diff options
| author | Natanael Copa <ncopa@alpinelinux.org> | 2012-11-14 15:05:22 +0000 |
|---|---|---|
| committer | Natanael Copa <ncopa@alpinelinux.org> | 2012-11-14 15:05:22 +0000 |
| commit | 097b713cd802cc13e765e62d30fe6d3908667490 (patch) | |
| tree | 1aaef0bdf94985cf7f4ffcdf692b9cd9ace4d42a | |
| parent | 4be6396274c20b99643b279900876f51aa1c6da5 (diff) | |
| download | aports-097b713cd802cc13e765e62d30fe6d3908667490.tar.bz2 aports-097b713cd802cc13e765e62d30fe6d3908667490.tar.xz | |
main/bacula: fix CVE-2012-4430
fixes #1446
| -rw-r--r-- | main/bacula/APKBUILD | 5 | ||||
| -rw-r--r-- | main/bacula/CVE-2012-4430.patch | 107 |
2 files changed, 111 insertions, 1 deletions
diff --git a/main/bacula/APKBUILD b/main/bacula/APKBUILD index eaa2ea9fff..58c3517702 100644 --- a/main/bacula/APKBUILD +++ b/main/bacula/APKBUILD @@ -2,7 +2,7 @@ # Maintainer: Leonardo Arena <rnalrd@gmail.com> pkgname="bacula" pkgver=5.0.3 -pkgrel=5 +pkgrel=6 pkgdesc="Enterprise ready, network based backup program" url="http://www.bacula.org" license="GPL2" @@ -18,12 +18,14 @@ bacula-sd-conf bacula-fd-init bacula-fd-conf configure.in.patch +CVE-2012-4430.patch os.m4.patch" prepare () { cd "$srcdir/$pkgname-$pkgver" patch -p1 < ../../configure.in.patch patch -p1 < ../../os.m4.patch + patch -p1 < ../../CVE-2012-4430.patch } build() { @@ -86,4 +88,5 @@ afe2f9a4d79d7d96eb9372d003d10f86 bacula-sd-conf 6ae93e570f95fa845fa534c2d2efaac0 bacula-fd-init 4500ce2d62bf9df33c07f70dc40f7b85 bacula-fd-conf ebc9c2bbc9be95c920723a3f142d8e19 configure.in.patch +d6f6b64f6aa505c329b7d8f6cf877b46 CVE-2012-4430.patch cf7a2a4e972697f54364654c4e282b8b os.m4.patch" diff --git a/main/bacula/CVE-2012-4430.patch b/main/bacula/CVE-2012-4430.patch new file mode 100644 index 0000000000..c45db931ab --- /dev/null +++ b/main/bacula/CVE-2012-4430.patch @@ -0,0 +1,107 @@ +From 67debcecd3d530c429e817e1d778e79dcd1db905 Mon Sep 17 00:00:00 2001 +From: Kern Sibbald <kern@sibbald.com> +Date: Sat, 18 Aug 2012 13:46:03 +0000 +Subject: Make dump_resource respect console ACL's + +--- +diff --git a/src/dird/dird_conf.c b/bacula/src/dird/dird_conf.c +index 7dcf591..2f2eb00 100644 +--- a/src/dird/dird_conf.c ++++ b/src/dird/dird_conf.c +@@ -554,6 +554,7 @@ void dump_resource(int type, RES *reshdr, void sendit(void *sock, const char *fm + bool recurse = true; + char ed1[100], ed2[100], ed3[100]; + DEVICE *dev; ++ UAContext *ua = (UAContext *)sock; + + if (res == NULL) { + sendit(sock, _("No %s resource defined\n"), res_to_str(type)); +@@ -599,6 +600,9 @@ void dump_resource(int type, RES *reshdr, void sendit(void *sock, const char *fm + break; + + case R_CLIENT: ++ if (!acl_access_ok(ua, Client_ACL, res->res_client.hdr.name)) { ++ break; ++ } + sendit(sock, _("Client: name=%s address=%s FDport=%d MaxJobs=%u\n"), + res->res_client.hdr.name, res->res_client.address, res->res_client.FDport, + res->res_client.MaxConcurrentJobs); +@@ -626,6 +630,9 @@ void dump_resource(int type, RES *reshdr, void sendit(void *sock, const char *fm + break; + + case R_STORAGE: ++ if (!acl_access_ok(ua, Storage_ACL, res->res_store.hdr.name)) { ++ break; ++ } + sendit(sock, _("Storage: name=%s address=%s SDport=%d MaxJobs=%u\n" + " DeviceName=%s MediaType=%s StorageId=%s\n"), + res->res_store.hdr.name, res->res_store.address, res->res_store.SDport, +@@ -636,6 +643,9 @@ void dump_resource(int type, RES *reshdr, void sendit(void *sock, const char *fm + break; + + case R_CATALOG: ++ if (!acl_access_ok(ua, Catalog_ACL, res->res_cat.hdr.name)) { ++ break; ++ } + sendit(sock, _("Catalog: name=%s address=%s DBport=%d db_name=%s\n" + " db_driver=%s db_user=%s MutliDBConn=%d\n"), + res->res_cat.hdr.name, NPRT(res->res_cat.db_address), +@@ -646,6 +656,9 @@ void dump_resource(int type, RES *reshdr, void sendit(void *sock, const char *fm + + case R_JOB: + case R_JOBDEFS: ++ if (!acl_access_ok(ua, Job_ACL, res->res_job.hdr.name)) { ++ break; ++ } + sendit(sock, _("%s: name=%s JobType=%d level=%s Priority=%d Enabled=%d\n"), + type == R_JOB ? _("Job") : _("JobDefs"), + res->res_job.hdr.name, res->res_job.JobType, +@@ -767,6 +780,9 @@ void dump_resource(int type, RES *reshdr, void sendit(void *sock, const char *fm + case R_FILESET: + { + int i, j, k; ++ if (!acl_access_ok(ua, FileSet_ACL, res->res_fs.hdr.name)) { ++ break; ++ } + sendit(sock, _("FileSet: name=%s\n"), res->res_fs.hdr.name); + for (i=0; i<res->res_fs.num_includes; i++) { + INCEXE *incexe = res->res_fs.include_items[i]; +@@ -854,6 +870,9 @@ void dump_resource(int type, RES *reshdr, void sendit(void *sock, const char *fm + } + + case R_SCHEDULE: ++ if (!acl_access_ok(ua, Schedule_ACL, res->res_sch.hdr.name)) { ++ break; ++ } + if (res->res_sch.run) { + int i; + RUN *run = res->res_sch.run; +@@ -942,6 +961,9 @@ next_run: + break; + + case R_POOL: ++ if (!acl_access_ok(ua, Pool_ACL, res->res_pool.hdr.name)) { ++ break; ++ } + sendit(sock, _("Pool: name=%s PoolType=%s\n"), res->res_pool.hdr.name, + res->res_pool.pool_type); + sendit(sock, _(" use_cat=%d use_once=%d cat_files=%d\n"), +-- +cgit v0.8.3.4 +--- ./src/tools/Makefile.in.orig ++++ ./src/tools/Makefile.in +@@ -27,12 +27,12 @@ + + GETTEXT_LIBS = @LIBINTL@ + +-FINDOBJS = testfind.o ../dird/dird_conf.o ../dird/inc_conf.o ../dird/run_conf.o ++FINDOBJS = testfind.o ../dird/dird_conf.o ../dird/inc_conf.o ../dird/run_conf.o ../dird/ua_acl.o + + # these are the objects that are changed by the .configure process + EXTRAOBJS = @OBJLIST@ + +-DIRCONFOBJS = ../dird/dird_conf.o ../dird/run_conf.o ../dird/inc_conf.o ++DIRCONFOBJS = ../dird/dird_conf.o ../dird/run_conf.o ../dird/inc_conf.o ../dird/ua_acl.o + + NODIRTOOLS = bsmtp + DIRTOOLS = bsmtp dbcheck drivetype fstype testfind testls bregex bwild bbatch bregtest bvfs_test ing_test |