summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorThomas Beierlein <tomjbe@gentoo.org>2012-10-10 19:32:50 +0000
committerThomas Beierlein <tomjbe@gentoo.org>2012-10-10 19:32:50 +0000
commit0bb6aea569e4723c0883594625c5c67280d2e26c (patch)
tree4433bf4733a3b2d04bfc0638de3281845b82de36 /app-backup/bacula
parentMake vnc support optional. We can use qemu just fine w/out it, so add USE="j... (diff)
downloadgentoo-2-0bb6aea569e4723c0883594625c5c67280d2e26c.tar.gz
gentoo-2-0bb6aea569e4723c0883594625c5c67280d2e26c.tar.bz2
gentoo-2-0bb6aea569e4723c0883594625c5c67280d2e26c.zip
Readd bacula-5.0.3 including fix for CVE-2012-4430 to enable use with older bacula directors.
(Portage version: 2.1.11.25/cvs/Linux x86_64)
Diffstat (limited to 'app-backup/bacula')
-rw-r--r--app-backup/bacula/ChangeLog7
-rw-r--r--app-backup/bacula/bacula-5.0.3-r3.ebuild441
-rw-r--r--app-backup/bacula/files/5.0.3/bacula-5.0.3-cve.patch125
3 files changed, 572 insertions, 1 deletions
diff --git a/app-backup/bacula/ChangeLog b/app-backup/bacula/ChangeLog
index ec7894c693d6..084bf7a1903b 100644
--- a/app-backup/bacula/ChangeLog
+++ b/app-backup/bacula/ChangeLog
@@ -1,6 +1,11 @@
# ChangeLog for app-backup/bacula
# Copyright 1999-2012 Gentoo Foundation; Distributed under the GPL v2
-# $Header: /var/cvsroot/gentoo-x86/app-backup/bacula/ChangeLog,v 1.144 2012/09/23 18:28:42 ago Exp $
+# $Header: /var/cvsroot/gentoo-x86/app-backup/bacula/ChangeLog,v 1.145 2012/10/10 19:32:50 tomjbe Exp $
+
+ 10 Oct 2012; Thomas Beierlein <tomjbe@gentoo.org> +bacula-5.0.3-r3.ebuild,
+ +files/5.0.3/bacula-5.0.3-cve.patch:
+ Readd bacula-5.0.3 including fix for CVE-2012-4430 to enable use with older
+ bacula directors.
23 Sep 2012; Agostino Sarubbo <ago@gentoo.org> -bacula-5.0.3-r2.ebuild,
-bacula-5.2.5.ebuild:
diff --git a/app-backup/bacula/bacula-5.0.3-r3.ebuild b/app-backup/bacula/bacula-5.0.3-r3.ebuild
new file mode 100644
index 000000000000..881caf91a571
--- /dev/null
+++ b/app-backup/bacula/bacula-5.0.3-r3.ebuild
@@ -0,0 +1,441 @@
+# Copyright 1999-2012 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Header: /var/cvsroot/gentoo-x86/app-backup/bacula/bacula-5.0.3-r3.ebuild,v 1.10 2012/10/10 19:32:50 tomjbe Exp $
+
+EAPI="2"
+PYTHON_DEPEND="python? 2"
+PYTHON_USE_WITH="threads"
+PYTHON_USE_WITH_OPT="python"
+
+inherit eutils multilib python user
+
+MY_PV=${PV/_beta/-b}
+MY_P=${PN}-${MY_PV}
+#DOC_VER="${MY_PV}"
+
+DESCRIPTION="Featureful client/server network backup suite"
+HOMEPAGE="http://www.bacula.org/"
+
+#DOC_SRC_URI="mirror://sourceforge/bacula/${PN}-docs-${DOC_VER}.tar.bz2"
+SRC_URI="mirror://sourceforge/bacula/${MY_P}.tar.gz"
+# doc? ( ${DOC_SRC_URI} )
+
+LICENSE="AGPL-3"
+SLOT="0"
+KEYWORDS="~amd64 ~hppa ~ppc ~sparc ~x86"
+IUSE="acl bacula-clientonly bacula-nodir bacula-nosd ipv6 logwatch mysql postgres python qt4 readline +sqlite3 ssl static tcpd vim-syntax X"
+
+# maintainer comment:
+# postgresql-base should have USE=threads (see bug 326333) but fails to build
+# atm with it (see bug #300964)
+DEPEND="
+ >=sys-libs/zlib-1.1.4
+ dev-libs/gmp
+ !bacula-clientonly? (
+ postgres? ( dev-db/postgresql-base[threads] )
+ mysql? ( virtual/mysql )
+ sqlite3? ( dev-db/sqlite:3 )
+ !bacula-nodir? ( virtual/mta )
+ )
+ qt4? (
+ x11-libs/qt-svg:4
+ x11-libs/qwt:5
+ )
+ ssl? ( dev-libs/openssl )
+ logwatch? ( sys-apps/logwatch )
+ tcpd? ( >=sys-apps/tcp-wrappers-7.6 )
+ readline? ( >=sys-libs/readline-4.1 )
+ sys-libs/ncurses"
+# doc? (
+# app-text/ghostscript-gpl
+# dev-tex/latex2html[png]
+# app-text/dvipdfm
+# )
+RDEPEND="${DEPEND}
+ !bacula-clientonly? (
+ !bacula-nosd? (
+ sys-block/mtx
+ app-arch/mt-st
+ )
+ )
+ vim-syntax? ( || ( app-editors/vim app-editors/gvim ) )"
+
+S=${WORKDIR}/${MY_P}
+
+pkg_setup() {
+ local -i dbnum=0
+ if ! use bacula-clientonly; then
+ if use mysql; then
+ export mydbtype=mysql
+ let dbnum++
+ fi
+ if use postgres; then
+ export mydbtype=postgresql
+ let dbnum++
+ fi
+ if use sqlite3; then
+ export mydbtype=sqlite3
+ let dbnum++
+ fi
+ if [[ "${dbnum}" -lt 1 ]]; then
+ ewarn
+ ewarn "No database backend selected, defaulting to sqlite3."
+ ewarn "Supported databases are mysql, postgresql, sqlite3"
+ ewarn
+ export mydbtype=sqlite3
+ elif [[ "${dbnum}" -gt 1 ]]; then
+ ewarn
+ ewarn "Too many database backends selected, defaulting to sqlite3."
+ ewarn "Supported databases are mysql, postgresql, sqlite3"
+ ewarn
+ export mydbtype=sqlite3
+ fi
+ fi
+
+ # create the daemon group and user
+ if [ -z "$(egetent group bacula 2>/dev/null)" ]; then
+ enewgroup bacula
+ einfo
+ einfo "The group 'bacula' has been created. Any users you add to this"
+ einfo "group have access to files created by the daemons."
+ einfo
+ fi
+
+ if use bacula-clientonly && use static && use qt4; then
+ ewarn
+ ewarn "Building statically linked 'bat' is not supported. Ignorig 'qt4' useflag."
+ ewarn
+ fi
+
+ if ! use bacula-clientonly; then
+ # USE=static only supported for bacula-clientonly
+ if use static; then
+ ewarn
+ ewarn "USE=static only supported together with USE=bacula-clientonly."
+ ewarn "Ignoring 'static' useflag."
+ ewarn
+ fi
+ if [ -z "$(egetent passwd bacula 2>/dev/null)" ]; then
+ enewuser bacula -1 -1 /var/lib/bacula bacula,disk,tape,cdrom,cdrw
+ einfo
+ einfo "The user 'bacula' has been created. Please see the bacula manual"
+ einfo "for information about running bacula as a non-root user."
+ einfo
+ fi
+ fi
+
+ if use python; then
+ python_set_active_version 2
+ python_pkg_setup
+ fi
+}
+
+src_prepare() {
+ # adjusts default configuration files for several binaries
+ # to /etc/bacula/<config> instead of ./<config>
+ pushd src >&/dev/null || die
+ for f in console/console.c dird/dird.c filed/filed.c \
+ stored/bcopy.c stored/bextract.c stored/bls.c \
+ stored/bscan.c stored/btape.c stored/stored.c \
+ qt-console/main.cpp; do
+ sed -i -e 's|^\(#define CONFIG_FILE "\)|\1/etc/bacula/|g' "${f}" \
+ || die "sed on ${f} failed"
+ done
+ popd >&/dev/null || die
+
+ # drop automatic install of unneeded documentation (for bug 356499)
+ epatch "${FILESDIR}"/${PV}/${P}-doc.patch
+
+ # bug #310087
+ epatch "${FILESDIR}"/${PV}/${P}-as-needed.patch
+
+ # bug #311161
+ epatch "${FILESDIR}"/${PV}/${P}-lib-search-path.patch
+
+ # stop build for errors in subdirs
+ epatch "${FILESDIR}"/${PV}/${P}-Makefile.patch
+
+ # bat needs to respect LDFLAGS
+ epatch "${FILESDIR}"/${PV}/${P}-ldflags.patch
+
+ # bug #328701
+ epatch "${FILESDIR}"/${PV}/${P}-openssl-1.patch
+
+ epatch "${FILESDIR}"/${PV}/${P}-fix-static.patch
+
+ # fix CVE-2012-4430
+ epatch "${FILESDIR}"/${PV}/${P}-cve.patch
+}
+
+src_configure() {
+ local myconf=''
+
+ if use bacula-clientonly; then
+ myconf="${myconf} \
+ $(use_enable bacula-clientonly client-only) \
+ $(use_enable !static libtool) \
+ $(use_enable static static-cons) \
+ $(use_enable static static-fd)"
+ else
+ myconf="${myconf} \
+ $(use_enable !bacula-nodir build-dird) \
+ $(use_enable !bacula-nosd build-stored)"
+ # bug #311099
+ # database support needed by dir-only *and* sd-only
+ # build as well (for building bscan, btape, etc.)
+ myconf="${myconf} \
+ --with-${mydbtype} \
+ --enable-batch-insert"
+ fi
+
+ # do not build bat if 'static' clientonly
+ if ! use bacula-clientonly || ! use static; then
+ myconf="${myconf} \
+ $(use_enable qt4 bat)"
+ fi
+
+ myconf="${myconf} \
+ --disable-tray-monitor \
+ $(use_with X x) \
+ $(use_with python) \
+ $(use_enable !readline conio) \
+ $(use_enable readline) \
+ $(use_with readline readline /usr) \
+ $(use_with ssl openssl) \
+ $(use_enable ipv6) \
+ $(use_enable acl) \
+ $(use_with tcpd tcp-wrappers)"
+
+ econf \
+ --libdir=/usr/$(get_libdir) \
+ --docdir=/usr/share/doc/${PF} \
+ --htmldir=/usr/share/doc/${PF}/html \
+ --with-pid-dir=/var/run \
+ --sysconfdir=/etc/bacula \
+ --with-subsys-dir=/var/lock/subsys \
+ --with-working-dir=/var/lib/bacula \
+ --with-scriptdir=/usr/libexec/bacula \
+ --with-dir-user=bacula \
+ --with-dir-group=bacula \
+ --with-sd-user=root \
+ --with-sd-group=bacula \
+ --with-fd-user=root \
+ --with-fd-group=bacula \
+ --enable-smartalloc \
+ --disable-afs \
+ --host=${CHOST} \
+ ${myconf}
+}
+
+src_compile() {
+ emake || die "emake failed"
+
+ # build docs from bacula-docs tarball
+# if use doc; then
+# pushd "${WORKDIR}/${PN}-docs-${DOC_VER}"
+# ./configure \
+# --with-bacula="${S}" \
+# || die "configure for bacula-docs failed"
+# emake -j1 || die "emake for bacula-docs failed"
+# popd
+# fi
+}
+
+src_install() {
+ emake DESTDIR="${D}" install || die "emake install failed"
+ doicon scripts/bacula.png || die
+
+ # install bat when enabled (for some reason ./configure doesn't pick this up)
+ if use qt4 && ! use static ; then
+ dosbin "${S}"/src/qt-console/.libs/bat || die
+ doicon src/qt-console/images/bat_icon.png || die
+ domenu scripts/bat.desktop || die
+ fi
+
+ # remove some scripts we don't need at all
+ rm -f "${D}"/usr/libexec/bacula/{bacula,bacula-ctl-dir,bacula-ctl-fd,bacula-ctl-sd,startmysql,stopmysql}
+
+ # rename statically linked apps
+ if use bacula-clientonly && use static ; then
+ pushd "${D}"/usr/sbin || die
+ mv static-bacula-fd bacula-fd || die
+ mv static-bconsole bconsole || die
+ popd || die
+ fi
+
+ # extra files which 'make install' doesn't cover
+ if ! use bacula-clientonly; then
+ # the database update scripts
+ diropts -m0750
+ insinto /usr/libexec/bacula/updatedb
+ insopts -m0754
+ doins "${S}"/updatedb/* || die
+ fperms 0640 /usr/libexec/bacula/updatedb/README || die
+
+ # the logrotate configuration
+ # (now unconditional wrt bug #258187)
+ diropts -m0755
+ insinto /etc/logrotate.d
+ insopts -m0644
+ newins "${S}"/scripts/logrotate bacula || die
+
+ # the logwatch scripts
+ if use logwatch; then
+ diropts -m0750
+ dodir /etc/log.d/scripts/services
+ dodir /etc/log.d/scripts/shared
+ dodir /etc/log.d/conf/logfiles
+ dodir /etc/log.d/conf/services
+ pushd "${S}"/scripts/logwatch >&/dev/null || die
+ emake DESTDIR="${D}" install || die "Failed to install logwatch scripts"
+ popd >&/dev/null || die
+ fi
+ fi
+
+ rm -vf "${D}"/usr/share/man/man1/bacula-bwxconsole.1*
+ if ! use qt4; then
+ rm -vf "${D}"/usr/share/man/man1/bat.1*
+ fi
+ rm -vf "${D}"/usr/share/man/man1/bacula-tray-monitor.1*
+ if use bacula-clientonly || use bacula-nodir; then
+ rm -vf "${D}"/usr/share/man/man8/bacula-dir.8*
+ rm -vf "${D}"/usr/share/man/man8/dbcheck.8*
+ rm -vf "${D}"/usr/share/man/man1/bsmtp.1*
+ rm -vf "${D}"/usr/libexec/bacula/create_*_database
+ rm -vf "${D}"/usr/libexec/bacula/drop_*_database
+ rm -vf "${D}"/usr/libexec/bacula/make_*_tables
+ rm -vf "${D}"/usr/libexec/bacula/update_*_tables
+ rm -vf "${D}"/usr/libexec/bacula/drop_*_tables
+ rm -vf "${D}"/usr/libexec/bacula/grant_*_privileges
+ rm -vf "${D}"/usr/libexec/bacula/*_catalog_backup
+ fi
+ if use bacula-clientonly || use bacula-nosd; then
+ rm -vf "${D}"/usr/share/man/man8/bacula-sd.8*
+ rm -vf "${D}"/usr/share/man/man8/bcopy.8*
+ rm -vf "${D}"/usr/share/man/man8/bextract.8*
+ rm -vf "${D}"/usr/share/man/man8/bls.8*
+ rm -vf "${D}"/usr/share/man/man8/bscan.8*
+ rm -vf "${D}"/usr/share/man/man8/btape.8*
+ rm -vf "${D}"/usr/libexec/bacula/disk-changer
+ rm -vf "${D}"/usr/libexec/bacula/mtx-changer
+ rm -vf "${D}"/usr/libexec/bacula/dvd-handler
+ fi
+
+ # documentation
+ dodoc ChangeLog ReleaseNotes SUPPORT technotes
+
+ # vim-files
+ if use vim-syntax; then
+ insinto /usr/share/vim/vimfiles/syntax
+ doins scripts/bacula.vim || die
+ insinto /usr/share/vim/vimfiles/ftdetect
+ newins scripts/filetype.vim bacula_ft.vim || die
+ fi
+
+ # setup init scripts
+ myscripts="bacula-fd"
+ if ! use bacula-clientonly; then
+ if ! use bacula-nodir; then
+ myscripts="${myscripts} bacula-dir"
+ fi
+ if ! use bacula-nosd; then
+ myscripts="${myscripts} bacula-sd"
+ fi
+ fi
+ for script in ${myscripts}; do
+ # copy over init script and config to a temporary location
+ # so we can modify them as needed
+ cp "${FILESDIR}/${script}".confd "${T}/${script}".confd || die "failed to copy ${script}.confd"
+ cp "${FILESDIR}/${script}".initd "${T}/${script}".initd || die "failed to copy ${script}.initd"
+ # set database dependancy for the director init script
+ case "${script}" in
+ bacula-dir)
+ case "${mydbtype}" in
+ sqlite3)
+ # sqlite3 databases don't have a daemon
+ sed -i -e 's/need "%database%"/:/g' "${T}/${script}".initd || die
+ ;;
+ *)
+ # all other databases have daemons
+ sed -i -e "s:%database%:${mydbtype}:" "${T}/${script}".initd || die
+ ;;
+ esac
+ ;;
+ *)
+ ;;
+ esac
+ # install init script and config
+ newinitd "${T}/${script}".initd "${script}" || die
+ newconfd "${T}/${script}".confd "${script}" || die
+ done
+
+ # make sure the working directory exists
+ diropts -m0750
+ keepdir /var/lib/bacula
+
+ # make sure bacula group can execute bacula libexec scripts
+ fowners -R root:bacula /usr/libexec/bacula
+}
+
+pkg_postinst() {
+ if use bacula-clientonly; then
+ fowners root:bacula /var/lib/bacula
+ else
+ fowners bacula:bacula /var/lib/bacula
+ fi
+
+ if ! use bacula-clientonly && ! use bacula-nodir; then
+ einfo
+ einfo "If this is a new install, you must create the ${mydbtype} databases with:"
+ einfo " /usr/libexec/bacula/create_${mydbtype}_database"
+ einfo " /usr/libexec/bacula/make_${mydbtype}_tables"
+ einfo " /usr/libexec/bacula/grant_${mydbtype}_privileges"
+ einfo
+
+ ewarn
+ ewarn "*** ATTENTION! IMPORTANT! ATTENTION! IMPORTANT! ATTENTION! IMPORTANT! ***"
+ ewarn
+ ewarn "If you're upgrading from a major release, you must upgrade your bacula catalog database."
+ ewarn "Please read the manual chapter for how to upgrade your database."
+ ewarn "You can find database upgrade scripts in /usr/libexec/bacula/updatedb/."
+ ewarn
+ ewarn "*** ATTENTION! IMPORTANT! ATTENTION! IMPORTANT! ATTENTION! IMPORTANT! ***"
+ ewarn
+ ebeep 5
+ epause 10
+ echo
+
+ ewarn
+ ewarn "*** ATTENTION! IMPORTANT! ATTENTION! IMPORTANT! ATTENTION! IMPORTANT! ***"
+ ewarn
+ ewarn "The bundled catalog backup script (/usr/libexec/bacula/make_catalog_backup)"
+ ewarn "is INSECURE. The script needs to be called with the database access password"
+ ewarn "as a command line parameter, thus, the password can be seen from any other"
+ ewarn "user on the system"
+ ewarn
+ ewarn "NOTICE:"
+ ewarn "Since version 5.0.0 Bacula bundles an alternative catalog backup script"
+ ewarn "installed as /usr/libexec/bacula/make_catalog_backup.pl that is not"
+ ewarn "subject to this issue as it parses the director daemon config to extract"
+ ewarn "the configured database connection parameters (including the password)."
+ ewarn
+ ewarn "See also:"
+ ewarn "http://www.bacula.org/5.0.x-manuals/en/main/main/Bacula_Security_Issues.html"
+ ewarn "http://www.bacula.org/5.0.x-manuals/en/main/main/Catalog_Maintenance.html#SECTION0043140000000000000000"
+ ewarn
+ ewarn "*** ATTENTION! IMPORTANT! ATTENTION! IMPORTANT! ATTENTION! IMPORTANT! ***"
+ ewarn
+ ebeep 5
+ epause 10
+ echo
+
+ einfo
+ einfo "Please note that SQLite v2 support as well as wxwindows (bwx-console)"
+ einfo "and gnome (gnome-console) support have been dropped."
+ einfo
+ fi
+
+ einfo "Please note that 'bconsole' will always be installed. To compile 'bat'"
+ einfo "you have to enable 'USE=qt4'."
+ einfo
+}
diff --git a/app-backup/bacula/files/5.0.3/bacula-5.0.3-cve.patch b/app-backup/bacula/files/5.0.3/bacula-5.0.3-cve.patch
new file mode 100644
index 000000000000..394db6e0ea88
--- /dev/null
+++ b/app-backup/bacula/files/5.0.3/bacula-5.0.3-cve.patch
@@ -0,0 +1,125 @@
+From 67debcecd3d530c429e817e1d778e79dcd1db905 Mon Sep 17 00:00:00 2001
+From: Kern Sibbald <kern@sibbald.com>
+Date: Sat, 18 Aug 2012 13:46:03 +0000
+Subject: Make dump_resource respect console ACL's
+
+---
+diff --git a/bacula/src/dird/dird_conf.c b/bacula/src/dird/dird_conf.c
+index 7dcf591..2f2eb00 100644
+--- a/bacula/src/dird/dird_conf.c
++++ b/bacula/src/dird/dird_conf.c
+@@ -554,6 +554,7 @@ void dump_resource(int type, RES *reshdr, void sendit(void *sock, const char *fm
+ bool recurse = true;
+ char ed1[100], ed2[100], ed3[100];
+ DEVICE *dev;
++ UAContext *ua = (UAContext *)sock;
+
+ if (res == NULL) {
+ sendit(sock, _("No %s resource defined\n"), res_to_str(type));
+@@ -599,6 +600,9 @@ void dump_resource(int type, RES *reshdr, void sendit(void *sock, const char *fm
+ break;
+
+ case R_CLIENT:
++ if (!acl_access_ok(ua, Client_ACL, res->res_client.hdr.name)) {
++ break;
++ }
+ sendit(sock, _("Client: name=%s address=%s FDport=%d MaxJobs=%u\n"),
+ res->res_client.hdr.name, res->res_client.address, res->res_client.FDport,
+ res->res_client.MaxConcurrentJobs);
+@@ -626,6 +630,9 @@ void dump_resource(int type, RES *reshdr, void sendit(void *sock, const char *fm
+ break;
+
+ case R_STORAGE:
++ if (!acl_access_ok(ua, Storage_ACL, res->res_store.hdr.name)) {
++ break;
++ }
+ sendit(sock, _("Storage: name=%s address=%s SDport=%d MaxJobs=%u\n"
+ " DeviceName=%s MediaType=%s StorageId=%s\n"),
+ res->res_store.hdr.name, res->res_store.address, res->res_store.SDport,
+@@ -636,6 +643,9 @@ void dump_resource(int type, RES *reshdr, void sendit(void *sock, const char *fm
+ break;
+
+ case R_CATALOG:
++ if (!acl_access_ok(ua, Catalog_ACL, res->res_cat.hdr.name)) {
++ break;
++ }
+ sendit(sock, _("Catalog: name=%s address=%s DBport=%d db_name=%s\n"
+ " db_driver=%s db_user=%s MutliDBConn=%d\n"),
+ res->res_cat.hdr.name, NPRT(res->res_cat.db_address),
+@@ -646,6 +656,9 @@ void dump_resource(int type, RES *reshdr, void sendit(void *sock, const char *fm
+
+ case R_JOB:
+ case R_JOBDEFS:
++ if (!acl_access_ok(ua, Job_ACL, res->res_job.hdr.name)) {
++ break;
++ }
+ sendit(sock, _("%s: name=%s JobType=%d level=%s Priority=%d Enabled=%d\n"),
+ type == R_JOB ? _("Job") : _("JobDefs"),
+ res->res_job.hdr.name, res->res_job.JobType,
+@@ -767,6 +780,9 @@ void dump_resource(int type, RES *reshdr, void sendit(void *sock, const char *fm
+ case R_FILESET:
+ {
+ int i, j, k;
++ if (!acl_access_ok(ua, FileSet_ACL, res->res_fs.hdr.name)) {
++ break;
++ }
+ sendit(sock, _("FileSet: name=%s\n"), res->res_fs.hdr.name);
+ for (i=0; i<res->res_fs.num_includes; i++) {
+ INCEXE *incexe = res->res_fs.include_items[i];
+@@ -854,6 +870,9 @@ void dump_resource(int type, RES *reshdr, void sendit(void *sock, const char *fm
+ }
+
+ case R_SCHEDULE:
++ if (!acl_access_ok(ua, Schedule_ACL, res->res_sch.hdr.name)) {
++ break;
++ }
+ if (res->res_sch.run) {
+ int i;
+ RUN *run = res->res_sch.run;
+@@ -942,6 +961,9 @@ next_run:
+ break;
+
+ case R_POOL:
++ if (!acl_access_ok(ua, Pool_ACL, res->res_pool.hdr.name)) {
++ break;
++ }
+ sendit(sock, _("Pool: name=%s PoolType=%s\n"), res->res_pool.hdr.name,
+ res->res_pool.pool_type);
+ sendit(sock, _(" use_cat=%d use_once=%d cat_files=%d\n"),
+--
+From 2be20d549211f7984156674116f9239acf6d79bd Mon Sep 17 00:00:00 2001
+From: Kern Sibbald <kern@sibbald.com>
+Date: Sun, 19 Aug 2012 06:33:15 +0000
+Subject: Fix Makefile.in so that testfind builds with acl dependency
+
+---
+diff --git a/bacula/src/tools/Makefile.in b/bacula/src/tools/Makefile.in
+index 0c3f305..5731140 100644
+--- a/bacula/src/tools/Makefile.in
++++ b/bacula/src/tools/Makefile.in
+@@ -29,12 +29,12 @@ dummy:
+
+ GETTEXT_LIBS = @LIBINTL@
+
+-FINDOBJS = testfind.o ../dird/dird_conf.o ../dird/inc_conf.o ../dird/run_conf.o
++FINDOBJS = testfind.o ../dird/dird_conf.o ../dird/inc_conf.o ../dird/ua_acl.o ../dird/run_conf.o
+
+ # these are the objects that are changed by the .configure process
+ EXTRAOBJS = @OBJLIST@
+
+-DIRCONFOBJS = ../dird/dird_conf.o ../dird/run_conf.o ../dird/inc_conf.o
++DIRCONFOBJS = ../dird/dird_conf.o ../dird/ua_acl.o ../dird/run_conf.o ../dird/inc_conf.o
+
+ NODIRTOOLS = bsmtp
+ DIRTOOLS = bsmtp dbcheck drivetype fstype testfind testls bregex bwild bbatch bregtest bvfs_test ing_test
+@@ -79,6 +79,9 @@ drivetype: Makefile drivetype.o ../lib/libbac$(DEFAULT_ARCHIVE_TYPE) ../findlib/
+ dird_conf.o: ../dird/dird_conf.c
+ $(CXX) $(DEFS) $(DEBUG) -c $(CPPFLAGS) $(PYTHON_INC) -I$(srcdir) -I$(basedir) $(DINCLUDE) $(CFLAGS) $<
+
++ua_acl.o: ../dird/ua_acl.c
++ $(CXX) $(DEFS) $(DEBUG) -c $(CPPFLAGS) $(PYTHON_INC) -I$(srcdir) -I$(basedir) $(DINCLUDE) $(CFLAGS) $<
++
+ run_conf.o: ../dird/run_conf.c
+ $(CXX) $(DEFS) $(DEBUG) -c $(CPPFLAGS) $(PYTHON_INC) -I$(srcdir) -I$(basedir) $(DINCLUDE) $(CFLAGS) $<
+
+--