[Pkg-bareos-devel] Bug#869608: bareos-filedaemon: corrupts backups when signature=SHA1 in fileset

Tom Weber xdeb at abyss.4t2.com
Mon Jul 24 18:03:31 UTC 2017


Package: bareos-filedaemon
Version: 16.2.4-3
Severity: critical
Justification: causes serious data loss

to reproduce:
1) install bareos 16.2.4 client and server packages - all with
defaults.
2) run a SelfTest backup of the client/server.
3) Restore a file from this backup - everything should be fine.

4) now change
Signature = SHA1
in /etc/bareos/bareos-dir.d/fileset/SelfTest.conf

5) run another SelfTest Full backup
6) restore a file from this new backup

The restored file is corrupted.

I marked this critical because I upgraded a debian 8 client to debian 9
without any problems. Backups (bareos 15.2.2 Server) appeared to be
running fine until I had to do a restore and ended up with broken
files.

Regards,
  Tom

-- System Information:
Debian Release: 9.1
  APT prefers stable
  APT policy: (500, 'stable')
Architecture: amd64 (x86_64)

Kernel: Linux 4.10.17-1-pve (SMP w/4 CPU cores)
Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8),
LANGUAGE=de_DE:de:en_US:en_GB:en (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: sysvinit (via /sbin/init)

Versions of packages bareos-filedaemon depends on:
ii  adduser                3.115
ii  bareos-common          16.2.4-3
ii  debconf [debconf-2.0]  1.5.61
ii  init-system-helpers    1.48
ii  libacl1                2.2.52-3+b1
ii  libc6                  2.24-11+deb9u1
ii  libcap2                1:2.25-1
ii  libgcc1                1:6.3.0-18
ii  libgnutls30            3.5.8-5+deb9u2
ii  libjansson4            2.9-1
ii  liblzo2-2              2.08-1.2+b2
ii  libstdc++6             6.3.0-18
ii  libwrap0               7.6.q-26
ii  lsb-base               9.20161125
ii  lsof                   4.89+dfsg-0.1
ii  zlib1g                 1:1.2.8.dfsg-5

bareos-filedaemon recommends no packages.

bareos-filedaemon suggests no packages.



More information about the Pkg-bareos-devel mailing list