Samba 3.2.8 Available for Download

                   Release Notes for Samba 3.2.8
			  March 03, 2009

This is a bug fix release of the Samba 3.2 series.

Major enhancements included in Samba 3.2.8 are:

  o Correctly detect if the current DC is the closest one.
  o Add saf_join_store() function to memorize the DC used at join time.
    This avoids problems caused by replication delays shortly after domain

The original security announcement for this and past advisories can
be found


Changes since 3.2.7

o   Michael Adam 
    * BUG 6066: netinet/ip.h present but cannot be compiled under Solaris.
    * Fix join by creating keytab after changing the config in libnet.
    * Streamline logic of libnet_join_post_processing() in libnet_join.
    * Fix build of [u]mount.cifs in the RHEL packaging.
    * Fix distclean target and add realdistclean target in the docs build.
    * Clean generated .png images and build/catalog.xml in "make clean".
    * Fix detection of netinet/ip.h on Solaris 8.

o   Jeremy Allison 
    * BUG 4308: Excel save operation corrupts file ACLs.
    * BUG 5979: Fix level 2 oplocks.
    * BUG 5980: Fix race condition when granting level2 oplocks can cause break
      notify to be missed.
    * BUG 5986: Fix renaming of streams.
    * BUG 5990: Strict allocate should be checked before ftruncate.
    * BUG 6009: Setting "min receivefile size = 1" breaks writes.
    * BUG 6016: Alternate Data Streams / Extended Attributes seem to conflict.
    * BUG 6017: Fix magic scripts.
    * BUG 6019: Fix file corruption in Clustered SMB/NFS environments managed via
    * BUG 6021: smbclient du command does not recuse properly.
    * BUG 6030: Add missing  header in Status page.
    * BUG 6035: Fix possible race between fcntl F_SETLKW and alarm delivery.
    * BUG 6040: Calling Samba print server with an aliased DNS-name fails.
    * Fix race condition in alarm lock processing.
    * Fix logic bug introduce in backport of ccache_regain_all_now.
    * Fix crash bug in SWAT.
    * Fix logic error in try_chown.
    * Fix detection of dns_sd libraries.

o   Kai Blin 
    * BUG 5953: Fix smbclient crashes.

o   Gerald (Jerry) Carter 
    * Fix "allow trusted domain" so it disables trusted domains.

o   Guenther Deschner 
    * Fix buffer allocation in eventlog read call.
    * Fix various invalid memcpy in read_package_entry().

o   SATOH Fumiyasu 
    * Variables for signals must be volatile sig_atomic_t in Winbind.
    * Fix gmem->numgids and gmem->maxgids breakage on Solaris 64-bit.
    * Fix a compile-time warning.
    * Fix SIGBUS on non-x86 CPUs in libsmbclient.

o   Björn Jacke 
    * Correct the description of the "ldap timeout" parameter.
    * Fix build with external dns_sd libraries.

o   Jeff Layton 
    * Allow mounts to ipv6 capable servers in mount.cifs.

o   Volker Lendecke 
    * BUG 5933: Fix incrementing/decrementing num_validated_vuids.
    * BUG 5953: Make cli_send_smb_direct_writeX use writev.
    * BUG 5965: Fix creation of the first share using SWAT.
    * BUG 5969: Optimize smbclient put command.
    * BUG 6014: mget shouldn't segfault without arguments.
    * Fix error code when smbclient puts a file over an existing directory.
    * Fix a valgrind error.
    * Fix a "ignoring function call result" warning.
    * Add sys_writev.
    * Add write_data_iov.
    * Make write_data use write_data_iov.
    * Fix a memory leak in cups_pull_comment_location.
    * Fix an ancient uninitialized variable read.
    * Fix a bad memleak in vfs_full_audit.
    * Fix several valgrind errors.
    * Fix 'net rpc join' for users with the SeMachineAccountPrivilege.

o   Herb Lewis 
    * Don't return 0 on error in smbcacls - bad for scripts.

o   Derrell Lipman 
    * Determine case sensitivity based on file system attributes in

o   Stefan Metzmacher 
    * Correctly detect if the current dc is the closest one.
    * Use get_dc_name() instead of get_sorted_dc_list() in the LDAP case.
    * Fallback to returning all DCs, when none is available in the requested
    * Add saf_join_store() function.
    * Use DS_FORCE_REDISCOVERY in libnet_join.
    * Use dbwrap to open sessionid.tdb in net status.
    * Fix dbwrap_store_uint32() to match dbwrap_store_int32().
    * Handle the SMB signing states the same in the krb5 and ntlmssp cases in
    * Re-add "fileid:algorithm" as option in vfs_fileid.
    * Add vfs_fileid manpage.

o   Lars Mueller 
    * Tweak with pam defines of older Linux versions.
    * Adjust regex to match variable names including underscores.
    * Conditional install of the cifs.upcall man page.

o   Tim Prouty 
    * Fix stream marshalling to return the correct streaminfo status.
    * Fix a delete on close divergence from Windows.
    * Allow renames of streams via NTRENAME and fix stream error codes on
    * Remove a few unnecessary checks from the streams depot module and fix to
      work with NTRENAME.
    * Remove a few unnecessary checks from the streams xattr module.
    * Remove a few unnecessary checks from the streams xattr module.

o   Andreas Schneider 
    * Fix a segfault if ? is there but the options are NULL.
    * Avoid flooding of syslog with failing pam_putenv messages.
    * Document default of the printing config variable.
    * Use talloc_tos() instead of the talloc NULL context.

o   Karolin Seeger 
    * BUG 6058: Use 'make distclean' instead of 'make clean' in build_docs.
    * BUG 6000: Avoid bashism in perfcount.init.
    * Change default value for "ldap ssl" to "start tls".
    * Several documentation improvements/typo fixes.
    * Fix syntax error in samba.spec.tmpl.
    * Check if Unix account exists before asking for the password in smbpasswd.
    * Add manpage for vfs_shadow_copy2.

o   Richard Sharpe 
    * Fix mistake in DEBUG message.

o   Andrew Tridgell 
    * Keep compatibility with v3-0-ctdb name for fileid:mapping option.

o   Bo Yang 
    * Clean event context after child is forked.
    * Refresh sequence number as soon as possible.
    * Don't set child->requests to NULL in parent after fork.
    * Backport of the clean event context after fork and
      krb5 refresh chain fixes.
    * Fix null pointer refrence in event context.
    * Don't send message to any other child in child process.
    * Fix bug in get_dc_name_via_netlogon(), null pointer refrence.