diff options
Diffstat (limited to 'pkgs')
-rw-r--r-- | pkgs/applications/version-management/bazaar/CVE-2017-14176.patch | 149 | ||||
-rw-r--r-- | pkgs/applications/version-management/bazaar/add_certificates.patch | 11 | ||||
-rw-r--r-- | pkgs/applications/version-management/bazaar/default.nix | 36 | ||||
-rw-r--r-- | pkgs/applications/version-management/bazaar/tools.nix | 20 | ||||
-rw-r--r-- | pkgs/top-level/aliases.nix | 2 | ||||
-rw-r--r-- | pkgs/top-level/all-packages.nix | 5 |
6 files changed, 2 insertions, 221 deletions
diff --git a/pkgs/applications/version-management/bazaar/CVE-2017-14176.patch b/pkgs/applications/version-management/bazaar/CVE-2017-14176.patch deleted file mode 100644 index a34ab0c6eb10b..0000000000000 --- a/pkgs/applications/version-management/bazaar/CVE-2017-14176.patch +++ /dev/null @@ -1,149 +0,0 @@ -diff --git a/bzrlib/tests/test_ssh_transport.py b/bzrlib/tests/test_ssh_transport.py -index 9e37c3b..fe9f219 100644 ---- a/bzrlib/tests/test_ssh_transport.py -+++ b/bzrlib/tests/test_ssh_transport.py -@@ -22,6 +22,7 @@ from bzrlib.transport.ssh import ( - SSHCorpSubprocessVendor, - LSHSubprocessVendor, - SSHVendorManager, -+ StrangeHostname, - ) - - -@@ -161,6 +162,19 @@ class SSHVendorManagerTests(TestCase): - - class SubprocessVendorsTests(TestCase): - -+ def test_openssh_command_tricked(self): -+ vendor = OpenSSHSubprocessVendor() -+ self.assertEqual( -+ vendor._get_vendor_specific_argv( -+ "user", "-oProxyCommand=blah", 100, command=["bzr"]), -+ ["ssh", "-oForwardX11=no", "-oForwardAgent=no", -+ "-oClearAllForwardings=yes", -+ "-oNoHostAuthenticationForLocalhost=yes", -+ "-p", "100", -+ "-l", "user", -+ "--", -+ "-oProxyCommand=blah", "bzr"]) -+ - def test_openssh_command_arguments(self): - vendor = OpenSSHSubprocessVendor() - self.assertEqual( -@@ -171,6 +185,7 @@ class SubprocessVendorsTests(TestCase): - "-oNoHostAuthenticationForLocalhost=yes", - "-p", "100", - "-l", "user", -+ "--", - "host", "bzr"] - ) - -@@ -184,9 +199,16 @@ class SubprocessVendorsTests(TestCase): - "-oNoHostAuthenticationForLocalhost=yes", - "-p", "100", - "-l", "user", -- "-s", "host", "sftp"] -+ "-s", "--", "host", "sftp"] - ) - -+ def test_openssh_command_tricked(self): -+ vendor = SSHCorpSubprocessVendor() -+ self.assertRaises( -+ StrangeHostname, -+ vendor._get_vendor_specific_argv, -+ "user", "-oProxyCommand=host", 100, command=["bzr"]) -+ - def test_sshcorp_command_arguments(self): - vendor = SSHCorpSubprocessVendor() - self.assertEqual( -@@ -209,6 +231,13 @@ class SubprocessVendorsTests(TestCase): - "-s", "sftp", "host"] - ) - -+ def test_lsh_command_tricked(self): -+ vendor = LSHSubprocessVendor() -+ self.assertRaises( -+ StrangeHostname, -+ vendor._get_vendor_specific_argv, -+ "user", "-oProxyCommand=host", 100, command=["bzr"]) -+ - def test_lsh_command_arguments(self): - vendor = LSHSubprocessVendor() - self.assertEqual( -@@ -231,6 +260,13 @@ class SubprocessVendorsTests(TestCase): - "--subsystem", "sftp", "host"] - ) - -+ def test_plink_command_tricked(self): -+ vendor = PLinkSubprocessVendor() -+ self.assertRaises( -+ StrangeHostname, -+ vendor._get_vendor_specific_argv, -+ "user", "-oProxyCommand=host", 100, command=["bzr"]) -+ - def test_plink_command_arguments(self): - vendor = PLinkSubprocessVendor() - self.assertEqual( -diff --git a/bzrlib/transport/ssh.py b/bzrlib/transport/ssh.py -index eecaa26..6f22341 100644 ---- a/bzrlib/transport/ssh.py -+++ b/bzrlib/transport/ssh.py -@@ -46,6 +46,10 @@ else: - from paramiko.sftp_client import SFTPClient - - -+class StrangeHostname(errors.BzrError): -+ _fmt = "Refusing to connect to strange SSH hostname %(hostname)s" -+ -+ - SYSTEM_HOSTKEYS = {} - BZR_HOSTKEYS = {} - -@@ -360,6 +364,11 @@ class SubprocessVendor(SSHVendor): - # tests, but beware of using PIPE which may hang due to not being read. - _stderr_target = None - -+ @staticmethod -+ def _check_hostname(arg): -+ if arg.startswith('-'): -+ raise StrangeHostname(hostname=arg) -+ - def _connect(self, argv): - # Attempt to make a socketpair to use as stdin/stdout for the SSH - # subprocess. We prefer sockets to pipes because they support -@@ -424,9 +433,9 @@ class OpenSSHSubprocessVendor(SubprocessVendor): - if username is not None: - args.extend(['-l', username]) - if subsystem is not None: -- args.extend(['-s', host, subsystem]) -+ args.extend(['-s', '--', host, subsystem]) - else: -- args.extend([host] + command) -+ args.extend(['--', host] + command) - return args - - register_ssh_vendor('openssh', OpenSSHSubprocessVendor()) -@@ -439,6 +448,7 @@ class SSHCorpSubprocessVendor(SubprocessVendor): - - def _get_vendor_specific_argv(self, username, host, port, subsystem=None, - command=None): -+ self._check_hostname(host) - args = [self.executable_path, '-x'] - if port is not None: - args.extend(['-p', str(port)]) -@@ -460,6 +470,7 @@ class LSHSubprocessVendor(SubprocessVendor): - - def _get_vendor_specific_argv(self, username, host, port, subsystem=None, - command=None): -+ self._check_hostname(host) - args = [self.executable_path] - if port is not None: - args.extend(['-p', str(port)]) -@@ -481,6 +492,7 @@ class PLinkSubprocessVendor(SubprocessVendor): - - def _get_vendor_specific_argv(self, username, host, port, subsystem=None, - command=None): -+ self._check_hostname(host) - args = [self.executable_path, '-x', '-a', '-ssh', '-2', '-batch'] - if port is not None: - args.extend(['-P', str(port)]) diff --git a/pkgs/applications/version-management/bazaar/add_certificates.patch b/pkgs/applications/version-management/bazaar/add_certificates.patch deleted file mode 100644 index 18fac36daec5f..0000000000000 --- a/pkgs/applications/version-management/bazaar/add_certificates.patch +++ /dev/null @@ -1,11 +0,0 @@ -diff -ru orig/bzrlib/transport/http/_urllib2_wrappers.py bzr-2.7.0/bzrlib/transport/http/_urllib2_wrappers.py ---- orig/bzr-2.7.0/bzrlib/transport/http/_urllib2_wrappers.py 2016-02-01 20:49:17.000000000 +0100 -+++ bzr-2.7.0/bzrlib/transport/http/_urllib2_wrappers.py 2016-06-18 23:15:21.089511349 +0200 -@@ -95,6 +95,7 @@ - u"/usr/local/share/certs/ca-root-nss.crt", # FreeBSD - # XXX: Needs checking, can't trust the interweb ;) -- vila 2012-01-25 - u'/etc/openssl/certs/ca-certificates.crt', # Solaris -+ u'@certPath@', - ] - - diff --git a/pkgs/applications/version-management/bazaar/default.nix b/pkgs/applications/version-management/bazaar/default.nix deleted file mode 100644 index fa0009d3ef03b..0000000000000 --- a/pkgs/applications/version-management/bazaar/default.nix +++ /dev/null @@ -1,36 +0,0 @@ -{ stdenv, fetchurl, python2Packages -, withSFTP ? true - }: - -python2Packages.buildPythonApplication rec { - version = "2.7"; - release = ".0"; - name = "bazaar-${version}${release}"; - - src = fetchurl { - url = "https://launchpad.net/bzr/${version}/${version}${release}/+download/bzr-${version}${release}.tar.gz"; - sha256 = "1cysix5k3wa6y7jjck3ckq3abls4gvz570s0v0hxv805nwki4i8d"; - }; - - doCheck = false; - - propagatedBuildInputs = [] - ++ stdenv.lib.optionals withSFTP [ python2Packages.paramiko ]; - - patches = [ - # Bazaar can't find the certificates alone - ./add_certificates.patch - ./CVE-2017-14176.patch - ]; - postPatch = '' - substituteInPlace bzrlib/transport/http/_urllib2_wrappers.py \ - --subst-var-by certPath /etc/ssl/certs/ca-certificates.crt - ''; - - meta = with stdenv.lib; { - homepage = "http://bazaar-vcs.org/"; - description = "A distributed version control system that Just Works"; - platforms = platforms.unix; - license = licenses.gpl2Plus; - }; -} diff --git a/pkgs/applications/version-management/bazaar/tools.nix b/pkgs/applications/version-management/bazaar/tools.nix deleted file mode 100644 index d76260ad4be7e..0000000000000 --- a/pkgs/applications/version-management/bazaar/tools.nix +++ /dev/null @@ -1,20 +0,0 @@ -{ stdenv, fetchurl, python2Packages }: - -python2Packages.buildPythonApplication rec { - pname = "bzr-tools"; - version = "2.6.0"; - - src = fetchurl { - url = "https://launchpad.net/bzrtools/stable/${version}/+download/bzrtools-${version}.tar.gz"; - sha256 = "0n3zzc6jf5866kfhmrnya1vdr2ja137a45qrzsz8vz6sc6xgn5wb"; - }; - - doCheck = false; - - meta = with stdenv.lib; { - description = "Bazaar plugins"; - homepage = "http://wiki.bazaar.canonical.com/BzrTools"; - platforms = platforms.unix; - license = licenses.gpl2; - }; -} diff --git a/pkgs/top-level/aliases.nix b/pkgs/top-level/aliases.nix index 5eb7c2011832d..a01f5a9a34086 100644 --- a/pkgs/top-level/aliases.nix +++ b/pkgs/top-level/aliases.nix @@ -50,6 +50,8 @@ mapAliases ({ bar-xft = lemonbar-xft; # added 2015-01-16 bashCompletion = bash-completion; # Added 2016-09-28 batti = throw "batti has been removed from nixpkgs, as it was unmaintained"; # added 2019-12-10 + bazaar = throw "bazaar has been deprecated by breezy."; # added 2020-04-19 + bazaarTools = throw "bazaar has been deprecated by breezy."; # added 2020-04-19 beegfs = throw "beegfs has been removed."; # added 2019-11-24 bluezFull = bluez; # Added 2019-12-03 bridge_utils = bridge-utils; # added 2015-02-20 diff --git a/pkgs/top-level/all-packages.nix b/pkgs/top-level/all-packages.nix index 5ed66b3726782..8d905e880babd 100644 --- a/pkgs/top-level/all-packages.nix +++ b/pkgs/top-level/all-packages.nix @@ -18735,11 +18735,6 @@ in baudline = callPackage ../applications/audio/baudline { }; - - bazaar = callPackage ../applications/version-management/bazaar { }; - - bazaarTools = callPackage ../applications/version-management/bazaar/tools.nix { }; - bb = callPackage ../applications/misc/bb { }; berry = callPackage ../applications/window-managers/berry { }; |