1
0
mirror of https://github.com/samba-team/samba.git synced 2024-12-22 13:34:15 +03:00
samba-mirror/WHATSNEW.txt
Andrew Bartlett 5e63e54f58 lib/util: change file_save_mode() to use O_EXCL
Almost all the callers are debug tools or developer debugging aids
and these callers clearly expect to create a new file.

Unchanged in behaviour is:
 - TLS certificate creation.  This already confirms the files do no exist
   prior to generation.

These will now no longer overwrite the given filename
 - net ads pac save
 - net eventlog export

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
2019-11-15 17:21:32 +00:00

131 lines
4.6 KiB
Plaintext

Release Announcements
=====================
This is the first preview release of Samba 4.12. This is *not*
intended for production environments and is designed for testing
purposes only. Please report any defects via the Samba bug reporting
system at https://bugzilla.samba.org/.
Samba 4.12 will be the next version of the Samba suite.
UPGRADING
=========
NEW FEATURES/CHANGES
====================
Python 3.5 Required
-------------------
Samba's minimum runtime requirement for python was raised to Python
3.4 with samba 4.11. Samba 4.12 raises this minimum version to Python
3.5 both to access new features and because this is the oldest version
we test with in our CI infrastructure.
(Build time support for the file server with Python 2.6 has not
changed)
GnuTLS 3.4.7 required
---------------------
Samba is making efforts to remove in-tree cryptographic functionality,
and to instead rely on externally maintained libraries. To this end,
Samba has chosen GnuTLS as our standard cryptographic provider.
Samba now requires GnuTLS 3.4.7 to be installed (including development
headers at build time) for all configurations, not just the Samba AD
DC.
Using GnuTLS for SMB3 encryption you will notice huge performance and copy
speed improvements. Tests with the CIFS Kernel client from Linux Kernel 5.3
show a 3x speed improvement for writing and a 2.5x speed improvement for reads!
NOTE WELL: The use of GnuTLS means that Samba will honour the
system-wide 'FIPS mode' (a reference to the US FIPS-140 cryptographic
standard) and so will not operate in many still common situations if
this system-wide parameter is in effect, as many of our protocols rely
on outdated cryptography.
A future Samba version will mitigate this to some extent where good
cryptography effectively wraps bad cryptography, but for now that above
applies.
"net ads kerberos pac save" and "net eventlog export"
-----------------------------------------------------
The "net ads kerberos pac save" and "net eventlog export" tools will
no longer silently overwrite an existing file during data export. If
the filename given exits, an error will be shown.
REMOVED FEATURES
================
The smb.conf parameter "write cache size" has been removed.
Since the in-memory write caching code was written, our write path has
changed significantly. In particular we have gained very flexible
support for async I/O, with the new linux io_uring interface in
development. The old write cache concept which cached data in main
memory followed by a blocking pwrite no longer gives any improvement
on modern systems, and may make performance worse on memory-contrained
systems, so this functionality should not be enabled in core smbd
code.
In addition, it complicated the write code, which is a performance
critical code path.
If required for specialist purposes, it can be recreated as a VFS
module.
BIND9_FLATFILE deprecated
-------------------------
The BIND9_FLATFILE DNS backend is deprecated in this release and will
be removed in the future. This was only practically useful on a single
domain controller or under expert care and supervision.
This release removes the "rndc command" smb.conf parameter, which
supported this configuration by writing out a list of DCs permitted to
make changes to the DNS Zone and nudging the 'named' server if a new
DC was added to the domain. Administrators using BIND9_FLATFILE will
need to maintain this manually from now on.
smb.conf changes
================
Parameter Name Description Default
-------------- ----------- -------
nfs4:acedup Changed default merge
rndc command Removed
write cache size Removed
KNOWN ISSUES
============
https://wiki.samba.org/index.php/Release_Planning_for_Samba_4.12#Release_blocking_bugs
#######################################
Reporting bugs & Development Discussion
#######################################
Please discuss this release on the samba-technical mailing list or by
joining the #samba-technical IRC channel on irc.freenode.net.
If you do report problems then please try to send high quality
feedback. If you don't provide vital information to help us track down
the problem then you will probably be ignored. All bug reports should
be filed under the Samba 4.1 and newer product in the project's Bugzilla
database (https://bugzilla.samba.org/).
======================================================================
== Our Code, Our Bugs, Our Responsibility.
== The Samba Team
======================================================================