Bug#602067: unblock: couchdb/0.11.0-2.2
Hi Julien,
On Mon, Nov 01, 2010 at 06:44:56PM +0100, Julien Cristau wrote:
> This makes those 3 directories world-readable. Is that ok (I have no
> idea what perms the files in them have, or how confidential they are)?
It's OK for /etc/couchdb, only local.ini there merits read protection
according to Raphaël:
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=600051#5
But you've got a point about the /var dirs. Here's a revised cut -- please
confirm if ok to upload.
diff -Nurp couchdb-0.11.0.orig//debian/changelog couchdb-0.11.0/debian/changelog
--- couchdb-0.11.0.orig//debian/changelog 2010-11-01 19:47:14.000000000 +0100
+++ couchdb-0.11.0/debian/changelog 2010-11-01 20:16:06.000000000 +0100
@@ -1,3 +1,19 @@
+couchdb (0.11.0-2.3) unstable; urgency=high
+
+ * Non-maintainer upload.
+ * debian/rules: make sure /var/{lib,log}/couchdb are accessible only to
+ couchdb user and group (partial revert of previous upload).
+
+ -- Serafeim Zanikolas <sez@debian.org> Mon, 01 Nov 2010 20:08:08 +0100
+
+couchdb (0.11.0-2.2) unstable; urgency=high
+
+ * Non-maintainer upload.
+ * Apply permission settings during package build (as opposed to during
+ package installation) (Closes: #600051). Setting high urgency for RC bug.
+
+ -- Serafeim Zanikolas <sez@debian.org> Sat, 30 Oct 2010 13:03:20 +0200
+
couchdb (0.11.0-2.1) unstable; urgency=high
* Non-maintainer upload by the Security Team.
diff -Nurp couchdb-0.11.0.orig//debian/postinst couchdb-0.11.0/debian/postinst
--- couchdb-0.11.0.orig//debian/postinst 2010-11-01 19:47:14.000000000 +0100
+++ couchdb-0.11.0/debian/postinst 2010-11-01 19:51:04.000000000 +0100
@@ -24,9 +24,6 @@ case $1 in
chown -R couchdb:couchdb /etc/couchdb
chown -R couchdb:couchdb /var/lib/couchdb
chown -R couchdb:couchdb /var/log/couchdb
- chmod -R 0770 /etc/couchdb
- chmod -R 0770 /var/lib/couchdb
- chmod -R 0770 /var/log/couchdb
;;
esac
diff -Nurp couchdb-0.11.0.orig//debian/rules couchdb-0.11.0/debian/rules
--- couchdb-0.11.0.orig//debian/rules 2010-11-01 19:47:14.000000000 +0100
+++ couchdb-0.11.0/debian/rules 2010-11-01 20:07:01.000000000 +0100
@@ -35,6 +35,10 @@ common-binary-post-install-arch::
cp debian/binary.lintian-overrides debian/couchdb/usr/share/lintian/overrides/couchdb
common-binary-predeb-arch::
+ dh_fixperms debian/couchdb/
+ chmod 660 debian/couchdb/etc/couchdb/local.ini
+ chmod 770 debian/couchdb/var/lib/couchdb
+ chmod 770 debian/couchdb/var/log/couchdb
erlang-depends
# @@ only works from source directory, see #494141
Reply to: