mirror/borg
1
0
Fork 0
mirror of https://github.com/borgbackup/borg.git synced 2024-12-25 17:27:31 +00:00
Code Issues Releases Wiki Activity

update 1.x change log, cve notes

Browse source 
fixes #7816
fixes #7813
This commit is contained in:
Thomas Waldmann 2023-11-05 17:43:24 +01:00
parent 4325656f4c
commit 774c899b7e
No known key found for this signature in database
GPG key ID: 243ACFA951F78E01
1 changed files with 5 additions and 2 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

7
docs/changes_1.x.rst
View file

@ -33,14 +33,17 @@ Below, if we speak of borg 1.2.6, we mean a borg version >= 1.2.6 **or** a
borg version that has the relevant security patches for this vulnerability applied
(could be also an older version in that case).
Steps you must take to upgrade a repository:
Steps you must take to upgrade a repository (this applies to all kinds of repos
no matter what encryption mode they use, including "none"):
1. Upgrade all clients using this repository to borg 1.2.6.
Note: it is not required to upgrade a server, except if the server-side borg
is also used as a client (and not just for "borg serve").
Do **not** run ``borg check`` with borg > 1.2.4 before completing the upgrade steps.
Do **not** run ``borg check`` with borg 1.2.6 before completing the upgrade steps:
- ``borg check`` would complain about archives without a valid archive TAM.
- ``borg check --repair`` would remove such archives!
2. Run ``BORG_WORKAROUNDS=ignore_invalid_archive_tam borg info --debug <repo> 2>&1 | grep TAM | grep -i manifest``.
a) If you get "TAM-verified manifest", continue with 3.