Bug#870181: stretch-pu: package bareos/16.2.4-3+deb9u1

Sun, 30 Jul 2017 12:45:43 -0700 

Package: release.debian.org
Severity: normal
Tags: stretch
User: release.debian....@packages.debian.org
Usertags: pu

Hi,

I'd like to fix three bugs in bareos for stretch:

* Fix permissions of bareos-dir logrotate config on upgrade. (Closes: #864926)

Removes executable permission for upgrades from < 15.2.2-1.

* Remove duplicate config check call in the init script.

Avoids warning when /etc/bareos/bareos-dir.conf doesn't exist.
It's harmless but might confuse admins.

* Fix file corruption when using SHA1 signature. (Closes: #869608)

Serious bug, data corruption of backups.


debdiff is attached.

Cheers,
Felix

diff --git a/debian/bareos-director.bareos-dir.init 
b/debian/bareos-director.bareos-dir.init
index 80b2878b..ec08458c 100755
--- a/debian/bareos-director.bareos-dir.init
+++ b/debian/bareos-director.bareos-dir.init
@@ -51,7 +51,6 @@ PATH=/sbin:/usr/sbin:/bin:/usr/bin
 
 checkcfg() {
    echo "Checking Configuration and Database connection ... "
-   su -s /bin/sh $DAEMON_USER -c "/usr/sbin/bareos-dir -f -t -c 
/etc/bareos/bareos-dir.conf"
    su -s /bin/sh $DAEMON_USER -c "/usr/sbin/bareos-dir -f -t"
    if [ $? -eq 0 ]; then
       return 0
diff --git a/debian/bareos-director.postinst b/debian/bareos-director.postinst
index f8086c67..a81ef414 100644
--- a/debian/bareos-director.postinst
+++ b/debian/bareos-director.postinst
@@ -38,6 +38,12 @@ case "$1" in
             /usr/lib/bareos/scripts/bareos-config apply_dbconfig_settings
         fi
         permissions
+
+        if dpkg --compare-versions "$2" lt-nl "15.2.2-1~"; then
+            if [ -e /etc/logrotate.d/bareos-dir ]; then
+                chmod -x /etc/logrotate.d/bareos-dir
+            fi
+        fi
         ;;
     abort-upgrade|abort-remove|abort-deconfigure)
         ;;
diff --git a/debian/changelog b/debian/changelog
index 2153410b..648caf28 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,13 @@
+bareos (16.2.4-3+deb9u1) stretch; urgency=medium
+
+  * Fix permissions of bareos-dir logrotate config on upgrade. (Closes: 
#864926)
+  * Remove duplicate config check call in the init script.
+    - Avoids (harmless) warning when /etc/bareos/bareos-dir.conf doesn't exist.
+  * Fix file corruption when using SHA1 signature. (Closes: #869608)
+  * Add autopkgtest for SHA1 signature.
+
+ -- Felix Geyer <fge...@debian.org>  Thu, 27 Jul 2017 20:58:49 +0200
+
 bareos (16.2.4-3) unstable; urgency=medium
 
   * Team upload.
diff --git a/debian/patches/fix-sha1-file-corruption 
b/debian/patches/fix-sha1-file-corruption
new file mode 100644
index 00000000..6bf89319
--- /dev/null
+++ b/debian/patches/fix-sha1-file-corruption
@@ -0,0 +1,29 @@
+From 49be4618319e681a4ad79fde63e984df1748938c Mon Sep 17 00:00:00 2001
+From: Joerg Steffens <joerg.steff...@bareos.com>
+Date: Wed, 26 Jul 2017 21:57:38 +0200
+Subject: [PATCH] bugfix: prevents file corruptions by SHA1
+
+Fixes a bug when using SHA1 file signatures in Bareos version compiled
+without openssl.
+
+Fixes #838: File corruption with SHA1 signature
+---
+ src/lib/sha1.c | 3 ++-
+ 1 file changed, 2 insertions(+), 1 deletion(-)
+
+diff --git a/src/lib/sha1.c b/src/lib/sha1.c
+index 9972cb2..f67c466 100644
+--- a/src/lib/sha1.c
++++ b/src/lib/sha1.c
+@@ -20,7 +20,8 @@ A million repetitions of "a"
+ #if __LITTLE_ENDIAN__
+ #define LITTLE_ENDIAN
+ #endif
+-/* #define SHA1HANDSOFF * Copies data before messing with it. */
++/* #define SHA1HANDSOFF * Copies data before messing with it. Do not modify 
original data! */
++#define SHA1HANDSOFF
+ 
+ #include "sha1.h"
+ 
+-- 
+2.7.4
diff --git a/debian/patches/series b/debian/patches/series
index 194ffd15..58aa560d 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -1,2 +1,3 @@
 dont-generate-debian-files
 disable-fstype-test
+fix-sha1-file-corruption
diff --git a/debian/tests/control b/debian/tests/control
index 712dbf5e..7ab8f964 100644
--- a/debian/tests/control
+++ b/debian/tests/control
@@ -10,6 +10,6 @@ Test-Command: test/all
 Restrictions: breaks-testbed needs-root allow-stderr
 Depends: bareos-database-sqlite3, bareos
 
-Tests: tls tls-passive
+Tests: tls tls-passive sha1
 Restrictions: breaks-testbed needs-root allow-stderr
 Depends: bareos-database-sqlite3, bareos
diff --git a/debian/tests/sha1 b/debian/tests/sha1
new file mode 100755
index 00000000..5e745e23
--- /dev/null
+++ b/debian/tests/sha1
@@ -0,0 +1,48 @@
+#!/bin/bash
+
+# stop on first error
+set -e
+
+sed -i "s#Signature = MD5.*#Signature = SHA1#" 
/etc/bareos/bareos-dir.d/fileset/SelfTest.conf
+
+echo "start testing ... "
+echo "TRAVIS_BRANCH: $TRAVIS_BRANCH"
+echo "USER: $USER"
+echo "DB: $DB"
+
+echo "--------- restarting services ----------- "
+service bareos-dir restart
+service bareos-sd restart
+service bareos-fd restart
+sleep 10
+
+echo "--------- checking services ----------- "
+service bareos-dir status
+service bareos-sd status
+service bareos-fd status
+
+
+# enable bash debug
+set -v
+
+BACKUP_TEST_FILE=/usr/sbin/bareos.test
+
+echo -e "status dir" | bconsole
+echo
+echo "---- label a volume ----"
+echo -e "label volume=testvol pool=Full" | bconsole
+echo
+echo "----- create some file to test backup / restore ----"
+dd if=/dev/urandom of=${BACKUP_TEST_FILE} bs=1024 count=1100
+echo
+echo "------ trigger backup job -----"
+echo -e "run job=backup-bareos-fd yes\rwait" | bconsole | grep "Job queued. 
JobId="
+echo "status dir" | bconsole
+echo
+echo "------ trigger restore job -----"
+echo -e "restore select current\r2\rls\rmark usr\rdone\ryes\rwait" | bconsole
+echo "status dir" | bconsole
+if ! cmp ${BACKUP_TEST_FILE} /tmp/bareos-restores/${BACKUP_TEST_FILE}; then
+  echo "Restored file is corrupted"
+  exit 1
+fi

Reply via email to