Please unblock opendnssec/1.1.3-2
It fixes one critical and one grave bug:
* Reorder unsetting permission and deleting the user account
(Closes: #604042)
* Fix insecure PYTHONPATH (Closes: #605161)
1.1.3-1 to 1.1.3-2 diff is attached.
Thanks,
--
Ondřej Surý <ondrej@sury.org>
diff --git a/debian/changelog b/debian/changelog
index f31db16..e8ecd61 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,11 @@
+opendnssec (1.1.3-2) unstable; urgency=high
+
+ * Reorder unsetting permission and deleting the user account
+ (Closes: #604042)
+ * Fix insecure PYTHONPATH (Closes: #605161)
+
+ -- Ondřej Surý <ondrej@debian.org> Tue, 30 Nov 2010 12:15:58 +0100
+
opendnssec (1.1.3-1) unstable; urgency=high
* New upstream version
diff --git a/debian/opendnssec-common.postinst b/debian/opendnssec-common.postinst
index 7bf154d..95b90c5 100644
--- a/debian/opendnssec-common.postinst
+++ b/debian/opendnssec-common.postinst
@@ -5,7 +5,7 @@ set -e
set_perms() {
if ! dpkg-statoverride --list "$4" >/dev/null; then
- dpkg-statoverride --update --add "$@"
+ dpkg-statoverride --quiet --update --add "$@"
fi
}
diff --git a/debian/opendnssec-common.postrm b/debian/opendnssec-common.postrm
index 1c18eff..7bbaa2f 100644
--- a/debian/opendnssec-common.postrm
+++ b/debian/opendnssec-common.postrm
@@ -4,19 +4,18 @@
set -e
unset_perms() {
- dpkg-statoverride --remove "$1" >/dev/null 2>/dev/null || true
+ dpkg-statoverride --quiet --remove "$1" || true
}
case "$1" in
purge)
- deluser --quiet opendnssec > /dev/null || true
-
unset_perms /etc/opendnssec
for dir in tmp signconf unsigned signed db; do
unset_perms /var/lib/opendnssec/$dir
done
+ unset_perms /var/lib/opendnssec
for conf in conf.xml kasp.xml zonefetch.xml zonelist.xml; do
# unset dpkg-statoverride permissions
@@ -37,6 +36,8 @@ case "$1" in
fi
done
+ deluser --quiet opendnssec > /dev/null || true
+
;;
remove|upgrade|failed-upgrade|abort-install|abort-upgrade|disappear)
diff --git a/debian/patches/010-fix_PYTHONPATH.patch b/debian/patches/010-fix_PYTHONPATH.patch
new file mode 100644
index 0000000..af40607
--- /dev/null
+++ b/debian/patches/010-fix_PYTHONPATH.patch
@@ -0,0 +1,11 @@
+diff --git a/signer/signer_engine/ods-signerd.in b/signer/signer_engine/ods-signerd.in
+index bf3e643..ae4e8aa 100644
+--- a/signer/signer_engine/ods-signerd.in
++++ b/signer/signer_engine/ods-signerd.in
+@@ -27,5 +27,5 @@
+ #
+
+ ENGINE_LOC=@OPENDNSSEC_LIB_DIR@/signer
+-PYTHONPATH=${ENGINE_LOC}:$PYTHONPATH
++PYTHONPATH=${ENGINE_LOC}${PYTHONPATH:+:$PYTHONPATH}
+ @PYTHON@ ${ENGINE_LOC}/Engine.py $@
diff --git a/debian/patches/series b/debian/patches/series
index 554315e..65a746b 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -5,3 +5,4 @@
006-fail_build_on_failed_test.patch
008-tools_install_path.patch
009-ods-control.in_fixes.patch
+010-fix_PYTHONPATH.patch
Reply to: