============================== Release Notes for Samba 4.0.18 May 27, 2014 ============================== This is the latest stable release of Samba 4.0. Please note that this bug fix release also addresses two minor security issues without being a dedicated security release: o CVE-2014-0239: dns: Don't reply to replies (bug #10609). o CVE-2014-0178: Malformed FSCTL_SRV_ENUMERATE_SNAPSHOTS response (bug #10549). For more details including security advisories and patches, please see http://www.samba.org/samba/history/security.html Changes since 4.0.17: --------------------- o Michael Adam <obnox@samba.org> * BUG 10548: build: Fix ordering problems with lib-provided and internal RPATHs. o Jeremy Allison <jra@samba.org> * BUG 10577: SMB1 wildcard unlink fail can leave a retry record on the open retry queue. * BUG 10564: Fix lock order violation and file lost. o Björn Baumbach <bb@sernet.de> * BUG 10239: s3-nmbd: Reset debug settings after reading config file. * BUG 10544: s3-lib/util: set_namearray reads across end of namelist string. * BUG 10556: lib-util: Rename memdup to smb_memdup and fix all callers. o Kai Blin <kai@samba.org> * BUG 10609: CVE-2014-0239: dns: Don't reply to replies. o David Disseldorp <ddiss@samba.org> * BUG 10590: byteorder: Do not assume PowerPC is big-endian. o Stefan Metzmacher <metze@samba.org> * BUG 10472: script/autobuild: Make use of '--with-perl-{arch,lib}-install-dir'. o Noel Power <nopower@suse.com> * BUG 10554: Fix read of deleted memory in reply_writeclose()'. o Jose A. Rivera <jarrpa@redhat.com> * BUG 10151: Extra ':' in msg for Waf Cross Compile Build System with Cross-answers command. * BUG 10348: Fix empty body in if-statement in continue_domain_open_lookup. o Christof Schmitt <christof.schmitt@us.ibm.com> * BUG 10549: CVE-2014-0178: Malformed FSCTL_SRV_ENUMERATE_SNAPSHOTS response. o Andreas Schneider <asn@samba.org> * BUG 10472: wafsamba: Fix the installation on FreeBSD.