change permissions of /var/log/apt/term.log to 0640 (LP: #975199)

apt-pkg/deb/dpkgpm.cc

@@ -726,7 +726,7 @@ bool pkgDPkgPM::OpenLog()
       gr = getgrnam("adm");
       if (pw != NULL && gr != NULL)
 	  chown(logfile_name.c_str(), pw->pw_uid, gr->gr_gid);
-      chmod(logfile_name.c_str(), 0644);
+      chmod(logfile_name.c_str(), 0640);
       fprintf(d->term_out, "\nLog started: %s\n", timestr);
    }
 

debian/apt.postinst

@@ -21,6 +21,13 @@ case "$1" in
 		rm -f $SECRING
 	fi
 	apt-key update
+
+        # ensure tighter permissons on the logs, see LP: #975199
+        if dpkg --compare-versions "$2" lt-nl 0.9.7.7; then
+            # ensure permissions are right
+            chmod -f 0640 /var/log/apt/term.log* || true
+        fi
+
     ;;
 
     abort-upgrade|abort-remove|abort-deconfigure)

debian/changelog

@@ -13,8 +13,11 @@ apt (0.9.7.7) UNRELEASED; urgency=low
     - do not do lock-step configuration for a M-A:same package if it isn't
       unpacked yet in SmartConfigure and do not unpack a M-A:same package
       again in SmartUnPack if we have already configured it (LP: #1062503)
+  
+  [ Michael Vogt ]
+  * change permissions of /var/log/apt/term.log to 0640 (LP: #975199)
 
- -- Jordi Mallach <jordi@debian.org>  Thu, 18 Oct 2012 23:30:46 +0200
+ -- Michael Vogt <mvo@debian.org>  Tue, 04 Dec 2012 15:57:01 +0100
 
 apt (0.9.7.6) unstable; urgency=low