View Issue Details

IDProjectCategoryView StatusLast Update
0000838bareos-corefile daemonpublic2017-10-09 17:09
Reporterdebfx Assigned Tojoergs  
Status closedResolutionfixed 
PlatformLinuxOSDebianOS Version9
Product Version16.2.6 
Summary0000838: File corruption with SHA1 signature
DescriptionBareos 16.2.6 corrupts files when Signature=SHA1 is set in the FileSet configuration.

Tested with 16.2.4 and 16.2.6 with the Debian package (that uses gnutls as crypto backend) and sqlite3.

Very short file don't seem to be corrupted. Attached is an example of a corrupted restored file.

Downstream bug report:
Steps To ReproduceCopied from Debian bug:

1) install bareos 16.2.4 client and server packages - all with
2) run a SelfTest backup of the client/server.
3) Restore a file from this backup - everything should be fine.

4) now change
Signature = SHA1
in /etc/bareos/bareos-dir.d/fileset/SelfTest.conf

5) run another SelfTest Full backup
6) restore a file from this new backup

The restored file is corrupted.
TagsNo tags attached.


child of 0000836 closedjoergs Release bareos-16.2.7 




2017-07-25 22:43




2017-07-25 22:44




2017-07-26 07:12

developer   ~0002689

This report started as a question on bareos-user ml!topic/bareos-users/ORFYCMF73tI

I hope you know the Debian limitation due to gnutls use ?

And you don't have data encryption.

16.2.x is working on / builds with openSUSE dir,sd,fd and windows (2003-2016)


2017-07-26 08:14

reporter   ~0002690

Yes, I'm aware of the feature limitations. However the amount of testing (or lack thereof) the gnutls backend receives is much more concerning to me.


2017-07-26 18:36

developer   ~0002692

It seam to work fine with packages from

gnutls (instead of openssl) is something we don't use in packages, therefore it is not tested through our automated package testing and also not by

We already do automated testing of Bareos for all platforms we support. That are 37 Linux distribution (different releases + platforms), multiple Windows versions and Solaris. The Linux variants for all 3 different database backends.

We are not able to test it with all possible compile options.


2017-07-26 22:04


0001-bugfix-prevents-file-corruptions-by-SHA1.patch (867 bytes)   
From 49be4618319e681a4ad79fde63e984df1748938c Mon Sep 17 00:00:00 2001
From: Joerg Steffens <>
Date: Wed, 26 Jul 2017 21:57:38 +0200
Subject: [PATCH] bugfix: prevents file corruptions by SHA1

Fixes a bug when using SHA1 file signatures in Bareos version compiled
without openssl.

Fixes #838: File corruption with SHA1 signature
 src/lib/sha1.c | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/src/lib/sha1.c b/src/lib/sha1.c
index 9972cb2..f67c466 100644
--- a/src/lib/sha1.c
+++ b/src/lib/sha1.c
@@ -20,7 +20,8 @@ A million repetitions of "a"
-/* #define SHA1HANDSOFF * Copies data before messing with it. */
+/* #define SHA1HANDSOFF * Copies data before messing with it. Do not modify original data! */
 #include "sha1.h"



2017-07-26 22:09

developer   ~0002693

The attached patch solves the issue. Please note, that the file in question have not been modified since 2014, therefore this bug must have been there all the time.

Again, this bug have never affected packages.

It might be a good idea, to participate on
I've added a sha1 test there, and will publish it soon.


2017-08-07 15:41

developer   ~0002698

Fix committed to bareos bareos-16.2 branch with changesetid 7069.

Related Changesets

bareos: bareos-16.2 38d0aec7

2017-07-26 23:57


Ported: N/A

Details Diff
bugfix: prevents file corruptions by SHA1

Fixes a bug when using SHA1 file signatures in Bareos version compiled
without openssl.

Fixes 0000838: File corruption with SHA1 signature
Affected Issues
mod - src/lib/sha1.c Diff File

Issue History

Date Modified Username Field Change
2017-07-25 22:43 debfx New Issue
2017-07-25 22:43 debfx File Added: upgrade-from-grub-legacy.corrupt
2017-07-25 22:44 debfx File Added:
2017-07-26 07:12 tigerfoot Note Added: 0002689
2017-07-26 08:14 debfx Note Added: 0002690
2017-07-26 18:36 joergs Note Added: 0002692
2017-07-26 22:04 joergs File Added: 0001-bugfix-prevents-file-corruptions-by-SHA1.patch
2017-07-26 22:09 joergs Note Added: 0002693
2017-07-26 22:09 joergs Status new => resolved
2017-07-26 22:09 joergs Resolution open => fixed
2017-07-26 22:09 joergs Assigned To => joergs
2017-08-07 15:41 joergs Changeset attached => bareos bareos-16.2 38d0aec7
2017-08-07 15:41 joergs Note Added: 0002698
2017-10-09 15:29 joergs Relationship added child of 0000836
2017-10-09 17:09 joergs Status resolved => closed