The branch, v4-22-test has been updated
via de600282aaf VERSION: Bump version up to Samba 4.22.3...
via 64a23714e6d VERSION: Disable GIT_SNAPSHOT for the 4.22.2 release.
via 2fbf88cb964 WHATSNEW: Add release notes for Samba 4.22.2.
from baea7672858 CVE-2025-0620: smbd: smbd doesn't pick up group
membership changes when re-authenticating an expired SMB session
https://git.samba.org/?p=samba.git;a=shortlog;h=v4-22-test
- Log -----------------------------------------------------------------
commit de600282aaf27c57685efb7f316ec1316f7465f4
Author: Jule Anger <jan...@samba.org>
Date: Thu Jun 5 17:35:59 2025 +0200
VERSION: Bump version up to Samba 4.22.3...
and re-enable GIT_SNAPSHOT.
Signed-off-by: Jule Anger <jan...@samba.org>
commit 64a23714e6d89c349795dd5b07a094e53f3d4a52
Author: Jule Anger <jan...@samba.org>
Date: Thu Jun 5 17:35:40 2025 +0200
VERSION: Disable GIT_SNAPSHOT for the 4.22.2 release.
Signed-off-by: Jule Anger <jan...@samba.org>
commit 2fbf88cb964a53841133fdbb1034cf39ffe42366
Author: Jule Anger <jan...@samba.org>
Date: Thu Jun 5 17:34:47 2025 +0200
WHATSNEW: Add release notes for Samba 4.22.2.
Signed-off-by: Jule Anger <jan...@samba.org>
-----------------------------------------------------------------------
Summary of changes:
VERSION | 2 +-
WHATSNEW.txt | 87 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++--
2 files changed, 86 insertions(+), 3 deletions(-)
Changeset truncated at 500 lines:
diff --git a/VERSION b/VERSION
index c806a7137e6..401aa10d8bf 100644
--- a/VERSION
+++ b/VERSION
@@ -27,7 +27,7 @@ SAMBA_COPYRIGHT_STRING="Copyright Andrew Tridgell and the
Samba Team 1992-2025"
########################################################
SAMBA_VERSION_MAJOR=4
SAMBA_VERSION_MINOR=22
-SAMBA_VERSION_RELEASE=2
+SAMBA_VERSION_RELEASE=3
########################################################
# If a official release has a serious bug #
diff --git a/WHATSNEW.txt b/WHATSNEW.txt
index ef1a223266a..8b98a91f28a 100644
--- a/WHATSNEW.txt
+++ b/WHATSNEW.txt
@@ -1,3 +1,87 @@
+ ==============================
+ Release Notes for Samba 4.22.2
+ June 05, 2025
+ ==============================
+
+
+This is the latest stable release of the Samba 4.22 release series.
+It contains the security-relevant bugfix CVE-2025-0620:
+
+ smbd doesn't pick up group membership changes
+ when re-authenticating an expired SMB session
+ https://www.samba.org/samba/security/CVE-2025-0620.html
+
+
+Description of CVE-2025-0620
+-----------------------------
+
+ With Kerberos authentication SMB sessions typically have an
+ associated lifetime, requiring re-authentication by the
+ client when the session expires. As part of the
+ re-authentication, Samba receives the current group
+ membership information and is expected to reflect this
+ change in further SMB request processing.
+
+ For historic reasons, Samba maintains a cache of
+ associations between a user's impersonation information and
+ connected shares. A recent change in this cache caused Samba
+ to not reflect group membership changes from session
+ re-authentication when processing further SMB requests.
+
+ As a result, when an administrator removes a user from a
+ particular group in Active Directory, this change will not
+ become effective unless the user disconnects from the server
+ and establishes a new connection.
+
+
+Changes since 4.22.1
+--------------------
+
+o Ralph Boehme <s...@samba.org>
+ * BUG 15707: (CVE-2025-0620) [SECURITY] CVE-2025-0620: smbd doesn't pick up
+ group membership changes when re-authenticating an expired SMB
+ session.
+ * BUG 15861: Profile sync fails due to Directory Leases.
+
+o Pavel Filipenský <pfilipen...@samba.org>
+ * BUG 15727: net ad join fails with "Failed to join domain: failed to create
+ kerberos keytab".
+
+o Stefan Metzmacher <me...@samba.org>
+ * BUG 15851: dcerpcd not able to bind to listening port.
+
+o Anoop C S <anoo...@samba.org>
+ * BUG 15819: vfs_ceph_snapshots fails to list snapshots for entries at any
+ level beyond share root.
+
+o Martin Schwenke <mschwe...@ddn.com>
+ * BUG 15858: CTDB does not put nodes running NFS into grace on graceful
+ shutdown.
+
+
+#######################################
+Reporting bugs & Development Discussion
+#######################################
+
+Please discuss this release on the samba-technical mailing list or by
+joining the #samba-technical:matrix.org matrix room, or
+#samba-technical IRC channel on irc.libera.chat.
+
+If you do report problems then please try to send high quality
+feedback. If you don't provide vital information to help us track down
+the problem then you will probably be ignored. All bug reports should
+be filed under the Samba 4.1 and newer product in the project's Bugzilla
+database (https://bugzilla.samba.org/).
+
+
+======================================================================
+== Our Code, Our Bugs, Our Responsibility.
+== The Samba Team
+======================================================================
+
+
+Release notes for older releases follow:
+----------------------------------------
==============================
Release Notes for Samba 4.22.1
April 17, 2025
@@ -74,8 +158,7 @@ database (https://bugzilla.samba.org/).
======================================================================
-Release notes for older releases follow:
-----------------------------------------
+----------------------------------------------------------------------
==============================
Release Notes for Samba 4.22.0
March 06, 2025
--
Samba Shared Repository
