Your message dated Mon, 24 May 2021 06:43:36 +0200 with message-id <c3135b32-7559-0b5a-3257-70c96ab4799c@debian.org> and subject line Re: Bug#989025: unblock: micro-evtd/3.4-7 has caused the Debian Bug report #989025, regarding unblock: micro-evtd/3.4-7 to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact owner@bugs.debian.org immediately.) -- 989025: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=989025 Debian Bug Tracking System Contact owner@bugs.debian.org with problems
--- Begin Message ---
- To: Debian Bug Tracking System <submit@bugs.debian.org>
- Subject: unblock: micro-evtd/3.4-7
- From: Ryan Tandy <ryan@nardis.ca>
- Date: Sun, 23 May 2021 15:42:00 -0700
- Message-id: <[🔎] 20210523224200.GA23188@t570.nardis.ca>
Package: release.debian.org Severity: normal User: release.debian.org@packages.debian.org Usertags: unblock Please unblock package micro-evtd [ Reason ]Fix micro-evtd creating its pid and status files in /var/run with world-writable permissions (#988119).[ Impact ]- The pid and status files in /var/run are mode 666, which could be a potential security issue. - micro-evtd does not stop when asked to with "/etc/init.d/micro-evtd stop", because start-stop-daemon refuses to use the insecure pid file. - Because of that, the daemon also does not restart on upgrade as it should, instead the old version remains running.[ Tests ]There are no automated tests. I manually tested the install and upgrade cases (testing→unstable).[ Risks ]The change should be trivial, but it is possible (if unlikely) that I missed some case where the umask 000 was actually needed.[ Checklist ] [✓] all changes are documented in the d/changelog [✓] I reviewed all changes and I approve them [✓] attach debdiff against the package in testing [ Other info ]The package builds a udeb. I tested an installation using a d-i daily build with the updated package included, and confirmed the corrected file permissions in the d-i environment.The issue exists already in buster (not a regression). unblock micro-evtd/3.4-7 Thank you, Ryandiff -Nru micro-evtd-3.4/debian/changelog micro-evtd-3.4/debian/changelog --- micro-evtd-3.4/debian/changelog 2021-05-03 20:22:09.000000000 -0700 +++ micro-evtd-3.4/debian/changelog 2021-05-22 00:40:17.000000000 -0700 @@ -1,3 +1,12 @@ +micro-evtd (3.4-7) unstable; urgency=medium + + [ Ryan Tandy ] + * Fix world-writable pid and status files in /var/run (Closes: #988119) + - Patch micro-evtd.c to reset umask to 022 instead of 0. + - Fix permissions on existing files on upgrade. + + -- Roger Shimizu <rosh@debian.org> Sat, 22 May 2021 16:40:17 +0900 + micro-evtd (3.4-6) unstable; urgency=medium [ Ryan Tandy ] diff -Nru micro-evtd-3.4/debian/micro-evtd.postinst micro-evtd-3.4/debian/micro-evtd.postinst --- micro-evtd-3.4/debian/micro-evtd.postinst 2021-05-03 20:22:09.000000000 -0700 +++ micro-evtd-3.4/debian/micro-evtd.postinst 2021-05-22 00:40:17.000000000 -0700 @@ -14,6 +14,18 @@ rm /usr/sbin/micro-evtd.status fi fi + + if dpkg --compare-versions "$2" lt-nl "3.4-7~"; then + # Fix permissions on the existing pid file + # so that the daemon is actually restarted + if [ -f /var/run/micro-evtd.pid ]; then + chmod 644 /var/run/micro-evtd.pid + fi + + if [ -f /var/run/micro-evtd.status ]; then + chmod 644 /var/run/micro-evtd.status + fi + fi ;; *) diff -Nru micro-evtd-3.4/debian/patches/0008-Don-t-create-world-writable-files.patch micro-evtd-3.4/debian/patches/0008-Don-t-create-world-writable-files.patch --- micro-evtd-3.4/debian/patches/0008-Don-t-create-world-writable-files.patch 1969-12-31 16:00:00.000000000 -0800 +++ micro-evtd-3.4/debian/patches/0008-Don-t-create-world-writable-files.patch 2021-05-22 00:40:17.000000000 -0700 @@ -0,0 +1,26 @@ +From: Ryan Tandy <ryan@nardis.ca> +Date: Fri, 21 May 2021 13:06:41 -0700 +Subject: Don't create world-writable files + +Set umask to 022 on startup instead of 000. + +Fixes the pid and status files being created world-writable. + +Bug-Debian: https://bugs.debian.org/988119 +--- + src/micro-evtd.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/src/micro-evtd.c b/src/micro-evtd.c +index da91549..cc05b6a 100644 +--- a/src/micro-evtd.c ++++ b/src/micro-evtd.c +@@ -1777,7 +1777,7 @@ int main(int argc, char *argv[]) + setsid(); + + /* clear file creation mask */ +- umask(0); ++ umask(022); + + // Lock out device resource + getResourceLock(); diff -Nru micro-evtd-3.4/debian/patches/series micro-evtd-3.4/debian/patches/series --- micro-evtd-3.4/debian/patches/series 2021-05-03 20:22:09.000000000 -0700 +++ micro-evtd-3.4/debian/patches/series 2021-05-22 00:40:17.000000000 -0700 @@ -5,3 +5,4 @@ 0005-Check-for-mmap-returning-MAP_FAILED.patch 0006-Match-default-temperature-configuration-to-the-confi.patch 0007-Fix-FTBFS-with-glibc-2.30.patch +0008-Don-t-create-world-writable-files.patch
--- End Message ---
--- Begin Message ---
- To: Ryan Tandy <ryan@nardis.ca>, 989025-done@bugs.debian.org
- Subject: Re: Bug#989025: unblock: micro-evtd/3.4-7
- From: Paul Gevers <elbrus@debian.org>
- Date: Mon, 24 May 2021 06:43:36 +0200
- Message-id: <c3135b32-7559-0b5a-3257-70c96ab4799c@debian.org>
- In-reply-to: <[🔎] 20210523224200.GA23188@t570.nardis.ca>
- References: <[🔎] 20210523224200.GA23188@t570.nardis.ca>
Hi Ryan On 24-05-2021 00:42, Ryan Tandy wrote: > Please unblock package micro-evtd Unblocked. PaulAttachment: OpenPGP_signature
Description: OpenPGP digital signature
--- End Message ---