Package: release.debian.org Severity: normal User: [email protected] Usertags: unblock
Please unblock package firebird2.5 Version 2.5.3.26778.ds4-3 fixes a bug (#767497) whether a file under /var/run/firebird/2.5 is created world-writable. The containing directory is created with stricter permissions (0770 firebird:firebird), but still a world-writable file under /var/run is quite disturbing. unblock firebird2.5/2.5.3.26778.ds4-3 The debdiff since 2.5.3.26778.ds4-2 (in jessie) is below. The debian/patches/out/fb_guard-lock-permissions.patch is also available at http://anonscm.debian.org/cgit/pkg-firebird/2.5.git/tree/debian/patches/out/fb_guard-lock-permissions.patch Thanks, dam $ debdiff firebird2.5_2.5.3.26778.ds4-{2,3}.dsc diff -Nru firebird2.5-2.5.3.26778.ds4/debian/changelog firebird2.5-2.5.3.26778.ds4/debian/changelog --- firebird2.5-2.5.3.26778.ds4/debian/changelog 2014-07-30 10:57:50.000000000 +0300 +++ firebird2.5-2.5.3.26778.ds4/debian/changelog 2014-11-02 00:28:56.000000000 +0200 @@ -1,3 +1,12 @@ +firebird2.5 (2.5.3.26778.ds4-3) unstable; urgency=medium + + * add patch tightening fb_guard lock file permissions (Closes: #767497) + Thanks to Holger Levsen + * -super.postinst: tighten permissions on existing fbguard lock file + * declare conformance with Policy 3.9.6 + + -- Damyan Ivanov <[email protected]> Sat, 01 Nov 2014 22:27:16 +0000 + firebird2.5 (2.5.3.26778.ds4-2) unstable; urgency=medium * fix arm64 build by uncommenting one more place where arm64 support is diff -Nru firebird2.5-2.5.3.26778.ds4/debian/control firebird2.5-2.5.3.26778.ds4/debian/control --- firebird2.5-2.5.3.26778.ds4/debian/control 2014-05-29 09:21:43.000000000 +0300 +++ firebird2.5-2.5.3.26778.ds4/debian/control 2014-11-02 00:27:40.000000000 +0200 @@ -19,7 +19,7 @@ po-debconf, procmail, Build-Conflicts: autoconf2.13, automake1.4 -Standards-Version: 3.9.5 +Standards-Version: 3.9.6 Vcs-Git: git://anonscm.debian.org/pkg-firebird/2.5.git Vcs-Browser: http://anonscm.debian.org/gitweb/?p=pkg-firebird/2.5.git;a=summary Homepage: http://firebirdsql.org/ diff -Nru firebird2.5-2.5.3.26778.ds4/debian/firebird2.5-super.postinst firebird2.5-2.5.3.26778.ds4/debian/firebird2.5-super.postinst --- firebird2.5-2.5.3.26778.ds4/debian/firebird2.5-super.postinst 2014-06-19 08:16:56.000000000 +0300 +++ firebird2.5-2.5.3.26778.ds4/debian/firebird2.5-super.postinst 2014-11-02 00:27:06.000000000 +0200 @@ -46,6 +46,10 @@ checkFirebirdAccount firebird_config_postinst + + if [ -f "$RUN/fb_guard" ]; then + chmod 0660 "$RUN/fb_guard" + fi ;; *) diff -Nru firebird2.5-2.5.3.26778.ds4/debian/patches/out/fb_guard-lock-permissions.patch firebird2.5-2.5.3.26778.ds4/debian/patches/out/fb_guard-lock-permissions.patch --- firebird2.5-2.5.3.26778.ds4/debian/patches/out/fb_guard-lock-permissions.patch 1970-01-01 02:00:00.000000000 +0200 +++ firebird2.5-2.5.3.26778.ds4/debian/patches/out/fb_guard-lock-permissions.patch 2014-11-02 00:27:06.000000000 +0200 @@ -0,0 +1,29 @@ +Description: Tighten permissions of fbguard lock file + Creating a worls-writable file is a bad idea, even if it currently lives + in a directory restricted for read/write/use to firebird:firebird +Author: Damyan Ivanov <[email protected]> +Forwarded: http://tracker.firebirdsql.org/browse/CORE-4595 +Bug-Debian: https://bugs.debian.org/767497 + +--- a/src/utilities/guard/guard.cpp ++++ b/src/utilities/guard/guard.cpp +@@ -146,7 +146,7 @@ int CLIB_ROUTINE main( int argc, char ** + } + + // get and set the umask for the current process +- const ULONG new_mask = 0000; ++ const ULONG new_mask = 0007; + const ULONG old_mask = umask(new_mask); + + // exclusive lock the file +--- a/src/utilities/guard/util.cpp ++++ b/src/utilities/guard/util.cpp +@@ -253,7 +253,7 @@ int UTIL_ex_lock(const TEXT* file) + Firebird::PathName expanded_filename = fb_utils::getPrefix(fb_utils::FB_DIR_GUARD, file); + + // file fd for the opened and locked file +- int fd_file = open(expanded_filename.c_str(), O_RDWR | O_CREAT, 0666); ++ int fd_file = open(expanded_filename.c_str(), O_RDWR | O_CREAT, 0660); + if (fd_file == -1) + { + fprintf(stderr, "Could not open %s for write\n", expanded_filename.c_str()); diff -Nru firebird2.5-2.5.3.26778.ds4/debian/patches/series firebird2.5-2.5.3.26778.ds4/debian/patches/series --- firebird2.5-2.5.3.26778.ds4/debian/patches/series 2014-07-28 10:36:31.000000000 +0300 +++ firebird2.5-2.5.3.26778.ds4/debian/patches/series 2014-11-01 22:53:09.000000000 +0200 @@ -12,3 +12,4 @@ link_atomic_ops.patch #ignore-collation-version.patch out/spelling.patch +out/fb_guard-lock-permissions.patch -- To UNSUBSCRIBE, email to [email protected] with a subject of "unsubscribe". Trouble? Contact [email protected] Archive: https://lists.debian.org/20141106104725.21991.32209.reportbug@dltp
