Hi, On Fri, 12 Jun 2015 17:30:51 +0200 Michael Renner <r...@amd.co.at> wrote: > Package: bareos > Version: 14.2.1+20141017gitc6c5b56-4 > Severity: critical > Justification: causes serious data loss > > In March 2015 bareos fixed a bug which caused silent corruption of > backups when the following conditions are met: > > * backups are written to disk (tape backups are not affected) > * autolabelling is enabled > * a backup spans over multiple volumes > * the additional volumes are newly created and labeled during the backup. > > Bug: https://bugs.bareos.org/view.php?id=437 > Announcement: > http://www.bareos.com/en/company_news/items/Bareos-14.2.4-published.html > Fix for 14.2: > https://github.com/bareos/bareos/commit/263240eaa911563a8468ecdaf7d4957201b41426 > > Given that the above conditions are met in most bareos installations > I've tagged this as critical. > > > While I'm at it I'd like to point out that Joerg Steffens, an upstream > maintainer, > employee and/or partner of bareos.com and co-maintainer of this > package in Debian, hasn't found the time to inform the Debian community of > this issue, lest > providing a patched package.
Attached is a debdiff that contains a backport of the upstream fix. Cheers, Felix
diff -Nru bareos-14.2.1+20141017gitc6c5b56/debian/patches/fix_multi_volume_data_corruption.diff bareos-14.2.1+20141017gitc6c5b56/debian/patches/fix_multi_volume_data_corruption.diff --- bareos-14.2.1+20141017gitc6c5b56/debian/patches/fix_multi_volume_data_corruption.diff 1970-01-01 01:00:00.000000000 +0100 +++ bareos-14.2.1+20141017gitc6c5b56/debian/patches/fix_multi_volume_data_corruption.diff 2015-06-13 01:07:56.000000000 +0200 @@ -0,0 +1,39 @@ +Description: Backport of upstream fix "Don't trash dcr->rec while doing autolabeling." +Origin: backport, https://github.com/bareos/bareos/commit/263240eaa911563a8468ecdaf7d4957201b41426 +Bug: https://bugs.bareos.org/view.php?id=437 +Bug-Debian: https://bugs.debian.org/788543 + +--- bareos-14.2.1+20141017gitc6c5b56.orig/src/stored/label.c ++++ bareos-14.2.1+20141017gitc6c5b56/src/stored/label.c +@@ -341,6 +341,7 @@ static bool write_volume_label_to_block( + bool write_new_volume_label_to_dev(DCR *dcr, const char *VolName, + const char *PoolName, bool relabel) + { ++ DEV_RECORD *rec; + JCR *jcr = dcr->jcr; + DEVICE *dev = dcr->dev; + DEV_BLOCK *block = dcr->block; +@@ -420,15 +421,18 @@ bool write_new_volume_label_to_dev(DCR * + goto bail_out; + } + +- create_volume_label_record(dcr, dev, dcr->rec); +- dcr->rec->Stream = 0; +- dcr->rec->maskedStream = 0; ++ rec = new_record(); ++ create_volume_label_record(dcr, dev, rec); ++ rec->Stream = 0; ++ rec->maskedStream = 0; + +- if (!write_record_to_block(dcr, dcr->rec)) { ++ if (!write_record_to_block(dcr, rec)) { + Dmsg2(130, "Bad Label write on %s: ERR=%s\n", dev->print_name(), dev->print_errmsg()); ++ free_record(rec); + goto bail_out; + } else { +- Dmsg2(130, "Wrote label of %d bytes to %s\n", dcr->rec->data_len, dev->print_name()); ++ Dmsg2(130, "Wrote label of %d bytes to %s\n", rec->data_len, dev->print_name()); ++ free_record(rec); + } + + Dmsg0(130, "Call write_block_to_dev()\n"); diff -Nru bareos-14.2.1+20141017gitc6c5b56/debian/patches/series bareos-14.2.1+20141017gitc6c5b56/debian/patches/series --- bareos-14.2.1+20141017gitc6c5b56/debian/patches/series 2014-12-01 19:25:28.000000000 +0100 +++ bareos-14.2.1+20141017gitc6c5b56/debian/patches/series 2015-06-13 01:02:49.000000000 +0200 @@ -1 +1,2 @@ size_t_cn_length.patch +fix_multi_volume_data_corruption.diff