Debian Bug report logs -
#365097
bacula-common: Uses the same passwords on every Debian installation
Reported by: John Goerzen <jgoerzen@complete.org>
Date: Thu, 27 Apr 2006 22:03:13 UTC
Severity: important
Tags: confirmed, security
Merged with 487805
Found in version bacula/2.2.8-8
Fixed in version bacula/5.0.0-6
Done: John Goerzen <jgoerzen@complete.org>
Bug is archived. No further changes may be made.
Toggle useless messages
Report forwarded to debian-bugs-dist@lists.debian.org, Jose Luis Tallon <jltallon@adv-solutions.net>:
Bug#365097; Package bacula-common.
(full text, mbox, link).
Acknowledgement sent to John Goerzen <jgoerzen@complete.org>:
New Bug report received and forwarded. Copy sent to Jose Luis Tallon <jltallon@adv-solutions.net>.
(full text, mbox, link).
Message #5 received at submit@bugs.debian.org (full text, mbox, reply):
Package: bacula-common
Severity: important
Tags: security
This exists in all versions in Debian.
A default password -- the empty password -- is used in all the Bacula
configs. This is predictable by anyone with access to ftp.debian.org
and thus represents a serious security risk. See
/usr/share/bacula-common/defconfig for all these examples.
-- System Information:
Debian Release: testing/unstable
APT prefers unstable
APT policy: (500, 'unstable')
Architecture: i386 (i686)
Shell: /bin/sh linked to /bin/bash
Kernel: Linux 2.6.13.3
Locale: LANG=C, LC_CTYPE=en_US (charmap=ISO-8859-1)
Versions of packages bacula-common depends on:
ii adduser 3.87 Add and remove users and groups
ii debconf [debconf-2.0] 1.5.0 Debian configuration management sy
bacula-common recommends no packages.
-- no debconf information
Merged 365097 487805.
Request was from Peter Palfrader <weasel@debian.org>
to control@bugs.debian.org.
(Tue, 24 Jun 2008 09:42:05 GMT) (full text, mbox, link).
Severity set to 'grave' from 'important'
Request was from "Lucas B. Cohen" <lbc@members.fsf.org>
to control@bugs.debian.org.
(Thu, 26 Nov 2009 21:48:19 GMT) (full text, mbox, link).
Added tag(s) confirmed.
Request was from "Lucas B. Cohen" <lbc@members.fsf.org>
to control@bugs.debian.org.
(Fri, 27 Nov 2009 20:27:21 GMT) (full text, mbox, link).
Severity set to 'important' from 'grave'
Request was from John Goerzen <jgoerzen@complete.org>
to control@bugs.debian.org.
(Tue, 02 Feb 2010 03:12:07 GMT) (full text, mbox, link).
Information forwarded
to debian-bugs-dist@lists.debian.org, John Goerzen <jgoerzen@complete.org>:
Bug#365097; Package bacula-common.
(Tue, 23 Feb 2010 15:42:06 GMT) (full text, mbox, link).
Acknowledgement sent
to jgoerzen@complete.org:
Extra info received and forwarded to list. Copy sent to John Goerzen <jgoerzen@complete.org>.
(Tue, 23 Feb 2010 15:42:06 GMT) (full text, mbox, link).
Message #18 received at 365097@bugs.debian.org (full text, mbox, reply):
tags 365097 pending
thanks
A commit relevant to this bug has occurred.
Revision: 8381602cfbecaea0ca8559100020f878af81a237
commit 8381602cfbecaea0ca8559100020f878af81a237
Merge: 243b76a 43f548d
Author: John Goerzen <jgoerzen@complete.org>
Date: Tue Feb 23 09:23:47 2010 -0600
Merge branch 'passwordfix'
This branch began with Ubuntu's patch against 3.0.2-3 to generate
Bacula passwords at install time rather than at build time. Ubuntu's
patch included other unrelated changes which were removed. Some bugs
in it were fixed.
Kept change to bacula-common.postrm to rm -rf /var/{log,lib}/bacula on
purge.
passwordfix branch HEAD was 43f548d22905f432c582ac125c8a89beba99cd75
Closes: #365097.
Diff: http://git.debian.org/?p=users/jgoerzen/bacula;a=commitdiff_plain;h=8381602cfbecaea0ca8559100020f878af81a237
debian/bacula-common.postinst | 18 ++++++++++++++++++
debian/bacula-common.postrm | 2 ++
debian/bacula-common.templates | 23 +++++++++++++++++++++++
debian/bacula-director-mysql.postinst | 18 ++++++++++++++++--
debian/bacula-director-pgsql.postinst | 17 +++++++++++++++--
debian/bacula-director-sqlite3.postinst | 21 ++++++++++++++++++---
debian/bacula-fd.postinst | 11 ++++++++++-
debian/bacula-sd.postinst | 12 ++++++++++--
debian/rules | 11 ++++++++++-
9 files changed, 122 insertions(+), 11 deletions(-)
create mode 100644 debian/bacula-common.templates
More details are available at:
http://git.debian.org/?p=users/jgoerzen/bacula;a=commit;h=8381602cfbecaea0ca8559100020f878af81a237
Added tag(s) pending.
Request was from jgoerzen@complete.org
to control@bugs.debian.org.
(Tue, 23 Feb 2010 15:42:09 GMT) (full text, mbox, link).
Reply sent
to John Goerzen <jgoerzen@complete.org>:
You have taken responsibility.
(Mon, 01 Mar 2010 22:18:03 GMT) (full text, mbox, link).
Notification sent
to John Goerzen <jgoerzen@complete.org>:
Bug acknowledged by developer.
(Mon, 01 Mar 2010 22:18:03 GMT) (full text, mbox, link).
Message #25 received at 365097-close@bugs.debian.org (full text, mbox, reply):
Source: bacula
Source-Version: 5.0.0-6
We believe that the bug you reported is fixed in the latest version of
bacula, which is due to be installed in the Debian FTP archive:
bacula-client_5.0.0-6_all.deb
to main/b/bacula/bacula-client_5.0.0-6_all.deb
bacula-common-mysql_5.0.0-6_i386.deb
to main/b/bacula/bacula-common-mysql_5.0.0-6_i386.deb
bacula-common-pgsql_5.0.0-6_i386.deb
to main/b/bacula/bacula-common-pgsql_5.0.0-6_i386.deb
bacula-common-sqlite3_5.0.0-6_i386.deb
to main/b/bacula/bacula-common-sqlite3_5.0.0-6_i386.deb
bacula-common_5.0.0-6_i386.deb
to main/b/bacula/bacula-common_5.0.0-6_i386.deb
bacula-console-qt_5.0.0-6_i386.deb
to main/b/bacula/bacula-console-qt_5.0.0-6_i386.deb
bacula-console_5.0.0-6_i386.deb
to main/b/bacula/bacula-console_5.0.0-6_i386.deb
bacula-director-common_5.0.0-6_i386.deb
to main/b/bacula/bacula-director-common_5.0.0-6_i386.deb
bacula-director-mysql_5.0.0-6_i386.deb
to main/b/bacula/bacula-director-mysql_5.0.0-6_i386.deb
bacula-director-pgsql_5.0.0-6_i386.deb
to main/b/bacula/bacula-director-pgsql_5.0.0-6_i386.deb
bacula-director-sqlite3_5.0.0-6_i386.deb
to main/b/bacula/bacula-director-sqlite3_5.0.0-6_i386.deb
bacula-director-sqlite_5.0.0-6_all.deb
to main/b/bacula/bacula-director-sqlite_5.0.0-6_all.deb
bacula-fd_5.0.0-6_i386.deb
to main/b/bacula/bacula-fd_5.0.0-6_i386.deb
bacula-sd-mysql_5.0.0-6_i386.deb
to main/b/bacula/bacula-sd-mysql_5.0.0-6_i386.deb
bacula-sd-pgsql_5.0.0-6_i386.deb
to main/b/bacula/bacula-sd-pgsql_5.0.0-6_i386.deb
bacula-sd-sqlite3_5.0.0-6_i386.deb
to main/b/bacula/bacula-sd-sqlite3_5.0.0-6_i386.deb
bacula-sd-sqlite_5.0.0-6_i386.deb
to main/b/bacula/bacula-sd-sqlite_5.0.0-6_i386.deb
bacula-sd_5.0.0-6_i386.deb
to main/b/bacula/bacula-sd_5.0.0-6_i386.deb
bacula-server_5.0.0-6_all.deb
to main/b/bacula/bacula-server_5.0.0-6_all.deb
bacula-traymonitor_5.0.0-6_i386.deb
to main/b/bacula/bacula-traymonitor_5.0.0-6_i386.deb
bacula_5.0.0-6.diff.gz
to main/b/bacula/bacula_5.0.0-6.diff.gz
bacula_5.0.0-6.dsc
to main/b/bacula/bacula_5.0.0-6.dsc
bacula_5.0.0-6_all.deb
to main/b/bacula/bacula_5.0.0-6_all.deb
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 365097@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
John Goerzen <jgoerzen@complete.org> (supplier of updated bacula package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.8
Date: Mon, 01 Mar 2010 15:43:02 -0600
Source: bacula
Binary: bacula bacula-common bacula-common-sqlite3 bacula-common-pgsql bacula-common-mysql bacula-director-common bacula-director-sqlite bacula-director-sqlite3 bacula-director-mysql bacula-director-pgsql bacula-client bacula-fd bacula-server bacula-sd bacula-sd-sqlite3 bacula-sd-sqlite bacula-sd-mysql bacula-sd-pgsql bacula-console bacula-console-qt bacula-traymonitor
Architecture: source all i386
Version: 5.0.0-6
Distribution: unstable
Urgency: low
Maintainer: John Goerzen <jgoerzen@complete.org>
Changed-By: John Goerzen <jgoerzen@complete.org>
Description:
bacula - network backup, recovery and verification - meta-package
bacula-client - network backup, recovery and verification - client meta-package
bacula-common - network backup, recovery and verification - common support files
bacula-common-mysql - network backup, recovery and verification - MySQL common files
bacula-common-pgsql - network backup, recovery and verification - PostgreSQL common fil
bacula-common-sqlite3 - network backup, recovery and verification - SQLite v3 common file
bacula-console - network backup, recovery and verification - text console
bacula-console-qt - Bacula Administration Tool Console
bacula-director-common - network backup, recovery and verification - Director common files
bacula-director-mysql - network backup, recovery and verification - MySQL storage for Dir
bacula-director-pgsql - network backup, recovery and verification - PostgreSQL storage fo
bacula-director-sqlite - network backup, recovery and verification - SQLite 2 director tra
bacula-director-sqlite3 - network backup, recovery and verification - SQLite 3 storage for
bacula-fd - network backup, recovery and verification - file daemon
bacula-sd - network backup, recovery and verification - storage daemon
bacula-sd-mysql - network backup, recovery and verification - MySQL SD tools
bacula-sd-pgsql - network backup, recovery and verification - PostgreSQL SD tools
bacula-sd-sqlite - network backup, recovery and verification - SQLite SD tools
bacula-sd-sqlite3 - network backup, recovery and verification - SQLite 3 SD tools
bacula-server - network backup, recovery and verification - server meta-package
bacula-traymonitor - network backup, recovery and verification - tray monitor
Closes: 365097
Changes:
bacula (5.0.0-6) unstable; urgency=low
.
* Generate default passwords at install time instead of at build time.
Closes: #365097. Patch originated in Ubuntu; modified for Debian.
Merged to Debian master at 8381602cfbecaea0ca8559100020f878af81a237.
* Call rm -rf /var/{log,lib}/bacula on purge. This patch was part of
Ubuntu's set merged above.
* Modified Ubuntu's password patch to use
/etc/bacula/common_default_passwords instead of debconf per Debian
practice.
* Added full LSB support to init scripts. Patch originated in Ubuntu,
and was merged with LSB status support already in Debian.
Merged to Debian master at b3e2b4bc8dc1ad2a66b1e80c4cfa6176a15a062d.
* Correct perms on new Sqlite3 database so it's owned by bacula:bacula.
* Correct Sqlite3 postinst to handle paths of DBNAME correctly.
Checksums-Sha1:
e602ed0937e0091cee48ffe0669fc87bb71eafda 1909 bacula_5.0.0-6.dsc
c94a353fdba3c9f469a70490ef325762da663f58 42348 bacula_5.0.0-6.diff.gz
48398355fd56fd1aea9c5278d4bac968757e1471 1018 bacula_5.0.0-6_all.deb
43b82f49a3f8142c4b570f5f18623073035574d2 44626 bacula-director-sqlite_5.0.0-6_all.deb
4a484372c2c4c9a527d29a67ef3b387693e5f397 44656 bacula-client_5.0.0-6_all.deb
df58bcfbddb1a2767573c611a231af8ec2bf3526 44576 bacula-server_5.0.0-6_all.deb
128fee185c36ddcf9d1d1cac173663a2b9460fc2 622088 bacula-common_5.0.0-6_i386.deb
026e333019fb9323b97052e1938b3c916ab8c7b1 95554 bacula-common-sqlite3_5.0.0-6_i386.deb
4da632c51d5c4b95c030de5daddf35293b0ea60d 100496 bacula-common-pgsql_5.0.0-6_i386.deb
adbcc114edea4fc6ec557fac815658a86ef2bb78 96704 bacula-common-mysql_5.0.0-6_i386.deb
d2beeaf452f36b906ae46e5453c050eb6f16ce43 52894 bacula-director-common_5.0.0-6_i386.deb
fcfc65bbe58ff114a1dc5a5441a5b2fe2bbbbf91 293904 bacula-director-sqlite3_5.0.0-6_i386.deb
ee3560fa617b4eb715505948033ce21165d2879c 294258 bacula-director-mysql_5.0.0-6_i386.deb
bdfa96e46aa3a816e039ff2d7515f423c6d96ec5 294342 bacula-director-pgsql_5.0.0-6_i386.deb
02bdb21252e499ac5757fa4ffafd6a5eeeaaa6c0 117884 bacula-fd_5.0.0-6_i386.deb
a905f326813299db0ee215438f98efb8569f4265 448860 bacula-sd_5.0.0-6_i386.deb
c74012af904946cbfa2f3edb85a8e15bffd587ae 425134 bacula-sd-sqlite3_5.0.0-6_i386.deb
3f9ffb8c5e012ea6ef80cf8c3c653194267bb2c7 44558 bacula-sd-sqlite_5.0.0-6_i386.deb
76e8f84c5b4570f174bde27e6a753793526750c3 425178 bacula-sd-mysql_5.0.0-6_i386.deb
5e9811b975eef8c74daa74a6acf766612e6edd98 425186 bacula-sd-pgsql_5.0.0-6_i386.deb
30073b88386a98e709cba7705914f91c95a83acf 62092 bacula-console_5.0.0-6_i386.deb
fc73d112c69b7aedef08376cb24ff7d6ceac6d56 631976 bacula-console-qt_5.0.0-6_i386.deb
cf06508d7c2e3677fac3ad758823316b2fa5e1f1 64544 bacula-traymonitor_5.0.0-6_i386.deb
Checksums-Sha256:
0a8f8bb6173b71f4d72a92ae27c44891102f2a4f5c09cef11c9c0d15ae297b0d 1909 bacula_5.0.0-6.dsc
20095a34e2e77f0c05b6de76d22c40b9bf79206ff8c4868d179063d14d981ce5 42348 bacula_5.0.0-6.diff.gz
a0f30ec98f39abdf29c76bdea49fb18e21d4d6a2326d282e754a490f1bc2f00d 1018 bacula_5.0.0-6_all.deb
1048811e4fe156e876f156d46dd6b506ee69bd3cb8b49f50fd34eeb540158684 44626 bacula-director-sqlite_5.0.0-6_all.deb
e16feb95103452eb5faaef128bc6eba49c32e002a30e45b7bb63564a63f80b01 44656 bacula-client_5.0.0-6_all.deb
55f01e3c585f3e8ba5df344f1e005dc8e2ceec5ca32f9e0979ca1ab25b0c0330 44576 bacula-server_5.0.0-6_all.deb
14ad8a3602c170d8cc6c463d6771621b6a425b1555b34103283e22510200d7ba 622088 bacula-common_5.0.0-6_i386.deb
2be008e93ee566ba201650f96f8b061b3b2e791391fafef633c21f6ea0a1bc6b 95554 bacula-common-sqlite3_5.0.0-6_i386.deb
8c0b1c05f069dd164d411f1b3dc1e07d163691ecdec2c5aa775529d0dcf3d5c8 100496 bacula-common-pgsql_5.0.0-6_i386.deb
96be1ae374d23037f2c8900c3bd8472849237d56cb552b44397dfd0534153fdd 96704 bacula-common-mysql_5.0.0-6_i386.deb
eb1418d1ef8a7415ac3caad09e3bdce15d59e7864304017220897d4363330b00 52894 bacula-director-common_5.0.0-6_i386.deb
db72660c77031d1dd0df637fedd1c624984965b069be7cd2d7c302ebfd8a0d0c 293904 bacula-director-sqlite3_5.0.0-6_i386.deb
4acad7e941f44ddef1cd94f4dcaafd8e7d83dd451e6acd75921d4a5a9e07fc20 294258 bacula-director-mysql_5.0.0-6_i386.deb
a4c04a7958acfcacf51b2fc8d53fc528c0e2b05ce4f2ca35516e2bc3865308d3 294342 bacula-director-pgsql_5.0.0-6_i386.deb
e3a0a829e7c0cc59565576d37457dfc056a18e787f844e42ba4d3ed5fe560b38 117884 bacula-fd_5.0.0-6_i386.deb
4819e5aa3ea2522fd14b80a60cf8354e1dbb7ccc8a14989f3a22b447b00df832 448860 bacula-sd_5.0.0-6_i386.deb
676f210bddeedf1f729ff5b3aa5d78d1530e5f43b053906993119eee37c86392 425134 bacula-sd-sqlite3_5.0.0-6_i386.deb
eb8d6656c32f9f178de623a8a0d3df24b9c6e470b4364cb70e61b66be3c38519 44558 bacula-sd-sqlite_5.0.0-6_i386.deb
b15adc6501149c9c69b2c81580564d9ff6b3de6713c97b83e5fdc801007c397e 425178 bacula-sd-mysql_5.0.0-6_i386.deb
1855e384b9e3d05322bb2248d4235ca6c1772dc1eea198c92b4150f53a524fce 425186 bacula-sd-pgsql_5.0.0-6_i386.deb
a3f9f62bafa2d7b64e9ce6d87333da737596dc9d2accc87134356f287a3cc62c 62092 bacula-console_5.0.0-6_i386.deb
f1117aa2dd32cd9f21dbcdb2bc929635eb95f9c687a93fa1d9a603e5b39a69f4 631976 bacula-console-qt_5.0.0-6_i386.deb
04d778d99f34d13f89855fc524f4a43ba7b978cdc9c20cdc059f9fc7260b16b7 64544 bacula-traymonitor_5.0.0-6_i386.deb
Files:
b4db4aa24e85d67b00239633c0116903 1909 admin optional bacula_5.0.0-6.dsc
d922482679c37c0a94045d7dcb5efdc3 42348 admin optional bacula_5.0.0-6.diff.gz
eb2a557511e9d7cdc86cbdef93f47180 1018 admin optional bacula_5.0.0-6_all.deb
c503ab2aaa40a19bfd5b9db779b1e6ac 44626 admin optional bacula-director-sqlite_5.0.0-6_all.deb
dba206bec4e36f57d1d18cf5113d2f30 44656 admin optional bacula-client_5.0.0-6_all.deb
eaa72a8ab58da192a2fabc8ff2580f9d 44576 admin optional bacula-server_5.0.0-6_all.deb
77fa93f563eda1d01f0caecee4b77b1c 622088 admin optional bacula-common_5.0.0-6_i386.deb
92b3e1980f7a9c37c79223d229e76248 95554 admin optional bacula-common-sqlite3_5.0.0-6_i386.deb
82598a0dccde67251b59dfa1fed985a8 100496 admin optional bacula-common-pgsql_5.0.0-6_i386.deb
e606f5dcc99ea8aa3cabb3983f59889a 96704 admin optional bacula-common-mysql_5.0.0-6_i386.deb
2880d54007cc7abb35fca70cad0c27ae 52894 admin optional bacula-director-common_5.0.0-6_i386.deb
b5ca0be767063016d0d06907893af14c 293904 admin optional bacula-director-sqlite3_5.0.0-6_i386.deb
3635ef2150ccc2fd7178cc99a8e247ce 294258 admin optional bacula-director-mysql_5.0.0-6_i386.deb
79137cd4272f012eb491379d31d35fb0 294342 admin optional bacula-director-pgsql_5.0.0-6_i386.deb
9d72e361fb488512b4922841744c850b 117884 admin optional bacula-fd_5.0.0-6_i386.deb
95532ca3c3d144c8f52d5df1fae1dbcc 448860 admin optional bacula-sd_5.0.0-6_i386.deb
19a1d519dde8a9a86cf02d07c59c2e53 425134 admin optional bacula-sd-sqlite3_5.0.0-6_i386.deb
675ffbec094c660deca11ecef22b3c81 44558 admin optional bacula-sd-sqlite_5.0.0-6_i386.deb
0a0a42a48ef829715076a3d8cc4e7bf5 425178 admin optional bacula-sd-mysql_5.0.0-6_i386.deb
4011644b4d3114ef3a74012feb87b474 425186 admin optional bacula-sd-pgsql_5.0.0-6_i386.deb
df7a3934dad354cb85efb205c60364ab 62092 admin optional bacula-console_5.0.0-6_i386.deb
50db65d6259ebedd13b20d4cde442334 631976 utils optional bacula-console-qt_5.0.0-6_i386.deb
28872b0fff655f0729770fc255243384 64544 admin optional bacula-traymonitor_5.0.0-6_i386.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)
iEYEARECAAYFAkuMOEMACgkQ3PeFtIodmh/PLQCffWWkf7YyLSmOJYD+r22or82v
5EwAn0DlKgj4duzGI9UaRj7c5vM8/K1T
=5YFm
-----END PGP SIGNATURE-----
Reply sent
to John Goerzen <jgoerzen@complete.org>:
You have taken responsibility.
(Mon, 01 Mar 2010 22:18:04 GMT) (full text, mbox, link).
Notification sent
to Peter Palfrader <weasel@debian.org>:
Bug acknowledged by developer.
(Mon, 01 Mar 2010 22:18:04 GMT) (full text, mbox, link).
Bug archived.
Request was from Debbugs Internal Request <owner@bugs.debian.org>
to internal_control@bugs.debian.org.
(Thu, 01 Apr 2010 07:29:11 GMT) (full text, mbox, link).
Send a report that this bug log contains spam.
Debian bug tracking system administrator <owner@bugs.debian.org>.
Last modified:
Wed Jan 10 23:33:05 2018;
Machine Name:
beach
Debian Bug tracking system
Debbugs is free software and licensed under the terms of the GNU
Public License version 2. The current version can be obtained
from https://bugs.debian.org/debbugs-source/.
Copyright © 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd,
1994-97 Ian Jackson,
2005-2017 Don Armstrong, and many other contributors.