Software Update: Samba 3.5.0 / 3.4.6 / 3.3.11

Samba runs on Unix, BSD and Linux machines and is able to provide file and printer services according to the cifs protocol to Windows clients. For documentation on the how and what of Samba you can take a look at this page. The developers have released several new versions in recent days with 3.5.0, 3.4.6 and 3.3.11 as the version number. The main changes of these releases are as follows:

Release Notes for Samba 3.3.11

Major enhancements in Samba 3.3.11 include:

• “wide links” and “unix extensions” are incompatible (bug #7104).
• Fix failing of smbd to respond to a read or a write caused by Linux asynchronous IO (aio) (bug #7067).

Release Notes for Samba 3.4.6

Major enhancements in Samba 3.4.6 include:

• “wide links” and “unix extensions” are incompatible (bug #7104).
• Fix printing with 64 bit clients (bug #6888).
• Fix core dump on Ubuntu 8.04 64 bit (bug #7063).
• Fix failing of smbd to respond to a read or a write caused by Linux asynchronous IO (aio) (bug #7067).
• Fix string buffer overflow causing heap corruption in smbd (bug #7096).

Release Notes for Samba 3.5.0

Major enhancements in Samba 3.5.0 include:

General changes:

• Add support for full Windows timestamp resolution
  Support for full Windows timestamp resolution has been added. This effectively makes us use Windows’ full 100ns timestamp resolution if supported by the kernel (2.6.22 and higher) and the glibc (2.6 and higher).
• The Using Samba HTML book has been removed.
  The Using Samba HTML book has been removed from the Samba tarball. It is still available at http://www.samba.org/samba/docs/using_samba/toc.html.
• ‘net’, ‘smbclient’ and libsmbclient can use credentials cached by Winbind.
  Samba client tools like ‘net’, ‘smbclient’ and libsmbclient can use the user credentials cached by Winbind at logon time. This is very useful eg when connecting to a Samba server using Nautilus without re-entering username and password. This feature is enabled by default and can be disabled per application by setting the LIBSMBCLIENT_NO_CCACHE environment variable.
• The default value of “wide links” has been changed to “no”.
  The default value of “wide links” has been changed to “no” to avoid an insecure default configuration (“wide links = yes” and “unix extensions = yes”). For more details, please see http://www.samba.org/samba/news/symlink_attack.html.

Protocol changes:

• Experimental implementation of SMB2
  An EXPERIMENTAL implementation of the SMB2 protocol has been added. SMB2 can be enabled by setting “max protocol = smb2”. SMB2 is a new implementation of the SMB protocol used by Windows Vista and higher.

Printing Changes:

• Add encryption support for connections to a CUPS server
  A new parameter “cups encrypt” has been added to control whether connections to CUPS servers will be encrypted or not. The default is to use unencrypted connections.

Winbind changes:

• Major refactoring + Asynchronous
  The Winbind daemon has been refactored internally to be asynchronous. The new Winbind will not be blocked by running ‘getent group’ or ‘getent passwd’.

VFS modules:

• New vfs_scannedonly module has been added.
  A new VFS module “scannedonly” has been added. This is a filter that talks to an antivirus-engine and stores whether a file is clean or not. Users do only see clean files on their filesystem.