From d9969c9bb7a18ffa5a271cf656947eade00659fe Mon Sep 17 00:00:00 2001 From: Robert Buchholz Date: Tue, 3 Jun 2008 22:52:30 +0000 Subject: Version bump, fixes security bug #198473 (CVE-2008-2517), DAR encryption passwords were visible to local users via ps. Also introduces support for newer versions of DAR (bug #212048). (Portage version: 2.1.4.4) --- app-backup/sarab/ChangeLog | 17 +++++- .../sarab/files/0.2.2-better-defaults-gentoo.patch | 33 ----------- .../sarab/files/0.2.2-fix-rotation-gentoo.patch | 12 ---- .../files/0.2.2-refname-calculation-gentoo.patch | 11 ---- .../files/0.2.2-test-with-encryption-gentoo.patch | 68 ---------------------- .../sarab/files/0.2.4-better-defaults-gentoo.patch | 23 ++++++++ app-backup/sarab/files/README.Gentoo | 8 +-- app-backup/sarab/sarab-0.2.2-r1.ebuild | 36 ------------ app-backup/sarab/sarab-0.2.2-r2.ebuild | 37 ------------ app-backup/sarab/sarab-0.2.4.ebuild | 40 +++++++++++++ 10 files changed, 80 insertions(+), 205 deletions(-) delete mode 100644 app-backup/sarab/files/0.2.2-better-defaults-gentoo.patch delete mode 100644 app-backup/sarab/files/0.2.2-fix-rotation-gentoo.patch delete mode 100644 app-backup/sarab/files/0.2.2-refname-calculation-gentoo.patch delete mode 100644 app-backup/sarab/files/0.2.2-test-with-encryption-gentoo.patch create mode 100644 app-backup/sarab/files/0.2.4-better-defaults-gentoo.patch delete mode 100644 app-backup/sarab/sarab-0.2.2-r1.ebuild delete mode 100644 app-backup/sarab/sarab-0.2.2-r2.ebuild create mode 100644 app-backup/sarab/sarab-0.2.4.ebuild diff --git a/app-backup/sarab/ChangeLog b/app-backup/sarab/ChangeLog index 5a21c6c3e1a3..02aad90dae19 100644 --- a/app-backup/sarab/ChangeLog +++ b/app-backup/sarab/ChangeLog @@ -1,6 +1,19 @@ # ChangeLog for app-backup/sarab -# Copyright 1999-2007 Gentoo Foundation; Distributed under the GPL v2 -# $Header: /var/cvsroot/gentoo-x86/app-backup/sarab/ChangeLog,v 1.9 2007/05/13 17:56:40 bangert Exp $ +# Copyright 1999-2008 Gentoo Foundation; Distributed under the GPL v2 +# $Header: /var/cvsroot/gentoo-x86/app-backup/sarab/ChangeLog,v 1.10 2008/06/03 22:52:30 rbu Exp $ + +*sarab-0.2.4 (03 Jun 2008) + + 03 Jun 2008; Robert Buchholz + -files/0.2.2-fix-rotation-gentoo.patch, + -files/0.2.2-test-with-encryption-gentoo.patch, + -files/0.2.2-refname-calculation-gentoo.patch, + +files/0.2.4-better-defaults-gentoo.patch, + -files/0.2.2-better-defaults-gentoo.patch, files/README.Gentoo, + -sarab-0.2.2-r1.ebuild, -sarab-0.2.2-r2.ebuild, +sarab-0.2.4.ebuild: + Version bump, fixes security bug #198473 (CVE-2008-2517), DAR encryption + passwords were visible to local users via ps. Also introduces support for + newer versions of DAR (bug #212048). 13 May 2007; Thilo Bangert metadata.xml: add herd diff --git a/app-backup/sarab/files/0.2.2-better-defaults-gentoo.patch b/app-backup/sarab/files/0.2.2-better-defaults-gentoo.patch deleted file mode 100644 index 0e5f22ef9c1e..000000000000 --- a/app-backup/sarab/files/0.2.2-better-defaults-gentoo.patch +++ /dev/null @@ -1,33 +0,0 @@ -diff -ur sarab.orig/etc/sarab.conf sarab/etc/sarab.conf ---- sarab.orig/etc/sarab.conf 2005-07-27 12:36:09.000000000 -0500 -+++ sarab/etc/sarab.conf 2005-07-27 12:43:52.000000000 -0500 -@@ -56,8 +56,8 @@ - SARAB_VERBOSE="no" - - # If non-empty, DAR_ENCRYPTION_OPTIONS contains the cipher options and key to be --# used to encrypt the backups. See the dar(1) for a description of what is --# possible. -+# used to encrypt the backups. See the dar(1) manual for a description of what -+# is possible. - # eg. DAR_ENCRYPTION_OPTIONS="--crypto-block 20480 --key blowfish:My_CompleX_key_123" - DAR_ENCRYPTION_OPTIONS="" - -@@ -74,10 +74,10 @@ - BASENAME="$(date +'%m-%d-%Y_%H%M')" - - # The location of the DAR executable file --DAR_BINARY="/usr/local/bin/dar" -+DAR_BINARY="/usr/bin/dar" - - # The location of the statically-compiled DAR executable file --DAR_STATIC="/usr/local/bin/dar_static" -+DAR_STATIC="/usr/bin/dar_static" - - # The temporary directory name that backups will be created in. This will be created underneath $DESTINATION. - WORK_DIR=".sarab_temp_workdir" -@@ -90,4 +90,4 @@ - DAR_COMMAND="$DAR_BINARY --batch $SARAB_ETC/$SARAB_DCF -c $DAR_CREATE --noconf" - - # Location and name of temporary log file --TEMP_LOG="$SARAB_ETC/sarab_temp.log" -+TEMP_LOG="/var/log/sarab_temp.log" diff --git a/app-backup/sarab/files/0.2.2-fix-rotation-gentoo.patch b/app-backup/sarab/files/0.2.2-fix-rotation-gentoo.patch deleted file mode 100644 index 3f8987ec2532..000000000000 --- a/app-backup/sarab/files/0.2.2-fix-rotation-gentoo.patch +++ /dev/null @@ -1,12 +0,0 @@ -diff -Naur sarab.orig/sarab.sh sarab/sarab.sh ---- sarab.orig/sarab.sh 2006-01-04 09:45:36.000000000 +0100 -+++ sarab/sarab.sh 2006-01-04 09:49:43.000000000 +0100 -@@ -34,7 +34,7 @@ - function rotate - { - lines=$(cat $SARAB_ETC/$ROTATION_SCHEDULE | wc -l) -- firstline="$(head -n 1 $SARAB_ETC/rotation.schedule)" -+ firstline="$(head -n 1 $SARAB_ETC/$ROTATION_SCHEDULE)" - - # Copy all but the first line back into rotation schedule - tail -n $(expr $lines - 1) $SARAB_ETC/$ROTATION_SCHEDULE > $SARAB_ETC/rotation.schedule.temp diff --git a/app-backup/sarab/files/0.2.2-refname-calculation-gentoo.patch b/app-backup/sarab/files/0.2.2-refname-calculation-gentoo.patch deleted file mode 100644 index 583ba0484195..000000000000 --- a/app-backup/sarab/files/0.2.2-refname-calculation-gentoo.patch +++ /dev/null @@ -1,11 +0,0 @@ ---- sarab.orig/sarab.sh 2004-09-08 23:06:16.000000000 -0500 -+++ sarab/sarab.sh 2006-03-01 15:00:31.000000000 -0600 -@@ -176,7 +176,7 @@ - REFERENCE_ARCHIVE=$(echo $CURRENT_LINE | cut -f 2 -d" ") - # Test to see if the reference archive actually exists - if [ -d "$DESTINATION/$REFERENCE_ARCHIVE/" ]; then # The reference archive exists -- REFERENCE_BASENAME="--ref $(/bin/ls $DESTINATION/$REFERENCE_ARCHIVE/*.dar | head -n 1 | cut -f 1 -d".")" -+ REFERENCE_BASENAME="--ref $(/bin/ls $DESTINATION/$REFERENCE_ARCHIVE/*.dar | head -n 1 | sed -re 's,\.[0-9]+\.dar,,g')" - # Record information about the reference archive to include in the current archive - echo "The reference archive for this backup was:" > $DESTINATION/$WORK_DIR/reference_archive.txt - echo "$(ls -ltr $DESTINATION/$REFERENCE_ARCHIVE/*.dar)" >> $DESTINATION/$WORK_DIR/reference_archive.txt diff --git a/app-backup/sarab/files/0.2.2-test-with-encryption-gentoo.patch b/app-backup/sarab/files/0.2.2-test-with-encryption-gentoo.patch deleted file mode 100644 index 3045e90cc97c..000000000000 --- a/app-backup/sarab/files/0.2.2-test-with-encryption-gentoo.patch +++ /dev/null @@ -1,68 +0,0 @@ -diff -ur sarab.orig/etc/sarab.conf sarab/etc/sarab.conf ---- sarab.orig/etc/sarab.conf 2004-09-08 23:05:59.000000000 -0500 -+++ sarab/etc/sarab.conf 2005-07-27 12:36:09.000000000 -0500 -@@ -55,6 +55,12 @@ - # Default="no" - SARAB_VERBOSE="no" - -+# If non-empty, DAR_ENCRYPTION_OPTIONS contains the cipher options and key to be -+# used to encrypt the backups. See the dar(1) for a description of what is -+# possible. -+# eg. DAR_ENCRYPTION_OPTIONS="--crypto-block 20480 --key blowfish:My_CompleX_key_123" -+DAR_ENCRYPTION_OPTIONS="" -+ - ################################################################## - # DO NOT EDIT BELOW THIS LINE UNLESS YOU KNOW WHAT YOU ARE DOING # - ################################################################## -Only in sarab/etc: sarab.conf~ -diff -ur sarab.orig/etc/sarab.dcf sarab/etc/sarab.dcf ---- sarab.orig/etc/sarab.dcf 2004-09-08 23:05:59.000000000 -0500 -+++ sarab/etc/sarab.dcf 2005-07-27 12:23:22.000000000 -0500 -@@ -113,16 +113,6 @@ - --exclude-compression "*.Z" - - --# --key --# This option will scramble the archive using as the pass-phrase. --# A scrambled archive can only be read if the same pass-phrase is given. --# This should not be considered a secure solution, that is why we say --# "scramble" instead of "encrypt". Still, this option can prevent --# unexperienced people from looking at your data. --# Example: (But create your own key!) --# --key "My_CompleX_key_ADDS_some_Security-Easy_as_123" -- -- - # Many of the more complex and advanced options of Dar are not listed above. - # For experienced users, all valid Dar options may be used in this file, - # except what is noted below. -@@ -131,3 +121,7 @@ - # NOTE: Do NOT use the options "--create" and "--ref", because SaraB - # automatically generates these during run-time. If you mistakenly add - # them to this file, Dar generate an error about duplicate arguments. -+ -+# Local Variables: -+# mode: conf -+# End: -Only in sarab/etc: sarab.dcf~ -diff -ur sarab.orig/sarab.sh sarab/sarab.sh ---- sarab.orig/sarab.sh 2004-09-08 23:06:16.000000000 -0500 -+++ sarab/sarab.sh 2005-07-27 12:37:17.000000000 -0500 -@@ -211,7 +211,7 @@ - echo -n "Creating backup with DAR..." - verbose - verbose "$DAR_COMMAND $REFERENCE_BASENAME" --$DAR_COMMAND $REFERENCE_BASENAME -+$DAR_COMMAND $REFERENCE_BASENAME $DAR_ENCRYPTION_OPTIONS - if [ "$?" != "0" ]; then - echo "ERROR: Error when executing the backup with DAR. The attempted command was... " - echo "$DAR_COMMAND $REFERENCE_BASENAME" -@@ -224,7 +224,7 @@ - echo -n "Testing the archive for errors..." - verbose - verbose "$DAR_BINARY -t $DESTINATION/$WORK_DIR/$BASENAME --noconf" -- $DAR_BINARY -t $DESTINATION/$WORK_DIR/$BASENAME --noconf -+ $DAR_BINARY -t $DESTINATION/$WORK_DIR/$BASENAME $DAR_ENCRYPTION_OPTIONS --noconf - if [ "$?" != "0" ]; then - echo "ERROR: Error when testing the archive. The attempted command was... " - echo "$DAR_BINARY -t $DESTINATION/$WORK_DIR/$BASENAME --noconf" -Only in sarab: sarab.sh~ diff --git a/app-backup/sarab/files/0.2.4-better-defaults-gentoo.patch b/app-backup/sarab/files/0.2.4-better-defaults-gentoo.patch new file mode 100644 index 000000000000..79603650ba84 --- /dev/null +++ b/app-backup/sarab/files/0.2.4-better-defaults-gentoo.patch @@ -0,0 +1,23 @@ +Index: sarab-0.2.4/etc/sarab.conf +=================================================================== +--- sarab-0.2.4.orig/etc/sarab.conf ++++ sarab-0.2.4/etc/sarab.conf +@@ -75,10 +75,10 @@ SECURITY_CONFIG=$SARAB_ETC/sarab.dcf.sec + BASENAME="$(date +'%m-%d-%Y_%H%M')" + + # The location of the DAR executable file +-DAR_BINARY="/usr/local/bin/dar" ++DAR_BINARY="/usr/bin/dar" + + # The location of the statically-compiled DAR executable file +-DAR_STATIC="/usr/local/bin/dar_static" ++DAR_STATIC="/usr/bin/dar_static" + + # The temporary directory name that backups will be created in. This will be created underneath $DESTINATION. + WORK_DIR=".sarab_temp_workdir" +@@ -91,4 +91,4 @@ DAR_CREATE="$DESTINATION/$WORK_DIR/$BASE + DAR_COMMAND="$DAR_BINARY --batch $SECURITY_CONFIG --batch $SARAB_ETC/$SARAB_DCF -c $DAR_CREATE --noconf" + + # Location and name of temporary log file +-TEMP_LOG="$SARAB_ETC/sarab_temp.log" ++TEMP_LOG="/var/log/sarab_temp.log" diff --git a/app-backup/sarab/files/README.Gentoo b/app-backup/sarab/files/README.Gentoo index 3f99d082643f..cddd6f7c330c 100644 --- a/app-backup/sarab/files/README.Gentoo +++ b/app-backup/sarab/files/README.Gentoo @@ -1,17 +1,13 @@ --*- outline -*- $Id: README.Gentoo,v 1.1 2005/07/27 18:10:37 mkennedy Exp $ +-*- outline -*- $Id: README.Gentoo,v 1.2 2008/06/03 22:52:30 rbu Exp $ Gentoo GNU/Linux specific notes for SaraB ----------------------------------------- This is the README.Gentoo file from /usr/share/doc/@PF@/ directory. - * The Gentoo port includes a patch to support testing of encrypted archives. - Previously, SaraB supported creating encrypted archives, but the test step - didn't use the same cipher information and would fail. - * The Gentoo port includes more reasonable pathnames for the example configuration. -If you encounter any problems or have suggestions, use http://bugs.gentoo.org. +If you encounter any problems or have suggestions, use https://bugs.gentoo.org. Please don't bother the upstream authors unless you are absolutely certain it is not Gentoo-related. diff --git a/app-backup/sarab/sarab-0.2.2-r1.ebuild b/app-backup/sarab/sarab-0.2.2-r1.ebuild deleted file mode 100644 index 829afb69bbc4..000000000000 --- a/app-backup/sarab/sarab-0.2.2-r1.ebuild +++ /dev/null @@ -1,36 +0,0 @@ -# Copyright 1999-2006 Gentoo Foundation -# Distributed under the terms of the GNU General Public License v2 -# $Header: /var/cvsroot/gentoo-x86/app-backup/sarab/sarab-0.2.2-r1.ebuild,v 1.1 2006/01/06 16:47:43 mkennedy Exp $ - -inherit eutils - -DESCRIPTION="SaraB is a powerful and automated backup scheduling system based on DAR." -HOMEPAGE="http://sarab.sourceforge.net/" -SRC_URI="mirror://sourceforge/sarab/${P}.tar.gz" -LICENSE="GPL-2" -SLOT="0" -KEYWORDS="~amd64 ~x86" -IUSE="" - -DEPEND="" -RDEPEND="app-backup/dar - mail-client/mailx" - -S=${WORKDIR}/${PN} - -src_unpack() { - unpack ${A} - epatch ${FILESDIR}/${PV}-test-with-encryption-gentoo.patch || die - epatch ${FILESDIR}/${PV}-better-defaults-gentoo.patch || die - epatch ${FILESDIR}/${PV}-fix-rotation-gentoo.patch || die -} - -src_install() { - dobin sarab.sh - insinto /etc/sarab - doins -r etc/* - # sarab.conf could contain passphrase information - fperms 600 /etc/sarab/sarab.conf - dodoc CHANGELOG FAQ INSTALL LICENSE README - dodoc ${FILESDIR}/README.Gentoo -} diff --git a/app-backup/sarab/sarab-0.2.2-r2.ebuild b/app-backup/sarab/sarab-0.2.2-r2.ebuild deleted file mode 100644 index b7124bf62d9c..000000000000 --- a/app-backup/sarab/sarab-0.2.2-r2.ebuild +++ /dev/null @@ -1,37 +0,0 @@ -# Copyright 1999-2006 Gentoo Foundation -# Distributed under the terms of the GNU General Public License v2 -# $Header: /var/cvsroot/gentoo-x86/app-backup/sarab/sarab-0.2.2-r2.ebuild,v 1.2 2006/03/05 18:06:51 mkennedy Exp $ - -inherit eutils - -DESCRIPTION="SaraB is a powerful and automated backup scheduling system based on DAR." -HOMEPAGE="http://sarab.sourceforge.net/" -SRC_URI="mirror://sourceforge/sarab/${P}.tar.gz" -LICENSE="GPL-2" -SLOT="0" -KEYWORDS="~amd64 ~x86" -IUSE="" - -DEPEND="" -RDEPEND="app-backup/dar - virtual/mailx" - -S=${WORKDIR}/${PN} - -src_unpack() { - unpack ${A} - epatch ${FILESDIR}/${PV}-test-with-encryption-gentoo.patch || die - epatch ${FILESDIR}/${PV}-better-defaults-gentoo.patch || die - epatch ${FILESDIR}/${PV}-fix-rotation-gentoo.patch || die - epatch ${FILESDIR}/${PV}-refname-calculation-gentoo.patch || die -} - -src_install() { - dobin sarab.sh - insinto /etc/sarab - doins -r etc/* - # sarab.conf could contain passphrase information - fperms 600 /etc/sarab/sarab.conf - dodoc CHANGELOG FAQ INSTALL LICENSE README - dodoc ${FILESDIR}/README.Gentoo -} diff --git a/app-backup/sarab/sarab-0.2.4.ebuild b/app-backup/sarab/sarab-0.2.4.ebuild new file mode 100644 index 000000000000..90895c24d6f2 --- /dev/null +++ b/app-backup/sarab/sarab-0.2.4.ebuild @@ -0,0 +1,40 @@ +# Copyright 1999-2008 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 +# $Header: /var/cvsroot/gentoo-x86/app-backup/sarab/sarab-0.2.4.ebuild,v 1.1 2008/06/03 22:52:30 rbu Exp $ + +inherit eutils + +DESCRIPTION="SaraB is a powerful and automated backup scheduling system based on DAR." +HOMEPAGE="http://sarab.sourceforge.net/" +SRC_URI="mirror://sourceforge/sarab/${P}.tar.gz" +LICENSE="GPL-2" +SLOT="0" +KEYWORDS="~amd64 ~x86" +IUSE="" + +DEPEND="" +RDEPEND="app-backup/dar + virtual/mailx" + +src_unpack() { + cd "${S}" + unpack ${A} + + epatch "${FILESDIR}"/${PV}-better-defaults-gentoo.patch +} + +src_install() { + dobin sarab.sh + insinto /etc/sarab + doins -r etc/* + # sarab.conf could contain passphrase information + fperms 600 /etc/sarab/sarab.conf + dodoc CHANGELOG FAQ INSTALL README + dodoc "${FILESDIR}"/README.Gentoo +} + +pkg_postinstl() { + ewarn "The configuration format for DAR encryption has changed in Sarab 0.2.4." + ewarn "Replace DAR_ENCRYPTION_OPTIONS=\"--key blowfish:PASSPHRASE\"" + ewarn "by SARAB_KEY=\"blowfish:PASSPHRASE\" in /etc/sarab/sarab.conf" +} \ No newline at end of file -- cgit v1.2.3-65-gdbad