diff --git a/setup.py b/setup.py index a9f93e780..215caac77 100644 --- a/setup.py +++ b/setup.py @@ -43,13 +43,8 @@ on_rtd = os.environ.get('READTHEDOCS') install_requires = [ # we are rather picky about msgpack versions, because a good working msgpack is - # very important for borg, see https://github.com/borgbackup/borg/issues/3753 - # as of now, 0.5.6 and 0.6.0 are the only preferred versions of msgpack: - 'msgpack >=0.5.6, !=0.5.7, !=0.5.8, !=0.5.9, <=0.6.0', - # if you can't satisfy the above requirement, these are versions that might - # also work ok, IF you make sure to use the COMPILED version of msgpack-python, - # NOT the PURE PYTHON fallback implementation: ==0.5.1, ==0.5.4 - # + # very important for borg, see: https://github.com/borgbackup/borg/issues/3753 + 'msgpack >=0.5.6, <=0.6.1', # Please note: # using any other version is not supported by borg development and # any feedback related to issues caused by this will be ignored. diff --git a/src/borg/helpers/msgpack.py b/src/borg/helpers/msgpack.py index 70ed940cd..f5593d4e8 100644 --- a/src/borg/helpers/msgpack.py +++ b/src/borg/helpers/msgpack.py @@ -75,6 +75,11 @@ def pack(o, stream, *, use_bin_type=False, encoding=None, unicode_errors=None, * raise PackException(e) +# Note: after requiring msgpack >= 0.6.1 we can remove the max_*_len args and +# rely on msgpack auto-computing DoS-safe max values from len(data) for +# unpack(data) or from max_buffer_len for Unpacker(max_buffer_len=N). +# maybe we can also use that to simplify get_limited_unpacker(). + class Unpacker(mp_Unpacker): def __init__(self, file_like=None, *, read_size=0, use_list=True, raw=True, object_hook=None, object_pairs_hook=None, list_hook=None, @@ -172,8 +177,8 @@ def is_slow_msgpack(): def is_supported_msgpack(): # DO NOT CHANGE OR REMOVE! See also requirements and comments in setup.py. import msgpack - return (0, 5, 6) <= msgpack.version <= (0, 6, 0) and \ - msgpack.version not in [(0, 5, 7), (0, 5, 8), (0, 5, 9)] + return (0, 5, 6) <= msgpack.version <= (0, 6, 1) and \ + msgpack.version not in [] # < blacklist bad releases here def get_limited_unpacker(kind):