rpms/bind/F-7 bind.spec,1.198,1.199

[Adam Tkac (atkac)]

Author: atkac

Update of /cvs/pkgs/rpms/bind/F-7
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv3718

Modified Files:
	bind.spec 
Log Message:
- CVE-2007-6283



Index: bind.spec
===================================================================
RCS file: /cvs/pkgs/rpms/bind/F-7/bind.spec,v
retrieving revision 1.198
retrieving revision 1.199
diff -u -r1.198 -r1.199
--- bind.spec	5 Dec 2007 12:12:52 -0000	1.198
+++ bind.spec	19 Dec 2007 16:26:33 -0000	1.199
@@ -18,7 +18,7 @@
 Name: 		bind
 License: 	BSD-like
 Version: 	9.4.2
-Release: 	1.1%{?dist}
+Release: 	2%{?dist}
 Epoch:   	31
 Url: 		http://www.isc.org/products/BIND/
 Buildroot:	%{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
@@ -484,6 +484,9 @@
 	   # fix potential problem with older versions
 	   /bin/sed -i -e 's^@KEY@^'`/usr/sbin/dns-keygen`'^' /etc/rndc.key ;
 	fi
+	# rndc.key has to have correct perms and ownership, CVE-2007-6283
+	[ -e /etc/rndc.key ] && chown root:named /etc/rndc.key
+	[ -e /etc/rndc.key ] && chmod 0640 /etc/rndc.key
 %if %{selinux}
         [ -e /selinux/enforce ] && [ -x /sbin/restorecon ] && /sbin/restorecon /etc/rndc.* /etc/named.* >/dev/null 2>&1 ;
 %endif
@@ -523,6 +526,12 @@
 fi
 :;
 
+%triggerpostun -n bind -- bind <= 31:9.4.2-2
+if [ "$1" -gt 0 ]; then
+	[ -e /etc/rndc.key ] && chown root:named /etc/rndc.key
+	[ -e /etc/rndc.key ] && chmod 0640 /etc/rndc.key
+fi
+:;
 
 %post libs -p /sbin/ldconfig
 
@@ -777,6 +786,9 @@
 
 
 %changelog
+* Wed Dec 19 2007 Adam Tkac <atkac redhat com> 31:9.4.2-2
+- CVE-2007-6283
+
 * Wed Dec 05 2007 Adam Tkac <atkac redhat com> 31:9.4.2-1.1
 - update named.ca file (new L.ROOT-SERVERS.NET, #411141)