mirror
/
borg
mirror of https://github.com/borgbackup/borg.git
1
0
Fork 0
Code Issues Releases Wiki Activity
8,177 Commits 9 Branches 131 Tags 67 MiB
Commit Graph

8177 Commits

Author SHA1 Message Date
Thomas Waldmann 75f8391bb6
vagrant: upgrade to pyinstaller 5.13.2 2023-09-14 19:26:01 +02:00
Thomas Waldmann b2e8ad0257
vagrant: upgrade to python 3.11.5 2023-09-14 17:01:54 +02:00
Thomas Waldmann 3f75950226
build_usage / build_man 2023-09-14 15:52:08 +02:00
Thomas Waldmann 7e15b6488a
update CHANGES 2023-09-14 15:48:18 +02:00
TW 4e8cc050c2
Merge pull request #7823 from ThomasWaldmann/allow-msgpack-106-master 
allow msgpack 1.0.6 (which has py312 wheels), fixes #7810
 2023-09-14 15:34:52 +02:00
Thomas Waldmann 12e224613e
test_is_slow_msgpack: skip test on expected slow msgpack environments 2023-09-14 14:47:30 +02:00
Thomas Waldmann 95e75b90f1
allow msgpack 1.0.6 (which has py312 wheels), fixes #7810 2023-09-14 13:47:31 +02:00
TW 2943d1c11e
Merge pull request #7592 from ThomasWaldmann/py312 
support / test on Python 3.12
 2023-09-14 04:38:57 +02:00
Thomas Waldmann bc9ce99e9b
allow msgpack 1.0.6(rc1) 2023-09-14 04:08:25 +02:00
Thomas Waldmann 1ed7f29572
avoid tarfile deprecation warning for py312 2023-09-14 03:04:36 +02:00
Thomas Waldmann c4327c2819
add wheel to build-system requirements 2023-09-14 03:04:35 +02:00
Thomas Waldmann 1175fbcfd9
support / test on Python 3.12 2023-09-14 03:04:28 +02:00
TW 6bb24ded05
Merge pull request #7817 from bket/openssl-3.0 
OpenBSD only: switch to OpenSSL-3.0
 2023-09-12 17:36:30 +02:00
TW 9986bcc9c2
Merge pull request #7819 from ThomasWaldmann/remove-twine-master 
remove twine from requirements
 2023-09-12 17:02:13 +02:00
Thomas Waldmann 34b33d2706
remove twine from requirements 
twine is only needed at release time, no need
for all developers or all test runs to install
this.

also, some requirement of twine needs a rust
compiler, so if there is no rust compiler,
automated runs will abort due to that.
 2023-09-12 16:02:10 +02:00
Björn Ketelaars 83d4fca4d2 OpenBSD only: switch to OpenSSL-3.0 2023-09-11 21:43:35 +02:00
TW a089448841
Merge pull request #7811 from ThomasWaldmann/update-locked-requirements-master 
update requirements.d/development.lock.txt
 2023-09-05 15:47:42 +02:00
Thomas Waldmann 2593ea0149
update requirements.d/development.lock.txt 2023-09-05 14:22:00 +02:00
TW e40674ed3d
Merge pull request #7807 from ThomasWaldmann/update-changes-master 
update CHANGES
 2023-09-05 14:17:57 +02:00
Thomas Waldmann c883181609
update CHANGES 
also:: add a note about required TAMs.
 2023-09-05 13:50:59 +02:00
TW 0ac750dcd5
Merge pull request #7809 from ThomasWaldmann/move-to-pyprojecttoml-master 
Move to pyproject.toml
 2023-09-05 13:47:27 +02:00
Thomas Waldmann 55f0798b15
fix src code formatting 
not sure why this changed!?
 2023-09-05 00:34:03 +02:00
Thomas Waldmann 61e96eb51f
pyproject.toml: move project metadata 2023-09-05 00:01:40 +02:00
Thomas Waldmann a91b7d2787
pyproject.toml: move mypy options 2023-09-04 23:27:10 +02:00
Thomas Waldmann 34cadfdc4e
pyproject.toml: move pytest options 2023-09-04 23:16:20 +02:00
TW 5cce0d7504
Merge pull request #7808 from ThomasWaldmann/ruff-master 
replace flake8 by ruff
 2023-09-04 23:03:05 +02:00
Thomas Waldmann 98796a2f0d
replace flake8 by ruff 2023-09-04 22:15:42 +02:00
TW 1fd8b52f6b
Merge pull request #7650 from ThomasWaldmann/remove-force-tam-not-required 
TAM: always generate and verify
 2023-09-04 20:33:52 +02:00
Thomas Waldmann a0f5264cbd
rlist: remove support for {tam} placeholder 
archives are now always TAM-authenticated.
 2023-09-03 22:27:24 +02:00
Thomas Waldmann 2d78fa89a5
always implicitly require archive TAMs 
they must be there since the upgrade to borg 1.2.6 (or other
borg versions that also have a fix for CVE-2023-36811).
 2023-09-03 22:02:35 +02:00
Thomas Waldmann 21d4407170
always implicitly require manifest TAMs 
remove a lot of complexity from the code that was just there to
support legacy borg versions < 1.0.9 which did not TAM authenticate
the manifest.

since then, borg writes TAM authentication to the manifest,
even if the repo is unencrypted.
if the repo is unencrypted, it did not check the somehow pointless
authentication that was generated without any secret, but
if we add that fake TAM, we can also verify the fake TAM.

if somebody explicitly switches off all crypto, they can not
expect authentication.

for everybody else, borg now always generates the TAM and also
verifies it.
 2023-09-03 22:01:46 +02:00
TW 4ded3620c5
Merge pull request #7805 from ThomasWaldmann/fwd-port-tam-cve-fixes-master 
some fwd ports of the archive-TAM/CVE related code/docs
 2023-09-03 20:49:50 +02:00
Thomas Waldmann aaafc36d97
update upgrade instruction in changes_1.x.rst 2023-09-03 17:27:44 +02:00
Thomas Waldmann 1338646b9d
check: improve logging for TAM issues, fixes #7797 2023-09-03 17:15:09 +02:00
TW 270f33b7ed
Merge pull request #7800 from ThomasWaldmann/fix-zstd-docs 
docs: remove zstd compat hint
 2023-09-02 15:42:50 +02:00
Thomas Waldmann 32d7222e67
docs: remove zstd compat hint 
borg2 repos are not compatible with borg1 anyway,
so no need to mention that.
 2023-09-02 14:30:34 +02:00
TW 3eb070191d
Merge pull request #7789 from ThomasWaldmann/archive-tam-verify-master 
Archive tam verify security fix (master)
 2023-08-30 18:29:05 +02:00
Thomas Waldmann f334ef1b4d
fix CVE timeline, fix markup 2023-08-30 15:58:12 +02:00
Thomas Waldmann 449cd51b73
document vulnerability, repo upgrade procedure 2023-08-30 02:32:50 +02:00
Thomas Waldmann 56da398711
add tests for archive TAMs 2023-08-30 02:28:57 +02:00
Thomas Waldmann 5cd2060345
rebuild_refcounts: keep archive ID, if possible 
rebuild_refcounts verifies and recreates the TAM.
Now it re-uses the salt, so that the archive ID does not change
just because of a new salt if the archive has still the same data.
 2023-08-30 01:13:52 +02:00
Thomas Waldmann 95b5604422
TAM msgs: be more specific: archives vs. manifest 2023-08-30 00:58:03 +02:00
Thomas Waldmann b23e6cb73d
list: support {tam} placeholder. check archive TAM. 
list: shows either "verified" or "none", depending on
whether a TAM auth tag could be verified or was
missing (old archives from borg < 1.0.9).

when loading an archive, we now try to verify the archive
TAM, but we do not require it. people might still have
old archives in their repos and we want to be able to
list such repos without fatal exceptions.
 2023-08-30 00:58:02 +02:00
Thomas Waldmann 277b0b81a8
cache sync: check archive TAM 2023-08-30 00:58:00 +02:00
Thomas Waldmann 462c1bdf2e
check: rebuild_refcounts verify and recreate TAM 
This part of the archive checker recreates the Archive
items (always, just in case some missing chunks needed
repairing).

When loading the Archive item, we now verify the TAM.
When saving the (potentially modified) Archive item,
we now (re-)generate the TAM.

Archives without a valid TAM are dropped rather than TAM-authenticated
when saving them. There shouldn't be any archives without a valid TAM:

- borg writes an archive TAM since long (1.0.9)
- users are expected to TAM-authenticate archives created
  by older borg when upgrading to borg 1.2.5.

Also:

Archive.set_meta: TAM-authenticate new archive

This is also used by Archive.rename and .recreate.
 2023-08-30 00:57:33 +02:00
Thomas Waldmann bfead4b288
fixup with msgpack data types related fixes 2023-08-29 22:32:30 +02:00
Thomas Waldmann a2ee13fd34
check: rebuild_manifest must verify archive TAM 2023-08-29 21:10:32 +02:00
TW 6aa350aeb4
Merge pull request #7780 from ThomasWaldmann/update-changes-master 
update CHANGES
 2023-08-27 21:05:27 +02:00
Thomas Waldmann 760d01ee0c
update CHANGES 2023-08-27 20:41:40 +02:00
TW b3be2d30b5
Merge pull request #7779 from ThomasWaldmann/cy302 
lock cython to 3.0.2
 2023-08-27 19:42:33 +02:00