim McDonough <[EMAIL PROTECTED]>
* Fix overwriting of winbind logfiles.
o Lars Müller <[EMAIL PROTECTED]>
* Fix "vfs_full_audit.c: name table not in sync with vfs.h" panic.
o Darshan Purandare <[EMAIL PROTECTED]>
* Add broadcasting of the debug message to all winbindd children.
o Karolin Seeger <[EMAIL PROTECTED]>
* BUG 5635: Fix updating of printer queues.
o Andreas Schneider <[EMAIL PROTECTED]>
* Release still reachable memory if the smbclient context is freed.
* Remove trailing withespace from wbinfo -m which breaks gdm auth.
o Simo Sorce <[EMAIL PROTECTED]>
* BUG 5540: Fix "set primary group script" user option substitution.
* Fix regression in Winbindd offline mode.
o Bo Yang <[EMAIL PROTECTED]>
* Allow authentication and memory credential refresh after password
change from gdm/xdm.
* Allow %u parameters for print job username.
######################################################################
Reporting bugs & Development Discussion
#######################################
Please discuss this release on the samba-technical mailing list or by
joining the #samba-technical IRC channel on irc.freenode.net.
If you do report problems then please try to send high quality
feedback. If you don't provide vital information to help us track down
the problem then you will probably be ignored. All bug reports should
be filed under the Samba 3.2 product in the project's Bugzilla
database (https://bugzilla.samba.org/).
======================================================================
== Our Code, Our Bugs, Our Responsibility.
== The Samba Team
======================================================================
