From 0b34377002f1a47e8c3a43375c02279d4f3415ca Mon Sep 17 00:00:00 2001
From: Peter Lemenkov <peter@fedoraproject.org>
Date: Mar 18 2010 11:08:17 +0000
Subject: Fixed rhbz #564686 and some security-related issues (NOT critical)


---

diff --git a/ejabberd.init b/ejabberd.init
index 99552a6..7d91fb0 100644
--- a/ejabberd.init
+++ b/ejabberd.init
@@ -27,6 +27,9 @@ if [ ! "$CONFIG_FILE" ]; then
 	CONFIG_FILE=/etc/ejabberd/ejabberd.cfg
 fi
 
+# we're using symlinked consolehelper to check user's rights
+progctl=/usr/bin/ejabberdctl
+
 start() {
         echo -n $"Starting ejabberd: "
 	if [ "$ULIMIT_MAX_FILES" ]; then
@@ -34,12 +37,12 @@ start() {
 	fi
 
 	# check whether ejabberd was already started
-	if /usr/sbin/ejabberdctl status > /dev/null 2>&1 ; then
+	if $progctl status > /dev/null 2>&1 ; then
 		echo -n "already running" && warning && echo
 		return 0
 	fi
 
-	daemon /usr/sbin/ejabberdctl start
+	daemon $progctl start
 				--config $CONFIG_FILE \
 				--ctl-config /etc/ejabberd/ejabberdctl.cfg \
 				--logs "/var/log/ejabberd" \
@@ -60,12 +63,12 @@ stop() {
         echo -n "Shutting down ejabberd: "
 
 	# check whether ejabberd was already stopped
-	if ! /usr/sbin/ejabberdctl status > /dev/null 2>&1 ; then
+	if ! $progctl status > /dev/null 2>&1 ; then
 		echo -n "already stopped" && warning && echo
 		return 0
 	fi
 
-	daemon /usr/sbin/ejabberdctl stop 2>/dev/null
+	daemon $progctl stop 2>/dev/null
         RETVAL=$?
         [ $RETVAL -eq 0 ] && rm -f /var/lock/subsys/ejabberd
         echo
@@ -82,6 +85,9 @@ restart() {
         start
 }
 
+# In order to prevent issues with "File operation error: eacces."
+cd /
+
 # See how we were called.
 case "$1" in
   start)
@@ -97,7 +103,7 @@ case "$1" in
         [ -f /var/lock/subsys/ejabberd ] && restart || :
         ;;
   status)
-	/usr/sbin/ejabberdctl status
+	$progctl status
         ;;
   *)
         echo "Usage: ejabberd {start|stop|restart|force-reload|condrestart|try-restart|status}"
diff --git a/ejabberd.spec b/ejabberd.spec
index 7029afa..2bd316c 100644
--- a/ejabberd.spec
+++ b/ejabberd.spec
@@ -12,7 +12,7 @@
 
 Name:           ejabberd
 Version:        2.1.3
-Release:        2%{?dist}
+Release:        3%{?dist}
 Summary:        A distributed, fault-tolerant Jabber/XMPP server
 
 Group:          Applications/Internet
@@ -186,6 +186,8 @@ install -p -m 0644 src/odbc/pg.sql %{buildroot}%{_datadir}/%{name}
 # removed files, which would be packaged later (see 'files' section)
 rm -rf %{buildroot}%{_docdir}/%{name}
 
+# Clean up false security measure
+chmod 755 %{buildroot}%{_sbindir}/ejabberdctl
 
 %pre
 %{__fe_groupadd} %{uid} -r %{name} &>/dev/null || :
@@ -369,6 +371,12 @@ rm -rf %{buildroot}
 %doc doc/yozhikheader.png
 
 %changelog
+* Thu Mar 18 2010 Peter Lemenkov <lemenkov@gmail.com> 2.1.3-3
+- Relax access rights of /usr/sbin/ejabberdctl (from 0550 to 0755)
+- Invoke symlinked consolehelper instead of /usr/sbin/ejabberdctl
+  in init-script
+- Fixed "File operation error: eacces" issue. See rhbz #564686.
+
 * Thu Mar 18 2010 Peter Lemenkov <lemenkov@gmail.com> 2.1.3-2
 - Init-script enhancements
 
diff --git a/import.log b/import.log
index 795ab49..f61e42d 100644
--- a/import.log
+++ b/import.log
@@ -19,3 +19,4 @@ ejabberd-2_1_2-1_fc12:F-12:ejabberd-2.1.2-1.fc12.src.rpm:1264423541
 ejabberd-2_1_2-2_fc12:F-12:ejabberd-2.1.2-2.fc12.src.rpm:1264770848
 ejabberd-2_1_3-1_fc12:F-12:ejabberd-2.1.3-1.fc12.src.rpm:1268409662
 ejabberd-2_1_3-2_fc12:F-12:ejabberd-2.1.3-2.fc12.src.rpm:1268908251
+ejabberd-2_1_3-3_fc12:F-12:ejabberd-2.1.3-3.fc12.src.rpm:1268910452