From 4453e8048631573e99279bb5c6736d7484aa8e7b Mon Sep 17 00:00:00 2001
From: Karel Balej <balejk@matfyz.cz>
Date: Thu, 5 Jun 2025 19:35:15 +0200
Subject: [PATCH] coturn: restrict access to the configuration file

The file can contain secrets, in particular a shared secret used by
other services to generate credentials for the TURN server.
---
 srcpkgs/coturn/INSTALL  | 2 ++
 srcpkgs/coturn/template | 2 +-
 2 files changed, 3 insertions(+), 1 deletion(-)

diff --git a/srcpkgs/coturn/INSTALL b/srcpkgs/coturn/INSTALL
index 3ee6f34d2ae..6f98603c58a 100644
--- a/srcpkgs/coturn/INSTALL
+++ b/srcpkgs/coturn/INSTALL
@@ -1,5 +1,7 @@
 case "${ACTION}" in
 post)
 	setcap CAP_NET_BIND_SERVICE=+ep usr/bin/turnserver
+	chmod 640 etc/turnserver.conf
+	chown :_coturn etc/turnserver.conf
 	;;
 esac
diff --git a/srcpkgs/coturn/template b/srcpkgs/coturn/template
index 826acd6adab..2985f5311c4 100644
--- a/srcpkgs/coturn/template
+++ b/srcpkgs/coturn/template
@@ -1,7 +1,7 @@
 # Template file for 'coturn'
 pkgname=coturn
 version=4.7.0
-revision=1
+revision=2
 build_style=configure
 configure_args="
  --prefix=/usr