SELinux policies have been updated to make samba work ok as a Domain
Controller, meanwhile we established a directories where scripts can be
installed and run unconfined from smbd.
The default smb.conf now contains some more information on how to modify
some relevant selinux options to make samba work.
Dependencies and the condrestart tricks should avoid that things go wrong.
Guenther, please check if you see any big problem, as soon as you ack I will
push it into rawhide, then we can go on with adding the winbindd/offline
stuff we discussed today.
Simo.
- New upstream RC release.
- Update the -logfiles, and -passwd patches for
3.0.23rc3
- Include the change to smb.init from Bastien Nocera <bnocera@redhat.com>)
to close
bz#182560 Wrong retval for initscript when smbd is dead
- Update this spec file to build with 3.0.23rc3
- Remove the -install.mount.smbfs patch, since we don't install
mount.smbfs any more.
- New upstream release
Includes five upstream patches -bug3010_v1, -groupname_enumeration_v3,
-regcreatekey_winxp_v1, -usrmgr_groups_v1, and -winbindd_v1
This obsoletes the -pie and -delim patches
the -warning and -gcc4 patches are obsolete too
The -man, -passwd, and -smbspool patches were updated to match 3.0.20pre1
Also, the -quoting patch was implemented differently upstream
There is now a umount.cifs executable and manpage
We run autogen.sh as part of the build phase
The testprns command is now gone
libsmbclient now has a man page
- Include -bug106483 patch to close
bz#106483 smbclient: -N negates the provided password, despite documentation
- Added the -warnings patch to quiet some compiler warnings.
- Removed many obsolete patches from CVS.
* Mon Aug 16 2004 Jay Fenlason <fenlason@redhat.com> 3.0.6-3
- New upstream version.
- Include post 3.0.6 patch from "Gerald (Jerry) Carter" <jerry@samba.org>
to fix a duplicate in the LDAP schema.
- Include 64-bit timestamp patch from Ravikumar (rkumar@hp.com)
to allow correct timestamp handling on 64-bit platforms and fix#126109.
- reenable the -pie patch. Samba is too widely used, and too vulnerable
to potential security holes to disable an important security feature
like -pie. The correct fix is to have the toolchain not create broken
executables when programs compiled -pie are stripped.
- Remove obsolete patches.
- Modify this spec file to put libsmbclient.{a,so} in the right place on
x86_64 machines.
* Thu Aug 05 2004 Jason Vas Dias <jvdias@redhat.com> 3.0.5-3
- Removed '-pie' patch - 3.0.5 uses -fPIC/-PIC, and the combination
- resulted in executables getting corrupt stacks, causing smbmnt to
- get a SIGBUS in the mount() call (bug 127420).
* Fri Jul 30 2004 Jay Fenlason <fenlason@redhat.com> 3.0.5-2
- Upgrade to 3.0.5, which is a regression from 3.0.5pre1 for a
security fix.
- Include the 3.0.4-backport patch from the 3E branch. This restores
some of the 3.0.5pre1 and 3.0.5rc1 functionality.
* Tue Jul 20 2004 Jay Fenlason <fenlason@redhat.com> 3.0.5-0.pre1.1
- Backport base64_decode patche to close CAN-2004-0500
- Backport hash patch to close CAN-2004-0686
- use_authtok patch from Nalin Dahyabhai <nalin@redhat.com>
- smbclient-kerberos patch from Alexander Larsson <alexl@redhat.com>
- passwd patch uses "*" instead of "x" for "hashed" passwords for
accounts created by winbind. "x" means "password is in /etc/shadow" to
brain-damaged pam_unix module.
* Fri Jul 02 2004 Jay Fenlason <fenlason@redhat.com> 3.0.5.0pre1.0
- New upstream version
- use % { SOURCE1 } instead of a hardcoded path
- include -winbind patch from Gerald (Jerry) Carter (jerry@samba.org)
https://bugzilla.samba.org/show_bug.cgi?id=1315
to make winbindd work against Windows versions that do not have
128 bit encryption enabled.
- Moved /usr/bin/net to the -common package, so that folks who just
want to use winbind, etc don't have to install -client in order to
"net join" their domain.
- New upstream version obsoletes the patches added in 3.0.3-5
- Remove smbgetrc.5 man page, since we don't ship smbget.