The branch, v4-22-stable has been updated
via d0a814e3c26 VERSION: Disable GIT_SNAPSHOT for the upcoming release.
via 935486ff82c Add release notes for Samba 4.22.8.
via c3bf3935df9 docs-xml: fix manpage for "net offlinejoin requestodj"
via eac3575b232 smbd: in contend_dirleases() don't bother checking when
not enabled
via a7acb2701d6 s3/printing: Fix leaking parsed options
via 39796375101 s3/printing: Fix leaked mem ctx returned from talloc_new
via 29550e80fdd s3:rpc_client: Fix memory leak opening local named pipe
via 662ed308b24 docs-xml:smb.conf: Fix "ctdbd socket" documentation
via 124185a1e56 s3:libads: Separate use of ads->config.flags for NBT_*
and DS_* values
via 1f56c9f8460 s3:libads: Reset ads->config.flags in ads_disconnect()
via 3299aee76ac s4/dlz: add support for bind 9.20
via 7c7373f2fd8 vfs_ceph_new: use vfs_ceph_iget/vfs_ceph_iput in
vfs_ceph_disk_free
via 252edf3fb2e mdssvc: make a copy of the elasticsearch:default_fields
via 34b3aec0ea4 VERSION: Bump version up to Samba 4.22.8...
from 44b1df8ec73 VERSION: Disable GIT_SNAPSHOT for the 4.22.7 release.
https://git.samba.org/?p=samba.git;a=shortlog;h=v4-22-stable
- Log -----------------------------------------------------------------
-----------------------------------------------------------------------
Summary of changes:
VERSION | 2 +-
WHATSNEW.txt | 63 +++++++++++++++++++++++++++++++-
docs-xml/manpages/net.8.xml | 2 +-
docs-xml/smbdotconf/misc/ctdbdsocket.xml | 16 +++++---
python/samba/provision/sambadns.py | 3 +-
source3/libads/ldap.c | 45 ++++++++++++-----------
source3/librpc/idl/ads.idl | 4 +-
source3/libsmb/namequery_dc.c | 4 +-
source3/modules/vfs_ceph_new.c | 17 ++++-----
source3/printing/print_cups.c | 3 ++
source3/printing/printing.c | 5 ++-
source3/rpc_client/cli_pipe.c | 2 +-
source3/rpc_server/mdssvc/mdssvc_es.c | 10 +++--
source3/smbd/smb2_oplock.c | 4 ++
source3/winbindd/winbindd_cm.c | 6 +--
source4/setup/named.conf.dlz | 4 +-
16 files changed, 135 insertions(+), 55 deletions(-)
Changeset truncated at 500 lines:
diff --git a/VERSION b/VERSION
index b3c23aaf844..c7a2fbc96f8 100644
--- a/VERSION
+++ b/VERSION
@@ -27,7 +27,7 @@ SAMBA_COPYRIGHT_STRING="Copyright Andrew Tridgell and the
Samba Team 1992-2025"
########################################################
SAMBA_VERSION_MAJOR=4
SAMBA_VERSION_MINOR=22
-SAMBA_VERSION_RELEASE=7
+SAMBA_VERSION_RELEASE=8
########################################################
# If a official release has a serious bug #
diff --git a/WHATSNEW.txt b/WHATSNEW.txt
index daf41566a46..008ca6b38e0 100644
--- a/WHATSNEW.txt
+++ b/WHATSNEW.txt
@@ -1,3 +1,63 @@
+ ==============================
+ Release Notes for Samba 4.22.8
+ February 19, 2026
+ ==============================
+
+
+This is the latest stable release of the Samba 4.22 release series.
+
+
+Changes since 4.22.7
+--------------------
+
+o Ralph Boehme <[email protected]>
+ * BUG 15959: New Spotlight default search field incorrectly initialized
+ * BUG 15984: smbd: in contend_dirleases() don't bother checking when not
+ enabled
+
+o Samuel Cabrero <[email protected]>
+ * BUG 15979: possible memory leak on rpc_spoolss
+
+o Günther Deschner <[email protected]>
+ * BUG 15964: "net offlinejoin requestodj" manpage entry incorrectly
mentiones
+ provided credentials
+
+o Pavel Filipenský <[email protected]>
+ * BUG 15972: Winbind group resolution failure
+
+o Noel Power <[email protected]>
+ * BUG 15979: possible memory leak on rpc_spoolss
+
+o Martin Schwenke <[email protected]>
+ * BUG 15977: ctdbd socket documentation is wrong
+
+o Michael Tokarev <[email protected]>
+ * BUG 15790: Bind dlz 9.20
+
+
+#######################################
+Reporting bugs & Development Discussion
+#######################################
+
+Please discuss this release on the samba-technical mailing list or by
+joining the #samba-technical:matrix.org matrix room, or
+#samba-technical IRC channel on irc.libera.chat.
+
+If you do report problems then please try to send high quality
+feedback. If you don't provide vital information to help us track down
+the problem then you will probably be ignored. All bug reports should
+be filed under the Samba 4.1 and newer product in the project's Bugzilla
+database (https://bugzilla.samba.org/).
+
+
+======================================================================
+== Our Code, Our Bugs, Our Responsibility.
+== The Samba Team
+======================================================================
+
+
+Release notes for older releases follow:
+----------------------------------------
==============================
Release Notes for Samba 4.22.7
December 18, 2025
@@ -61,8 +121,7 @@ database (https://bugzilla.samba.org/).
======================================================================
-Release notes for older releases follow:
-----------------------------------------
+----------------------------------------------------------------------
==============================
Release Notes for Samba 4.22.6
October 16, 2025
diff --git a/docs-xml/manpages/net.8.xml b/docs-xml/manpages/net.8.xml
index 05191236ecc..09f4ec1c1ca 100644
--- a/docs-xml/manpages/net.8.xml
+++ b/docs-xml/manpages/net.8.xml
@@ -3261,7 +3261,7 @@ Requests an offline domain join by providing file-based
provisioning data. This
<para>
Example:
- net offlinejoin requestodj -U administrator%secret
loadfile=provisioning.txt
+ net offlinejoin requestodj loadfile=provisioning.txt
</para>
</refsect3>
diff --git a/docs-xml/smbdotconf/misc/ctdbdsocket.xml
b/docs-xml/smbdotconf/misc/ctdbdsocket.xml
index 2bc118bd7a7..40cd3fb4634 100644
--- a/docs-xml/smbdotconf/misc/ctdbdsocket.xml
+++ b/docs-xml/smbdotconf/misc/ctdbdsocket.xml
@@ -4,12 +4,16 @@
function="_ctdbd_socket"
xmlns:samba="http://www.samba.org/samba/DTD/samba-doc";>
<description>
- <para>If you set <value type="example">clustering=yes</value>,
- you need to tell Samba where ctdbd listens on its unix domain
- socket. The default path as of ctdb 1.0 is /tmp/ctdb.socket which
- you have to explicitly set for Samba in smb.conf.
- </para>
+ <para>
+ In a test environment, this parameter can be used when
+ <value type="example">clustering=yes</value> to specify an alternate
+ location for the CTDB Unix domain socket.
+ </para>
+ <para>
+ This parameter should not be set in production environments. If it
+ is not set then the (correct) build-time default is used.
+ </para>
</description>
<value type="default"></value>
-<value type="example">/tmp/ctdb.socket</value>
+<value type="example">/var/run/altctdb/ctdbd.socket</value>
</samba:parameter>
diff --git a/python/samba/provision/sambadns.py
b/python/samba/provision/sambadns.py
index 952e875c862..a3515bbe37b 100644
--- a/python/samba/provision/sambadns.py
+++ b/python/samba/provision/sambadns.py
@@ -1030,7 +1030,8 @@ def create_named_conf(paths, realm, dnsdomain,
dns_backend, logger):
bind9_14 = ''
elif bind_info.upper().find('BIND 9.16') != -1:
bind9_16 = ''
- elif bind_info.upper().find('BIND 9.18') != -1:
+ elif bind_info.upper().find('BIND 9.18') != -1 \
+ or bind_info.upper().find('BIND 9.20') != -1:
bind9_18 = ''
elif bind_info.upper().find('BIND 9.7') != -1:
raise ProvisioningError("DLZ option incompatible with BIND 9.7.")
diff --git a/source3/libads/ldap.c b/source3/libads/ldap.c
index 49fa1d47298..ac57489d1eb 100644
--- a/source3/libads/ldap.c
+++ b/source3/libads/ldap.c
@@ -237,7 +237,7 @@ bool ads_sitename_match(ADS_STRUCT *ads)
bool ads_closest_dc(ADS_STRUCT *ads)
{
- if (ads->config.flags & NBT_SERVER_CLOSEST) {
+ if (ads->config.server_flags & NBT_SERVER_CLOSEST) {
DEBUG(10,("ads_closest_dc: NBT_SERVER_CLOSEST flag set\n"));
return True;
}
@@ -344,7 +344,7 @@ static bool ads_fill_cldap_reply(ADS_STRUCT *ads,
sitename_store(cldap_reply->dns_domain, cldap_reply->client_site);
/* Leave this until last so that the flags are not clobbered */
- ads->config.flags = cldap_reply->server_type;
+ ads->config.server_flags = cldap_reply->server_type;
ret = true;
@@ -379,7 +379,8 @@ static bool ads_try_connect(ADS_STRUCT *ads, bool gc,
ok = ads_cldap_netlogon_5(frame,
ss,
ads->server.realm,
- ads->config.flags | DS_ONLY_LDAP_NEEDED,
+ ads->config.required_flags |
+ DS_ONLY_LDAP_NEEDED,
&cldap_reply);
if (!ok) {
DBG_NOTICE("ads_cldap_netlogon_5(%s, %s) failed.\n",
@@ -490,20 +491,21 @@ again:
return status;
}
- status = netlogon_pings(frame, /* mem_ctx */
- lp_client_netlogon_ping_protocol(), /* proto */
- ts_list, /* servers */
- num_requests, /* num_servers */
- (struct netlogon_ping_filter){
- .ntversion = nt_version,
- .domain = ads->server.realm,
- .acct_ctrl = -1,
- .required_flags = ads->config.flags |
- DS_ONLY_LDAP_NEEDED,
- },
- 1, /* wanted_servers */
- endtime, /* timeout */
- &responses);
+ status = netlogon_pings(
+ frame, /* mem_ctx */
+ lp_client_netlogon_ping_protocol(), /* proto */
+ ts_list, /* servers */
+ num_requests, /* num_servers */
+ (struct netlogon_ping_filter){
+ .ntversion = nt_version,
+ .domain = ads->server.realm,
+ .acct_ctrl = -1,
+ .required_flags = ads->config.required_flags |
+ DS_ONLY_LDAP_NEEDED,
+ },
+ 1, /* wanted_servers */
+ endtime, /* timeout */
+ &responses);
if (!NT_STATUS_IS_OK(status)) {
DBG_WARNING("netlogon_pings(realm=%s, num_requests=%zu) "
"for count[%zu] - %s\n",
@@ -1261,6 +1263,7 @@ void ads_disconnect(ADS_STRUCT *ads)
if (ads->ldap_wrap_data.mem_ctx) {
talloc_free(ads->ldap_wrap_data.mem_ctx);
}
+ ads->config.server_flags = 0;
ads_zero_ldap(ads);
ZERO_STRUCT(ads->ldap_tls_data);
ZERO_STRUCT(ads->ldap_wrap_data);
@@ -3725,10 +3728,10 @@ ADS_STATUS ads_current_time(ADS_STRUCT *ads)
}
/*
- * Reset ads->config.flags as it can contain the flags
+ * Reset flags as it can contain the flags
* returned by the previous CLDAP ping when reusing the struct.
*/
- ads_s->config.flags = 0;
+ ads_s->config.server_flags = 0;
status = ads_connect_simple_anon(ads_s);
if ( !ADS_ERR_OK(status))
@@ -3814,10 +3817,10 @@ ADS_STATUS ads_domain_func_level(ADS_STRUCT *ads,
uint32_t *val)
}
/*
- * Reset ads->config.flags as it can contain the flags
+ * Reset flags as it can contain the flags
* returned by the previous CLDAP ping when reusing the struct.
*/
- ads_s->config.flags = 0;
+ ads_s->config.server_flags = 0;
status = ads_connect_simple_anon(ads_s);
if ( !ADS_ERR_OK(status))
diff --git a/source3/librpc/idl/ads.idl b/source3/librpc/idl/ads.idl
index 381447a1a29..20941e90346 100644
--- a/source3/librpc/idl/ads.idl
+++ b/source3/librpc/idl/ads.idl
@@ -6,6 +6,7 @@
*/
import "nbt.idl";
+import "netlogon.idl";
cpp_quote("#include <system/network.h>")
@@ -51,7 +52,8 @@ interface ads
} ads_auth;
typedef [nopull,nopush] struct {
- nbt_server_type flags; /* cldap flags identifying the services.
*/
+ nbt_server_type server_flags; /* NBT_* cldap flags identifying
the services. */
+ netr_DsRGetDCName_flags required_flags; /* DS_* - Netlogon
flags */
string workgroup;
string realm;
string bind_path;
diff --git a/source3/libsmb/namequery_dc.c b/source3/libsmb/namequery_dc.c
index 3a2f22129b8..3d771d77b8d 100644
--- a/source3/libsmb/namequery_dc.c
+++ b/source3/libsmb/namequery_dc.c
@@ -109,7 +109,9 @@ static bool ads_dc_name(const char *domain,
}
#ifdef HAVE_ADS
- if (is_our_primary_domain(domain) && (ads->config.flags &
NBT_SERVER_KDC)) {
+ if (is_our_primary_domain(domain) &&
+ (ads->config.server_flags & NBT_SERVER_KDC))
+ {
if (ads_closest_dc(ads)) {
/* We're going to use this KDC for this
realm/domain.
If we are using sites, then force the krb5
libs
diff --git a/source3/modules/vfs_ceph_new.c b/source3/modules/vfs_ceph_new.c
index 45dbeed33be..5aafe7b0ac1 100644
--- a/source3/modules/vfs_ceph_new.c
+++ b/source3/modules/vfs_ceph_new.c
@@ -864,13 +864,14 @@ static int vfs_ceph_ll_statfs(const struct
vfs_handle_struct *handle,
struct statvfs *stbuf)
{
struct vfs_ceph_config *config = NULL;
+ int ret = -1;
SMB_VFS_HANDLE_GET_DATA(handle, config, struct vfs_ceph_config,
return -ENOMEM);
- DBG_DEBUG("[CEPH] ceph_ll_statfs: ino=%" PRIu64 "\n", iref->ino);
-
- return config->ceph_ll_statfs_fn(config->mount, iref->inode, stbuf);
+ ret = config->ceph_ll_statfs_fn(config->mount, iref->inode, stbuf);
+ DBG_DEBUG("[CEPH] ceph_ll_statfs: ino=%" PRIu64 " ret=%d\n", iref->ino,
ret);
+ return ret;
}
static int vfs_ceph_ll_getattr2(const struct vfs_handle_struct *handle,
@@ -1986,23 +1987,21 @@ static uint64_t vfs_ceph_disk_free(struct
vfs_handle_struct *handle,
uint64_t *dsize)
{
struct statvfs statvfs_buf = { 0 };
- struct Inode *inode = NULL;
int ret;
struct vfs_ceph_config *config = NULL;
+ struct vfs_ceph_iref iref = {0};
SMB_VFS_HANDLE_GET_DATA(handle, config, struct vfs_ceph_config,
return -ENOMEM);
- ret = config->ceph_ll_lookup_root_fn(config->mount, &inode);
+ ret = vfs_ceph_iget(handle, smb_fname->base_name, 0, &iref);
if (ret != 0) {
- DBG_DEBUG("[CEPH] ceph_ll_lookup_root returned %d\n", ret);
errno = -ret;
return (uint64_t)(-1);
}
- ret = config->ceph_ll_statfs_fn(config->mount, inode, &statvfs_buf);
- config->ceph_ll_put_fn(config->mount, inode);
+ ret = vfs_ceph_ll_statfs(handle, &iref, &statvfs_buf);
+ vfs_ceph_iput(handle, &iref);
if (ret != 0) {
- DBG_DEBUG("[CEPH] ceph_ll_statfs returned %d\n", ret);
errno = -ret;
return (uint64_t)(-1);
}
diff --git a/source3/printing/print_cups.c b/source3/printing/print_cups.c
index d8ba9ccd011..f1449e1d1ea 100644
--- a/source3/printing/print_cups.c
+++ b/source3/printing/print_cups.c
@@ -1130,6 +1130,9 @@ static int cups_job_submit(int snum, struct printjob
*pjob,
if (http)
httpClose(http);
+ if (num_options) {
+ cupsFreeOptions(num_options, options);
+ }
TALLOC_FREE(frame);
return ret;
diff --git a/source3/printing/printing.c b/source3/printing/printing.c
index 48d221de127..74a8ab1a252 100644
--- a/source3/printing/printing.c
+++ b/source3/printing/printing.c
@@ -2836,7 +2836,7 @@ NTSTATUS print_job_end(struct messaging_context *msg_ctx,
int snum,
pjob->filename, pjob->size ? "deleted" : "zero length"
));
unlink(pjob->filename);
pjob_delete(global_event_context(), msg_ctx, sharename, jobid);
- return NT_STATUS_OK;
+ goto out;
}
/* don't strip out characters like '$' from the printername */
@@ -2878,7 +2878,8 @@ NTSTATUS print_job_end(struct messaging_context *msg_ctx,
int snum,
/* make sure the database is up to date */
if (print_cache_expired(lp_const_servicename(snum), True))
print_queue_update(msg_ctx, snum, False);
-
+out:
+ talloc_free(tmp_ctx);
return NT_STATUS_OK;
fail:
diff --git a/source3/rpc_client/cli_pipe.c b/source3/rpc_client/cli_pipe.c
index 23adbbc62fa..91afccd7fb2 100644
--- a/source3/rpc_client/cli_pipe.c
+++ b/source3/rpc_client/cli_pipe.c
@@ -3624,7 +3624,7 @@ NTSTATUS rpc_pipe_open_local_np(
}
if (local_server_name == NULL) {
- local_server_name = get_myname(result);
+ local_server_name = get_myname(frame);
}
if (local_server_addr != NULL) {
diff --git a/source3/rpc_server/mdssvc/mdssvc_es.c
b/source3/rpc_server/mdssvc/mdssvc_es.c
index eb19d5fdc4a..59f91271e59 100644
--- a/source3/rpc_server/mdssvc/mdssvc_es.c
+++ b/source3/rpc_server/mdssvc/mdssvc_es.c
@@ -108,10 +108,12 @@ static bool mdssvc_es_init(struct mdssvc_ctx *mdssvc_ctx)
}
TALLOC_FREE(default_path);
- mdssvc_es_ctx->default_fields =
lp_parm_const_string(GLOBAL_SECTION_SNUM,
- "elasticsearch",
- "default_fields",
- default_fields);
+ default_fields = lp_parm_const_string(GLOBAL_SECTION_SNUM,
+ "elasticsearch",
+ "default_fields",
+ default_fields);
+ mdssvc_es_ctx->default_fields = talloc_strdup(mdssvc_es_ctx,
+ default_fields);
if (mdssvc_es_ctx->default_fields == NULL) {
TALLOC_FREE(mdssvc_es_ctx);
return false;
diff --git a/source3/smbd/smb2_oplock.c b/source3/smbd/smb2_oplock.c
index 4b7a6c0363c..b4e5504462c 100644
--- a/source3/smbd/smb2_oplock.c
+++ b/source3/smbd/smb2_oplock.c
@@ -1316,6 +1316,10 @@ void contend_dirleases(struct connection_struct *conn,
int ret;
bool ok;
+ if (!lp_smb3_directory_leases()) {
+ return;
+ }
+
if (lease != NULL) {
DBG_DEBUG("Parent leasekey %"PRIx64"/%"PRIx64"\n",
lease->parent_lease_key.data[0],
diff --git a/source3/winbindd/winbindd_cm.c b/source3/winbindd/winbindd_cm.c
index 2c18aeba060..45b68ebe561 100644
--- a/source3/winbindd/winbindd_cm.c
+++ b/source3/winbindd/winbindd_cm.c
@@ -1061,7 +1061,7 @@ static bool dcip_check_name_ads(const struct
winbindd_domain *domain,
ads_status = ADS_ERROR_NT(NT_STATUS_NO_MEMORY);
goto out;
}
- ads->config.flags |= request_flags;
+ ads->config.required_flags |= request_flags;
ads->server.no_fallback = true;
ads_status = ads_connect_cldap_only(ads);
@@ -1077,9 +1077,9 @@ static bool dcip_check_name_ads(const struct
winbindd_domain *domain,
}
namecache_store(name, 0x20, 1, sa);
- DBG_DEBUG("CLDAP flags = 0x%"PRIx32"\n", ads->config.flags);
+ DBG_DEBUG("CLDAP flags = 0x%" PRIx32 "\n", ads->config.server_flags);
- if (domain->primary && (ads->config.flags & NBT_SERVER_KDC)) {
+ if (domain->primary && (ads->config.server_flags & NBT_SERVER_KDC)) {
if (ads_closest_dc(ads)) {
char *sitename = sitename_fetch(tmp_ctx,
ads->config.realm);
diff --git a/source4/setup/named.conf.dlz b/source4/setup/named.conf.dlz
index cbe7d805f58..9753cdc503b 100644
--- a/source4/setup/named.conf.dlz
+++ b/source4/setup/named.conf.dlz
@@ -30,8 +30,8 @@ dlz "AD DNS Zone" {
# For BIND 9.16.x
${BIND9_16} database "dlopen ${MODULESDIR}/bind9/dlz_bind9_16.so";
- #
- # For BIND 9.18.x
+
+ # For BIND 9.18.x and 9.20.x
${BIND9_18} database "dlopen ${MODULESDIR}/bind9/dlz_bind9_18.so";
};
--
Samba Shared Repository
