Path to this page:
Subject: CVS commit: pkgsrc/sysutils
From: S.P.Zeidler
Date: 2018-11-23 23:33:13
Message id: 20181123223314.16A32FB1F@cvs.NetBSD.org
Log Message:
Update to 3.3.9, fixing CVE-2016-10729 and CVE-2016-10730
Upstream release notes:
Release Notes for 3.3.9:
new --with-security-file configure option
It set the default security file.
default to /etc/amanda-security.conf
security-fix
All previous release of amanda allow the 'amanda' user
to execute any code as root, and to execute an interactive shell
as root.
This is a security vulnerability if you do not trust the 'amanda' user.
There is no need to upgrade if you trust the 'amanda' user
and the account is secure
good password.
secure xinetd.conf setting.
secure .amandahosts setting.
The 'amanda' user can read all files in the machine, it is
what a backup program do.
The set of fix disable the abilities to run unwanted code
as root or to write file anywhere in the filesystem.
/etc/amanda-security.conf/etc/amanda-security.conf
A file that contains security setting.
It list all binaries amanda can execute as root.
restore_by_amanda_user
It tell if the 'amanda' user can do restore as root.
It allow the 'amanda' user to write files anywhere
in the filesystem.
amgtar/amstar/ambsdtar/runtar
Disable arguments that can fork program.
Verify the realpath (with symbolic link resolved) is
in the amanda-security.conf file.
Verify the tar/star/bsdtar realpath program is secure
owned by root and modifiable only by root.
On restore, check the restore_by_amanda_user setting
if not run by root.
Release Notes for 3.3.8:
s3 devices
New NEARLINE S3-STORAGE-CLASS for Google storage.
New AWS4 STORAGE-API
amcryptsimple
Works with newer gpg2.
amgtar
Default SPARSE value is NO if tar < 1.28.
Because a bug in tar with some filesystem.
amstar
support include in backup mode.
ampgsql
Add FULL-WAL property.
Many bugs fix.
Release Notes for 3.3.7p1:
Fix build in 3.3.7.
Release Notes for 3.3.7:
amvault
new --no-interactivity argument.
new --src-labelstr argument.
amdump
compute crc32 of the streams and write them to the debug files.
chg-robot
Add a BROKEN-DRIVE-LOADED-SLOT property.
Many bugs fix.
Release Notes for 3.3.6:
ambsdtar
new application that use BSD tar to do the backup.
Many bugs fix.
Release Notes for 3.3.5:
amtape
faster 'verify' command.
fix parsing of config override arguments.
amsamba
Add REGEX-MATCH property.
amvault
Print progress status.
ndmp device
INDIRECT property default to yes.
Many bugs fix.
Release Notes for 3.3.4:
amreport
new --format argument
new 'json' and 'json_raw' format.
amanda.conf
new REPORT-FORMAT option.
amtape
new 'verify' command.
amadmin
new 'force-level-1' command.
ampgsql
Add VERBOSE property.
S3 device
handle DURABLE_REDUCED_AVAILABILITY for google storage.
Many bugs fix.
Release Notes for 3.3.3:
amdump.X log files use timestamp instead of number, amdump
and amdump.1 are maintained as symlink.
chg-disk
Use the changerfile for the statefile.
s3 device
Support CASTOR storage
amanda.conf
New REPORT-USE-MEDIA and REPORT-NEXT-MEDIA setting.
amfetchdump
New --extract, --directory, --data-path and
--application-property arguments. It allow to do the extraction
on the server.
--exact-match argument to many command, and '=' prefix to expression.
It diable use of expression for host, disk, level and datestamp
on command line argument.
All changer scripts.
Add LOCK-TIMEOUT property.
Many bug fix
Release Notes for 3.3.2:
amgtar
New IGNORE-ZEROS property
amsamba
Fix use of subdir for restore
s3 device
New PROXY property
New PASSWORD, USERNAME, TENANT_ID, TENANT_NAME properties
New STORAGE_API property
New S3_MULTI_DELETE property
New CLIENT_ID, CLIENT_SECRET and REFRESH_TOKEN properties
New CREATE-BUCKET property
New PROJECT-ID property
New REUSE-CONNECTION property
Works with swift and google storage.
NDMP device
Add INDIRECT property
amanda.conf
Add 'max-warnings', The maximum number of warning lines in the report.
Default 'columspec' changed to:
HostName=0:-12:12,Disk=1:-11:11,Level=1:-1:1,OrigKB=1:-7:0,OutKB=1:-7:0, \
Compress=1:-6:1,DumpTime=1:-7:7,Dumprate=1:-6:1,TapeTime=1:-6:6, TapeRate=1:-6:1
amadmin
Add --no-default and --print-source arguments for config and
disklist command.
amfetchdump
Print progress.
Add --decrypt, --no-decrypt, --server-decrypt, --client-decrypt,
--compress, --no-compress, --server-compress and
--client-compress options.
fix for compilation with newer glib
fix for compilation on cigwin
Many bug fix
Files: