[Pkg-mailman-hackers] Pkg-mailman commit - rev 303 - trunk/debian

[Hector Garcia]

Author: hector
Date: 2006-08-11 08:30:45 +0000 (Fri, 11 Aug 2006)
New Revision: 303

Modified:
   trunk/debian/changelog
   trunk/debian/postinst
Log:
Permisions on mailman/private to 570 and owners to www-data.list


Modified: trunk/debian/changelog
===================================================================
--- trunk/debian/changelog	2006-08-11 08:00:14 UTC (rev 302)
+++ trunk/debian/changelog	2006-08-11 08:30:45 UTC (rev 303)
@@ -1,5 +1,6 @@
 mailman (2.1.8-2) unstable; urgency=low
 
+  [ Thijs Kinkhorst ]
   * Add example apache.conf under /etc/mailman
     (Closes: #282460, #135148, #178543, #179253).
   * Update all man pages to be in line with current mailman functionality
@@ -9,8 +10,13 @@
   * Add watch file.
   * Add LSB dependency info to init script.
 
- -- Thijs Kinkhorst <thijs at debian.org>  Fri, 11 Aug 2006 09:58:09 +0200
+  [ Hector Garcia ]
+  * Putting permision on archive/private to 570 www-data.list to prevent
+    any user from reading private lists and taking away write access to
+    www-data. (Closes: #356877)
 
+ -- Hector Garcia <hector at debian.org>  Fri, 11 Aug 2006 10:27:25 +0200
+
 mailman (2.1.8-1) unstable; urgency=low
 
   * New upstream release

Modified: trunk/debian/postinst
===================================================================
--- trunk/debian/postinst	2006-08-11 08:00:14 UTC (rev 302)
+++ trunk/debian/postinst	2006-08-11 08:30:45 UTC (rev 303)
@@ -349,7 +349,8 @@
 
 	# fix permissions
 	find /var/lib/mailman/ -type d -print0 | xargs -r -0 chmod g+s
-	chmod o-r,o+x /var/lib/mailman/archives/private
+	chmod u-w,o-rx /var/lib/mailman/archives/private
+	chown www-data /var/lib/mailman/archives/private
 
 
 	if [ "$1" = "configure" -a "$2" != "" ] && dpkg --compare-versions "$2" lt "1.0rel"; then