mirror/borg
1
0
Fork 0
mirror of https://github.com/borgbackup/borg.git synced 2025-01-31 19:52:22 +00:00
Code Issues Releases Wiki Activity
8148 commits 9 branches 139 tags 63 MiB
Commit graph

8148 commits

This branch
This branch
All branches
Author SHA1 Message Date
Thomas Waldmann
2d78fa89a5
always implicitly require archive TAMs 
they must be there since the upgrade to borg 1.2.6 (or other
borg versions that also have a fix for CVE-2023-36811).
 2023-09-03 22:02:35 +02:00
Thomas Waldmann
21d4407170
always implicitly require manifest TAMs 
remove a lot of complexity from the code that was just there to
support legacy borg versions < 1.0.9 which did not TAM authenticate
the manifest.

since then, borg writes TAM authentication to the manifest,
even if the repo is unencrypted.
if the repo is unencrypted, it did not check the somehow pointless
authentication that was generated without any secret, but
if we add that fake TAM, we can also verify the fake TAM.

if somebody explicitly switches off all crypto, they can not
expect authentication.

for everybody else, borg now always generates the TAM and also
verifies it.
 2023-09-03 22:01:46 +02:00
TW
4ded3620c5
Merge pull request #7805 from ThomasWaldmann/fwd-port-tam-cve-fixes-master 
some fwd ports of the archive-TAM/CVE related code/docs
 2023-09-03 20:49:50 +02:00
Thomas Waldmann
aaafc36d97
update upgrade instruction in changes_1.x.rst 2023-09-03 17:27:44 +02:00
Thomas Waldmann
1338646b9d
check: improve logging for TAM issues, fixes #7797 2023-09-03 17:15:09 +02:00
TW
270f33b7ed
Merge pull request #7800 from ThomasWaldmann/fix-zstd-docs 
docs: remove zstd compat hint
 2023-09-02 15:42:50 +02:00
Thomas Waldmann
32d7222e67
docs: remove zstd compat hint 
borg2 repos are not compatible with borg1 anyway,
so no need to mention that.
 2023-09-02 14:30:34 +02:00
TW
3eb070191d
Merge pull request #7789 from ThomasWaldmann/archive-tam-verify-master 
Archive tam verify security fix (master)
 2023-08-30 18:29:05 +02:00
Thomas Waldmann
f334ef1b4d
fix CVE timeline, fix markup 2023-08-30 15:58:12 +02:00
Thomas Waldmann
449cd51b73
document vulnerability, repo upgrade procedure 2023-08-30 02:32:50 +02:00
Thomas Waldmann
56da398711
add tests for archive TAMs 2023-08-30 02:28:57 +02:00
Thomas Waldmann
5cd2060345
rebuild_refcounts: keep archive ID, if possible 
rebuild_refcounts verifies and recreates the TAM.
Now it re-uses the salt, so that the archive ID does not change
just because of a new salt if the archive has still the same data.
 2023-08-30 01:13:52 +02:00
Thomas Waldmann
95b5604422
TAM msgs: be more specific: archives vs. manifest 2023-08-30 00:58:03 +02:00
Thomas Waldmann
b23e6cb73d
list: support {tam} placeholder. check archive TAM. 
list: shows either "verified" or "none", depending on
whether a TAM auth tag could be verified or was
missing (old archives from borg < 1.0.9).

when loading an archive, we now try to verify the archive
TAM, but we do not require it. people might still have
old archives in their repos and we want to be able to
list such repos without fatal exceptions.
 2023-08-30 00:58:02 +02:00
Thomas Waldmann
277b0b81a8
cache sync: check archive TAM 2023-08-30 00:58:00 +02:00
Thomas Waldmann
462c1bdf2e
check: rebuild_refcounts verify and recreate TAM 
This part of the archive checker recreates the Archive
items (always, just in case some missing chunks needed
repairing).

When loading the Archive item, we now verify the TAM.
When saving the (potentially modified) Archive item,
we now (re-)generate the TAM.

Archives without a valid TAM are dropped rather than TAM-authenticated
when saving them. There shouldn't be any archives without a valid TAM:

- borg writes an archive TAM since long (1.0.9)
- users are expected to TAM-authenticate archives created
  by older borg when upgrading to borg 1.2.5.

Also:

Archive.set_meta: TAM-authenticate new archive

This is also used by Archive.rename and .recreate.
 2023-08-30 00:57:33 +02:00
Thomas Waldmann
bfead4b288
fixup with msgpack data types related fixes 2023-08-29 22:32:30 +02:00
Thomas Waldmann
a2ee13fd34
check: rebuild_manifest must verify archive TAM 2023-08-29 21:10:32 +02:00
TW
6aa350aeb4
Merge pull request #7780 from ThomasWaldmann/update-changes-master 
update CHANGES
 2023-08-27 21:05:27 +02:00
Thomas Waldmann
760d01ee0c
update CHANGES 2023-08-27 20:41:40 +02:00
TW
b3be2d30b5
Merge pull request #7779 from ThomasWaldmann/cy302 
lock cython to 3.0.2
 2023-08-27 19:42:33 +02:00
Thomas Waldmann
b6712cd8b7
lock cython to 3.0.2 2023-08-27 17:05:48 +02:00
TW
981c562268
Merge pull request #7777 from ThomasWaldmann/freebsd-acl-tests-master 
freebsd: add some ACL tests, fixes #7745
 2023-08-27 13:46:51 +02:00
Thomas Waldmann
aa5168a21e
use skipif_acls_not_working decorator for freebsd also 
use platform-specific ACLs to check.
for unsupported platform, just return False.
 2023-08-27 05:07:56 +02:00
Thomas Waldmann
9c1088c95c
linux: move ACL definitions to platform_linux test module 
they are only used from there.
 2023-08-27 05:06:17 +02:00
Thomas Waldmann
7f8eba4fbf
freebsd: add some ACL tests, fixes #7745 
enable ACL support in freebsd vagrant machine's filesystem
 2023-08-27 05:05:55 +02:00
TW
678501a6ff
Merge pull request #7778 from ThomasWaldmann/get-dir-create-arg-master 
get_*_dir: add/use create argument
 2023-08-27 03:58:56 +02:00
Thomas Waldmann
836b517451
get_*_dir tests: use create=False 
In these tests, we only compare paths, but we do not
need to create these paths for that. By not trying to
create them, we can avoid permission issues, e.g. under
fakeroot.
 2023-08-27 03:23:50 +02:00
Thomas Waldmann
590b0c68e6
get_*_dir: add create=True kw argument 
... and only call ensure_dir if create is True.
 2023-08-27 03:15:12 +02:00
TW
d3062674d9
Merge pull request #7776 from ThomasWaldmann/pyi-5.13.1-master 
vagrant: use pyinstaller 5.13.1
 2023-08-26 18:52:00 +02:00
Thomas Waldmann
535a024008
vagrant: use pyinstaller 5.13.1 2023-08-26 18:51:09 +02:00
TW
8ed6ec5889
Merge pull request #7774 from ThomasWaldmann/ci-ubuntu2204-master 
ci: run on ubuntu 22.04
 2023-08-26 15:58:58 +02:00
Thomas Waldmann
057aec407d
ci: run on ubuntu 22.04 2023-08-26 15:11:17 +02:00
TW
b8e855164b
Merge pull request #7775 from ThomasWaldmann/docs-fixes-master 
docs: fix borg delete examples, fixes #7759
 2023-08-26 15:07:05 +02:00
TW
97388277e2
Merge pull request #7773 from ThomasWaldmann/cython3-master 
use cython 3 (master)
 2023-08-26 14:55:53 +02:00
Thomas Waldmann
e9e74a1113
docs: fix borg delete examples, fixes #7759 2023-08-26 14:51:27 +02:00
TW
928af177bb
Merge pull request #7771 from ThomasWaldmann/docs-work 
docs related work
 2023-08-26 14:36:15 +02:00
Thomas Waldmann
d80d2decc0
development.lock.txt: use Cython 3.0.1 
note: pyproject.yaml already uses Cython3 because it is not
version restricted and the cy3 pypi package is not beta any more.
 2023-08-26 14:11:52 +02:00
Thomas Waldmann
04ff8d6524
fix README 2023-08-26 13:55:59 +02:00
Thomas Waldmann
d2d6e6092b
CI: test building the docs 2023-08-26 13:44:51 +02:00
Thomas Waldmann
fc7cd92ee2
docs: tox -e docs tests building the docs 2023-08-26 13:36:10 +02:00
TW
e8e1a3a37c
Merge pull request #7770 from ThomasWaldmann/improve-rcreate-docs-master 
docs: improve rcreate / related repos docs
 2023-08-24 13:11:39 +02:00
Thomas Waldmann
b1c38ef23e
docs: improve rcreate / related repos docs 2023-08-24 12:42:24 +02:00
TW
1c8da8f98a
Merge pull request #7750 from ThomasWaldmann/fix-unreadable-parent-of-root-master 
do not try to read parent dir of recursion root (master)
 2023-07-30 01:18:27 +02:00
Ted Lawson
f29fd80311
platform_freebsd.py dummy test file (#7748) 2023-07-30 01:17:56 +02:00
Thomas Waldmann
08e09999d9
remove unused "flags_root" open flags 2023-07-29 23:34:52 +02:00
Thomas Waldmann
c99b849abe
create: do not try to read parent dir of recursion root, fixes #7746 2023-07-29 23:31:16 +02:00
Thomas Waldmann
3e640a38c0
add a test for unreadable parent dir, see #7746 2023-07-29 23:21:10 +02:00
TW
1e7dec1541
Merge pull request #7742 from bigtedde/remove-BaseTestCase 
PR: Remove BaseTestCase from `testsuite/`
 2023-07-29 22:14:33 +02:00
bigtedde
a09c8ad940 reverted import grouping 2023-07-29 09:40:24 -07:00