Samba 4.14.11 (gzipped)
Signature
Patch (gzipped) against Samba 4.14.10
Signature
=============================== Release Notes for Samba 4.14.11 December 15, 2021 =============================== This is the latest stable release of the Samba 4.14 release series. Important Notes =============== There have been a few regressions in the security release 4.14.10: o CVE-2020-25717: A user on the domain can become root on domain members. https://www.samba.org/samba/security/CVE-2020-25717.html PLEASE [RE-]READ! The instructions have been updated and some workarounds initially adviced for 4.14.10 are no longer required and should be reverted in most cases. o BUG-14902: User with multiple spaces (eg Fred<space><space>Nurk) become un-deletable. While this release should fix this bug, it is adviced to have a look at the bug report for more detailed information, see https://bugzilla.samba.org/show_bug.cgi?id=14902. Changes since 4.14.10 --------------------- o Jeremy Allison <jra@samba.org> * BUG 14878: Recursive directory delete with veto files is broken. * BUG 14879: A directory containing dangling symlinks cannot be deleted by SMB2 alone when they are the only entry in the directory. o Andrew Bartlett <abartlet@samba.org> * BUG 14656: Spaces incorrectly collapsed in ldb attributes. * BUG 14694: Ensure that the LDB request has not timed out during filter processing as the LDAP server MaxQueryDuration is otherwise not honoured. * BUG 14901: The CVE-2020-25717 username map [script] advice has undesired side effects for the local nt token. * BUG 14902: User with multiple spaces (eg Fred<space><space>Nurk) become un- deletable. o Ralph Boehme <slow@samba.org> * BUG 14127: Avoid storing NTTIME_THAW (-2) as value on disk * BUG 14922: Kerberos authentication on standalone server in MIT realm broken. * BUG 14923: Segmentation fault when joining the domain. o Alexander Bokovoy <ab@samba.org> * BUG 14903: Support for ROLE_IPA_DC is incomplete. o Stefan Metzmacher <metze@samba.org> * BUG 14788: Memory leak if ioctl(FSCTL_VALIDATE_NEGOTIATE_INFO) fails before smbd_smb2_ioctl_send. * BUG 14899: winbindd doesn't start when "allow trusted domains" is off. * BUG 14901: The CVE-2020-25717 username map [script] advice has undesired side effects for the local nt token. o Joseph Sutton <josephsutton@catalyst.net.nz> * BUG 14694: Ensure that the LDB request has not timed out during filter processing as the LDAP server MaxQueryDuration is otherwise not honoured. * BUG 14901: The CVE-2020-25717 username map [script] advice has undesired side effects for the local nt token.