4.11.2: This is a security release in order to address the following defects: o CVE-2019-10218: Client code can return filenames containing path separators. o CVE-2019-14833: Samba AD DC check password script does not receive the full password. o CVE-2019-14847: User with "get changes" permission can crash AD DC LDAP server via dirsync. 4.11.1: This is the latest stable release of the Samba 4.11 release series. Changes since 4.11.0: * BUG 14141: getpwnam and getpwuid need to return data for ID_TYPE_BOTH group. * BUG 14094: smbc_readdirplus() is incompatible with smbc_telldir() and smbc_lseekdir(). * BUG 14152: s3: smbclient: Stop an SMB2-connection from blundering into SMB1-specific calls. * BUG 14137: Fix stale file handle error when using mkstemp on a share. * BUG 14106: Fix spnego fallback from kerberos to ntlmssp in smbd server. * BUG 14140: Overlinking libreplace against librt and pthread against every binary or library causes issues. * BUG 14130: s3-winbindd: Fix forest trusts with additional trust attributes. * BUG 14134: auth/gensec: Fix non-AES schannel seal. * BUG 14147: Deleted records can be resurrected during recovery. * BUG 14136: Fix uncaught exception in classicupgrade. * BUG 14139: fault.c: Improve fault_report message text pointing to our wiki. * BUG 14128: s3:client: Use DEVICE_URI, instead of argv[0], for Device URI. * BUG 14124: pam_winbind with krb5_auth or wbinfo -K doesn't work for users of trusted domains/forests. * BUG 14131: Remove 'pod2man' as it is no longer needed. * BUG 13884: Joining Active Directory should not use SAMR to set the password. * BUG 14140: Overlinking libreplace against librt and pthread against every binary or library causes issues. * BUG 14155: 'kpasswd' fails when built with MIT Kerberos. * BUG 14129: Exit code of ctdb nodestatus should not be influenced by deleted nodes. 4.11.0: * BUG 14049: ldb: Don't try to save a value that isn't there. * ldb_dn: Free dn components on explode failure. * ldb: Do not allow adding a DN as a base to itself. * ldb: Release ldb 2.0.7. * BUG 13695: ldb: Correct Pigeonhole principle validation in ldb_filter_attrs(). * BUG 14049: Fix ldb dn crash. * BUG 14117: Deprecate "lanman auth = yes" and "encrypt passwords = no". * BUG 14038: Fix compiling ctdb on older systems lacking POSIX robust mutexes. * BUG 14121: smbd returns bad File-ID on filehandle used to create a file or directory. * BUG 14098: vfs_glusterfs: Use pthreadpool for scheduling aio operations. * BUG 14055: Add the target server name of SMB 3.1.1 connections as a hint to load balancers or servers with "multi-tenancy" support. * BUG 14113: Fix byte range locking bugs/regressions. * ldb: Fix mem-leak if talloc_realloc fails. * BUG 14007: Fix join with don't exists machine account. * BUG 14085: ctdb-recoverd: Only check for LMASTER nodes in the VNN map. CHANGES SINCE 4.11.0rc2 * BUG 13972: Different Device Id for GlusterFS FUSE mount is causing data loss in CTDB cluster. * BUG 14035: CVE-2019-10197: Permissions check deny can allow user to escape from the share. * BUG 14059: ldb: Release ldb 2.0.6 (log database repack so users know what is happening). * BUG 14092: docs: Deprecate "rndc command" for Samba 4.11. * BUG 14059: ldb: Free memory when repacking database. * BUG 14089: vfs_default: Use correct flag in vfswrap_fs_file_id. * BUG 14090: vfs_glusterfs: Initialize st_ex_file_id, st_ex_itime and st_ex_iflags. * BUG 14093: vfs_glusterfs: Enable profiling for file system operations. * BUG 14059: Backport sambadowngradedatabase for v4.11. * BUG 14035: CVE-2019-10197: Permissions check deny can allow user to escape from the share. * BUG 14032: vfs_gpfs: Implement special case for denying owner access to ACL. * BUG 14084: Avoid marking a node as connected before it can receive packets. * BUG 14086: Fix onnode test failure with ShellCheck >= 0.4.7. * BUG 14087: ctdb-daemon: Stop "ctdb stop" from completing before freezing databases.