Ubuntu
cobbler package

Merge lp:~clint-fewbar/ubuntu/oneiric/cobbler/misc-fixes into lp:ubuntu/oneiric/cobbler

Oneiric (11.10)
misc-fixes
Merge into oneiric

Proposed by Clint Byrum on 2011-10-01

Status:

Needs review

Proposed branch:

lp:~clint-fewbar/ubuntu/oneiric/cobbler/misc-fixes

Merge into:

lp:ubuntu/oneiric/cobbler

Diff against target:

164 lines (+56/-5)

11 files modified

.pc/58_fix_egg_cache.patch/web/cobbler.wsgi (+10/-0)
.pc/applied-patches (+1/-0)
debian/changelog (+16/-0)
debian/cobbler-common.install (+0/-1)
debian/cobbler-web.dirs (+1/-0)
debian/cobbler-web.postinst (+3/-0)
debian/cobbler.postinst (+1/-0)
debian/control (+3/-3)
debian/patches/58_fix_egg_cache.patch (+19/-0)
debian/patches/series (+1/-0)
web/cobbler.wsgi (+1/-1)

To merge this branch:

bzr merge lp:~clint-fewbar/ubuntu/oneiric/cobbler/misc-fixes

Related bugs:

Bug #858860: weak default configured permissions on /etc/cobbler/users.digest	High	Fix Released
Bug #858875: a some what odd configuration in cobbler.wsgi	High	Fix Released
Bug #863738: cobbler package must depend on python-cobbler	Low	Fix Released
Bug #863755: /var/lib/cobbler/webui_sessions has insecure permissions	Undecided	Fix Released

Link a bug report

Reviewer	Date Requested	Status
Chuck Short	2011-10-01	Pending
Andres Rodriguez	2011-10-01	Pending
Review via email: mp+77771@code.launchpad.net

Description of the change

Sanity check please.. fixing some recently reported bugs. Thanks!

lp:~clint-fewbar/ubuntu/oneiric/cobbler/misc-fixes updated on 2011-10-01

51. By Clint Byrum on 2011-10-01: debian/cobbler-common.install: remove users.digest as it is
not required and contains a known password that would leave
cobblerd vulnerable if started before configuration is done.
52. By Clint Byrum on 2011-10-01: debian/cobbler-web.postinst: fix perms on webui_sessions to
be more secure (LP: #863755)

Unmerged revisions

52. By Clint Byrum on 2011-10-01: debian/cobbler-web.postinst: fix perms on webui_sessions to
be more secure (LP: #863755)
51. By Clint Byrum on 2011-10-01: debian/cobbler-common.install: remove users.digest as it is
not required and contains a known password that would leave
cobblerd vulnerable if started before configuration is done.
50. By Clint Byrum on 2011-10-01: * debian/cobbler.postinst: create users.digest mode 0600 so it
  is not world readable. (LP: #858860)
* debian/control: cobbler needs to depend on python-cobbler
  (LP: #863738)
* debian/patches/58_fix_egg_cache.patch: Do not point dangerous
  PYTHON_EGG_CACHE at world writable directory. (LP: #858875)

Preview Diff

[H/L] Next/Prev Comment, [J/K] Next/Prev File, [N/P] Next/Prev Hunk

Subscribers

People subscribed via source and target branches

to all changes:

Clint Byrum

Ubuntu branches

1	=== added directory '.pc/58_fix_egg_cache.patch'
2	=== added file '.pc/58_fix_egg_cache.patch/.timestamp'
3	=== added directory '.pc/58_fix_egg_cache.patch/web'
4	=== added file '.pc/58_fix_egg_cache.patch/web/cobbler.wsgi'
5	--- .pc/58_fix_egg_cache.patch/web/cobbler.wsgi 1970-01-01 00:00:00 +0000
6	+++ .pc/58_fix_egg_cache.patch/web/cobbler.wsgi 2011-10-01 05:41:24 +0000
7	@@ -0,0 +1,10 @@
8	+import os
9	+import sys
10	+
11	+os.environ['DJANGO_SETTINGS_MODULE'] = 'settings'
12	+os.environ['PYTHON_EGG_CACHE'] = '/tmp'
13	+sys.path.append('/usr/share/cobbler/web')
14	+sys.path.append('/usr/share/cobbler/web/cobbler_web')
15	+
16	+import django.core.handlers.wsgi
17	+application = django.core.handlers.wsgi.WSGIHandler()
18
19	=== modified file '.pc/applied-patches'
20	--- .pc/applied-patches 2011-09-01 20:08:17 +0000
21	+++ .pc/applied-patches 2011-10-01 05:41:24 +0000
22	@@ -21,3 +21,4 @@
23	55_ubuntu_branding.patch
24	56_ubuntu_arm_generate_pxe_files.patch
25	57_ubuntu_dnsmasq_domain.patch
26	+58_fix_egg_cache.patch
27
28	=== modified file 'debian/changelog'
29	--- debian/changelog 2011-09-29 23:58:08 +0000
30	+++ debian/changelog 2011-10-01 05:41:24 +0000
31	@@ -1,3 +1,19 @@
32	+cobbler (2.1.0+git20110602-0ubuntu27) UNRELEASED; urgency=low
33	+
34	+ * debian/cobbler.postinst: create users.digest mode 0600 so it
35	+ is not world readable. (LP: #858860)
36	+ * debian/control: cobbler needs to depend on python-cobbler
37	+ (LP: #863738)
38	+ * debian/patches/58_fix_egg_cache.patch: Do not point dangerous
39	+ PYTHON_EGG_CACHE at world writable directory. (LP: #858875)
40	+ * debian/cobbler-common.install: remove users.digest as it is
41	+ not required and contains a known password that would leave
42	+ cobblerd vulnerable if started before configuration is done.
43	+ * debian/cobbler-web.postinst: fix perms on webui_sessions to
44	+ be more secure (LP: #863755)
45	+
46	+ -- Clint Byrum <clint@ubuntu.com> Fri, 30 Sep 2011 22:36:46 -0700
47	+
48	cobbler (2.1.0+git20110602-0ubuntu26) oneiric; urgency=low
49
50	* debian/cobbler-ubuntu-import: Add --check-update and --remove
51
52	=== modified file 'debian/cobbler-common.install'
53	--- debian/cobbler-common.install 2011-09-08 13:01:55 +0000
54	+++ debian/cobbler-common.install 2011-10-01 05:41:24 +0000
55	@@ -4,7 +4,6 @@
56	etc/cobbler/settings
57	etc/cobbler/tftpd.template
58	etc/cobbler/users.conf
59	-etc/cobbler/users.digest
60	etc/cobbler/version
61	etc/cobbler/zone.template
62	etc/cobbler/cheetah_macros
63
64	=== modified file 'debian/cobbler-web.dirs'
65	--- debian/cobbler-web.dirs 2011-04-04 12:55:44 +0000
66	+++ debian/cobbler-web.dirs 2011-10-01 05:41:24 +0000
67	@@ -1,1 +1,2 @@
68	var/lib/cobbler/webui_sessions
69	+var/lib/cobbler/webui_cache
70
71	=== modified file 'debian/cobbler-web.postinst'
72	--- debian/cobbler-web.postinst 2011-09-06 14:11:49 +0000
73	+++ debian/cobbler-web.postinst 2011-10-01 05:41:24 +0000
74	@@ -9,6 +9,9 @@
75	ln -s /etc/cobbler/cobbler_web.conf /etc/apache2/conf.d/cobbler_web.conf
76	fi
77	chown www-data:www-data /var/lib/cobbler/webui_sessions
78	+ chmod 0700 /var/lib/cobbler/webui_sessions
79	+ chown www-data:www-data /var/lib/cobbler/webui_cache
80	+ chmod 0700 /var/lib/cobbler/webui_sessions
81	a2enmod proxy_http
82	a2enmod wsgi
83
84
85	=== modified file 'debian/cobbler.postinst'
86	--- debian/cobbler.postinst 2011-06-08 17:21:45 +0000
87	+++ debian/cobbler.postinst 2011-10-01 05:41:24 +0000
88	@@ -8,6 +8,7 @@
89	db_get cobbler/password \|\| true
90	password="$RET"
91	hash=$(printf "cobbler:Cobbler:$password" \| md5sum \| awk '{print $1}')
92	+ [ -e /etc/cobbler/users.digest ] \|\| install -o root -g root -m 0600 /dev/null /etc/cobbler/users.digest
93	htpasswd -D /etc/cobbler/users.digest "cobbler" \|\| true
94	printf "cobbler:Cobbler:$hash\n" >> /etc/cobbler/users.digest
95	hash=$(printf "$password" \| openssl passwd -1 -stdin)
96
97	=== modified file 'debian/control'
98	--- debian/control 2011-08-26 12:58:21 +0000
99	+++ debian/control 2011-10-01 05:41:24 +0000
100	@@ -74,7 +74,8 @@
101
102	Package: cobbler-common
103	Architecture: all
104	-Depends: ${misc:Depends}
105	+Depends: ${misc:Depends},
106	+ python-cobbler (= ${binary:Version})
107	Provides: ${python:Provides}
108	Description: Cobbler Install server - common files
109	Cobbler is a network install server. Cobbler supports PXE, virtualized
110	@@ -89,8 +90,7 @@
111
112	Package: cobbler-web
113	Architecture: all
114	-Depends: python-cobbler (= ${binary:Version}),
115	- cobbler-common (= ${binary:Version} ),
116	+Depends: cobbler-common (= ${binary:Version} ),
117	libapache2-mod-python,
118	libapache2-mod-wsgi,
119	ttf-ubuntu-font-family,
120
121	=== added file 'debian/patches/58_fix_egg_cache.patch'
122	--- debian/patches/58_fix_egg_cache.patch 1970-01-01 00:00:00 +0000
123	+++ debian/patches/58_fix_egg_cache.patch 2011-10-01 05:41:24 +0000
124	@@ -0,0 +1,19 @@
125	+Author: Clint Byrum <clint@ubuntu.com>
126	+Description: Changes PYTHON_EGG_CACHE to a safer path owned just by the webserver.
127	+Bug: https://fedorahosted.org/cobbler/ticket/688
128	+Bug-Ubuntu: http://pad.lv/858875
129	+Forwarded: yes
130	+
131	+Index: cobbler/web/cobbler.wsgi
132	+===================================================================
133	+--- cobbler.orig/web/cobbler.wsgi 2011-09-30 16:53:26.522621805 -0700
134	++++ cobbler/web/cobbler.wsgi 2011-09-30 17:09:53.909158191 -0700
135	+@@ -2,7 +2,7 @@
136	+ import sys
137	+
138	+ os.environ['DJANGO_SETTINGS_MODULE'] = 'settings'
139	+-os.environ['PYTHON_EGG_CACHE'] = '/tmp'
140	++os.environ['PYTHON_EGG_CACHE'] = '/var/lib/cobbler/webui_cache'
141	+ sys.path.append('/usr/share/cobbler/web')
142	+ sys.path.append('/usr/share/cobbler/web/cobbler_web')
143	+
144
145	=== modified file 'debian/patches/series'
146	--- debian/patches/series 2011-09-01 20:08:17 +0000
147	+++ debian/patches/series 2011-10-01 05:41:24 +0000
148	@@ -21,3 +21,4 @@
149	55_ubuntu_branding.patch
150	56_ubuntu_arm_generate_pxe_files.patch
151	57_ubuntu_dnsmasq_domain.patch
152	+58_fix_egg_cache.patch
153
154	=== modified file 'web/cobbler.wsgi'
155	--- web/cobbler.wsgi 2011-03-31 08:54:56 +0000
156	+++ web/cobbler.wsgi 2011-10-01 05:41:24 +0000
157	@@ -2,7 +2,7 @@
158	import sys
159
160	os.environ['DJANGO_SETTINGS_MODULE'] = 'settings'
161	-os.environ['PYTHON_EGG_CACHE'] = '/tmp'
162	+os.environ['PYTHON_EGG_CACHE'] = '/var/lib/cobbler/webui_cache'
163	sys.path.append('/usr/share/cobbler/web')
164	sys.path.append('/usr/share/cobbler/web/cobbler_web')
165

Ubuntucobbler package