about summary refs log tree commit diff
path: root/nixpkgs/pkgs/tools/backup
diff options
context:
space:
mode:
Diffstat (limited to 'nixpkgs/pkgs/tools/backup')
-rw-r--r--nixpkgs/pkgs/tools/backup/borgmatic/default.nix10
-rw-r--r--nixpkgs/pkgs/tools/backup/percona-xtrabackup/8_0.nix4
-rw-r--r--nixpkgs/pkgs/tools/backup/store-backup/CVE-2020-7040.patch23
-rw-r--r--nixpkgs/pkgs/tools/backup/store-backup/default.nix12
4 files changed, 41 insertions, 8 deletions
diff --git a/nixpkgs/pkgs/tools/backup/borgmatic/default.nix b/nixpkgs/pkgs/tools/backup/borgmatic/default.nix
index 24d4e98ed1fa..2b3b9e92f90c 100644
--- a/nixpkgs/pkgs/tools/backup/borgmatic/default.nix
+++ b/nixpkgs/pkgs/tools/backup/borgmatic/default.nix
@@ -13,14 +13,14 @@
 
 python3Packages.buildPythonApplication rec {
   pname = "borgmatic";
-  version = "1.8.1";
+  version = "1.8.8";
 
   src = fetchPypi {
     inherit pname version;
-    sha256 = "sha256-XbihTQJtoiRRfwjMCP+XEPmbt7//zFPx1fIWOvn92Nc=";
+    sha256 = "sha256-dPWp8SH4//HJlCrF6YRaMb32idox1E0/Gd8qc/GmP4c=";
   };
 
-  nativeCheckInputs = with python3Packages; [ flexmock pytestCheckHook pytest-cov ];
+  nativeCheckInputs = with python3Packages; [ flexmock pytestCheckHook pytest-cov ] ++ passthru.optional-dependencies.apprise;
 
   # - test_borgmatic_version_matches_news_version
   # The file NEWS not available on the pypi source, and this test is useless
@@ -40,6 +40,10 @@ python3Packages.buildPythonApplication rec {
     setuptools
   ];
 
+  passthru.optional-dependencies = {
+    apprise = with python3Packages; [ apprise ];
+  };
+
   postInstall = ''
     installShellCompletion --cmd borgmatic \
       --bash <($out/bin/borgmatic --bash-completion)
diff --git a/nixpkgs/pkgs/tools/backup/percona-xtrabackup/8_0.nix b/nixpkgs/pkgs/tools/backup/percona-xtrabackup/8_0.nix
index 5bdfd864daca..fbb4c045d776 100644
--- a/nixpkgs/pkgs/tools/backup/percona-xtrabackup/8_0.nix
+++ b/nixpkgs/pkgs/tools/backup/percona-xtrabackup/8_0.nix
@@ -1,8 +1,8 @@
 { callPackage, ... } @ args:
 
 callPackage ./generic.nix (args // {
-  version = "8.0.34-29";
-  hash = "sha256-dO5ciIIAnKj2t+fYhrtnY7MvBThoA+SymBzN8H07giM=";
+  version = "8.0.35-30";
+  hash = "sha256-yagqBKU057Gk5pEyT2R3c5DtxNG/+TSPenFgbxUiHPo=";
 
   # includes https://github.com/Percona-Lab/libkmip.git
   fetchSubmodules = true;
diff --git a/nixpkgs/pkgs/tools/backup/store-backup/CVE-2020-7040.patch b/nixpkgs/pkgs/tools/backup/store-backup/CVE-2020-7040.patch
new file mode 100644
index 000000000000..9b78f9bab95f
--- /dev/null
+++ b/nixpkgs/pkgs/tools/backup/store-backup/CVE-2020-7040.patch
@@ -0,0 +1,23 @@
+Index: storeBackup/lib/fileDir.pl
+===================================================================
+--- storeBackup.orig/lib/fileDir.pl
++++ storeBackup/lib/fileDir.pl
+@@ -21,7 +21,7 @@
+ 
+ 
+ use Digest::MD5 qw(md5_hex);
+-use Fcntl qw(O_RDWR O_CREAT);
++use Fcntl qw(O_RDWR O_CREAT O_WRONLY O_EXCL);
+ use Fcntl ':mode';
+ use POSIX;
+ use Cwd 'abs_path';
+@@ -482,7 +482,7 @@ sub checkLockFile
+ 		  '-str' => ["creating lock file <$lockFile>"]);
+ 
+     &::checkDelSymLink($lockFile, $prLog, 0x01);
+-    open(FILE, '>', $lockFile) or
++    sysopen(FILE, $lockFile, O_WRONLY | O_CREAT | O_EXCL) or
+ 	$prLog->print('-kind' => 'E',
+ 		      '-str' => ["cannot create lock file <$lockFile>"],
+ 		      '-exit' => 1);
+
diff --git a/nixpkgs/pkgs/tools/backup/store-backup/default.nix b/nixpkgs/pkgs/tools/backup/store-backup/default.nix
index afa667ec0725..506ea600cbcb 100644
--- a/nixpkgs/pkgs/tools/backup/store-backup/default.nix
+++ b/nixpkgs/pkgs/tools/backup/store-backup/default.nix
@@ -14,7 +14,7 @@ in
 
 stdenv.mkDerivation rec {
 
-  version = "3.5";
+  version = "3.5.2";
 
   pname = "store-backup";
 
@@ -25,9 +25,14 @@ stdenv.mkDerivation rec {
 
   src = fetchurl {
     url = "https://download.savannah.gnu.org/releases/storebackup/storeBackup-${version}.tar.bz2";
-    sha256 = "0y4gzssc93x6y93mjsxm5b5cdh68d7ffa43jf6np7s7c99xxxz78";
+    hash = "sha256-Ki1DT2zypFFiiMVd9Y8eSX7T+yr8moWMoALmAexjqWU=";
   };
 
+  patches = [
+    # https://www.openwall.com/lists/oss-security/2020/01/20/3
+    ./CVE-2020-7040.patch
+  ];
+
   installPhase = ''
     mkdir -p $out/scripts
     mv * $out
@@ -48,7 +53,8 @@ stdenv.mkDerivation rec {
 
     PATH=$PATH:${dummyMount}/bin
 
-
+    export USER=test
+    export HOME=$(mktemp -d)
     { # simple sanity test, test backup/restore of simple store paths
 
       mkdir backup