diff --git a/bind.spec b/bind.spec index 662112b..c653be8 100644 --- a/bind.spec +++ b/bind.spec @@ -18,7 +18,7 @@ Summary: The Berkeley Internet Name Domain (BIND) DNS (Domain Name System) serv Name: bind License: BSD-like Version: 9.4.2 -Release: 1.1%{?dist} +Release: 2%{?dist} Epoch: 31 Url: http://www.isc.org/products/BIND/ Buildroot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n) @@ -453,7 +453,7 @@ for f in my.internal.zone.db slaves/my.slave.internal.zone.db slaves/my.ddns.int echo '@ in soa localhost. root 1 3H 15M 1W 1D ns localhost.' > sample/var/named/$f; done -/usr/bin/tail -n '+'`/bin/egrep -n '\\$Id: bind.spec,v 1.198 2007/12/05 12:12:52 atkac Exp $/+1/' | bc` bin/rndc/rndc.conf | sed '/Sample rndc configuration file./{p;i\ +/usr/bin/tail -n '+'`/bin/egrep -n '\\$Id: bind.spec,v 1.199 2007/12/19 16:26:33 atkac Exp $/+1/' | bc` bin/rndc/rndc.conf | sed '/Sample rndc configuration file./{p;i\ *\ * NOTE: you only need to create this file if it is to\ * differ from the following default contents: @@ -484,6 +484,9 @@ if [ "$1" -eq 1 ]; then # fix potential problem with older versions /bin/sed -i -e 's^@KEY@^'`/usr/sbin/dns-keygen`'^' /etc/rndc.key ; fi + # rndc.key has to have correct perms and ownership, CVE-2007-6283 + [ -e /etc/rndc.key ] && chown root:named /etc/rndc.key + [ -e /etc/rndc.key ] && chmod 0640 /etc/rndc.key %if %{selinux} [ -e /selinux/enforce ] && [ -x /sbin/restorecon ] && /sbin/restorecon /etc/rndc.* /etc/named.* >/dev/null 2>&1 ; %endif @@ -523,6 +526,12 @@ if [ "$1" -gt 0 ]; then fi :; +%triggerpostun -n bind -- bind <= 31:9.4.2-2 +if [ "$1" -gt 0 ]; then + [ -e /etc/rndc.key ] && chown root:named /etc/rndc.key + [ -e /etc/rndc.key ] && chmod 0640 /etc/rndc.key +fi +:; %post libs -p /sbin/ldconfig @@ -777,6 +786,9 @@ rm -rf ${RPM_BUILD_ROOT} %changelog +* Wed Dec 19 2007 Adam Tkac 31:9.4.2-2 +- CVE-2007-6283 + * Wed Dec 05 2007 Adam Tkac 31:9.4.2-1.1 - update named.ca file (new L.ROOT-SERVERS.NET, #411141)