Home Explore Help
Sign In
mirrors
/
borg
mirror of https://github.com/borgbackup/borg
2
0
Fork 0
Files Issues 0 Wiki
Browse Source

Merge pull request #7901 from ThomasWaldmann/update-docs-1.2

Update docs (1.2-maint)
TW 1 year ago
parent
c35cddeb7e 6b928dac93
commit
cf5c61644b
2 changed files with 10 additions and 4 deletions
Split View Show Diff Stats
  1. 7 4
      docs/changes.rst
  2. 3 0
      docs/faq.rst

+ 7 - 4
docs/changes.rst
View File 

@@ -33,14 +33,17 @@ Below, if we speak of borg 1.2.6, we mean a borg version >= 1.2.6 **or** a
 
 borg version that has the relevant security patches for this vulnerability applied
 
 (could be also an older version in that case).
 
 
-Steps you must take to upgrade a repository:
 
+Steps you must take to upgrade a repository (this applies to all kinds of repos
 
+no matter what encryption mode they use, including "none"):
 
 
 1. Upgrade all clients using this repository to borg 1.2.6.
 
    Note: it is not required to upgrade a server, except if the server-side borg
 
    is also used as a client (and not just for "borg serve").
 
 
-   Do **not** run ``borg check`` with borg > 1.2.4 before completing the upgrade steps.
 
+   Do **not** run ``borg check`` with borg 1.2.6 before completing the upgrade steps:
 
 
+   - ``borg check`` would complain about archives without a valid archive TAM.
 
+   - ``borg check --repair`` would remove such archives!
 
 2. Run ``BORG_WORKAROUNDS=ignore_invalid_archive_tam borg info --debug <repo> 2>&1 | grep TAM | grep -i manifest``.
 
 
    a) If you get "TAM-verified manifest", continue with 3.
 
@@ -307,6 +310,8 @@ Some things can be recommended for the upgrade process from borg 1.1.x
 
 - if you want to play safer, first **create a backup of your borg repository**.
 
 - upgrade to latest borg 1.2.x release (you could use the fat binary from
 
   github releases page)
 
+- borg 1.2.6 has a security fix for the pre-1.2.5 archives spoofing vulnerability
 
+  (CVE-2023-36811), see details and necessary upgrade procedure described above.
 
 - run `borg compact --cleanup-commits` to clean up a ton of 17 bytes long files
 
   in your repo caused by a borg 1.1 bug
 
 - run `borg check` again (now with borg 1.2.x) and check if there is anything
 
@@ -315,8 +320,6 @@ Some things can be recommended for the upgrade process from borg 1.1.x
 
   take significant time, but after that it will be fast) - for more details
 
   see below.
 
 - check the compatibility notes (see below) and adapt your scripts, if needed.
 
-- borg 1.2.5 has a security fix for the pre-1.2.5 archives spoofing vulnerability
 
-  (CVE-2023-36811), see details and necessary upgrade procedure described above.
 
 - if you run into any issues, please check the github issue tracker before
 
   posting new issues there or elsewhere.

+ 3 - 0
docs/faq.rst
View File 

@@ -113,6 +113,9 @@ run into this by yourself by restoring an older copy of your repository.
 
 "attack": maybe an attacker has replaced your repo by an older copy, trying to
 
 trick you into AES counter reuse, trying to break your repo encryption.
 
 
+Borg users have also reported that fs issues (like hw issues / I/O errors causing
 
+the fs to become read-only) can cause this warning, see :issue:`7853`.
 
+
 
 If you'ld decide to ignore this and accept unsafe operation for this repository,
 
 you could delete the manifest-timestamp and the local cache: