mirror of
https://github.com/samba-team/samba.git
synced 2024-12-22 13:34:15 +03:00
5e63e54f58
Almost all the callers are debug tools or developer debugging aids and these callers clearly expect to create a new file. Unchanged in behaviour is: - TLS certificate creation. This already confirms the files do no exist prior to generation. These will now no longer overwrite the given filename - net ads pac save - net eventlog export Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>
131 lines
4.6 KiB
Plaintext
131 lines
4.6 KiB
Plaintext
Release Announcements
|
|
=====================
|
|
|
|
This is the first preview release of Samba 4.12. This is *not*
|
|
intended for production environments and is designed for testing
|
|
purposes only. Please report any defects via the Samba bug reporting
|
|
system at https://bugzilla.samba.org/.
|
|
|
|
Samba 4.12 will be the next version of the Samba suite.
|
|
|
|
|
|
UPGRADING
|
|
=========
|
|
|
|
|
|
NEW FEATURES/CHANGES
|
|
====================
|
|
|
|
Python 3.5 Required
|
|
-------------------
|
|
|
|
Samba's minimum runtime requirement for python was raised to Python
|
|
3.4 with samba 4.11. Samba 4.12 raises this minimum version to Python
|
|
3.5 both to access new features and because this is the oldest version
|
|
we test with in our CI infrastructure.
|
|
|
|
(Build time support for the file server with Python 2.6 has not
|
|
changed)
|
|
|
|
GnuTLS 3.4.7 required
|
|
---------------------
|
|
|
|
Samba is making efforts to remove in-tree cryptographic functionality,
|
|
and to instead rely on externally maintained libraries. To this end,
|
|
Samba has chosen GnuTLS as our standard cryptographic provider.
|
|
|
|
Samba now requires GnuTLS 3.4.7 to be installed (including development
|
|
headers at build time) for all configurations, not just the Samba AD
|
|
DC.
|
|
|
|
Using GnuTLS for SMB3 encryption you will notice huge performance and copy
|
|
speed improvements. Tests with the CIFS Kernel client from Linux Kernel 5.3
|
|
show a 3x speed improvement for writing and a 2.5x speed improvement for reads!
|
|
|
|
NOTE WELL: The use of GnuTLS means that Samba will honour the
|
|
system-wide 'FIPS mode' (a reference to the US FIPS-140 cryptographic
|
|
standard) and so will not operate in many still common situations if
|
|
this system-wide parameter is in effect, as many of our protocols rely
|
|
on outdated cryptography.
|
|
|
|
A future Samba version will mitigate this to some extent where good
|
|
cryptography effectively wraps bad cryptography, but for now that above
|
|
applies.
|
|
|
|
|
|
"net ads kerberos pac save" and "net eventlog export"
|
|
-----------------------------------------------------
|
|
|
|
The "net ads kerberos pac save" and "net eventlog export" tools will
|
|
no longer silently overwrite an existing file during data export. If
|
|
the filename given exits, an error will be shown.
|
|
|
|
REMOVED FEATURES
|
|
================
|
|
|
|
The smb.conf parameter "write cache size" has been removed.
|
|
|
|
Since the in-memory write caching code was written, our write path has
|
|
changed significantly. In particular we have gained very flexible
|
|
support for async I/O, with the new linux io_uring interface in
|
|
development. The old write cache concept which cached data in main
|
|
memory followed by a blocking pwrite no longer gives any improvement
|
|
on modern systems, and may make performance worse on memory-contrained
|
|
systems, so this functionality should not be enabled in core smbd
|
|
code.
|
|
|
|
In addition, it complicated the write code, which is a performance
|
|
critical code path.
|
|
|
|
If required for specialist purposes, it can be recreated as a VFS
|
|
module.
|
|
|
|
BIND9_FLATFILE deprecated
|
|
-------------------------
|
|
|
|
The BIND9_FLATFILE DNS backend is deprecated in this release and will
|
|
be removed in the future. This was only practically useful on a single
|
|
domain controller or under expert care and supervision.
|
|
|
|
This release removes the "rndc command" smb.conf parameter, which
|
|
supported this configuration by writing out a list of DCs permitted to
|
|
make changes to the DNS Zone and nudging the 'named' server if a new
|
|
DC was added to the domain. Administrators using BIND9_FLATFILE will
|
|
need to maintain this manually from now on.
|
|
|
|
smb.conf changes
|
|
================
|
|
|
|
Parameter Name Description Default
|
|
-------------- ----------- -------
|
|
|
|
nfs4:acedup Changed default merge
|
|
rndc command Removed
|
|
write cache size Removed
|
|
|
|
KNOWN ISSUES
|
|
============
|
|
|
|
https://wiki.samba.org/index.php/Release_Planning_for_Samba_4.12#Release_blocking_bugs
|
|
|
|
|
|
#######################################
|
|
Reporting bugs & Development Discussion
|
|
#######################################
|
|
|
|
Please discuss this release on the samba-technical mailing list or by
|
|
joining the #samba-technical IRC channel on irc.freenode.net.
|
|
|
|
If you do report problems then please try to send high quality
|
|
feedback. If you don't provide vital information to help us track down
|
|
the problem then you will probably be ignored. All bug reports should
|
|
be filed under the Samba 4.1 and newer product in the project's Bugzilla
|
|
database (https://bugzilla.samba.org/).
|
|
|
|
|
|
======================================================================
|
|
== Our Code, Our Bugs, Our Responsibility.
|
|
== The Samba Team
|
|
======================================================================
|
|
|