From 4d68e0746f356570ec76b8f8301b5bc9ce59928610d5a2b352a229576b3e3d84 Mon Sep 17 00:00:00 2001
From: Martin Pluskal <mpluskal@suse.com>
Date: Sun, 19 May 2019 16:15:26 +0000
Subject: [PATCH] Accepting request 703736 from
 home:kstreitova:branches:Archiving

- update the list of suid binaries [bsc#1110797]
  * added: ambind, ambsdtar, amgtar, amstar
  * removed: amcheck, planner, dumper
- update README.SUSE and add a note about setuid binaries and the
  fact that user amanda and members of the group amanda should be
  considered privileged users

OBS-URL: https://build.opensuse.org/request/show/703736
OBS-URL: https://build.opensuse.org/package/show/Archiving/amanda?expand=0&rev=76
---
 amanda-SUSE.tar.bz2 |  4 ++--
 amanda.changes      | 10 ++++++++++
 amanda.spec         | 41 +++++++++++++++++++++++++++--------------
 3 files changed, 39 insertions(+), 16 deletions(-)

diff --git a/amanda-SUSE.tar.bz2 b/amanda-SUSE.tar.bz2
index dedc6e2..5d44cf6 100644
--- a/amanda-SUSE.tar.bz2
+++ b/amanda-SUSE.tar.bz2
@@ -1,3 +1,3 @@
 version https://git-lfs.github.com/spec/v1
-oid sha256:aaaf07c0dbadfc360f5e02224cf3f8ef0d86750ca914b148c28bec80ed3497fb
-size 8500
+oid sha256:ecbf3e5d8a6d697c76c8716e559f8219276a5ad313747a144948bb5f66efcde9
+size 9050
diff --git a/amanda.changes b/amanda.changes
index 99839e0..a7e754a 100644
--- a/amanda.changes
+++ b/amanda.changes
@@ -1,3 +1,13 @@
+-------------------------------------------------------------------
+Fri May 17 14:48:10 UTC 2019 - Kristýna Streitová <kstreitova@suse.com>
+
+- update the list of suid binaries [bsc#1110797]
+  * added: ambind, ambsdtar, amgtar, amstar
+  * removed: amcheck, planner, dumper
+- update README.SUSE and add a note about setuid binaries and the
+  fact that user amanda and members of the group amanda should be
+  considered privileged users 
+
 -------------------------------------------------------------------
 Mon Mar 26 12:21:30 UTC 2018 - dimstar@opensuse.org
 
diff --git a/amanda.spec b/amanda.spec
index e57689a..7fed59e 100644
--- a/amanda.spec
+++ b/amanda.spec
@@ -1,7 +1,7 @@
 #
 # spec file for package amanda
 #
-# Copyright (c) 2018 SUSE LINUX GmbH, Nuernberg, Germany.
+# Copyright (c) 2019 SUSE LINUX GmbH, Nuernberg, Germany.
 #
 # All modifications and additions to the file contributed by third parties
 # remain the property of their copyright owners, unless otherwise agreed
@@ -12,7 +12,7 @@
 # license that conforms to the Open Source Definition (Version 1.9)
 # published by the Open Source Initiative.
 
-# Please submit bugfixes or comments via http://bugs.opensuse.org/
+# Please submit bugfixes or comments via https://bugs.opensuse.org/
 #
 
 
@@ -144,13 +144,14 @@ find %{buildroot} \( -name "*.a" -o -name "*.la" \) -delete
 
 # create a list of binaries to be checked externally
 cat << EOF > %{buildroot}%{_libexecdir}/amanda/suidlist
-%{_sbindir}/amcheck
+%{_libexecdir}/amanda/ambind
+%{_libexecdir}/amanda/application/ambsdtar
+%{_libexecdir}/amanda/application/amgtar
+%{_libexecdir}/amanda/application/amstar
 %{_libexecdir}/amanda/calcsize
-%{_libexecdir}/amanda/rundump
-%{_libexecdir}/amanda/planner
-%{_libexecdir}/amanda/runtar
-%{_libexecdir}/amanda/dumper
 %{_libexecdir}/amanda/killpgrp
+%{_libexecdir}/amanda/rundump
+%{_libexecdir}/amanda/runtar
 EOF
 
 # create a symlink for amoldrecover manpage
@@ -174,7 +175,7 @@ ln -s amrecover.8.gz %{buildroot}%{_mandir}/man8/amoldrecover.8
 
 %post
 %if 0%{?set_permissions:1}
-%set_permissions %{_sbindir}/amcheck %{_libexecdir}/amanda/calcsize %{_libexecdir}/amanda/rundump %{_libexecdir}/amanda/planner %{_libexecdir}/amanda/runtar %{_libexecdir}/amanda/dumper %{_libexecdir}/amanda/killpgrp
+%set_permissions %{_libexecdir}/amanda/ambind %{_libexecdir}/amanda/application/ambsdtar %{_libexecdir}/amanda/application/amgtar %{_libexecdir}/amanda/application/amstar %{_libexecdir}/amanda/calcsize %{_libexecdir}/amanda/killpgrp %{_libexecdir}/amanda/rundump %{_libexecdir}/amanda/runtar
 %else
 %run_permissions
 %endif
@@ -270,7 +271,7 @@ ln -s amrecover.8.gz %{buildroot}%{_mandir}/man8/amoldrecover.8
 %{_sbindir}/amlabel
 %{_sbindir}/amoverview
 %{_sbindir}/amplot
-%verify(not mode) %attr(0750,root,%{amanda_group}) %{_sbindir}/amcheck
+%{_sbindir}/amcheck
 %attr(0750,amanda,%{amanda_group}) %{_sbindir}/amrecover
 %{_sbindir}/amreport
 %{_sbindir}/amrestore
@@ -303,7 +304,6 @@ ln -s amrecover.8.gz %{buildroot}%{_mandir}/man8/amoldrecover.8
 %{_libexecdir}/amanda/amplot.g
 %{_libexecdir}/amanda/amplot.gp
 %defattr(755,amanda,%{amanda_group})
-%{_libexecdir}/amanda/ambind
 %{_libexecdir}/amanda/amandad
 %{_libexecdir}/amanda/amdumpd
 %{_libexecdir}/amanda/amidxtaped
@@ -330,14 +330,27 @@ ln -s amrecover.8.gz %{buildroot}%{_mandir}/man8/amoldrecover.8
 %{_libexecdir}/amanda/teecount
 %{_libexecdir}/amanda/restore
 %{_libexecdir}/amanda/senddiscover
+%{_libexecdir}/amanda/dumper
+%{_libexecdir}/amanda/planner
+%dir %{_libexecdir}/amanda/application/
+%{_libexecdir}/amanda/application/amlog-script
+%{_libexecdir}/amanda/application/ampgsql
+%{_libexecdir}/amanda/application/amrandom
+%{_libexecdir}/amanda/application/amraw
+%{_libexecdir}/amanda/application/amsamba
+%{_libexecdir}/amanda/application/amsuntar
+%{_libexecdir}/amanda/application/amzfs-sendrecv
+%{_libexecdir}/amanda/application/amzfs-snapshot
+%{_libexecdir}/amanda/application/script-email
+%{_libexecdir}/amanda/application/script-fail
+%verify(not mode) %attr(0750,root,%{amanda_group})%{_libexecdir}/amanda/ambind
+%verify(not mode) %attr(0750,root,%{amanda_group})%{_libexecdir}/amanda/application/ambsdtar
+%verify(not mode) %attr(0750,root,%{amanda_group})%{_libexecdir}/amanda/application/amgtar
+%verify(not mode) %attr(0750,root,%{amanda_group})%{_libexecdir}/amanda/application/amstar
 %verify(not mode) %attr(0750,root,%{amanda_group})%{_libexecdir}/amanda/calcsize
-%verify(not mode) %attr(0750,root,%{amanda_group})%{_libexecdir}/amanda/dumper
 %verify(not mode) %attr(0750,root,%{amanda_group})%{_libexecdir}/amanda/killpgrp
-%verify(not mode) %attr(0750,root,%{amanda_group})%{_libexecdir}/amanda/planner
 %verify(not mode) %attr(0750,root,%{amanda_group})%{_libexecdir}/amanda/rundump
 %verify(not mode) %attr(0750,root,%{amanda_group})%{_libexecdir}/amanda/runtar
-%dir %{_libexecdir}/amanda/application/
-%{_libexecdir}/amanda/application/*
 # include shared libs
 %dir %{_libdir}/amanda/
 %{_libdir}/amanda/lib*