- added trigger to fix CVE-2013-4476

author Jan Rękorajski <baggins@pld-linux.org>

Thu, 16 Jan 2014 18:55:24 +0000 (19:55 +0100)

committer Jan Rękorajski <baggins@pld-linux.org>

Thu, 16 Jan 2014 18:55:24 +0000 (19:55 +0100)
author Jan Rękorajski <baggins@pld-linux.org>
Thu, 16 Jan 2014 18:55:24 +0000 (19:55 +0100)
committer Jan Rękorajski <baggins@pld-linux.org>
Thu, 16 Jan 2014 18:55:24 +0000 (19:55 +0100)
diff --git a/samba.spec b/samba.spec

index a153f992c57dccf121507da7eae1a97d97409cda..63f125064a878e82d8d9e8392b5b98ea1b33be4e 100644 (file)
--- a/samba.spec
+++ b/samba.spec
@@ -675,6 +675,17 @@ fi
  %service samba restart "Samba AD daemons"
  %systemd_post samba.service
  
+%triggerpostun -- samba4 < 1:4.1.1-1
+# CVE-2013-4476
+[ -e %{_sysconfdir}/samba/tls/key.pem ] || exit 0
+PERMS=$(stat -c %a %{_sysconfdir}/samba/tls/key.pem)
+if [ "$PERMS" != "600" ]; then
+       chmod 600 %{_sysconfdir}/samba/tls/key.pem || :
+       echo "Fixed permissions of private key file %{_sysconfdir}/samba/tls/key.pem from $PERMS to 600"
+       echo "Consider regenerating TLS certificate"
+       echo "Removing all tls .pem files will cause an auto-regeneration with the correct permissions"
+fi
+
  %triggerprein common -- samba4
  cp -a %{_sysconfdir}/samba/smb.conf %{_sysconfdir}/samba/smb.conf.samba4
author	Jan Rękorajski <baggins@pld-linux.org>
	Thu, 16 Jan 2014 18:55:24 +0000 (19:55 +0100)
committer	Jan Rękorajski <baggins@pld-linux.org>
	Thu, 16 Jan 2014 18:55:24 +0000 (19:55 +0100)