mirror
/
borg
mirror of https://github.com/borgbackup/borg.git
1
0
Fork 0
Code Issues Releases Wiki Activity

Merge pull request #7901 from ThomasWaldmann/update-docs-1.2 

Update docs (1.2-maint)
This commit is contained in:
TW 2023-11-03 14:35:02 +01:00 committed by GitHub
parent c35cddeb7e 6b928dac93
commit cf5c61644b
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 10 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

11
docs/changes.rst
View File

@ -33,14 +33,17 @@ Below, if we speak of borg 1.2.6, we mean a borg version >= 1.2.6 **or** a
borg version that has the relevant security patches for this vulnerability applied
(could be also an older version in that case).
Steps you must take to upgrade a repository:
Steps you must take to upgrade a repository (this applies to all kinds of repos
no matter what encryption mode they use, including "none"):
1. Upgrade all clients using this repository to borg 1.2.6.
Note: it is not required to upgrade a server, except if the server-side borg
is also used as a client (and not just for "borg serve").
Do **not** run ``borg check`` with borg > 1.2.4 before completing the upgrade steps.
Do **not** run ``borg check`` with borg 1.2.6 before completing the upgrade steps:
- ``borg check`` would complain about archives without a valid archive TAM.
- ``borg check --repair`` would remove such archives!
2. Run ``BORG_WORKAROUNDS=ignore_invalid_archive_tam borg info --debug <repo> 2>&1 | grep TAM | grep -i manifest``.
a) If you get "TAM-verified manifest", continue with 3.
@ -307,6 +310,8 @@ Some things can be recommended for the upgrade process from borg 1.1.x
- if you want to play safer, first **create a backup of your borg repository**.
- upgrade to latest borg 1.2.x release (you could use the fat binary from
github releases page)
- borg 1.2.6 has a security fix for the pre-1.2.5 archives spoofing vulnerability
(CVE-2023-36811), see details and necessary upgrade procedure described above.
- run `borg compact --cleanup-commits` to clean up a ton of 17 bytes long files
in your repo caused by a borg 1.1 bug
- run `borg check` again (now with borg 1.2.x) and check if there is anything
@ -315,8 +320,6 @@ Some things can be recommended for the upgrade process from borg 1.1.x
take significant time, but after that it will be fast) - for more details
see below.
- check the compatibility notes (see below) and adapt your scripts, if needed.
- borg 1.2.5 has a security fix for the pre-1.2.5 archives spoofing vulnerability
(CVE-2023-36811), see details and necessary upgrade procedure described above.
- if you run into any issues, please check the github issue tracker before
posting new issues there or elsewhere.

3
docs/faq.rst
View File

@ -113,6 +113,9 @@ run into this by yourself by restoring an older copy of your repository.
"attack": maybe an attacker has replaced your repo by an older copy, trying to
trick you into AES counter reuse, trying to break your repo encryption.
Borg users have also reported that fs issues (like hw issues / I/O errors causing
the fs to become read-only) can cause this warning, see :issue:`7853`.
If you'ld decide to ignore this and accept unsafe operation for this repository,
you could delete the manifest-timestamp and the local cache: