Hi,
Thanks for the very good catch on this one. The package is ready to
upload but needs a sponsor. Would you be able to spare a bit more
time to upload the fix for me, please ? Source is dgettable from
http://mentors.debian.net/debian/pool/main/n/nullmailer/nullmailer_1.11-2.dsc
If you're busy then thanks for your valuable contribution to the package
already,
Nick Leverton
Debdiff:
diff -Nru nullmailer-1.11/debian/changelog nullmailer-1.11/debian/changelog
--- nullmailer-1.11/debian/changelog 2012-06-16 16:36:28.000000000 +0100
+++ nullmailer-1.11/debian/changelog 2012-08-11 23:55:36.000000000 +0100
@@ -1,3 +1,9 @@
+nullmailer (1:1.11-2) unstable; urgency=low
+
+ * Make 'remotes' not world-readable (Closes: #684619)
+
+ -- Nick Leverton <n...@leverton.org> Sat, 11 Aug 2012 23:54:55 +0100
+
nullmailer (1:1.11-1) unstable; urgency=low
* New upstream release
diff -Nru nullmailer-1.11/debian/postinst nullmailer-1.11/debian/postinst
--- nullmailer-1.11/debian/postinst 2012-05-16 08:25:36.000000000 +0100
+++ nullmailer-1.11/debian/postinst 2012-08-12 20:23:46.000000000 +0100
@@ -24,10 +24,14 @@
fi
db_get nullmailer/relayhost
+ # securely create nullmailer/remotes with mode 0600
+ R=$( tempfile -d /etc/nullmailer -p nullm )
echo "$RET" | sed -r -e ':a s/(\[[^]:]*):/\1=/; ta' \
-e 's/[[:space:]]*:[[:space:]]*/\n/g' \
-e ':b s/(\[[^]=]*)=/\1:/; tb' \
- -e 's/[][]//g' > /etc/nullmailer/remotes
+ -e 's/[][]//g' >> $R
+ chown mail:mail $R
+ mv $R /etc/nullmailer/remotes
db_get nullmailer/adminaddr
if [ "$RET" ]; then
--
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
