summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorRobert Buchholz <rbu@gentoo.org>2008-06-03 22:52:30 +0000
committerRobert Buchholz <rbu@gentoo.org>2008-06-03 22:52:30 +0000
commitd9969c9bb7a18ffa5a271cf656947eade00659fe (patch)
treec5eef2e41a2d330b5c805af66d3ad6bdefed2d6d /app-backup
parentFixed homepage, bug #213062 (diff)
downloadgentoo-2-d9969c9bb7a18ffa5a271cf656947eade00659fe.tar.gz
gentoo-2-d9969c9bb7a18ffa5a271cf656947eade00659fe.tar.bz2
gentoo-2-d9969c9bb7a18ffa5a271cf656947eade00659fe.zip
Version bump, fixes security bug #198473 (CVE-2008-2517), DAR encryption passwords were visible to local users via ps. Also introduces support for newer
versions of DAR (bug #212048). (Portage version: 2.1.4.4)
Diffstat (limited to 'app-backup')
-rw-r--r--app-backup/sarab/ChangeLog17
-rw-r--r--app-backup/sarab/files/0.2.2-better-defaults-gentoo.patch33
-rw-r--r--app-backup/sarab/files/0.2.2-fix-rotation-gentoo.patch12
-rw-r--r--app-backup/sarab/files/0.2.2-refname-calculation-gentoo.patch11
-rw-r--r--app-backup/sarab/files/0.2.2-test-with-encryption-gentoo.patch68
-rw-r--r--app-backup/sarab/files/0.2.4-better-defaults-gentoo.patch23
-rw-r--r--app-backup/sarab/files/README.Gentoo8
-rw-r--r--app-backup/sarab/sarab-0.2.2-r1.ebuild36
-rw-r--r--app-backup/sarab/sarab-0.2.4.ebuild (renamed from app-backup/sarab/sarab-0.2.2-r2.ebuild)23
9 files changed, 53 insertions, 178 deletions
diff --git a/app-backup/sarab/ChangeLog b/app-backup/sarab/ChangeLog
index 5a21c6c3e1a3..02aad90dae19 100644
--- a/app-backup/sarab/ChangeLog
+++ b/app-backup/sarab/ChangeLog
@@ -1,6 +1,19 @@
# ChangeLog for app-backup/sarab
-# Copyright 1999-2007 Gentoo Foundation; Distributed under the GPL v2
-# $Header: /var/cvsroot/gentoo-x86/app-backup/sarab/ChangeLog,v 1.9 2007/05/13 17:56:40 bangert Exp $
+# Copyright 1999-2008 Gentoo Foundation; Distributed under the GPL v2
+# $Header: /var/cvsroot/gentoo-x86/app-backup/sarab/ChangeLog,v 1.10 2008/06/03 22:52:30 rbu Exp $
+
+*sarab-0.2.4 (03 Jun 2008)
+
+ 03 Jun 2008; Robert Buchholz <rbu@gentoo.org>
+ -files/0.2.2-fix-rotation-gentoo.patch,
+ -files/0.2.2-test-with-encryption-gentoo.patch,
+ -files/0.2.2-refname-calculation-gentoo.patch,
+ +files/0.2.4-better-defaults-gentoo.patch,
+ -files/0.2.2-better-defaults-gentoo.patch, files/README.Gentoo,
+ -sarab-0.2.2-r1.ebuild, -sarab-0.2.2-r2.ebuild, +sarab-0.2.4.ebuild:
+ Version bump, fixes security bug #198473 (CVE-2008-2517), DAR encryption
+ passwords were visible to local users via ps. Also introduces support for
+ newer versions of DAR (bug #212048).
13 May 2007; Thilo Bangert <bangert@gentoo.org> metadata.xml:
add herd
diff --git a/app-backup/sarab/files/0.2.2-better-defaults-gentoo.patch b/app-backup/sarab/files/0.2.2-better-defaults-gentoo.patch
deleted file mode 100644
index 0e5f22ef9c1e..000000000000
--- a/app-backup/sarab/files/0.2.2-better-defaults-gentoo.patch
+++ /dev/null
@@ -1,33 +0,0 @@
-diff -ur sarab.orig/etc/sarab.conf sarab/etc/sarab.conf
---- sarab.orig/etc/sarab.conf 2005-07-27 12:36:09.000000000 -0500
-+++ sarab/etc/sarab.conf 2005-07-27 12:43:52.000000000 -0500
-@@ -56,8 +56,8 @@
- SARAB_VERBOSE="no"
-
- # If non-empty, DAR_ENCRYPTION_OPTIONS contains the cipher options and key to be
--# used to encrypt the backups. See the dar(1) for a description of what is
--# possible.
-+# used to encrypt the backups. See the dar(1) manual for a description of what
-+# is possible.
- # eg. DAR_ENCRYPTION_OPTIONS="--crypto-block 20480 --key blowfish:My_CompleX_key_123"
- DAR_ENCRYPTION_OPTIONS=""
-
-@@ -74,10 +74,10 @@
- BASENAME="$(date +'%m-%d-%Y_%H%M')"
-
- # The location of the DAR executable file
--DAR_BINARY="/usr/local/bin/dar"
-+DAR_BINARY="/usr/bin/dar"
-
- # The location of the statically-compiled DAR executable file
--DAR_STATIC="/usr/local/bin/dar_static"
-+DAR_STATIC="/usr/bin/dar_static"
-
- # The temporary directory name that backups will be created in. This will be created underneath $DESTINATION.
- WORK_DIR=".sarab_temp_workdir"
-@@ -90,4 +90,4 @@
- DAR_COMMAND="$DAR_BINARY --batch $SARAB_ETC/$SARAB_DCF -c $DAR_CREATE --noconf"
-
- # Location and name of temporary log file
--TEMP_LOG="$SARAB_ETC/sarab_temp.log"
-+TEMP_LOG="/var/log/sarab_temp.log"
diff --git a/app-backup/sarab/files/0.2.2-fix-rotation-gentoo.patch b/app-backup/sarab/files/0.2.2-fix-rotation-gentoo.patch
deleted file mode 100644
index 3f8987ec2532..000000000000
--- a/app-backup/sarab/files/0.2.2-fix-rotation-gentoo.patch
+++ /dev/null
@@ -1,12 +0,0 @@
-diff -Naur sarab.orig/sarab.sh sarab/sarab.sh
---- sarab.orig/sarab.sh 2006-01-04 09:45:36.000000000 +0100
-+++ sarab/sarab.sh 2006-01-04 09:49:43.000000000 +0100
-@@ -34,7 +34,7 @@
- function rotate
- {
- lines=$(cat $SARAB_ETC/$ROTATION_SCHEDULE | wc -l)
-- firstline="$(head -n 1 $SARAB_ETC/rotation.schedule)"
-+ firstline="$(head -n 1 $SARAB_ETC/$ROTATION_SCHEDULE)"
-
- # Copy all but the first line back into rotation schedule
- tail -n $(expr $lines - 1) $SARAB_ETC/$ROTATION_SCHEDULE > $SARAB_ETC/rotation.schedule.temp
diff --git a/app-backup/sarab/files/0.2.2-refname-calculation-gentoo.patch b/app-backup/sarab/files/0.2.2-refname-calculation-gentoo.patch
deleted file mode 100644
index 583ba0484195..000000000000
--- a/app-backup/sarab/files/0.2.2-refname-calculation-gentoo.patch
+++ /dev/null
@@ -1,11 +0,0 @@
---- sarab.orig/sarab.sh 2004-09-08 23:06:16.000000000 -0500
-+++ sarab/sarab.sh 2006-03-01 15:00:31.000000000 -0600
-@@ -176,7 +176,7 @@
- REFERENCE_ARCHIVE=$(echo $CURRENT_LINE | cut -f 2 -d" ")
- # Test to see if the reference archive actually exists
- if [ -d "$DESTINATION/$REFERENCE_ARCHIVE/" ]; then # The reference archive exists
-- REFERENCE_BASENAME="--ref $(/bin/ls $DESTINATION/$REFERENCE_ARCHIVE/*.dar | head -n 1 | cut -f 1 -d".")"
-+ REFERENCE_BASENAME="--ref $(/bin/ls $DESTINATION/$REFERENCE_ARCHIVE/*.dar | head -n 1 | sed -re 's,\.[0-9]+\.dar,,g')"
- # Record information about the reference archive to include in the current archive
- echo "The reference archive for this backup was:" > $DESTINATION/$WORK_DIR/reference_archive.txt
- echo "$(ls -ltr $DESTINATION/$REFERENCE_ARCHIVE/*.dar)" >> $DESTINATION/$WORK_DIR/reference_archive.txt
diff --git a/app-backup/sarab/files/0.2.2-test-with-encryption-gentoo.patch b/app-backup/sarab/files/0.2.2-test-with-encryption-gentoo.patch
deleted file mode 100644
index 3045e90cc97c..000000000000
--- a/app-backup/sarab/files/0.2.2-test-with-encryption-gentoo.patch
+++ /dev/null
@@ -1,68 +0,0 @@
-diff -ur sarab.orig/etc/sarab.conf sarab/etc/sarab.conf
---- sarab.orig/etc/sarab.conf 2004-09-08 23:05:59.000000000 -0500
-+++ sarab/etc/sarab.conf 2005-07-27 12:36:09.000000000 -0500
-@@ -55,6 +55,12 @@
- # Default="no"
- SARAB_VERBOSE="no"
-
-+# If non-empty, DAR_ENCRYPTION_OPTIONS contains the cipher options and key to be
-+# used to encrypt the backups. See the dar(1) for a description of what is
-+# possible.
-+# eg. DAR_ENCRYPTION_OPTIONS="--crypto-block 20480 --key blowfish:My_CompleX_key_123"
-+DAR_ENCRYPTION_OPTIONS=""
-+
- ##################################################################
- # DO NOT EDIT BELOW THIS LINE UNLESS YOU KNOW WHAT YOU ARE DOING #
- ##################################################################
-Only in sarab/etc: sarab.conf~
-diff -ur sarab.orig/etc/sarab.dcf sarab/etc/sarab.dcf
---- sarab.orig/etc/sarab.dcf 2004-09-08 23:05:59.000000000 -0500
-+++ sarab/etc/sarab.dcf 2005-07-27 12:23:22.000000000 -0500
-@@ -113,16 +113,6 @@
- --exclude-compression "*.Z"
-
-
--# --key <string>
--# This option will scramble the archive using <string> as the pass-phrase.
--# A scrambled archive can only be read if the same pass-phrase is given.
--# This should not be considered a secure solution, that is why we say
--# "scramble" instead of "encrypt". Still, this option can prevent
--# unexperienced people from looking at your data.
--# Example: (But create your own key!)
--# --key "My_CompleX_key_ADDS_some_Security-Easy_as_123"
--
--
- # Many of the more complex and advanced options of Dar are not listed above.
- # For experienced users, all valid Dar options may be used in this file,
- # except what is noted below.
-@@ -131,3 +121,7 @@
- # NOTE: Do NOT use the options "--create" and "--ref", because SaraB
- # automatically generates these during run-time. If you mistakenly add
- # them to this file, Dar generate an error about duplicate arguments.
-+
-+# Local Variables:
-+# mode: conf
-+# End:
-Only in sarab/etc: sarab.dcf~
-diff -ur sarab.orig/sarab.sh sarab/sarab.sh
---- sarab.orig/sarab.sh 2004-09-08 23:06:16.000000000 -0500
-+++ sarab/sarab.sh 2005-07-27 12:37:17.000000000 -0500
-@@ -211,7 +211,7 @@
- echo -n "Creating backup with DAR..."
- verbose
- verbose "$DAR_COMMAND $REFERENCE_BASENAME"
--$DAR_COMMAND $REFERENCE_BASENAME
-+$DAR_COMMAND $REFERENCE_BASENAME $DAR_ENCRYPTION_OPTIONS
- if [ "$?" != "0" ]; then
- echo "ERROR: Error when executing the backup with DAR. The attempted command was... "
- echo "$DAR_COMMAND $REFERENCE_BASENAME"
-@@ -224,7 +224,7 @@
- echo -n "Testing the archive for errors..."
- verbose
- verbose "$DAR_BINARY -t $DESTINATION/$WORK_DIR/$BASENAME --noconf"
-- $DAR_BINARY -t $DESTINATION/$WORK_DIR/$BASENAME --noconf
-+ $DAR_BINARY -t $DESTINATION/$WORK_DIR/$BASENAME $DAR_ENCRYPTION_OPTIONS --noconf
- if [ "$?" != "0" ]; then
- echo "ERROR: Error when testing the archive. The attempted command was... "
- echo "$DAR_BINARY -t $DESTINATION/$WORK_DIR/$BASENAME --noconf"
-Only in sarab: sarab.sh~
diff --git a/app-backup/sarab/files/0.2.4-better-defaults-gentoo.patch b/app-backup/sarab/files/0.2.4-better-defaults-gentoo.patch
new file mode 100644
index 000000000000..79603650ba84
--- /dev/null
+++ b/app-backup/sarab/files/0.2.4-better-defaults-gentoo.patch
@@ -0,0 +1,23 @@
+Index: sarab-0.2.4/etc/sarab.conf
+===================================================================
+--- sarab-0.2.4.orig/etc/sarab.conf
++++ sarab-0.2.4/etc/sarab.conf
+@@ -75,10 +75,10 @@ SECURITY_CONFIG=$SARAB_ETC/sarab.dcf.sec
+ BASENAME="$(date +'%m-%d-%Y_%H%M')"
+
+ # The location of the DAR executable file
+-DAR_BINARY="/usr/local/bin/dar"
++DAR_BINARY="/usr/bin/dar"
+
+ # The location of the statically-compiled DAR executable file
+-DAR_STATIC="/usr/local/bin/dar_static"
++DAR_STATIC="/usr/bin/dar_static"
+
+ # The temporary directory name that backups will be created in. This will be created underneath $DESTINATION.
+ WORK_DIR=".sarab_temp_workdir"
+@@ -91,4 +91,4 @@ DAR_CREATE="$DESTINATION/$WORK_DIR/$BASE
+ DAR_COMMAND="$DAR_BINARY --batch $SECURITY_CONFIG --batch $SARAB_ETC/$SARAB_DCF -c $DAR_CREATE --noconf"
+
+ # Location and name of temporary log file
+-TEMP_LOG="$SARAB_ETC/sarab_temp.log"
++TEMP_LOG="/var/log/sarab_temp.log"
diff --git a/app-backup/sarab/files/README.Gentoo b/app-backup/sarab/files/README.Gentoo
index 3f99d082643f..cddd6f7c330c 100644
--- a/app-backup/sarab/files/README.Gentoo
+++ b/app-backup/sarab/files/README.Gentoo
@@ -1,17 +1,13 @@
--*- outline -*- $Id: README.Gentoo,v 1.1 2005/07/27 18:10:37 mkennedy Exp $
+-*- outline -*- $Id: README.Gentoo,v 1.2 2008/06/03 22:52:30 rbu Exp $
Gentoo GNU/Linux specific notes for SaraB
-----------------------------------------
This is the README.Gentoo file from /usr/share/doc/@PF@/ directory.
- * The Gentoo port includes a patch to support testing of encrypted archives.
- Previously, SaraB supported creating encrypted archives, but the test step
- didn't use the same cipher information and would fail.
-
* The Gentoo port includes more reasonable pathnames for the example
configuration.
-If you encounter any problems or have suggestions, use http://bugs.gentoo.org.
+If you encounter any problems or have suggestions, use https://bugs.gentoo.org.
Please don't bother the upstream authors unless you are absolutely certain it is
not Gentoo-related.
diff --git a/app-backup/sarab/sarab-0.2.2-r1.ebuild b/app-backup/sarab/sarab-0.2.2-r1.ebuild
deleted file mode 100644
index 829afb69bbc4..000000000000
--- a/app-backup/sarab/sarab-0.2.2-r1.ebuild
+++ /dev/null
@@ -1,36 +0,0 @@
-# Copyright 1999-2006 Gentoo Foundation
-# Distributed under the terms of the GNU General Public License v2
-# $Header: /var/cvsroot/gentoo-x86/app-backup/sarab/sarab-0.2.2-r1.ebuild,v 1.1 2006/01/06 16:47:43 mkennedy Exp $
-
-inherit eutils
-
-DESCRIPTION="SaraB is a powerful and automated backup scheduling system based on DAR."
-HOMEPAGE="http://sarab.sourceforge.net/"
-SRC_URI="mirror://sourceforge/sarab/${P}.tar.gz"
-LICENSE="GPL-2"
-SLOT="0"
-KEYWORDS="~amd64 ~x86"
-IUSE=""
-
-DEPEND=""
-RDEPEND="app-backup/dar
- mail-client/mailx"
-
-S=${WORKDIR}/${PN}
-
-src_unpack() {
- unpack ${A}
- epatch ${FILESDIR}/${PV}-test-with-encryption-gentoo.patch || die
- epatch ${FILESDIR}/${PV}-better-defaults-gentoo.patch || die
- epatch ${FILESDIR}/${PV}-fix-rotation-gentoo.patch || die
-}
-
-src_install() {
- dobin sarab.sh
- insinto /etc/sarab
- doins -r etc/*
- # sarab.conf could contain passphrase information
- fperms 600 /etc/sarab/sarab.conf
- dodoc CHANGELOG FAQ INSTALL LICENSE README
- dodoc ${FILESDIR}/README.Gentoo
-}
diff --git a/app-backup/sarab/sarab-0.2.2-r2.ebuild b/app-backup/sarab/sarab-0.2.4.ebuild
index b7124bf62d9c..90895c24d6f2 100644
--- a/app-backup/sarab/sarab-0.2.2-r2.ebuild
+++ b/app-backup/sarab/sarab-0.2.4.ebuild
@@ -1,6 +1,6 @@
-# Copyright 1999-2006 Gentoo Foundation
+# Copyright 1999-2008 Gentoo Foundation
# Distributed under the terms of the GNU General Public License v2
-# $Header: /var/cvsroot/gentoo-x86/app-backup/sarab/sarab-0.2.2-r2.ebuild,v 1.2 2006/03/05 18:06:51 mkennedy Exp $
+# $Header: /var/cvsroot/gentoo-x86/app-backup/sarab/sarab-0.2.4.ebuild,v 1.1 2008/06/03 22:52:30 rbu Exp $
inherit eutils
@@ -16,14 +16,11 @@ DEPEND=""
RDEPEND="app-backup/dar
virtual/mailx"
-S=${WORKDIR}/${PN}
-
src_unpack() {
+ cd "${S}"
unpack ${A}
- epatch ${FILESDIR}/${PV}-test-with-encryption-gentoo.patch || die
- epatch ${FILESDIR}/${PV}-better-defaults-gentoo.patch || die
- epatch ${FILESDIR}/${PV}-fix-rotation-gentoo.patch || die
- epatch ${FILESDIR}/${PV}-refname-calculation-gentoo.patch || die
+
+ epatch "${FILESDIR}"/${PV}-better-defaults-gentoo.patch
}
src_install() {
@@ -32,6 +29,12 @@ src_install() {
doins -r etc/*
# sarab.conf could contain passphrase information
fperms 600 /etc/sarab/sarab.conf
- dodoc CHANGELOG FAQ INSTALL LICENSE README
- dodoc ${FILESDIR}/README.Gentoo
+ dodoc CHANGELOG FAQ INSTALL README
+ dodoc "${FILESDIR}"/README.Gentoo
}
+
+pkg_postinstl() {
+ ewarn "The configuration format for DAR encryption has changed in Sarab 0.2.4."
+ ewarn "Replace DAR_ENCRYPTION_OPTIONS=\"--key blowfish:PASSPHRASE\""
+ ewarn "by SARAB_KEY=\"blowfish:PASSPHRASE\" in /etc/sarab/sarab.conf"
+} \ No newline at end of file