search

borgmatic-collective / docker-borgmatic

Borgmatic in Docker
GNU General Public License v3.0
313 stars 88 forks source link

Bump borgbackup from 1.2.6 to 1.2.7 #282

Closed dependabot[bot] closed 7 months ago

dependabot[bot] commented 7 months ago

Bumps borgbackup from 1.2.6 to 1.2.7.

Release notes

Sourced from borgbackup's releases.

Release 1.2.7

borgbackup 1.2.7 release

This release includes a fixed upgrade procedure at the top of the change log and other fixes:

https://github.com/borgbackup/borg/blob/1.2.7/docs/changes.rst#pre-125-archives-spoofing-vulnerability-cve-2023-36811

Long changelog:

https://github.com/borgbackup/borg/blob/1.2.7/docs/changes.rst#version-127-2023-12-02

Short borg 1.2 overview (from a borg 1.1 perspective):

https://www.borgbackup.org/releases/borg-1.2.html

Installation

If you use pip to install this, use: pip install pkgconfig ; pip install "borgbackup==1.2.7"

For other installation methods and more details, please see: https://borgbackup.org/

Changelog

Sourced from borgbackup's changelog.

Version 1.2.7 (2023-12-02)

For upgrade and compatibility hints, please also read the section "Upgrade Notes" above.

Fixes:

  • docs: CVE-2023-36811 upgrade steps: consider checkpoint archives, #7802

  • check/compact: fix spurious reappearance of orphan chunks since borg 1.2, #6687 - this consists of 2 fixes:

    • for existing chunks: check --repair: recreate shadow index, #7897 #6687
    • for newly created chunks: update shadow index when doing a double-put, #7896 #5661

    If you have experienced issue #6687, you may want to run borg check --repair after upgrading to borg 1.2.7 to recreate the shadow index and get rid of the issue for existing chunks.

  • LockRoster.modify: no KeyError if element was already gone, #7937

  • create --X-from-command: run subcommands with a clean environment, #7916

  • list --sort-by: support "archive" as alias of "name", #7873

  • fix rc and msg if arg parsing throws an exception, #7885

Other changes:

  • support and test on Python 3.12

  • include unistd.h in _chunker.c (fix for Python 3.13)

  • allow msgpack 1.0.6 and 1.0.7

  • TAM issues: show tracebacks, improve borg check logging, #7797

  • replace "datetime.utcfromtimestamp" with custom helper to avoid deprecation warnings when using Python 3.12

  • vagrant:

    • use generic/debian9 box, fixes #7579
    • add VM with debian bookworm / test on OpenSSL 3.0.x.

  • docs:

    • not only attack/unsafe, can also be a fs issue, #7853
    • point to CVE-2023-36811 upgrade steps from borg 1.1 to 1.2 upgrade steps, #7899
    • upgrade steps needed for all kinds of repos (including "none" encryption mode), #7813
    • upgrade steps: talk about consequences of borg check, #7816
    • upgrade steps: remove period that could be interpreted as part of the command
    • automated-local.rst: use GPT UUID for consistent udev rule
    • create disk/partition sector backup by disk serial number, #7934
    • update macOS hint about full disk access
    • clarify borg prune -a option description, #7871
    • readthedocs: also build offline docs (HTMLzip), #7835
    • frontends: add "check.rebuild_refcounts" message
Commits
  • 4c13105 build_man
  • 46c1e01 build_usage
  • 8b70bb3 update CHANGES
  • e50d267 Merge pull request #7956 from ThomasWaldmann/py313-unistdh-1.2
  • d3e412c Merge pull request #7957 from ThomasWaldmann/docs-rebuild-refcounts-1.2
  • 897f88d docs: Add "check.rebuild_refcounts" message
  • 13c6d1b include unistd.h in _chunker.c
  • b2929b4 Merge pull request #7952 from ThomasWaldmann/update-changes-1.2
  • bcc8f74 Remove period that could be interpreted as part of the command (#7946)
  • 4bdd404 update CHANGES
  • Additional commits viewable in compare view


Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)