pkgsrc-Changes archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
CVS commit: pkgsrc/sysutils/py-borgbackup
Module Name: pkgsrc
Committed By: bsiegert
Date: Thu Aug 31 14:53:48 UTC 2023
Modified Files:
pkgsrc/sysutils/py-borgbackup: Makefile distinfo
Log Message:
py-borgbackup: update to 1.2.5 (security)
- Security: fix pre-1.2.5 archives spoofing vulnerability (CVE-2023-36811), see
details and necessary upgrade procedure described below.
- create: do not try to read parent dir of recursion root
- extract: fix false warning about pattern never matching
- diff: remove surrogates before output
- compact: clear empty directories at end of compact process
- create --files-cache=size: fix crash
- keyfiles: improve key sanity check
- only warn about "invalid" chunker params
- ProgressIndicatorPercent: fix space computation for wide chars
- improve argparse validator error messages
New features:
- mount: make up volname if not given (macOS). macFUSE supports a volname mount
option to give what finder displays on the desktop / in the directory view. if
the user did not specify it, we make something up, because otherwise it would be
"macFUSE Volume 0 (Python)" and hide the mountpoint directory name.
- BORG_WORKAROUNDS=authenticated_no_key to extract from authenticated repos
without key
Pre-1.2.5 archives spoofing vulnerability (CVE-2023-36811)
----------------------------------------------------------
A flaw in the cryptographic authentication scheme in Borg allowed an attacker to
fake archives and potentially indirectly cause backup data loss in the repository.
The attack requires an attacker to be able to
1. insert files (with no additional headers) into backups
2. gain write access to the repository
This vulnerability does not disclose plaintext to the attacker, nor does it
affect the authenticity of existing archives.
Creating plausible fake archives may be feasible for empty or small archives,
but is unlikely for large archives.
The fix enforces checking the TAM authentication tag of archives at critical
places. Borg now considers archives without TAM as garbage or an attack.
We are not aware of others having discovered, disclosed or exploited this vulnerability.
Below, if we speak of borg 1.2.5, we mean a borg version >= 1.2.5 **or** a
borg version that has the relevant security patches for this vulnerability applied
(could be also an older version in that case).
Steps you must take to upgrade a repository:
1. Upgrade all clients using this repository to borg 1.2.5.
Note: it is not required to upgrade a server, except if the server-side borg
is also used as a client (and not just for "borg serve").
Do **not** run ``borg check`` with borg 1.2.5 before completing the upgrade steps.
2. Run ``borg info --debug <repository> 2>&1 | grep TAM | grep -i manifest``.
a) If you get "TAM-verified manifest", continue with 3.
b) If you get "Manifest TAM not found and not required", run
``borg upgrade --tam --force <repository>`` *on every client*.
3. Run ``borg list --format='{name} {time} tam:{tam}{NL}' <repository>``.
"tam:verified" means that the archive has a valid TAM authentication.
"tam:none" is expected as output for archives created by borg <1.0.9.
"tam:none" could also come from archives created by an attacker.
You should verify that "tam:none" archives are authentic and not malicious
(== have good content, have correct timestamp, can be extracted successfully).
In case you find crappy/malicious archives, you must delete them before proceeding.
In low-risk, trusted environments, you may decide on your own risk to skip step 3
and just trust in everything being OK.
4. If there are no tam:non archives left at this point, you can skip this step.
Run ``borg upgrade --archives-tam <repository>``.
This will make sure all archives are TAM authenticated (an archive TAM will be added
for all archives still missing one).
``borg check`` would consider TAM-less archives as garbage or a potential attack.
Optionally run the same command as in step 3 to see that all archives now are "tam:verified".
To generate a diff of this commit:
cvs rdiff -u -r1.44 -r1.45 pkgsrc/sysutils/py-borgbackup/Makefile
cvs rdiff -u -r1.30 -r1.31 pkgsrc/sysutils/py-borgbackup/distinfo
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: pkgsrc/sysutils/py-borgbackup/Makefile
diff -u pkgsrc/sysutils/py-borgbackup/Makefile:1.44 pkgsrc/sysutils/py-borgbackup/Makefile:1.45
--- pkgsrc/sysutils/py-borgbackup/Makefile:1.44 Tue Aug 1 23:20:53 2023
+++ pkgsrc/sysutils/py-borgbackup/Makefile Thu Aug 31 14:53:48 2023
@@ -1,6 +1,6 @@
-# $NetBSD: Makefile,v 1.44 2023/08/01 23:20:53 wiz Exp $
+# $NetBSD: Makefile,v 1.45 2023/08/31 14:53:48 bsiegert Exp $
-DISTNAME= borgbackup-1.2.4
+DISTNAME= borgbackup-1.2.5
PKGNAME= ${PYPKGPREFIX}-${DISTNAME}
CATEGORIES= sysutils python
MASTER_SITES= ${MASTER_SITE_PYPI:=b/borgbackup/}
Index: pkgsrc/sysutils/py-borgbackup/distinfo
diff -u pkgsrc/sysutils/py-borgbackup/distinfo:1.30 pkgsrc/sysutils/py-borgbackup/distinfo:1.31
--- pkgsrc/sysutils/py-borgbackup/distinfo:1.30 Fri Mar 24 07:08:55 2023
+++ pkgsrc/sysutils/py-borgbackup/distinfo Thu Aug 31 14:53:48 2023
@@ -1,5 +1,5 @@
-$NetBSD: distinfo,v 1.30 2023/03/24 07:08:55 wiz Exp $
+$NetBSD: distinfo,v 1.31 2023/08/31 14:53:48 bsiegert Exp $
-BLAKE2s (borgbackup-1.2.4.tar.gz) = 3ed79944eac18f2b8f648885f468caef94f366f0896266a18ac6065e313406d7
-SHA512 (borgbackup-1.2.4.tar.gz) = 9326a58605a085f521ba75a2eecfb4bdb790d3da18c77076bddaeae641678cc08171d997a758182a739ec6b145bb04d982f8314ae60f93c3ff093eca15515dfd
-Size (borgbackup-1.2.4.tar.gz) = 4056513 bytes
+BLAKE2s (borgbackup-1.2.5.tar.gz) = aa66a4172097590dbefb7a9273c38234e20837e192d9d03edbe2184da205496f
+SHA512 (borgbackup-1.2.5.tar.gz) = 7bb89d8217cda1973a711cb2debbb30b0dc7c0dcfa6d707ce3950834d3beb0c6201eb6baecab80a4cd32d3fa288a28891641d70ad3ed37350dea0c5d22ce376e
+Size (borgbackup-1.2.5.tar.gz) = 4074588 bytes
Home |
Main Index |
Thread Index |
Old Index