Your message dated Fri, 03 Aug 2012 03:03:01 +0000
with message-id <e1sx8ah-00034g...@franck.debian.org>
and subject line Bug#683665: fixed in openvswitch 1.4.2+git20120612-8
has caused the Debian Bug report #683665,
regarding openvswitch-pki: creates world writable directories:
/var/lib/openvswitch/pki/*ca/incoming/
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)
--
683665: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=683665
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: openvswitch-pki
Version: 1.4.2+git20120612-7
Severity: grave
Tags: security
User: debian...@lists.debian.org
Usertags: piuparts
Hi,
openvswitch-pki creates the following world writable directories during
installation:
drwx-wx-wx 2 root root 40 Aug 1 05:32
/var/lib/openvswitch/pki/controllerca/incoming
drwx-wx-wx 2 root root 40 Aug 1 05:32
/var/lib/openvswitch/pki/switchca/incoming
Even if an ordinary local user cannot list the contents of the
directory, he may correctly derive/guess filenames (unless they are
exclusively $(mktemp)) and delete and replace files in there.
I don't know how openvswitch-pki works, how it uses this directory,
what probelms could possibly arise out of this.
Andreas
--- End Message ---
--- Begin Message ---
Source: openvswitch
Source-Version: 1.4.2+git20120612-8
We believe that the bug you reported is fixed in the latest version of
openvswitch, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 683...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Ben Pfaff <pfaff...@debian.org> (supplier of updated openvswitch package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Format: 1.8
Date: Wed, 01 Aug 2012 11:20:21 -0700
Source: openvswitch
Binary: openvswitch-datapath-source openvswitch-datapath-dkms
openvswitch-common openvswitch-switch openvswitch-ipsec openvswitch-pki
openvswitch-controller openvswitch-brcompat openvswitch-dbg python-openvswitch
ovsdbmonitor openvswitch-test
Architecture: source i386 all
Version: 1.4.2+git20120612-8
Distribution: unstable
Urgency: low
Maintainer: Open vSwitch developers <d...@openvswitch.org>
Changed-By: Ben Pfaff <pfaff...@debian.org>
Description:
openvswitch-brcompat - Open vSwitch bridge compatibility support
openvswitch-common - Open vSwitch common components
openvswitch-controller - Open vSwitch controller implementation
openvswitch-datapath-dkms - Open vSwitch datapath module source - DKMS version
openvswitch-datapath-source - Open vSwitch datapath module source -
module-assistant version
openvswitch-dbg - Debug symbols for Open vSwitch packages
openvswitch-ipsec - Open vSwitch GRE-over-IPsec support
openvswitch-pki - Open vSwitch public key infrastructure dependency package
openvswitch-switch - Open vSwitch switch implementations
openvswitch-test - Open vSwitch test package
ovsdbmonitor - Open vSwitch graphical monitoring tool
python-openvswitch - Python bindings for Open vSwitch
Closes: 683665
Changes:
openvswitch (1.4.2+git20120612-8) unstable; urgency=low
.
* Apply further patches to fix bugs resulting from moving
/etc/openvswitch/conf.db to /var/lib/openvswitch in -7.
.
This required applying the following bug fix patches:
.
bug-681880-3-Make-the-location-of-the-database-separately-configu.patch
bug-681880-4-tests-Slightly-generalize-utility-function-tests.patch
bug-681880-5-util-New-function-follow_symlinks.patch
bug-681880-6-lockfile-Be-more-forgiving-about-lockfiles-for-symli.patch
bug-681880-7-ovsdb-Do-not-replace-symlinks-by-regular-files-durin.patch
bug-681880-8-Fix-a-typo-in-commit-f973f2af2.patch
bug-681880-9-dirs-dbdir-default-must-be-based-on-sysconfdir.patch
.
* debian/rules: Configure /var/lib/openvswitch as the database directory
instead of working through symlinks. (The symlinks are still created
for compatibility with people and existing software that are
accustomed to seeing the database in its original location, but the
Debian packages themselves never use the symlinks.)
.
* debian/openvswitch-switch.postrm: Also remove
/ec/openvswitch/system-id.conf and conf.db backups on purge.
.
* utilities/ovs-pki.in: Use mode 0700 instead of 0733 for
openvswitch-pki "incoming" directory, by applying
bug-683665-use-mode-700-for-pki-incoming-dir.patch. See the patch for
complete rationale. Closes: #683665. Thanks to Andreas Beckmann
<deb...@abeckmann.de> for reporting this bug.
.
* debian/openvswitch-pki.postinst: Change mode of existing "incoming"
directories to 0700 at configure time (see above).
Checksums-Sha1:
c92c3f18c36747ce13c15937bce5eb9b78de3027 2731
openvswitch_1.4.2+git20120612-8.dsc
57875b46a5931b2bfa4935bcf4f23fd73cf438dc 175866
openvswitch_1.4.2+git20120612-8.debian.tar.gz
dd0e2c86efaa6181759917b35939150aaa5890fb 564312
openvswitch-common_1.4.2+git20120612-8_i386.deb
087971fd4a3f2ab19e8ed27b700a3874b6a77f1d 1310704
openvswitch-switch_1.4.2+git20120612-8_i386.deb
7ae4d907a701b3fd21b6cdf7059b972bd43fd9cc 30918
openvswitch-ipsec_1.4.2+git20120612-8_i386.deb
76e0d5c50f9bcce9c040a55eac684b691ef306cd 195876
openvswitch-controller_1.4.2+git20120612-8_i386.deb
a0c61d201aacf01369697ed293164ceab828edfc 343600
openvswitch-brcompat_1.4.2+git20120612-8_i386.deb
96b6563d07bc583ba3f7f508984f73ba48c60438 338390
openvswitch-dbg_1.4.2+git20120612-8_i386.deb
f3143aa1ff77161ed0d40bb1ed5eaf771af17e1d 2018420
openvswitch-datapath-source_1.4.2+git20120612-8_all.deb
2b95a6c6158ac173a6e1bebcaae914e8bacda1de 1958212
openvswitch-datapath-dkms_1.4.2+git20120612-8_all.deb
18b07a639f8dde9e4ba472e2579c4126a9899e4f 24334
openvswitch-pki_1.4.2+git20120612-8_all.deb
c60d0328e9bd95315011a445a6b211cd571c8060 72494
python-openvswitch_1.4.2+git20120612-8_all.deb
3f54c53e38f917fd05f279c3dcd74100c50d1d01 46990
ovsdbmonitor_1.4.2+git20120612-8_all.deb
067f9c10e36bd049ef5b36fc34aba50a6863844f 33350
openvswitch-test_1.4.2+git20120612-8_all.deb
Checksums-Sha256:
9998d3319e10c2d347da0373d9fc78585511de8227916ab9a328c1cf47dab7f9 2731
openvswitch_1.4.2+git20120612-8.dsc
e0bd4306fac0fd68f9a99411d965cd6f8fbd648ae110fc5221d64396bab4031d 175866
openvswitch_1.4.2+git20120612-8.debian.tar.gz
6577c41066454d95df12f1b02262ec0d22403fd88e4077dbaacd70c2c95027d2 564312
openvswitch-common_1.4.2+git20120612-8_i386.deb
97fe78e4c096df76b20ed580bdabc40937e0c1a70d862517bd5675b9930ece46 1310704
openvswitch-switch_1.4.2+git20120612-8_i386.deb
011c90d4aab1820acc7996bd1e4f52745d759d88f307f71b53190c80e351f499 30918
openvswitch-ipsec_1.4.2+git20120612-8_i386.deb
9aecd80ea2c781ac883596c662cedc49045f1012afb71fa0508bd6a494c9c64c 195876
openvswitch-controller_1.4.2+git20120612-8_i386.deb
676ff6112d217542fe86bacf4932c9eeac3399661c24f10919f98a1ebb391b53 343600
openvswitch-brcompat_1.4.2+git20120612-8_i386.deb
87eba0344b03f532d5dd4924bec6d998a46f270266b0a6297b8f50cb63b71188 338390
openvswitch-dbg_1.4.2+git20120612-8_i386.deb
56f1e110aea4f5c9b27681361339aaa19efdbfd7e10ae170c2ca16c70786852c 2018420
openvswitch-datapath-source_1.4.2+git20120612-8_all.deb
32084244f56e0cddba250827b6a846a82aeb406d83577cca468d48a0dc61e2ca 1958212
openvswitch-datapath-dkms_1.4.2+git20120612-8_all.deb
e672890bc610da85e08b434ea5986e13d67985f30be39a7de19543af0107cb2c 24334
openvswitch-pki_1.4.2+git20120612-8_all.deb
59b00bede60cd911329acf0e6335493eb6bf5385767122ad6aa9fb328873f6fb 72494
python-openvswitch_1.4.2+git20120612-8_all.deb
ecdb5abdbe98e6a594aec5ff2adc80c9bc30798b44dd2d3c3b671b5d9a26e353 46990
ovsdbmonitor_1.4.2+git20120612-8_all.deb
9f97a7f4065f2fa1fdcd0a7a3dfaf9455e563890285c9d162cb5d85ddd60cf88 33350
openvswitch-test_1.4.2+git20120612-8_all.deb
Files:
90dea9682c3a2fc89ad43dfa89e50177 2731 net extra
openvswitch_1.4.2+git20120612-8.dsc
3afa7b200713a8f8b66d1d999f4f4622 175866 net extra
openvswitch_1.4.2+git20120612-8.debian.tar.gz
b8ca25c1eb5bcabc7e377ad8a8822845 564312 net extra
openvswitch-common_1.4.2+git20120612-8_i386.deb
185dafc75640f65e9ad2ebeefbde250f 1310704 net extra
openvswitch-switch_1.4.2+git20120612-8_i386.deb
709d5f791f1b8778263b71eae57f2555 30918 net extra
openvswitch-ipsec_1.4.2+git20120612-8_i386.deb
48b544c8f697e0f96fada9c57f17ae40 195876 net extra
openvswitch-controller_1.4.2+git20120612-8_i386.deb
2acc35a18f1ec467bb9ead3ab726602a 343600 net extra
openvswitch-brcompat_1.4.2+git20120612-8_i386.deb
2c68fa7f4f4dd7640dc56b953a6d2544 338390 debug extra
openvswitch-dbg_1.4.2+git20120612-8_i386.deb
bff288dbc2f07e96aa24f3b1bfbc7a86 2018420 net extra
openvswitch-datapath-source_1.4.2+git20120612-8_all.deb
cb14ace2772832a742033449d907792f 1958212 net extra
openvswitch-datapath-dkms_1.4.2+git20120612-8_all.deb
96cabffd6d33d6c1d0e5d19a31f7f537 24334 net extra
openvswitch-pki_1.4.2+git20120612-8_all.deb
1765d9a571a52194d9d5bc3ef19119fc 72494 python extra
python-openvswitch_1.4.2+git20120612-8_all.deb
9e8fac6e0c0d5336dd9e5e6dfdd8eba7 46990 utils extra
ovsdbmonitor_1.4.2+git20120612-8_all.deb
c285da473018d83034a3c5fb791b9e0d 33350 net extra
openvswitch-test_1.4.2+git20120612-8_all.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)
iQIcBAEBCAAGBQJQGyzqAAoJEIUZnejGZI6QHccQAItE0I/2/wTFrAEUZDpanL+C
QSqe+H7hx/EDtM3UsNjYjWPoAVMWB57Yh3/8Ki2sDmAQLMNgx1eIqurubg6h+mF4
tNd+svDIt5NGlpABUD2BGIVfKr3c1PjOuwPkcMj1kPO5xqeJcku3sdipOGAAx3Nf
r13AyKUqEB1NbZAzEkmZNya+ELx2uwZreCBrGoc7/5RL/Zs+vxRJzcsi24Erzh5o
2BVoJPH6GDjwGHqjawgVkB3Vzgn8DQVRrIi8H7G2eEXh2wnRWXKUFbn9us6L505Z
nuTYQky5PTjYrEToflJwJ3FUu754wmLuCzqdVosUk2cVCt5NQaJoFkO0FXN9+NGt
bo51p899t+lEBeWDeF/1Q326IBhw3lePGsTIzV/gXZbhtPCbUgsoF7US7kurTwbu
hXlZ41xAn2V08tp9HVBI8T7ZyDg78w8lJ8d6mdLXGoshxjyczFjpiijvy5Dd0f0e
mj4S+zN+ggwxvD7R3yET5NBYoP6cQn9RnBCW2FNAXNHtVNinIwlhT8KavHI3w+NW
bhhqgPbYlV5bwoLfqDSatuzzgwgAQyaqo65Z7yjiC2pAK/nVaODUi6AmBoTmldBG
GkYNxYUcG483GlTQxxhYlZw0xbUvrzEl9moH98dv0D9YLf6B7jo2RJgceZTuSXXn
F2WH2gUFhDHLsMykjN5b
=j/m4
-----END PGP SIGNATURE-----
--- End Message ---
