Merge lp:~clint-fewbar/ubuntu/oneiric/cobbler/misc-fixes into lp:ubuntu/oneiric/cobbler

Proposed by Clint Byrum
Status: Needs review
Proposed branch: lp:~clint-fewbar/ubuntu/oneiric/cobbler/misc-fixes
Merge into: lp:ubuntu/oneiric/cobbler
Diff against target: 164 lines (+56/-5)
11 files modified
.pc/58_fix_egg_cache.patch/web/cobbler.wsgi (+10/-0)
.pc/applied-patches (+1/-0)
debian/changelog (+16/-0)
debian/cobbler-common.install (+0/-1)
debian/cobbler-web.dirs (+1/-0)
debian/cobbler-web.postinst (+3/-0)
debian/cobbler.postinst (+1/-0)
debian/control (+3/-3)
debian/patches/58_fix_egg_cache.patch (+19/-0)
debian/patches/series (+1/-0)
web/cobbler.wsgi (+1/-1)
To merge this branch: bzr merge lp:~clint-fewbar/ubuntu/oneiric/cobbler/misc-fixes
Reviewer Review Type Date Requested Status
Chuck Short Pending
Andres Rodriguez Pending
Review via email: mp+77771@code.launchpad.net

Description of the change

Sanity check please.. fixing some recently reported bugs. Thanks!

To post a comment you must log in.
51. By Clint Byrum on 2011-10-01

debian/cobbler-common.install: remove users.digest as it is
not required and contains a known password that would leave
cobblerd vulnerable if started before configuration is done.

52. By Clint Byrum on 2011-10-01

debian/cobbler-web.postinst: fix perms on webui_sessions to
be more secure (LP: #863755)

Unmerged revisions

52. By Clint Byrum on 2011-10-01

debian/cobbler-web.postinst: fix perms on webui_sessions to
be more secure (LP: #863755)

51. By Clint Byrum on 2011-10-01

debian/cobbler-common.install: remove users.digest as it is
not required and contains a known password that would leave
cobblerd vulnerable if started before configuration is done.

50. By Clint Byrum on 2011-10-01

* debian/cobbler.postinst: create users.digest mode 0600 so it
  is not world readable. (LP: #858860)
* debian/control: cobbler needs to depend on python-cobbler
  (LP: #863738)
* debian/patches/58_fix_egg_cache.patch: Do not point dangerous
  PYTHON_EGG_CACHE at world writable directory. (LP: #858875)

Preview Diff

[H/L] Next/Prev Comment, [J/K] Next/Prev File, [N/P] Next/Prev Hunk
1=== added directory '.pc/58_fix_egg_cache.patch'
2=== added file '.pc/58_fix_egg_cache.patch/.timestamp'
3=== added directory '.pc/58_fix_egg_cache.patch/web'
4=== added file '.pc/58_fix_egg_cache.patch/web/cobbler.wsgi'
5--- .pc/58_fix_egg_cache.patch/web/cobbler.wsgi 1970-01-01 00:00:00 +0000
6+++ .pc/58_fix_egg_cache.patch/web/cobbler.wsgi 2011-10-01 05:41:24 +0000
7@@ -0,0 +1,10 @@
8+import os
9+import sys
10+
11+os.environ['DJANGO_SETTINGS_MODULE'] = 'settings'
12+os.environ['PYTHON_EGG_CACHE'] = '/tmp'
13+sys.path.append('/usr/share/cobbler/web')
14+sys.path.append('/usr/share/cobbler/web/cobbler_web')
15+
16+import django.core.handlers.wsgi
17+application = django.core.handlers.wsgi.WSGIHandler()
18
19=== modified file '.pc/applied-patches'
20--- .pc/applied-patches 2011-09-01 20:08:17 +0000
21+++ .pc/applied-patches 2011-10-01 05:41:24 +0000
22@@ -21,3 +21,4 @@
23 55_ubuntu_branding.patch
24 56_ubuntu_arm_generate_pxe_files.patch
25 57_ubuntu_dnsmasq_domain.patch
26+58_fix_egg_cache.patch
27
28=== modified file 'debian/changelog'
29--- debian/changelog 2011-09-29 23:58:08 +0000
30+++ debian/changelog 2011-10-01 05:41:24 +0000
31@@ -1,3 +1,19 @@
32+cobbler (2.1.0+git20110602-0ubuntu27) UNRELEASED; urgency=low
33+
34+ * debian/cobbler.postinst: create users.digest mode 0600 so it
35+ is not world readable. (LP: #858860)
36+ * debian/control: cobbler needs to depend on python-cobbler
37+ (LP: #863738)
38+ * debian/patches/58_fix_egg_cache.patch: Do not point dangerous
39+ PYTHON_EGG_CACHE at world writable directory. (LP: #858875)
40+ * debian/cobbler-common.install: remove users.digest as it is
41+ not required and contains a known password that would leave
42+ cobblerd vulnerable if started before configuration is done.
43+ * debian/cobbler-web.postinst: fix perms on webui_sessions to
44+ be more secure (LP: #863755)
45+
46+ -- Clint Byrum <clint@ubuntu.com> Fri, 30 Sep 2011 22:36:46 -0700
47+
48 cobbler (2.1.0+git20110602-0ubuntu26) oneiric; urgency=low
49
50 * debian/cobbler-ubuntu-import: Add --check-update and --remove
51
52=== modified file 'debian/cobbler-common.install'
53--- debian/cobbler-common.install 2011-09-08 13:01:55 +0000
54+++ debian/cobbler-common.install 2011-10-01 05:41:24 +0000
55@@ -4,7 +4,6 @@
56 etc/cobbler/settings
57 etc/cobbler/tftpd.template
58 etc/cobbler/users.conf
59-etc/cobbler/users.digest
60 etc/cobbler/version
61 etc/cobbler/zone.template
62 etc/cobbler/cheetah_macros
63
64=== modified file 'debian/cobbler-web.dirs'
65--- debian/cobbler-web.dirs 2011-04-04 12:55:44 +0000
66+++ debian/cobbler-web.dirs 2011-10-01 05:41:24 +0000
67@@ -1,1 +1,2 @@
68 var/lib/cobbler/webui_sessions
69+var/lib/cobbler/webui_cache
70
71=== modified file 'debian/cobbler-web.postinst'
72--- debian/cobbler-web.postinst 2011-09-06 14:11:49 +0000
73+++ debian/cobbler-web.postinst 2011-10-01 05:41:24 +0000
74@@ -9,6 +9,9 @@
75 ln -s /etc/cobbler/cobbler_web.conf /etc/apache2/conf.d/cobbler_web.conf
76 fi
77 chown www-data:www-data /var/lib/cobbler/webui_sessions
78+ chmod 0700 /var/lib/cobbler/webui_sessions
79+ chown www-data:www-data /var/lib/cobbler/webui_cache
80+ chmod 0700 /var/lib/cobbler/webui_sessions
81 a2enmod proxy_http
82 a2enmod wsgi
83
84
85=== modified file 'debian/cobbler.postinst'
86--- debian/cobbler.postinst 2011-06-08 17:21:45 +0000
87+++ debian/cobbler.postinst 2011-10-01 05:41:24 +0000
88@@ -8,6 +8,7 @@
89 db_get cobbler/password || true
90 password="$RET"
91 hash=$(printf "cobbler:Cobbler:$password" | md5sum | awk '{print $1}')
92+ [ -e /etc/cobbler/users.digest ] || install -o root -g root -m 0600 /dev/null /etc/cobbler/users.digest
93 htpasswd -D /etc/cobbler/users.digest "cobbler" || true
94 printf "cobbler:Cobbler:$hash\n" >> /etc/cobbler/users.digest
95 hash=$(printf "$password" | openssl passwd -1 -stdin)
96
97=== modified file 'debian/control'
98--- debian/control 2011-08-26 12:58:21 +0000
99+++ debian/control 2011-10-01 05:41:24 +0000
100@@ -74,7 +74,8 @@
101
102 Package: cobbler-common
103 Architecture: all
104-Depends: ${misc:Depends}
105+Depends: ${misc:Depends},
106+ python-cobbler (= ${binary:Version})
107 Provides: ${python:Provides}
108 Description: Cobbler Install server - common files
109 Cobbler is a network install server. Cobbler supports PXE, virtualized
110@@ -89,8 +90,7 @@
111
112 Package: cobbler-web
113 Architecture: all
114-Depends: python-cobbler (= ${binary:Version}),
115- cobbler-common (= ${binary:Version} ),
116+Depends: cobbler-common (= ${binary:Version} ),
117 libapache2-mod-python,
118 libapache2-mod-wsgi,
119 ttf-ubuntu-font-family,
120
121=== added file 'debian/patches/58_fix_egg_cache.patch'
122--- debian/patches/58_fix_egg_cache.patch 1970-01-01 00:00:00 +0000
123+++ debian/patches/58_fix_egg_cache.patch 2011-10-01 05:41:24 +0000
124@@ -0,0 +1,19 @@
125+Author: Clint Byrum <clint@ubuntu.com>
126+Description: Changes PYTHON_EGG_CACHE to a safer path owned just by the webserver.
127+Bug: https://fedorahosted.org/cobbler/ticket/688
128+Bug-Ubuntu: http://pad.lv/858875
129+Forwarded: yes
130+
131+Index: cobbler/web/cobbler.wsgi
132+===================================================================
133+--- cobbler.orig/web/cobbler.wsgi 2011-09-30 16:53:26.522621805 -0700
134++++ cobbler/web/cobbler.wsgi 2011-09-30 17:09:53.909158191 -0700
135+@@ -2,7 +2,7 @@
136+ import sys
137+
138+ os.environ['DJANGO_SETTINGS_MODULE'] = 'settings'
139+-os.environ['PYTHON_EGG_CACHE'] = '/tmp'
140++os.environ['PYTHON_EGG_CACHE'] = '/var/lib/cobbler/webui_cache'
141+ sys.path.append('/usr/share/cobbler/web')
142+ sys.path.append('/usr/share/cobbler/web/cobbler_web')
143+
144
145=== modified file 'debian/patches/series'
146--- debian/patches/series 2011-09-01 20:08:17 +0000
147+++ debian/patches/series 2011-10-01 05:41:24 +0000
148@@ -21,3 +21,4 @@
149 55_ubuntu_branding.patch
150 56_ubuntu_arm_generate_pxe_files.patch
151 57_ubuntu_dnsmasq_domain.patch
152+58_fix_egg_cache.patch
153
154=== modified file 'web/cobbler.wsgi'
155--- web/cobbler.wsgi 2011-03-31 08:54:56 +0000
156+++ web/cobbler.wsgi 2011-10-01 05:41:24 +0000
157@@ -2,7 +2,7 @@
158 import sys
159
160 os.environ['DJANGO_SETTINGS_MODULE'] = 'settings'
161-os.environ['PYTHON_EGG_CACHE'] = '/tmp'
162+os.environ['PYTHON_EGG_CACHE'] = '/var/lib/cobbler/webui_cache'
163 sys.path.append('/usr/share/cobbler/web')
164 sys.path.append('/usr/share/cobbler/web/cobbler_web')
165

Subscribers

People subscribed via source and target branches

to all changes: