borgbackup - Debian Package Tracker

general

source: borgbackup (main)
version: 1.4.1-2
maintainer: Debian Borg Collective (DMD)
uploaders: Gianfranco Costamagna [DMD] – Danny Edel [DMD]
arch: all any
std-ver: 4.7.0
VCS: Git (Browse, QA)

versions [more versions can be listed by madison] [old versions available from snapshot.debian.org]

[pool directory]

o-o-stable: 1.1.9-2+deb10u1
oldstable: 1.1.16-3
old-bpo: 1.2.3-1~bpo11+1
stable: 1.2.4-1
stable-bpo: 1.4.0-4~bpo12+1
testing: 1.4.0-5
unstable: 1.4.1-2

versioned links

1.1.9-2+deb10u1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
1.1.16-3: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
1.2.3-1~bpo11+1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
1.2.4-1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
1.4.0-4~bpo12+1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
1.4.0-5: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
1.4.1-2: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]

binaries

borgbackup (2 bugs: 0, 2, 0, 0)
borgbackup-doc

action needed

A new upstream version is available: 2.0.0~b17 high

A new upstream version 2.0.0~b17 is available, you should consider packaging it.

Created: 2022-07-19 Last update: 2025-06-17 20:01

The package has not entered testing even though the delay is over normal

The package has not entered testing even though the 20-day delay is over. Check why.

Created: 2025-05-31 Last update: 2025-06-18 01:02

version in VCS is newer than in repository, is it time to upload? normal

vcswatch reports that this package seems to have a new changelog entry (version 1.4.1-3~exp1, distribution UNRELEASED) and new commits in its VCS. You should consider whether it's time to make an upload.

Here are the relevant commit messages:

commit 445b5fcbab01c3283c5ce95f67b5994ffaa12d9e
Author: Nicholas D Steeves <sten@debian.org>
Date:   Tue Jun 17 10:29:12 2025 -0400

    Amend NEWS and changelog with latest trixie WIP changes and target exp1

commit 13f9972d3f6169337f34dd295400270ea8f0b1d5
Author: Nicholas D Steeves <sten@debian.org>
Date:   Mon Jun 16 14:44:18 2025 -0400

    Revert "Git shortlog of Debian-facing upstream changes between upstream's…"
    
    We don't need this in a git branch that isn't targeting trixie's
    imminent release.
    
    This reverts commit eb25868f45bd33a8bc3b2ef62fa8be2c4bae984f.

commit eb25868f45bd33a8bc3b2ef62fa8be2c4bae984f
Author: Nicholas D Steeves <sten@debian.org>
Date:   Sun Jun 15 15:18:10 2025 -0400

    Git shortlog of Debian-facing upstream changes between upstream's…
    
    1.4.0 and 1.4.1, (for trixie unblock):

commit f693cc456426bd4f57d6243f43f1faca6bf79ec7
Author: Nicholas D Steeves <sten@debian.org>
Date:   Sun Jun 15 15:16:45 2025 -0400

    Update debian/NEWS: Upstream introduced less alarming and easier to…
    
    follow migration instructions in 1.2.8.

commit 4450318ba5a0ebbf4b06bdd5bb71d87831986fa3
Author: Lee Garrett <lgarrett@rocketjump.eu>
Date:   Fri Jun 13 15:39:13 2025 +0200

    Typo fix

commit 32994538465d18b1a21949a8561c074753b308a6
Author: Lee Garrett <lgarrett@rocketjump.eu>
Date:   Fri Jun 13 15:36:57 2025 +0200

    Bump Standards-Version (no changes needed)

commit d1f6fd10a4430064341cc8c2b8a7e6e8c731f428
Author: Lee Garrett <lgarrett@rocketjump.eu>
Date:   Fri Jun 13 15:36:20 2025 +0200

    Add myself to uploaders

commit 62827af08b9731b5eed6b69334001ae50cb44a1e
Author: Lee Garrett <lgarrett@rocketjump.eu>
Date:   Fri Jun 13 15:33:36 2025 +0200

    Switch packaging repo to DEP-14 layout.

commit c0988a568c7cbf0d1aa9395d2d9497480ff27d38
Author: Lee Garrett <lgarrett@rocketjump.eu>
Date:   Fri Jun 13 15:11:11 2025 +0200

    d/watch: Limit uscan to the 1.x releases
    
    borgbackup2 is a separate package, as such we shouldn't track the >= 2.x
    releases here.

Created: 2025-06-13 Last update: 2025-06-17 16:32

lintian reports 6 warnings normal

Lintian reports 6 warnings about this package. You should make the package lintian clean getting rid of them.

Created: 2025-05-11 Last update: 2025-05-11 05:31

debian/patches: 3 patches to forward upstream low

Among the 3 debian patches available in version 1.4.1-2 of the package, we noticed the following issues:

3 patches where the metadata indicates that the patch has not yet been forwarded upstream. You should either forward the patch upstream or update the metadata to document its real status.

Created: 2023-02-26 Last update: 2025-05-11 07:02

Build log checks report 1 warning low

Build log checks report 1 warning

Created: 2024-10-08 Last update: 2024-10-08 18:00

Standards version of the package is outdated. wishlist

The package should be updated to follow the last version of Debian Policy (Standards-Version 4.7.2 instead of 4.7.0).

Created: 2025-02-21 Last update: 2025-05-11 01:04

No known security issue in bookworm wishlist

There is 1 open security issue in bookworm.

1 ignored issue:

CVE-2023-36811: borgbackup is an opensource, deduplicating archiver with compression and authenticated encryption. A flaw in the cryptographic authentication scheme in borgbackup allowed an attacker to fake archives and potentially indirectly cause backup data loss in the repository. The attack requires an attacker to be able to: 1. insert files (with no additional headers) into backups and 2. gain write access to the repository. This vulnerability does not disclose plaintext to the attacker, nor does it affect the authenticity of existing archives. Creating plausible fake archives may be feasible for empty or small archives, but is unlikely for large archives. The issue has been fixed in borgbackup 1.2.5. Users are advised to upgrade. Additionally to installing the fixed code, users must follow the upgrade procedure as documented in the change log. Data loss after being attacked can be avoided by reviewing the archives (timestamp and contents valid and as expected) after any "borg check --repair" and before "borg prune". There are no known workarounds for this vulnerability.

Created: 2023-08-31 Last update: 2025-05-11 00:27

testing migrations

excuses:
- Migration status for borgbackup (1.4.0-5 to 1.4.1-2): BLOCKED: Needs an approval (either due to a freeze, the source suite or a manual hint)
- Issues preventing migration:
- ∙ ∙ blocked by freeze: is a key package (Follow the freeze policy when applying for an unblock)
- Additional info:
- ∙ ∙ Piuparts tested OK - https://piuparts.debian.org/sid/source/b/borgbackup.html
- ∙ ∙ autopkgtest for borgbackup/1.4.1-2: amd64: Pass, arm64: Pass, armel: Pass, armhf: Pass, i386: Pass, ppc64el: Pass, riscv64: Pass, s390x: Pass
- ∙ ∙ Reproducible on amd64 - info ♻
- ∙ ∙ Reproducible on arm64 - info ♻
- ∙ ∙ Reproducible on armhf - info ♻
- ∙ ∙ 38 days old (needed 20 days)
- Not considered

news

[rss feed]

[2025-05-10] Accepted borgbackup 1.4.1-2 (source) into unstable (Gianfranco Costamagna)
[2025-05-10] Accepted borgbackup 1.4.1-1 (source) into unstable (Gianfranco Costamagna)
[2025-03-27] borgbackup 1.4.0-5 MIGRATED to testing (Debian testing watch)
[2025-03-25] Accepted borgbackup 1.4.0-5 (source) into unstable (Gianfranco Costamagna)
[2025-01-23] Accepted borgbackup 1.4.0-4~bpo12+1 (source) into stable-backports (Gianfranco Costamagna)
[2024-10-17] borgbackup 1.4.0-4 MIGRATED to testing (Debian testing watch)
[2024-10-15] Accepted borgbackup 1.4.0-4 (source) into unstable (Gianfranco Costamagna)
[2024-10-15] borgbackup 1.4.0-3 MIGRATED to testing (Debian testing watch)
[2024-10-12] Accepted borgbackup 1.4.0-3 (source) into unstable (Gianfranco Costamagna)
[2024-10-10] borgbackup 1.4.0-2 MIGRATED to testing (Debian testing watch)
[2024-10-08] Accepted borgbackup 1.4.0-2 (source) into unstable (Gianfranco Costamagna)
[2024-07-08] borgbackup 1.4.0-1 MIGRATED to testing (Debian testing watch)
[2024-07-04] Accepted borgbackup 1.4.0-1 (source) into unstable (Gianfranco Costamagna)
[2024-05-25] Accepted borgbackup 1.2.8-1~bpo12+1 (source) into stable-backports (Ian Campbell)
[2024-04-29] borgbackup 1.2.8-1 MIGRATED to testing (Debian testing watch)
[2024-04-29] borgbackup 1.2.8-1 MIGRATED to testing (Debian testing watch)
[2024-04-24] Accepted borgbackup 1.2.8-1 (source) into unstable (Gianfranco Costamagna)
[2024-01-17] Accepted borgbackup 1.2.7-2~bpo12+1 (source arm64 all) into stable-backports (Debian FTP Masters) (signed by: Chris Boot)
[2024-01-01] borgbackup 1.2.7-2 MIGRATED to testing (Debian testing watch)
[2023-12-29] Accepted borgbackup 1.2.7-2 (source) into unstable (Gianfranco Costamagna)
[2023-12-16] borgbackup 1.2.7-1 MIGRATED to testing (Debian testing watch)
[2023-12-03] Accepted borgbackup 1.2.7-1 (source) into unstable (Gianfranco Costamagna)
[2023-09-03] borgbackup 1.2.6-2 MIGRATED to testing (Debian testing watch)
[2023-09-01] Accepted borgbackup 1.2.6-2 (source) into unstable (Gianfranco Costamagna)
[2023-08-31] Accepted borgbackup 1.2.6-1 (source) into unstable (Gianfranco Costamagna)
[2023-08-31] Accepted borgbackup 1.2.5-4 (source) into unstable (Gianfranco Costamagna)
[2023-08-31] Accepted borgbackup 1.2.5-3 (source) into unstable (Gianfranco Costamagna)
[2023-08-30] Accepted borgbackup 1.2.5-2 (source) into unstable (Gianfranco Costamagna)
[2023-08-30] Accepted borgbackup 1.2.5-1 (source) into unstable (Gianfranco Costamagna)
[2023-08-17] borgbackup 1.2.4-3 MIGRATED to testing (Debian testing watch)

bugs [bug history graph]

all: 4
RC: 0
I&N: 4
M&W: 0
F&P: 0
patch: 0

links

homepage
lintian (0, 6)
buildd: logs, checks, reproducibility, cross
popcon
browse source code
edit tags
other distros
security tracker
screenshots
debian patches
debci

ubuntu

[Information about Ubuntu for Debian Developers]

version: 1.4.1-2
1 bug