diff options
| author | Adam Tkac <atkac@fedoraproject.org> | 2007-12-19 15:59:19 +0000 |
|---|---|---|
| committer | Adam Tkac <atkac@fedoraproject.org> | 2007-12-19 15:59:19 +0000 |
| commit | 96141ea48f76b3865506a41f29cc2f73a68d0c10 (patch) | |
| tree | 8f11702c0022bd22b37f8051b47942604b2df6b9 /bind.spec | |
| parent | affa6523cda37f6c710a8643ee3bfc29c4cfe741 (diff) | |
- CVE-2007-6283
Diffstat (limited to 'bind.spec')
| -rw-r--r-- | bind.spec | 16 |
1 files changed, 14 insertions, 2 deletions
@@ -21,7 +21,7 @@ Summary: The Berkeley Internet Name Domain (BIND) DNS (Domain Name System) serv Name: bind License: ISC Version: 9.5.0 -Release: 19.2.%{RELEASEVER}%{?dist} +Release: 20.%{RELEASEVER}%{?dist} Epoch: 32 Url: http://www.isc.org/products/BIND/ Buildroot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n) @@ -416,7 +416,7 @@ for f in my.internal.zone.db slaves/my.slave.internal.zone.db slaves/my.ddns.int echo '@ in soa localhost. root 1 3H 15M 1W 1D ns localhost.' > sample/var/named/$f; done -/usr/bin/tail -n '+'`/bin/egrep -n '\\$Id: bind.spec,v 1.233 2007/12/12 13:28:21 atkac Exp $/+1/' | bc` bin/rndc/rndc.conf | sed '/Sample rndc configuration file./{p;i\ +/usr/bin/tail -n '+'`/bin/egrep -n '\\$Id: bind.spec,v 1.234 2007/12/19 15:59:19 atkac Exp $/+1/' | bc` bin/rndc/rndc.conf | sed '/Sample rndc configuration file./{p;i\ *\ * NOTE: you only need to create this file if it is to\ * differ from the following default contents: @@ -448,6 +448,9 @@ if [ "$1" -eq 1 ]; then /bin/sed -i -e 's^@KEY@^'`/usr/sbin/dns-keygen`'^' /etc/rndc.key ; fi [ -x /sbin/restorecon ] && /sbin/restorecon /etc/rndc.* /etc/named.* >/dev/null 2>&1 ; + # rndc.key has to have correct perms and ownership, CVE-2007-6283 + [ -e /etc/rndc.key] && chown root:named /etc/rndc.key + [ -e /etc/rndc.key] && chmod 0640 /etc/rndc.key [ -x /usr/sbin/bind-chroot-admin ] && /usr/sbin/bind-chroot-admin --sync; fi :; @@ -493,6 +496,12 @@ if [ "$1" -gt 0 ]; then fi :; +%triggerpostun -n bind -- bind <= 32:9.5.0-20.b1 +if [ "$1" -gt 0 ]; then + [ -e /etc/rndc.key ] && chown root:named /etc/rndc.key + [ -e /etc/rndc.key ] && chmod 0640 /etc/rndc.key +fi +:; %post libs -p /sbin/ldconfig @@ -667,6 +676,9 @@ rm -rf ${RPM_BUILD_ROOT} %{_sbindir}/bind-chroot-admin %changelog +* Wed Dec 19 2007 Adam Tkac <atkac redhat com> 32:9.5.0-20.b1 +- CVE-2007-6283 + * Wed Dec 12 2007 Adam Tkac <atkac redhat com> 32:9.5.0-19.2.b1 - added dst/gssapi.h to -devel subpackage (#419091) - improved fix for (#417431) |