change permissions of /var/log/apt/term.log to 0640 (LP: #975199)

diff --git a/apt-pkg/deb/dpkgpm.cc b/apt-pkg/deb/dpkgpm.cc
index c9df41d3a36a173bee5e70261d6170b5595d5ceb..6cb8bc6b61d465d90ac66d079faa5cf2fe621e65 100644 (file)
--- a/apt-pkg/deb/dpkgpm.cc
+++ b/apt-pkg/deb/dpkgpm.cc
@@ -726,7 +726,7 @@ bool pkgDPkgPM::OpenLog()
       gr = getgrnam("adm");
       if (pw != NULL && gr != NULL)
          chown(logfile_name.c_str(), pw->pw_uid, gr->gr_gid);
-      chmod(logfile_name.c_str(), 0644);
+      chmod(logfile_name.c_str(), 0640);
       fprintf(d->term_out, "\nLog started: %s\n", timestr);
    }
 

diff --git a/debian/apt.postinst b/debian/apt.postinst
index 4d87c4e256f8ab3ee936a6037a6f0b748ef53580..bd814e1afd2794176a0c9201ec6435e93edbcbcd 100644 (file)
--- a/debian/apt.postinst
+++ b/debian/apt.postinst
@@ -21,6 +21,13 @@ case "$1" in
                rm -f $SECRING
        fi
        apt-key update
+
+        # ensure tighter permissons on the logs, see LP: #975199
+        if dpkg --compare-versions "$2" lt-nl 0.9.7.7; then
+            # ensure permissions are right
+            chmod -f 0640 /var/log/apt/term.log* || true
+        fi
+
     ;;
 
     abort-upgrade|abort-remove|abort-deconfigure)

diff --git a/debian/changelog b/debian/changelog
index a189695ecae18bb2d647104553d6e4d2642d6cbf..42d601d3b2255df473fd7bd154f5443a210394a7 100644 (file)
--- a/debian/changelog
+++ b/debian/changelog
@@ -13,8 +13,11 @@ apt (0.9.7.7) UNRELEASED; urgency=low
     - do not do lock-step configuration for a M-A:same package if it isn't
       unpacked yet in SmartConfigure and do not unpack a M-A:same package
       again in SmartUnPack if we have already configured it (LP: #1062503)
+  
+  [ Michael Vogt ]
+  * change permissions of /var/log/apt/term.log to 0640 (LP: #975199)
 
- -- Jordi Mallach <jordi@debian.org>  Thu, 18 Oct 2012 23:30:46 +0200
+ -- Michael Vogt <mvo@debian.org>  Tue, 04 Dec 2012 15:57:01 +0100
 
 apt (0.9.7.6) unstable; urgency=low