[gentoo-commits] repo/gentoo:master commit in: net-fs/samba/

Thu, 24 Nov 2022 01:51:00 -0800 

commit:     72b1e774c4f1559b276f6441b1288b6bb0d9c3a0
Author:     Joakim Tjernlund <Joakim.Tjernlund <AT> infinera <DOT> com>
AuthorDate: Thu Nov 17 09:04:25 2022 +0000
Commit:     Sam James <sam <AT> gentoo <DOT> org>
CommitDate: Thu Nov 24 09:50:24 2022 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=72b1e774

net-fs/samba: Make smbspool_krb5_wrapper accessible to root only

For CUPS to exec an plugin as root, group and others must not have privs.

Closes: https://bugs.gentoo.org/880739
Signed-off-by: Joakim Tjernlund <Joakim.Tjernlund <AT> infinera.com>
Closes: https://github.com/gentoo/gentoo/pull/28307
Signed-off-by: Sam James <sam <AT> gentoo.org>

 net-fs/samba/{samba-4.15.12-r1.ebuild => samba-4.15.12-r2.ebuild} | 2 ++
 net-fs/samba/{samba-4.16.7-r1.ebuild => samba-4.16.7-r2.ebuild}   | 2 ++
 2 files changed, 4 insertions(+)

diff --git a/net-fs/samba/samba-4.15.12-r1.ebuild 
b/net-fs/samba/samba-4.15.12-r2.ebuild
similarity index 98%
rename from net-fs/samba/samba-4.15.12-r1.ebuild
rename to net-fs/samba/samba-4.15.12-r2.ebuild
index 9d2737f68680..2b804ec1862d 100644
--- a/net-fs/samba/samba-4.15.12-r1.ebuild
+++ b/net-fs/samba/samba-4.15.12-r2.ebuild
@@ -266,6 +266,8 @@ multilib_src_install() {
 
        # Make all .so files executable
        find "${ED}" -type f -name "*.so" -exec chmod +x {} + || die
+       # smbspool_krb5_wrapper must only be accessible to root, bug #880739
+       find "${ED}" -type f -name "smbspool_krb5_wrapper" -exec chmod go-rwx 
{} + || die
 
        if multilib_is_native_abi ; then
                # install ldap schema for server (bug #491002)

diff --git a/net-fs/samba/samba-4.16.7-r1.ebuild 
b/net-fs/samba/samba-4.16.7-r2.ebuild
similarity index 98%
rename from net-fs/samba/samba-4.16.7-r1.ebuild
rename to net-fs/samba/samba-4.16.7-r2.ebuild
index 36cf60e8eed0..81857fb18f5b 100644
--- a/net-fs/samba/samba-4.16.7-r1.ebuild
+++ b/net-fs/samba/samba-4.16.7-r2.ebuild
@@ -307,6 +307,8 @@ multilib_src_install() {
 
        # Make all .so files executable
        find "${ED}" -type f -name "*.so" -exec chmod +x {} + || die
+       # smbspool_krb5_wrapper must only be accessible to root, bug #880739
+       find "${ED}" -type f -name "smbspool_krb5_wrapper" -exec chmod go-rwx 
{} + || die
 
        if multilib_is_native_abi ; then
                # Install ldap schema for server (bug #491002)

Reply via email to