1
0
Fork 0
mirror of https://github.com/borgbackup/borg.git synced 2024-12-24 16:55:36 +00:00

Merge pull request #4397 from ThomasWaldmann/update-changes-master

update changes (master)
This commit is contained in:
TW 2019-02-24 19:46:53 +01:00 committed by GitHub
commit 1d61940cfa
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23

View file

@ -6,6 +6,46 @@ Important notes
This section provides information about security and corruption issues.
.. _broken_validator:
Pre-1.1.4 potential data corruption issue
-----------------------------------------
A data corruption bug was discovered in borg check --repair, see issue #3444.
This is a 1.1.x regression, releases < 1.1 (e.g. 1.0.x) are not affected.
To avoid data loss, you must not run borg check --repair using an unfixed version
of borg 1.1.x. The first official release that has the fix is 1.1.4.
Package maintainers may have applied the fix to updated packages of 1.1.x (x<4)
though, see the package maintainer's package changelog to make sure.
If you never had missing item metadata chunks, the bug has not affected you
even if you did run borg check --repair with an unfixed version.
When borg check --repair tried to repair corrupt archives that miss item metadata
chunks, the resync to valid metadata in still present item metadata chunks
malfunctioned. This was due to a broken validator that considered all (even valid)
item metadata as invalid. As they were considered invalid, borg discarded them.
Practically, that means the affected files, directories or other fs objects were
discarded from the archive.
Due to the malfunction, the process was extremely slow, but if you let it
complete, borg would have created a "repaired" archive that has lost a lot of items.
If you interrupted borg check --repair because it was so strangely slow (killing
borg somehow, e.g. Ctrl-C) the transaction was rolled back and no corruption occurred.
The log message indicating the precondition for the bug triggering looks like:
item metadata chunk missing [chunk: 001056_bdee87d...a3e50d]
If you never had that in your borg check --repair runs, you're not affected.
But if you're unsure or you actually have seen that, better check your archives.
By just using "borg list repo::archive" you can see if all expected filesystem
items are listed.
.. _tam_vuln:
Pre-1.0.9 manifest spoofing vulnerability (CVE-2016-10099)
@ -131,14 +171,26 @@ The best check that everything is ok is to run a dry-run extraction::
Changelog
=========
Version 1.2.0dev0 (not released yet)
------------------------------------
Version 1.2.0a2 and earlier (not released yet)
----------------------------------------------
Please note:
This is code released for alpha testing (== helping us find bugs).
It is not suitable to run against your production backup repositories!
So, if you want to help testing, please run this code additionally to your
normal backup and use a separate, fresh repository for it.
See there for feedback: https://github.com/borgbackup/borg/issues/4360
Compatibility notes:
- dropped support / testing for Python 3.4 and 3.5, minimum requirement is 3.6.
In case your OS does not provide Python >= 3.6, consider using our binary,
- dropped support / testing for Python 3.4, minimum requirement is 3.5.
In case your OS does not provide Python >= 3.5, consider using our binary,
which does not need an external Python interpreter.
Maybe this requirement will be raised to Python 3.6 later.
- freeing repository space only happens when "borg compact" is invoked.
- list: corrected mix-up of "isomtime" and "mtime" formats. Previously,
"isomtime" was the default but produced a verbose human format,
@ -166,16 +218,22 @@ New features:
more robustness.
See the docs about "borg compact" for more details.
- "borg compact --cleanup-commits" is to cleanup the tons of 17byte long
commit-ony segment files caused by borg 1.1.x issue #2850.
commit-only segment files caused by borg 1.1.x issue #2850.
Invoke this once after upgrading (the server side) borg to 1.2.
Compaction now automatically removes unneeded commit-only segment files.
- prune: Show which rule was applied to keep archive, #2886
- add fixed blocksize chunker (see --chunker-params docs), #1086
Fixes:
- repository compaction now automatically removes unneeded 17byte commit-only
segments, #2850
- avoid stale filehandle issues, #3265
- use more FDs, avoid race conditions on active fs, #906, #908, #1038
- add O_NOFOLLOW to base flags, #908
- compact:
- require >10% freeable space in a segment, #2985
- repository compaction now automatically removes unneeded 17byte
commit-only segments, #2850
- make swidth available on all posix platforms, #2667
Other changes:
@ -183,13 +241,21 @@ Other changes:
- repository: better speed and less stuff moving around by using separate
segment files for manifest DELETEs and PUTs, #3947
- use pyinstaller v3.3.1 to build binaries
- msgpack: switch to recent "msgpack" pypi pkg name, #3890
- update bundled zstd code to 1.3.8, #4210
- update bundled lz4 code to 1.8.3, #4209
- msgpack:
- switch to recent "msgpack" pypi pkg name, #3890
- wrap msgpack to avoid future compat complications, #3632, #2738
- support msgpack 0.6.0 and 0.6.1, #4220, #4308
- llfuse: modernize / simplify llfuse version requirements
- code refactorings / internal improvements:
- include size/csize/nfiles[_parts] stats into archive, #3241
- calc_stats: use archive stats metadata, if available
- crypto: refactored crypto to use an AEAD style API
- crypto: new AES-OCB, CHACHA20-POLY1305
- create: be less racy, use fd for xattrs, acls, bsdflags (not path), #906
- create: use less syscalls by not using a python file obj, #906, #3962
- diff: refactor the diff functionality to new ItemDiff class, #2475
- archive: create FilesystemObjectProcessors class
@ -205,13 +271,13 @@ Other changes:
- item.to_optr(), Item.from_optr()
- fix chunker holding the GIL during blocking I/O
- C code portability / basic MSC compatibility, #4147, #2677
- testing:
- vagrant: new VMs for linux/bsd/darwin, most with OpenSSL 1.1 and py36
Version 1.1.6 (2018-06-11)
Version 1.1.9 (2019-02-10)
--------------------------
Compatibility notes:
@ -230,6 +296,156 @@ Compatibility notes:
You can avoid the one-time slowdown by using the pre-1.1.0rc4-compatible
mode (but that is less safe for detecting changed files than the default).
See the --files-cache docs for details.
Fixes:
- security fix: configure FUSE with "default_permissions", #3903
"default_permissions" is now enforced by borg by default to let the
kernel check uid/gid/mode based permissions.
"ignore_permissions" can be given to not enforce "default_permissions".
- make "hostname" short, even on misconfigured systems, #4262
- fix free space calculation on macOS (and others?), #4289
- config: quit with error message when no key is provided, #4223
- recover_segment: handle too small segment files correctly, #4272
- correctly release memoryview, #4243
- avoid diaper pattern in configparser by opening files, #4263
- add "# cython: language_level=3" directive to .pyx files, #4214
- info: consider part files for "This archive" stats, #3522
- work around Microsoft WSL issue #645 (sync_file_range), #1961
New features:
- add --rsh command line option to complement BORG_RSH env var, #1701
- init: --make-parent-dirs parent1/parent2/repo_dir, #4235
Other:
- add archive name to check --repair output, #3447
- check for unsupported msgpack versions
- shell completions:
- new shell completions for borg 1.1.9
- more complete shell completions for borg mount -o
- added shell completions for borg help
- option arguments for zsh tab completion
- docs:
- add FAQ regarding free disk space check, #3905
- update BORG_PASSCOMMAND example and clarify variable expansion, #4249
- FAQ regarding change of compression settings, #4222
- add note about BSD flags to changelog, #4246
- improve logging in example automation script
- add note about files changing during backup, #4081
- work around the backslash issue, #4280
- update release workflow using twine (docs, scripts), #4213
- add warnings on repository copies to avoid future problems, #4272
- tests:
- fix the homebrew 1.9 issues on travis-ci, #4254
- fix duplicate test method name, #4311
Version 1.1.8 (2018-12-09)
--------------------------
Fixes:
- enforce storage quota if set by serve-command, #4093
- invalid locations: give err msg containing parsed location, #4179
- list repo: add placeholders for hostname and username, #4130
- on linux, symlinks can't have ACLs, so don't try to set any, #4044
New features:
- create: added PATH::archive output on INFO log level
- read a passphrase from a file descriptor specified in the
BORG_PASSPHRASE_FD environment variable.
Other:
- docs:
- option --format is required for some expensive-to-compute values for json
borg list by default does not compute expensive values except when
they are needed. whether they are needed is determined by the format,
in standard mode as well as in --json mode.
- tell that our binaries are x86/x64 amd/intel, bauerj has ARM
- fixed wrong archive name pattern in CRUD benchmark help
- fixed link to cachedir spec in docs, #4140
- tests:
- stop using fakeroot on travis, avoids sporadic EISDIR errors, #2482
- xattr key names must start with "user." on linux
- fix code so flake8 3.6 does not complain
- explicitly convert environment variable to str, #4136
- fix DeprecationWarning: Flags not at the start of the expression, #4137
- support pytest4, #4172
- vagrant:
- use python 3.5.6 for builds
Version 1.1.7 (2018-08-11)
--------------------------
Compatibility notes:
- added support for Python 3.7
Fixes:
- cache lock: use lock_wait everywhere to fix infinite wait, see #3968
- don't archive tagged dir when recursing an excluded dir, #3991
- py37 argparse: work around bad default in py 3.7.0a/b/rc, #3996
- py37 remove loggerDict.clear() from tearDown method, #3805
- some fixes for bugs which likely did not result in problems in practice:
- fixed logic bug in platform module API version check
- fixed xattr/acl function prototypes, added missing ones
New features:
- init: add warning to store both key and passphrase at safe place(s)
- BORG_HOST_ID env var to work around all-zero MAC address issue, #3985
- borg debug dump-repo-objs --ghost (dump everything from segment files,
including deleted or superceded objects or commit tags)
- borg debug search-repo-objs (search in repo objects for hex bytes or strings)
Other changes:
- add Python 3.7 support
- updated shell completions
- call socket.gethostname only once
- locking: better logging, add some asserts
- borg debug dump-repo-objs:
- filename layout improvements
- use repository.scan() to get on-disk order
- docs:
- update installation instructions for macOS
- added instructions to install fuse via homebrew
- improve diff docs
- added note that checkpoints inside files requires 1.1+
- add link to tempfile module
- remove row/column-spanning from docs source, #4000 #3990
- tests:
- fetch less data via os.urandom
- add py37 env for tox
- travis: add 3.7, remove 3.6-dev (we test with -dev in master)
- vagrant / binary builds:
- use osxfuse 3.8.2
- use own (uptodate) openindiana box
Version 1.1.6 (2018-06-11)
--------------------------
Compatibility notes:
- 1.1.6 changes:
- also allow msgpack-python 0.5.6.