rpms/dovecot/F-9 dovecot.spec,1.108,1.109

Michal Hlavinka mhlavink at fedoraproject.org
Mon Nov 3 10:40:41 UTC 2008 

Author: mhlavink

Update of /cvs/extras/rpms/dovecot/F-9
In directory cvs1.fedora.phx.redhat.com:/tmp/cvs-serv30138

Modified Files:
	dovecot.spec 
Log Message:
change permissions of deliver and dovecot.conf to prevent possible password exposure



Index: dovecot.spec
===================================================================
RCS file: /cvs/extras/rpms/dovecot/F-9/dovecot.spec,v
retrieving revision 1.108
retrieving revision 1.109
diff -u -r1.108 -r1.109
--- dovecot.spec	29 Oct 2008 08:00:45 -0000	1.108
+++ dovecot.spec	3 Nov 2008 10:40:11 -0000	1.109
@@ -1,7 +1,7 @@
 %define upstream 1.0.15
 %define sieve_upstream 1.0.3
 %define pkg_version 1.0.15
-%define my_release 14
+%define my_release 15
 %define pkg_release %{my_release}%{?dist}
 %define pkg_sieve_version 1.0.3
 %define pkg_sieve_release %{my_release}%{?dist}
@@ -38,7 +38,6 @@
 Patch103: dovecot-1.0.beta2-mkcert-permissions.patch
 Patch105: dovecot-1.0.rc7-mkcert-paths.patch
 Patch106: dovecot-1.0.rc27-quota-warning.patch
-Patch107: dovecot-1.0-default-settings-passwd.patch
 Patch108: dovecot-1.0.15-cve_2008_4577.patch
 Patch200: dovecot-1.0.rc32-split.patch
 
@@ -183,7 +182,6 @@
 %patch105 -p1 -b .mkcert-paths
 #%patch107 -p1 -b .unicodedata
 %patch106 -p1 -b .quota-warning
-%patch107 -p1 -b .passwd
 %patch108 -p1 -b .cve_2008_4577
 %patch200 -p1 -b .split
 #%patch200 -p1 -b .%{dovecot_hg}
@@ -273,7 +271,7 @@
 	
 # Install dovecot.conf and dovecot-openssl.cnf
 mkdir -p $RPM_BUILD_ROOT/%{ssldir}
-install -p -m644 $RPM_BUILD_DIR/dovecot-%{upstream}/dovecot-example.conf $RPM_BUILD_ROOT/%{_sysconfdir}/dovecot.conf
+install -p -m640 $RPM_BUILD_DIR/dovecot-%{upstream}/dovecot-example.conf $RPM_BUILD_ROOT/%{_sysconfdir}/dovecot.conf
 rm -f $RPM_BUILD_ROOT/%{_sysconfdir}/dovecot-*example.conf # dovecot seems to install this by itself
 install -p -m644 $RPM_BUILD_DIR/dovecot-%{upstream}/doc/dovecot-openssl.cnf $RPM_BUILD_ROOT/%{ssldir}/dovecot-openssl.cnf
 
@@ -373,6 +371,7 @@
 %defattr(-,root,root,-)
 %doc %{docdir}-%{version}  
 %config(noreplace) %{_sysconfdir}/dovecot.conf
+%attr(0640,root,mail) %config(noreplace) %{_sysconfdir}/dovecot.conf
 %attr(0600,root,root) %config(noreplace) %{_sysconfdir}/sysconfig/dovecot
 %config %{_sysconfdir}/rc.d/init.d/dovecot
 %config(noreplace) %{_sysconfdir}/pam.d/dovecot
@@ -383,6 +382,19 @@
 %attr(0600,root,root) %ghost %config(missingok,noreplace) %verify(not md5 size mtime) %{ssldir}/certs/dovecot.pem
 %attr(0600,root,root) %ghost %config(missingok,noreplace) %verify(not md5 size mtime) %{ssldir}/private/dovecot.pem
 %{_libexecdir}/%{name}
+%{_libexecdir}/%{name}/checkpassword-reply
+%attr(2755,root,mail) %{_libexecdir}/%{name}/deliver
+%{_libexecdir}/%{name}/dict
+%{_libexecdir}/%{name}/dovecot-auth
+%{_libexecdir}/%{name}/gdbhelper
+%{_libexecdir}/%{name}/idxview
+%{_libexecdir}/%{name}/imap
+%{_libexecdir}/%{name}/imap-login
+%{_libexecdir}/%{name}/logview
+%{_libexecdir}/%{name}/pop3
+%{_libexecdir}/%{name}/pop3-login
+%{_libexecdir}/%{name}/rawlog
+%{_libexecdir}/%{name}/ssl-build-param
 %dir %{_libdir}/%{name}
 %{_sbindir}/dovecot
 %{_sbindir}/dovecotpw
@@ -440,6 +452,9 @@
 
 
 %changelog
+* Mon Nov 3 2008 Michal Hlavinka <mhlavink at redhat.com> - 1:1.0.15-15
+- change permissions of deliver and dovecot.conf to prevent possible password exposure
+
 * Wed Oct 29 2008 Michal Hlavinka <mhlavink at redhat.com> - 1:1.0.15-14
 - fix handling of negative rights in the ACL plugin (Resolves: CVE-2008-4577)

More information about the fedora-extras-commits mailing list