Showing up in component mismatches after the seed changes landed
** Changed in: bacula (Ubuntu)
Status: In Progress => Fix Committed
** Description changed:
[Availability]
https://launchpad.net/ubuntu/+source/bacula
currently in universe
builds for amd64, arm64, armhf, ppc64el, riscv64, s390x
[Rationale]
bacula is required in Ubuntu main for 25.10.
it will generally be useful for a large part of our user base and our
ubuntu's own services.
bacula is a very complete backup solution which we want to use and
support.
Just some binary packages built by bacula need to be in main to be our
supported backup solution.
bacula: network backup service - metapackage
bacula-bscan: network backup service - bscan tool
bacula-client: network backup service - client metapackage
bacula-common: network backup service - common support files
bacula-common-pgsql: network backup service - PostgreSQL common files
bacula-console: network backup service - text console
bacula-director: network backup service - Director daemon
bacula-director-pgsql: network backup service - PostgreSQL storage for
Director
bacula-fd: network backup service - file daemon
bacula-sd: network backup service - storage daemon
bacula-server: network backup service - server metapackage
Remain in universe:
bacula-common-mysql: network backup service - MySQL common files
bacula-common-sqlite3: network backup service - SQLite v3 common files
bacula-console-qt: network backup service - Bacula Administration Tool
bacula-director-mysql: network backup service - MySQL storage for Director
bacula-director-sqlite3: network backup service - SQLite 3 storage for
Director
bacula-tray-monitor: network backup service - Bacula Tray Monitor
The main inclusion is required in Ubuntu main no later than for 25.10
due to canonical's plan to use it.
[Security]
bacula had a few security issues in distance past, which were fixed quickly.
- CVE-2020-11061 heap overflow
https://gitlab.bacula.org/bacula-community-edition/bacula-community/-/commit/f9472227317b8e1d26a781d042e0efdf432a633f
- CVE-2017-15367 sql injection
- CVE-2014-8295 sql injection
- CVE-2012-4430 acl rules not enforced
https://gitlab.bacula.org/bacula-community-edition/bacula-community/-/commit/67debcecd3d530c429e817e1d778e79dcd1db905
- CVE-2008-5373 symlink attack on arbitrary files
- CVE-2007-5626 mysql password disclosure through commandline/email
- CVE-2005-2995 symlink attack
- CVE-2005-2096 denial of service through zlib
All binaries of bacula are in sbin, but that is no problem because:
- all binaries in /sbin have 0755, and they could be moved to bin/
- no suid or sgid flags
Package does install services, timers or recurring jobs:
- bacula-director.service
- bacula-fd.service
- bacula-sd.service
- Security has been kept in mind and common isolation/risk-mitigation
patterns are in place utilizing the following features:
- only for backing up contents root privileges are used
- other services run as the "bacula" user
- encryption passwords stored in /etc/bacula/ are readable by default for
bacula/root only
- Packages does not open privileged ports (ports < 1024)
- it opens: director=9101, file-daemon=9102, storage-daemon=9103
- Packages do not contain extensions to security-sensitive software
(filters, scanners, plugins, UI skins, ...)
- _FORTIFY_SOURCE is undefined for the build since
- "bacula uses is own memory manager"
- "Bacula uses its own variant of fortified functions, which predates the
implementation in GCC"
- a patch to re-enable glibc's fortifications was tested, and the build
still works with it.
[Quality assurance - function/usage]
- The package works well right after install
- it even has integrated postgresql database setup
- Due to the complexity of its desired application, it still needs post
install configuration
[Quality assurance - maintenance]
- The package is maintained well in Debian/Ubuntu/Upstream and does
not have too many, long-term & critical, open bugs
- Ubuntu https://bugs.launchpad.net/ubuntu/+source/bacula/+bug
- Debian https://bugs.debian.org/cgi-bin/pkgreport.cgi?src=bacula
-
https://gitlab.bacula.org/bacula-community-edition/bacula-community/-/issues
- Some minor bugs are currently open, but they don't have major scope and are
not critical
[Quality assurance - testing]
- The package does not run a test at build time
- The package runs an autopkgtest, and is currently passing on amd64, arm64,
armhf, i386, ppc64el, s390x
- It creates and restores a backup
- Test log:
https://autopkgtest.ubuntu.com/results/autopkgtest-questing/questing/amd64/b/bacula/20250623_212933_7d1f6@/log.gz
- More logs: https://autopkgtest.ubuntu.com/packages/bacula
- The package does have not failing autopkgtests right now
[Quality assurance - packaging]
- debian/watch is present and works, and there's debian/README.source
- debian/control defines a correct Maintainer field
- This package does not yield massive lintian Warnings, Errors
`lintian --pedantic` output:
P: bacula-common: manual-page-for-system-command [usr/sbin/bsmtp]
P: bacula-console-qt: manual-page-for-system-command [usr/sbin/bat]
P: bacula-tray-monitor: manual-page-for-system-command
[usr/sbin/bacula-tray-monitor]
- Lintian overrides are present, but ok because:
- hardening-no-fortify-functions is set for all binaries since
_FORTIFY_SOURCE is undefined
- spelling-error-in-binary for a false positive
- maintainer-script-should-not-use-piuparts-variable for a working around
warning about storage space in debian/bacula-common.preinst
- executable-in-usr-lib for nagios checker in
/usr/lib/nagios/plugins/check_bacula
- This package does not rely on obsolete or about to be demoted packages.
- This package has no python2 or GTK2 dependencies
- The package will not be installed by default
- Packaging is medium complex, but that is ok because bacula has multiple
independent components split up to several binary packages
[UI standards]
- Application is end-user facing, Translation is present, via standard
gettext runtime internationalization system (translations in po/)
- End-user application "bacula-console-qt" that ships a standard conformant
desktop file in /usr/share/applications/bat.desktop
[Dependencies]
- There are further dependencies that are not yet in main:
- mt-st -> make "Suggested" dependency (not needed by Canonical IS)
- src:dbconfig-common (MIR in LP: #2115647) promote what we need:
- dbconfig-common
- dbconfig-pgsql
- dbconfig-no-thanks
+ Also it used to be in main long ago => bug 201832
+
[Standards compliance]
- This package correctly follows FHS and Debian Policy
[Maintenance/Owner]
- The owning team will be "server" and I have their acknowledgement for that
commitment
- This does not use static builds
- This does not use vendored code
- This package is not rust based
- The package has been built within the last 3 months in the archive
e.g. https://launchpad.net/ubuntu/+source/bacula/15.0.3-3/+build/30667108
[Background information]
- The Package description explains the package well
- Upstream Name is bacula
- upstream repo:
https://gitlab.bacula.org/bacula-community-edition/bacula-community
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/2112455
Title:
[MIR] bacula
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/bacula/+bug/2112455/+subscriptions
--
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
