Description of problem: The backuppc config file config.pl ships with sane default settings apart from the path to ssh $Conf{SshPath} = ''; which defaults to NULL With $Conf{SshPath} left as default backuppc all backups fail. It would be a help to newcomers to backuppc os the ssh path was predefined just like all the other programme paths in the configuration. (Actually $Conf{ParPath} is not defined either, but that parameter is not commonly needed.)
cc'ing Juergen This is only a minor problem, but it managed to confuse me for half an hour when installing backuppc on a clients server recently.
CC: (none) => juergen.harms
Thank you for signalling this, I share your opinion on what the default configuration should offer. I am presently on vacation with limited bandwidth and away from my server - will have a closer look in two weeks. Juergen
The path to smbclient is also missing, as I found out yesterday when I tried to set up a new client.
Before doing these 2 corrections, I will have a serious look at the standard default file and check whether I find other issues that should be corrected (my private config file had its own life, and I had never gone back to the standard default file - time to do that).
In fact, the spec file of the backuppc package contains a list of path-name hashes that are modifyed for Mageia customisation: - the line that redefines SmbClientPath contained a typo (redefined it to TarClientPath rather than SmbClientPath), - a line for defining SshPath was missing, - there was yet another path (NmbLookupPath) for which the Mageia-specific definition was not defined. I have prepared a new version with a corrected spec file. I will test and push the new version next week when I am back home. These issues also concern Mageia 1 and Cauldron (probably imported from Mandriva): flagging this in the whiteboard.
Whiteboard: (none) => MGA1TOO
The update is now tested and - in principle - ready. There is one issue where I would like to get a second opinion: As I have it now, the update corrects / adds definitions for distro-dependant path variables for Linux utilities (SmbClientPath, SshPath, NmbLookupPath) - as required in the bug report. Shall I also add the definition of the variable TopDir (its value must be /var/lib/backuppc to make backuppc work properly)? that goes beyond a strict interpretation of the bug report - and each user can edit config.pl locally. But if this bug aims at facilitating the installation of backuppc by new users, that would make much sense (documentation on this is issue is not easy to find / interpret and may be a stumbling block for a new user). An alternative to include the definition of TopDir in this update would be to do it in Cauldron -> Mageia3.
Depends on: (none) => 6005
Updated packages have been pushed to updates_testing on Mageia 1 and 2 (including the definition of the TopDir variable). The Mageia 1 update package also fixes a bug relative to the ownership of files in /etc/backuppc (the Configuration Editor could not write the results of editing to the configuration file) - already corrected in Mageia 2 during its pre-release phase. Suggested Advisory: (Mageia 2) =================== This update package corrects/improves the definition of variables in config.pl, the configuration file of backuppc: the variables SshPath, SmbClientPath, NmbLookupPath, TarClientPath, TopDir. As a result, backuppc should now run with the default values installed by the Mageia package, modifications of config.pl should only be required for defining site-specific settings. Suggested Advisory: (Mageia 1) =================== This update package corrects/improves the definition of variables in config.pl, the configuration file of backuppc: the variables SshPath, SmbClientPath, NmbLookupPath, TarClientPath, TopDir. As a result, backuppc should now run with the default values installed by the Mageia package, modifications of config.pl should only be required for defining site-specific settings. This update also fixes a bug which blocked correct use of the Configuration Editor in the Web-interface to backuppc. Updated packages in core/updates-testing ======================================== backuppc-3.2.0-6.mga1 backuppc-3.2.1-7.mga2 from SRPMS: backuppc-3.2.0-6.mga1.src.rpm backuppc-3.2.1-7.mga2.src.rpm
CC: (none) => qa-bugs
Assignee: bugsquad => qa-bugs
Thanks Juergen. Due to the different advisories and already existing two bugs, we'll use this bug for the Mageia 1 and update and Bug 6005 for the Mageia 2 update.
CC: (none) => luigiwalserVersion: 2 => 1Summary: Path to ssh missing in backuppc config file => Path to ssh missing in backuppc config file (also CVE-2011-5081 and CVE-2011-4923)Whiteboard: MGA1TOO => (none)
Summary: Path to ssh missing in backuppc config file (also CVE-2011-5081 and CVE-2011-4923) => Path to ssh missing in backuppc config file (also CVE-2011-5081 and CVE-2011-4923) [mga1]
Advisory: ======================== Updated backuppc packages fix security vulnerabilities: Cross-site scripting (XSS) vulnerability in RestoreFile.pm in BackupPC 3.1.0, 3.2.1, and possibly other earlier versions allows remote attackers to inject arbitrary web script or HTML via the share parameter in a RestoreFile action to index.cgi (CVE-2011-5081). Cross-site scripting (XSS) vulnerability in View.pm in BackupPC 3.0.0, 3.1.0, 3.2.0, 3.2.1, and possibly earlier allows remote attackers to inject arbitrary web script or HTML via the num parameter in a view action to index.cgi, related to the log file viewer (CVE-2011-4923). Also, This update package corrects/improves the definition of variables in config.pl, the configuration file of backuppc: the variables SshPath, SmbClientPath, NmbLookupPath, TarClientPath, TopDir. As a result, backuppc should now run with the default values installed by the Mageia package, modifications of config.pl should only be required for defining site-specific settings. Finally, This update also fixes a bug which blocked correct use of the Configuration Editor in the Web-interface to backuppc. References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-5081 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-4923 http://www.ubuntu.com/usn/usn-1444-1/ ======================== Updated packages in core/updates_testing: ======================== backuppc-3.2.0-6.mga1 from backuppc-3.2.0-6.mga1.src.rpm
Testing complete on Mageia 1 i586. Set up a smb share in an xp VirtualBox guest, and used backuppc to backup the share.
CC: (none) => davidwhodginsWhiteboard: (none) => MGA1-32-OK
Tested on x86_64 and already pushed as backuppc-3.2.1-7.mga2.src.rpm see Bug 6005
Status: NEW => RESOLVEDResolution: (none) => FIXED
This bug is for the Mageia 1 package. See Comment 9.
Status: RESOLVED => REOPENEDResolution: FIXED => (none)
whoops.. sorry
validated on x86_64 Update validated Could sysadmin please push backuppc-3.2.0-6.mga1.src.rpm from core/updates/testing to core/updates depcheck says no packages to link Advisory: ======================== Updated backuppc packages fix security vulnerabilities: Cross-site scripting (XSS) vulnerability in RestoreFile.pm in BackupPC 3.1.0, 3.2.1, and possibly other earlier versions allows remote attackers to inject arbitrary web script or HTML via the share parameter in a RestoreFile action to index.cgi (CVE-2011-5081). Cross-site scripting (XSS) vulnerability in View.pm in BackupPC 3.0.0, 3.1.0, 3.2.0, 3.2.1, and possibly earlier allows remote attackers to inject arbitrary web script or HTML via the num parameter in a view action to index.cgi, related to the log file viewer (CVE-2011-4923). Also, This update package corrects/improves the definition of variables in config.pl, the configuration file of backuppc: the variables SshPath, SmbClientPath, NmbLookupPath, TarClientPath, TopDir. As a result, backuppc should now run with the default values installed by the Mageia package, modifications of config.pl should only be required for defining site-specific settings. Finally, This update also fixes a bug which blocked correct use of the Configuration Editor in the Web-interface to backuppc. References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-5081 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-4923 http://www.ubuntu.com/usn/usn-1444-1/
Keywords: (none) => validated_updateCC: (none) => sysadmin-bugsWhiteboard: MGA1-32-OK => MGA1-32-OK MGA1-64-OK
The mixup (Comment #13) between the Mageia 1 and Mageia 2 updates goes back to a fault I had made: 6530 was originally a common report for the same bug on both systems, but while correcting this bug, I dicovered that a fix done on Mageia 2 during pre-release was missing on Mageia 1. At that moment I should have created a new bug for Mageia 1 - which I did not. Always learning, and thank you, David, for arranging this by using bugzilla #6005 for Mageia 2 and #6530 for Mageia 1.
Update pushed: https://wiki.mageia.org/en/Support/Advisories/MGASA-2012-0165
Status: REOPENED => RESOLVEDCC: (none) => tmbResolution: (none) => FIXED