[Python-modules-commits] r23262 - in packages/python-keyring/trunk/debian (4 files)
sramacher at users.alioth.debian.org
sramacher at users.alioth.debian.org
Sun Jan 6 18:29:34 UTC 2013
Date: Sunday, January 6, 2013 @ 18:29:32
Author: sramacher
Revision: 23262
Importing carnil's NMU. Thanks carnil.
Added:
packages/python-keyring/trunk/debian/patches/
packages/python-keyring/trunk/debian/patches/696736-Fix-insecure-permissions-on-database-files.patch
packages/python-keyring/trunk/debian/patches/series
Modified:
packages/python-keyring/trunk/debian/changelog
Modified: packages/python-keyring/trunk/debian/changelog
===================================================================
--- packages/python-keyring/trunk/debian/changelog 2013-01-06 13:46:32 UTC (rev 23261)
+++ packages/python-keyring/trunk/debian/changelog 2013-01-06 18:29:32 UTC (rev 23262)
@@ -1,3 +1,12 @@
+python-keyring (0.9.2-1.1) unstable; urgency=low
+
+ * Non-maintainer upload.
+ * Add 696736-Fix-insecure-permissions-on-database-files.patch
+ [SECURITY]: Fix insecure permissions on database files. Fix
+ CVE-2012-5577 and CVE-2012-5578. (Closes: #696736) (LP: #1031465)
+
+ -- Salvatore Bonaccorso <carnil at debian.org> Sat, 29 Dec 2012 08:46:59 +0100
+
python-keyring (0.9.2-1) unstable; urgency=low
* New upstream release (Closes: #675379, #678682)
Added: packages/python-keyring/trunk/debian/patches/696736-Fix-insecure-permissions-on-database-files.patch
===================================================================
--- packages/python-keyring/trunk/debian/patches/696736-Fix-insecure-permissions-on-database-files.patch (rev 0)
+++ packages/python-keyring/trunk/debian/patches/696736-Fix-insecure-permissions-on-database-files.patch 2013-01-06 18:29:32 UTC (rev 23262)
@@ -0,0 +1,56 @@
+Description: set appropriate file permissions on database file.
+Bug: https://bitbucket.org/kang/python-keyring-lib/issue/67/set-go-rwx-on-keyring_passcfg
+Bug: https://bitbucket.org/kang/python-keyring-lib/issue/76/insecure-database-file-permissions
+Bug-Debian: http://bugs.debian.org/696736
+Bug-Ubuntu: https://bugs.launchpad.net/ubuntu/+source/python-keyring/+bug/1031465
+Forwarded: yes
+Author: Marc Deslauriers <marc.deslauriers at canonical.com>
+Reviewed-by: Salvatore Bonaccorso <carnil at debian.org>
+Last-Update: 2012-12-29
+
+--- a/keyring/backend.py
++++ b/keyring/backend.py
+@@ -6,6 +6,7 @@
+
+ import getpass
+ import os
++import stat
+ import sys
+ import ConfigParser
+ import base64
+@@ -406,6 +407,7 @@
+ storage_root = os.path.dirname(self.file_path)
+ if storage_root and not os.path.isdir(storage_root):
+ os.makedirs(storage_root)
++ os.chmod(storage_root, stat.S_IWRITE | stat.S_IREAD | stat.S_IEXEC)
+
+
+ class UncryptedFileKeyring(BasicFileKeyring):
+--- a/keyring/util/loc_compat.py
++++ b/keyring/util/loc_compat.py
+@@ -1,5 +1,6 @@
+ import os
+ import shutil
++import stat
+ import sys
+
+ def relocate_file(old_location, new_location):
+@@ -24,4 +25,6 @@
+ # ensure the storage path exists
+ if not os.path.isdir(os.path.dirname(new_location)):
+ os.makedirs(os.path.dirname(new_location))
++ os.chmod(os.path.dirname(new_location),
++ stat.S_IWRITE | stat.S_IREAD | stat.S_IEXEC)
+ shutil.move(old_location, new_location)
+--- a/keyring/tests/test_backend.py
++++ b/keyring/tests/test_backend.py
+@@ -343,7 +343,8 @@
+ def setUp(self):
+ super(FileKeyringTests, self).setUp()
+ self.keyring = self.init_keyring()
+- self.keyring.file_path = self.tmp_keyring_file = tempfile.mktemp()
++ self.keyring.file_path = self.tmp_keyring_file = os.path.join(
++ tempfile.mkdtemp(), "test_pass.cfg")
+
+ def tearDown(self):
+ try:
Added: packages/python-keyring/trunk/debian/patches/series
===================================================================
--- packages/python-keyring/trunk/debian/patches/series (rev 0)
+++ packages/python-keyring/trunk/debian/patches/series 2013-01-06 18:29:32 UTC (rev 23262)
@@ -0,0 +1 @@
+696736-Fix-insecure-permissions-on-database-files.patch
More information about the Python-modules-commits
mailing list