[packages/samba/DEVEL] - added trigger to fix CVE-2013-4476
baggins
baggins at pld-linux.org
Thu Jan 16 19:55:55 CET 2014
commit 30cb0b6f2030ae201aebf36b8ceebe731e77dfbf
Author: Jan Rękorajski <baggins at pld-linux.org>
Date: Thu Jan 16 19:55:24 2014 +0100
- added trigger to fix CVE-2013-4476
samba.spec | 11 +++++++++++
1 file changed, 11 insertions(+)
---
diff --git a/samba.spec b/samba.spec
index a153f99..63f1250 100644
--- a/samba.spec
+++ b/samba.spec
@@ -675,6 +675,17 @@ fi
%service samba restart "Samba AD daemons"
%systemd_post samba.service
+%triggerpostun -- samba4 < 1:4.1.1-1
+# CVE-2013-4476
+[ -e %{_sysconfdir}/samba/tls/key.pem ] || exit 0
+PERMS=$(stat -c %a %{_sysconfdir}/samba/tls/key.pem)
+if [ "$PERMS" != "600" ]; then
+ chmod 600 %{_sysconfdir}/samba/tls/key.pem || :
+ echo "Fixed permissions of private key file %{_sysconfdir}/samba/tls/key.pem from $PERMS to 600"
+ echo "Consider regenerating TLS certificate"
+ echo "Removing all tls .pem files will cause an auto-regeneration with the correct permissions"
+fi
+
%triggerprein common -- samba4
cp -a %{_sysconfdir}/samba/smb.conf %{_sysconfdir}/samba/smb.conf.samba4
================================================================
---- gitweb:
http://git.pld-linux.org/gitweb.cgi/packages/samba.git/commitdiff/30cb0b6f2030ae201aebf36b8ceebe731e77dfbf
More information about the pld-cvs-commit
mailing list