From 77abe59ab95e95bed41b5a76e1522b5f7107d95e Mon Sep 17 00:00:00 2001 From: spz Date: Sun, 22 Jan 2017 18:34:51 +0000 Subject: Pullup ticket #5184 - requested by bsiegert sysutils/py-borgbackup: security update MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Revisions pulled up: - sysutils/py-borgbackup/Makefile 1.11 - sysutils/py-borgbackup/distinfo 1.6 ------------------------------------------------------------------- Module Name: pkgsrc Committed By: wiz Date: Thu Jan 5 16:33:16 UTC 2017 Modified Files: pkgsrc/sysutils/py-borgbackup: Makefile distinfo Log Message: Updated py-borgbackup to 1.0.9. Version 1.0.9 (2016-12-20) Security fixes: A flaw in the cryptographic authentication scheme in Borg allowed an attacker to spoof the manifest. See Pre-1.0.9 manifest spoofing vulnerability above for the steps you should take. borg check: When rebuilding the manifest (which should only be needed very rarely) duplicate archive names would be handled on a �first come first serve� basis, allowing an attacker to apparently replace archives. Bug fixes: borg check: rebuild manifest if it’s corrupted skip corrupted chunks during manifest rebuild fix TypeError in integrity error handler, #1903, #1894 fix location parser for archives with @ char (regression introduced in 1.0.8), #1930 fix wrong duration/timestamps if system clock jumped during a create fix progress display not updating if system clock jumps backwards fix checkpoint interval being incorrect if system clock jumps Other changes: docs: add python3-devel as a dependency for cygwin-based installation clarify extract is relative to current directory FAQ: fix link to changelog markup fixes tests: test_get_(cache|keys)_dir: clean env state, #1897 get back pytest’s pretty assertion failures, #1938 setup.py build_usage: fixed build_usage not processing all commands fixed build_usage not generating includes for debug commands Version 1.0.9rc1 (2016-11-27) Bug fixes: files cache: fix determination of newest mtime in backup set (which is used in cache cleanup and led to wrong �A� [added] status for unchanged files in next backup), #1860. borg check: fix incorrectly reporting attic 0.13 and earlier archives as corrupt handle repo w/o objects gracefully and also bail out early if repo is completely empty, #1815. fix tox/pybuild in 1.0-maint at xattr module import time, loggers are not initialized yet New features: borg umount exposed already existing umount code via the CLI api, so users can use it, which is more consistent than using borg to mount and fusermount -u (or umount) to un-mount, #1855. implement borg create –noatime –noctime, fixes #1853 Other changes: docs: display README correctly on PyPI improve cache / index docs, esp. files cache docs, fixes #1825 different pattern matching for –exclude, #1779 datetime formatting examples for {now} placeholder, #1822 clarify passphrase mode attic repo upgrade, #1854 clarify –umask usage, #1859 clarify how to choose PR target branch clarify prune behavior for different archive contents, #1824 fix PDF issues, add logo, fix authors, headings, TOC move security verification to support section fix links in standalone README (:ref: tags) add link to security contact in README add FAQ about security move fork differences to FAQ add more details about resource usage tests: skip remote tests on cygwin, #1268 travis: allow OS X failures until the brew cask osxfuse issue is fixed caskroom osxfuse-beta gone, it’s osxfuse now (3.5.3) vagrant: upgrade OSXfuse / FUSE for macOS to 3.5.3 remove llfuse from tox.ini at a central place do not try to install llfuse on centos6 fix fuse test for darwin, #1546 add windows virtual machine with cygwin Vagrantfile cleanup / code deduplication To generate a diff of this commit: cvs rdiff -u -r1.10 -r1.11 pkgsrc/sysutils/py-borgbackup/Makefile cvs rdiff -u -r1.5 -r1.6 pkgsrc/sysutils/py-borgbackup/distinfo --- sysutils/py-borgbackup/Makefile | 4 ++-- sysutils/py-borgbackup/distinfo | 10 +++++----- 2 files changed, 7 insertions(+), 7 deletions(-) diff --git a/sysutils/py-borgbackup/Makefile b/sysutils/py-borgbackup/Makefile index a320646c011..b897240e283 100644 --- a/sysutils/py-borgbackup/Makefile +++ b/sysutils/py-borgbackup/Makefile @@ -1,6 +1,6 @@ -# $NetBSD: Makefile,v 1.9 2016/11/16 13:21:14 wiz Exp $ +# $NetBSD: Makefile,v 1.9.2.1 2017/01/22 18:34:51 spz Exp $ -DISTNAME= borgbackup-1.0.8 +DISTNAME= borgbackup-1.0.9 PKGNAME= ${PYPKGPREFIX}-${DISTNAME} CATEGORIES= sysutils MASTER_SITES= ${MASTER_SITE_PYPI:=b/borgbackup/} diff --git a/sysutils/py-borgbackup/distinfo b/sysutils/py-borgbackup/distinfo index b5f978f2e8c..ac5113846fb 100644 --- a/sysutils/py-borgbackup/distinfo +++ b/sysutils/py-borgbackup/distinfo @@ -1,6 +1,6 @@ -$NetBSD: distinfo,v 1.5 2016/11/16 13:21:14 wiz Exp $ +$NetBSD: distinfo,v 1.5.2.1 2017/01/22 18:34:51 spz Exp $ -SHA1 (borgbackup-1.0.8.tar.gz) = 86a31f9982cbdbffbde67ce483fc02b2a1848675 -RMD160 (borgbackup-1.0.8.tar.gz) = 6525e312f10db9fad410f40b1364b0307404376d -SHA512 (borgbackup-1.0.8.tar.gz) = 2a24b302da6cf0266c53a5efc7c1f500c3a3f290c1a49abbced981d2e252886e81b828ab092518f675a81b9865079af66ea34d035b34ebf19a86a153fff6bd45 -Size (borgbackup-1.0.8.tar.gz) = 501606 bytes +SHA1 (borgbackup-1.0.9.tar.gz) = d98f28204d8cedaafc76f7f374784ed9aac4fd04 +RMD160 (borgbackup-1.0.9.tar.gz) = 170ff43929a8994825481767589b6cffcf97e653 +SHA512 (borgbackup-1.0.9.tar.gz) = 5623916b143a3d39cab41bc5cca82589a612035d9be0bfd0d211656a975b986bc0c04133bdd1ba44b628fffd84f2c4294530a7c37b9c874e878b77d6105ff0ad +Size (borgbackup-1.0.9.tar.gz) = 541796 bytes -- cgit v1.2.3