diff --git a/SOURCES/amanda-3.3.3-decompress.patch b/SOURCES/amanda-3.3.3-decompress.patch new file mode 100644 index 0000000..34ca92c --- /dev/null +++ b/SOURCES/amanda-3.3.3-decompress.patch @@ -0,0 +1,23 @@ +diff -Npru old/recover-src/extract_list.c new/recover-src/extract_list.c +--- old/recover-src/extract_list.c 2013-01-10 13:54:49.000000000 +0100 ++++ new/recover-src/extract_list.c 2017-01-24 11:06:37.614551697 +0100 +@@ -2862,7 +2862,8 @@ start_processing_data( + } + + /* decrypt */ +- if (ctl_data->file.encrypted) { ++ if (ctl_data->file.encrypted && ++ am_has_feature(tapesrv_features, fe_amrecover_receive_unfiltered)) { + char *argv[3]; + int crypt_out; + int errfd = fileno(stderr); +@@ -2876,7 +2877,8 @@ start_processing_data( + } + + /* decompress */ +- if (ctl_data->file.compressed) { ++ if (ctl_data->file.compressed && ++ am_has_feature(tapesrv_features, fe_amrecover_receive_unfiltered)) { + char *argv[3]; + int comp_out; + int errfd = fileno(stderr); diff --git a/SOURCES/amanda-3.3.3-krb5.patch b/SOURCES/amanda-3.3.3-krb5.patch new file mode 100644 index 0000000..f3e237a --- /dev/null +++ b/SOURCES/amanda-3.3.3-krb5.patch @@ -0,0 +1,56 @@ +diff --git a/amandad-src/amandad.c b/amandad-src/amandad.c +index d864c3f..4a899fb 100644 +--- a/amandad-src/amandad.c ++++ b/amandad-src/amandad.c +@@ -456,7 +456,7 @@ main( + } + + #ifndef SINGLE_USERID +- if (geteuid() == 0) { ++ if (getuid() == 0) { + if (strcasecmp(auth, "krb5") != 0) { + struct passwd *pwd; + /* lookup our local user name */ +diff --git a/common-src/krb5-security.c b/common-src/krb5-security.c +index c3075fa..8d3b18a 100644 +--- a/common-src/krb5-security.c ++++ b/common-src/krb5-security.c +@@ -334,6 +334,7 @@ krb5_accept( + char hostname[NI_MAXHOST]; + int result; + char *errmsg = NULL; ++ struct passwd *pw; + + krb5_init(); + +@@ -372,6 +373,12 @@ krb5_accept( + error("gss_server failed: %s\n", rc->errmsg); + rc->accept_fn = fn; + sec_tcp_conn_read(rc); ++ ++ /* totally drop privileges at this point ++ *(making the userid equal to the dumpuser) ++ */ ++ pw = getpwnam(CLIENT_LOGIN); ++ setreuid(pw->pw_uid, pw->pw_uid); + } + + /* +@@ -712,7 +719,7 @@ krb5_init(void) + beenhere = 1; + + #ifndef BROKEN_MEMORY_CCACHE +- putenv(stralloc("KRB5_ENV_CCNAME=MEMORY:amanda_ccache")); ++ putenv(stralloc(KRB5_ENV_CCNAME"=MEMORY:amanda_ccache")); + #else + /* + * MEMORY ccaches seem buggy and cause a lot of internal heap +@@ -727,7 +734,7 @@ krb5_init(void) + char *ccache; + ccache = malloc(128); + g_snprintf(ccache, SIZEOF(ccache), +- "KRB5_ENV_CCNAME=FILE:/tmp/amanda_ccache.%ld.%ld", ++ KRB5_ENV_CCNAME"=FILE:/tmp/amanda_ccache.%ld.%ld", + (long)geteuid(), (long)getpid()); + putenv(ccache); + } diff --git a/SOURCES/amanda-3.3.3-non-blocking-connection.patch b/SOURCES/amanda-3.3.3-non-blocking-connection.patch new file mode 100644 index 0000000..053eb0c --- /dev/null +++ b/SOURCES/amanda-3.3.3-non-blocking-connection.patch @@ -0,0 +1,12 @@ +diff -Nurp old/common-src/bsdtcp-security.c new/common-src/bsdtcp-security.c +--- old/common-src/bsdtcp-security.c 2013-01-10 13:54:54.000000000 +0100 ++++ new/common-src/bsdtcp-security.c 2017-01-23 15:21:20.168162397 +0100 +@@ -268,7 +268,7 @@ runbsdtcp( + STREAM_BUFSIZE, + STREAM_BUFSIZE, + &my_port, +- 0); ++ 1); + set_root_privs(0); + + if(server_socket < 0) { diff --git a/SOURCES/kamanda.socket b/SOURCES/kamanda.socket new file mode 100644 index 0000000..13b786b --- /dev/null +++ b/SOURCES/kamanda.socket @@ -0,0 +1,9 @@ +[Unit] +Description=Amanda Kerberos Activation Socket + +[Socket] +ListenStream=10082 +Accept=true + +[Install] +WantedBy=sockets.target diff --git a/SOURCES/kamanda@.service b/SOURCES/kamanda@.service new file mode 100644 index 0000000..50007de --- /dev/null +++ b/SOURCES/kamanda@.service @@ -0,0 +1,9 @@ +[Unit] +Description=Amanda Backup System +After=local-fs.target + +[Service] +User=root +Group=disk +ExecStart=/usr/sbin/amandad -auth=krb5 amdump amindexd amidxtaped +StandardInput=socket diff --git a/SPECS/amanda.spec b/SPECS/amanda.spec index 388ee54..e6dfbbd 100644 --- a/SPECS/amanda.spec +++ b/SPECS/amanda.spec @@ -10,7 +10,7 @@ Summary: A network-capable tape backup solution Name: amanda Version: 3.3.3 -Release: 17%{?dist} +Release: 18%{?dist} Source: http://downloads.sourceforge.net/amanda/amanda-%{version}.tar.gz Source1: amanda.crontab Source4: disklist @@ -21,6 +21,8 @@ Source11: activate-devpay.1.gz Source12: killpgrp.8 Source13: amanda-udp.socket Source14: amanda-udp.service +Source15: kamanda.socket +Source16: kamanda@.service Patch2: amanda-3.1.1-xattrs.patch Patch3: amanda-3.1.1-tcpport.patch Patch6: amanda-3.2.0-config-dir.patch @@ -28,6 +30,9 @@ Patch10: amanda-3.3.1-stdio.patch Patch11: amanda-3.3.2-autogen.patch Patch12: amanda-common-makefile.patch Patch13: amanda-error-amrecover.patch +Patch14: amanda-3.3.3-non-blocking-connection.patch +Patch15: amanda-3.3.3-krb5.patch +Patch16: amanda-3.3.3-decompress.patch License: BSD and GPLv3+ and GPLv2+ and GPLv2 Group: Applications/System @@ -108,6 +113,9 @@ server also needs to have the amanda-client package installed. %patch11 -p1 -b .autogen %patch12 -p1 -b .common-makefile %patch13 -p1 -b .error-amrecover +%patch14 -p1 -b .non-blocking-connection +%patch15 -p1 -b .krb5.patch +%patch16 -p1 -b .decompression ./autogen %build @@ -154,6 +162,8 @@ install -p -m 644 -D %{SOURCE9} %{buildroot}%{_unitdir}/amanda.socket install -p -m 644 -D %{SOURCE10} %{buildroot}%{_unitdir}/amanda@.service install -p -m 644 -D %{SOURCE13} %{buildroot}%{_unitdir}/amanda-udp.socket install -p -m 644 -D %{SOURCE14} %{buildroot}%{_unitdir}/amanda-udp.service +install -p -m 644 -D %{SOURCE15} %{buildroot}%{_unitdir}/kamanda.socket +install -p -m 644 -D %{SOURCE16} %{buildroot}%{_unitdir}/kamanda@.service install -D %{SOURCE11} %{buildroot}/%{_mandir}/man1/activate-devpay.1.gz install -D %{SOURCE12} %{buildroot}/%{_mandir}/man8/killpgrp.8 @@ -190,15 +200,18 @@ rm -rf ${RPM_BUILD_ROOT} /sbin/ldconfig %systemd_post amanda.socket %systemd_post amanda-udp.socket +%systemd_post kamanda.socket %preun %systemd_preun amanda.socket %systemd_preun amanda-udp.socket +%systemd_preun kamanda.socket %postun /sbin/ldconfig %systemd_postun_with_restart amanda.socket %systemd_postun_with_restart amanda-udp.socket +%systemd_postun_with_restart kamanda.socket %post client -p /sbin/ldconfig @@ -215,6 +228,8 @@ rm -rf ${RPM_BUILD_ROOT} %{_unitdir}/amanda.socket %{_unitdir}/amanda-udp.service %{_unitdir}/amanda-udp.socket +%{_unitdir}/kamanda@.service +%{_unitdir}/kamanda.socket %{_sbindir}/amandad @@ -473,6 +488,11 @@ rm -rf ${RPM_BUILD_ROOT} %changelog +* Tue Jan 24 2017 Josef Ridky - 3.3.3-18 +- Resolves: #1286330 - set non-blocking connection +- Resolves: #1299761 - fix amindex: invalid service +- Resolves: #1306980 - fix problem with handling compressed files + * Tue Aug 23 2016 Petr Hracek - 3.3.3-17 - Related: #1140321 Missing build dep on xfsdump