Package: release.debian.org
Severity: normal
Tags: stretch
User: release.debian@packages.debian.org
Usertags: pu
Hi,
I'd like to fix three bugs in bareos for stretch:
* Fix permissions of bareos-dir logrotate config on upgrade. (Closes: #864926)
Removes executable permission for upgrades from < 15.2.2-1.
* Remove duplicate config check call in the init script.
Avoids warning when /etc/bareos/bareos-dir.conf doesn't exist.
It's harmless but might confuse admins.
* Fix file corruption when using SHA1 signature. (Closes: #869608)
Serious bug, data corruption of backups.
debdiff is attached.
Cheers,
Felix
diff --git a/debian/bareos-director.bareos-dir.init
b/debian/bareos-director.bareos-dir.init
index 80b2878b..ec08458c 100755
--- a/debian/bareos-director.bareos-dir.init
+++ b/debian/bareos-director.bareos-dir.init
@@ -51,7 +51,6 @@ PATH=/sbin:/usr/sbin:/bin:/usr/bin
checkcfg() {
echo "Checking Configuration and Database connection ... "
- su -s /bin/sh $DAEMON_USER -c "/usr/sbin/bareos-dir -f -t -c
/etc/bareos/bareos-dir.conf"
su -s /bin/sh $DAEMON_USER -c "/usr/sbin/bareos-dir -f -t"
if [ $? -eq 0 ]; then
return 0
diff --git a/debian/bareos-director.postinst b/debian/bareos-director.postinst
index f8086c67..a81ef414 100644
--- a/debian/bareos-director.postinst
+++ b/debian/bareos-director.postinst
@@ -38,6 +38,12 @@ case "$1" in
/usr/lib/bareos/scripts/bareos-config apply_dbconfig_settings
fi
permissions
+
+if dpkg --compare-versions "$2" lt-nl "15.2.2-1~"; then
+if [ -e /etc/logrotate.d/bareos-dir ]; then
+chmod -x /etc/logrotate.d/bareos-dir
+fi
+fi
;;
abort-upgrade|abort-remove|abort-deconfigure)
;;
diff --git a/debian/changelog b/debian/changelog
index 2153410b..648caf28 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,13 @@
+bareos (16.2.4-3+deb9u1) stretch; urgency=medium
+
+ * Fix permissions of bareos-dir logrotate config on upgrade. (Closes:
#864926)
+ * Remove duplicate config check call in the init script.
+- Avoids (harmless) warning when /etc/bareos/bareos-dir.conf doesn't exist.
+ * Fix file corruption when using SHA1 signature. (Closes: #869608)
+ * Add autopkgtest for SHA1 signature.
+
+ -- Felix Geyer Thu, 27 Jul 2017 20:58:49 +0200
+
bareos (16.2.4-3) unstable; urgency=medium
* Team upload.
diff --git a/debian/patches/fix-sha1-file-corruption
b/debian/patches/fix-sha1-file-corruption
new file mode 100644
index ..6bf89319
--- /dev/null
+++ b/debian/patches/fix-sha1-file-corruption
@@ -0,0 +1,29 @@
+From 49be4618319e681a4ad79fde63e984df1748938c Mon Sep 17 00:00:00 2001
+From: Joerg Steffens
+Date: Wed, 26 Jul 2017 21:57:38 +0200
+Subject: [PATCH] bugfix: prevents file corruptions by SHA1
+
+Fixes a bug when using SHA1 file signatures in Bareos version compiled
+without openssl.
+
+Fixes #838: File corruption with SHA1 signature
+---
+ src/lib/sha1.c | 3 ++-
+ 1 file changed, 2 insertions(+), 1 deletion(-)
+
+diff --git a/src/lib/sha1.c b/src/lib/sha1.c
+index 9972cb2..f67c466 100644
+--- a/src/lib/sha1.c
b/src/lib/sha1.c
+@@ -20,7 +20,8 @@ A million repetitions of "a"
+ #if __LITTLE_ENDIAN__
+ #define LITTLE_ENDIAN
+ #endif
+-/* #define SHA1HANDSOFF * Copies data before messing with it. */
++/* #define SHA1HANDSOFF * Copies data before messing with it. Do not modify
original data! */
++#define SHA1HANDSOFF
+
+ #include "sha1.h"
+
+--
+2.7.4
diff --git a/debian/patches/series b/debian/patches/series
index 194ffd15..58aa560d 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -1,2 +1,3 @@
dont-generate-debian-files
disable-fstype-test
+fix-sha1-file-corruption
diff --git a/debian/tests/control b/debian/tests/control
index 712dbf5e..7ab8f964 100644
--- a/debian/tests/control
+++ b/debian/tests/control
@@ -10,6 +10,6 @@ Test-Command: test/all
Restrictions: breaks-testbed needs-root allow-stderr
Depends: bareos-database-sqlite3, bareos
-Tests: tls tls-passive
+Tests: tls tls-passive sha1
Restrictions: breaks-testbed needs-root allow-stderr
Depends: bareos-database-sqlite3, bareos
diff --git a/debian/tests/sha1 b/debian/tests/sha1
new file mode 100755
index ..5e745e23
--- /dev/null
+++ b/debian/tests/sha1
@@ -0,0 +1,48 @@
+#!/bin/bash
+
+# stop on first error
+set -e
+
+sed -i "s#Signature = MD5.*#Signature = SHA1#"
/etc/bareos/bareos-dir.d/fileset/SelfTest.conf
+
+echo "start testing ... "
+echo "TRAVIS_BRANCH: $TRAVIS_BRANCH"
+echo "USER: $USER"
+echo "DB: $DB"
+
+echo "- restarting services --- "
+service bareos-dir restart
+service bareos-sd restart
+service bareos-fd restart
+sleep 10
+
+echo "- checking services --- "
+service bareos-dir status
+service bareos-sd status
+service bareos-fd status
+
+
+# enable bash debug
+set -v
+
+BACKUP_TEST_FILE=/usr/sbin/bareos.test
+
+echo -e