Hello community, here is the log from the commit of package amanda for openSUSE:Leap:15.2 checked in at 2020-01-22 08:19:51 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Leap:15.2/amanda (Old) and /work/SRC/openSUSE:Leap:15.2/.amanda.new.26092 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "amanda" Wed Jan 22 08:19:51 2020 rev:22 rq:766097 version:3.5.1 Changes: -------- --- /work/SRC/openSUSE:Leap:15.2/amanda/amanda.changes 2020-01-15 14:46:48.321269623 +0100 +++ /work/SRC/openSUSE:Leap:15.2/.amanda.new.26092/amanda.changes 2020-01-22 08:19:52.486195360 +0100 @@ -1,0 +2,10 @@ +Tue Nov 20 15:02:51 UTC 2018 - [email protected] + +- update the list of suid binaries [bsc#1110797] + * added: ambind, ambsdtar, amgtar, amstar + * removed: amcheck, planner, dumper +- update README.SUSE and add a note about setuid binaries and the + fact that user amanda and members of the group amanda should be + considered privileged users + +------------------------------------------------------------------- ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ amanda.spec ++++++ --- /var/tmp/diff_new_pack.rE3H22/_old 2020-01-22 08:19:53.594195956 +0100 +++ /var/tmp/diff_new_pack.rE3H22/_new 2020-01-22 08:19:53.598195958 +0100 @@ -144,13 +144,14 @@ # create a list of binaries to be checked externally cat << EOF > %{buildroot}%{_libexecdir}/amanda/suidlist -%{_sbindir}/amcheck +%{_libexecdir}/amanda/ambind +%{_libexecdir}/amanda/application/ambsdtar +%{_libexecdir}/amanda/application/amgtar +%{_libexecdir}/amanda/application/amstar %{_libexecdir}/amanda/calcsize +%{_libexecdir}/amanda/killpgrp %{_libexecdir}/amanda/rundump -%{_libexecdir}/amanda/planner %{_libexecdir}/amanda/runtar -%{_libexecdir}/amanda/dumper -%{_libexecdir}/amanda/killpgrp EOF # create a symlink for amoldrecover manpage @@ -174,7 +175,7 @@ %post %if 0%{?set_permissions:1} -%set_permissions %{_sbindir}/amcheck %{_libexecdir}/amanda/calcsize %{_libexecdir}/amanda/rundump %{_libexecdir}/amanda/planner %{_libexecdir}/amanda/runtar %{_libexecdir}/amanda/dumper %{_libexecdir}/amanda/killpgrp +%set_permissions %{_libexecdir}/amanda/ambind %{_libexecdir}/amanda/application/ambsdtar %{_libexecdir}/amanda/application/amgtar %{_libexecdir}/amanda/application/amstar %{_libexecdir}/amanda/calcsize %{_libexecdir}/amanda/killpgrp %{_libexecdir}/amanda/rundump %{_libexecdir}/amanda/runtar %else %run_permissions %endif @@ -270,7 +271,7 @@ %{_sbindir}/amlabel %{_sbindir}/amoverview %{_sbindir}/amplot -%verify(not mode) %attr(0750,root,%{amanda_group}) %{_sbindir}/amcheck +%{_sbindir}/amcheck %attr(0750,amanda,%{amanda_group}) %{_sbindir}/amrecover %{_sbindir}/amreport %{_sbindir}/amrestore @@ -303,7 +304,6 @@ %{_libexecdir}/amanda/amplot.g %{_libexecdir}/amanda/amplot.gp %defattr(755,amanda,%{amanda_group}) -%{_libexecdir}/amanda/ambind %{_libexecdir}/amanda/amandad %{_libexecdir}/amanda/amdumpd %{_libexecdir}/amanda/amidxtaped @@ -330,19 +330,29 @@ %{_libexecdir}/amanda/teecount %{_libexecdir}/amanda/restore %{_libexecdir}/amanda/senddiscover +%{_libexecdir}/amanda/dumper +%{_libexecdir}/amanda/planner +%attr(0755 root root) %dir %{_libexecdir}/amanda/application/ +%{_libexecdir}/amanda/application/amlog-script +%{_libexecdir}/amanda/application/ampgsql +%{_libexecdir}/amanda/application/amrandom +%{_libexecdir}/amanda/application/amraw +%{_libexecdir}/amanda/application/amsamba +%{_libexecdir}/amanda/application/amsuntar +%{_libexecdir}/amanda/application/amzfs-sendrecv +%{_libexecdir}/amanda/application/amzfs-snapshot +%{_libexecdir}/amanda/application/script-email +%{_libexecdir}/amanda/application/script-fail +%verify(not mode) %attr(0750,root,%{amanda_group})%{_libexecdir}/amanda/ambind +%verify(not mode) %attr(0750,root,%{amanda_group})%{_libexecdir}/amanda/application/ambsdtar +%verify(not mode) %attr(0750,root,%{amanda_group})%{_libexecdir}/amanda/application/amgtar +%verify(not mode) %attr(0750,root,%{amanda_group})%{_libexecdir}/amanda/application/amstar %verify(not mode) %attr(0750,root,%{amanda_group})%{_libexecdir}/amanda/calcsize -%verify(not mode) %attr(0750,root,%{amanda_group})%{_libexecdir}/amanda/dumper %verify(not mode) %attr(0750,root,%{amanda_group})%{_libexecdir}/amanda/killpgrp -%verify(not mode) %attr(0750,root,%{amanda_group})%{_libexecdir}/amanda/planner %verify(not mode) %attr(0750,root,%{amanda_group})%{_libexecdir}/amanda/rundump %verify(not mode) %attr(0750,root,%{amanda_group})%{_libexecdir}/amanda/runtar -%dir %{_libexecdir}/amanda/application/ -%{_libexecdir}/amanda/application/* # include shared libs %dir %{_libdir}/amanda/ %{_libdir}/amanda/lib* -%check -make %{?_smp_mflags} check - %changelog ++++++ amanda-SUSE.tar.bz2 ++++++ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/README.SUSE new/README.SUSE --- old/README.SUSE 2001-11-23 12:12:48.000000000 +0100 +++ new/README.SUSE 2018-11-20 15:58:54.786491000 +0100 @@ -1,3 +1,15 @@ +README.SUSE for amanda + +IMPORTANT +--------- +We currently limit the execution of the binaries in this package to the +group amanda. Some of the binaries are setuid root. As the implementation +of these binaries is partially problematic, the user amanda and members +of the group amanda should be considered privileged users with equivalent +permissions to the root user. + +Templates +--------- Templates for the tape label printouts can be found in directory /var/lib/amanda/lbl-templ. Add a line to your amanda.conf (located in a subdirectory under /etc/amanda) in order to be able to use the
