Bug#684679: RFS: nullmailer/1:1.11-2 (security bugfix upload request)

To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: Bug#684679: RFS: nullmailer/1:1.11-2 (security bugfix upload request)
From: Nick Leverton <nick@leverton.org>
Date: Sun, 12 Aug 2012 21:18:19 +0100
Message-id: <[🔎] 20120812201819.GA18907@leverton.org>
Reply-to: Nick Leverton <nick@leverton.org>, 684679@bugs.debian.org

Package: sponsorship-requests
Severity: normal

Dear mentors,

I am looking for a sponsor for my package "nullmailer", which I hope will
qualify for a freeze exception as this upload fixes a new security issue.
(I haven't yet approached ftp-masters about this though).

 Package name    : nullmailer
 Version         : 1:1.11-2
 Upstream Author : Bruce Guenter <bruce@untroubled.org>
 URL             : http://untroubled.org/nullmailer/
 License         : GPL-2+
 Section         : mail

It builds those binary packages:

  nullmailer - simple relay-only mail transport agent

To access further information about this package, please visit the following URL:

http://mentors.debian.net/package/nullmailer


Alternatively, one can download the package with dget using this command:

  dget -x http://mentors.debian.net/debian/pool/main/n/nullmailer/nullmailer_1.11-2.dsc

Changes since the last upload:

diff -Nru nullmailer-1.11/debian/changelog nullmailer-1.11/debian/changelog
--- nullmailer-1.11/debian/changelog	2012-06-16 16:36:28.000000000 +0100
+++ nullmailer-1.11/debian/changelog	2012-08-11 23:55:36.000000000 +0100
@@ -1,3 +1,9 @@
+nullmailer (1:1.11-2) unstable; urgency=low
+
+  * Make 'remotes' not world-readable (Closes: #684619)
+
+ -- Nick Leverton <nick@leverton.org>  Sat, 11 Aug 2012 23:54:55 +0100
+
 nullmailer (1:1.11-1) unstable; urgency=low
 
   * New upstream release
diff -Nru nullmailer-1.11/debian/postinst nullmailer-1.11/debian/postinst
--- nullmailer-1.11/debian/postinst	2012-05-16 08:25:36.000000000 +0100
+++ nullmailer-1.11/debian/postinst	2012-08-12 20:23:46.000000000 +0100
@@ -24,10 +24,14 @@
 		fi
 
 		db_get nullmailer/relayhost
+		# securely create nullmailer/remotes with mode 0600
+		R=$( tempfile -d /etc/nullmailer -p nullm )
 		echo "$RET" | sed -r -e ':a s/(\[[^]:]*):/\1=/; ta' \
 				     -e 's/[[:space:]]*:[[:space:]]*/\n/g' \
 				     -e ':b s/(\[[^]=]*)=/\1:/; tb' \
-				     -e 's/[][]//g' > /etc/nullmailer/remotes
+				     -e 's/[][]//g' >> $R
+		chown mail:mail $R
+		mv $R /etc/nullmailer/remotes
 
 		db_get nullmailer/adminaddr
 		if [ "$RET" ]; then

Reply to:

Follow-Ups:
- Bug#684679: RFS: nullmailer/1:1.11-2 (security bugfix upload request)
  - From: Michael Tokarev <mjt@tls.msk.ru>
- Bug#684679: RFS: nullmailer/1:1.11-2 (security bugfix upload request)
  - From: Don Armstrong <don@debian.org>

Prev by Date: Bug#684220: RFS: tinysvm/0.09-1 [ITP] -- SVM trainer and classifier toolkit
Next by Date: Re: Bug#669565: RFS: gammaray/1.1.0-1 [ITP] -- Tool for examining the internals of Qt application
Previous by thread: Re: upstream upgrade capable of running in parallel with old version.
Next by thread: Bug#684679: RFS: nullmailer/1:1.11-2 (security bugfix upload request)
Index(es):
- Date
- Thread