change permissions of /var/log/apt/term.log to 0640 (LP: #975199)

diff --git a/apt-pkg/deb/dpkgpm.cc b/apt-pkg/deb/dpkgpm.cc
index c9df41d..6cb8bc6 100644 (file)
--- a/apt-pkg/deb/dpkgpm.cc
+++ b/apt-pkg/deb/dpkgpm.cc
@@ -726,7 +726,7 @@ bool pkgDPkgPM::OpenLog()
       gr = getgrnam("adm");
       if (pw != NULL && gr != NULL)
          chown(logfile_name.c_str(), pw->pw_uid, gr->gr_gid);
-      chmod(logfile_name.c_str(), 0644);
+      chmod(logfile_name.c_str(), 0640);
       fprintf(d->term_out, "\nLog started: %s\n", timestr);
    }
 

diff --git a/debian/apt.postinst b/debian/apt.postinst
index 4d87c4e..bd814e1 100644 (file)
--- a/debian/apt.postinst
+++ b/debian/apt.postinst
@@ -21,6 +21,13 @@ case "$1" in
                rm -f $SECRING
        fi
        apt-key update
+
+        # ensure tighter permissons on the logs, see LP: #975199
+        if dpkg --compare-versions "$2" lt-nl 0.9.7.7; then
+            # ensure permissions are right
+            chmod -f 0640 /var/log/apt/term.log* || true
+        fi
+
     ;;
 
     abort-upgrade|abort-remove|abort-deconfigure)

diff --git a/debian/changelog b/debian/changelog
index a189695..42d601d 100644 (file)
--- a/debian/changelog
+++ b/debian/changelog
@@ -13,8 +13,11 @@ apt (0.9.7.7) UNRELEASED; urgency=low
     - do not do lock-step configuration for a M-A:same package if it isn't
       unpacked yet in SmartConfigure and do not unpack a M-A:same package
       again in SmartUnPack if we have already configured it (LP: #1062503)
+  
+  [ Michael Vogt ]
+  * change permissions of /var/log/apt/term.log to 0640 (LP: #975199)
 
- -- Jordi Mallach <jordi@debian.org>  Thu, 18 Oct 2012 23:30:46 +0200
+ -- Michael Vogt <mvo@debian.org>  Tue, 04 Dec 2012 15:57:01 +0100
 
 apt (0.9.7.6) unstable; urgency=low