[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Please unblock opendnssec/1.1.3-2

It fixes one critical and one grave bug:

   * Reorder unsetting permission and deleting the user account
     (Closes: #604042)
   * Fix insecure PYTHONPATH (Closes: #605161)

1.1.3-1 to 1.1.3-2 diff is attached.

Thanks,
-- 
Ondřej Surý <ondrej@sury.org>

diff --git a/debian/changelog b/debian/changelog
index f31db16..e8ecd61 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,11 @@
+opendnssec (1.1.3-2) unstable; urgency=high
+
+  * Reorder unsetting permission and deleting the user account
+    (Closes: #604042)
+  * Fix insecure PYTHONPATH (Closes: #605161)
+
+ -- Ondřej Surý <ondrej@debian.org>  Tue, 30 Nov 2010 12:15:58 +0100
+
 opendnssec (1.1.3-1) unstable; urgency=high
 
   * New upstream version
diff --git a/debian/opendnssec-common.postinst b/debian/opendnssec-common.postinst
index 7bf154d..95b90c5 100644
--- a/debian/opendnssec-common.postinst
+++ b/debian/opendnssec-common.postinst
@@ -5,7 +5,7 @@ set -e
 
 set_perms() {
     if ! dpkg-statoverride --list "$4" >/dev/null; then
-        dpkg-statoverride --update --add "$@"
+        dpkg-statoverride --quiet --update --add "$@"
     fi
 }
 
diff --git a/debian/opendnssec-common.postrm b/debian/opendnssec-common.postrm
index 1c18eff..7bbaa2f 100644
--- a/debian/opendnssec-common.postrm
+++ b/debian/opendnssec-common.postrm
@@ -4,19 +4,18 @@
 set -e
 
 unset_perms() {
-    dpkg-statoverride --remove "$1" >/dev/null 2>/dev/null || true
+    dpkg-statoverride --quiet --remove "$1" || true
 }
 
 case "$1" in
     purge)
 
-	deluser --quiet opendnssec > /dev/null || true
-
 	unset_perms /etc/opendnssec
 
 	for dir in tmp signconf unsigned signed db; do
 	    unset_perms /var/lib/opendnssec/$dir
 	done
+	unset_perms /var/lib/opendnssec
 
 	for conf in conf.xml kasp.xml zonefetch.xml zonelist.xml; do
 	    # unset dpkg-statoverride permissions
@@ -37,6 +36,8 @@ case "$1" in
 	    fi
 	done
 
+	deluser --quiet opendnssec > /dev/null || true
+
     ;;
 
     remove|upgrade|failed-upgrade|abort-install|abort-upgrade|disappear)
diff --git a/debian/patches/010-fix_PYTHONPATH.patch b/debian/patches/010-fix_PYTHONPATH.patch
new file mode 100644
index 0000000..af40607
--- /dev/null
+++ b/debian/patches/010-fix_PYTHONPATH.patch
@@ -0,0 +1,11 @@
+diff --git a/signer/signer_engine/ods-signerd.in b/signer/signer_engine/ods-signerd.in
+index bf3e643..ae4e8aa 100644
+--- a/signer/signer_engine/ods-signerd.in
++++ b/signer/signer_engine/ods-signerd.in
+@@ -27,5 +27,5 @@
+ #
+ 
+ ENGINE_LOC=@OPENDNSSEC_LIB_DIR@/signer
+-PYTHONPATH=${ENGINE_LOC}:$PYTHONPATH
++PYTHONPATH=${ENGINE_LOC}${PYTHONPATH:+:$PYTHONPATH}
+ @PYTHON@ ${ENGINE_LOC}/Engine.py $@
diff --git a/debian/patches/series b/debian/patches/series
index 554315e..65a746b 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -5,3 +5,4 @@
 006-fail_build_on_failed_test.patch
 008-tools_install_path.patch
 009-ods-control.in_fixes.patch
+010-fix_PYTHONPATH.patch
Reply to: