[Pkg-shadow-commits] r909 - branches/4.0.14-9/debian

[Nicolas FRANCOIS]

Author: nekral-guest
Date: 2006-03-14 22:53:58 +0000 (Tue, 14 Mar 2006)
New Revision: 909

Modified:
   branches/4.0.14-9/debian/changelog
   branches/4.0.14-9/debian/passwd.postinst
Log:
Apply Joey Hess' patch for 4.0.14 and
 * change 4.0.14-8 to 4.0.14-9
 * close #356939 in the changelog


Modified: branches/4.0.14-9/debian/changelog
===================================================================
--- branches/4.0.14-9/debian/changelog	2006-03-14 22:39:54 UTC (rev 908)
+++ branches/4.0.14-9/debian/changelog	2006-03-14 22:53:58 UTC (rev 909)
@@ -1,3 +1,11 @@
+shadow (1:4.0.14-9) unstable; urgency=high
+
+  * passwd.postinst: On upgrades from any prior version, chmod 600 various
+    base-config and d-i log files that might contain sensative information,
+    including in some cases, passwords. Closes: #356939
+
+ -- Joey Hess <joeyh at debian.org>  Tue, 14 Mar 2006 16:12:11 -0500
+
 shadow (1:4.0.14-7) unstable; urgency=low
 
   * The "Carré d'Aurillac" release (let's stay in Cantal)

Modified: branches/4.0.14-9/debian/passwd.postinst
===================================================================
--- branches/4.0.14-9/debian/passwd.postinst	2006-03-14 22:39:54 UTC (rev 908)
+++ branches/4.0.14-9/debian/passwd.postinst	2006-03-14 22:53:58 UTC (rev 909)
@@ -4,6 +4,19 @@
 
 case "$1" in
 configure)
+    # Fix permissions on various log files from old versions of the debian
+    # installer, some unrelated to passwd but we decided to put the fix
+    # here since there was no better place. This can safely be removed
+    # after etch is released.
+    if dpkg --compare-versions "$2" lt "1:4.0.14-9"; then
+	    for log in /var/log/base-config* \
+		    $(find /var/log/debian-installer/ /var/log/installer/ -type f 2>/dev/null ); do
+		if [ -e "$log" ]; then
+			chmod 600 "$log"
+		fi
+            done
+    fi
+
     rm -f /etc/pam.d/passwd.pre-upgrade 2>/dev/null
 	if ! getent group shadow | grep -q '^shadow:[^:]*:42'
 	then