From 1563b485dc5490a087a64f3da08cb41ebd553fa6 Mon Sep 17 00:00:00 2001 From: Michael Fincham Date: Fri, 13 Feb 2015 11:39:10 +1300 Subject: [PATCH] Add patch that detects and corrects unsafe permissions on ~/.nut-monitor left over from old installations during NUT-Monitor startup. (Closes: #777706) --- debian/NEWS | 13 ++++ debian/changelog | 8 ++- .../0009-fix-favorites-permissions.patch | 69 +++++++++++++++++++ debian/patches/series | 1 + 4 files changed, 90 insertions(+), 1 deletion(-) create mode 100644 debian/patches/0009-fix-favorites-permissions.patch diff --git a/debian/NEWS b/debian/NEWS index e42605c..53ca695 100644 --- a/debian/NEWS +++ b/debian/NEWS @@ -1,3 +1,16 @@ +nut (2.7.2-2) unstable; urgency=medium + + Since version 1.2 NUT-Monitor uses safer directory permissions when + creating ~/.nut-monitor. + + NUT-Monitor will now detect a pre-1.2 settings directory on startup + and update its permissions. + + Please note that passwords stored in NUT-Monitor prior to this change + may have been exposed, and it is recommended that they be reset. + + -- Michael Fincham Fri, 13 Feb 2015 11:57:12 +1300 + nut (2.6.5-1) experimental; urgency=low mge-shut driver has been replaced by a new implementation (newmge-shut). diff --git a/debian/changelog b/debian/changelog index acd59b2..8332b74 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,5 +1,6 @@ nut (2.7.2-2) UNRELEASED; urgency=medium + [ Laurent Bigonville ] * debian/gbp.conf: Switch to debian-jessie branch * debian/rules: Revert the changes made in the previous NMU, I don't think that dropping the .service file that late in the release cycle is a good @@ -7,7 +8,12 @@ nut (2.7.2-2) UNRELEASED; urgency=medium * Add wrappers that check the MODE in /etc/nut/nut.conf to avoid starting the daemons if nut is not configured (Closes: #747863). - -- Laurent Bigonville Sun, 25 Jan 2015 12:53:03 +0100 + [ Michael Fincham ] + * Add patch that detects and corrects unsafe permissions on ~/.nut-monitor + left over from old installations during NUT-Monitor startup. + (Closes: #777706) + + -- Michael Fincham Fri, 13 Feb 2015 11:39:10 +1300 nut (2.7.2-1.1) unstable; urgency=medium diff --git a/debian/patches/0009-fix-favorites-permissions.patch b/debian/patches/0009-fix-favorites-permissions.patch new file mode 100644 index 0000000..7128250 --- /dev/null +++ b/debian/patches/0009-fix-favorites-permissions.patch @@ -0,0 +1,69 @@ +If a ~/.nut-monitor directory is found with insecure permissions, change them to 0700. +--- a/scripts/python/app/NUT-Monitor ++++ b/scripts/python/app/NUT-Monitor +@@ -29,6 +29,7 @@ + import sys + import base64 + import os, os.path ++import stat + import platform + import time + import threading +@@ -44,21 +45,23 @@ + + class interface : + +- __widgets = {} +- __callbacks = {} +- __favorites = {} +- __favorites_file = None +- __favorites_path = "" +- __fav_menu_items = list() +- __window_visible = True +- __glade_file = None +- __connected = False +- __ups_handler = None +- __ups_commands = None +- __ups_vars = None +- __ups_rw_vars = None +- __gui_thread = None +- __current_ups = None ++ DESIRED_FAVORITES_DIRECTORY_MODE = 0700 ++ ++ __widgets = {} ++ __callbacks = {} ++ __favorites = {} ++ __favorites_file = None ++ __favorites_path = "" ++ __fav_menu_items = list() ++ __window_visible = True ++ __glade_file = None ++ __connected = False ++ __ups_handler = None ++ __ups_commands = None ++ __ups_vars = None ++ __ups_rw_vars = None ++ __gui_thread = None ++ __current_ups = None + + def __init__( self ) : + +@@ -528,6 +531,9 @@ + return + + try : ++ if ( not stat.S_IMODE( os.stat( self.__favorites_path ).st_mode ) == self.DESIRED_FAVORITES_DIRECTORY_MODE ) : # unsafe pre-1.2 directory found ++ os.chmod( self.__favorites_path, self.DESIRED_FAVORITES_DIRECTORY_MODE ) ++ + conf = ConfigParser.ConfigParser() + conf.read( self.__favorites_file ) + for current in conf.sections() : +@@ -573,7 +579,7 @@ + # If path does not exists, try to create it + if ( not os.path.exists( self.__favorites_file ) ) : + try : +- os.makedirs( self.__favorites_path, mode=0700 ) ++ os.makedirs( self.__favorites_path, mode=self.DESIRED_FAVORITES_DIRECTORY_MODE ) + except : + self.gui_status_message( _("Error while creating configuration folder (%s)") % sys.exc_info()[1] ) + diff --git a/debian/patches/series b/debian/patches/series index 5046408..fbaa314 100644 --- a/debian/patches/series +++ b/debian/patches/series @@ -4,3 +4,4 @@ 0006-ups-conf-maxretry.patch 0007-killpower-path.patch 0008-drop-w3c-icons.patch +0009-fix-favorites-permissions.patch