Bug#531730: asterisk: astgenkey reverts to hardcoded umask (does not respect system setting)

Jonas Smedegaard dr at jones.dk
Wed Jun 3 15:58:37 UTC 2009 

Package: asterisk
Version: 1:1.6.1.0~dfsg-1
Severity: normal
Tags: patch

astgenkey as patched for Debian sanely switch temporarily to a safer
umask, but then switch to umask 0022 - which is only often, not always,
correct.

Attached patch switch back to same umask as was previously set.


 - Jonas

-- System Information:
Debian Release: squeeze/sid
  APT prefers unstable
  APT policy: (500, 'unstable')
Architecture: amd64 (x86_64)

Kernel: Linux 2.6.30-rc7-amd64 (SMP w/2 CPU cores)
Locale: LANG=da_DK.UTF-8, LC_CTYPE=da_DK.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/bash

Versions of packages asterisk depends on:
ii  adduser              3.110               add and remove users and groups
ii  asterisk-config      1:1.6.1.0~dfsg-1    Configuration files for Asterisk
ii  asterisk-sounds-main 1:1.6.1.0~dfsg-1    Core Sound files for Asterisk (Eng
ii  dahdi                1:2.2.0~rc3-1       utilities for using the DAHDI kern
ii  libasound2           1.0.20-2            shared library for ALSA applicatio
ii  libc-client2007b     8:2007b~dfsg-1.1+b1 c-client library for mail protocol
ii  libc6                2.9-13              GNU C Library: Shared libraries
ii  libcap2              1:2.16-5            support for getting/setting POSIX.
ii  libcurl3             7.19.5-1            Multi-protocol file transfer libra
ii  libexpat1            2.0.1-4             XML parsing C library - runtime li
ii  libgcc1              1:4.4.0-5           GCC support library
ii  libglib2.0-0         2.20.3-1            The GLib library of C routines
ii  libgmime-2.0-2a      2.2.22-4            MIME library
ii  libgsm1              1.0.12-1            Shared libraries for GSM speech co
ii  libiksemel3          1.2-4               C library for the Jabber IM platfo
ii  libldap-2.4-2        2.4.15-1.1          OpenLDAP libraries
ii  liblua5.1-0          5.1.4-3             Simple, extensible, embeddable pro
ii  libncurses5          5.7+20090523-1      shared libraries for terminal hand
ii  libnewt0.52          0.52.10-3           Not Erik's Windowing Toolkit - tex
ii  libogg0              1.1.3-5             Ogg Bitstream Library
ii  libopenais2          0.83-1              Standards-based cluster framework 
ii  libopenh323-1.18.0   1.18.0.dfsg-10      H.323 aka VoIP library
ii  libosptk3            3.4.2-1             OSP Toolkit shared library
ii  libpopt0             1.14-4              lib for parsing cmdline parameters
ii  libpq5               8.3.7-1             PostgreSQL C client library
ii  libpri1.4            1.4.10-1            Primary Rate ISDN specification li
ii  libpt-1.10.10        1.10.10-3           Portable Windows Library
ii  libradiusclient-ng2  0.5.6-1             Enhanced RADIUS client library
ii  libsasl2-2           2.1.23.dfsg1-1      Cyrus SASL - authentication abstra
ii  libsdl1.2debian      1.2.13-4+b1         Simple DirectMedia Layer
ii  libsnmp15            5.4.1~dfsg-12       SNMP (Simple Network Management Pr
ii  libspeex1            1.2~rc1-1           The Speex codec runtime library
ii  libspeexdsp1         1.2~rc1-1           The Speex extended runtime library
ii  libsqlite0           2.8.17-4            SQLite shared library
ii  libss7-1             1.0.2-1             Signalling System 7 (ss7) library
ii  libssl0.9.8          0.9.8k-1            SSL shared libraries
ii  libstdc++6           4.4.0-5             The GNU Standard C++ Library v3
ii  libsybdb5            0.82-5              libraries for connecting to MS SQL
ii  libtonezone2.0       1:2.2.0~rc3-1       tonezone library (runtime)
ii  libvorbis0a          1.2.0.dfsg-5        The Vorbis General Audio Compressi
ii  libvorbisenc2        1.2.0.dfsg-5        The Vorbis General Audio Compressi
ii  libvpb0              4.2.39-1            Voicetronix telephony hardware use
ii  libx11-6             2:1.2.1-1           X11 client-side library
ii  unixodbc             2.2.11-16+b1        ODBC tools libraries
ii  zlib1g               1:1.2.3.3.dfsg-13   compression library - runtime

asterisk recommends no packages.

Versions of packages asterisk suggests:
pn  asterisk-dev  <none>                     (no description available)
pn  asterisk-doc  <none>                     (no description available)
pn  asterisk-h323 <none>                     (no description available)
ii  ekiga         3.2.1~git20090515.9d0263-1 H.323 and SIP compatible VoIP clie
pn  kphone        <none>                     (no description available)
pn  ohphone       <none>                     (no description available)
pn  twinkle       <none>                     (no description available)

-- no debconf information
-------------- next part --------------
Fetch and later revert to original umask, instead of using a default.
Author: Jonas Smedegaard <dr at jones.dk>
--- a/debian/patches/astgenkey-security
+++ b/debian/patches/astgenkey-security
@@ -9,14 +9,15 @@
 
 --- a/contrib/scripts/astgenkey
 +++ b/contrib/scripts/astgenkey
-@@ -47,7 +47,10 @@ done
+@@ -47,7 +47,11 @@ done
  rm -f ${KEY}.key ${KEY}.pub
  
  echo "Generating SSL key '$KEY': "
++oldumask="`umask`"
 +umask 0077
  openssl genrsa -out ${KEY}.key ${DES3} 1024
 +[ "$(id -u)" = 0 ] && chown asterisk: ${KEY}.key
-+umask 0022
++umask $oldumask
  openssl rsa -in ${KEY}.key -pubout -out ${KEY}.pub
  
  if [ -f "${KEY}.key" ] && [ -f "${KEY}.pub" ]; then

More information about the Pkg-voip-maintainers mailing list