- apply server-role patch

[packages/samba.git] / samba.spec

diff --git a/samba.spec b/samba.spec
index a153f992c57dccf121507da7eae1a97d97409cda..156c44f98119621b9cbf03bac16742208bc77ee7 100644 (file)
--- a/samba.spec
+++ b/samba.spec
@@ -21,7 +21,7 @@ Summary:      Samba Active Directory and SMB server
 Summary(pl.UTF-8):     Serwer Samba Active Directory i SMB
 Name:          samba
 Version:       4.1.4
-Release:       2.1
+Release:       3
 Epoch:         1
 License:       GPL v3
 Group:         Networking/Daemons
@@ -43,6 +43,7 @@ Patch4:               samba-lprng-no-dot-printers.patch
 Patch5:                systemd-pid-dir.patch
 Patch6:                unicodePwd-nthash-values-over-LDAP.patch
 Patch7:                link.patch
+Patch8:                server-role.patch
 URL:           http://www.samba.org/
 BuildRequires: acl-devel
 BuildRequires: autoconf
@@ -491,6 +492,7 @@ Ten pakiet zawiera schemat Samby (samba.schema) dla OpenLDAP-a.
 %patch5 -p1
 %patch6 -p1
 %patch7 -p1
+%patch8 -p1
 
 sed -i -e 's|#!/usr/bin/env python|#!/usr/bin/python|' source4/scripting/bin/samba*
 sed -i -e 's|#!/usr/bin/env perl|#!/usr/bin/perl|' pidl/pidl
@@ -675,6 +677,17 @@ fi
 %service samba restart "Samba AD daemons"
 %systemd_post samba.service
 
+%triggerpostun -- samba4 < 1:4.1.1-1
+# CVE-2013-4476
+[ -e %{_sysconfdir}/samba/tls/key.pem ] || exit 0
+PERMS=$(stat -c %a %{_sysconfdir}/samba/tls/key.pem)
+if [ "$PERMS" != "600" ]; then
+       chmod 600 %{_sysconfdir}/samba/tls/key.pem || :
+       echo "Fixed permissions of private key file %{_sysconfdir}/samba/tls/key.pem from $PERMS to 600"
+       echo "Consider regenerating TLS certificate"
+       echo "Removing all tls .pem files will cause an auto-regeneration with the correct permissions"
+fi
+
 %triggerprein common -- samba4
 cp -a %{_sysconfdir}/samba/smb.conf %{_sysconfdir}/samba/smb.conf.samba4