diff options
Diffstat (limited to 'nixpkgs/pkgs/tools/backup')
4 files changed, 41 insertions, 8 deletions
diff --git a/nixpkgs/pkgs/tools/backup/borgmatic/default.nix b/nixpkgs/pkgs/tools/backup/borgmatic/default.nix index 24d4e98ed1fa..2b3b9e92f90c 100644 --- a/nixpkgs/pkgs/tools/backup/borgmatic/default.nix +++ b/nixpkgs/pkgs/tools/backup/borgmatic/default.nix @@ -13,14 +13,14 @@ python3Packages.buildPythonApplication rec { pname = "borgmatic"; - version = "1.8.1"; + version = "1.8.8"; src = fetchPypi { inherit pname version; - sha256 = "sha256-XbihTQJtoiRRfwjMCP+XEPmbt7//zFPx1fIWOvn92Nc="; + sha256 = "sha256-dPWp8SH4//HJlCrF6YRaMb32idox1E0/Gd8qc/GmP4c="; }; - nativeCheckInputs = with python3Packages; [ flexmock pytestCheckHook pytest-cov ]; + nativeCheckInputs = with python3Packages; [ flexmock pytestCheckHook pytest-cov ] ++ passthru.optional-dependencies.apprise; # - test_borgmatic_version_matches_news_version # The file NEWS not available on the pypi source, and this test is useless @@ -40,6 +40,10 @@ python3Packages.buildPythonApplication rec { setuptools ]; + passthru.optional-dependencies = { + apprise = with python3Packages; [ apprise ]; + }; + postInstall = '' installShellCompletion --cmd borgmatic \ --bash <($out/bin/borgmatic --bash-completion) diff --git a/nixpkgs/pkgs/tools/backup/percona-xtrabackup/8_0.nix b/nixpkgs/pkgs/tools/backup/percona-xtrabackup/8_0.nix index 5bdfd864daca..fbb4c045d776 100644 --- a/nixpkgs/pkgs/tools/backup/percona-xtrabackup/8_0.nix +++ b/nixpkgs/pkgs/tools/backup/percona-xtrabackup/8_0.nix @@ -1,8 +1,8 @@ { callPackage, ... } @ args: callPackage ./generic.nix (args // { - version = "8.0.34-29"; - hash = "sha256-dO5ciIIAnKj2t+fYhrtnY7MvBThoA+SymBzN8H07giM="; + version = "8.0.35-30"; + hash = "sha256-yagqBKU057Gk5pEyT2R3c5DtxNG/+TSPenFgbxUiHPo="; # includes https://github.com/Percona-Lab/libkmip.git fetchSubmodules = true; diff --git a/nixpkgs/pkgs/tools/backup/store-backup/CVE-2020-7040.patch b/nixpkgs/pkgs/tools/backup/store-backup/CVE-2020-7040.patch new file mode 100644 index 000000000000..9b78f9bab95f --- /dev/null +++ b/nixpkgs/pkgs/tools/backup/store-backup/CVE-2020-7040.patch @@ -0,0 +1,23 @@ +Index: storeBackup/lib/fileDir.pl +=================================================================== +--- storeBackup.orig/lib/fileDir.pl ++++ storeBackup/lib/fileDir.pl +@@ -21,7 +21,7 @@ + + + use Digest::MD5 qw(md5_hex); +-use Fcntl qw(O_RDWR O_CREAT); ++use Fcntl qw(O_RDWR O_CREAT O_WRONLY O_EXCL); + use Fcntl ':mode'; + use POSIX; + use Cwd 'abs_path'; +@@ -482,7 +482,7 @@ sub checkLockFile + '-str' => ["creating lock file <$lockFile>"]); + + &::checkDelSymLink($lockFile, $prLog, 0x01); +- open(FILE, '>', $lockFile) or ++ sysopen(FILE, $lockFile, O_WRONLY | O_CREAT | O_EXCL) or + $prLog->print('-kind' => 'E', + '-str' => ["cannot create lock file <$lockFile>"], + '-exit' => 1); + diff --git a/nixpkgs/pkgs/tools/backup/store-backup/default.nix b/nixpkgs/pkgs/tools/backup/store-backup/default.nix index afa667ec0725..506ea600cbcb 100644 --- a/nixpkgs/pkgs/tools/backup/store-backup/default.nix +++ b/nixpkgs/pkgs/tools/backup/store-backup/default.nix @@ -14,7 +14,7 @@ in stdenv.mkDerivation rec { - version = "3.5"; + version = "3.5.2"; pname = "store-backup"; @@ -25,9 +25,14 @@ stdenv.mkDerivation rec { src = fetchurl { url = "https://download.savannah.gnu.org/releases/storebackup/storeBackup-${version}.tar.bz2"; - sha256 = "0y4gzssc93x6y93mjsxm5b5cdh68d7ffa43jf6np7s7c99xxxz78"; + hash = "sha256-Ki1DT2zypFFiiMVd9Y8eSX7T+yr8moWMoALmAexjqWU="; }; + patches = [ + # https://www.openwall.com/lists/oss-security/2020/01/20/3 + ./CVE-2020-7040.patch + ]; + installPhase = '' mkdir -p $out/scripts mv * $out @@ -48,7 +53,8 @@ stdenv.mkDerivation rec { PATH=$PATH:${dummyMount}/bin - + export USER=test + export HOME=$(mktemp -d) { # simple sanity test, test backup/restore of simple store paths mkdir backup |