import bacula-9.0.6-6.el8
This commit is contained in:
parent
992945d228
commit
2c7ff8125f
303
SOURCES/bacula-9.0.6-use-crypto-from-openssl.patch
Normal file
303
SOURCES/bacula-9.0.6-use-crypto-from-openssl.patch
Normal file
@ -0,0 +1,303 @@
|
|||||||
|
Author: Vaclav Dolezal <vdolezal@redhat.com>
|
||||||
|
Date: Mon Aug 12 14:51:39 2019 +0200
|
||||||
|
|
||||||
|
Use functions from OpenSSL for HMAC, MD5 and random bytes
|
||||||
|
|
||||||
|
diff --git a/bacula/src/dird/dird_conf.c b/bacula/src/dird/dird_conf.c
|
||||||
|
index 02fae0bab..dff241356 100644
|
||||||
|
--- a/bacula/src/dird/dird_conf.c
|
||||||
|
+++ b/bacula/src/dird/dird_conf.c
|
||||||
|
@@ -42,6 +42,10 @@
|
||||||
|
#include "bacula.h"
|
||||||
|
#include "dird.h"
|
||||||
|
|
||||||
|
+#if HAVE_OPENSSL
|
||||||
|
+# include <openssl/evp.h>
|
||||||
|
+#endif
|
||||||
|
+
|
||||||
|
/* Define the first and last resource ID record
|
||||||
|
* types. Note, these should be unique for each
|
||||||
|
* daemon though not a requirement.
|
||||||
|
@@ -1645,6 +1649,11 @@ void free_resource(RES *rres, int type)
|
||||||
|
free(res->res_fs.exclude_items);
|
||||||
|
}
|
||||||
|
res->res_fs.num_excludes = 0;
|
||||||
|
+#if HAVE_OPENSSL
|
||||||
|
+ EVP_MD_CTX_free(res->res_fs.md5c);
|
||||||
|
+ res->res_fs.md5c = NULL;
|
||||||
|
+ res->res_fs.have_MD5 = false;
|
||||||
|
+#endif
|
||||||
|
break;
|
||||||
|
case R_POOL:
|
||||||
|
if (res->res_pool.pool_type) {
|
||||||
|
diff --git a/bacula/src/dird/dird_conf.h b/bacula/src/dird/dird_conf.h
|
||||||
|
index 5174a7a14..4e910c5bd 100644
|
||||||
|
--- a/bacula/src/dird/dird_conf.h
|
||||||
|
+++ b/bacula/src/dird/dird_conf.h
|
||||||
|
@@ -24,6 +24,10 @@
|
||||||
|
|
||||||
|
/* NOTE: #includes at the end of this file */
|
||||||
|
|
||||||
|
+#if HAVE_OPENSSL
|
||||||
|
+# include <openssl/evp.h>
|
||||||
|
+#endif
|
||||||
|
+
|
||||||
|
/*
|
||||||
|
* Resource codes -- they must be sequential for indexing
|
||||||
|
*/
|
||||||
|
@@ -591,7 +595,11 @@ public:
|
||||||
|
INCEXE **exclude_items;
|
||||||
|
int32_t num_excludes;
|
||||||
|
bool have_MD5; /* set if MD5 initialized */
|
||||||
|
+#if HAVE_OPENSSL
|
||||||
|
+ EVP_MD_CTX *md5c; /* MD5 of include/exclude */
|
||||||
|
+#else
|
||||||
|
struct MD5Context md5c; /* MD5 of include/exclude */
|
||||||
|
+#endif
|
||||||
|
char MD5[30]; /* base 64 representation of MD5 */
|
||||||
|
bool ignore_fs_changes; /* Don't force Full if FS changed */
|
||||||
|
bool enable_vss; /* Enable Volume Shadow Copy */
|
||||||
|
diff --git a/bacula/src/dird/inc_conf.c b/bacula/src/dird/inc_conf.c
|
||||||
|
index 3f4fbf55e..64b422242 100644
|
||||||
|
--- a/bacula/src/dird/inc_conf.c
|
||||||
|
+++ b/bacula/src/dird/inc_conf.c
|
||||||
|
@@ -32,6 +32,10 @@
|
||||||
|
#include <regex.h>
|
||||||
|
#endif
|
||||||
|
|
||||||
|
+#if HAVE_OPENSSL
|
||||||
|
+# include <openssl/evp.h>
|
||||||
|
+#endif
|
||||||
|
+
|
||||||
|
/* Forward referenced subroutines */
|
||||||
|
|
||||||
|
void store_inc(LEX *lc, RES_ITEM *item, int index, int pass);
|
||||||
|
@@ -354,7 +358,17 @@ static void store_newinc(LEX *lc, RES_ITEM *item, int index, int pass)
|
||||||
|
bool options;
|
||||||
|
|
||||||
|
if (!res_all.res_fs.have_MD5) {
|
||||||
|
+#if HAVE_OPENSSL
|
||||||
|
+ res_all.res_fs.md5c = EVP_MD_CTX_new();
|
||||||
|
+ if (!res_all.res_fs.md5c
|
||||||
|
+ || !EVP_DigestInit_ex(res_all.res_fs.md5c, EVP_md5(), NULL)
|
||||||
|
+ ) {
|
||||||
|
+ Emsg1(M_ERROR_TERM, 0, "MD5 computation failed: %s\n",
|
||||||
|
+ ERR_reason_error_string(ERR_peek_last_error()));
|
||||||
|
+ }
|
||||||
|
+#else
|
||||||
|
MD5Init(&res_all.res_fs.md5c);
|
||||||
|
+#endif
|
||||||
|
res_all.res_fs.have_MD5 = true;
|
||||||
|
}
|
||||||
|
memset(&res_incexe, 0, sizeof(INCEXE));
|
||||||
|
@@ -620,7 +634,13 @@ static void store_fname(LEX *lc, RES_ITEM2 *item, int index, int pass, bool excl
|
||||||
|
}
|
||||||
|
case T_QUOTED_STRING:
|
||||||
|
if (res_all.res_fs.have_MD5) {
|
||||||
|
+#if HAVE_OPENSSL
|
||||||
|
+ if (!EVP_DigestUpdate(res_all.res_fs.md5c, (void *)lc->str, (size_t) lc->str_len))
|
||||||
|
+ Emsg1(M_ERROR_TERM, 0, "MD5 computation failed: %s\n",
|
||||||
|
+ ERR_reason_error_string(ERR_peek_last_error()));
|
||||||
|
+#else
|
||||||
|
MD5Update(&res_all.res_fs.md5c, (unsigned char *)lc->str, lc->str_len);
|
||||||
|
+#endif
|
||||||
|
}
|
||||||
|
incexe = &res_incexe;
|
||||||
|
if (incexe->name_list.size() == 0) {
|
||||||
|
@@ -663,7 +683,13 @@ static void store_plugin_name(LEX *lc, RES_ITEM2 *item, int index, int pass, boo
|
||||||
|
}
|
||||||
|
case T_QUOTED_STRING:
|
||||||
|
if (res_all.res_fs.have_MD5) {
|
||||||
|
+#if HAVE_OPENSSL
|
||||||
|
+ if (!EVP_DigestUpdate(res_all.res_fs.md5c, (void *)lc->str, (size_t) lc->str_len))
|
||||||
|
+ Emsg1(M_ERROR_TERM, 0, "MD5 computation failed: %s\n",
|
||||||
|
+ ERR_reason_error_string(ERR_peek_last_error()));
|
||||||
|
+#else
|
||||||
|
MD5Update(&res_all.res_fs.md5c, (unsigned char *)lc->str, lc->str_len);
|
||||||
|
+#endif
|
||||||
|
}
|
||||||
|
incexe = &res_incexe;
|
||||||
|
if (incexe->plugin_list.size() == 0) {
|
||||||
|
diff --git a/bacula/src/dird/job.c b/bacula/src/dird/job.c
|
||||||
|
index b5b39c7d5..7d69f0157 100644
|
||||||
|
--- a/bacula/src/dird/job.c
|
||||||
|
+++ b/bacula/src/dird/job.c
|
||||||
|
@@ -25,6 +25,10 @@
|
||||||
|
#include "bacula.h"
|
||||||
|
#include "dird.h"
|
||||||
|
|
||||||
|
+#if HAVE_OPENSSL
|
||||||
|
+# include <openssl/evp.h>
|
||||||
|
+#endif
|
||||||
|
+
|
||||||
|
/* Forward referenced subroutines */
|
||||||
|
static void *job_thread(void *arg);
|
||||||
|
static void job_monitor_watchdog(watchdog_t *self);
|
||||||
|
@@ -1308,10 +1312,27 @@ bool get_or_create_fileset_record(JCR *jcr)
|
||||||
|
memset(&fsr, 0, sizeof(FILESET_DBR));
|
||||||
|
bstrncpy(fsr.FileSet, jcr->fileset->hdr.name, sizeof(fsr.FileSet));
|
||||||
|
if (jcr->fileset->have_MD5) {
|
||||||
|
+#if HAVE_OPENSSL
|
||||||
|
+ EVP_MD_CTX *mdctx = EVP_MD_CTX_new();
|
||||||
|
+ if (!mdctx)
|
||||||
|
+ Emsg1(M_ERROR_TERM, 0, "MD5 computation failed: %s\n",
|
||||||
|
+ ERR_reason_error_string(ERR_peek_last_error()));
|
||||||
|
+#else
|
||||||
|
struct MD5Context md5c;
|
||||||
|
+#endif
|
||||||
|
unsigned char digest[MD5HashSize];
|
||||||
|
+#if HAVE_OPENSSL
|
||||||
|
+ if (!EVP_MD_CTX_copy_ex(mdctx, jcr->fileset->md5c)
|
||||||
|
+ || !EVP_DigestFinal_ex(mdctx, digest, NULL)
|
||||||
|
+ ) {
|
||||||
|
+ Emsg1(M_ERROR_TERM, 0, "MD5 computation failed: %s\n",
|
||||||
|
+ ERR_reason_error_string(ERR_peek_last_error()));
|
||||||
|
+ }
|
||||||
|
+ EVP_MD_CTX_free(mdctx);
|
||||||
|
+#else
|
||||||
|
memcpy(&md5c, &jcr->fileset->md5c, sizeof(md5c));
|
||||||
|
MD5Final(digest, &md5c);
|
||||||
|
+#endif
|
||||||
|
/*
|
||||||
|
* Keep the flag (last arg) set to false otherwise old FileSets will
|
||||||
|
* get new MD5 sums and the user will get Full backups on everything
|
||||||
|
diff --git a/bacula/src/lib/hmac.c b/bacula/src/lib/hmac.c
|
||||||
|
index a8d5e3dc0..dc3b78383 100644
|
||||||
|
--- a/bacula/src/lib/hmac.c
|
||||||
|
+++ b/bacula/src/lib/hmac.c
|
||||||
|
@@ -26,6 +26,10 @@
|
||||||
|
*/
|
||||||
|
#include "bacula.h"
|
||||||
|
|
||||||
|
+#if HAVE_OPENSSL
|
||||||
|
+# include <openssl/hmac.h>
|
||||||
|
+#endif
|
||||||
|
+
|
||||||
|
#define PAD_LEN 64 /* PAD length */
|
||||||
|
#define SIG_LEN MD5HashSize /* MD5 digest length */
|
||||||
|
|
||||||
|
@@ -36,6 +40,19 @@ hmac_md5(
|
||||||
|
uint8_t* key, /* pointer to authentication key */
|
||||||
|
int key_len, /* length of authentication key */
|
||||||
|
uint8_t *hmac) /* returned hmac-md5 */
|
||||||
|
+#if HAVE_OPENSSL
|
||||||
|
+{
|
||||||
|
+ if (!HMAC(
|
||||||
|
+ EVP_md5(),
|
||||||
|
+ key, key_len,
|
||||||
|
+ text, text_len,
|
||||||
|
+ hmac, NULL
|
||||||
|
+ )) {
|
||||||
|
+ Emsg0(M_ERROR_TERM, 0, "HMAC computation failed\n");
|
||||||
|
+ }
|
||||||
|
+
|
||||||
|
+}
|
||||||
|
+#else
|
||||||
|
{
|
||||||
|
MD5Context md5c;
|
||||||
|
uint8_t k_ipad[PAD_LEN]; /* inner padding - key XORd with ipad */
|
||||||
|
@@ -90,6 +107,7 @@ hmac_md5(
|
||||||
|
MD5Update(&md5c, hmac, SIG_LEN); /* hash inner hash */
|
||||||
|
MD5Final(hmac, &md5c); /* store results */
|
||||||
|
}
|
||||||
|
+#endif
|
||||||
|
/*
|
||||||
|
Test Vectors (Trailing '\0' of a character string not included in test):
|
||||||
|
|
||||||
|
diff --git a/bacula/src/lib/parse_conf.c b/bacula/src/lib/parse_conf.c
|
||||||
|
index cb3573fbd..3f3f93fdc 100644
|
||||||
|
--- a/bacula/src/lib/parse_conf.c
|
||||||
|
+++ b/bacula/src/lib/parse_conf.c
|
||||||
|
@@ -59,6 +59,10 @@
|
||||||
|
#define MAX_PATH 1024
|
||||||
|
#endif
|
||||||
|
|
||||||
|
+#if HAVE_OPENSSL
|
||||||
|
+# include <openssl/evp.h>
|
||||||
|
+#endif
|
||||||
|
+
|
||||||
|
/*
|
||||||
|
* Define the Union of all the common resource structure definitions.
|
||||||
|
*/
|
||||||
|
@@ -538,7 +542,11 @@ void store_dir(LEX *lc, RES_ITEM *item, int index, int pass)
|
||||||
|
void store_password(LEX *lc, RES_ITEM *item, int index, int pass)
|
||||||
|
{
|
||||||
|
unsigned int i, j;
|
||||||
|
+#if HAVE_OPENSSL
|
||||||
|
+ EVP_MD_CTX *mdctx = NULL;
|
||||||
|
+#else
|
||||||
|
struct MD5Context md5c;
|
||||||
|
+#endif
|
||||||
|
unsigned char digest[CRYPTO_DIGEST_MD5_SIZE];
|
||||||
|
char sig[100];
|
||||||
|
|
||||||
|
@@ -548,9 +556,21 @@ void store_password(LEX *lc, RES_ITEM *item, int index, int pass)
|
||||||
|
} else {
|
||||||
|
lex_get_token(lc, T_STRING);
|
||||||
|
if (pass == 1) {
|
||||||
|
+#if HAVE_OPENSSL
|
||||||
|
+ mdctx = EVP_MD_CTX_new();
|
||||||
|
+ if (!mdctx
|
||||||
|
+ || !EVP_DigestInit_ex(mdctx, EVP_md5(), NULL)
|
||||||
|
+ || !EVP_DigestUpdate(mdctx, (const void *) lc->str, (size_t) lc->str_len)
|
||||||
|
+ || !EVP_DigestFinal_ex(mdctx, digest, NULL)
|
||||||
|
+ ) {
|
||||||
|
+ Emsg1(M_ERROR_TERM, 0, "MD5 computation failed: %s\n",
|
||||||
|
+ ERR_reason_error_string(ERR_peek_last_error()));
|
||||||
|
+ }
|
||||||
|
+#else
|
||||||
|
MD5Init(&md5c);
|
||||||
|
MD5Update(&md5c, (unsigned char *) (lc->str), lc->str_len);
|
||||||
|
MD5Final(digest, &md5c);
|
||||||
|
+#endif
|
||||||
|
for (i = j = 0; i < sizeof(digest); i++) {
|
||||||
|
sprintf(&sig[j], "%02x", digest[i]);
|
||||||
|
j += 2;
|
||||||
|
diff --git a/bacula/src/lib/util.c b/bacula/src/lib/util.c
|
||||||
|
index 2c425aa4c..e82b907d8 100644
|
||||||
|
--- a/bacula/src/lib/util.c
|
||||||
|
+++ b/bacula/src/lib/util.c
|
||||||
|
@@ -707,6 +707,35 @@ int do_shell_expansion(char *name, int name_len)
|
||||||
|
from SpeakFreely by John Walker */
|
||||||
|
|
||||||
|
void make_session_key(char *key, char *seed, int mode)
|
||||||
|
+#if HAVE_OPENSSL
|
||||||
|
+{
|
||||||
|
+ int j, k;
|
||||||
|
+ unsigned char buf[16];
|
||||||
|
+
|
||||||
|
+ (void) seed;
|
||||||
|
+
|
||||||
|
+ if (!RAND_bytes(buf, sizeof(buf)))
|
||||||
|
+ Emsg1(M_ERROR_TERM, 0, "Random bytes generation failed: %s\n",
|
||||||
|
+ ERR_reason_error_string(ERR_peek_last_error()));
|
||||||
|
+
|
||||||
|
+ if (mode) {
|
||||||
|
+ for (j = k = 0; j < 16; j++) {
|
||||||
|
+ unsigned char rb = buf[j];
|
||||||
|
+
|
||||||
|
+#define Rad16(x) ((x) + 'A')
|
||||||
|
+ key[k++] = Rad16((rb >> 4) & 0xF);
|
||||||
|
+ key[k++] = Rad16(rb & 0xF);
|
||||||
|
+#undef Rad16
|
||||||
|
+ if (j & 1) {
|
||||||
|
+ key[k++] = '-';
|
||||||
|
+ }
|
||||||
|
+ }
|
||||||
|
+ key[--k] = 0;
|
||||||
|
+ } else {
|
||||||
|
+ memcpy(key, buf, sizeof(buf));
|
||||||
|
+ }
|
||||||
|
+}
|
||||||
|
+#else
|
||||||
|
{
|
||||||
|
int j, k;
|
||||||
|
struct MD5Context md5c;
|
||||||
|
@@ -790,6 +819,7 @@ void make_session_key(char *key, char *seed, int mode)
|
||||||
|
}
|
||||||
|
}
|
||||||
|
#undef nextrand
|
||||||
|
+#endif
|
||||||
|
|
||||||
|
void encode_session_key(char *encode, char *session, char *key, int maxlen)
|
||||||
|
{
|
@ -3,7 +3,7 @@
|
|||||||
|
|
||||||
Name: bacula
|
Name: bacula
|
||||||
Version: 9.0.6
|
Version: 9.0.6
|
||||||
Release: 4%{?dist}
|
Release: 6%{?dist}
|
||||||
Summary: Cross platform network backup for Linux, Unix, Mac and Windows
|
Summary: Cross platform network backup for Linux, Unix, Mac and Windows
|
||||||
# See LICENSE for details
|
# See LICENSE for details
|
||||||
License: AGPLv3 with exceptions
|
License: AGPLv3 with exceptions
|
||||||
@ -49,6 +49,8 @@ Patch9: %{name}-9.0.6-tray-monitor-task.patch
|
|||||||
Patch10: %{name}-7.0.4-autoconf.patch
|
Patch10: %{name}-7.0.4-autoconf.patch
|
||||||
Patch11: %{name}-9.0.6-qt5-support.patch
|
Patch11: %{name}-9.0.6-qt5-support.patch
|
||||||
|
|
||||||
|
Patch12: %{name}-9.0.6-use-crypto-from-openssl.patch
|
||||||
|
|
||||||
BuildRequires: desktop-file-utils
|
BuildRequires: desktop-file-utils
|
||||||
BuildRequires: perl-generators
|
BuildRequires: perl-generators
|
||||||
BuildRequires: sed
|
BuildRequires: sed
|
||||||
@ -311,6 +313,7 @@ This development package contains static libraries and header files.
|
|||||||
%patch9 -p1
|
%patch9 -p1
|
||||||
%patch10 -p1
|
%patch10 -p1
|
||||||
%patch11 -p1
|
%patch11 -p1
|
||||||
|
%patch12 -p2
|
||||||
|
|
||||||
cp %{SOURCE2} %{SOURCE3} %{SOURCE4} %{SOURCE5} .
|
cp %{SOURCE2} %{SOURCE3} %{SOURCE4} %{SOURCE5} .
|
||||||
|
|
||||||
@ -430,10 +433,7 @@ chmod 755 %{buildroot}%{_libdir}/bacula/*
|
|||||||
chmod 755 %{buildroot}%{_libexecdir}/bacula/*
|
chmod 755 %{buildroot}%{_libexecdir}/bacula/*
|
||||||
chmod 644 %{buildroot}%{_libexecdir}/bacula/btraceback.*
|
chmod 644 %{buildroot}%{_libexecdir}/bacula/btraceback.*
|
||||||
|
|
||||||
%post libs -p /sbin/ldconfig
|
%ldconfig_scriptlets libs
|
||||||
|
|
||||||
%postun libs -p /sbin/ldconfig
|
|
||||||
exit 0
|
|
||||||
|
|
||||||
%post libs-sql
|
%post libs-sql
|
||||||
/usr/sbin/alternatives --install %{_libdir}/libbaccats.so libbaccats.so %{_libdir}/libbaccats-mysql.so 50
|
/usr/sbin/alternatives --install %{_libdir}/libbaccats.so libbaccats.so %{_libdir}/libbaccats-mysql.so 50
|
||||||
@ -555,7 +555,7 @@ fi
|
|||||||
%{_libdir}/libbaccfg-%{version}.so
|
%{_libdir}/libbaccfg-%{version}.so
|
||||||
%{_libdir}/libbacfind-%{version}.so
|
%{_libdir}/libbacfind-%{version}.so
|
||||||
%{_libdir}/libbacsd-%{version}.so
|
%{_libdir}/libbacsd-%{version}.so
|
||||||
%{_libdir}/libbaccats-%{version}.so
|
%exclude %{_libdir}/libbaccats-%{version}.so
|
||||||
|
|
||||||
%files libs-sql
|
%files libs-sql
|
||||||
%{_libdir}/libbaccats-mysql-%{version}.so
|
%{_libdir}/libbaccats-mysql-%{version}.so
|
||||||
@ -705,6 +705,12 @@ fi
|
|||||||
%{_libdir}/libbacsql.so
|
%{_libdir}/libbacsql.so
|
||||||
|
|
||||||
%changelog
|
%changelog
|
||||||
|
* Fri Jun 28 2019 Václav Doležal <vdolezal@redhat.com> - 9.0.6-6
|
||||||
|
- Fix error in postun and rpm -V
|
||||||
|
|
||||||
|
* Fri Jun 28 2019 Václav Doležal <vdolezal@redhat.com> - 9.0.6-5
|
||||||
|
- use OpenSSL library instead of internal implementations of MD5 and HMAC (#1613068)
|
||||||
|
|
||||||
* Thu Aug 16 2018 Václav Doležal <vdolezal@redhat.com> - 9.0.6-4
|
* Thu Aug 16 2018 Václav Doležal <vdolezal@redhat.com> - 9.0.6-4
|
||||||
- remove Nagios plugin (#1616438)
|
- remove Nagios plugin (#1616438)
|
||||||
|
|
||||||
|
Loading…
Reference in New Issue
Block a user