Bug#806247: jessie-pu: package dbconfig-common/1.8.47+nmu3

[Paul Gevers <elbrus@debian.org>]

control: tags -1 moreinfo

On 02-01-16 20:07, Paul Gevers wrote:
> Can be done. Let me work on a proposal.

Please find attached my renewed proposal. I must admit that I didn't
know exactly how to express "greater than any version that is after the
largest wheezy point release". I suppose I could also just make that
version 1.8.47+nmu1+deb7u999" (with an arbitrary number of 9's).

Paul

diff -Nru dbconfig-common-1.8.47+nmu3/debian/changelog dbconfig-common-1.8.47+nmu3+deb8u1/debian/changelog
--- dbconfig-common-1.8.47+nmu3/debian/changelog	2014-11-02 21:48:57.000000000 +0100
+++ dbconfig-common-1.8.47+nmu3+deb8u1/debian/changelog	2016-01-03 11:19:55.000000000 +0100
@@ -1,3 +1,13 @@
+dbconfig-common (1.8.47+nmu3+deb8u1) jessie; urgency=medium
+
+  * Fix permission of PostgreSQL backup files, thanks Simon Ruderich
+    (Closes: #805638)
+  * Repair permissions of already created backups, but only when upgrading
+    from versions before this one (but not from versions after wheezy's
+    point update).
+
+ -- Paul Gevers <elbrus@debian.org>  Sun, 03 Jan 2016 11:14:55 +0100
+
 dbconfig-common (1.8.47+nmu3) unstable; urgency=low
 
   * Non-maintainer upload.
diff -Nru dbconfig-common-1.8.47+nmu3/debian/dbconfig-common.postinst dbconfig-common-1.8.47+nmu3+deb8u1/debian/dbconfig-common.postinst
--- dbconfig-common-1.8.47+nmu3/debian/dbconfig-common.postinst	2013-07-14 14:19:00.000000000 +0200
+++ dbconfig-common-1.8.47+nmu3+deb8u1/debian/dbconfig-common.postinst	2016-01-03 11:19:55.000000000 +0100
@@ -15,4 +15,18 @@
 
 dbc_write_global_config
 
+# Previously dumped databases in /var/cache/dbconfig-common/backups may
+# (depending on the local umask) be readable by everybody (bts: #805638). Limit
+# the permissions here on all files in that folder, but only if we are for the
+# first time upgrading to a fixed version:
+# jessie: 1.8.47+nmu3+deb8u1
+# wheezy: 1.8.47+nmu1+deb7u1
+# squeeze: 1.8.46+squeeze.0+lts1
+if dpkg --compare-versions "$2" lt "1.8.47+nmu3+deb8u1" && \
+        dpkg --compare-versions "$2" gt "1.8.47+nmu1+ZZZ" ; then
+    if [ -d /var/cache/dbconfig-common/backups/ ] ; then
+        find /var/cache/dbconfig-common/backups/ -type f -exec chmod 600 {} \;
+    fi
+fi
+
 #DEBHELPER#
diff -Nru dbconfig-common-1.8.47+nmu3/internal/pgsql dbconfig-common-1.8.47+nmu3+deb8u1/internal/pgsql
--- dbconfig-common-1.8.47+nmu3/internal/pgsql	2013-07-20 10:12:12.000000000 +0200
+++ dbconfig-common-1.8.47+nmu3+deb8u1/internal/pgsql	2016-01-02 21:24:34.000000000 +0100
@@ -174,14 +174,14 @@
 	local extra retval PGSSLMODE localuser _dbc_asuser dumpfile old_umask
 	dumpfile=$1
 	localuser=`_dbc_psql_local_username`
-	touch $dumpfile
-	chown $localuser $dumpfile
 	PGSSLMODE="prefer"
 	retval=0
 	_dbc_psql_cmd_setup
 	if [ "$dbc_ssl" ]; then PGSSLMODE="require"; fi
 	old_umask=`umask`
 	umask 0066
+	touch $dumpfile
+	chown $localuser $dumpfile
 	extra=`_dbc_psql_cmd_args`
 	extra="-f \"$dumpfile\" $extra"
 	_dbc_debug "su -s /bin/sh $localuser -c \"env HOME='$_dbc_pgsql_tmpdir' PGPASSFILE='$_dbc_pgsql_tmpdir/.pgpass' PGSSLMODE='$PGSSLMODE' pg_dump $extra $dbc_dbname\" 2>&1"

Attachment: signature.asc
Description: OpenPGP digital signature