Navigation:
Browse pkgsrc
(this page) 2017-01-22 19:34:51 by S.P.Zeidler | Files touched by this commit (2) |  |
Log message:
Pullup ticket #5184 - requested by bsiegert
sysutils/py-borgbackup: security update
Revisions pulled up:
- sysutils/py-borgbackup/Makefile 1.11
- sysutils/py-borgbackup/distinfo 1.6
-------------------------------------------------------------------
Module Name: pkgsrc
Committed By: wiz
Date: Thu Jan 5 16:33:16 UTC 2017
Modified Files:
pkgsrc/sysutils/py-borgbackup: Makefile distinfo
Log message:
Updated py-borgbackup to 1.0.9.
Version 1.0.9 (2016-12-20)
Security fixes:
A flaw in the cryptographic authentication scheme in Borg
allowed an attacker to spoof the manifest. See Pre-1.0.9 manifest
spoofing vulnerability above for the steps you should take.
borg check: When rebuilding the manifest (which should only be
needed very rarely) duplicate archive names would be handled
on a �first come first serve� basis, allowing an attacker to
apparently replace archives.
Bug fixes:
borg check:
rebuild manifest if itâs corrupted
skip corrupted chunks during manifest rebuild
fix TypeError in integrity error handler, #1903, #1894
fix location parser for archives with @ char (regression
introduced in 1.0.8), #1930
fix wrong duration/timestamps if system clock jumped during a create
fix progress display not updating if system clock jumps backwards
fix checkpoint interval being incorrect if system clock jumps
Other changes:
docs:
add python3-devel as a dependency for cygwin-based installation
clarify extract is relative to current directory
FAQ: fix link to changelog
markup fixes
tests:
test_get_(cache|keys)_dir: clean env state, #1897
get back pytestâs pretty assertion failures, #1938
setup.py build_usage:
fixed build_usage not processing all commands
fixed build_usage not generating includes for debug commands
Version 1.0.9rc1 (2016-11-27)
Bug fixes:
files cache: fix determination of newest mtime in backup set
(which is used in cache cleanup and led to wrong �A� [added]
status for unchanged files in next backup), #1860.
borg check:
fix incorrectly reporting attic 0.13 and earlier archives as corrupt
handle repo w/o objects gracefully and also bail out early if
repo is completely empty, #1815.
fix tox/pybuild in 1.0-maint
at xattr module import time, loggers are not initialized yet
New features:
borg umount <mountpoint> exposed already existing umount code
via the CLI api, so users can use it, which is more consistent
than using borg to mount and fusermount -u (or umount) to
un-mount, #1855.
implement borg create ânoatime ânoctime, fixes #1853
Other changes:
docs:
display README correctly on PyPI
improve cache / index docs, esp. files cache docs, fixes #1825
different pattern matching for âexclude, #1779
datetime formatting examples for {now} placeholder, #1822
clarify passphrase mode attic repo upgrade, #1854
clarify âumask usage, #1859
clarify how to choose PR target branch
clarify prune behavior for different archive contents, #1824
fix PDF issues, add logo, fix authors, headings, TOC
move security verification to support section
fix links in standalone README (:ref: tags)
add link to security contact in README
add FAQ about security
move fork differences to FAQ
add more details about resource usage
tests: skip remote tests on cygwin, #1268
travis:
allow OS X failures until the brew cask osxfuse issue is fixed
caskroom osxfuse-beta gone, itâs osxfuse now (3.5.3)
vagrant:
upgrade OSXfuse / FUSE for macOS to 3.5.3
remove llfuse from tox.ini at a central place
do not try to install llfuse on centos6
fix fuse test for darwin, #1546
add windows virtual machine with cygwin
Vagrantfile cleanup / code deduplication
To generate a diff of this commit:
cvs rdiff -u -r1.10 -r1.11 pkgsrc/sysutils/py-borgbackup/Makefile
cvs rdiff -u -r1.5 -r1.6 pkgsrc/sysutils/py-borgbackup/distinfo
|
New packages: