** Description changed: [Availability] https://launchpad.net/ubuntu/+source/bacula currently in universe builds for amd64, arm64, armhf, ppc64el, riscv64, s390x [Rationale] bacula is required in Ubuntu main for 25.10. it will generally be useful for a large part of our user base and our ubuntu's own services. bacula is a very complete backup solution which we want to use and support. All binary packages built by bacula need to be in main to be our supported backup solution. bacula: network backup service - metapackage bacula-bscan: network backup service - bscan tool bacula-client: network backup service - client metapackage bacula-common: network backup service - common support files bacula-common-mysql: network backup service - MySQL common files bacula-common-pgsql: network backup service - PostgreSQL common files bacula-common-sqlite3: network backup service - SQLite v3 common files bacula-console: network backup service - text console bacula-console-qt: network backup service - Bacula Administration Tool bacula-director: network backup service - Director daemon bacula-director-mysql: network backup service - MySQL storage for Director bacula-director-pgsql: network backup service - PostgreSQL storage for Director bacula-director-sqlite3: network backup service - SQLite 3 storage for Director bacula-fd: network backup service - file daemon bacula-sd: network backup service - storage daemon bacula-server: network backup service - server metapackage bacula-tray-monitor: network backup service - Bacula Tray Monitor The main inclusion is required in Ubuntu main no later than for 25.10 due to canonical's plan to use it. [Security] bacula had a few security issues in distance past, which were fixed quickly. - CVE-2020-11061 heap overflow https://gitlab.bacula.org/bacula-community-edition/bacula-community/-/commit/f9472227317b8e1d26a781d042e0efdf432a633f - CVE-2017-15367 sql injection - CVE-2014-8295 sql injection - CVE-2012-4430 acl rules not enforced https://gitlab.bacula.org/bacula-community-edition/bacula-community/-/commit/67debcecd3d530c429e817e1d778e79dcd1db905 - CVE-2008-5373 symlink attack on arbitrary files - CVE-2007-5626 mysql password disclosure through commandline/email - CVE-2005-2995 symlink attack - CVE-2005-2096 denial of service through zlib All binaries of bacula are in sbin, but that is no problem because: - all binaries in /sbin have 0755, and they could be moved to bin/ - no suid or sgid flags Package does install services, timers or recurring jobs: - bacula-director.service - bacula-fd.service - bacula-sd.service - Security has been kept in mind and common isolation/risk-mitigation patterns are in place utilizing the following features: - only for backing up contents root privileges are used - other services run as the "bacula" user - encryption passwords stored in /etc/bacula/ are readable by default for bacula/root only - Packages does not open privileged ports (ports < 1024) - it opens: director=9101, file-daemon=9102, storage-daemon=9103 - Packages do not contain extensions to security-sensitive software (filters, scanners, plugins, UI skins, ...) - _FORTIFY_SOURCE is undefined for the build since - "bacula uses is own memory manager" - "Bacula uses its own variant of fortified functions, which predates the implementation in GCC" - a patch to re-enable glibc's fortifications was tested, and the build still works with it. [Quality assurance - function/usage] - The package works well right after install - it even has integrated postgresql database setup - Due to the complexity of its desired application, it still needs post install configuration [Quality assurance - maintenance] - The package is maintained well in Debian/Ubuntu/Upstream and does not have too many, long-term & critical, open bugs - Ubuntu https://bugs.launchpad.net/ubuntu/+source/bacula/+bug - Debian https://bugs.debian.org/cgi-bin/pkgreport.cgi?src=bacula - https://gitlab.bacula.org/bacula-community-edition/bacula-community/-/issues - Some minor bugs are currently open, but they don't have major scope and are not critical [Quality assurance - testing] - The package does not run a test at build time - The package runs an autopkgtest, and is currently passing on amd64, arm64, armhf, i386, ppc64el, s390x - It creates and restores a backup - Test log: https://autopkgtest.ubuntu.com/results/autopkgtest-questing/questing/amd64/b/bacula/20250623_212933_7d1f6@/log.gz - More logs: https://autopkgtest.ubuntu.com/packages/bacula - The package does have not failing autopkgtests right now [Quality assurance - packaging] - debian/watch is present and works, and there's debian/README.source - debian/control defines a correct Maintainer field - This package does not yield massive lintian Warnings, Errors `lintian --pedantic` output: P: bacula-common: manual-page-for-system-command [usr/sbin/bsmtp] P: bacula-console-qt: manual-page-for-system-command [usr/sbin/bat] P: bacula-tray-monitor: manual-page-for-system-command [usr/sbin/bacula-tray-monitor] - Lintian overrides are present, but ok because: - hardening-no-fortify-functions is set for all binaries since _FORTIFY_SOURCE is undefined - spelling-error-in-binary for a false positive - maintainer-script-should-not-use-piuparts-variable for a working around warning about storage space in debian/bacula-common.preinst - executable-in-usr-lib for nagios checker in /usr/lib/nagios/plugins/check_bacula - This package does not rely on obsolete or about to be demoted packages. - This package has no python2 or GTK2 dependencies - The package will not be installed by default - Packaging is medium complex, but that is ok because bacula has multiple independent components split up to several binary packages [UI standards] - Application is end-user facing, Translation is present, via standard gettext runtime internationalization system (translations in po/) - End-user application "bacula-console-qt" that ships a standard conformant desktop file in /usr/share/applications/bat.desktop [Dependencies] - There are further dependencies that are not yet in main: - mt-st -> make "Suggested" dependency if not needed by Canonical IS - dbconfig-common (MIR in LP: #2115647) - dbconfig-common - - dbconfig-psql + - dbconfig-pgsql - dbconfig-sqlite3 - dbconfig-mysql - dbconfig-no-thanks - -> promote just dbconfig-no-thanks to main, so database setup has to be done manually (which would be better anyway, since the dbconfig actions are quite intransparent and hard to debug, I think) + -> promote just what we need (dbconfig-pgsql, dbconfig-no-thanks) to main) [Standards compliance] - This package correctly follows FHS and Debian Policy [Maintenance/Owner] - The owning team will be "server" and I have their acknowledgement for that commitment - This does not use static builds - This does not use vendored code - This package is not rust based - The package has been built within the last 3 months in the archive e.g. https://launchpad.net/ubuntu/+source/bacula/15.0.3-3/+build/30667108 [Background information] - The Package description explains the package well - Upstream Name is bacula - upstream repo: https://gitlab.bacula.org/bacula-community-edition/bacula-community
-- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2112455 Title: [MIR] bacula To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/bacula/+bug/2112455/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
