From Bugzilla Helper: User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.0.1) Gecko/20020804 Description of problem: While Samba's WHATSNEW.txt reads Changes in 2.2.5 12) Include findsmb perl script as part of the "make install" process Red Hat's package does not include "findsmb" any longer. No mention of it in the package changelog as why it was dropped. If it was dropped deliberately, at least mention that in the package changelog, please. Short-circuit installation of the compiled sources via spec file gives: error: Installed (but unpackaged) file(s) found: /usr/bin/findsmb /usr/bin/tdbbackup /usr/share/man/man1/findsmb.1.gz /usr/share/man/man1/smbsh.1.gz /usr/share/man/man8/pdbedit.8.gz Version-Release number of selected component (if applicable): 2.2.5-8
It was removed because it's trusting host name input too much.
Ok, would be nice if you mentioned such changes in the spec file changelog.
Was this pushed back upstream? I can't remember a report to security. Please, if you modify samba (particulary for secruity reasons) we want to know about it - not everybody takes the RedHat distribution... Andrew Bartlett Samba Team
"trusting host name input too much"? no comprendo. i'd like a better clue why findsmb, which i have found quite useful, has been pulled (while meanwhile i'm off to seek where i can find a copy for my use anyway).
In the src.rpm in the original Samba tarball, it's still included for Mandrake Linux (it's just a Perl script): samba-2.2.7a/packaging/Mandrake/findsmb