[pkg-bacula-commits] [SCM] Bacula, a network backup, recovery and verification program branch, master, updated. debian/5.2.6+dfsg-2-3-ga406ac4
Alexander Golovko
alexandro at ankalagon.ru
Tue Jul 3 17:15:33 UTC 2012
The following commit has been merged in the master branch:
commit a406ac4efc3f09c5a0255e53cd84bad1263826ba
Author: Alexander Golovko <alexandro at ankalagon.ru>
Date: Tue Jul 3 18:09:08 2012 +0400
fix bad bacula-director passwords in old packages
Squeeze packages shipped with bad non-unique passwords.
We must force password changing for prevent unauthorized access to
bacula-director service.
diff --git a/debian/additions/common-functions.dpkg b/debian/additions/common-functions.dpkg
index 44a17d5..52ff0b1 100644
--- a/debian/additions/common-functions.dpkg
+++ b/debian/additions/common-functions.dpkg
@@ -129,3 +129,52 @@ _EOF
ucfr "$PACKAGE" "$DEFAULTS"
rm -f "$tempfile"
}
+
+
+check_and_fix_unsafe_director_password()
+{
+ local PACKAGE REGEX
+
+ PACKAGE="$1"
+
+ #
+ # There is a list of hardcoded bacula-dir passwords we need to change.
+ # It is a passwords from versions 5.0.2-1, 5.0.2-1~bpo50+1, 5.0.2-2,
+ # 5.0.2-2.1, 5.0.2-2.2, 5.0.2-2.2+b1, 5.0.2-3, 5.0.3-1, 5.0.3-1+b1,
+ # 5.0.3+dfsg-0.1
+ #
+ # 0Cv70F6pf01t6pB0opT4vQOnigDrR0v3L 1iEtM8qGBcbEox73tYcMslqh9FHZQWHM5
+ # 2F9QsX5HXAhxMdF/lb9f7HH5kgO4/F6Y7qs4LBIYOIIc 2XfHt5qPm9p1VvoI85k4sxfONLOKyA7oL
+ # 3W445fZe3Rx3RwowRaasfvqAXUwKWrR4 4hOvLQMC3HZyZ0VcbsOoPQ6vhGrbrvHDL
+ # 4qByX84t7faibfxD34UltZ4qJ2USgj6 4QC2dWtqOtpXisWr6FkB6LlxCl5owtM6o
+ # 5Q5f0KkIARGboVoAAEnqRZGKbTvR2b 6irFJb1VuTw6nqMoJjhVHsPtDCTHMyOQHjQUF9Vk32ca
+ # 6rAFCfK7IbMWPWrcLgji9qbo5sT212L8 6SH38Ric1fyQb6xZ2mdp2nAQtvOGZOLJq
+ # 6wdMnDM4CT8TOW6VOsnSttg2ZsL5iRRn 9rfAm3BrNnS0vNPyQVW6GYH2xG6F1rT
+ # 9UnjMj8qNDQyUL7YJpf6Ooe346e6o7VI 9XWwoB7f45Vb0wdLwXwd2RVEnhls7kuQa
+ # a5Q9WkjZJrI6isbM1B3hrMIjc3jovayg4 aymIYMBgljG7OLD6mynJGsM6kaO1JiWQ
+ # bP64DhKhdE3hFiwyt8ne5ZzWh9xjZvvCWvlB/SMJVtrp BXROVXNeyF5no12LlPpoCtqSh1g3dHh7c
+ # CDofAhw2nMZpsuNjjoe3sM4XtH3cB19bP Cv70F6pf1t6pBopT4vQOnigDrR0v3L
+ # DaQaoxNgWMA3lPCI5P8h23Q02Zacdm42G e9kabod3EiTgx9qbNv4V5RjpF1HDjS9yx
+ # EGNg0Zh0UDFJpO0eq69ol9R4Ig5Bni3Ly FsrYgGJPETv7sjhhkfU9hfaUlMiov6ssB
+ # GjZK2qGLHJakRp8j6hKxaZmqTsuwKB4nV gyINS6bKThNm00a1n17m0by3YmI5Vfvmq
+ # hpfaKNMc3FAb6sTSeBQj2rHFZiPoCPx5c KLKnxeJ9fo9n7XX9l1rZ85gjexJyCW1R
+ # LSI9O4UxSO4C68Sgog7i1UVoIDCX7GmB3 LTQ1ipXsaA6rhZaPqSaC6DNoPMML8L1f
+ # qnjbN71J3NVcv8bCrxuTA6tQG695stXj rcb82RMxnwMjJX0uPqswTPVPwZBtNviiI
+ # rcCeojyNh8XzyE8noBO6G+u30ur+gIa1YtXPhnUMJ8jJ S8jSXrIaGjucBQlFuEhmbp2jVEXf3r1v
+ # ShT7MAwYr266OifJZexThUYHLg3F7dkgR ToNS3inSon4o/Aqeg0xLEFhKcpftFvOtO+xvmS1oNzt5
+ # tSLtGaKpfUumMeY83T2e0bRUvRdPCTynP TtVEcetNhA2efDyQgHIHUdVObU5CdsI7WcodXdd+bynR
+ # UwPG7aIXF7jQ8IGhQZNhdBc21sT3U9UGA Uyd4tCavXf2oxjVdNAypHbcql0yW4tW
+ # V06HqWef3HlWOrPhqcwNZSQpSvYdERgB VFxkQ5mNv61q6uMncr2YjRpkE8sLQ9O
+ # VMnjGGIe1ih6im48HGTouUi4H7ijV74A wbdPn9gXYLn9PmQ2HiCm1VWHPMSsM5wF
+ # XmOtJg1Adsxp8T73wtCAOKOUJ0r3pEF ZFjFYMCU6HWWVxMNTQ10BmDUYvFrYwuwM
+
+ REGEX='Password = "(0Cv70F6pf01t6pB0opT4vQOnigDrR0v3L|1iEtM8qGBcbEox73tYcMslqh9FHZQWHM5|2F9QsX5HXAhxMdF\/lb9f7HH5kgO4\/F6Y7qs4LBIYOIIc|2XfHt5qPm9p1VvoI85k4sxfONLOKyA7oL|3W445fZe3Rx3RwowRaasfvqAXUwKWrR4|4hOvLQMC3HZyZ0VcbsOoPQ6vhGrbrvHDL|4qByX84t7faibfxD34UltZ4qJ2USgj6|4QC2dWtqOtpXisWr6FkB6LlxCl5owtM6o|5Q5f0KkIARGboVoAAEnqRZGKbTvR2b|6irFJb1VuTw6nqMoJjhVHsPtDCTHMyOQHjQUF9Vk32ca|6rAFCfK7IbMWPWrcLgji9qbo5sT212L8|6SH38Ric1fyQb6xZ2mdp2nAQtvOGZOLJq|6wdMnDM4CT8TOW6VOsnSttg2ZsL5iRRn|9rfAm3BrNnS0vNPyQVW6GYH2xG6F1rT|9UnjMj8qNDQyUL7YJpf6Ooe346e6o7VI|9XWwoB7f45Vb0wdLwXwd2RVEnhls7kuQa|a5Q9WkjZJrI6isbM1B3hrMIjc3jovayg4|aymIYMBgljG7OLD6mynJGsM6kaO1JiWQ|bP64DhKhdE3hFiwyt8ne5ZzWh9xjZvvCWvlB\/SMJVtrp|BXROVXNeyF5no12LlPpoCtqSh1g3dHh7c|CDofAhw2nMZpsuNjjoe3sM4XtH3cB19bP|Cv70F6pf1t6pBopT4vQOnigDrR0v3L|DaQaoxNgWMA3lPCI5P8h23Q02Zacdm42G|e9kabod3EiTgx9qbNv4V5RjpF1HDjS9yx|EGNg0Zh0UDFJpO0eq69ol9R4Ig5Bni3Ly|FsrYgGJPETv7sjhhkfU9hfaUlMiov6ssB|GjZK2qGLHJakRp8j6hKxaZmqTsuwKB4nV|gyINS6bKThNm00a1n17m0by3YmI5Vfvmq|hpfaKNMc3FAb6sTSeBQj2rHFZiPoCPx5c|KLKnxeJ9fo9n7XX9l1rZ85gjexJyCW1R|LSI9O4UxSO4C68Sgog7i1UVoIDCX7GmB3|LTQ1ipXsaA6rhZaPqSaC6DNoPMML8L1f|qnjbN71J3NVcv8bCrxuTA6tQG695stXj|rcb82RMxnwMjJX0uPqswTPVPwZBtNviiI|rcCeojyNh8XzyE8noBO6G\+u30ur\+gIa1YtXPhnUMJ8jJ|S8jSXrIaGjucBQlFuEhmbp2jVEXf3r1v|ShT7MAwYr266OifJZexThUYHLg3F7dkgR|ToNS3inSon4o\/Aqeg0xLEFhKcpftFvOtO\+xvmS1oNzt5|tSLtGaKpfUumMeY83T2e0bRUvRdPCTynP|TtVEcetNhA2efDyQgHIHUdVObU5CdsI7WcodXdd\+bynR|UwPG7aIXF7jQ8IGhQZNhdBc21sT3U9UGA|Uyd4tCavXf2oxjVdNAypHbcql0yW4tW|V06HqWef3HlWOrPhqcwNZSQpSvYdERgB|VFxkQ5mNv61q6uMncr2YjRpkE8sLQ9O|VMnjGGIe1ih6im48HGTouUi4H7ijV74A|wbdPn9gXYLn9PmQ2HiCm1VWHPMSsM5wF|XmOtJg1Adsxp8T73wtCAOKOUJ0r3pEF|ZFjFYMCU6HWWVxMNTQ10BmDUYvFrYwuwM)"'
+
+ if grep -Eq "$REGEX" "/etc/bacula/bacula-dir.conf"; then
+ readOrCreatePasswords
+ sed -i -Ee "s/$REGEX/Password = \"$(eval echo \"\$DIRPASSWD\" |sed -e 's/[\/&]/\\&/g')\"/" "/etc/bacula/bacula-dir.conf"
+
+ db_input high $PACKAGE/unsafe-director-password-was-changed || true
+ db_go
+ fi
+}
diff --git a/debian/bacula-director-db.templates.in b/debian/bacula-director-db.templates.in
new file mode 100644
index 0000000..1c39e20
--- /dev/null
+++ b/debian/bacula-director-db.templates.in
@@ -0,0 +1,9 @@
+Template: bacula-director-mysql/unsafe-director-password-was-changed
+Type: note
+_Description: Unsafe bacula-director password was changed
+ Old versions of bacula packages shipped with unsafe password for access
+ bacula-director service. You see this message because your installation use
+ one of such unsafe passwords.
+ .
+ Password in bacula-dir.conf was changed, so you may need to change password
+ for access you bacula-director service.
diff --git a/debian/bacula-director-mysql.postinst b/debian/bacula-director-mysql.postinst
index e4afc0f..59b4c65 100644
--- a/debian/bacula-director-mysql.postinst
+++ b/debian/bacula-director-mysql.postinst
@@ -51,6 +51,8 @@ setup_etc_default bacula-director-mysql $@
case "$1" in
configure)
+ check_and_fix_unsafe_director_password bacula-director-mysql
+
echo -n "Processing configuration..."
. /etc/dbconfig-common/bacula-director-mysql.conf
TARGET=$CFGFILE.dpkg-tmp
diff --git a/debian/bacula-director-pgsql.postinst b/debian/bacula-director-pgsql.postinst
index 67576b8..c6b7ef5 100644
--- a/debian/bacula-director-pgsql.postinst
+++ b/debian/bacula-director-pgsql.postinst
@@ -57,6 +57,8 @@ setup_etc_default bacula-director-pgsql $@
case "$1" in
configure)
+ check_and_fix_unsafe_director_password bacula-director-pgsql
+
echo -n "Processing configuration..."
. /etc/dbconfig-common/bacula-director-pgsql.conf
TARGET=$CFGFILE.dpkg-tmp
diff --git a/debian/bacula-director-sqlite3.postinst b/debian/bacula-director-sqlite3.postinst
index 61cd2f0..e1feca1 100644
--- a/debian/bacula-director-sqlite3.postinst
+++ b/debian/bacula-director-sqlite3.postinst
@@ -52,6 +52,8 @@ setup_etc_default bacula-director-sqlite3 $@
case "$1" in
configure)
+ check_and_fix_unsafe_director_password bacula-director-sqlite3
+
echo -n "Processing configuration..."
. /etc/dbconfig-common/bacula-director-sqlite3.conf
TARGET=$CFGFILE.dpkg-tmp
diff --git a/debian/changelog b/debian/changelog
index 8d77977..1373647 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,4 +1,4 @@
-bacula (5.2.6+dfsg-3) unstable; urgency=low
+bacula (5.2.6+dfsg-3) unstable; urgency=high
[ Alexander Golovko ]
* debian/rules:
@@ -7,6 +7,9 @@ bacula (5.2.6+dfsg-3) unstable; urgency=low
* debian/patches/remove-use-statement-for-mysql (Closes: #679855):
+ fix impossibility to run out-of-box scritps make_mysql_tables and
update_mysql_tables scripts, shipped with package.
+ * debian/bacula-director-*.postinst, debian/bacula-director-*.templates,
+ debian/po/*, debian/addition/common-functions.dpkg:
+ + fix unsafe bacula-director passwords.
--
diff --git a/debian/po/POTFILES.in b/debian/po/POTFILES.in
new file mode 100644
index 0000000..446c545
--- /dev/null
+++ b/debian/po/POTFILES.in
@@ -0,0 +1 @@
+[type: gettext/rfc822deb] bacula-director-db.templates.in
diff --git a/debian/po/templates.pot b/debian/po/templates.pot
new file mode 100644
index 0000000..567f49b
--- /dev/null
+++ b/debian/po/templates.pot
@@ -0,0 +1,41 @@
+# SOME DESCRIPTIVE TITLE.
+# Copyright (C) YEAR THE PACKAGE'S COPYRIGHT HOLDER
+# This file is distributed under the same license as the PACKAGE package.
+# FIRST AUTHOR <EMAIL at ADDRESS>, YEAR.
+#
+#, fuzzy
+msgid ""
+msgstr ""
+"Project-Id-Version: PACKAGE VERSION\n"
+"Report-Msgid-Bugs-To: bacula at packages.debian.org\n"
+"POT-Creation-Date: 2012-07-03 21:09+0400\n"
+"PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n"
+"Last-Translator: FULL NAME <EMAIL at ADDRESS>\n"
+"Language-Team: LANGUAGE <LL at li.org>\n"
+"Language: \n"
+"MIME-Version: 1.0\n"
+"Content-Type: text/plain; charset=CHARSET\n"
+"Content-Transfer-Encoding: 8bit\n"
+
+#. Type: note
+#. Description
+#: ../bacula-director-db.templates.in:1001
+msgid "Unsafe bacula-director password was changed"
+msgstr ""
+
+#. Type: note
+#. Description
+#: ../bacula-director-db.templates.in:1001
+msgid ""
+"Old versions of bacula packages shipped with unsafe password for access "
+"bacula-director service. You see this message because your installation use "
+"one of such unsafe passwords."
+msgstr ""
+
+#. Type: note
+#. Description
+#: ../bacula-director-db.templates.in:1001
+msgid ""
+"Password in bacula-dir.conf was changed, so you may need to change password "
+"for access you bacula-director service."
+msgstr ""
--
Bacula, a network backup, recovery and verification program
More information about the pkg-bacula-commits
mailing list