- Update from version 1.2.7 to 1.4.0
- Update of rootfile
- This version now requires libxxhash and can now work with python3-msgpack at version
1.0.8 so additional patch submissions combined with this one for implementation of
libxxhash and for update og python3-msgpack.
- Tested out changes on my vm testbed system and was able to access old repo info and
fusemount the repo successfully and write a new backup. So everything I normally
test is functioning.
- Changelog
1.4.0
Compatibility notes:
By default, borg 1.4 will behave quite similar to borg 1.2 (it was forked off
from 1.2-maint branch at 1.2.7).
- the slashdot hack: be careful not to accidentally give paths containing
/./ to "borg create" if you do not want to trigger this feature (which
strips the left part of the path from archived items).
- BORG_EXIT_CODES=modern is a feature that borg script, wrapper and GUI
authors may want to use to get more specific error and warning return
codes from borg.
In that case, of course they will need to make sure to correctly deal
with these new codes, see the internals/frontends docs.
Other changes:
- vagrant: revive the buster64 box, RHEL8 has same glibc
- tests: fix pytest_report_header, #8232
- docs:
- mount: add examples using :: positional argument, #8255
- Installation: update Arch Linux repo name
- update standalone binary section
1.4.0rc1
Fixes:
- setup.py: fix import error reporting for cythonize import, #8208
- setup.py: detect noexec build fs issue, #8208
Other changes:
- changed insufficiently reserved length for log message, #8152
- use Python 3.11.9, Cython 3.0.10 and PyInstaller 6.7.0 for binary builds
- docs:
- use python 3.9 in cygwin install docs, fixes#8196
- recreate: remove experimental status
- github CI: fix PKG_CONFIG_PATH for openssl 3.0
- vagrant:
- add a ubuntu noble (24.04) VM
- drop buster VM, fixes#8171
1.4.0b2
Fixes:
- check: fix return code for index entry value discrepancies
- benchmark: inherit options --rsh --remote-path, #8099
- sdist: dynamically compute readme (long_description)
- create: deal with EBUSY, #8123
- No need to use OpenSSL 3.0 on OpenBSD, use LibreSSL.
- fix Ctrl-C / SIGINT behaviour for pyinstaller-made binaries, #8155
New features:
- create: add the slashdot hack, update docs, #4685
- upgrade --check-tam: check manifest TAM auth, exit with rc=1 if there
are issues.
- upgrade --check-archives-tam: check archives TAM auth, exit with rc=1
if there are issues.
Other changes:
- improve acl_get / acl_set error handling, improved/added tests, #8125
- remove bundled lz4/zstd/xxhash code (require the respective
libs/headers),
simplify setup.py, remove support for all BORG_USE_BUNDLED_*=YES, #8094
- require Cython 3.0.3 at least (fixes py312 memory leak), #8133
- allow msgpack 1.0.8, #8133
- init: better borg key export instructions
- init: remove compatibility warning for borg <=1.0.8
The warning refers to a compatibility issue not relevant any
more since borg 1.0.9 (released 2016-12).
- locate libacl via pkgconfig
- scripts/make.py: move clean, build_man, build_usage to there,
so we do not need to invoke setup.py directly, update docs
- docs:
- how to run the testsuite using the dist package
- add non-root deployment strategy (systemd / capabilities)
- simplify TAM-related upgrade docs using the new commands
- vagrant:
- use python 3.11.8
- use pyinstaller 6.5.0
- add xxhash for macOS, add libxxhash-dev for debianoid systems
- use openindiana/hipster box
1.4.0b1
Fixes:
- fix CommandError args, #8029
New features:
- implement "borg version" (shows client and server version), #7829
Other changes:
- better error msg for corrupted key data, #8016
- repository: give clean error msg for invalid nonce file, #7967
- check_can_create_repository: deal with PermissionErrors, #7016
- add ConnectionBrokenWithHint for BrokenPipeErrors and similar, #7016
- with-lock: catch exception, print error msg, #8022
- use cython 3.0.8
- modernize msgpack wrapper
- docs:
- add brew bundle instructions (macOS)
- improve docs for borg with-lock, #8022
1.4.0a1
New features:
- BORG_EXIT_CODES=modern: optional more specific return codes (for
errors and warnings).
The default value of this new environment variable is "legacy", which
should result in a behaviour similar to borg 1.2 and older (only using
rc 0, 1 and 2).
"modern" exit codes are much more specific (see the
internals/frontends docs).
Fixes:
- PATH: do not accept empty strings, #4221.
This affects the cli interface of misc. commands (create, extract,
diff, mount, ...) and they now will reject "" (empty string) given as
a path.
Other changes:
- Python: require Python >= 3.9, drop support for 3.8, #6383
- Cython: require Cython >= 3.0, drop support for Cython 0.29.x,
use 3str language level (default in cython3), #7978
- use pyinstaller 6.3.0 and python 3.11 for binary build, #7987
- msgpack: require >= 1.0.3, <= 1.0.7
- replace flake8 by ruff style/issue checker
- tests: remove python-dateutil dependency
- tests: move conftest.py to src/borg/testsuite, #6386
- move misc. config/metadata to pyproject.toml
- vagrant:
- use a freebsd 14 box, #6871
- use generic/openbsd7 box
- use openssl 3 on macOS, FreeBSD, OpenBSD
- remove ubuntu 20.04 "focal" box
- remove debian 9 "stretch" box (remove stretch-based binary builds)
- require recent setuptools and setuptools_scm
- crypto: get rid of deprecated HMAC_* functions to avoid warnings.
Instead, use hmac.digest from Python stdlib.
Tested-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
- Update from version 20231030 to 20240811
- Update of rootfile
- Rootfile reviewed and modified as per steps outlined by @Peter Müller
- AMD have issued firmware fixes for processors affected by the SinkClose vulnerability.
I don't know if they are in this version already or not but I will check for any new
updates periodically. Worth having the fixes just in case even though the likelyhood
is that those processors more likely to be used for IPFire (Ryzen 1000, 2000 & 3000)
will not be getting the fixes generated and provided.
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
This patch caused that coreutils had to have to be reconfigured with
"autoreconf". However, we don't have autopoint available at this stage
in the build process and therefore we can't do this here.
I don't really know why we would require the patch and therefore suggest
dropping it.
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
This reverts commit 34b3e9a0a2.
This breaks the build of Ruby on aarch64 (and other non-x86
architectures). A potential fix seems to be available but we cannot
include this as we cannot build Rust from source:
f0b52f1dbd
Therefore we would have to wait until this is fixed upstream.
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
unshare seems to want to change the mount propagation for /proc
before it has been mounted. In order to workaround that problem,
we bind-mount /proc to itself before.
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
- Update from 3.3.0 to 3.3.1
- Update of rootfile not required
- This version has 2 CVE fixes both of which are classified as Low Severity so looks like
they can wait for CU189
- Changelog
3.3.1
* Fixed potential use after free after SSL_free_buffers() is called.
The SSL_free_buffers function is used to free the internal OpenSSL
buffer used when processing an incoming record from the network.
The call is only expected to succeed if the buffer is not currently
in use. However, two scenarios have been identified where the buffer
is freed even when still in use.
The first scenario occurs where a record header has been received
from the network and processed by OpenSSL, but the full record body
has not yet arrived. In this case calling SSL_free_buffers will succeed
even though a record has only been partially processed and the buffer
is still in use.
The second scenario occurs where a full record containing application
data has been received and processed by OpenSSL but the application has
only read part of this data. Again a call to SSL_free_buffers will
succeed even though the buffer is still in use.
([CVE-2024-4741])
* Fixed an issue where checking excessively long DSA keys or parameters may
be very slow.
Applications that use the functions EVP_PKEY_param_check() or
EVP_PKEY_public_check() to check a DSA public key or DSA parameters may
experience long delays. Where the key or parameters that are being checked
have been obtained from an untrusted source this may lead to a Denial of
Service.
To resolve this issue DSA keys larger than OPENSSL_DSA_MAX_MODULUS_BITS
will now fail the check immediately with a DSA_R_MODULUS_TOO_LARGE error
reason.
([CVE-2024-4603])
* Improved EC/DSA nonce generation routines to avoid bias and timing
side channel leaks.
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
- Update from version 3.3.3 to 3.3.4
- Update of all rootfiles
- Changelog
3.3.4
Bug #20573: Warning.warn shouldn't be called for disabled warnings
Bug #20585: Size of memory allocated by String.new(:capacity) is different
from the specified value
Bug #20581: Ruby 3.3.3 install has missing deps for bundled net-pop gem
Bug #20595: Corruption of encoding name string
Bug #20598: Corruption of internal encoding string
Bug #20562: Categorize RUBY_FREE_AT_EXIT warning
Bug #20468: Segfault on safe navigation in for target
Bug #20592: Interrupting Addrinfo causes Segmentation fault on alpine
Bug #20239: Segmentation fault when using Regex on a large String
Bug #20570: Nokey behavior changed since 3.3.
Bug #20605: Add explicit compiler fence when pushing frames to ensure safe
profiling
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
- Update from version 5.4.6 to 5.4.7
- Update of rootfile
- Rename of patch file to make it clear that it works with 5.4.7
- Changelog is not available. Details of changes have to be founbd via the list of commits
https://github.com/lua/lua/commits/master
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
- Update from version 20240701 to 20240813
- Update of rootfile no0t required
- There is no changelog.
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
- Update from version 1.23 to 1.24
- Update of rootfile not required
- Changelog
1.24
* New gdbm_load option: --update
The --update (-U) option instructs gdbm_load to update an existing
database.
* Fix semantics of gdbm_load -r
The --replace (-r) is valid only when used together with --update.
* Use getline in gdbmtool shell.
* New function: gdbm_load_from_file_ext
In contrast to gdbm_load and gdbm_load_from_file, which derive
the value of the flag parameter for gdbm_open from the value
of their "replace" argument, this function allows the caller to
specify it explicitly. The prototype is:
int gdbm_load_from_file_ext (GDBM_FILE *pdbf, FILE *fp,
int flags, int replace,
int meta_mask,
unsigned long *line);
* Bugfixes
** Fix binary dump format for key and/or data of zero size.
(see https://puszcza.gnu.org.ua/bugs/?565)
** Fix location tracking and recover command in gdbtool.
(see https://puszcza.gnu.org.ua/bugs/?566)
** Fix possible buffer underflow in gdbmload.
** Ensure any padding bytes in avail_elem structure are filled with 0.
(fixes https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1031276)
** Improve the documentation.
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
- Update from version 9.16.50 to 9.20.1
- Update of rootfile
- The use of liburcu has replaced isc_qsbr in 9.19.4 and therefore the position of
liburcu in make.sh had to be changed.
- --enable-threads, --with-libtool, --without-python & --disable-linux-caps are no longer
reconised configure options (it looks like not recognised for a while.
--without-python is explicitly mentioned as being removed in version 9.15.7
The others are not mentioned in the changelog notes.
- The lib/bind9 and lib/irs directories in the source tarball have been removed. The
The comtents of lib/bind9 have been moved to lib/isc and lib/isccfg and the contents
of lib/irs have been moved to dns.
- The order of the make instructions had to be changed as lib/isccfg required the results
of lib/dns and the build failed without it. Changing the order solved the build problem.
- A large number of CVE fixes have been applied between the new and old version.
5 9.20.0
2 9.19.21
3 9.19.20
1 9.19.17
1 9.19.14
3 9.19.9
5 9.19.5
1 9.19.1
4 9.19.0
1 9.17.19
1 9.17.17
2 9.17.12
5 9.17.4
4 9.17.2
- Changelog is too long to include here - around 5000 lines. For details see the NEWS file
in the source tarball.
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
- Update from version 1.16.5 to 1.17
- Update of rootfile
- Changelog
1.17
* New features added
- AM_PATH_PYTHON will, after checking "python", prefer any Python 3
version (latest versions checked first) over any Python 2
version. If a specific version of Python 2 is still needed, the
$PYTHON variable should be set beforehand.
- AM_PATH_PYTHON will also search for Python versions 3.20 through 3.10.
It previously searched for 3.9 through 3.0. (bug#53530)
- RANLIB may be overridden on a per-target basis.
- AM_TEXI2FLAGS may be defined to pass extra flags to TEXI2DVI & TEXI2PDF.
- New option "posix" to emit the special target .POSIX for make.
(bug#55025, bug#67891)
- Systems with non-POSIX "rm -f" behavior are now supported, and the
prior intent to drop support for them has been reversed.
The ACCEPT_INFERIOR_RM_PROGRAM setting no longer exists.
(bug#10828)
- Variables using escaped \# will trigger portability warnings, but be
retained when appended. GNU Make & BSD Makes are known to support it.
(bug#7610)
- GNU Make's default pattern rules are disabled, for speed and debugging.
(.SUFFIXES was already cleared.) (bug#64743)
- For Texinfo documents, if a .texi.in file exists, but no .texi, the
.texi.in will be read. Texinfo source files need not be present at
all, and if present, need not contain @setfilename. Then the file name
as given in the Makefile.am will be used. If @setfilename is present,
it should be the basename of the Texinfo file, extended with .info.
(bug#54063)
- aclocal has a new option --aclocal-path to override $ACLOCAL_PATH.
(https://lists.gnu.org/archive/html/automake-patches/2022-01/msg00029.html)
- The missing script also supports autoreconf, autogen, and perl.
(https://lists.gnu.org/archive/html/automake-patches/2015-08/msg00000.html)
- test-suite.log now contains basic system information, and the
console message about bug reporting on failure has a bit more detail.
(bug#68746, bug#71421)
- When using the (default) "parallel" test driver, you can now omit the
output of skipped tests from test-suite.log by defining the
variable IGNORE_SKIPPED_LOGS to a non-empty value. (bug#71422)
* Bugs fixed
- Generated file timestamp checks handle filesystems with subsecond
timestamp granularity dynamically, greatly speeding up the sleep
done by AC_OUTPUT when generating config.status (all packages) and
Automake's make check.
However, this subsecond-mtime support requires an autom4te from
Autoconf 2.72 or later (or random test failures and other timing
problems may ensue), as well as a Perl, sleep program, make program,
and filesystem that all support subsecond resolution; otherwise, we
fall back to a two-second granularity, not even testing the (common)
1s case since that would induce a 2s delay for all configure scripts
in all packages on all systems that don't support subsecond mtimes.
When everything is supported, a line "Features: subsecond-mtime" is
now printed by automake --version and autom4te --version.
To override this check and delay, e.g. to use 1 second:
am_cv_filesystem_timestamp_resolution=1
export am_cv_filesystem_timestamp_resolution
(commit 720a11531,
https://lists.gnu.org/archive/html/automake-commit/2022-02/msg00009.html
then bug#60808, bug#64756, bug#67670, bug#68808, bug#71652,
history reviewed in
https://lists.gnu.org/archive/html/automake/2024-06/msg00054.html
and more info in surrounding threads.)
- The default value of $ARFLAGS is now "cr" instead of "cru", to better
support deterministic builds. (bug#20082)
- Automake's make dist now uses -9 instead of --best with gzip,
because Alpine gzip does not support --best. Also, GZIP_ENV is used
only for compression, not decompression, because of the same system.
(bug#68151)
- Dependency files are now empty, instead of "# dummy", for speed.
(https://lists.gnu.org/archive/html/automake/2022-05/msg00006.html)
- Compiling Python modules with Python 3.5+ uses multiple optimization
levels. (bug#38043)
- If the Python installation "scheme" is set to posix_local (Debian),
it is reset to either deb_system (if the prefix = /usr), or
posix_prefix (otherwise). (bug#54412, bug#64837)
- As a result of the Python scheme change, the installation directory
for Python files again defaults to "site-packages" under the usual
installation prefix, even on systems (generally Debian-based) that
would normally use the "dist-packages" subdirectory under
/usr/local.
- When compiling Emacs Lisp files, emacs is run with --no-site-file to
disable user config files that might hang or access the terminal;
and -Q is not used, since its support and behavior varies. (bug#58102)
- Emacs Lisp compilations respect silent make output.
- Automake no longer incorrectly warns that the POSIX make variables
$(*D) and the like are non-POSIX. Unfortunately, the make
implementations which do not correctly implement all the POSIX
variables are not detected, but this seems to have little impact
in practice. (bug#9587)
- Pass libtool tags OBJC and OBJCXX for the respective languages.
(bug#67539)
- distcleancheck ignores "silly rename" files (.nfs* .smb* .__afs*)
that can show up on network file systems.
(https://lists.gnu.org/archive/html/automake/2022-09/msg00002.html)
- Pass any options given to AM_PROG_LEX on to AC_PROG_LEX.
(bug#65600, bug#65730)
- aclocal: recognize ; as path separator on OS/2 and Windows. (bug#71534)
- Hash iterations with external effects now consistently sort keys.
(bug#25629, bug#46744)
- tests: avoid some declaration conflicts for lex et al. on SunOS.
(bug#34151 and others)
- tests: declare yyparse before use and use (void) parameter lists
instead of (), to placate C23. (bug#71425)
- Typos in code and other doc fixes. (bug#68003, bug#68004, et al.)
* Obsolescence:
- py-compile no longer supports Python 0.x or 1.x versions. Python 2.0,
released in 2000, is currently the minimum required version.
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
We use features only available in bash. So we should state correctly
that the script should be executed in bash. As sh is a symlink to bash
this makes not differences on a ipfire system. But my linter is less
chatty with this change.
Signed-off-by: Jonatan Schlag <jonatan.schlag@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
With the use of eval BLUE_DEV='blue0 net0' stored "blue0 net0" in the
variable BLUE_DEV not "'blue0 net0'"
Signed-off-by: Jonatan Schlag <jonatan.schlag@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
As '#Another Comment' is a valid key we test this change by checking if
the comments do not end up as keys in our array.
Signed-off-by: Jonatan Schlag <jonatan.schlag@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
To avoid the usage of eval and to store the config in an key value
array, we introduce an new function. The tests only check if we
read the correct value to the correct variable.
One comment on the implementation as this has created some headache:
>From https://www.gnu.org/software/bash/manual/bash.html#Bourne-Shell-Builtins
"When used in a function, declare makes each name local, as with the local command, unless the -g option is used."
So we need to use -g here
Signed-off-by: Jonatan Schlag <jonatan.schlag@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Apparently we can set way more keys then I expected. So we need a
function to check that we do not set certain key. Some keys need to be
skipped.
Signed-off-by: Jonatan Schlag <jonatan.schlag@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
we need this check in multiple places so it makes sense to move this to
a separate function.
Signed-off-by: Jonatan Schlag <jonatan.schlag@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Black on white is still the best to read. So we only style FAILED or
PASSED in green or red. This is also tested with different background
colors. As we only style PASSED or FAILED it works without any problems
Signed-off-by: Jonatan Schlag <jonatan.schlag@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
