Your message dated Tue, 05 Apr 2016 17:49:49 +0000
with message-id <e1anv6r-0000cd...@franck.debian.org>
and subject line Bug#819412: fixed in gitlab 8.5.8+dfsg-4
has caused the Debian Bug report #819412,
regarding gitlab: creates world-readable secrets file
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)
--
819412: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=819412
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: gitlab
Version: 8.4.3+dfsg-12
Severity: grave
Tags: security
Hello,
Somehow, part of the gitlab configuration process created a file
called /var/lib/gitlab/.gitlab_shell_secret, with a symlink from
/usr/share/gitlab-shell/.gitlab_shell_secret. I don't know its
purpose, but I would assume that it is some form of secret key.
However, the /var/lib/gitlab/.gitlab_shell_secret file is
world-readable, which is not likely to be the desired file mode. 640
would be - presumably - more appropriate.
Best wishes,
Julian
-- System Information:
Debian Release: stretch/sid
APT prefers testing
APT policy: (500, 'testing'), (500, 'stable')
Architecture: amd64 (x86_64)
Foreign Architectures: i386
Kernel: Linux 4.4.0-1-amd64 (SMP w/4 CPU cores)
Locale: LANG=en_GB.utf8, LC_CTYPE=en_GB.utf8 (charmap=UTF-8) (ignored: LC_ALL
set to en_GB.UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
Versions of packages gitlab depends on:
ii adduser 3.114
ii asciidoctor 1.5.4-1
ii bc 1.06.95-9+b1
ii bundler 1.11.2-1
ii debconf [debconf-2.0] 1.5.59
ii git 1:2.8.0~rc3-1
ii gitlab-shell 2.6.10-1
ii gitlab-workhorse 0.6.3-1
ii init-system-helpers 1.29
ii letsencrypt 0.4.1-1
ii libjs-chartjs 1.0.2-1
ii libjs-clipboard 1.4.2-1
ii libjs-fuzzaldrin-plus 0.3.1-1
ii libjs-graphael 0.5+dfsg-1
ii libjs-jquery-cookie 10-2
ii libjs-jquery-history 10-2
ii libjs-jquery-nicescroll 3.6.6-1
ii nginx 1.9.10-1
ii nginx-full [nginx] 1.9.10-1
ii nodejs 4.3.1~dfsg-3
ii postgresql 9.5+172
ii postgresql-client 9.5+172
ii postgresql-client-9.4 [postgresql-client] 9.4.6-0+deb8u1
ii postgresql-client-9.5 [postgresql-client] 9.5.1-1
ii rake 10.5.0-2
ii redis-server 2:3.0.6-1
ii ruby 1:2.3.0+1
ii ruby-ace-rails-ap 3.0.3-2
ii ruby-activerecord-deprecated-finders 1.0.4-1
ii ruby-activerecord-session-store 0.1.1-3
ii ruby-acts-as-taggable-on 3.5.0-2
ii ruby-addressable 2.3.8-1
ii ruby-after-commit-queue 1.3.0-1
ii ruby-allocations 1.0.3-1+b2
ii ruby-asana 0.4.0-1
ii ruby-attr-encrypted 1.3.4-1
ii ruby-babosa 1.0.2-1
ii ruby-bootstrap-sass 3.3.5.1-3
ii ruby-browser 1.0.1-1
ii ruby-cal-heatmap-rails 3.5.1+dfsg-1
ii ruby-carrierwave 0.10.0+gh-2
ii ruby-charlock-holmes 0.7.3+dfsg-2+b2
ii ruby-coffee-rails 4.1.0-2
ii ruby-colorize 0.7.7-1
ii ruby-connection-pool 2.2.0-1
ii ruby-creole 0.5.0-2
ii ruby-d3-rails 3.5.6+dfsg-1
ii ruby-default-value-for 3.0.1-1
ii ruby-devise 3.5.6-2
ii ruby-devise-async 0.9.0-1
ii ruby-devise-two-factor 2.0.0-1
ii ruby-diffy 3.0.6-1
ii ruby-doorkeeper 2.2.1-1
ii ruby-dropzonejs-rails 0.7.1-1
ii ruby-email-reply-parser 0.5.8-1
ii ruby-fog 1.34.0-3
ii ruby-fogbugz 0.2.1-2
ii ruby-font-awesome-rails 4.3.0.0-1
ii ruby-gemnasium-gitlab-service 0.2.6-1
ii ruby-github-linguist 4.7.2-2
ii ruby-github-markup 1.3.3+dfsg-1
ii ruby-gitlab-emoji 0.2.1-1
ii ruby-gitlab-flowdock-git-hook 1.0.1-1
ii ruby-gitlab-git 7.2.24-1
ii ruby-gollum-lib 4.1.0-3
ii ruby-gon 6.0.1-1
ii ruby-grape 0.13.0-1
ii ruby-grape-entity 0.5.0-1
ii ruby-haml-rails 0.9.0-4
ii ruby-hipchat 1.5.2-2
ii ruby-html-pipeline 1.11.0-1
ii ruby-httparty 0.13.5-1
ii ruby-influxdb 0.2.3-1
ii ruby-jquery-atwho-rails 1.3.2-2
ii ruby-jquery-rails 4.0.5-1
ii ruby-jquery-scrollto-rails 1.4.3+dfsg-1
ii ruby-jquery-turbolinks 2.1.0~dfsg-1
ii ruby-jquery-ui-rails 5.0.5-3
ii ruby-kaminari 0.16.3-1
ii ruby-mail-room 0.6.1-1
ii ruby-method-source 0.8.2-2
ii ruby-mousetrap-rails 1.4.6-5
ii ruby-nested-form 0.3.2-2
ii ruby-net-ssh 1:3.0.1-3
ii ruby-nokogiri 1.6.7.2-3
ii ruby-nprogress-rails 0.1.6.7-2
ii ruby-oauth2 1.0.0-2
ii ruby-octokit 3.8.0-1
ii ruby-omniauth 1.3.1-1
ii ruby-omniauth-azure-oauth2 0.0.6-1
ii ruby-omniauth-bitbucket 0.0.2-1
ii ruby-omniauth-cas3 1.1.3-1
ii ruby-omniauth-crowd 2.2.3-2
ii ruby-omniauth-facebook 3.0.0-1
ii ruby-omniauth-github 1.1.2-2
ii ruby-omniauth-gitlab 1.0.0-2
ii ruby-omniauth-google-oauth2 0.2.4-1
ii ruby-omniauth-kerberos 0.3.0-3
ii ruby-omniauth-ldap 1.0.5-1
ii ruby-omniauth-saml 1.5.0-1
ii ruby-omniauth-shibboleth 1.2.1-1
ii ruby-omniauth-twitter 1.2.1-1
ii ruby-org 0.9.12-1
ii ruby-paranoia 2.1.3-1
ii ruby-pg 0.18.4-1
ii ruby-rack-attack 4.3.1-1
ii ruby-rack-cors 0.4.0-1
ii ruby-rack-oauth2 1.2.1-2
ii ruby-rails 2:4.2.5.2-2
ii ruby-rails-deprecated-sanitizer 1.0.3-1
ii ruby-raphael-rails 2.1.2~dfsg-1
ii ruby-recaptcha 0.4.0-1
ii ruby-redcarpet 3.3.4-2
ii ruby-redcloth 4.2.9-5+b3
ii ruby-redis-namespace 1.5.2-3
ii ruby-redis-rails 4.0.0-1
ii ruby-request-store 1.3.0-1
ii ruby-responders 2.1.1-1
ii ruby-rouge 1.10.1-1
ii ruby-rqrcode-rails3 0.1.7-1
ii ruby-sanitize 2.1.0-2
ii ruby-sass-rails 5.0.4-1
ii ruby-seed-fu 2.3.5-1
ii ruby-select2-rails 3.5.9.3-2
ii ruby-sentry-raven 0.15.3-1
ii ruby-settingslogic 2.0.9-3
ii ruby-sidekiq 4.0.1+dfsg-2
ii ruby-sidekiq-cron 0.4.2-4
ii ruby-sinatra 1.4.7-3
ii ruby-six 0.2.0-3
ii ruby-slack-notifier 1.2.1-1
ii ruby-sprockets 3.3.0-1
ii ruby-state-machines-activerecord 0.3.0-1
ii ruby-task-list 1.0.2-2
ii ruby-tinder 1.10.1-1
ii ruby-turbolinks 2.5.3-2
ii ruby-uglifier 2.7.2-1
ii ruby-underscore-rails 1.8.2+dfsg-1
ii ruby-unf 0.1.4-1
ii ruby-unicorn-worker-killer 0.4.2-1
ii ruby-version-sorter 2.0.0+dfsg-2+b4
ii ruby-virtus 1.0.5-2
ii ruby-wikicloth 0.8.1+dfsg-3
ii ruby2.1 [ruby-interpreter] 2.1.5-4
ii ruby2.2 [ruby-interpreter] 2.2.4-1
ii ruby2.3 [ruby-interpreter] 2.3.0-5
ii unicorn 4.9.0-2+b2
gitlab recommends no packages.
gitlab suggests no packages.
-- Configuration Files:
/etc/gitlab/gitlab-debian.conf changed [not included]
/etc/gitlab/gitlab.yml changed [not included]
-- debconf information excluded
--- End Message ---
--- Begin Message ---
Source: gitlab
Source-Version: 8.5.8+dfsg-4
We believe that the bug you reported is fixed in the latest version of
gitlab, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 819...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Pirate Praveen <prav...@debian.org> (supplier of updated gitlab package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Format: 1.8
Date: Tue, 05 Apr 2016 22:55:36 +0530
Source: gitlab
Binary: gitlab
Architecture: source
Version: 8.5.8+dfsg-4
Distribution: unstable
Urgency: medium
Maintainer: Debian Ruby Extras Maintainers
<pkg-ruby-extras-maintain...@lists.alioth.debian.org>
Changed-By: Pirate Praveen <prav...@debian.org>
Description:
gitlab - git powered software platform to collaborate on code
Closes: 819412 819907
Changes:
gitlab (8.5.8+dfsg-4) unstable; urgency=medium
.
* Tighten version requirements for dependencies
* Fix permissions for uploads
* Run db:migrate when db exist
* Restrict file permissions for secret files (Closes: #819412)
* Move db to /var/lib/gitlab (fix migrations)
.
[ Libor Klepáč ]
* Create builds directory in /var/log (Closes: #819907)
Checksums-Sha1:
48fac423c2ef4a48403876377640a4c9e7b88786 2054 gitlab_8.5.8+dfsg-4.dsc
a20b55f4a6a9d0f3bd8079abe542c2f834c389c8 35888
gitlab_8.5.8+dfsg-4.debian.tar.xz
Checksums-Sha256:
4c429ee9cdd58290cb09239a3cfe292fa504119c22689754f011466020b701ee 2054
gitlab_8.5.8+dfsg-4.dsc
65e9608d90bbeaf9c5cd1a30cf870b109f0a52ce38d9403ddf9a8e6d9edac1d4 35888
gitlab_8.5.8+dfsg-4.debian.tar.xz
Files:
9653ad377326144c7ccceda9d742972b 2054 ruby optional gitlab_8.5.8+dfsg-4.dsc
5f69abd28dbaaa8f98953904232bb898 35888 ruby optional
gitlab_8.5.8+dfsg-4.debian.tar.xz
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQIcBAEBCAAGBQJXA/cBAAoJEM4fnGdFEsIqU4AP/A8Dkmk6T97/us5eDQGREZnC
wWH3RV7mxajUdha/5rngQNEdr+9T4PgxFIq9COiWsMpH3jEZA8soOxcwxTyBabWl
M3dTxSTzeY8UcyzJfWzcQ97Thz9P5ja+Trgcg5qY35miV4UwLrhluPKzhK+QuKbf
YhQ6Q8C86dfyhxMyOIvCm24Fghd1BON40wayN0enyMKhkaCvwid1Rn+DODcRHur8
yx/pKDBX/ujqzQmbp8gII8e7ZIgUSG/4thmTECy+BSxlQf+1ECnFH6lP0o6MRyWk
2gl5MYQdRNH4GMunMwkvlwJnY5AHaovHZ2pAFZo1+Qa/ovXuybhATC+325Xsx0Fs
/NNgWyZY6ifLC7mnlpjdFaCdAMdDGyMpRLXI6blKBTN5pXodzaPRJGAZgZKynLTZ
NB/GE/8OTLWFVfaGZQkFHvUaIxbcZyseXkjQfMRkdNCjzYNEhs1XwiOnWyetSCVq
7k6+rBJt+u+zJZuhRR+Mqn3AmD54pxGvbPQXrAPxHa38zM2okS5duGYM2Ca++J+z
T1+AC+qi4Ae5YScLtJQ/BKUj7B1zd7QhHL6Ce0vcchyKWT6211HWJSRLXQakq5d0
//Gx7/eRsCTIXHSASjYFgK+DlG4ZYz255RvOJhFjfdUqCTgTgEtZTN/FYGbt+fkE
KeFtYp2K3cQEdPNwL/TX
=LafS
-----END PGP SIGNATURE-----
--- End Message ---
