summary refs log tree commit diff
diff options
context:
space:
mode:
Diffstat
-rw-r--r--pkgs/applications/version-management/bazaar/CVE-2017-14176.patch149
-rw-r--r--pkgs/applications/version-management/bazaar/add_certificates.patch11
-rw-r--r--pkgs/applications/version-management/bazaar/default.nix36
-rw-r--r--pkgs/applications/version-management/bazaar/tools.nix20
-rw-r--r--pkgs/top-level/aliases.nix2
-rw-r--r--pkgs/top-level/all-packages.nix5
6 files changed, 2 insertions, 221 deletions
diff --git a/pkgs/applications/version-management/bazaar/CVE-2017-14176.patch b/pkgs/applications/version-management/bazaar/CVE-2017-14176.patch
deleted file mode 100644
index a34ab0c6eb1..00000000000
--- a/pkgs/applications/version-management/bazaar/CVE-2017-14176.patch
+++ /dev/null
@@ -1,149 +0,0 @@
-diff --git a/bzrlib/tests/test_ssh_transport.py b/bzrlib/tests/test_ssh_transport.py
-index 9e37c3b..fe9f219 100644
---- a/bzrlib/tests/test_ssh_transport.py
-+++ b/bzrlib/tests/test_ssh_transport.py
-@@ -22,6 +22,7 @@ from bzrlib.transport.ssh import (
-     SSHCorpSubprocessVendor,
-     LSHSubprocessVendor,
-     SSHVendorManager,
-+    StrangeHostname,
-     )
- 
- 
-@@ -161,6 +162,19 @@ class SSHVendorManagerTests(TestCase):
- 
- class SubprocessVendorsTests(TestCase):
- 
-+    def test_openssh_command_tricked(self):
-+        vendor = OpenSSHSubprocessVendor()
-+        self.assertEqual(
-+            vendor._get_vendor_specific_argv(
-+                "user", "-oProxyCommand=blah", 100, command=["bzr"]),
-+            ["ssh", "-oForwardX11=no", "-oForwardAgent=no",
-+                "-oClearAllForwardings=yes",
-+                "-oNoHostAuthenticationForLocalhost=yes",
-+                "-p", "100",
-+                "-l", "user",
-+                "--",
-+                "-oProxyCommand=blah", "bzr"])
-+
-     def test_openssh_command_arguments(self):
-         vendor = OpenSSHSubprocessVendor()
-         self.assertEqual(
-@@ -171,6 +185,7 @@ class SubprocessVendorsTests(TestCase):
-                 "-oNoHostAuthenticationForLocalhost=yes",
-                 "-p", "100",
-                 "-l", "user",
-+                "--",
-                 "host", "bzr"]
-             )
- 
-@@ -184,9 +199,16 @@ class SubprocessVendorsTests(TestCase):
-                 "-oNoHostAuthenticationForLocalhost=yes",
-                 "-p", "100",
-                 "-l", "user",
--                "-s", "host", "sftp"]
-+                "-s", "--", "host", "sftp"]
-             )
- 
-+    def test_openssh_command_tricked(self):
-+        vendor = SSHCorpSubprocessVendor()
-+        self.assertRaises(
-+            StrangeHostname,
-+            vendor._get_vendor_specific_argv,
-+                "user", "-oProxyCommand=host", 100, command=["bzr"])
-+
-     def test_sshcorp_command_arguments(self):
-         vendor = SSHCorpSubprocessVendor()
-         self.assertEqual(
-@@ -209,6 +231,13 @@ class SubprocessVendorsTests(TestCase):
-                 "-s", "sftp", "host"]
-             )
- 
-+    def test_lsh_command_tricked(self):
-+        vendor = LSHSubprocessVendor()
-+        self.assertRaises(
-+            StrangeHostname,
-+            vendor._get_vendor_specific_argv,
-+                "user", "-oProxyCommand=host", 100, command=["bzr"])
-+
-     def test_lsh_command_arguments(self):
-         vendor = LSHSubprocessVendor()
-         self.assertEqual(
-@@ -231,6 +260,13 @@ class SubprocessVendorsTests(TestCase):
-                 "--subsystem", "sftp", "host"]
-             )
- 
-+    def test_plink_command_tricked(self):
-+        vendor = PLinkSubprocessVendor()
-+        self.assertRaises(
-+            StrangeHostname,
-+            vendor._get_vendor_specific_argv,
-+                "user", "-oProxyCommand=host", 100, command=["bzr"])
-+
-     def test_plink_command_arguments(self):
-         vendor = PLinkSubprocessVendor()
-         self.assertEqual(
-diff --git a/bzrlib/transport/ssh.py b/bzrlib/transport/ssh.py
-index eecaa26..6f22341 100644
---- a/bzrlib/transport/ssh.py
-+++ b/bzrlib/transport/ssh.py
-@@ -46,6 +46,10 @@ else:
-     from paramiko.sftp_client import SFTPClient
- 
- 
-+class StrangeHostname(errors.BzrError):
-+    _fmt = "Refusing to connect to strange SSH hostname %(hostname)s"
-+
-+
- SYSTEM_HOSTKEYS = {}
- BZR_HOSTKEYS = {}
- 
-@@ -360,6 +364,11 @@ class SubprocessVendor(SSHVendor):
-     # tests, but beware of using PIPE which may hang due to not being read.
-     _stderr_target = None
- 
-+    @staticmethod
-+    def _check_hostname(arg):
-+        if arg.startswith('-'):
-+            raise StrangeHostname(hostname=arg)
-+
-     def _connect(self, argv):
-         # Attempt to make a socketpair to use as stdin/stdout for the SSH
-         # subprocess.  We prefer sockets to pipes because they support
-@@ -424,9 +433,9 @@ class OpenSSHSubprocessVendor(SubprocessVendor):
-         if username is not None:
-             args.extend(['-l', username])
-         if subsystem is not None:
--            args.extend(['-s', host, subsystem])
-+            args.extend(['-s', '--', host, subsystem])
-         else:
--            args.extend([host] + command)
-+            args.extend(['--', host] + command)
-         return args
- 
- register_ssh_vendor('openssh', OpenSSHSubprocessVendor())
-@@ -439,6 +448,7 @@ class SSHCorpSubprocessVendor(SubprocessVendor):
- 
-     def _get_vendor_specific_argv(self, username, host, port, subsystem=None,
-                                   command=None):
-+        self._check_hostname(host)
-         args = [self.executable_path, '-x']
-         if port is not None:
-             args.extend(['-p', str(port)])
-@@ -460,6 +470,7 @@ class LSHSubprocessVendor(SubprocessVendor):
- 
-     def _get_vendor_specific_argv(self, username, host, port, subsystem=None,
-                                   command=None):
-+        self._check_hostname(host)
-         args = [self.executable_path]
-         if port is not None:
-             args.extend(['-p', str(port)])
-@@ -481,6 +492,7 @@ class PLinkSubprocessVendor(SubprocessVendor):
- 
-     def _get_vendor_specific_argv(self, username, host, port, subsystem=None,
-                                   command=None):
-+        self._check_hostname(host)
-         args = [self.executable_path, '-x', '-a', '-ssh', '-2', '-batch']
-         if port is not None:
-             args.extend(['-P', str(port)])
diff --git a/pkgs/applications/version-management/bazaar/add_certificates.patch b/pkgs/applications/version-management/bazaar/add_certificates.patch
deleted file mode 100644
index 18fac36daec..00000000000
--- a/pkgs/applications/version-management/bazaar/add_certificates.patch
+++ /dev/null
@@ -1,11 +0,0 @@
-diff -ru orig/bzrlib/transport/http/_urllib2_wrappers.py bzr-2.7.0/bzrlib/transport/http/_urllib2_wrappers.py
---- orig/bzr-2.7.0/bzrlib/transport/http/_urllib2_wrappers.py	2016-02-01 20:49:17.000000000 +0100
-+++ bzr-2.7.0/bzrlib/transport/http/_urllib2_wrappers.py	2016-06-18 23:15:21.089511349 +0200
-@@ -95,6 +95,7 @@
-     u"/usr/local/share/certs/ca-root-nss.crt",  # FreeBSD
-     # XXX: Needs checking, can't trust the interweb ;) -- vila 2012-01-25
-     u'/etc/openssl/certs/ca-certificates.crt',  # Solaris
-+    u'@certPath@',
- ]
-
-
diff --git a/pkgs/applications/version-management/bazaar/default.nix b/pkgs/applications/version-management/bazaar/default.nix
deleted file mode 100644
index fa0009d3ef0..00000000000
--- a/pkgs/applications/version-management/bazaar/default.nix
+++ /dev/null
@@ -1,36 +0,0 @@
-{ stdenv, fetchurl, python2Packages
-, withSFTP ? true
- }:
-
-python2Packages.buildPythonApplication rec {
-  version = "2.7";
-  release = ".0";
-  name = "bazaar-${version}${release}";
-
-  src = fetchurl {
-    url = "https://launchpad.net/bzr/${version}/${version}${release}/+download/bzr-${version}${release}.tar.gz";
-    sha256 = "1cysix5k3wa6y7jjck3ckq3abls4gvz570s0v0hxv805nwki4i8d";
-  };
-
-  doCheck = false;
-
-  propagatedBuildInputs = []
-  ++ stdenv.lib.optionals withSFTP [ python2Packages.paramiko ];
-
-  patches = [
-    # Bazaar can't find the certificates alone
-    ./add_certificates.patch
-    ./CVE-2017-14176.patch
-  ];
-  postPatch = ''
-    substituteInPlace bzrlib/transport/http/_urllib2_wrappers.py \
-      --subst-var-by certPath /etc/ssl/certs/ca-certificates.crt
-  '';
-
-  meta = with stdenv.lib; {
-    homepage = "http://bazaar-vcs.org/";
-    description = "A distributed version control system that Just Works";
-    platforms = platforms.unix;
-    license = licenses.gpl2Plus;
-  };
-}
diff --git a/pkgs/applications/version-management/bazaar/tools.nix b/pkgs/applications/version-management/bazaar/tools.nix
deleted file mode 100644
index d76260ad4be..00000000000
--- a/pkgs/applications/version-management/bazaar/tools.nix
+++ /dev/null
@@ -1,20 +0,0 @@
-{ stdenv, fetchurl, python2Packages }:
-
-python2Packages.buildPythonApplication rec {
-  pname = "bzr-tools";
-  version = "2.6.0";
-
-  src = fetchurl {
-    url = "https://launchpad.net/bzrtools/stable/${version}/+download/bzrtools-${version}.tar.gz";
-    sha256 = "0n3zzc6jf5866kfhmrnya1vdr2ja137a45qrzsz8vz6sc6xgn5wb";
-  };
-
-  doCheck = false;
-
-  meta = with stdenv.lib; {
-    description = "Bazaar plugins";
-    homepage = "http://wiki.bazaar.canonical.com/BzrTools";
-    platforms = platforms.unix;
-    license = licenses.gpl2;
-  };
-}
diff --git a/pkgs/top-level/aliases.nix b/pkgs/top-level/aliases.nix
index 5eb7c201183..a01f5a9a340 100644
--- a/pkgs/top-level/aliases.nix
+++ b/pkgs/top-level/aliases.nix
@@ -50,6 +50,8 @@ mapAliases ({
   bar-xft = lemonbar-xft;  # added 2015-01-16
   bashCompletion = bash-completion; # Added 2016-09-28
   batti = throw "batti has been removed from nixpkgs, as it was unmaintained"; # added 2019-12-10
+  bazaar = throw "bazaar has been deprecated by breezy."; # added 2020-04-19
+  bazaarTools = throw "bazaar has been deprecated by breezy."; # added 2020-04-19
   beegfs = throw "beegfs has been removed."; # added 2019-11-24
   bluezFull = bluez; # Added 2019-12-03
   bridge_utils = bridge-utils;  # added 2015-02-20
diff --git a/pkgs/top-level/all-packages.nix b/pkgs/top-level/all-packages.nix
index 5ed66b37267..8d905e880ba 100644
--- a/pkgs/top-level/all-packages.nix
+++ b/pkgs/top-level/all-packages.nix
@@ -18735,11 +18735,6 @@ in
 
   baudline = callPackage ../applications/audio/baudline { };
 
-
-  bazaar = callPackage ../applications/version-management/bazaar { };
-
-  bazaarTools = callPackage ../applications/version-management/bazaar/tools.nix { };
-
   bb =  callPackage ../applications/misc/bb { };
 
   berry = callPackage ../applications/window-managers/berry { };
generated by cgit-pink 1.4.1 (git 2.36.1) at 2024-07-03 07:06:21 +0000