aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorNatanael Copa <ncopa@alpinelinux.org>2012-11-14 15:04:26 +0000
committerNatanael Copa <ncopa@alpinelinux.org>2012-11-14 15:04:26 +0000
commit52827636504d9be04524047081e878be4db7c6c6 (patch)
treea26bf5da179c3738098282d02159587cf0e2f6ae
parent4b933e8d614263914d7f0e433784bde15aaf250c (diff)
downloadaports-52827636504d9be04524047081e878be4db7c6c6.tar.bz2
aports-52827636504d9be04524047081e878be4db7c6c6.tar.xz
main/bacula: fix CVE-2012-4430
fixes #1445
-rw-r--r--main/bacula/APKBUILD4
-rw-r--r--main/bacula/CVE-2012-4430.patch107
2 files changed, 110 insertions, 1 deletions
diff --git a/main/bacula/APKBUILD b/main/bacula/APKBUILD
index cbdce835ac..8d8111e322 100644
--- a/main/bacula/APKBUILD
+++ b/main/bacula/APKBUILD
@@ -2,7 +2,7 @@
# Maintainer: Leonardo Arena <rnalrd@gmail.com>
pkgname="bacula"
pkgver=5.0.3
-pkgrel=7
+pkgrel=8
pkgdesc="Enterprise ready, network based backup program"
url="http://www.bacula.org"
arch="all"
@@ -32,6 +32,7 @@ source="http://downloads.sourceforge.net/project/$pkgname/$pkgname/$pkgver/$pkgn
bacula-5.0.3-Makefile.patch
bacula-5.0.3-as-needed.patch
os.m4.patch
+ CVE-2012-4430.patch
cxx.patch"
_builddir="$srcdir/$pkgname-$pkgver"
@@ -121,4 +122,5 @@ ebc9c2bbc9be95c920723a3f142d8e19 configure.in.patch
0ec20df57bb632ed729cfaf5d0a3ee33 bacula-5.0.3-Makefile.patch
76267747f4d2e85e033cc6793ccb6afa bacula-5.0.3-as-needed.patch
cf7a2a4e972697f54364654c4e282b8b os.m4.patch
+d6f6b64f6aa505c329b7d8f6cf877b46 CVE-2012-4430.patch
1bfdbfea7a36d5503753414dffb953eb cxx.patch"
diff --git a/main/bacula/CVE-2012-4430.patch b/main/bacula/CVE-2012-4430.patch
new file mode 100644
index 0000000000..c45db931ab
--- /dev/null
+++ b/main/bacula/CVE-2012-4430.patch
@@ -0,0 +1,107 @@
+From 67debcecd3d530c429e817e1d778e79dcd1db905 Mon Sep 17 00:00:00 2001
+From: Kern Sibbald <kern@sibbald.com>
+Date: Sat, 18 Aug 2012 13:46:03 +0000
+Subject: Make dump_resource respect console ACL's
+
+---
+diff --git a/src/dird/dird_conf.c b/bacula/src/dird/dird_conf.c
+index 7dcf591..2f2eb00 100644
+--- a/src/dird/dird_conf.c
++++ b/src/dird/dird_conf.c
+@@ -554,6 +554,7 @@ void dump_resource(int type, RES *reshdr, void sendit(void *sock, const char *fm
+ bool recurse = true;
+ char ed1[100], ed2[100], ed3[100];
+ DEVICE *dev;
++ UAContext *ua = (UAContext *)sock;
+
+ if (res == NULL) {
+ sendit(sock, _("No %s resource defined\n"), res_to_str(type));
+@@ -599,6 +600,9 @@ void dump_resource(int type, RES *reshdr, void sendit(void *sock, const char *fm
+ break;
+
+ case R_CLIENT:
++ if (!acl_access_ok(ua, Client_ACL, res->res_client.hdr.name)) {
++ break;
++ }
+ sendit(sock, _("Client: name=%s address=%s FDport=%d MaxJobs=%u\n"),
+ res->res_client.hdr.name, res->res_client.address, res->res_client.FDport,
+ res->res_client.MaxConcurrentJobs);
+@@ -626,6 +630,9 @@ void dump_resource(int type, RES *reshdr, void sendit(void *sock, const char *fm
+ break;
+
+ case R_STORAGE:
++ if (!acl_access_ok(ua, Storage_ACL, res->res_store.hdr.name)) {
++ break;
++ }
+ sendit(sock, _("Storage: name=%s address=%s SDport=%d MaxJobs=%u\n"
+ " DeviceName=%s MediaType=%s StorageId=%s\n"),
+ res->res_store.hdr.name, res->res_store.address, res->res_store.SDport,
+@@ -636,6 +643,9 @@ void dump_resource(int type, RES *reshdr, void sendit(void *sock, const char *fm
+ break;
+
+ case R_CATALOG:
++ if (!acl_access_ok(ua, Catalog_ACL, res->res_cat.hdr.name)) {
++ break;
++ }
+ sendit(sock, _("Catalog: name=%s address=%s DBport=%d db_name=%s\n"
+ " db_driver=%s db_user=%s MutliDBConn=%d\n"),
+ res->res_cat.hdr.name, NPRT(res->res_cat.db_address),
+@@ -646,6 +656,9 @@ void dump_resource(int type, RES *reshdr, void sendit(void *sock, const char *fm
+
+ case R_JOB:
+ case R_JOBDEFS:
++ if (!acl_access_ok(ua, Job_ACL, res->res_job.hdr.name)) {
++ break;
++ }
+ sendit(sock, _("%s: name=%s JobType=%d level=%s Priority=%d Enabled=%d\n"),
+ type == R_JOB ? _("Job") : _("JobDefs"),
+ res->res_job.hdr.name, res->res_job.JobType,
+@@ -767,6 +780,9 @@ void dump_resource(int type, RES *reshdr, void sendit(void *sock, const char *fm
+ case R_FILESET:
+ {
+ int i, j, k;
++ if (!acl_access_ok(ua, FileSet_ACL, res->res_fs.hdr.name)) {
++ break;
++ }
+ sendit(sock, _("FileSet: name=%s\n"), res->res_fs.hdr.name);
+ for (i=0; i<res->res_fs.num_includes; i++) {
+ INCEXE *incexe = res->res_fs.include_items[i];
+@@ -854,6 +870,9 @@ void dump_resource(int type, RES *reshdr, void sendit(void *sock, const char *fm
+ }
+
+ case R_SCHEDULE:
++ if (!acl_access_ok(ua, Schedule_ACL, res->res_sch.hdr.name)) {
++ break;
++ }
+ if (res->res_sch.run) {
+ int i;
+ RUN *run = res->res_sch.run;
+@@ -942,6 +961,9 @@ next_run:
+ break;
+
+ case R_POOL:
++ if (!acl_access_ok(ua, Pool_ACL, res->res_pool.hdr.name)) {
++ break;
++ }
+ sendit(sock, _("Pool: name=%s PoolType=%s\n"), res->res_pool.hdr.name,
+ res->res_pool.pool_type);
+ sendit(sock, _(" use_cat=%d use_once=%d cat_files=%d\n"),
+--
+cgit v0.8.3.4
+--- ./src/tools/Makefile.in.orig
++++ ./src/tools/Makefile.in
+@@ -27,12 +27,12 @@
+
+ GETTEXT_LIBS = @LIBINTL@
+
+-FINDOBJS = testfind.o ../dird/dird_conf.o ../dird/inc_conf.o ../dird/run_conf.o
++FINDOBJS = testfind.o ../dird/dird_conf.o ../dird/inc_conf.o ../dird/run_conf.o ../dird/ua_acl.o
+
+ # these are the objects that are changed by the .configure process
+ EXTRAOBJS = @OBJLIST@
+
+-DIRCONFOBJS = ../dird/dird_conf.o ../dird/run_conf.o ../dird/inc_conf.o
++DIRCONFOBJS = ../dird/dird_conf.o ../dird/run_conf.o ../dird/inc_conf.o ../dird/ua_acl.o
+
+ NODIRTOOLS = bsmtp
+ DIRTOOLS = bsmtp dbcheck drivetype fstype testfind testls bregex bwild bbatch bregtest bvfs_test ing_test