control: tags -1 moreinfo On 02-01-16 20:07, Paul Gevers wrote: > Can be done. Let me work on a proposal.
Please find attached my renewed proposal. I must admit that I didn't know exactly how to express "greater than any version that is after the largest wheezy point release". I suppose I could also just make that version 1.8.47+nmu1+deb7u999" (with an arbitrary number of 9's). Paul
diff -Nru dbconfig-common-1.8.47+nmu3/debian/changelog
dbconfig-common-1.8.47+nmu3+deb8u1/debian/changelog
--- dbconfig-common-1.8.47+nmu3/debian/changelog 2014-11-02
21:48:57.000000000 +0100
+++ dbconfig-common-1.8.47+nmu3+deb8u1/debian/changelog 2016-01-03
11:19:55.000000000 +0100
@@ -1,3 +1,13 @@
+dbconfig-common (1.8.47+nmu3+deb8u1) jessie; urgency=medium
+
+ * Fix permission of PostgreSQL backup files, thanks Simon Ruderich
+ (Closes: #805638)
+ * Repair permissions of already created backups, but only when upgrading
+ from versions before this one (but not from versions after wheezy's
+ point update).
+
+ -- Paul Gevers <elb...@debian.org> Sun, 03 Jan 2016 11:14:55 +0100
+
dbconfig-common (1.8.47+nmu3) unstable; urgency=low
* Non-maintainer upload.
diff -Nru dbconfig-common-1.8.47+nmu3/debian/dbconfig-common.postinst
dbconfig-common-1.8.47+nmu3+deb8u1/debian/dbconfig-common.postinst
--- dbconfig-common-1.8.47+nmu3/debian/dbconfig-common.postinst 2013-07-14
14:19:00.000000000 +0200
+++ dbconfig-common-1.8.47+nmu3+deb8u1/debian/dbconfig-common.postinst
2016-01-03 11:19:55.000000000 +0100
@@ -15,4 +15,18 @@
dbc_write_global_config
+# Previously dumped databases in /var/cache/dbconfig-common/backups may
+# (depending on the local umask) be readable by everybody (bts: #805638). Limit
+# the permissions here on all files in that folder, but only if we are for the
+# first time upgrading to a fixed version:
+# jessie: 1.8.47+nmu3+deb8u1
+# wheezy: 1.8.47+nmu1+deb7u1
+# squeeze: 1.8.46+squeeze.0+lts1
+if dpkg --compare-versions "$2" lt "1.8.47+nmu3+deb8u1" && \
+ dpkg --compare-versions "$2" gt "1.8.47+nmu1+ZZZ" ; then
+ if [ -d /var/cache/dbconfig-common/backups/ ] ; then
+ find /var/cache/dbconfig-common/backups/ -type f -exec chmod 600 {} \;
+ fi
+fi
+
#DEBHELPER#
diff -Nru dbconfig-common-1.8.47+nmu3/internal/pgsql
dbconfig-common-1.8.47+nmu3+deb8u1/internal/pgsql
--- dbconfig-common-1.8.47+nmu3/internal/pgsql 2013-07-20 10:12:12.000000000
+0200
+++ dbconfig-common-1.8.47+nmu3+deb8u1/internal/pgsql 2016-01-02
21:24:34.000000000 +0100
@@ -174,14 +174,14 @@
local extra retval PGSSLMODE localuser _dbc_asuser dumpfile old_umask
dumpfile=$1
localuser=`_dbc_psql_local_username`
- touch $dumpfile
- chown $localuser $dumpfile
PGSSLMODE="prefer"
retval=0
_dbc_psql_cmd_setup
if [ "$dbc_ssl" ]; then PGSSLMODE="require"; fi
old_umask=`umask`
umask 0066
+ touch $dumpfile
+ chown $localuser $dumpfile
extra=`_dbc_psql_cmd_args`
extra="-f \"$dumpfile\" $extra"
_dbc_debug "su -s /bin/sh $localuser -c \"env HOME='$_dbc_pgsql_tmpdir'
PGPASSFILE='$_dbc_pgsql_tmpdir/.pgpass' PGSSLMODE='$PGSSLMODE' pg_dump $extra
$dbc_dbname\" 2>&1"
signature.asc
Description: OpenPGP digital signature
