resolves: #1292069
CVE-2015-3223 Remote DoS in Samba (AD) LDAP server
CVE-2015-5252 Insufficient symlink verification in smbd
CVE-2015-5296 Samba client requesting encryption vulnerable to
downgrade attack
CVE-2015-5299 Missing access control check in shadow copy code
CVE-2015-7540 DoS to AD-DC due to insufficient checking of asn1
memory allocation
Guenther
- New major relase, minor switched from 0 to 2
- License change, the code is now GPLv3+
- Numerous improvements and bugfixes included
- package libsmbsharemodes too
- remove smbldap-tools as they are already packaged separately in Fedora
- Fix bug 245506
- New upstream RC release.
- Update the -logfiles, and -passwd patches for
3.0.23rc3
- Include the change to smb.init from Bastien Nocera <bnocera@redhat.com>)
to close
bz#182560 Wrong retval for initscript when smbd is dead
- Update this spec file to build with 3.0.23rc3
- Remove the -install.mount.smbfs patch, since we don't install
mount.smbfs any more.
- New upstream release
Includes five upstream patches -bug3010_v1, -groupname_enumeration_v3,
-regcreatekey_winxp_v1, -usrmgr_groups_v1, and -winbindd_v1
This obsoletes the -pie and -delim patches
the -warning and -gcc4 patches are obsolete too
The -man, -passwd, and -smbspool patches were updated to match 3.0.20pre1
Also, the -quoting patch was implemented differently upstream
There is now a umount.cifs executable and manpage
We run autogen.sh as part of the build phase
The testprns command is now gone
libsmbclient now has a man page
- Include -bug106483 patch to close
bz#106483 smbclient: -N negates the provided password, despite documentation
- Added the -warnings patch to quiet some compiler warnings.
- Removed many obsolete patches from CVS.
* Mon Aug 16 2004 Jay Fenlason <fenlason@redhat.com> 3.0.6-3
- New upstream version.
- Include post 3.0.6 patch from "Gerald (Jerry) Carter" <jerry@samba.org>
to fix a duplicate in the LDAP schema.
- Include 64-bit timestamp patch from Ravikumar (rkumar@hp.com)
to allow correct timestamp handling on 64-bit platforms and fix#126109.
- reenable the -pie patch. Samba is too widely used, and too vulnerable
to potential security holes to disable an important security feature
like -pie. The correct fix is to have the toolchain not create broken
executables when programs compiled -pie are stripped.
- Remove obsolete patches.
- Modify this spec file to put libsmbclient.{a,so} in the right place on
x86_64 machines.
* Thu Aug 05 2004 Jason Vas Dias <jvdias@redhat.com> 3.0.5-3
- Removed '-pie' patch - 3.0.5 uses -fPIC/-PIC, and the combination
- resulted in executables getting corrupt stacks, causing smbmnt to
- get a SIGBUS in the mount() call (bug 127420).
* Fri Jul 30 2004 Jay Fenlason <fenlason@redhat.com> 3.0.5-2
- Upgrade to 3.0.5, which is a regression from 3.0.5pre1 for a
security fix.
- Include the 3.0.4-backport patch from the 3E branch. This restores
some of the 3.0.5pre1 and 3.0.5rc1 functionality.
* Tue Jul 20 2004 Jay Fenlason <fenlason@redhat.com> 3.0.5-0.pre1.1
- Backport base64_decode patche to close CAN-2004-0500
- Backport hash patch to close CAN-2004-0686
- use_authtok patch from Nalin Dahyabhai <nalin@redhat.com>
- smbclient-kerberos patch from Alexander Larsson <alexl@redhat.com>
- passwd patch uses "*" instead of "x" for "hashed" passwords for
accounts created by winbind. "x" means "password is in /etc/shadow" to
brain-damaged pam_unix module.
* Fri Jul 02 2004 Jay Fenlason <fenlason@redhat.com> 3.0.5.0pre1.0
- New upstream version
- use % { SOURCE1 } instead of a hardcoded path
- include -winbind patch from Gerald (Jerry) Carter (jerry@samba.org)
https://bugzilla.samba.org/show_bug.cgi?id=1315
to make winbindd work against Windows versions that do not have
128 bit encryption enabled.
- Moved /usr/bin/net to the -common package, so that folks who just
want to use winbind, etc don't have to install -client in order to
"net join" their domain.
- New upstream version obsoletes the patches added in 3.0.3-5
- Remove smbgetrc.5 man page, since we don't ship smbget.
* Tue May 04 2004 Jay Fenlason <fenlason@redhat.com> 3.0.3-5
- Patch to allow password changes from machines patched with
Microsoft hotfix MS04-011.
- Include patches for https://bugzilla.samba.org/show_bug.cgi?id=1302
and https://bugzilla.samba.org/show_bug.cgi?id=1309
* Thu Apr 29 2004 Jay Fenlason <fenlason@redhat.com> 3.0.3-4
- Samba 3.0.3 released.
* Wed Apr 21 2004 jay Fenlason <fenlason@redhat.com> 3.0.3-3.rc1
- New upstream version
- updated spec file to make libsmbclient.so executable. This closes
bugzilla #121356
* Mon Apr 05 2004 Jay Fenlason <fenlason@redhat.com> 3.0.3-2.pre2
- New upstream version
- Updated configure line to remove --with-fhs and to explicitly set all
the directories that --with-fhs was setting. We were overriding most of
them anyway. This closes#118598
* Mon Mar 15 2004 Jay Fenlason <fenlason@redhat.com> 3.0.3-1.pre1
- New upstream version.
- Updated -pie and -logfiles patches for 3.0.3pre1
- add krb5-devel to buildrequires, fixes#116560
- Add patch from Miloslav Trmac (mitr@volny.cz) to allow non-root to run
"service smb status". This fixes#116559
* Tue Mar 02 2004 Elliot Lee <sopwith@redhat.com>
- rebuilt
* Mon Feb 16 2004 Jay Fenlason <fenlason@redhat.com> 3.0.2a-1
- Upgrade to 3.0.2a
* Mon Feb 16 2004 Karsten Hopp <karsten@redhat.de> 3.0.2-7
- fix ownership in -common package
* Fri Feb 13 2004 Elliot Lee <sopwith@redhat.com>
- rebuilt
* Fri Feb 13 2004 Jay Fenlason <fenlason@redhat.com>
- Change all requires lines to list an explicit epoch. Closes#102715
- Add an explicit Epoch so that 0 is defined.
* Mon Feb 09 2004 Jay Fenlason <fenlason@redhat.com> 3.0.2-5
- New upstream version: 3.0.2 final includes security fix for #114995
(CAN-2004-0082)
- Edit postun script for the -common package to restart winbind when
appropriate. Fixes bugzilla #114051.
* Mon Feb 02 2004 Jay Fenlason <fenlason@redhat.com> 3.0.2-3rc2
- add %dir entries for /usr/lib64/samba and /usr/lib64/samba/charset
- Upgrade to new upstream version
- build mount.cifs for the new cifs filesystem in the 2.6 kernel.
* Mon Jan 19 2004 Jay Fenlason <fenlason@redhat.com> 3.0.2-1rc1
- Upgrade to new upstream version
* Wed Dec 17 2003 Felipe Alfaro Solana <felipe_alfaro@linuxmail.org> 3.0.1-1
- Update to 3.0.1
- Removed testparm patch as it's already merged
- Removed Samba.7* man pages
- Fixed .buildroot patch
- Fixed .pie patch
- Added new /usr/bin/tdbdump file
* Thu Sep 25 2003 Jay Fenlason <fenlason@redhat.com> 3.0.0-15
- New 3.0.0 final release
- merge nmbd-netbiosname and testparm patches from 3E branch
- updated the -logfiles patch to work against 3.0.0
- updated the pie patch
- update the VERSION file during build
- use make -j if avaliable
- merge the winbindd_privileged change from 3E
- merge the "rm /usr/lib" patch that allows Samba to build on 64-bit
platforms despite the broken Makefile
* Mon Aug 18 2003 Jay Fenlason <fenlason@redhat.com>
- Merge from samba-3E-branch after samba-3.0.0rc1 was released
* Wed Jul 23 2003 Jay Fenlason <fenlason@redhat.com> 3.0.0-3beta3
- Merge from 3.0.0-2beta3.3E
- (Correct log file names (#100981).)
- (Fix pidfile directory in samab.log)
- (Remove obsolete samba-3.0.0beta2.tar.bz2.md5 file)
- (Move libsmbclient to the -common package (#99449))
* Sun Jun 22 2003 Nalin Dahyabhai <nalin@redhat.com> 2.2.8a-4
- rebuild
* Wed Jun 04 2003 Elliot Lee <sopwith@redhat.com>
- rebuilt
* Wed May 28 2003 Jay Fenlason <fenlason@redhat.com> 2.2.8a-2
- add libsmbclient.so for gnome-vfs-extras
- Edit specfile to specify /var/run for pid files
- Move /tmp/.winbindd/socket to /var/run/winbindd/socket
* Wed May 14 2003 Florian La Roche <Florian.LaRoche@redhat.de>
- add proper ldconfig calls
* Thu Apr 24 2003 Jay Fenlason <fenlason@redhat.com> 2.2.8a-1
- upgrade to 2.2.8a
- remove old .md5 files
- add "pid directory = /var/run" to the smb.conf file. Fixes#88495
- Patch from jra@dp.samba.org to fix a delete-on-close regression
* Thu Apr 05 2001 Bill Nottingham <notting@redhat.com>
- fix tempfile security problems (patch from <Marcus.Meissner@caldera.de>)
* Thu Mar 29 2001 Bill Nottingham <notting@redhat.com>
- fix quota support, and quotas with the 2.4 kernel (#31362, #33915)
* Mon Mar 26 2001 Nalin Dahyabhai <nalin@redhat.com>
- tweak the PAM code some more to try to do a setcred() after initgroups()
- pull in all of the optflags on i386 and sparc
- don't explicitly enable Kerberos support -- it's only used for password
checking, and if PAM is enabled it's a no-op anyway
* Mon Mar 05 2001 Tim Waugh <twaugh@redhat.com>
- exit successfully from preun script (bug #30644).
* Fri Mar 02 2001 Nalin Dahyabhai <nalin@redhat.com>
- rebuild in new environment
* Wed Feb 14 2001 Bill Nottingham <notting@redhat.com>
- updated japanese stuff (#27683)
* Fri Feb 09 2001 Bill Nottingham <notting@redhat.com>
- fix trigger (#26859)
* Wed Feb 07 2001 Bill Nottingham <notting@redhat.com>
- add i18n support, japanese patch (#26253)
* Wed Feb 07 2001 Trond Eivind Glomsrd <teg@redhat.com>
- i18n improvements in initscript (#26537)
* Wed Jan 31 2001 Bill Nottingham <notting@redhat.com>
- put smbpasswd in samba-common (#25429)
* Wed Jan 24 2001 Bill Nottingham <notting@redhat.com>
- new i18n stuff
* Sun Jan 21 2001 Bill Nottingham <notting@redhat.com>
- rebuild
* Thu Jan 18 2001 Bill Nottingham <notting@redhat.com>
- i18n-ize initscript
- add a sysconfig file for daemon options (#23550)
- clarify smbpasswd man page (#23370)
- build with LFS support (#22388)
- avoid extraneous pam error messages (#10666)
- add Urban Widmark's bug fixes for smbmount (#19623)
- fix setgid directory modes (#11911)
- split swat into subpackage (#19706)
* Wed Oct 25 2000 Nalin Dahyabhai <nalin@redhat.com>
- set a default CA certificate path in smb.conf (#19010)
- require openssl >= 0.9.5a-20 to make sure we have a ca-bundle.crt file
* Mon Oct 16 2000 Bill Nottingham <notting@redhat.com>
- fix swat only_from line (#18726, others)
- fix attempt to write outside buildroot on install (#17943)
* Sun Aug 06 2000 Philipp Knirsch <pknirsch@redhat.com>
- bugfix for smbadduser script (#15148)
* Mon Jul 31 2000 Matt Wilson <msw@redhat.com>
- patch configure.ing (patch11) to disable cups test
- turn off swat by default
* Fri Jul 28 2000 Bill Nottingham <notting@redhat.com>
- fix condrestart stuff
* Fri Jul 21 2000 Bill Nottingham <notting@redhat.com>
- add copytruncate to logrotate file (#14360)
- fix init script (#13708)
* Sat Jul 15 2000 Bill Nottingham <notting@redhat.com>
- move initscript back
- remove 'Using Samba' book from %doc
- move stuff to /etc/samba (#13708)
- default configuration tweaks (#13704)
- some logrotate tweaks
* Wed Jul 12 2000 Prospector <bugzilla@redhat.com>
- automatic rebuild
* Tue Jul 11 2000 Bill Nottingham <notting@redhat.com>
- fix logrotate script (#13698)
* Thu Jul 06 2000 Bill Nottingham <notting@redhat.com>
- fix initscripts req (prereq /etc/init.d)
* Wed Jul 05 2000 Than Ngo <than@redhat.de>
- add initdir macro to handle the initscript directory
- add a new macro to handle /etc/pam.d/system-auth
* Thu Jun 29 2000 Bill Nottingham <notting@redhat.com>
- fix init script
* Tue Jun 27 2000 Bill Nottingham <notting@redhat.com>
- rename samba logs (#11606)
* Mon Jun 26 2000 Bill Nottingham <notting@redhat.com>
- initscript munging
* Fri Jun 16 2000 Bill Nottingham <notting@redhat.com>
- configure the swat stuff usefully
- re-integrate some specfile tweaks that got lost somewhere
* Thu Jun 15 2000 Bill Nottingham <notting@redhat.com>
- rebuild to get rid of cups dependency
* Wed Jun 14 2000 Nalin Dahyabhai <nalin@redhat.com>
- tweak logrotate configurations to use the PID file in /var/lock/samba
* Sun Jun 11 2000 Bill Nottingham <notting@redhat.com>
- rebuild in new environment
* Thu Jun 01 2000 Nalin Dahyabhai <nalin@redhat.com>
- change PAM setup to use system-auth
* Mon May 08 2000 Bill Nottingham <notting@redhat.com>
- fixes for ia64
* Sat May 06 2000 Bill Nottingham <notting@redhat.com>
- switch to %configure
* Wed Apr 26 2000 Nils Philippsen <nils@redhat.de>
- version 2.0.7
* Sun Mar 26 2000 Florian La Roche <Florian.LaRoche@redhat.com>
- simplify preun
* Thu Mar 16 2000 Bill Nottingham <notting@redhat.com>
- fix yp_get_default_domain in autoconf
- only link against readline for smbclient
- fix log rotation (#9909)
* Fri Feb 25 2000 Bill Nottingham <notting@redhat.com>
- fix trigger, again.
* Mon Feb 07 2000 Bill Nottingham <notting@redhat.com>
- fix trigger.
* Fri Feb 04 2000 Bill Nottingham <notting@redhat.com>
- turn on quota support
* Mon Jan 31 2000 Cristian Gafton <gafton@redhat.com>
- rebuild to fox dependencies
- man pages are compressed
* Fri Jan 21 2000 Bill Nottingham <notting@redhat.com>
- munge post scripts slightly
* Wed Jan 19 2000 Bill Nottingham <notting@redhat.com>
- turn on mmap again. Wheee.
- ship smbmount on alpha
* Mon Dec 06 1999 Bill Nottingham <notting@redhat.com>
- turn off mmap. ;)
* Wed Dec 01 1999 Bill Nottingham <notting@redhat.com>
- change /var/log/samba to 0700
- turn on mmap support
* Thu Nov 11 1999 Bill Nottingham <notting@redhat.com>
- update to 2.0.6
* Fri Oct 29 1999 Bill Nottingham <notting@redhat.com>
- add a %defattr for -common
* Tue Oct 05 1999 Bill Nottingham <notting@redhat.com>
- shift some files into -client
- remove /home/samba from package.
* Tue Sep 28 1999 Bill Nottingham <notting@redhat.com>
- initscript oopsie. killproc <name> -HUP, not other way around.
* Sun Sep 26 1999 Bill Nottingham <notting@redhat.com>
- script cleanups. Again.
* Wed Sep 22 1999 Bill Nottingham <notting@redhat.com>
- add a patch to fix dropped reconnection attempts
* Mon Sep 06 1999 Jeff Johnson <jbj@redhat.com>
- use cp rather than mv to preserve /etc/services perms (#4938 et al).
- use mktemp to generate /etc/tmp.XXXXXX file name.
- add prereqs on sed/mktemp/killall (need to move killall to /bin).
- fix trigger syntax (i.e. "samba < 1.9.18p7" not "samba < samba-1.9.18p7")
* Mon Aug 30 1999 Bill Nottingham <notting@redhat.com>
- sed "s|nawk|gawk|" /usr/bin/convert_smbpasswd
* Sat Aug 21 1999 Bill Nottingham <notting@redhat.com>
- fix typo in mount.smb
* Fri Aug 20 1999 Bill Nottingham <notting@redhat.com>
- add a %trigger to work around (sort of) broken scripts in
previous releases
* Mon Aug 16 1999 Bill Nottingham <notting@redhat.com>
- initscript munging
* Mon Aug 09 1999 Bill Nottingham <notting@redhat.com>
- add domain parsing to mount.smb
* Fri Aug 06 1999 Bill Nottingham <notting@redhat.com>
- add a -common package, shuffle files around.
* Fri Jul 23 1999 Bill Nottingham <notting@redhat.com>
- add a chmod in %postun so /etc/services & inetd.conf don't become unreadable
* Wed Jul 21 1999 Bill Nottingham <notting@redhat.com>
- update to 2.0.5
- fix mount.smb - smbmount options changed again.........
- fix postun. oops.
- update some stuff from the samba team's spec file.
* Fri Jun 18 1999 Bill Nottingham <notting@redhat.com>
- split off clients into separate package
- don't run samba by default
* Mon Jun 14 1999 Bill Nottingham <notting@redhat.com>
- fix one problem with mount.smb script
- fix smbpasswd on sparc with a really ugly kludge
* Thu Jun 10 1999 Dale Lovelace <dale@redhat.com>
- fixed logrotate script
* Tue May 25 1999 Bill Nottingham <notting@redhat.com>
- turn of 64-bit locking on 32-bit platforms
* Thu May 20 1999 Bill Nottingham <notting@redhat.com>
- so many releases, so little time
- explicitly uncomment 'printing = bsd' in sample config
* Tue May 18 1999 Bill Nottingham <notting@redhat.com>
- update to 2.0.4a
- fix mount.smb arg ordering
* Fri Apr 16 1999 Bill Nottingham <notting@redhat.com>
- go back to stop/start for restart (-HUP didn't work in testing)
* Fri Mar 26 1999 Bill Nottingham <notting@redhat.com>
- add a mount.smb to make smb mounting a little easier.
- smb filesystems apparently don't work on alpha. Oops.
* Thu Mar 25 1999 Bill Nottingham <notting@redhat.com>
- always create codepages
* Tue Mar 23 1999 Bill Nottingham <notting@redhat.com>
- logrotate changes
* Sun Mar 21 1999 Cristian Gafton <gafton@redhat.com>
- auto rebuild in the new build environment (release 3)
* Fri Mar 19 1999 Preston Brown <pbrown@redhat.com>
- updated init script to use graceful restart (not stop/start)
* Tue Mar 09 1999 Bill Nottingham <notting@redhat.com>
- update to 2.0.3
* Thu Feb 18 1999 Bill Nottingham <notting@redhat.com>
- update to 2.0.2
* Mon Feb 15 1999 Bill Nottingham <notting@redhat.com>
- swat swat
* Tue Feb 09 1999 Bill Nottingham <notting@redhat.com>
- fix bash2 breakage in post script
* Fri Feb 05 1999 Bill Nottingham <notting@redhat.com>
- update to 2.0.0
* Mon Oct 12 1998 Cristian Gafton <gafton@redhat.com>
- make sure all binaries are stripped
* Thu Sep 17 1998 Jeff Johnson <jbj@redhat.com>
- update to 1.9.18p10.
- fix %triggerpostun.
* Tue Jul 07 1998 Erik Troan <ewt@redhat.com>
- updated postun triggerscript to check $0
- clear /etc/codepages from %preun instead of %postun
* Mon Jun 08 1998 Erik Troan <ewt@redhat.com>
- made the %postun script a tad less agressive; no reason to remove
the logs or lock file (after all, if the lock file is still there,
samba is still running)
- the %postun and %preun should only exectute if this is the final
removal
- migrated %triggerpostun from Red Hat's samba package to work around
packaging problems in some Red Hat samba releases
* Sun Apr 26 1998 John H Terpstra <jht@samba.anu.edu.au>
- minor tidy up in preparation for release of 1.9.18p5
- added findsmb utility from SGI package
* Wed Mar 18 1998 John H Terpstra <jht@samba.anu.edu.au>
- Updated version and codepage info.
- Release to test name resolve order
* Sat Jan 24 1998 John H Terpstra <jht@samba.anu.edu.au>
- Many optimisations (some suggested by Manoj Kasichainula <manojk@io.com>
- Use of chkconfig in place of individual symlinks to /etc/rc.d/init/smb
- Compounded make line
- Updated smb.init restart mechanism
- Use compound mkdir -p line instead of individual calls to mkdir
- Fixed smb.conf file path for log files
- Fixed smb.conf file path for incoming smb print spool directory
- Added a number of options to smb.conf file
- Added smbadduser command (missed from all previous RPMs) - Doooh!
- Added smbuser file and smb.conf file updates for username map