From patchwork Mon Jan 29 13:41:06 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Adolf Belka X-Patchwork-Id: 7496 Return-Path: Received: from mail01.ipfire.org (mail01.haj.ipfire.org [172.28.1.202]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (secp384r1) server-digest SHA384 client-signature ECDSA (secp384r1) client-digest SHA384) (Client CN "mail01.haj.ipfire.org", Issuer "R3" (verified OK)) by web04.haj.ipfire.org (Postfix) with ESMTPS id 4TNqG41trSz3xHD for ; Mon, 29 Jan 2024 13:41:32 +0000 (UTC) Received: from mail02.haj.ipfire.org (mail02.haj.ipfire.org [172.28.1.201]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (secp384r1) client-signature ECDSA (secp384r1)) (Client CN "mail02.haj.ipfire.org", Issuer "R3" (verified OK)) by mail01.ipfire.org (Postfix) with ESMTPS id 4TNqG15r4rzkc; Mon, 29 Jan 2024 13:41:29 +0000 (UTC) Received: from mail02.haj.ipfire.org (localhost [127.0.0.1]) by mail02.haj.ipfire.org (Postfix) with ESMTP id 4TNqG12tTFz32hF; Mon, 29 Jan 2024 13:41:29 +0000 (UTC) Received: from mail01.ipfire.org (mail01.haj.ipfire.org [172.28.1.202]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (secp384r1) server-digest SHA384 client-signature ECDSA (secp384r1) client-digest SHA384) (Client CN "mail01.haj.ipfire.org", Issuer "R3" (verified OK)) by mail02.haj.ipfire.org (Postfix) with ESMTPS id 4TNqFy21J7z2xZk for ; Mon, 29 Jan 2024 13:41:26 +0000 (UTC) Received: from [127.0.0.1] (localhost [127.0.0.1]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (secp384r1) server-digest SHA384) (No client certificate requested) by mail01.ipfire.org (Postfix) with ESMTPSA id 4TNqFw5vmqzj5; Mon, 29 Jan 2024 13:41:24 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ipfire.org; s=202003rsa; t=1706535684; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding; bh=RvKhBppo8klbCOrd/LBDTAxkWK1Lx31Sl3ZtyXZEg20=; b=arqZUFIJvGOmNNKmokWzWKXjVqaXnT4XGiieEBUGysaPv7Ep9QwWKSIHJPCiqpjpKN14pS BIyRnBiU/LodTy+wxVHDI7shhDWca2aaQNSgq/QBM/RR8l5EBBWDr0wX1TJqYSK77GT0hF EBsL57X49WfVmJ9cTOY6O3jX4LOZZ7NnwUeJyqjTPcexllQu75/SyuZJZwRznrzBnR8kCF IkICJ5XKMbfeSTGr6xmEqxlarldrE3xv4v/7XJhJToyi/evFEj1rw27LQ5ftOc9LjoMOtf ejCzk1ULxvDlliVa+3xbWNCowO5DF+1QghyXm6gvXEW6erKkjkc0olnrmkuYhQ== DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/relaxed; d=ipfire.org; s=202003ed25519; t=1706535684; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding; bh=RvKhBppo8klbCOrd/LBDTAxkWK1Lx31Sl3ZtyXZEg20=; b=4h34T4Dh8JJ1B5IAoyvBbAlvXR2KPi8JVUiXTWivYsJnf7VMdEI4VTSgnaReAWn8EE3UgD +lrQ2/HqlxbvdtCg== From: Adolf Belka To: development@lists.ipfire.org Subject: [PATCH 01/15] borgbackup: Update to version 1.2.7 Date: Mon, 29 Jan 2024 14:41:06 +0100 Message-ID: <20240129134120.3269534-1-adolf.belka@ipfire.org> MIME-Version: 1.0 Message-ID-Hash: KOPCTH6XAE2POWIVO6MKMC2WPIWADAHP X-Message-ID-Hash: KOPCTH6XAE2POWIVO6MKMC2WPIWADAHP X-MailFrom: adolf.belka@ipfire.org X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header X-Mailman-Version: 3.3.8 Precedence: list List-Id: IPFire development talk Archived-At: List-Archive: List-Help: List-Owner: List-Post: List-Subscribe: List-Unsubscribe: - Update from version 1.2.3 to 1.2.7 - Update of rootfile - Patch set put together to also update the dependency packages where they have been updated. - Changelog 1.2.7 Fixes: - docs: CVE-2023-36811 upgrade steps: consider checkpoint archives, #7802 - check/compact: fix spurious reappearance of orphan chunks since borg 1.2, #6687 - this consists of 2 fixes: - for existing chunks: check --repair: recreate shadow index, #6687 - for newly created chunks: update shadow index when doing a double-put, #5661 - LockRoster.modify: no KeyError if element was already gone, #7937 - create --X-from-command: run subcommands with a clean environment, #7916 - list --sort-by: support "archive" as alias of "name", #7873 - fix rc and msg if arg parsing throws an exception, #7885 Other changes: - support and test on Python 3.12 - include unistd.h in _chunker.c (fix for Python 3.13) - allow msgpack 1.0.6 and 1.0.7 - TAM issues: show tracebacks, improve borg check logging, #7797 - replace "datetime.utcfromtimestamp" with custom helper to avoid deprecation warnings when using Python 3.12 - vagrant: - use generic/debian9 box, fixes #7579 - add VM with debian bookworm / test on OpenSSL 3.0.x. - docs: - not only attack/unsafe, can also be a fs issue, #7853 - point to CVE-2023-36811 upgrade steps from borg 1.1 to 1.2 upgrade steps, #7899 - upgrade steps needed for all kinds of repos (including "none" encryption mode), #7813 - upgrade steps: talk about consequences of borg check, #7816 - upgrade steps: remove period that could be interpreted as part of the command - automated-local.rst: use GPT UUID for consistent udev rule - create disk/partition sector backup by disk serial number, #7934 - update macOS hint about full disk access - clarify borg prune -a option description, #7871 - readthedocs: also build offline docs (HTMLzip), #7835 - frontends: add "check.rebuild_refcounts" message 1.2.6 Fixes: - The upgrade procedure docs as published with borg 1.2.5 did not work, if the repository had archives resulting from a borg rename or borg recreate operation. The updated docs now use BORG_WORKAROUNDS=ignore_invalid_archive_tam at some places to avoid that issue, #7791. See: fix pre-1.2.5 archives spoofing vulnerability (CVE-2023-36811), details and necessary upgrade procedure described above. Other changes: - updated 1.2.5 changelog entry: 1.2.5 already has the fix for rename/recreate. - remove cython restrictions. recommended is to build with cython 0.29.latest, because borg 1.2.x uses this since years and it is very stable. You can also try to build with cython 3.0.x, there is a good chance that it works. As a 3rd option, we also bundle the `*.c` files cython outputs in the release pypi package, so you can also just use these and not need cython at all. 1.2.5 Fixes: - Security: fix pre-1.2.5 archives spoofing vulnerability (CVE-2023-36811), see details and necessary upgrade procedure described above. - rename/recreate: correctly update resulting archive's TAM, see #7791 - create: do not try to read parent dir of recursion root, #7746 - extract: fix false warning about pattern never matching, #4110 - diff: remove surrogates before output, #7535 - compact: clear empty directories at end of compact process, #6823 - create --files-cache=size: fix crash, #7658 - keyfiles: improve key sanity check, #7561 - only warn about "invalid" chunker params, #7590 - ProgressIndicatorPercent: fix space computation for wide chars, #3027 - improve argparse validator error messages New features: - mount: make up volname if not given (macOS), #7690. macFUSE supports a volname mount option to give what finder displays on the desktop / in the directory view. if the user did not specify it, we make something up, because otherwise it would be "macFUSE Volume 0 (Python)" and hide the mountpoint directory name. - BORG_WORKAROUNDS=authenticated_no_key to extract from authenticated repos without key, #7700 Other changes: - add `utcnow()` helper function to avoid deprecated `datetime.utcnow()` - stay on latest Cython 0.29 (0.29.36) for borg 1.2.x (do not use Cython 3.0 yet) - docs: - move upgrade notes to own section, see #7546 - mount -olocal: how to show mount in finder's sidebar, #5321 - list: fix --pattern examples, #7611 - improve patterns help - incl./excl. options, path-from-stdin exclusiveness - obfuscation docs: markup fix, note about MAX_DATA_SIZE - --one-file-system: add macOS apfs notes, #4876 - improve --one-file-system help string, #5618 - rewrite borg check docs - improve the docs for --keep-within, #7687 - fix borg init command in environment.rst.inc - 1.1.x upgrade notes: more precise borg upgrade instructions, #3396 -tests: - fix repo reopen - avoid long ids in pytest output - check buzhash chunksize distribution, see #7586 1.2.4 New features: - import-tar: add --ignore-zeros to process concatenated tars, #7432. - debug id-hash: computes file/chunk content id-hash, #7406 - diff: --content-only does not show mode/ctime/mtime changes, #7248 - diff: JSON strings in diff output are now sorted alphabetically Bug fixes: - xattrs: fix namespace processing on FreeBSD, #6997 - diff: fix path related bug seen when addressing deferred items. - debug get-obj/put-obj: always give chunkid as cli param, see #7290 (this is an incompatible change, see also borg debug id-hash) - extract: fix mtime when ResourceFork xattr is set (macOS specific), #7234 - recreate: without --chunker-params, do not re-chunk, #7337 - recreate: when --target is given, do not detect "nothing to do". use case: borg recreate -a src --target dst can be used to make a copy of an archive inside the same repository, #7254. - set .hardlink_master for ALL hardlinkable items, #7175 - locking: fix host, pid, tid order. tid (thread id) must be parsed as hex from lock file name. - update development.lock.txt, including a setuptools security fix, #7227 Other changes: - requirements: allow msgpack 1.0.5 also - upgrade Cython to 0.29.33 - hashindex minor fixes, refactor, tweaks, tests - use os.replace not os.rename - remove BORG_LIBB2_PREFIX (not used any more) - docs: - BORG_KEY_FILE: clarify docs, #7444 - update FAQ about locale/unicode issues, #6999 - improve mount options rendering, #7359 - make timestamps in manual pages reproducible - installation: update Fedora in distribution list, #7357 - tests: - fix test_size_on_disk_accurate for large st_blksize, #7250 - add same_ts_ns function and use it for relaxed timestamp comparisons - "auto" compressor tests: don't assume a specific size, do not assume zlib is better than lz4, #7363 - add test for extracted directory mtime - vagrant: - upgrade local freebsd 12.1 box -> generic/freebsd13 box (13.1) - use pythons > 3.8 which work on freebsd 13.1 - pyenv: also install python 3.11.1 for testing - pyenv: use python 3.10.1, 3.10.0 build is broken on freebsd Tested-by: Adolf Belka Signed-off-by: Adolf Belka --- config/rootfiles/packages/borgbackup | 36 ++++++++++++++-------------- lfs/borgbackup | 8 +++---- 2 files changed, 22 insertions(+), 22 deletions(-) diff --git a/config/rootfiles/packages/borgbackup b/config/rootfiles/packages/borgbackup index feaca4156..897d1d1be 100644 --- a/config/rootfiles/packages/borgbackup +++ b/config/rootfiles/packages/borgbackup @@ -6,23 +6,23 @@ usr/lib/python3.10/site-packages/borg/__main__.py usr/lib/python3.10/site-packages/borg/_version.py #usr/lib/python3.10/site-packages/borg/algorithms usr/lib/python3.10/site-packages/borg/algorithms/__init__.py -usr/lib/python3.10/site-packages/borg/algorithms/checksums.cpython-310-xxxMACHINExxx-linux-gnu.so +usr/lib/python3.10/site-packages/borg/algorithms/checksums.cpython-310-x86_64-linux-gnu.so usr/lib/python3.10/site-packages/borg/archive.py usr/lib/python3.10/site-packages/borg/archiver.py usr/lib/python3.10/site-packages/borg/cache.py -usr/lib/python3.10/site-packages/borg/chunker.cpython-310-xxxMACHINExxx-linux-gnu.so -usr/lib/python3.10/site-packages/borg/compress.cpython-310-xxxMACHINExxx-linux-gnu.so +usr/lib/python3.10/site-packages/borg/chunker.cpython-310-x86_64-linux-gnu.so +usr/lib/python3.10/site-packages/borg/compress.cpython-310-x86_64-linux-gnu.so usr/lib/python3.10/site-packages/borg/constants.py #usr/lib/python3.10/site-packages/borg/crypto usr/lib/python3.10/site-packages/borg/crypto/__init__.py usr/lib/python3.10/site-packages/borg/crypto/file_integrity.py usr/lib/python3.10/site-packages/borg/crypto/key.py usr/lib/python3.10/site-packages/borg/crypto/keymanager.py -usr/lib/python3.10/site-packages/borg/crypto/low_level.cpython-310-xxxMACHINExxx-linux-gnu.so +usr/lib/python3.10/site-packages/borg/crypto/low_level.cpython-310-x86_64-linux-gnu.so usr/lib/python3.10/site-packages/borg/crypto/nonces.py usr/lib/python3.10/site-packages/borg/fuse.py usr/lib/python3.10/site-packages/borg/fuse_impl.py -usr/lib/python3.10/site-packages/borg/hashindex.cpython-310-xxxMACHINExxx-linux-gnu.so +usr/lib/python3.10/site-packages/borg/hashindex.cpython-310-x86_64-linux-gnu.so #usr/lib/python3.10/site-packages/borg/helpers usr/lib/python3.10/site-packages/borg/helpers/__init__.py usr/lib/python3.10/site-packages/borg/helpers/checks.py @@ -37,7 +37,7 @@ usr/lib/python3.10/site-packages/borg/helpers/process.py usr/lib/python3.10/site-packages/borg/helpers/progress.py usr/lib/python3.10/site-packages/borg/helpers/time.py usr/lib/python3.10/site-packages/borg/helpers/yes.py -usr/lib/python3.10/site-packages/borg/item.cpython-310-xxxMACHINExxx-linux-gnu.so +usr/lib/python3.10/site-packages/borg/item.cpython-310-x86_64-linux-gnu.so usr/lib/python3.10/site-packages/borg/locking.py usr/lib/python3.10/site-packages/borg/logger.py usr/lib/python3.10/site-packages/borg/lrucache.py @@ -47,9 +47,9 @@ usr/lib/python3.10/site-packages/borg/patterns.py #usr/lib/python3.10/site-packages/borg/platform usr/lib/python3.10/site-packages/borg/platform/__init__.py usr/lib/python3.10/site-packages/borg/platform/base.py -usr/lib/python3.10/site-packages/borg/platform/linux.cpython-310-xxxMACHINExxx-linux-gnu.so -usr/lib/python3.10/site-packages/borg/platform/posix.cpython-310-xxxMACHINExxx-linux-gnu.so -usr/lib/python3.10/site-packages/borg/platform/syncfilerange.cpython-310-xxxMACHINExxx-linux-gnu.so +usr/lib/python3.10/site-packages/borg/platform/linux.cpython-310-x86_64-linux-gnu.so +usr/lib/python3.10/site-packages/borg/platform/posix.cpython-310-x86_64-linux-gnu.so +usr/lib/python3.10/site-packages/borg/platform/syncfilerange.cpython-310-x86_64-linux-gnu.so usr/lib/python3.10/site-packages/borg/platform/xattr.py usr/lib/python3.10/site-packages/borg/platformflags.py usr/lib/python3.10/site-packages/borg/remote.py @@ -72,6 +72,7 @@ usr/lib/python3.10/site-packages/borg/testsuite/crypto.py usr/lib/python3.10/site-packages/borg/testsuite/efficient_collection_queue.py usr/lib/python3.10/site-packages/borg/testsuite/file_integrity.py usr/lib/python3.10/site-packages/borg/testsuite/hashindex.py +usr/lib/python3.10/site-packages/borg/testsuite/hashindex_stress.py usr/lib/python3.10/site-packages/borg/testsuite/helpers.py usr/lib/python3.10/site-packages/borg/testsuite/item.py usr/lib/python3.10/site-packages/borg/testsuite/key.py @@ -91,12 +92,11 @@ usr/lib/python3.10/site-packages/borg/testsuite/xattr.py usr/lib/python3.10/site-packages/borg/upgrader.py usr/lib/python3.10/site-packages/borg/version.py usr/lib/python3.10/site-packages/borg/xattr.py -usr/lib/python3.10/site-packages/borgbackup-1.2.3-py3.10.egg-info -usr/lib/python3.10/site-packages/borgbackup-1.2.3-py3.10.egg-info/PKG-INFO -usr/lib/python3.10/site-packages/borgbackup-1.2.3-py3.10.egg-info/SOURCES.txt -usr/lib/python3.10/site-packages/borgbackup-1.2.3-py3.10.egg-info/dependency_links.txt -usr/lib/python3.10/site-packages/borgbackup-1.2.3-py3.10.egg-info/entry_points.txt -usr/lib/python3.10/site-packages/borgbackup-1.2.3-py3.10.egg-info/not-zip-safe -usr/lib/python3.10/site-packages/borgbackup-1.2.3-py3.10.egg-info/requires.txt -usr/lib/python3.10/site-packages/borgbackup-1.2.3-py3.10.egg-info/top_level.txt - +usr/lib/python3.10/site-packages/borgbackup-1.2.7-py3.10.egg-info +usr/lib/python3.10/site-packages/borgbackup-1.2.7-py3.10.egg-info/PKG-INFO +usr/lib/python3.10/site-packages/borgbackup-1.2.7-py3.10.egg-info/SOURCES.txt +usr/lib/python3.10/site-packages/borgbackup-1.2.7-py3.10.egg-info/dependency_links.txt +usr/lib/python3.10/site-packages/borgbackup-1.2.7-py3.10.egg-info/entry_points.txt +usr/lib/python3.10/site-packages/borgbackup-1.2.7-py3.10.egg-info/not-zip-safe +usr/lib/python3.10/site-packages/borgbackup-1.2.7-py3.10.egg-info/requires.txt +usr/lib/python3.10/site-packages/borgbackup-1.2.7-py3.10.egg-info/top_level.txt diff --git a/lfs/borgbackup b/lfs/borgbackup index 79d6446ee..7b77fd4bb 100644 --- a/lfs/borgbackup +++ b/lfs/borgbackup @@ -1,7 +1,7 @@ ############################################################################### # # # IPFire.org - A linux based firewall # -# Copyright (C) 2007-2023 IPFire Team # +# Copyright (C) 2007-2024 IPFire Team # # # # This program is free software: you can redistribute it and/or modify # # it under the terms of the GNU General Public License as published by # @@ -24,7 +24,7 @@ include Config -VER = 1.2.3 +VER = 1.2.7 SUMMARY = Deduplicating backup program with compression and authenticated encryption THISAPP = borgbackup-$(VER) @@ -33,7 +33,7 @@ DL_FROM = $(URL_IPFIRE) DIR_APP = $(DIR_SRC)/$(THISAPP) TARGET = $(DIR_INFO)/$(THISAPP) PROG = borgbackup -PAK_VER = 15 +PAK_VER = 16 DEPS = python3-msgpack python3-packaging python3-pyfuse3 # borgbackup only works with specific versions of python3-msgpack @@ -48,7 +48,7 @@ objects = $(DL_FILE) $(DL_FILE) = $(DL_FROM)/$(DL_FILE) -$(DL_FILE)_BLAKE2 = 970fad62428b44eb22df761020a4c25f4aa8d3e8f5cc2c81aa96b1afb051dc24b3d124b4fc84e81cf8eaa6a9b19a200f6f9bda1f7f4c2794a7e8d33e8d5020f1 +$(DL_FILE)_BLAKE2 = 8d69f3e7890ee117e1fe2cdf6b92c548bc40b337de09850948150034fc4724bf05c51c852a268df2294e3657676920a1c663a421331fd6dba5fffa558429f11e install : $(TARGET)