Bug#684679: marked as done (RFS: nullmailer/1:1.11-2 (security bugfix upload request))

[owner@bugs.debian.org (Debian Bug Tracking System)]

Your message dated Sat, 15 Sep 2012 18:49:04 +0200
with message-id <201209151849.05296.holger@layer-acht.org>
and subject line preparing the upload as I type...
has caused the Debian Bug report #684679,
regarding RFS: nullmailer/1:1.11-2 (security bugfix upload request)
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact owner@bugs.debian.org
immediately.)


-- 
684679: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=684679
Debian Bug Tracking System
Contact owner@bugs.debian.org with problems

--- Begin Message ---

• To: Debian Bug Tracking System <submit@bugs.debian.org>
• Subject: RFS: nullmailer/1:1.11-2 (security bugfix upload request)
• From: Nick Leverton <nick@leverton.org>
• Date: Sun, 12 Aug 2012 21:18:19 +0100
• Message-id: <20120812201819.GA18907@leverton.org>

Package: sponsorship-requests
Severity: normal

Dear mentors,

I am looking for a sponsor for my package "nullmailer", which I hope will
qualify for a freeze exception as this upload fixes a new security issue.
(I haven't yet approached ftp-masters about this though).

 Package name    : nullmailer
 Version         : 1:1.11-2
 Upstream Author : Bruce Guenter <bruce@untroubled.org>
 URL             : http://untroubled.org/nullmailer/
 License         : GPL-2+
 Section         : mail

It builds those binary packages:

  nullmailer - simple relay-only mail transport agent

To access further information about this package, please visit the following URL:

http://mentors.debian.net/package/nullmailer


Alternatively, one can download the package with dget using this command:

  dget -x http://mentors.debian.net/debian/pool/main/n/nullmailer/nullmailer_1.11-2.dsc

Changes since the last upload:

diff -Nru nullmailer-1.11/debian/changelog nullmailer-1.11/debian/changelog
--- nullmailer-1.11/debian/changelog	2012-06-16 16:36:28.000000000 +0100
+++ nullmailer-1.11/debian/changelog	2012-08-11 23:55:36.000000000 +0100
@@ -1,3 +1,9 @@
+nullmailer (1:1.11-2) unstable; urgency=low
+
+  * Make 'remotes' not world-readable (Closes: #684619)
+
+ -- Nick Leverton <nick@leverton.org>  Sat, 11 Aug 2012 23:54:55 +0100
+
 nullmailer (1:1.11-1) unstable; urgency=low
 
   * New upstream release
diff -Nru nullmailer-1.11/debian/postinst nullmailer-1.11/debian/postinst
--- nullmailer-1.11/debian/postinst	2012-05-16 08:25:36.000000000 +0100
+++ nullmailer-1.11/debian/postinst	2012-08-12 20:23:46.000000000 +0100
@@ -24,10 +24,14 @@
 		fi
 
 		db_get nullmailer/relayhost
+		# securely create nullmailer/remotes with mode 0600
+		R=$( tempfile -d /etc/nullmailer -p nullm )
 		echo "$RET" | sed -r -e ':a s/(\[[^]:]*):/\1=/; ta' \
 				     -e 's/[[:space:]]*:[[:space:]]*/\n/g' \
 				     -e ':b s/(\[[^]=]*)=/\1:/; tb' \
-				     -e 's/[][]//g' > /etc/nullmailer/remotes
+				     -e 's/[][]//g' >> $R
+		chown mail:mail $R
+		mv $R /etc/nullmailer/remotes
 
 		db_get nullmailer/adminaddr
 		if [ "$RET" ]; then

--- End Message ---

--- Begin Message ---

• To: 684679-done@bugs.debian.org
• Subject: preparing the upload as I type...
• From: Holger Levsen <holger@layer-acht.org>
• Date: Sat, 15 Sep 2012 18:49:04 +0200
• Message-id: <201209151849.05296.holger@layer-acht.org>

...thus consider this done :-)


cheers,
	Holger

--- End Message ---