diff --git a/CVE-2022-37704.patch b/CVE-2022-37704.patch deleted file mode 100644 index 2a425000a98fca03cce4f664a01a62b0340795ec..0000000000000000000000000000000000000000 --- a/CVE-2022-37704.patch +++ /dev/null @@ -1,175 +0,0 @@ -From e890d08e16ea0621966a7ae35cce53ccb44a472e Mon Sep 17 00:00:00 2001 -From: seetharaman-rajagopal -Date: Mon, 13 Feb 2023 08:14:04 +0000 -Subject: [PATCH] CVE-2022-37704 - privilege escaltion form amandabackup user - to root -fix - ---- - client-src/rundump.c | 135 +++++++++++++++++++++++++++++++++++++++++++ - 1 file changed, 135 insertions(+) - -diff --git a/client-src/rundump.c b/client-src/rundump.c -index 0b354d70bf..bba5699847 100644 ---- a/client-src/rundump.c -+++ b/client-src/rundump.c -@@ -40,6 +40,8 @@ - #include "conffile.h" - - int main(int argc, char **argv); -+static void validate_dump_option(int argc, char ** argv); -+static void validate_xfsdump_options(int argc, char ** argv); - - #if defined(VDUMP) || defined(XFSDUMP) - # undef USE_RUNDUMP -@@ -160,14 +162,17 @@ main( - - #if defined(DUMP) - dump_program = DUMP; -+ validate_dump_option(argc, argv); - #else - # if defined(XFSDUMP) - dump_program = XFSDUMP; -+ validate_xfsdump_options(argc, argv); - # else - # if defined(VXDUMP) - dump_program = VXDUMP; - # else - dump_program = "dump"; -+ validate_dump_option(argc, argv); - # endif - # endif - #endif -@@ -203,3 +208,133 @@ main( - return 1; - #endif /* } */ - } -+ -+void validate_dump_option(int argc, char ** argv) -+{ -+ int c; -+ int numargs = argc; -+ while (numargs > 0) -+ { -+ c = getopt(argc, argv, "0123456789ab:cd:e:f:h:j:kmnqs:uvwyz:A:B:D:I:L:MQ:ST:W"); -+ switch (c) { -+ case -1: -+ optind++; -+ break; -+ case '?': -+ //option is not valid -+ error("error [%s invalid option: %s]\n", get_pname(), argv[optind-1]); -+ break; -+ // All this options takes another argument -+ case 'b': -+ case 'd': -+ case 'e': -+ case 'f': -+ case 'h': -+ case 'j': -+ case 's': -+ case 'z': -+ case 'A': -+ case 'B': -+ case 'D': -+ case 'I': -+ case 'L': -+ case 'Q': -+ case 'T': -+ { -+ // get optarg and check it against NULL. If it is null, then return error. -+ if (optarg == NULL) { -+ error ("error [%s additional parameter is missing for option: %c]\n", get_pname(), c); -+ } -+ break; -+ } -+ case '0': -+ case '1': -+ case '2': -+ case '3': -+ case '4': -+ case '5': -+ case '6': -+ case '7': -+ case '8': -+ case '9': -+ case 'a': -+ case 'c': -+ case 'k': -+ case 'm': -+ case 'n': -+ case 'q': -+ case 'u': -+ case 'v': -+ case 'w': -+ case 'y': -+ case 'M': -+ case 'S': -+ case 'W': -+ { -+ break; -+ } -+ default: -+ error ("error [%s invalid option: %c]\n", get_pname(), c); -+ break; -+ } -+ numargs--; -+ } -+} -+ -+void validate_xfsdump_options(int argc, char ** argv) -+{ -+ int c; -+ int numargs = argc; -+ while (numargs > 0) -+ { -+ c = getopt(argc, argv, "ab:d:ef:l:mop:qs:t:v:z:AB:DFI:JL:M:RT"); -+ switch (c) { -+ case -1: -+ optind++; -+ break; -+ case '?': -+ //option is not valid -+ error ("error [%s invalid option: %s]\n", get_pname(), argv[optind-1]); -+ break; -+ // All this options takes another argument -+ case 'b': -+ case 'd': -+ case 'f': -+ case 'l': -+ case 'p': -+ case 's': -+ case 't': -+ case 'v': -+ case 'z': -+ case 'B': -+ case 'I': -+ case 'L': -+ case 'M': -+ { -+ // get optarg and check it against NULL. If it is null, then return error. -+ if (optarg == NULL) { -+ error ("error [%s additional parameter is missing for option: %c]\n", get_pname(), c); -+ } -+ break; -+ } -+ case 'a': -+ case 'e': -+ case 'm': -+ case 'o': -+ case 'q': -+ case 'A': -+ case 'D': -+ case 'F': -+ case 'J': -+ case 'R': -+ case 'T': -+ { -+ break; -+ } -+ default: -+ error ("error [%s invalid option: %c]\n", get_pname(), c); -+ break; -+ } -+ numargs--; -+ } -+} diff --git a/CVE-2022-37704_part_2.patch b/CVE-2022-37704_part_2.patch deleted file mode 100644 index 65af772b21b6d8a2a7e8860f5f5f173a0733f299..0000000000000000000000000000000000000000 --- a/CVE-2022-37704_part_2.patch +++ /dev/null @@ -1,32 +0,0 @@ -Description: Fix CVE-2022-37704, second vector (RSH) -Author: seetharaman-rajagopal https://github.com/seetharaman-rajagopal - -Index: amanda.git/client-src/rundump.c -=================================================================== ---- amanda.git.orig/client-src/rundump.c 2023-02-24 21:12:21.457531656 +0000 -+++ amanda.git/client-src/rundump.c 2023-02-24 21:14:42.113754385 +0000 -@@ -197,6 +197,24 @@ main( - amfree(cmdline); - - env = safe_env(); -+ //Filter or Discard RSH Environmental variable -+ int env_count = 0; -+ for (int i = 0; env[i] != NULL; i++){ -+ env_count++; -+ } -+ for (int i = 0; i < env_count; i++){ -+ if (strncmp(env[i], "RSH=", 4) == 0){ -+ // Remove RSH -+ g_free(env[i]); -+ // move array elements one step left - which are after "RSH" -+ for (int j = i; j < env_count; j++){ -+ env[j] = env[j + 1]; -+ } -+ //decrease the variable count -+ env[env_count-1] = NULL; -+ break; -+ } -+ } - execve(dump_program, argv, env); - free_env(env); - diff --git a/CVE-2022-37705.patch b/CVE-2022-37705.patch deleted file mode 100644 index abbae46b1e2301970fba3cf125e696b366d3b449..0000000000000000000000000000000000000000 --- a/CVE-2022-37705.patch +++ /dev/null @@ -1,26 +0,0 @@ -From 43c5b32f46186f3ed78fe6c7503096fa9ad1236c Mon Sep 17 00:00:00 2001 -From: Prajwal T R -Date: Thu, 22 Dec 2022 10:37:30 -0700 -Subject: [PATCH] fix : fix increment logic for good_option - -- for arguements of type --file=x or --file x, fixed logic while incrementing value. ---- - client-src/runtar.c | 4 ++-- - 1 file changed, 2 insertions(+), 2 deletions(-) - -diff --git a/client-src/runtar.c b/client-src/runtar.c -index d04a1385f6..499c7dfecb 100644 ---- a/client-src/runtar.c -+++ b/client-src/runtar.c -@@ -191,9 +191,9 @@ main( - g_str_has_prefix(argv[i],"--newer") || - g_str_has_prefix(argv[i],"--exclude-from") || - g_str_has_prefix(argv[i],"--files-from")) { -- /* Accept theses options with the following argument */ -- good_option += 2; -+ good_option++; - } else if (argv[i][0] != '-') { -+ /* argument values are accounted for here */ - good_option++; - } - } diff --git a/amanda-3.1.1-tcpport.patch b/amanda-3.1.1-tcpport.patch new file mode 100644 index 0000000000000000000000000000000000000000..dbdbed0ebca173dfa838079ba155f0183e2331be --- /dev/null +++ b/amanda-3.1.1-tcpport.patch @@ -0,0 +1,29 @@ +diff -up amanda-3.1.1/example/amanda-client.conf.in.tcpport amanda-3.1.1/example/amanda-client.conf.in +--- amanda-3.1.1/example/amanda-client.conf.in.tcpport 2010-06-29 19:09:55.000000000 +0200 ++++ amanda-3.1.1/example/amanda-client.conf.in 2010-08-10 14:44:32.372879810 +0200 +@@ -22,3 +22,5 @@ auth "bsdtcp" + + ssh_keys "" # your ssh keys file if you use ssh auth + ++#resolves "resource temporarily unavailable" bug ++unreserved-tcp-port 1025,65535 +diff -up amanda-3.1.1/example/amanda-client-postgresql.conf.in.tcpport amanda-3.1.1/example/amanda-client-postgresql.conf.in +--- amanda-3.1.1/example/amanda-client-postgresql.conf.in.tcpport 2010-06-29 19:09:55.000000000 +0200 ++++ amanda-3.1.1/example/amanda-client-postgresql.conf.in 2010-08-10 14:44:41.423755630 +0200 +@@ -44,3 +44,6 @@ property "foo-PG-DATADIR" "/var/postgres + # For this example: + # archive_command = 'test ! -f /var/postgresql/archive/%f && cp %p /var/postgresql/archive/%f' + property "foo-PG-ARCHIVEDIR" "/var/postgresql/archive" ++ ++#resolves "resource temporarily unavailable" bug ++unreserved-tcp-port 1025,65535 +diff -up amanda-3.1.1/example/amanda.conf.in.tcpport amanda-3.1.1/example/amanda.conf.in +--- amanda-3.1.1/example/amanda.conf.in.tcpport 2010-08-10 14:43:55.640754722 +0200 ++++ amanda-3.1.1/example/amanda.conf.in 2010-08-10 14:44:50.760880089 +0200 +@@ -761,3 +761,6 @@ define script-tool sc-email { + # configurations. + + #includefile "@CONFIG_DIR@/amanda.conf.main" ++ ++#resolves "resource temporarily unavailable" bug ++unreserved-tcp-port 1025,65535 diff --git a/amanda-3.1.1-xattrs.patch b/amanda-3.1.1-xattrs.patch new file mode 100644 index 0000000000000000000000000000000000000000..62cc85511c2997d4f2c53986f9c585eea5624ba5 --- /dev/null +++ b/amanda-3.1.1-xattrs.patch @@ -0,0 +1,55 @@ +diff -up amanda-3.1.1/example/amanda.conf.in.xattrs amanda-3.1.1/example/amanda.conf.in +--- amanda-3.1.1/example/amanda.conf.in.xattrs 2010-08-03 14:45:25.000000000 +0200 ++++ amanda-3.1.1/example/amanda.conf.in 2010-08-03 14:47:42.516753010 +0200 +@@ -718,6 +718,7 @@ define interface local { + define application-tool app_amgtar { + comment "amgtar" + plugin "amgtar" ++ property "XATTRS" "YES" + #property "GNUTAR-PATH" "/path/to/gtar" + #property "GNUTAR-LISTDIR" "/path/to/gnutar_list_dir" + #default from gnutar_list_dir setting in amanda-client.conf +diff -up amanda-3.1.1/example/template.d/amanda-harddisk.conf.in.xattrs amanda-3.1.1/example/template.d/amanda-harddisk.conf.in +--- amanda-3.1.1/example/template.d/amanda-harddisk.conf.in.xattrs 2010-06-29 19:09:55.000000000 +0200 ++++ amanda-3.1.1/example/template.d/amanda-harddisk.conf.in 2010-08-03 14:47:17.027752940 +0200 +@@ -30,6 +30,7 @@ define dumptype global { + define application-tool app_amgtar { + comment "amgtar" + plugin "amgtar" ++ property "XATTRS" "YES" + #property "GNUTAR-PATH" "/path/to/gtar" + #property "GNUTAR-LISTDIR" "/path/to/gnutar_list_dir" + } +diff -up amanda-3.1.1/example/template.d/amanda-single-tape.conf.in.xattrs amanda-3.1.1/example/template.d/amanda-single-tape.conf.in +--- amanda-3.1.1/example/template.d/amanda-single-tape.conf.in.xattrs 2010-06-29 19:09:55.000000000 +0200 ++++ amanda-3.1.1/example/template.d/amanda-single-tape.conf.in 2010-08-03 14:47:21.307753002 +0200 +@@ -37,6 +37,7 @@ define dumptype global { + define application-tool app_amgtar { + comment "amgtar" + plugin "amgtar" ++ property "XATTRS" "YES" + #property "GNUTAR-PATH" "/path/to/gtar" + #property "GNUTAR-LISTDIR" "/path/to/gnutar_list_dir" + } +diff -up amanda-3.1.1/example/template.d/amanda-S3.conf.in.xattrs amanda-3.1.1/example/template.d/amanda-S3.conf.in +--- amanda-3.1.1/example/template.d/amanda-S3.conf.in.xattrs 2010-06-29 19:09:55.000000000 +0200 ++++ amanda-3.1.1/example/template.d/amanda-S3.conf.in 2010-08-03 14:47:26.723752659 +0200 +@@ -38,6 +38,7 @@ define dumptype global { + define application-tool app_amgtar { + comment "amgtar" + plugin "amgtar" ++ property "XATTRS" "YES" + #property "GNUTAR-PATH" "/path/to/gtar" + #property "GNUTAR-LISTDIR" "/path/to/gnutar_list_dir" + } +diff -up amanda-3.1.1/example/template.d/amanda-tape-changer.conf.in.xattrs amanda-3.1.1/example/template.d/amanda-tape-changer.conf.in +--- amanda-3.1.1/example/template.d/amanda-tape-changer.conf.in.xattrs 2010-06-29 19:09:55.000000000 +0200 ++++ amanda-3.1.1/example/template.d/amanda-tape-changer.conf.in 2010-08-03 14:47:30.827752997 +0200 +@@ -37,6 +37,7 @@ define dumptype global { + define application-tool app_amgtar { + comment "amgtar" + plugin "amgtar" ++ property "XATTRS" "YES" + #property "GNUTAR-PATH" "/path/to/gtar" + #property "GNUTAR-LISTDIR" "/path/to/gnutar_list_dir" + } diff --git a/amanda-3.2.0-config-dir.patch b/amanda-3.2.0-config-dir.patch new file mode 100644 index 0000000000000000000000000000000000000000..123779978e81c85827813674f9903ba81db64c6d --- /dev/null +++ b/amanda-3.2.0-config-dir.patch @@ -0,0 +1,19 @@ +diff --git a/example/amanda.conf.in b/example/amanda.conf.in +index 5c6ced7..721d683 100644 +--- a/example/amanda.conf.in ++++ b/example/amanda.conf.in +@@ -225,10 +225,10 @@ holdingdisk hd1 { + # Note that, although the keyword below is infofile, it is only so for + # historic reasons, since now it is supposed to be a directory (unless + # you have selected some database format other than the `text' default) +-infofile "@CONFIG_DIR@/@DEFAULT_CONFIG@/curinfo" # database DIRECTORY +-logdir "@CONFIG_DIR@/@DEFAULT_CONFIG@" # log directory +-indexdir "@CONFIG_DIR@/@DEFAULT_CONFIG@/index" # index directory +-#tapelist "@CONFIG_DIR@/@DEFAULT_CONFIG@/tapelist" # list of used tapes ++infofile "/var/lib/amanda/@DEFAULT_CONFIG@/curinfo" # database DIRECTORY ++logdir "/var/lib/amanda/@DEFAULT_CONFIG@" # log directory ++indexdir "/var/lib/amanda/@DEFAULT_CONFIG@/index" # index directory ++tapelist "/var/lib/amanda/@DEFAULT_CONFIG@/tapelist" # list of used tapes + # tapelist is stored, by default, in the directory that contains amanda.conf + + # tapetypes diff --git a/amanda-3.4.5-no-xinetd.patch b/amanda-3.4.5-no-xinetd.patch new file mode 100644 index 0000000000000000000000000000000000000000..bc420470de4d12d1ce3548f094702c4030832599 --- /dev/null +++ b/amanda-3.4.5-no-xinetd.patch @@ -0,0 +1,12 @@ +diff --git a/server-src/amserverconfig.pl b/server-src/amserverconfig.pl +index 5748dfc..18f59f0 100755 +--- a/server-src/amserverconfig.pl ++++ b/server-src/amserverconfig.pl +@@ -656,7 +656,6 @@ if ( defined $template ) { + &create_customconf; + } + +-&check_xinetd; + &build_amanda_ssh_key; + + if ( $vtape_err ) { diff --git a/amanda-3.5.1.tar.gz b/amanda-3.5.4.tar.gz similarity index 33% rename from amanda-3.5.1.tar.gz rename to amanda-3.5.4.tar.gz index 7e5f023558e78ac24a169f4da27dff8db23f7621..2f100516cf3f2c3139f33063362d2907f3755bd4 100644 Binary files a/amanda-3.5.1.tar.gz and b/amanda-3.5.4.tar.gz differ diff --git a/amanda.crontab b/amanda.crontab new file mode 100644 index 0000000000000000000000000000000000000000..8c8bc7d36efc990d26cd929512630007993eeed6 --- /dev/null +++ b/amanda.crontab @@ -0,0 +1,9 @@ +# This is an example for a crontab entry for automated backup with amanda +# With these cron lines, Amanda will check that the correct tape is in +# the drive every weekday afternoon at 4pm (if it isn't, all the +# operators will get mail). At 12:45am that night the dumps will be run. +# +# This should be put in user operator's crontab +# +0 16 * * 1-5 /usr/sbin/amcheck -m DailySet1 +45 0 * * 2-6 /usr/sbin/amdump DailySet1 diff --git a/amanda.spec b/amanda.spec index d93739028652a20fe76b3176d34feca0c15a0280..373a7399df634ce632864881d7ef815464b4a39c 100644 --- a/amanda.spec +++ b/amanda.spec @@ -8,12 +8,15 @@ %define amanda_group disk Name: amanda -Version: 3.5.1 -Release: 20 +Version: 3.5.4 +Release: 1 Summary: A backup solution over network to disk License: BSD and GPLv3+ and GPLv2+ and GPLv2 URL: http://www.amanda.org -Source: http://downloads.sourceforge.net/amanda/amanda-%{version}.tar.gz +Source0: https://github.com/zmanda/amanda/archive/tag-community-%{version}/amanda-%{version}.tar.gz +Source1: amanda.crontab +Source4: disklist +Source8: amandahosts Source9: amanda.socket Source10: amanda@.service Source11: activate-devpay.1.gz @@ -23,20 +26,24 @@ Source14: amanda-udp.service Source15: kamanda.socket Source16: kamanda@.service +Patch1: amanda-3.1.1-xattrs.patch +Patch2: amanda-3.1.1-tcpport.patch +Patch3: amanda-3.2.0-config-dir.patch +# Don't mention xinetd files in amserverconfig (#1460763) +Patch4: amanda-3.4.5-no-xinetd.patch +# Support tirpc Patch5: patch-tirpc.patch -Patch6: CVE-2022-37704.patch -Patch7: CVE-2022-37704_part_2.patch -Patch8: CVE-2022-37705.patch BuildRequires: automake autoconf libtool dump xfsdump cups BuildRequires: samba-client tar grep gcc-c++ readline-devel libtirpc-devel BuildRequires: krb5-devel openssh-clients ncompress mtx mt-st BuildRequires: perl-devel perl-generators perl perl-Test-Simple BuildRequires: glib2-devel openssl-devel swig bison flex -BuildRequires: libcurl-devel procps-ng systemd +BuildRequires: libcurl-devel procps-ng systemd rpcgen gnuplot Requires: grep tar /bin/mail perl sharutils Requires(post): /sbin/ldconfig Requires(postun): /sbin/ldconfig +Requires: glib2-devel >= 2.66.8 Provides: %{name}-libs = %{version}-%{release} Provides: %{name}-libs%{?_isa} = %{version}-%{release} @@ -64,7 +71,7 @@ versions of Unix/Mac OS X/Linux/Windows. %package_help %prep -%autosetup -p1 -n %{name}-%{version} +%autosetup -p1 -n %{name}-tag-community-%{version} %build ./autogen @@ -87,6 +94,8 @@ export MAILER=/bin/mail CFLAGS="$RPM_OPT_FLAGS -fPIE" LDFLAGS="$RPM_LD_FLAGS -pi --with-group=%amanda_group \ --with-tmpdir=/var/log/amanda \ --with-gnutar=/bin/tar \ + --disable-static \ + --with-amandahosts \ --with-ssh-security \ --with-rsh-security \ --with-bsdtcp-security \ @@ -106,7 +115,7 @@ pushd %{buildroot} mkdir -p ./%{_sysconfdir}/amanda mkdir -p ./var/log/amanda/amandad mkdir -p ./%{_localstatedir}/lib/amanda - +install -m 600 %SOURCE8 $RPM_BUILD_ROOT%{_localstatedir}/lib/amanda/.amandahosts install -p -m 644 -D %{SOURCE9} ./%{_unitdir}/amanda.socket install -p -m 644 -D %{SOURCE10} ./%{_unitdir}/amanda@.service install -p -m 644 -D %{SOURCE13} ./%{_unitdir}/amanda-udp.socket @@ -123,6 +132,9 @@ ln -s amrecover.8.gz %{buildroot}%{_mandir}/man8/amoldrecover.8 pushd %{buildroot} mv .%{_localstatedir}/lib/amanda/example .%{_sysconfdir}/amanda/%defconfig +cp ${RPM_SOURCE_DIR}/amanda.crontab .%{_sysconfdir}/amanda/crontab.sample +cp ${RPM_SOURCE_DIR}/disklist .%{_sysconfdir}/amanda/%defconfig +cp ${RPM_SOURCE_DIR}/disklist .%{_sysconfdir}/amanda/%defconfig rm -f .%{_sysconfdir}/amanda/%defconfig/xinetd* rm -f .%{_sysconfdir}/amanda/%defconfig/inetd* mkdir -p .%{_localstatedir}/lib/amanda/gnutar-lists @@ -154,41 +166,158 @@ make check %ldconfig_scriptlets client server %files -%defattr(-,root,root) -%license COPYRIGHT -%doc AUTHORS README -%dir %{_sysconfdir}/amanda/ -%{_sysconfdir}/amanda/amanda-security.conf -%config(noreplace) %{_sysconfdir}/amanda/%defconfig/* -%attr(0644, root, root) %config(noreplace) %{_sysconfdir}/amanda-security.conf - -%{_sbindir}/* -%{_libdir}/*.so + +%license COPYRIGHT COPYRIGHT.BSD +%doc ChangeLog README.md ReleaseNotes +%{_unitdir}/amanda@.service +%{_unitdir}/amanda.socket +%{_unitdir}/amanda-udp.service +%{_unitdir}/amanda-udp.socket +%{_unitdir}/kamanda@.service +%{_unitdir}/kamanda.socket + + + %dir %{_libexecdir}/amanda -%{_libexecdir}/amanda/* -%attr(4750,root,%amanda_group) %{_libexecdir}/amanda/runtar +%{_libexecdir}/amanda/amandad +%{_libexecdir}/amanda/amanda-sh-lib.sh %attr(4750,root,%amanda_group) %{_libexecdir}/amanda/ambind -%attr(4750,root,%amanda_group) %{_libexecdir}/amanda/rundump -%attr(4750,root,%amanda_group) %{_libexecdir}/amanda/calcsize -%attr(4750,root,%amanda_group) %{_libexecdir}/amanda/killpgrp -%attr(4750,root,%amanda_group) %{_libexecdir}/amanda/application/amgtar -%attr(4750,root,%amanda_group) %{_libexecdir}/amanda/application/amstar -%attr(4750,root,%amanda_group) %{_libexecdir}/amanda/application/ambsdtar +%{_libexecdir}/amanda/amndmjob +%{_libexecdir}/amanda/amcat.awk +%{_libexecdir}/amanda/amplot.awk +%{_libexecdir}/amanda/amplot.g +%{_libexecdir}/amanda/amplot.gp +%{_libexecdir}/amanda/ndmjob + +%{_sbindir}/amandad +%{_sbindir}/amaespipe +%{_sbindir}/amarchiver +%{_sbindir}/amcrypt +%{_sbindir}/amcrypt-ossl +%{_sbindir}/amcrypt-ossl-asym +%{_sbindir}/amcryptsimple +%{_sbindir}/amgetconf +%{_sbindir}/amgpgcrypt +%{_sbindir}/amplot +%{_sbindir}/amssl -%{_unitdir}/*.socket -%{_unitdir}/*.service %{perl_vendorarch}/Amanda/ %{perl_vendorarch}/auto/Amanda/ +%dir %{_sysconfdir}/amanda/ +%dir %{_sysconfdir}/amanda/%defconfig + +%attr(-,%amanda_user,%amanda_group) %dir %{_localstatedir}/lib/amanda/ +%attr(600,%amanda_user,%amanda_group) %config(noreplace) %{_localstatedir}/lib/amanda/.amandahosts %attr(02770,%amanda_user,%amanda_group) %dir /var/log/amanda %attr(02770,%amanda_user,%amanda_group) %dir /var/log/amanda/amandad -%attr(-,%amanda_user,%amanda_group) %dir %{_localstatedir}/lib/amanda/ -%attr(-,%amanda_user,%amanda_group) %dir %{_localstatedir}/lib/amanda/%defconfig/ -%attr(-,%amanda_user,%amanda_group) %dir %{_localstatedir}/lib/amanda/%defconfig/index -%attr(-,%amanda_user,%amanda_group) %dir %{_localstatedir}/lib/amanda/template.d -%attr(-,%amanda_user,%amanda_group) %config(noreplace) %{_localstatedir}/lib/amanda/template.d/* -%attr(-,%amanda_user,%amanda_group) %{_localstatedir}/lib/amanda/gnutar-lists/ -%attr(-,%amanda_user,%amanda_group) %config(noreplace) %{_localstatedir}/lib/amanda/amandates + +%{_libdir}/libamdevice*.so +%{_libdir}/libamserver*.so +%{_libdir}/libamclient*.so +%{_libdir}/libamanda-*.so +%{_libdir}/libamanda.so +%{_libdir}/libamandad*.so +%{_libdir}/libamar*.so +%{_libdir}/libamglue*.so +%{_libdir}/libamxfer*.so +%{_libdir}/libndmjob*.so +%{_libdir}/libndmlib*.so + +%{_libexecdir}/amanda/amdumpd +%{_libexecdir}/amanda/amcheck-device +%{_libexecdir}/amanda/amidxtaped +%{_libexecdir}/amanda/amindexd +%{_libexecdir}/amanda/amlogroll +%{_libexecdir}/amanda/amtrmidx +%{_libexecdir}/amanda/amtrmlog +%{_libexecdir}/amanda/driver +%{_libexecdir}/amanda/amadmin_perl +%{_libexecdir}/amanda/ambackupd +%{_libexecdir}/amanda/rest-server/ +%{_libexecdir}/amanda/dumper +%{_libexecdir}/amanda/chunker +%{_libexecdir}/amanda/planner +%{_libexecdir}/amanda/taper + +%{_sbindir}/activate-devpay +%{_sbindir}/amaddclient +%{_sbindir}/amadmin +%{_sbindir}/amcleanup +%{_sbindir}/amcleanupdisk +%{_sbindir}/amdevcheck +%{_sbindir}/amdump +%{_sbindir}/amfetchdump +%{_sbindir}/amflush +%{_sbindir}/amcheck +%{_sbindir}/amcheckdb +%{_sbindir}/amcheckdump +%{_sbindir}/amlabel +%{_sbindir}/amoverview +%{_sbindir}/amreport +%{_sbindir}/amrestore +%{_sbindir}/amrmtape +%{_sbindir}/amserverconfig +%{_sbindir}/amservice +%{_sbindir}/amstatus +%{_sbindir}/amtape +%{_sbindir}/amtapetype +%{_sbindir}/amtoc +%{_sbindir}/amvault +%{_sbindir}/amanda-rest-server +%{_sbindir}/amreindex + +%config(noreplace) %{_sysconfdir}/amanda/crontab.sample +%config(noreplace) %{_sysconfdir}/amanda/%defconfig/* +%exclude %{_sysconfdir}/amanda/%defconfig/amanda-client.conf +%exclude %{_sysconfdir}/amanda/%defconfig/amanda-client-postgresql.conf + +%attr(-,%amanda_user,%amanda_group) %dir %{_localstatedir}/lib/amanda/%defconfig/ +%attr(-,%amanda_user,%amanda_group) %dir %{_localstatedir}/lib/amanda/%defconfig/index +%attr(-,%amanda_user,%amanda_group) %dir %{_localstatedir}/lib/amanda/template.d +%attr(-,%amanda_user,%amanda_group) %config(noreplace) %{_localstatedir}/lib/amanda/template.d/* + +%dir %{_libexecdir}/amanda/application/ +%attr(4750,root,%amanda_group) %{_libexecdir}/amanda/application/ambsdtar +%attr(4750,root,%amanda_group) %{_libexecdir}/amanda/application/amgtar +%attr(4750,root,%amanda_group) %{_libexecdir}/amanda/application/amstar +%{_libexecdir}/amanda/application/amlog-script +%{_libexecdir}/amanda/application/ampgsql +%{_libexecdir}/amanda/application/amraw +%{_libexecdir}/amanda/application/amsamba +%{_libexecdir}/amanda/application/amsuntar +%{_libexecdir}/amanda/application/amzfs-sendrecv +%{_libexecdir}/amanda/application/amzfs-snapshot +%{_libexecdir}/amanda/application/script-email +%{_libexecdir}/amanda/application/amrandom +%{_libexecdir}/amanda/application/script-fail +%{_libexecdir}/amanda/restore +%{_libexecdir}/amanda/senddiscover + +%attr(4750,root,%amanda_group) %{_libexecdir}/amanda/calcsize +%attr(4750,root,%amanda_group) %{_libexecdir}/amanda/killpgrp +%{_libexecdir}/amanda/noop +%{_libexecdir}/amanda/patch-system +%attr(4750,root,%amanda_group) %{_libexecdir}/amanda/rundump +%attr(4750,root,%amanda_group) %{_libexecdir}/amanda/runtar +%{_libexecdir}/amanda/selfcheck +%{_libexecdir}/amanda/sendbackup +%{_libexecdir}/amanda/sendsize +%{_libexecdir}/amanda/teecount + +%{_sbindir}/amdump_client +%{_sbindir}/amoldrecover +%{_sbindir}/amrecover +%{_sbindir}/ambackup + +%{_sysconfdir}/amanda/amanda-security.conf + +%config(noreplace) %{_sysconfdir}/amanda/%defconfig/amanda-client.conf +%config(noreplace) %{_sysconfdir}/amanda/%defconfig/amanda-client-postgresql.conf + +%attr(-,%amanda_user,%amanda_group) %config(noreplace) %{_localstatedir}/lib/amanda/amandates +%attr(-,%amanda_user,%amanda_group) %{_localstatedir}/lib/amanda/gnutar-lists/ +%attr(0644, root, root) %config(noreplace) %{_sysconfdir}/amanda-security.conf %files help %defattr(-,root,root) @@ -196,12 +325,24 @@ make check %{_mandir}/man* %changelog -* Thu Mar 2 2023 caodongxia - 3.5.1-20 -- Add install require sharutils +* Tue Aug 08 2023 wangkai <13474090681@163.com> - 3.5.4-1 +- Update to version 3.5.4 for fix CVE-2023-30577 + +* Thu Mar 2 2023 caodongxia - 3.5.1-23 +- Add install require sharutils -* Tue Feb 28 2023 luopihui - 3.5.1-19 +* Tue Feb 28 2023 luopihui - 3.5.1-22 - Fix CVE-2022-37704 CVE-2022-37705 +* Fri Nov 11 2022 caodongxia - 3.5.1-21 +- fix hexencode test failed + +* Mon Jun 20 2022 liyanan - 3.5.1-20 +- Skip hexencode test case as it fails with new glib2 + +* Fri Jul 30 2021 Haiwei Li - 3.5.1-19 +- Fix multiple definition tu_debugging_enabled + * Sat Feb 29 2020 Ling Yang - 3.5.1-18 - Fixed build error diff --git a/amanda.yaml b/amanda.yaml new file mode 100644 index 0000000000000000000000000000000000000000..b08cd83b1e0585f603f046d743a5c81f5e7d7053 --- /dev/null +++ b/amanda.yaml @@ -0,0 +1,4 @@ +version_control: svn +src_repo: https://svn.code.sf.net/p/amanda/code/amanda +tag_prefix: "community_" +seperator: "_" diff --git a/amandahosts b/amandahosts new file mode 100644 index 0000000000000000000000000000000000000000..affd314e1e6de398a415e9056acfc0b00fd6f17b --- /dev/null +++ b/amandahosts @@ -0,0 +1,29 @@ +# Allow access to amanda over the network. See 'man amanda' + +# 'ambackup' connects to 'amandad'. If your 'disklist' is correctly +# set up, i.e. if it does not use 'localhost' but the fully qualified +# domain name (FQDN) of the target machine, then you must put +# the FQDN here. 'ambackup' must be run by user 'amandabackup', so we allow +# access by user 'amandabackup'. Do not forget to add an 'only_from' line to +# '/etc/xinet.d/amanda' to allow access to 'amandad' only from known +# IP addresses. + +# replace mymachine.mydomain by the correct value and uncomment +# mymachine.mydomain amandabackup + + +# 'amrecover' connects to 'amandaidx', which uses the fully qualified +# domain name when access is done from another machine. 'amrecover' +# must be run by user 'root', so we allow access by user 'root'. + +# replace mymachine.mydomain by the correct value and uncomment +# mymachine.mydomain root + + +# 'amrecover' connects to 'amandaidx', which uses the bare machine +# name w/o domain name when access is done from the same machine. +# 'amrecover' must be run by user 'root', so we allow access by user +# 'root'. + +# replace mymachine by the correct value and uncomment +# mymachine root diff --git a/disklist b/disklist new file mode 100644 index 0000000000000000000000000000000000000000..571b7c0a1644dacdcc692b265e28fc17c5dbbdeb --- /dev/null +++ b/disklist @@ -0,0 +1,69 @@ +# sample Amanda2 disklist file, derived from CS.UMD.EDU's disklist +# +# If your configuration is called, say, "csd2", then this file normally goes +# in /etc/amanda/csd2/disklist. +# +# File format is: +# +# hostname diskdev dumptype +# +# where the dumptypes are defined by you in amanda.conf. + + +# At our site, root partitions have a different dumptype because they +# are of lower priority; they don't contain user data, and don't change +# much from the department prototype. In a crunch, they can be left for +# last or skipped. + +## A SPARCstation 1+ +#salty sd0a comp-root +#salty sd0g comp-user +#salty sd1g comp-user +#salty sd2a comp-root +#salty sd2g comp-user +#salty sd3c comp-user +# +## A DECstation 3100 +#slithy rz1a comp-root +#slithy rz1g comp-user +#slithy rz3a comp-root +#slithy rz3g comp-user +# +## We don't run compression on the master host since it is going to be +## busy enough running amanda. +#master sd0a nocomp-root -1 local +#master sd0g nocomp-user -1 local +## note: -1 is a placeholder for the spindle number +## the holding disk can't be dumped to itself, it uses a disktype that +## specifies the "no-hold" option (see amanda.conf). +#master sd1c holding-disk -1 local +# +## The chairman's disk is high priority to make sure it gets done. +#bigwig sd0a comp-root +#bigwig sd0g comp-high +## Likewise the named databases in the root partition on our primary +## nameserver. Also, compression is turned off because we don't want +## to create any unnecessary load on this baby (it's only a Sun3). +#bozo sd0a nocomp-high +#bozo sd0g nocomp-user +#bozo sd4c nocomp-user +# +## Dump Joe's NetBSD machine, with the mounted MS-DOS partition dumped +## using tar. +#joespc wd0a comp-root +#joespc wd0e comp-user +#joespc /msdos comp-user-tar +# +## Some really slow machines, like Sun2's and some Vaxstations, take +## forever to compress their dumps: it's just not worth it. +# +## A Sun2 +#cleo sd0a nocomp-root +#cleo sd0g nocomp-user +## A VaxStation +#susie rz8a nocomp-root +#susie rz8g nocomp-user +# +## and so on ... well, you get the idea + +localhost /etc comp-root-tar