Log message:
py-borgbackup: updated to 1.2.7

Version 1.2.7 (2023-12-02)
--------------------------

For upgrade and compatibility hints, please also read the section "Upgrade \ 
Notes"
above.

Fixes:

- docs: CVE-2023-36811 upgrade steps: consider checkpoint archives,
- check/compact: fix spurious reappearance of orphan chunks since borg 1.2,
  this consists of 2 fixes:

  - for existing chunks: check --repair: recreate shadow index,
  - for newly created chunks: update shadow index when doing a double-put,
- LockRoster.modify: no KeyError if element was already gone,
- create --X-from-command: run subcommands with a clean environment,
- list --sort-by: support "archive" as alias of "name",
- fix rc and msg if arg parsing throws an exception,

Other changes:

- support and test on Python 3.12
- include unistd.h in _chunker.c (fix for Python 3.13)
- allow msgpack 1.0.6 and 1.0.7
- TAM issues: show tracebacks, improve borg check logging,
- replace "datetime.utcfromtimestamp" with custom helper to avoid
  deprecation warnings when using Python 3.12
- vagrant:

  - use generic/debian9 box, fixes
  - add VM with debian bookworm / test on OpenSSL 3.0.x.
- docs:

  - not only attack/unsafe, can also be a fs issue,
  - point to CVE-2023-36811 upgrade steps from borg 1.1 to 1.2 upgrade steps,
  - upgrade steps needed for all kinds of repos (including "none" \ 
encryption mode),
  - upgrade steps: talk about consequences of borg check,
  - upgrade steps: remove period that could be interpreted as part of the command
  - automated-local.rst: use GPT UUID for consistent udev rule
  - create disk/partition sector backup by disk serial number,
  - update macOS hint about full disk access
  - clarify borg prune -a option description,
  - readthedocs: also build offline docs (HTMLzip),
  - frontends: add "check.rebuild_refcounts" message

Log message:
*: bump for openssl 3

Log message:
py-borgbackup: accept newer py-msgpack versions

Bump PKGREVISION.

Log message:
py-borgbackup: update to 1.2.6.

Pre-1.2.5 archives spoofing vulnerability (CVE-2023-36811)
----------------------------------------------------------

A flaw in the cryptographic authentication scheme in Borg allowed an attacker to
fake archives and potentially indirectly cause backup data loss in the repository.

The attack requires an attacker to be able to

1. insert files (with no additional headers) into backups
2. gain write access to the repository

This vulnerability does not disclose plaintext to the attacker, nor does it
affect the authenticity of existing archives.

Creating plausible fake archives may be feasible for empty or small archives,
but is unlikely for large archives.

The fix enforces checking the TAM authentication tag of archives at critical
places. Borg now considers archives without TAM as garbage or an attack.

We are not aware of others having discovered, disclosed or exploited this \ 
vulnerability.

Below, if we speak of borg 1.2.5, we mean a borg version >= 1.2.5 **or** a
borg version that has the relevant security patches for this vulnerability applied
(could be also an older version in that case).

Steps you must take to upgrade a repository:

1. Upgrade all clients using this repository to borg 1.2.6.
   Note: it is not required to upgrade a server, except if the server-side borg
   is also used as a client (and not just for "borg serve").

   Do **not** run ``borg check`` with borg > 1.2.4 before completing the \ 
upgrade steps.

2. Run ``BORG_WORKAROUNDS=ignore_invalid_archive_tam borg info --debug \ 
<repo> 2>&1 | grep TAM | grep -i manifest``.

   a) If you get "TAM-verified manifest", continue with 3.
   b) If you get "Manifest TAM not found and not required", run
      ``borg upgrade --tam --force <repository>`` *on every client*.

3. Run ``BORG_WORKAROUNDS=ignore_invalid_archive_tam borg list --format='{name} \ 
{time} tam:{tam}{NL}' <repo>``.
   "tam:verified" means that the archive has a valid TAM authentication.
   "tam:none" is expected as output for archives created by borg <1.0.9.
   "tam:none" is also expected for archives resulting from a borg rename
   or borg recreate operation (see #7791).
   "tam:none" could also come from archives created by an attacker.
   You should verify that "tam:none" archives are authentic and not \ 
malicious
   (== have good content, have correct timestamp, can be extracted successfully).
   In case you find crappy/malicious archives, you must delete them before \ 
proceeding.
   In low-risk, trusted environments, you may decide on your own risk to skip step 3
   and just trust in everything being OK.

4. If there are no tam:none archives left at this point, you can skip this step.
   Run ``BORG_WORKAROUNDS=ignore_invalid_archive_tam borg upgrade --archives-tam \ 
<repo>``.
   This will unconditionally add a correct archive TAM to all archives not \ 
having one.
   ``borg check`` would consider TAM-less or invalid-TAM archives as garbage or \ 
a potential attack.
   To see that all archives now are "tam:verified" run: ``borg list \ 
--format='{name} {time} tam:{tam}{NL}' <repo>``

5. Please note that you should never use BORG_WORKAROUNDS=ignore_invalid_archive_tam
   for normal production operations - it is only needed once to get the archives in a
   repository into a good state. All archives have a valid TAM now.

Vulnerability time line:

* 2023-06-13: Vulnerability discovered during code review by Thomas Waldmann
* 2023-06-13...: Work on fixing the issue, upgrade procedure, docs.
* 2023-06-30: CVE was assigned via Github CNA
* 2023-06-30 .. 2023-08-29: Fixed issue, code review, docs, testing.
* 2023-08-30: Released fixed version 1.2.5 (broken upgrade procedure for some repos)
* 2023-08-31: Released fixed version 1.2.6 (fixes upgrade procedure)

Version 1.2.6 (2023-08-31)
--------------------------

For upgrade and compatibility hints, please also read the section "Upgrade \ 
Notes"
above.

Fixes:

- The upgrade procedure docs as published with borg 1.2.5 did not work, if the
  repository had archives resulting from a borg rename or borg recreate operation.

  The updated docs now use BORG_WORKAROUNDS=ignore_invalid_archive_tam at some
  places to avoid that issue, #7791.

  See: fix pre-1.2.5 archives spoofing vulnerability (CVE-2023-36811),
  details and necessary upgrade procedure described above.

Other changes:

- updated 1.2.5 changelog entry: 1.2.5 already has the fix for rename/recreate.
- remove cython restrictions. recommended is to build with cython 0.29.latest,
  because borg 1.2.x uses this since years and it is very stable.
  you can also try to build with cython 3.0.x, there is a good chance that it works.
  as a 3rd option, we also bundle the `*.c` files cython outputs in the release
  pypi package, so you can also just use these and not need cython at all.

Log message:
py-borgbackup: update to 1.2.5 (security)

- Security: fix pre-1.2.5 archives spoofing vulnerability (CVE-2023-36811), see
  details and necessary upgrade procedure described below.
- create: do not try to read parent dir of recursion root
- extract: fix false warning about pattern never matching
- diff: remove surrogates before output
- compact: clear empty directories at end of compact process
- create --files-cache=size: fix crash
- keyfiles: improve key sanity check
- only warn about "invalid" chunker params
- ProgressIndicatorPercent: fix space computation for wide chars
- improve argparse validator error messages

New features:

- mount: make up volname if not given (macOS). macFUSE supports a volname mount
  option to give what finder displays on the desktop / in the directory view. if
  the user did not specify it, we make something up, because otherwise it would be
  "macFUSE Volume 0 (Python)" and hide the mountpoint directory name.
- BORG_WORKAROUNDS=authenticated_no_key to extract from authenticated repos
  without key

Pre-1.2.5 archives spoofing vulnerability (CVE-2023-36811)
----------------------------------------------------------

A flaw in the cryptographic authentication scheme in Borg allowed an attacker to
fake archives and potentially indirectly cause backup data loss in the repository.

The attack requires an attacker to be able to

1. insert files (with no additional headers) into backups
2. gain write access to the repository

This vulnerability does not disclose plaintext to the attacker, nor does it
affect the authenticity of existing archives.

Creating plausible fake archives may be feasible for empty or small archives,
but is unlikely for large archives.

The fix enforces checking the TAM authentication tag of archives at critical
places. Borg now considers archives without TAM as garbage or an attack.

We are not aware of others having discovered, disclosed or exploited this \ 
vulnerability.

Below, if we speak of borg 1.2.5, we mean a borg version >= 1.2.5 **or** a
borg version that has the relevant security patches for this vulnerability applied
(could be also an older version in that case).

Steps you must take to upgrade a repository:

1. Upgrade all clients using this repository to borg 1.2.5.
   Note: it is not required to upgrade a server, except if the server-side borg
   is also used as a client (and not just for "borg serve").

   Do **not** run ``borg check`` with borg 1.2.5 before completing the upgrade steps.

2. Run ``borg info --debug <repository> 2>&1 | grep TAM | grep -i \ 
manifest``.
   a) If you get "TAM-verified manifest", continue with 3.
   b) If you get "Manifest TAM not found and not required", run
      ``borg upgrade --tam --force <repository>`` *on every client*.

3. Run ``borg list --format='{name} {time} tam:{tam}{NL}' <repository>``.
   "tam:verified" means that the archive has a valid TAM authentication.
   "tam:none" is expected as output for archives created by borg <1.0.9.
   "tam:none" could also come from archives created by an attacker.
   You should verify that "tam:none" archives are authentic and not \ 
malicious
   (== have good content, have correct timestamp, can be extracted successfully).
   In case you find crappy/malicious archives, you must delete them before \ 
proceeding.
   In low-risk, trusted environments, you may decide on your own risk to skip step 3
   and just trust in everything being OK.

4. If there are no tam:non archives left at this point, you can skip this step.
   Run ``borg upgrade --archives-tam <repository>``.
   This will make sure all archives are TAM authenticated (an archive TAM will \ 
be added
   for all archives still missing one).
   ``borg check`` would consider TAM-less archives as garbage or a potential attack.
   Optionally run the same command as in step 3 to see that all archives now are \ 
"tam:verified".

Log message:
*: remove more references to Python 3.7

Log message:
Mass-change BUILD_DEPENDS to TOOL_DEPENDS outside mk/.

Almost all uses, if not all of them, are wrong, according to the
semantics of BUILD_DEPENDS (packages built for target available for
use _by_ tools at build-time) and TOOL_DEPEPNDS (packages built for
host available for use _as_ tools at build-time).

No change to BUILD_DEPENDS as used correctly inside buildlink3.

As proposed on tech-pkg:
https://mail-index.netbsd.org/tech-pkg/2023/06/03/msg027632.html

Log message:
py-borgbackup: update to 1.2.4.

Version 1.2.4 (2023-03-24)
--------------------------

New features:

- import-tar: add --ignore-zeros to process concatenated tars, #7432.
- debug id-hash: computes file/chunk content id-hash, #7406
- diff: --content-only does not show mode/ctime/mtime changes, #7248
- diff: JSON strings in diff output are now sorted alphabetically

Bug fixes:

- xattrs: fix namespace processing on FreeBSD, #6997
- diff: fix path related bug seen when addressing deferred items.
- debug get-obj/put-obj: always give chunkid as cli param, see #7290
  (this is an incompatible change, see also borg debug id-hash)
- extract: fix mtime when ResourceFork xattr is set (macOS specific), #7234
- recreate: without --chunker-params, do not re-chunk, #7337
- recreate: when --target is given, do not detect "nothing to do".
  use case: borg recreate -a src --target dst can be used to make a copy
  of an archive inside the same repository, #7254.
- set .hardlink_master for ALL hardlinkable items, #7175
- locking: fix host, pid, tid order.
  tid (thread id) must be parsed as hex from lock file name.
- update development.lock.txt, including a setuptools security fix, #7227

Other changes:

- requirements: allow msgpack 1.0.5 also
- upgrade Cython to 0.29.33
- hashindex minor fixes, refactor, tweaks, tests
- use os.replace not os.rename
- remove BORG_LIBB2_PREFIX (not used any more)
- docs:

  - BORG_KEY_FILE: clarify docs, #7444
  - update FAQ about locale/unicode issues, #6999
  - improve mount options rendering, #7359
  - make timestamps in manual pages reproducible
  - installation: update Fedora in distribution list, #7357
- tests:

  - fix test_size_on_disk_accurate for large st_blksize, #7250
  - add same_ts_ns function and use it for relaxed timestamp comparisons
  - "auto" compressor tests: don't assume a specific size,
    do not assume zlib is better than lz4, #7363
  - add test for extracted directory mtime
- vagrant:

  - upgrade local freebsd 12.1 box -> generic/freebsd13 box (13.1)
  - use pythons > 3.8 which work on freebsd 13.1
  - pyenv: also install python 3.11.1 for testing
  - pyenv: use python 3.10.1, 3.10.0 build is broken on freebsd

Version 1.2.3 (2022-12-24)
--------------------------

Fixes:

- create: fix --list --dry-run output for directories, #7209
- diff/recreate: normalize chunker params before comparing them, #7079
- check: fix uninitialised variable if repo is completely empty, #7034
- xattrs: improve error handling, #6988
- fix args.paths related argparsing, #6994
- archive.save(): always use metadata from stats (e.g. nfiles, size, ...), #7072
- tar_filter: recognize .tar.zst as zstd, #7093
- get_chunker: fix missing sparse=False argument, #7056
- file_integrity.py: make sure file_fd is always closed on exit
- repository: cleanup(): close segment before unlinking
- repository: use os.replace instead of os.rename

Other changes:

- remove python < 3.7 compatibility code
- do not use version_tuple placeholder in setuptools_scm template
- CI: fix tox4 passenv issue, #7199
- vagrant: update to python 3.9.16, use the openbsd 7.1 box
- misc. test suite and docs fixes / improvements
- remove deprecated --prefix from docs, #7109
- Windows: use MSYS2 for Github CI, remove Appveyor CI

Log message:
py-borgbackup: use py-msgpack104

Log message:
py-borgbackup: update to 1.2.2.

Version 1.2.2 (2022-08-20)
--------------------------

Compatibility notes:

- matching of path patterns has been aligned with borg storing relative paths.
  Borg archives file paths without leading slashes. Previously, include/exclude
  patterns could contain leading slashes. You should check your patterns and
  remove leading slashes.
- dropped support / testing for older Pythons, minimum requirement is 3.8.
  In case your OS does not provide Python >= 3.8, consider using our binary,
  which does not need an external Python interpreter. Or continue using
  borg 1.1.x, which is still supported.
- freeing repository space only happens when "borg compact" is invoked.
- mount: the default for --numeric-ids is False now (same as borg extract)
- borg create --noatime is deprecated. Not storing atime is the default behaviour
  now (use --atime if you want to store the atime).
- --prefix is deprecated, use -a / --glob-archives, see #6806
- list: corrected mix-up of "isomtime" and "mtime" formats.
  Previously, "isomtime" was the default but produced a verbose human \ 
format,
  while "mtime" produced a ISO-8601-like format.
  The behaviours have been swapped (so "mtime" is human, \ 
"isomtime" is ISO-like),
  and the default is now "mtime".
  "isomtime" is now a real ISO-8601 format ("T" between date \ 
and time, not a space).
- create/recreate --list: file status for all files used to get announced *AFTER*
  the file (with borg < 1.2). Now, file status is announced *BEFORE* the file
  contents are processed. If the file status changes later (e.g. due to an error
  or a content change), the updated/final file status will be printed again.
- removed deprecated-since-long stuff (deprecated since):

  - command "borg change-passphrase" (2017-02), use "borg key \ 
..."
  - option "--keep-tag-files" (2017-01), use \ 
"--keep-exclude-tags"
  - option "--list-format" (2017-10), use "--format"
  - option "--ignore-inode" (2017-09), use "--files-cache" \ 
w/o "inode"
  - option "--no-files-cache" (2017-09), use \ 
"--files-cache=disabled"
- removed BORG_HOSTNAME_IS_UNIQUE env var.
  to use borg you must implement one of these 2 scenarios:

  - 1) the combination of FQDN and result of uuid.getnode() must be unique
       and stable (this should be the case for almost everybody, except when
       having duplicate FQDN *and* MAC address or all-zero MAC address)
  - 2) if you are aware that 1) is not the case for you, you must set
       BORG_HOST_ID env var to something unique.
- exit with 128 + signal number, #5161.
  if you have scripts expecting rc == 2 for a signal exit, you need to update
  them to check for >= 128.

New features:

- prune/delete --checkpoint-interval=1800 and ctrl-c/SIGINT support, #6284

Fixes:

- SaveFile: use a custom mkstemp with mode support, #6933, #6400, #6786.
  This fixes umask/mode/ACL issues (and also "chmod not supported" \ 
exceptions
  seen in 1.2.1) of files updated using SaveFile, e.g. the repo config.
- hashindex_compact: fix eval order (check idx before use), #5899
- create --paths-from-(stdin|command): normalize paths, #6778
- secure_erase: avoid collateral damage, #6768.
  If a hardlink copy of a repo was made and a new repo config shall be saved,
  do NOT fill in random garbage before deleting the previous repo config,
  because that would damage the hardlink copy.
- list: fix {flags:<WIDTH>} formatting, #6081
- check: try harder to create the key, #5719
- misc commands: ctrl-c must not kill other subprocesses, #6912

  - borg create with a remote repo via ssh
  - borg create --content-from-command
  - borg create --paths-from-command
  - (de)compression filter process of import-tar / export-tar

Other changes:

- deprecate --prefix, use -a / --glob-archives, see #6806
- make setuptools happy ("package would be ignored"), #6874
- fix pyproject.toml to create a fixed _version.py file, compatible with both
  old and new setuptools_scm version, #6875
- automate asciinema screencasts
- CI: test on macOS 12 without fuse / fuse tests
  (too troublesome on github CI due to kernel extensions needed by macFUSE)
- tests: fix test_obfuscate byte accounting
- repository: add debug logging for issue #6687
- _chunker.c: fix warnings on macOS
- requirements.lock.txt: use the latest cython 0.29.32
- docs:

  - add info on man page installation, #6894
  - update archive_progress json description about "finished", #6570
  - json progress_percent: some values are optional, #4074
  - FAQ: full quota / full disk, #5960
  - correct shell syntax for installation using git