Navigation Menu

Skip to content

Instantly share code, notes, and snippets.

/CHANGELOG.md Secret

Created December 9, 2017 16:10
Show Gist options
  • Star 0 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save anonymous/ef7bb9cc237ac18972c7369202bf611f to your computer and use it in GitHub Desktop.
Save anonymous/ef7bb9cc237ac18972c7369202bf611f to your computer and use it in GitHub Desktop.
Download ZIP
Raw
CHANGELOG.md

This file describes changes relevant to all users that are made in each released version of restic from the perspective of the user.

The following abbreviations are used in the summary:

  • Sec: Security related fix
  • Bug: Non-security related fix
  • Enh: New feature or other type of enhancement
  • Chg: Other type of change, not related to security or adding a new feature

0.8.0 - 26 Nov 2017

Summary of important changes

  • Sec #1445: Fix low risk restore-outside-target-dir attack on Linux/Unix (Tyler Spivey, fd0)
  • Enh #1040: Add local metadata cache, for faster operation and less bandwidth (fd0)
  • Enh #1216: Add support for rate limiting (fd0)
  • Enh #510: Add dump command for restoring a file directly to stdout (fd0)
  • Chg #1292: Remove default /restic subdir for s3 buckets (fd0)
  • Chg #1265: Make pack files contain either data or metadata, not both (fd0)
  • Chg #1281: Make GCS backend not require storage.buckets.get for existing bucket (fd0)
  • Chg #1353: Automatically retry failed backend requests (fd0)

Summary of small changes

  • Bug #1291: Make B2 backend reuse TCP connections, improving speed and reliability (mrzv, fd0)
  • Bug #1317: Fix bug in forget command causing --prune not to trigger without a policy (fd0)
  • Enh #1249: Add latest symlink in fuse mount, pointing to latest snapshot in dir (fd0)
  • Enh #1269: Add --compact option to forget command, like in snapshots command (fd0)
  • Enh #448: Make sftp backend prompt for password when needed (fd0)
  • Enh #1102: Add ids subdir in fuse mount, listing short snapshots and their contents by short ID (fd0)
  • Enh #1114: Add --cacert option, supporting complementary CA certificates, e.g. for REST backend (fd0)
  • Enh #1367: Ignore comment lines (starting with #) when reading files using --files-from (fd0)
  • Chg #1256: Reduce memory usage by re-enabling workaround in s3 backend library (fd0)
  • Chg #1274: Add generate command, replacing manpage and autocomplete commands (fd0)
  • Chg #1319: Make check command print No errors were found when appropriate (antonlindstrom)
  • Chg #1271: Make backup command cache excludes, improving performance and reducing disk I/O (fd0)

Details of important changes

  • Sec #1445: A vulnerability was found in the restic restorer, which allowed attackers in special circumstances to restore files to a location outside of the target directory. Due to the circumstances we estimate this to be a low-risk vulnerability, but urge all users to upgrade to the latest version of restic.

    Exploiting the vulnerability requires a Linux/Unix system which saves backups via restic and a Windows systems which restores files from the repo. In addition, the attackers need to be able to create create files with arbitrary names which are then saved to the restic repo. For example, by creating a file named "..\test.txt" (which is a perfectly legal filename on Linux) and restoring a snapshot containing this file on Windows, it would be written to the parent of the target directory.

    We'd like to thank Tyler Spivey for reporting this responsibly!

    restic/restic#1445

  • Enh #1040: We've added a local cache for metadata so that restic doesn't need to load all metadata (snapshots, indexes, ...) from the repo each time it starts. By default the cache is active, but there's a new global option --no-cache that can be used to disable the cache. By deafult, the cache a standard cache folder for the OS, which can be overridden with --cache-dir. The cache will automatically populate, indexes and snapshots are saved as they are loaded. Cache directories for repos that haven't been used recently can automatically be removed by restic with the --cleanup-cache option. restic/restic#1040 restic/restic#29 restic/restic#738 restic/restic#282 restic/restic#1287 restic/restic#1436

  • Enh #1216: Added support for rate limiting through --limit-upload and --limit-download flags. restic/restic#1216 restic/restic#1336 restic/restic#1358

  • Enh #510: We've added the dump command which prints a file from a snapshot to stdout. This can e.g. be used to restore files read with backup --stdin. restic/restic#510 restic/restic#1346

  • Chg #1292: The s3 backend used the subdir restic within a bucket if no explicit path after the bucket name was specified. Since this version, restic does not use this default path any more. If you created a repo on s3 in a bucket without specifying a path within the bucket, you need to add /restic at the end of the repository specification to access your repo: s3:s3.amazonaws.com/bucket/restic restic/restic#1292 restic/restic#1437

  • Chg #1265: A related change was to by default create pack files in the repo that contain either data or metadata, not both mixed together. This allows easy caching of only the metadata files. The next run of restic prune will untangle mixed files automatically. restic/restic#1265

  • Chg #1281: The Google Cloud Storage backend no longer requires the service account to have the storage.buckets.get permission ("Storage Admin" role) in restic init if the bucket already exists. restic/restic#1281

  • Chg #1353: Failed backend requests are now automatically retried. restic/restic#1353

Details of small changes

  • Bug #1291: A bug was discovered in the library we're using to access Backblaze, it now reuses already established TCP connections which should be a lot faster and not cause network failures any more. restic/restic#1291 restic/restic#1301

  • Bug #1317: Another bug in the forget command caused prune not to be run when --prune was specified without a policy, e.g. when only snapshot IDs that should be forgotten are listed manually. This is corrected now. restic/restic#1317

  • Enh #1249: The directory structure in the fuse mount now exposes a symlink latest which points to the latest snapshot in that particular directory. restic/restic#1249

  • Enh #1269: The option --compact was added to the forget command to provide the same compact view as the snapshots command. restic/restic#1269

  • Enh #448: The sftp backend now prompts for the password if a password is necessary for login. restic/restic#448 restic/restic#1270

  • Enh #1102: The fuse mount now has an ids subdirectory which contains the snapshots below their (short) IDs. restic/restic#1102 restic/restic#1299 restic/restic#1320

  • Enh #1114: We've added the --cacert option which can be used to pass one (or more) CA certificates to restic. These are used in addition to the system CA certificates to verify HTTPS certificates (e.g. for the REST backend). restic/restic#1114 restic/restic#1276

  • Enh #1367: When the list of files/dirs to be saved is read from a file with --files-from, comment lines (starting with #) are now ignored. restic/restic#1367 restic/restic#1368

  • Chg #1256: We've re-enabled a workaround for minio-go (the library we're using to access s3 backends), this reduces memory usage. restic/restic#1256 restic/restic#1267

  • Chg #1274: The generate command has been added, which replaces the now removed commands manpage and autocomplete. This release of restic contains the most recent manpages in doc/man and the auto-completion files for bash and zsh in doc/bash-completion.sh and doc/zsh-completion.zsh restic/restic#1274 restic/restic#1282

  • Chg #1319: The check command now explicetly prints No errors were found when no errors could be found. restic/restic#1319 restic/restic#1303

  • Chg #1271: The backup command was improved, it now caches the result of excludes for a directory. restic/restic#1271 restic/restic#1326

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment