From 8ce589ebf2675d1c1c6501d029a0ce860fe74ea8 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Jaroslav=20=C5=A0karvada?= <jskarvad@redhat.com>
Date: Mon, 20 Aug 2018 16:34:24 +0200
Subject: [PATCH] Fixed sendmail.pem unsafe: Group readable file

---
 sendmail.spec | 7 +++++--
 1 file changed, 5 insertions(+), 2 deletions(-)

diff --git a/sendmail.spec b/sendmail.spec
index e8e4ee1..f554598 100644
--- a/sendmail.spec
+++ b/sendmail.spec
@@ -19,7 +19,7 @@
 Summary: A widely used Mail Transport Agent (MTA)
 Name: sendmail
 Version: 8.15.2
-Release: 29%{?dist}
+Release: 30%{?dist}
 License: Sendmail
 Group: System Environment/Daemons
 URL: http://www.sendmail.org/
@@ -587,7 +587,7 @@ if [ ! -f %{sslcert} ]; then
 
   %{_bindir}/openssl req -new -key %{sslkey} -x509 -sha256 -days 365 -set_serial $RANDOM -out %{sslcert} \
     -subj "/C=--/ST=SomeState/L=SomeCity/O=SomeOrganization/OU=SomeOrganizationalUnit/CN=${FQDN}/emailAddress=root@${FQDN}"
-  chmod 644 %{sslcert}
+  chmod 600 %{sslcert}
 fi
 
 exit 0
@@ -749,6 +749,9 @@ fi
 %endif
 
 %changelog
+* Mon Aug 20 2018 Jaroslav Škarvada <jskarvad@redhat.com> - 8.15.2-30
+- Fixed sendmail.pem unsafe: Group readable file
+
 * Mon Jul 23 2018 Robert Scheck <robert@fedoraproject.org> - 8.15.2-29
 - Add basic sendmail TLS configuration by default (#1607314 #c11)