Debian Bug report logs - #602067
unblock: couchdb/0.11.0-2.2

Package: release.debian.org; Maintainer for release.debian.org is Debian Release Team <debian-release@lists.debian.org>;

Reported by: Serafeim Zanikolas <sez@debian.org>

Date: Mon, 1 Nov 2010 10:06:01 UTC

Severity: normal

Done: Mehdi Dogguy <mehdi@debian.org>

Bug is archived. No further changes may be made.

Toggle useless messages

View this report as an mbox folder, status mbox, maintainer mbox


Report forwarded to debian-bugs-dist@lists.debian.org, Debian Release Team <debian-release@lists.debian.org>:
Bug#602067; Package release.debian.org. (Mon, 01 Nov 2010 10:06:04 GMT) Full text and rfc822 format available.

Acknowledgement sent to Serafeim Zanikolas <sez@debian.org>:
New Bug report received and forwarded. Copy sent to Debian Release Team <debian-release@lists.debian.org>. (Mon, 01 Nov 2010 10:06:04 GMT) Full text and rfc822 format available.

Message #5 received at submit@bugs.debian.org (full text, mbox):

From: Serafeim Zanikolas <sez@debian.org>
To: submit@bugs.debian.org
Subject: unblock: couchdb/0.11.0-2.2
Date: Mon, 1 Nov 2010 11:02:01 +0100
Package: release.debian.org
User: release.debian.org@packages.debian.org
Usertags: unblock
Severity: normal

Dear release folks,

Please unblock package couchdb to allow NMU 0.11.0-2.2, which fixes #600061.

Here are the debdiff and interdiff outputs:

debdiff output:

Files in second .deb but not in first
-------------------------------------
-rw-rw----  root/root   /etc/couchdb/local.ini

Files in first .deb but not in second
-------------------------------------
-rw-r--r--  root/root   /etc/couchdb/local.ini

Control files: lines which differ (wdiff format)
------------------------------------------------
Installed-Size: [-2264-] {+2268+}
Version: [-0.11.0-2.1-] {+0.11.0-2.2+}



diff -Nurp couchdb-0.11.0.orig//debian/changelog couchdb-0.11.0/debian/changelog
--- couchdb-0.11.0.orig//debian/changelog	2010-10-30 16:06:12.000000000 +0200
+++ couchdb-0.11.0/debian/changelog	2010-10-30 16:08:21.000000000 +0200
@@ -1,3 +1,11 @@
+couchdb (0.11.0-2.2) unstable; urgency=high
+
+  * Non-maintainer upload.
+  * Apply permission settings during package build (as opposed to during
+    package installation) (Closes: #600051). Setting high urgency for RC bug.
+
+ -- Serafeim Zanikolas <sez@debian.org>  Sat, 30 Oct 2010 13:03:20 +0200
+
 couchdb (0.11.0-2.1) unstable; urgency=high
 
   * Non-maintainer upload by the Security Team.
diff -Nurp couchdb-0.11.0.orig//debian/postinst couchdb-0.11.0/debian/postinst
--- couchdb-0.11.0.orig//debian/postinst	2010-10-30 16:06:12.000000000 +0200
+++ couchdb-0.11.0/debian/postinst	2010-10-30 16:06:36.000000000 +0200
@@ -24,9 +24,6 @@ case $1 in
         chown -R couchdb:couchdb /etc/couchdb
         chown -R couchdb:couchdb /var/lib/couchdb
         chown -R couchdb:couchdb /var/log/couchdb
-        chmod -R 0770 /etc/couchdb
-        chmod -R 0770 /var/lib/couchdb
-        chmod -R 0770 /var/log/couchdb
         ;;
 esac
 
diff -Nurp couchdb-0.11.0.orig//debian/rules couchdb-0.11.0/debian/rules
--- couchdb-0.11.0.orig//debian/rules	2010-10-30 16:06:12.000000000 +0200
+++ couchdb-0.11.0/debian/rules	2010-10-30 16:07:23.000000000 +0200
@@ -35,6 +35,8 @@ common-binary-post-install-arch::
 	cp debian/binary.lintian-overrides debian/couchdb/usr/share/lintian/overrides/couchdb
 
 common-binary-predeb-arch::
+	dh_fixperms debian/couchdb/
+	chmod 660 debian/couchdb/etc/couchdb/local.ini
 	erlang-depends
 
 # @@ only works from source directory, see #494141





Information forwarded to debian-bugs-dist@lists.debian.org, Debian Release Team <debian-release@lists.debian.org>:
Bug#602067; Package release.debian.org. (Mon, 01 Nov 2010 17:48:03 GMT) Full text and rfc822 format available.

Acknowledgement sent to Julien Cristau <jcristau@debian.org>:
Extra info received and forwarded to list. Copy sent to Debian Release Team <debian-release@lists.debian.org>. (Mon, 01 Nov 2010 17:48:03 GMT) Full text and rfc822 format available.

Message #10 received at 602067@bugs.debian.org (full text, mbox):

From: Julien Cristau <jcristau@debian.org>
To: Serafeim Zanikolas <sez@debian.org>, 602067@bugs.debian.org
Subject: Re: Bug#602067: unblock: couchdb/0.11.0-2.2
Date: Mon, 1 Nov 2010 18:44:56 +0100
[Message part 1 (text/plain, inline)]
On Mon, Nov  1, 2010 at 11:02:01 +0100, Serafeim Zanikolas wrote:

> diff -Nurp couchdb-0.11.0.orig//debian/postinst couchdb-0.11.0/debian/postinst
> --- couchdb-0.11.0.orig//debian/postinst	2010-10-30 16:06:12.000000000 +0200
> +++ couchdb-0.11.0/debian/postinst	2010-10-30 16:06:36.000000000 +0200
> @@ -24,9 +24,6 @@ case $1 in
>          chown -R couchdb:couchdb /etc/couchdb
>          chown -R couchdb:couchdb /var/lib/couchdb
>          chown -R couchdb:couchdb /var/log/couchdb
> -        chmod -R 0770 /etc/couchdb
> -        chmod -R 0770 /var/lib/couchdb
> -        chmod -R 0770 /var/log/couchdb
>          ;;
>  esac
>  
This makes those 3 directories world-readable.  Is that ok (I have no
idea what perms the files in them have, or how confidential they are)?

Cheers,
Julien
[signature.asc (application/pgp-signature, inline)]

Information forwarded to debian-bugs-dist@lists.debian.org, Debian Release Team <debian-release@lists.debian.org>:
Bug#602067; Package release.debian.org. (Mon, 01 Nov 2010 19:51:03 GMT) Full text and rfc822 format available.

Acknowledgement sent to Serafeim Zanikolas <sez@debian.org>:
Extra info received and forwarded to list. Copy sent to Debian Release Team <debian-release@lists.debian.org>. (Mon, 01 Nov 2010 19:51:03 GMT) Full text and rfc822 format available.

Message #15 received at 602067@bugs.debian.org (full text, mbox):

From: Serafeim Zanikolas <sez@debian.org>
To: Julien Cristau <jcristau@debian.org>
Cc: 602067@bugs.debian.org
Subject: Re: Bug#602067: unblock: couchdb/0.11.0-2.2
Date: Mon, 1 Nov 2010 20:48:07 +0100
Hi Julien,

On Mon, Nov 01, 2010 at 06:44:56PM +0100, Julien Cristau wrote:
> This makes those 3 directories world-readable.  Is that ok (I have no
> idea what perms the files in them have, or how confidential they are)?

It's OK for /etc/couchdb, only local.ini there merits read protection
according to Raphaël:

http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=600051#5

But you've got a point about the /var dirs. Here's a revised cut -- please
confirm if ok to upload.

diff -Nurp couchdb-0.11.0.orig//debian/changelog couchdb-0.11.0/debian/changelog
--- couchdb-0.11.0.orig//debian/changelog	2010-11-01 19:47:14.000000000 +0100
+++ couchdb-0.11.0/debian/changelog	2010-11-01 20:16:06.000000000 +0100
@@ -1,3 +1,19 @@
+couchdb (0.11.0-2.3) unstable; urgency=high
+
+  * Non-maintainer upload.
+  * debian/rules: make sure /var/{lib,log}/couchdb are accessible only to
+    couchdb user and group (partial revert of previous upload).
+
+ -- Serafeim Zanikolas <sez@debian.org>  Mon, 01 Nov 2010 20:08:08 +0100
+
+couchdb (0.11.0-2.2) unstable; urgency=high
+
+  * Non-maintainer upload.
+  * Apply permission settings during package build (as opposed to during
+    package installation) (Closes: #600051). Setting high urgency for RC bug.
+
+ -- Serafeim Zanikolas <sez@debian.org>  Sat, 30 Oct 2010 13:03:20 +0200
+
 couchdb (0.11.0-2.1) unstable; urgency=high
 
   * Non-maintainer upload by the Security Team.
diff -Nurp couchdb-0.11.0.orig//debian/postinst couchdb-0.11.0/debian/postinst
--- couchdb-0.11.0.orig//debian/postinst	2010-11-01 19:47:14.000000000 +0100
+++ couchdb-0.11.0/debian/postinst	2010-11-01 19:51:04.000000000 +0100
@@ -24,9 +24,6 @@ case $1 in
         chown -R couchdb:couchdb /etc/couchdb
         chown -R couchdb:couchdb /var/lib/couchdb
         chown -R couchdb:couchdb /var/log/couchdb
-        chmod -R 0770 /etc/couchdb
-        chmod -R 0770 /var/lib/couchdb
-        chmod -R 0770 /var/log/couchdb
         ;;
 esac
 
diff -Nurp couchdb-0.11.0.orig//debian/rules couchdb-0.11.0/debian/rules
--- couchdb-0.11.0.orig//debian/rules	2010-11-01 19:47:14.000000000 +0100
+++ couchdb-0.11.0/debian/rules	2010-11-01 20:07:01.000000000 +0100
@@ -35,6 +35,10 @@ common-binary-post-install-arch::
 	cp debian/binary.lintian-overrides debian/couchdb/usr/share/lintian/overrides/couchdb
 
 common-binary-predeb-arch::
+	dh_fixperms debian/couchdb/
+	chmod 660 debian/couchdb/etc/couchdb/local.ini
+	chmod 770 debian/couchdb/var/lib/couchdb
+	chmod 770 debian/couchdb/var/log/couchdb
 	erlang-depends
 
 # @@ only works from source directory, see #494141




Information forwarded to debian-bugs-dist@lists.debian.org, Debian Release Team <debian-release@lists.debian.org>:
Bug#602067; Package release.debian.org. (Mon, 01 Nov 2010 20:15:03 GMT) Full text and rfc822 format available.

Acknowledgement sent to Julien Cristau <jcristau@debian.org>:
Extra info received and forwarded to list. Copy sent to Debian Release Team <debian-release@lists.debian.org>. (Mon, 01 Nov 2010 20:15:03 GMT) Full text and rfc822 format available.

Message #20 received at 602067@bugs.debian.org (full text, mbox):

From: Julien Cristau <jcristau@debian.org>
To: Serafeim Zanikolas <sez@debian.org>, 602067@bugs.debian.org
Subject: Re: Bug#602067: unblock: couchdb/0.11.0-2.2
Date: Mon, 1 Nov 2010 21:11:31 +0100
[Message part 1 (text/plain, inline)]
On Mon, Nov  1, 2010 at 20:48:07 +0100, Serafeim Zanikolas wrote:

> Hi Julien,
> 
> On Mon, Nov 01, 2010 at 06:44:56PM +0100, Julien Cristau wrote:
> > This makes those 3 directories world-readable.  Is that ok (I have no
> > idea what perms the files in them have, or how confidential they are)?
> 
> It's OK for /etc/couchdb, only local.ini there merits read protection
> according to Raphaël:
> 
> http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=600051#5
> 
> But you've got a point about the /var dirs. Here's a revised cut -- please
> confirm if ok to upload.
> 
ack.

Cheers,
Julien
[signature.asc (application/pgp-signature, inline)]

Information forwarded to debian-bugs-dist@lists.debian.org, Debian Release Team <debian-release@lists.debian.org>:
Bug#602067; Package release.debian.org. (Mon, 01 Nov 2010 20:15:05 GMT) Full text and rfc822 format available.

Acknowledgement sent to Julien Cristau <jcristau@debian.org>:
Extra info received and forwarded to list. Copy sent to Debian Release Team <debian-release@lists.debian.org>. (Mon, 01 Nov 2010 20:15:05 GMT) Full text and rfc822 format available.

Message #25 received at 602067@bugs.debian.org (full text, mbox):

From: Julien Cristau <jcristau@debian.org>
To: Serafeim Zanikolas <sez@debian.org>, 602067@bugs.debian.org
Subject: Re: Bug#602067: unblock: couchdb/0.11.0-2.2
Date: Mon, 1 Nov 2010 21:13:19 +0100
[Message part 1 (text/plain, inline)]
On Mon, Nov  1, 2010 at 21:11:31 +0100, Julien Cristau wrote:

> On Mon, Nov  1, 2010 at 20:48:07 +0100, Serafeim Zanikolas wrote:
> 
> > Hi Julien,
> > 
> > On Mon, Nov 01, 2010 at 06:44:56PM +0100, Julien Cristau wrote:
> > > This makes those 3 directories world-readable.  Is that ok (I have no
> > > idea what perms the files in them have, or how confidential they are)?
> > 
> > It's OK for /etc/couchdb, only local.ini there merits read protection
> > according to Raphaël:
> > 
> > http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=600051#5
> > 
> > But you've got a point about the /var dirs. Here's a revised cut -- please
> > confirm if ok to upload.
> > 
> ack.
> 
Hrm, except now there's a window where gid root has write access.  Which
it isn't supposed to have, afaik.

Cheers,
Julien
[signature.asc (application/pgp-signature, inline)]

Information forwarded to debian-bugs-dist@lists.debian.org, Debian Release Team <debian-release@lists.debian.org>:
Bug#602067; Package release.debian.org. (Mon, 01 Nov 2010 21:21:06 GMT) Full text and rfc822 format available.

Acknowledgement sent to Serafeim Zanikolas <sez@debian.org>:
Extra info received and forwarded to list. Copy sent to Debian Release Team <debian-release@lists.debian.org>. (Mon, 01 Nov 2010 21:21:06 GMT) Full text and rfc822 format available.

Message #30 received at 602067@bugs.debian.org (full text, mbox):

From: Serafeim Zanikolas <sez@debian.org>
To: Julien Cristau <jcristau@debian.org>
Cc: 602067@bugs.debian.org
Subject: Re: Bug#602067: unblock: couchdb/0.11.0-2.2
Date: Mon, 1 Nov 2010 22:18:55 +0100
On Mon, Nov 01, 2010 at 09:13:19PM +0100, Julien Cristau wrote:
[..]
> Hrm, except now there's a window where gid root has write access.  Which
> it isn't supposed to have, afaik.

Right. Will change it then to 750.

-S


couchdb (0.11.0-2.3) unstable; urgency=high

  * Non-maintainer upload.
  * debian/rules: make sure /var/{lib,log}/couchdb have permission set to 750
    (related to #600051).

 -- Serafeim Zanikolas <sez@debian.org>  Mon, 01 Nov 2010 20:08:08 +0100




Added tag(s) pending. Request was from Julien Cristau <jcristau@debian.org> to control@bugs.debian.org. (Tue, 02 Nov 2010 17:06:06 GMT) Full text and rfc822 format available.

Reply sent to Mehdi Dogguy <mehdi@debian.org>:
You have taken responsibility. (Thu, 04 Nov 2010 22:27:15 GMT) Full text and rfc822 format available.

Notification sent to Serafeim Zanikolas <sez@debian.org>:
Bug acknowledged by developer. (Thu, 04 Nov 2010 22:27:15 GMT) Full text and rfc822 format available.

Message #37 received at 602067-done@bugs.debian.org (full text, mbox):

From: Mehdi Dogguy <mehdi@debian.org>
To: Serafeim Zanikolas <sez@debian.org>, 602067-done@bugs.debian.org
Subject: Re: Bug#602067: unblock: couchdb/0.11.0-2.2
Date: Thu, 04 Nov 2010 23:20:37 +0100
On 11/01/2010 10:18 PM, Serafeim Zanikolas wrote:
> On Mon, Nov 01, 2010 at 09:13:19PM +0100, Julien Cristau wrote:
> [..]
>> Hrm, except now there's a window where gid root has write access.  Which
>> it isn't supposed to have, afaik.
> 
> Right. Will change it then to 750.
> 

Thanks for the upload. It has been finally accepted… and unblocked.

Regards,

-- 
Mehdi Dogguy مهدي الدڤي
http://dogguy.org/




Bug archived. Request was from Debbugs Internal Request <owner@bugs.debian.org> to internal_control@bugs.debian.org. (Fri, 03 Dec 2010 07:34:29 GMT) Full text and rfc822 format available.

Send a report that this bug log contains spam.


Debian bug tracking system administrator <owner@bugs.debian.org>. Last modified: Thu Apr 17 01:37:25 2014; Machine Name: beach.debian.org

Debian Bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.