Your message dated Fri, 07 Nov 2014 00:21:44 +0100
with message-id <[email protected]>
and subject line Re: Bug#768298: unblock: firebird2.5/2.5.3.26778.ds4-3
has caused the Debian Bug report #768298,
regarding unblock: firebird2.5/2.5.3.26778.ds4-3
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
768298: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=768298
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Package: release.debian.org
Severity: normal
User: [email protected]
Usertags: unblock
Please unblock package firebird2.5
Version 2.5.3.26778.ds4-3 fixes a bug (#767497) whether a file under
/var/run/firebird/2.5 is created world-writable. The containing directory is
created with stricter permissions (0770 firebird:firebird), but still a
world-writable file under /var/run is quite disturbing.
unblock firebird2.5/2.5.3.26778.ds4-3
The debdiff since 2.5.3.26778.ds4-2 (in jessie) is below. The
debian/patches/out/fb_guard-lock-permissions.patch is also available at
http://anonscm.debian.org/cgit/pkg-firebird/2.5.git/tree/debian/patches/out/fb_guard-lock-permissions.patch
Thanks,
dam
$ debdiff firebird2.5_2.5.3.26778.ds4-{2,3}.dsc
diff -Nru firebird2.5-2.5.3.26778.ds4/debian/changelog
firebird2.5-2.5.3.26778.ds4/debian/changelog
--- firebird2.5-2.5.3.26778.ds4/debian/changelog 2014-07-30
10:57:50.000000000 +0300
+++ firebird2.5-2.5.3.26778.ds4/debian/changelog 2014-11-02
00:28:56.000000000 +0200
@@ -1,3 +1,12 @@
+firebird2.5 (2.5.3.26778.ds4-3) unstable; urgency=medium
+
+ * add patch tightening fb_guard lock file permissions (Closes: #767497)
+ Thanks to Holger Levsen
+ * -super.postinst: tighten permissions on existing fbguard lock file
+ * declare conformance with Policy 3.9.6
+
+ -- Damyan Ivanov <[email protected]> Sat, 01 Nov 2014 22:27:16 +0000
+
firebird2.5 (2.5.3.26778.ds4-2) unstable; urgency=medium
* fix arm64 build by uncommenting one more place where arm64 support is
diff -Nru firebird2.5-2.5.3.26778.ds4/debian/control
firebird2.5-2.5.3.26778.ds4/debian/control
--- firebird2.5-2.5.3.26778.ds4/debian/control 2014-05-29 09:21:43.000000000
+0300
+++ firebird2.5-2.5.3.26778.ds4/debian/control 2014-11-02 00:27:40.000000000
+0200
@@ -19,7 +19,7 @@
po-debconf,
procmail,
Build-Conflicts: autoconf2.13, automake1.4
-Standards-Version: 3.9.5
+Standards-Version: 3.9.6
Vcs-Git: git://anonscm.debian.org/pkg-firebird/2.5.git
Vcs-Browser: http://anonscm.debian.org/gitweb/?p=pkg-firebird/2.5.git;a=summary
Homepage: http://firebirdsql.org/
diff -Nru firebird2.5-2.5.3.26778.ds4/debian/firebird2.5-super.postinst
firebird2.5-2.5.3.26778.ds4/debian/firebird2.5-super.postinst
--- firebird2.5-2.5.3.26778.ds4/debian/firebird2.5-super.postinst
2014-06-19 08:16:56.000000000 +0300
+++ firebird2.5-2.5.3.26778.ds4/debian/firebird2.5-super.postinst
2014-11-02 00:27:06.000000000 +0200
@@ -46,6 +46,10 @@
checkFirebirdAccount
firebird_config_postinst
+
+ if [ -f "$RUN/fb_guard" ]; then
+ chmod 0660 "$RUN/fb_guard"
+ fi
;;
*)
diff -Nru
firebird2.5-2.5.3.26778.ds4/debian/patches/out/fb_guard-lock-permissions.patch
firebird2.5-2.5.3.26778.ds4/debian/patches/out/fb_guard-lock-permissions.patch
---
firebird2.5-2.5.3.26778.ds4/debian/patches/out/fb_guard-lock-permissions.patch
1970-01-01 02:00:00.000000000 +0200
+++
firebird2.5-2.5.3.26778.ds4/debian/patches/out/fb_guard-lock-permissions.patch
2014-11-02 00:27:06.000000000 +0200
@@ -0,0 +1,29 @@
+Description: Tighten permissions of fbguard lock file
+ Creating a worls-writable file is a bad idea, even if it currently lives
+ in a directory restricted for read/write/use to firebird:firebird
+Author: Damyan Ivanov <[email protected]>
+Forwarded: http://tracker.firebirdsql.org/browse/CORE-4595
+Bug-Debian: https://bugs.debian.org/767497
+
+--- a/src/utilities/guard/guard.cpp
++++ b/src/utilities/guard/guard.cpp
+@@ -146,7 +146,7 @@ int CLIB_ROUTINE main( int argc, char **
+ }
+
+ // get and set the umask for the current process
+- const ULONG new_mask = 0000;
++ const ULONG new_mask = 0007;
+ const ULONG old_mask = umask(new_mask);
+
+ // exclusive lock the file
+--- a/src/utilities/guard/util.cpp
++++ b/src/utilities/guard/util.cpp
+@@ -253,7 +253,7 @@ int UTIL_ex_lock(const TEXT* file)
+ Firebird::PathName expanded_filename =
fb_utils::getPrefix(fb_utils::FB_DIR_GUARD, file);
+
+ // file fd for the opened and locked file
+- int fd_file = open(expanded_filename.c_str(), O_RDWR | O_CREAT, 0666);
++ int fd_file = open(expanded_filename.c_str(), O_RDWR | O_CREAT, 0660);
+ if (fd_file == -1)
+ {
+ fprintf(stderr, "Could not open %s for write\n",
expanded_filename.c_str());
diff -Nru firebird2.5-2.5.3.26778.ds4/debian/patches/series
firebird2.5-2.5.3.26778.ds4/debian/patches/series
--- firebird2.5-2.5.3.26778.ds4/debian/patches/series 2014-07-28
10:36:31.000000000 +0300
+++ firebird2.5-2.5.3.26778.ds4/debian/patches/series 2014-11-01
22:53:09.000000000 +0200
@@ -12,3 +12,4 @@
link_atomic_ops.patch
#ignore-collation-version.patch
out/spelling.patch
+out/fb_guard-lock-permissions.patch
--- End Message ---
--- Begin Message ---
On 2014-11-06 11:47, Damyan Ivanov wrote:
> Package: release.debian.org
> Severity: normal
> User: [email protected]
> Usertags: unblock
>
> Please unblock package firebird2.5
>
> Version 2.5.3.26778.ds4-3 fixes a bug (#767497) whether a file under
> /var/run/firebird/2.5 is created world-writable. The containing directory is
> created with stricter permissions (0770 firebird:firebird), but still a
> world-writable file under /var/run is quite disturbing.
>
> unblock firebird2.5/2.5.3.26778.ds4-3
>
> [...]
>
> Thanks,
> dam
>
> [...]
>
Unblocked, thanks.
~Niels
--- End Message ---
