[Pkg-owncloud-commits] [SCM] owncloud.git branch, master, updated. debian/4.0.1debian-2-26-g3f13bfe

Paul van Tilburg paulvt at debian.org
Sat Jun 16 11:12:18 UTC 2012 

The following commit has been merged in the master branch:
commit 60e8a8a49cb9558919ee927dfccab93865b4ffa5
Author: Paul van Tilburg <paulvt at debian.org>
Date:   Sat Jun 16 12:49:32 2012 +0200

    Added fix_config.php_mode.diff to ensure that generated config is not world-readbale

diff --git a/debian/changelog b/debian/changelog
index 3c54fc3..3d02ef4 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -8,6 +8,8 @@ owncloud (4.0.2debian-1) UNRELEASED; urgency=low
       not point to 3rdparty/ so that Archive/Tar.php from php-pear is used
       (closes: #677159).
     - Added fix_sabre_requires.diff to fix the require path for Sabre as well.
+    - Added fix_config.php_mode.diff to ensure that the generated configuration
+      is not world-readable (closes: #676131)
     - Updated 01_fix_data_path.diff for the new, real location of the
       config (/etc/owncloud).
     - Updated 05_no_app_store.diff to set the "appstoreenabled" default in
diff --git a/debian/patches/fix_config.php_mode.diff b/debian/patches/fix_config.php_mode.diff
new file mode 100644
index 0000000..1cf091d
--- /dev/null
+++ b/debian/patches/fix_config.php_mode.diff
@@ -0,0 +1,39 @@
+From: Thomas Mueller <thomas.mueller at tmit.eu>
+Date: Tue, 12 Jun 2012 23:15:44 +0200
+Subject: Ensures that the generated configuration has the right mode
+ The patch is updated for the path fixes.
+Origin: upstream, https://gitorious.org/owncloud/owncloud/commit/521294d0bf9803cb4ffdc6fb43bd9b9253fece40
+Bug: http://bugs.owncloud.org/thebuggenie/owncloud/issues/oc-987
+Bug-Debian: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=676131
+
+-- 
+ lib/config.php |    6 +++++-
+ 1 file changed, 5 insertions(+), 1 deletion(-)
+
+diff --git a/lib/config.php b/lib/config.php
+index e3a9c11..9279549 100644
+--- a/lib/config.php
++++ b/lib/config.php
+@@ -170,14 +170,18 @@ class OC_Config{
+ 		}
+ 		$content .= ");\n?>\n";
+ 
++		$filename = "/etc/owncloud/config.php";
+ 		// Write the file
+-		$result=@file_put_contents( "/etc/owncloud/config.php", $content );
++		$result=@file_put_contents( $filename, $content );
+ 		if(!$result) {
+ 			$tmpl = new OC_Template( '', 'error', 'guest' );
+ 			$tmpl->assign('errors',array(1=>array('error'=>"Can't write into config directory 'config'",'hint'=>"You can usually fix this by giving the webserver user write access to the config directory in owncloud")));
+ 			$tmpl->printPage();
+ 			exit;
+ 		}
++		// Prevent others not to read the config
++		@chmod($filename, 0640);
++
+ 		return true;
+ 	}
+ }
+-- 
+1.7.10
+
diff --git a/debian/patches/series b/debian/patches/series
index c37fa60..11f55fe 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -4,3 +4,4 @@
 05_no_app_store.diff
 fix_tar_require.diff
 fix_sabre_requires.diff
+fix_config.php_mode.diff

-- 
owncloud.git

More information about the Pkg-owncloud-commits mailing list