Bug#768298: marked as done (unblock: firebird2.5/2.5.3.26778.ds4-3)

To: Niels Thykier <niels@thykier.net>
Subject: Bug#768298: marked as done (unblock: firebird2.5/2.5.3.26778.ds4-3)
From: owner@bugs.debian.org (Debian Bug Tracking System)
Date: Thu, 06 Nov 2014 23:24:09 +0000
Message-id: <[🔎] handler.768298.D768298.141531611429463.ackdone@bugs.debian.org>
References: <545C0288.6030504@thykier.net> <[🔎] 20141106104725.21991.32209.reportbug@dltp>

Your message dated Fri, 07 Nov 2014 00:21:44 +0100
with message-id <545C0288.6030504@thykier.net>
and subject line Re: Bug#768298: unblock: firebird2.5/2.5.3.26778.ds4-3
has caused the Debian Bug report #768298,
regarding unblock: firebird2.5/2.5.3.26778.ds4-3
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact owner@bugs.debian.org
immediately.)


-- 
768298: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=768298
Debian Bug Tracking System
Contact owner@bugs.debian.org with problems

--- Begin Message ---

To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: unblock: firebird2.5/2.5.3.26778.ds4-3
From: Damyan Ivanov <dmn@debian.org>
Date: Thu, 06 Nov 2014 12:47:25 +0200
Message-id: <[🔎] 20141106104725.21991.32209.reportbug@dltp>

Package: release.debian.org
Severity: normal
User: release.debian.org@packages.debian.org
Usertags: unblock

Please unblock package firebird2.5

Version 2.5.3.26778.ds4-3 fixes a bug (#767497) whether a file under 
/var/run/firebird/2.5 is created world-writable. The containing directory is 
created with stricter permissions (0770 firebird:firebird), but still a 
world-writable file under /var/run is quite disturbing.

unblock firebird2.5/2.5.3.26778.ds4-3

The debdiff since 2.5.3.26778.ds4-2 (in jessie) is below. The 
debian/patches/out/fb_guard-lock-permissions.patch is also available at 
http://anonscm.debian.org/cgit/pkg-firebird/2.5.git/tree/debian/patches/out/fb_guard-lock-permissions.patch 


Thanks,
    dam

$ debdiff firebird2.5_2.5.3.26778.ds4-{2,3}.dsc
diff -Nru firebird2.5-2.5.3.26778.ds4/debian/changelog firebird2.5-2.5.3.26778.ds4/debian/changelog
--- firebird2.5-2.5.3.26778.ds4/debian/changelog        2014-07-30 10:57:50.000000000 +0300
+++ firebird2.5-2.5.3.26778.ds4/debian/changelog        2014-11-02 00:28:56.000000000 +0200
@@ -1,3 +1,12 @@
+firebird2.5 (2.5.3.26778.ds4-3) unstable; urgency=medium
+
+  * add patch tightening fb_guard lock file permissions (Closes: #767497)
+    Thanks to Holger Levsen
+  * -super.postinst: tighten permissions on existing fbguard lock file
+  * declare conformance with Policy 3.9.6
+
+ -- Damyan Ivanov <dmn@debian.org>  Sat, 01 Nov 2014 22:27:16 +0000
+
 firebird2.5 (2.5.3.26778.ds4-2) unstable; urgency=medium
 
   * fix arm64 build by uncommenting one more place where arm64 support is
diff -Nru firebird2.5-2.5.3.26778.ds4/debian/control firebird2.5-2.5.3.26778.ds4/debian/control
--- firebird2.5-2.5.3.26778.ds4/debian/control  2014-05-29 09:21:43.000000000 +0300
+++ firebird2.5-2.5.3.26778.ds4/debian/control  2014-11-02 00:27:40.000000000 +0200
@@ -19,7 +19,7 @@
  po-debconf,
  procmail,
 Build-Conflicts: autoconf2.13, automake1.4
-Standards-Version: 3.9.5
+Standards-Version: 3.9.6
 Vcs-Git: git://anonscm.debian.org/pkg-firebird/2.5.git
 Vcs-Browser: http://anonscm.debian.org/gitweb/?p=pkg-firebird/2.5.git;a=summary
 Homepage: http://firebirdsql.org/
diff -Nru firebird2.5-2.5.3.26778.ds4/debian/firebird2.5-super.postinst firebird2.5-2.5.3.26778.ds4/debian/firebird2.5-super.postinst
--- firebird2.5-2.5.3.26778.ds4/debian/firebird2.5-super.postinst       2014-06-19 08:16:56.000000000 +0300
+++ firebird2.5-2.5.3.26778.ds4/debian/firebird2.5-super.postinst       2014-11-02 00:27:06.000000000 +0200
@@ -46,6 +46,10 @@
         checkFirebirdAccount
 
         firebird_config_postinst
+
+        if [ -f "$RUN/fb_guard" ]; then
+            chmod 0660 "$RUN/fb_guard"
+        fi
     ;;
 
     *)
diff -Nru firebird2.5-2.5.3.26778.ds4/debian/patches/out/fb_guard-lock-permissions.patch firebird2.5-2.5.3.26778.ds4/debian/patches/out/fb_guard-lock-permissions.patch
--- firebird2.5-2.5.3.26778.ds4/debian/patches/out/fb_guard-lock-permissions.patch      1970-01-01 02:00:00.000000000 +0200
+++ firebird2.5-2.5.3.26778.ds4/debian/patches/out/fb_guard-lock-permissions.patch      2014-11-02 00:27:06.000000000 +0200
@@ -0,0 +1,29 @@
+Description: Tighten permissions of fbguard lock file
+ Creating a worls-writable file is a bad idea, even if it currently lives
+ in a directory restricted for read/write/use to firebird:firebird
+Author: Damyan Ivanov <dmn@debian.org>
+Forwarded: http://tracker.firebirdsql.org/browse/CORE-4595
+Bug-Debian: https://bugs.debian.org/767497
+
+--- a/src/utilities/guard/guard.cpp
++++ b/src/utilities/guard/guard.cpp
+@@ -146,7 +146,7 @@ int CLIB_ROUTINE main( int argc, char **
+       }
+ 
+       // get and set the umask for the current process
+-      const ULONG new_mask = 0000;
++      const ULONG new_mask = 0007;
+       const ULONG old_mask = umask(new_mask);
+ 
+       // exclusive lock the file
+--- a/src/utilities/guard/util.cpp
++++ b/src/utilities/guard/util.cpp
+@@ -253,7 +253,7 @@ int UTIL_ex_lock(const TEXT* file)
+       Firebird::PathName expanded_filename = fb_utils::getPrefix(fb_utils::FB_DIR_GUARD, file);
+ 
+       // file fd for the opened and locked file
+-      int fd_file = open(expanded_filename.c_str(), O_RDWR | O_CREAT, 0666);
++      int fd_file = open(expanded_filename.c_str(), O_RDWR | O_CREAT, 0660);
+       if (fd_file == -1)
+       {
+               fprintf(stderr, "Could not open %s for write\n", expanded_filename.c_str());
diff -Nru firebird2.5-2.5.3.26778.ds4/debian/patches/series firebird2.5-2.5.3.26778.ds4/debian/patches/series
--- firebird2.5-2.5.3.26778.ds4/debian/patches/series   2014-07-28 10:36:31.000000000 +0300
+++ firebird2.5-2.5.3.26778.ds4/debian/patches/series   2014-11-01 22:53:09.000000000 +0200
@@ -12,3 +12,4 @@
 link_atomic_ops.patch
 #ignore-collation-version.patch
 out/spelling.patch
+out/fb_guard-lock-permissions.patch

--- End Message ---

--- Begin Message ---

To: Damyan Ivanov <dmn@debian.org>, 768298-done@bugs.debian.org

Subject: Re: Bug#768298: unblock: firebird2.5/2.5.3.26778.ds4-3

From: Niels Thykier <niels@thykier.net>

Date: Fri, 07 Nov 2014 00:21:44 +0100

Message-id: <545C0288.6030504@thykier.net>

In-reply-to: <[🔎] 20141106104725.21991.32209.reportbug@dltp>

References: <[🔎] 20141106104725.21991.32209.reportbug@dltp>
On 2014-11-06 11:47, Damyan Ivanov wrote:
> Package: release.debian.org
> Severity: normal
> User: release.debian.org@packages.debian.org
> Usertags: unblock
> 
> Please unblock package firebird2.5
> 
> Version 2.5.3.26778.ds4-3 fixes a bug (#767497) whether a file under 
> /var/run/firebird/2.5 is created world-writable. The containing directory is 
> created with stricter permissions (0770 firebird:firebird), but still a 
> world-writable file under /var/run is quite disturbing.
> 
> unblock firebird2.5/2.5.3.26778.ds4-3
> 
> [...] 
> 
> Thanks,
>     dam
> 
> [...]
> 

Unblocked, thanks.

~Niels
--- End Message ---

Reply to:

References:
- Bug#768298: unblock: firebird2.5/2.5.3.26778.ds4-3
  - From: Damyan Ivanov <dmn@debian.org>

Prev by Date: Bug#768346: marked as done (unblock: base-files/7.10)
Next by Date: Bug#768335: marked as done (unblock: qviaggiatreno/2013.7.3-7)
Previous by thread: Bug#768298: unblock: firebird2.5/2.5.3.26778.ds4-3
Next by thread: Bug#768301: unblock: nwall/1.32+debian-4.2
Index(es):
- Date
- Thread