--- Begin Message ---
- To: Debian Bug Tracking System <submit@bugs.debian.org>
- Subject: stretch-pu: package bareos/16.2.4-3+deb9u1
- From: Felix Geyer <fgeyer@debian.org>
- Date: Sun, 30 Jul 2017 21:41:39 +0200
- Message-id: <150144369963.21684.10918671505158042345.reportbug@callisto>
Package: release.debian.org
Severity: normal
Tags: stretch
User: release.debian.org@packages.debian.org
Usertags: pu
Hi,
I'd like to fix three bugs in bareos for stretch:
* Fix permissions of bareos-dir logrotate config on upgrade. (Closes: #864926)
Removes executable permission for upgrades from < 15.2.2-1.
* Remove duplicate config check call in the init script.
Avoids warning when /etc/bareos/bareos-dir.conf doesn't exist.
It's harmless but might confuse admins.
* Fix file corruption when using SHA1 signature. (Closes: #869608)
Serious bug, data corruption of backups.
debdiff is attached.
Cheers,
Felix
diff --git a/debian/bareos-director.bareos-dir.init b/debian/bareos-director.bareos-dir.init
index 80b2878b..ec08458c 100755
--- a/debian/bareos-director.bareos-dir.init
+++ b/debian/bareos-director.bareos-dir.init
@@ -51,7 +51,6 @@ PATH=/sbin:/usr/sbin:/bin:/usr/bin
checkcfg() {
echo "Checking Configuration and Database connection ... "
- su -s /bin/sh $DAEMON_USER -c "/usr/sbin/bareos-dir -f -t -c /etc/bareos/bareos-dir.conf"
su -s /bin/sh $DAEMON_USER -c "/usr/sbin/bareos-dir -f -t"
if [ $? -eq 0 ]; then
return 0
diff --git a/debian/bareos-director.postinst b/debian/bareos-director.postinst
index f8086c67..a81ef414 100644
--- a/debian/bareos-director.postinst
+++ b/debian/bareos-director.postinst
@@ -38,6 +38,12 @@ case "$1" in
/usr/lib/bareos/scripts/bareos-config apply_dbconfig_settings
fi
permissions
+
+ if dpkg --compare-versions "$2" lt-nl "15.2.2-1~"; then
+ if [ -e /etc/logrotate.d/bareos-dir ]; then
+ chmod -x /etc/logrotate.d/bareos-dir
+ fi
+ fi
;;
abort-upgrade|abort-remove|abort-deconfigure)
;;
diff --git a/debian/changelog b/debian/changelog
index 2153410b..648caf28 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,13 @@
+bareos (16.2.4-3+deb9u1) stretch; urgency=medium
+
+ * Fix permissions of bareos-dir logrotate config on upgrade. (Closes: #864926)
+ * Remove duplicate config check call in the init script.
+ - Avoids (harmless) warning when /etc/bareos/bareos-dir.conf doesn't exist.
+ * Fix file corruption when using SHA1 signature. (Closes: #869608)
+ * Add autopkgtest for SHA1 signature.
+
+ -- Felix Geyer <fgeyer@debian.org> Thu, 27 Jul 2017 20:58:49 +0200
+
bareos (16.2.4-3) unstable; urgency=medium
* Team upload.
diff --git a/debian/patches/fix-sha1-file-corruption b/debian/patches/fix-sha1-file-corruption
new file mode 100644
index 00000000..6bf89319
--- /dev/null
+++ b/debian/patches/fix-sha1-file-corruption
@@ -0,0 +1,29 @@
+From 49be4618319e681a4ad79fde63e984df1748938c Mon Sep 17 00:00:00 2001
+From: Joerg Steffens <joerg.steffens@bareos.com>
+Date: Wed, 26 Jul 2017 21:57:38 +0200
+Subject: [PATCH] bugfix: prevents file corruptions by SHA1
+
+Fixes a bug when using SHA1 file signatures in Bareos version compiled
+without openssl.
+
+Fixes #838: File corruption with SHA1 signature
+---
+ src/lib/sha1.c | 3 ++-
+ 1 file changed, 2 insertions(+), 1 deletion(-)
+
+diff --git a/src/lib/sha1.c b/src/lib/sha1.c
+index 9972cb2..f67c466 100644
+--- a/src/lib/sha1.c
++++ b/src/lib/sha1.c
+@@ -20,7 +20,8 @@ A million repetitions of "a"
+ #if __LITTLE_ENDIAN__
+ #define LITTLE_ENDIAN
+ #endif
+-/* #define SHA1HANDSOFF * Copies data before messing with it. */
++/* #define SHA1HANDSOFF * Copies data before messing with it. Do not modify original data! */
++#define SHA1HANDSOFF
+
+ #include "sha1.h"
+
+--
+2.7.4
diff --git a/debian/patches/series b/debian/patches/series
index 194ffd15..58aa560d 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -1,2 +1,3 @@
dont-generate-debian-files
disable-fstype-test
+fix-sha1-file-corruption
diff --git a/debian/tests/control b/debian/tests/control
index 712dbf5e..7ab8f964 100644
--- a/debian/tests/control
+++ b/debian/tests/control
@@ -10,6 +10,6 @@ Test-Command: test/all
Restrictions: breaks-testbed needs-root allow-stderr
Depends: bareos-database-sqlite3, bareos
-Tests: tls tls-passive
+Tests: tls tls-passive sha1
Restrictions: breaks-testbed needs-root allow-stderr
Depends: bareos-database-sqlite3, bareos
diff --git a/debian/tests/sha1 b/debian/tests/sha1
new file mode 100755
index 00000000..5e745e23
--- /dev/null
+++ b/debian/tests/sha1
@@ -0,0 +1,48 @@
+#!/bin/bash
+
+# stop on first error
+set -e
+
+sed -i "s#Signature = MD5.*#Signature = SHA1#" /etc/bareos/bareos-dir.d/fileset/SelfTest.conf
+
+echo "start testing ... "
+echo "TRAVIS_BRANCH: $TRAVIS_BRANCH"
+echo "USER: $USER"
+echo "DB: $DB"
+
+echo "--------- restarting services ----------- "
+service bareos-dir restart
+service bareos-sd restart
+service bareos-fd restart
+sleep 10
+
+echo "--------- checking services ----------- "
+service bareos-dir status
+service bareos-sd status
+service bareos-fd status
+
+
+# enable bash debug
+set -v
+
+BACKUP_TEST_FILE=/usr/sbin/bareos.test
+
+echo -e "status dir" | bconsole
+echo
+echo "---- label a volume ----"
+echo -e "label volume=testvol pool=Full" | bconsole
+echo
+echo "----- create some file to test backup / restore ----"
+dd if=/dev/urandom of=${BACKUP_TEST_FILE} bs=1024 count=1100
+echo
+echo "------ trigger backup job -----"
+echo -e "run job=backup-bareos-fd yes\rwait" | bconsole | grep "Job queued. JobId="
+echo "status dir" | bconsole
+echo
+echo "------ trigger restore job -----"
+echo -e "restore select current\r2\rls\rmark usr\rdone\ryes\rwait" | bconsole
+echo "status dir" | bconsole
+if ! cmp ${BACKUP_TEST_FILE} /tmp/bareos-restores/${BACKUP_TEST_FILE}; then
+ echo "Restored file is corrupted"
+ exit 1
+fi
--- End Message ---