commit: 72b1e774c4f1559b276f6441b1288b6bb0d9c3a0 Author: Joakim Tjernlund <Joakim.Tjernlund <AT> infinera <DOT> com> AuthorDate: Thu Nov 17 09:04:25 2022 +0000 Commit: Sam James <sam <AT> gentoo <DOT> org> CommitDate: Thu Nov 24 09:50:24 2022 +0000 URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=72b1e774
net-fs/samba: Make smbspool_krb5_wrapper accessible to root only For CUPS to exec an plugin as root, group and others must not have privs. Closes: https://bugs.gentoo.org/880739 Signed-off-by: Joakim Tjernlund <Joakim.Tjernlund <AT> infinera.com> Closes: https://github.com/gentoo/gentoo/pull/28307 Signed-off-by: Sam James <sam <AT> gentoo.org> net-fs/samba/{samba-4.15.12-r1.ebuild => samba-4.15.12-r2.ebuild} | 2 ++ net-fs/samba/{samba-4.16.7-r1.ebuild => samba-4.16.7-r2.ebuild} | 2 ++ 2 files changed, 4 insertions(+) diff --git a/net-fs/samba/samba-4.15.12-r1.ebuild b/net-fs/samba/samba-4.15.12-r2.ebuild similarity index 98% rename from net-fs/samba/samba-4.15.12-r1.ebuild rename to net-fs/samba/samba-4.15.12-r2.ebuild index 9d2737f68680..2b804ec1862d 100644 --- a/net-fs/samba/samba-4.15.12-r1.ebuild +++ b/net-fs/samba/samba-4.15.12-r2.ebuild @@ -266,6 +266,8 @@ multilib_src_install() { # Make all .so files executable find "${ED}" -type f -name "*.so" -exec chmod +x {} + || die + # smbspool_krb5_wrapper must only be accessible to root, bug #880739 + find "${ED}" -type f -name "smbspool_krb5_wrapper" -exec chmod go-rwx {} + || die if multilib_is_native_abi ; then # install ldap schema for server (bug #491002) diff --git a/net-fs/samba/samba-4.16.7-r1.ebuild b/net-fs/samba/samba-4.16.7-r2.ebuild similarity index 98% rename from net-fs/samba/samba-4.16.7-r1.ebuild rename to net-fs/samba/samba-4.16.7-r2.ebuild index 36cf60e8eed0..81857fb18f5b 100644 --- a/net-fs/samba/samba-4.16.7-r1.ebuild +++ b/net-fs/samba/samba-4.16.7-r2.ebuild @@ -307,6 +307,8 @@ multilib_src_install() { # Make all .so files executable find "${ED}" -type f -name "*.so" -exec chmod +x {} + || die + # smbspool_krb5_wrapper must only be accessible to root, bug #880739 + find "${ED}" -type f -name "smbspool_krb5_wrapper" -exec chmod go-rwx {} + || die if multilib_is_native_abi ; then # Install ldap schema for server (bug #491002)