[Pkg-shadow-commits] r1086 - branches/sarge/debian

Nicolas FRANCOIS nekral-guest at costa.debian.org
Wed Aug 16 16:36:54 UTC 2006 

Author: nekral-guest
Date: 2006-08-16 16:36:53 +0000 (Wed, 16 Aug 2006)
New Revision: 1086

Modified:
   branches/sarge/debian/changelog
   branches/sarge/debian/passwd.postinst
Log:
Apply the 4.0.3-31sarge9 patch.


Modified: branches/sarge/debian/changelog
===================================================================
--- branches/sarge/debian/changelog	2006-08-16 16:32:01 UTC (rev 1085)
+++ branches/sarge/debian/changelog	2006-08-16 16:36:53 UTC (rev 1086)
@@ -1,3 +1,12 @@
+shadow (1:4.0.3-31sarge9) stable; urgency=low
+
+  * passwd.postinst: On upgrades from any prior version, chmod 600 various
+    base-config and d-i log files that might contain sensative information,
+    including in some cases, passwords. Thanks to Joey Hess for the patch.
+    Closes: #356939
+
+ -- Christian Perrier <bubulle at debian.org>  Sat, 12 Aug 2006  09:23:46 +0200
+
 shadow (1:4.0.3-31sarge8) stable-security; urgency=high
 
   * SECURITY UPDATE: CVE-2006-3378: Root privilege escalation.

Modified: branches/sarge/debian/passwd.postinst
===================================================================
--- branches/sarge/debian/passwd.postinst	2006-08-16 16:32:01 UTC (rev 1085)
+++ branches/sarge/debian/passwd.postinst	2006-08-16 16:36:53 UTC (rev 1086)
@@ -10,6 +10,18 @@
 
 if test "$1" = configure
 then
+    # Fix permissions on various log files from old versions of the debian
+    # installer, some unrelated to passwd but we decided to put the fix
+    # here since there was no better place. This can safely be removed
+    # after etch is released.
+    if dpkg --compare-versions "$2" lt "1:4.0.3-31sarge6"; then
+           for log in /var/log/base-config* \
+                   $(find /var/log/debian-installer/ /var/log/installer/ -type f 2>/dev/null ); do
+               if [ -e "$log" ]; then
+                       chmod 600 "$log"
+               fi
+            done
+    fi
     rm -f /etc/pam.d/passwd.pre-upgrade 2>/dev/null
 	if ! getent group shadow | grep -q '^shadow:[^:]*:42'
 	then

More information about the Pkg-shadow-commits mailing list