mirror of https://github.com/borgbackup/borg.git
implement BORG_WORKAROUNDS=ignore_invalid_archive_tam, see #7791
This commit is contained in:
parent
44c17e3fc2
commit
5b2d47113b
|
@ -115,6 +115,14 @@ General:
|
|||
|
||||
Now you can init a fresh repo. Make sure you do not use the workaround any more.
|
||||
|
||||
ignore_invalid_archive_tam
|
||||
Work around invalid archive TAMs created by borg < 1.2.5, see :issue:`7791`.
|
||||
|
||||
This workaround likely needs to get used only once when following the upgrade
|
||||
instructions for CVE-2023-36811, see :ref:`archives_tam_vuln`.
|
||||
|
||||
In normal production operations, this workaround should never be used.
|
||||
|
||||
Some automatic "answerers" (if set, they automatically answer confirmation questions):
|
||||
BORG_UNKNOWN_UNENCRYPTED_REPO_ACCESS_IS_OK=no (or =yes)
|
||||
For "Warning: Attempting to access a previously unknown unencrypted repository"
|
||||
|
|
|
@ -283,7 +283,7 @@ class KeyBase:
|
|||
return unpacked, True
|
||||
|
||||
def unpack_and_verify_archive(self, data, force_tam_not_required=False):
|
||||
"""Unpack msgpacked *data* and return (object, did_verify)."""
|
||||
"""Unpack msgpacked *data* and return (object, did_verify, salt)."""
|
||||
tam_required = self.tam_required
|
||||
if force_tam_not_required and tam_required:
|
||||
# for a long time, borg only checked manifest for "tam_required" and
|
||||
|
@ -320,7 +320,11 @@ class KeyBase:
|
|||
tam_key = self._tam_key(tam_salt, context=b'archive')
|
||||
calculated_hmac = HMAC(tam_key, data, sha512).digest()
|
||||
if not compare_digest(calculated_hmac, tam_hmac):
|
||||
raise ArchiveTAMInvalid()
|
||||
if 'ignore_invalid_archive_tam' in workarounds:
|
||||
logger.debug('ignoring invalid archive TAM due to BORG_WORKAROUNDS')
|
||||
return unpacked, False, None # same as if no TAM is present
|
||||
else:
|
||||
raise ArchiveTAMInvalid()
|
||||
logger.debug('TAM-verified archive')
|
||||
return unpacked, True, tam_salt
|
||||
|
||||
|
|
Loading…
Reference in New Issue