diff options
| author | Thomas Gerbet <thomas@gerbet.me> | 2024-02-02 22:18:03 +0100 |
|---|---|---|
| committer | github-actions[bot] <github-actions[bot]@users.noreply.github.com> | 2024-02-21 10:33:57 +0000 |
| commit | 960cdcb6021319fd0b89ab1c6b09b9dd7d3614ae (patch) | |
| tree | 3c53dcb86e5fa56fbb19ba69c25bcda71ba3a994 | |
| parent | pleroma: 2.6.1 -> 2.6.2 (diff) | |
| download | nixpkgs-960cdcb6021319fd0b89ab1c6b09b9dd7d3614ae.tar.gz | |
storeBackup: 3.5 -> 3.5.2, apply patch for CVE-2020-7040
Changelog:
```
version 3.5.1
storeBackup.pl
- linkToRecent didn't work when used for the very first time
in a series
- added option suppressInfo with key readCheckSums
- changed the order of execution:
write backup -> sync -> write 'finished' -> write linkToRecent
-> delete old backups -> start postcommand
storeBackupMergeIsolatedBackup.pl
- added option --move
storeBackupSearch.pl
- option 'backupDir' didn't work (normally not needed)
lib/fileDir.pl
- more detailed error messages when copying of a file does
not succeed
lib/checkParam2.pl
- overwriting settings from config file via commandline didn't
work for options with parameters
storeBackup.pl, storeBackupUpdateBackup.pl, linkToDirs.pl
- added option --maxHardLinks
----------------------------
version 3.5.2
storeBackup.pl
- option --maxHardLinks was not configurable in the
configuration file
- pipe buffering was changed to new needs since
about kernel 5.13 (relevant only if you backup devices)
storeBackupRecover.pl
- restoring of devices (eg. sda) didn't work because of
bug in option checkDevicesDir0 in storeBackup.pl when
using more than one directory level like "Devs/Sticks"
storeBackupUpdateBackup.pl
- added log file entry about number of WARNINGs and
ERRORs happend (like at storeBackup.pl)
```
(cherry picked from commit d10d3fe5d6dcaae5099e190f4de1a49355889f19)
| -rw-r--r-- | pkgs/tools/backup/store-backup/CVE-2020-7040.patch | 23 | ||||
| -rw-r--r-- | pkgs/tools/backup/store-backup/default.nix | 12 |
2 files changed, 32 insertions, 3 deletions
diff --git a/pkgs/tools/backup/store-backup/CVE-2020-7040.patch b/pkgs/tools/backup/store-backup/CVE-2020-7040.patch new file mode 100644 index 000000000000..9b78f9bab95f --- /dev/null +++ b/pkgs/tools/backup/store-backup/CVE-2020-7040.patch @@ -0,0 +1,23 @@ +Index: storeBackup/lib/fileDir.pl +=================================================================== +--- storeBackup.orig/lib/fileDir.pl ++++ storeBackup/lib/fileDir.pl +@@ -21,7 +21,7 @@ + + + use Digest::MD5 qw(md5_hex); +-use Fcntl qw(O_RDWR O_CREAT); ++use Fcntl qw(O_RDWR O_CREAT O_WRONLY O_EXCL); + use Fcntl ':mode'; + use POSIX; + use Cwd 'abs_path'; +@@ -482,7 +482,7 @@ sub checkLockFile + '-str' => ["creating lock file <$lockFile>"]); + + &::checkDelSymLink($lockFile, $prLog, 0x01); +- open(FILE, '>', $lockFile) or ++ sysopen(FILE, $lockFile, O_WRONLY | O_CREAT | O_EXCL) or + $prLog->print('-kind' => 'E', + '-str' => ["cannot create lock file <$lockFile>"], + '-exit' => 1); + diff --git a/pkgs/tools/backup/store-backup/default.nix b/pkgs/tools/backup/store-backup/default.nix index afa667ec0725..506ea600cbcb 100644 --- a/pkgs/tools/backup/store-backup/default.nix +++ b/pkgs/tools/backup/store-backup/default.nix @@ -14,7 +14,7 @@ in stdenv.mkDerivation rec { - version = "3.5"; + version = "3.5.2"; pname = "store-backup"; @@ -25,9 +25,14 @@ stdenv.mkDerivation rec { src = fetchurl { url = "https://download.savannah.gnu.org/releases/storebackup/storeBackup-${version}.tar.bz2"; - sha256 = "0y4gzssc93x6y93mjsxm5b5cdh68d7ffa43jf6np7s7c99xxxz78"; + hash = "sha256-Ki1DT2zypFFiiMVd9Y8eSX7T+yr8moWMoALmAexjqWU="; }; + patches = [ + # https://www.openwall.com/lists/oss-security/2020/01/20/3 + ./CVE-2020-7040.patch + ]; + installPhase = '' mkdir -p $out/scripts mv * $out @@ -48,7 +53,8 @@ stdenv.mkDerivation rec { PATH=$PATH:${dummyMount}/bin - + export USER=test + export HOME=$(mktemp -d) { # simple sanity test, test backup/restore of simple store paths mkdir backup |