Add patch that detects and corrects unsafe permissions on ~/.nut-monitor left over from old installations during NUT-Monitor startup. (Closes: #777706)

2015-02-13 11:39:10 +13:00 · 2015-02-13 11:39:10 +13:00 · 1563b485dc
commit 1563b485dc
parent 241119d464
4 changed files with 90 additions and 1 deletions
--- a/debian/NEWS
+++ b/debian/NEWS
@ -1,3 +1,16 @@
+nut (2.7.2-2) unstable; urgency=medium
+
+ Since version 1.2 NUT-Monitor uses safer directory permissions when
+ creating ~/.nut-monitor.
+
+ NUT-Monitor will now detect a pre-1.2 settings directory on startup
+ and update its permissions.
+
+ Please note that passwords stored in NUT-Monitor prior to this change
+ may have been exposed, and it is recommended that they be reset.
+
+ -- Michael Fincham <michael.fincham@catalyst.net.nz>  Fri, 13 Feb 2015 11:57:12 +1300
+
 nut (2.6.5-1) experimental; urgency=low

  mge-shut driver has been replaced by a new implementation (newmge-shut).
--- a/debian/changelog
+++ b/debian/changelog
@ -1,5 +1,6 @@
 nut (2.7.2-2) UNRELEASED; urgency=medium

+  [ Laurent Bigonville ]
  * debian/gbp.conf: Switch to debian-jessie branch
  * debian/rules: Revert the changes made in the previous NMU, I don't think
    that dropping the .service file that late in the release cycle is a good
@ -7,7 +8,12 @@ nut (2.7.2-2) UNRELEASED; urgency=medium
  * Add wrappers that check the MODE in /etc/nut/nut.conf to avoid starting
    the daemons if nut is not configured (Closes: #747863).

- -- Laurent Bigonville <bigon@debian.org>  Sun, 25 Jan 2015 12:53:03 +0100
+  [ Michael Fincham ]
+  * Add patch that detects and corrects unsafe permissions on ~/.nut-monitor
+    left over from old installations during NUT-Monitor startup.
+    (Closes: #777706)
+
+ -- Michael Fincham <michael.fincham@catalyst.net.nz>  Fri, 13 Feb 2015 11:39:10 +1300

 nut (2.7.2-1.1) unstable; urgency=medium

--- a/debian/patches/0009-fix-favorites-permissions.patch
+++ b/debian/patches/0009-fix-favorites-permissions.patch
@ -0,0 +1,69 @@
+If a ~/.nut-monitor directory is found with insecure permissions, change them to 0700.
+--- a/scripts/python/app/NUT-Monitor
+++ b/scripts/python/app/NUT-Monitor
+@@ -29,6 +29,7 @@
+ import sys
+ import base64
+ import os, os.path
+import stat
+ import platform
+ import time
+ import threading
+@@ -44,21 +45,23 @@
+ 
+ class interface :
+ 
+-    __widgets                  = {}
+-    __callbacks                = {}
+-    __favorites                = {}
+-    __favorites_file           = None
+-    __favorites_path           = ""
+-    __fav_menu_items           = list()
+-    __window_visible           = True
+-    __glade_file               = None
+-    __connected                = False
+-    __ups_handler              = None
+-    __ups_commands             = None
+-    __ups_vars                 = None
+-    __ups_rw_vars              = None
+-    __gui_thread               = None
+-    __current_ups              = None
+    DESIRED_FAVORITES_DIRECTORY_MODE = 0700
+
+    __widgets                        = {}
+    __callbacks                      = {}
+    __favorites                      = {}
+    __favorites_file                 = None
+    __favorites_path                 = ""
+    __fav_menu_items                 = list()
+    __window_visible                 = True
+    __glade_file                     = None
+    __connected                      = False
+    __ups_handler                    = None
+    __ups_commands                   = None
+    __ups_vars                       = None
+    __ups_rw_vars                    = None
+    __gui_thread                     = None
+    __current_ups                    = None
+ 
+     def __init__( self ) :
+ 
+@@ -528,6 +531,9 @@
+             return
+ 
+         try :
+            if ( not stat.S_IMODE( os.stat( self.__favorites_path ).st_mode ) == self.DESIRED_FAVORITES_DIRECTORY_MODE ) : # unsafe pre-1.2 directory found
+                os.chmod( self.__favorites_path, self.DESIRED_FAVORITES_DIRECTORY_MODE )
+
+             conf = ConfigParser.ConfigParser()
+             conf.read( self.__favorites_file )
+             for current in conf.sections() :
+@@ -573,7 +579,7 @@
+         # If path does not exists, try to create it
+         if ( not os.path.exists( self.__favorites_file ) ) :
+             try :
+-                os.makedirs( self.__favorites_path, mode=0700 )
+                os.makedirs( self.__favorites_path, mode=self.DESIRED_FAVORITES_DIRECTORY_MODE )
+             except :
+                 self.gui_status_message( _("Error while creating configuration folder (%s)") % sys.exc_info()[1] )
+ 
--- a/debian/patches/series
+++ b/debian/patches/series
@ -4,3 +4,4 @@
 0006-ups-conf-maxretry.patch
 0007-killpower-path.patch
 0008-drop-w3c-icons.patch
+0009-fix-favorites-permissions.patch