[Pkg-shadow-commits] r911 - branches/sarge/debian

[Nicolas FRANCOIS]

Author: nekral-guest
Date: 2006-03-15 00:26:04 +0000 (Wed, 15 Mar 2006)
New Revision: 911

Modified:
   branches/sarge/debian/changelog
   branches/sarge/debian/passwd.postinst
Log:
Apply Joey Hess' patch for 4.0.3 (sarge)
and close #356939 in the changelog


Modified: branches/sarge/debian/changelog
===================================================================
--- branches/sarge/debian/changelog	2006-03-15 00:05:16 UTC (rev 910)
+++ branches/sarge/debian/changelog	2006-03-15 00:26:04 UTC (rev 911)
@@ -1,3 +1,11 @@
+shadow (1:4.0.3-31sarge6) stable-security; urgency=high
+
+  * passwd.postinst: On upgrades from any prior version, chmod 600 various
+    base-config and d-i log files that might contain sensative information,
+    including in some cases, passwords. CLoses: #356939
+
+ -- Joey Hess <joeyh at debian.org>  Tue, 14 Mar 2006 16:14:26 -0500
+
 shadow (1:4.0.3-31sarge5) testing-proposed-updates; urgency=high
 
   * Re-apply the debian/patches/036_CAN-2004-1001_passwd_check patch

Modified: branches/sarge/debian/passwd.postinst
===================================================================
--- branches/sarge/debian/passwd.postinst	2006-03-15 00:05:16 UTC (rev 910)
+++ branches/sarge/debian/passwd.postinst	2006-03-15 00:26:04 UTC (rev 911)
@@ -10,6 +10,19 @@
 
 if test "$1" = configure
 then
+    # Fix permissions on various log files from old versions of the debian
+    # installer, some unrelated to passwd but we decided to put the fix
+    # here since there was no better place. This can safely be removed
+    # after etch is released.
+    if dpkg --compare-versions "$2" lt "1:4.0.3-31sarge6"; then
+	    for log in /var/log/base-config* \
+		    $(find /var/log/debian-installer/ /var/log/installer/ -type f 2>/dev/null ); do
+		if [ -e "$log" ]; then
+			chmod 600 "$log"
+		fi
+            done
+    fi
+    
     rm -f /etc/pam.d/passwd.pre-upgrade 2>/dev/null
 	if ! getent group shadow | grep -q '^shadow:[^:]*:42'
 	then