Bug#806247: jessie-pu: package dbconfig-common/1.8.47+nmu3

To: 806247@bugs.debian.org
Subject: Bug#806247: jessie-pu: package dbconfig-common/1.8.47+nmu3
From: Paul Gevers <elbrus@debian.org>
Date: Fri, 04 Dec 2015 11:54:24 +0100
Message-id: <[🔎] 566170E0.2050005@debian.org>
Reply-to: Paul Gevers <elbrus@debian.org>, 806247@bugs.debian.org
In-reply-to: <20151125200211.10787.3986.reportbug@ruapehu.marsaxlokk.dhcp.io>
References: <20151125200211.10787.3986.reportbug@ruapehu.marsaxlokk.dhcp.io> <20151125200211.10787.3986.reportbug@ruapehu.marsaxlokk.dhcp.io>

On Wed, 25 Nov 2015 21:02:11 +0100 Paul Gevers <elbrus@debian.org> wrote:
> I will start to work on a proper debdiff, but I appreciate it to know if I
> should include the fixing of existing files in it.

Due to lack of a response, which I expect is due to the lack of a
debdiff, I went ahead and fixed the permissions on existing files.

Please find attached my proposed fix for jessie. The delta for wheezy is
nearly the same, minus the changelog.

Paul

diff -Nru dbconfig-common-1.8.47+nmu3/debian/changelog dbconfig-common-1.8.47+nmu3+deb8u1/debian/changelog
--- dbconfig-common-1.8.47+nmu3/debian/changelog	2014-11-02 21:48:57.000000000 +0100
+++ dbconfig-common-1.8.47+nmu3+deb8u1/debian/changelog	2015-12-03 19:56:19.000000000 +0100
@@ -1,3 +1,11 @@
+dbconfig-common (1.8.47+nmu3+deb8u1) jessie; urgency=medium
+
+  * Fix permission of PostgreSQL backup files, thanks Simon Ruderich
+    (Closes: #805638)
+  * Repair permissions of already created backups
+
+ -- Paul Gevers <elbrus@debian.org>  Thu, 03 Dec 2015 19:48:17 +0100
+
 dbconfig-common (1.8.47+nmu3) unstable; urgency=low
 
   * Non-maintainer upload.
diff -Nru dbconfig-common-1.8.47+nmu3/debian/dbconfig-common.postinst dbconfig-common-1.8.47+nmu3+deb8u1/debian/dbconfig-common.postinst
--- dbconfig-common-1.8.47+nmu3/debian/dbconfig-common.postinst	2013-07-14 14:19:00.000000000 +0200
+++ dbconfig-common-1.8.47+nmu3+deb8u1/debian/dbconfig-common.postinst	2015-12-03 20:11:07.000000000 +0100
@@ -15,4 +15,11 @@
 
 dbc_write_global_config
 
+# Previously dumped databases in /var/cache/dbconfig-common/backups may
+# (depending on the local umask) be readable by everybody (bts: #805638). Limit
+# the permissions here on all files in that folder.
+if [ -d /var/cache/dbconfig-common/backups/ ] ; then
+    find /var/cache/dbconfig-common/backups/ -type f -exec chmod 600 {} \;
+fi
+
 #DEBHELPER#
diff -Nru dbconfig-common-1.8.47+nmu3/internal/pgsql dbconfig-common-1.8.47+nmu3+deb8u1/internal/pgsql
--- dbconfig-common-1.8.47+nmu3/internal/pgsql	2013-07-20 10:12:12.000000000 +0200
+++ dbconfig-common-1.8.47+nmu3+deb8u1/internal/pgsql	2015-11-25 22:08:24.000000000 +0100
@@ -174,14 +174,14 @@
 	local extra retval PGSSLMODE localuser _dbc_asuser dumpfile old_umask
 	dumpfile=$1
 	localuser=`_dbc_psql_local_username`
-	touch $dumpfile
-	chown $localuser $dumpfile
 	PGSSLMODE="prefer"
 	retval=0
 	_dbc_psql_cmd_setup
 	if [ "$dbc_ssl" ]; then PGSSLMODE="require"; fi
 	old_umask=`umask`
 	umask 0066
+	touch $dumpfile
+	chown $localuser $dumpfile
 	extra=`_dbc_psql_cmd_args`
 	extra="-f \"$dumpfile\" $extra"
 	_dbc_debug "su -s /bin/sh $localuser -c \"env HOME='$_dbc_pgsql_tmpdir' PGPASSFILE='$_dbc_pgsql_tmpdir/.pgpass' PGSSLMODE='$PGSSLMODE' pg_dump $extra $dbc_dbname\" 2>&1"

Attachment: signature.asc
Description: OpenPGP digital signature

Reply to:

Follow-Ups:
- Bug#806247: jessie-pu: package dbconfig-common/1.8.47+nmu3
  - From: Paul Gevers <elbrus@debian.org>
- Bug#808282: wheezy-pu: package dbconfig-common/1.8.47+nmu1
  - From: Paul Gevers <elbrus@debian.org>

Prev by Date: Processed: Re: Bug#806999: transition: clamav
Next by Date: Bug#805634: jessie-pu: torbrowser-launcher/0.2.2-2~deb8u1
Previous by thread: Bug#807002: nmu: golang-golang-x-net-dev_0.0+git20151007.b846920+dfsg-1
Next by thread: Bug#806247: jessie-pu: package dbconfig-common/1.8.47+nmu3
Index(es):
- Date
- Thread