forked from grke/burp
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathUPGRADING
265 lines (232 loc) · 10.4 KB
/
UPGRADING
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
Things to watch out for when upgrading.
3.1.2
-----
Blowfish has been deprecated by openssl.
Burp will now encrypt new files with AES-CBC-256, but will still be able
to decrypt files encrypted with blowfish as long as your openssl library
supports it.
The Windows installer will continue to come with openssl-1.1 for a few months,
to allow time for people to switch from blowfish.
3.1.0
-----
Protocol 2 has been removed.
It hasn't been progressing for a long time, and is mostly just a distraction.
So, I have made the decision to remove it.
2.5.0
-----
The Windows installer sets Administrator and SYSTEM full access permissions
only on:
C:/Program Files/Burp/bin/burp.conf
C:/Program Files/Burp/bin/ssl_cert_ca.pem
C:/Program Files/Burp/bin/ssl_cert-client.key
C:/Program Files/Burp/bin/ssl_cert-client.pem
That is, it runs:
icacls.exe "<path>" /inheritance:r /grant:r Administrators:F SYSTEM:F
If you have these files on non-default locations, and you are concerned about
restricting permissions, you may want to run the command by hand on them.
The Windows client will automatically apply the same permissions to new ssl
cert files on certificate exchange.
2.3.12
------
On Windows, the '-x' option has been split into two different options - '-x'
and '-X'.
'-x': Restore without using the Windows VSS api, and attempt to strip out any
VSS data. This now works the same as the non-Windows client, and is a new
option for Windows.
'-X': Restore without using the Windows VSS api, and do not attempt to strip
out any VSS data. This option only exists on Windows, and was the
behaviour that you previously got with '-x'. Use this if your backup
contains no VSS data.
2.3.4
-----
Clients will now error out if using protocol 2 and 'encryption_password' is
set, because that option is not supported in protocol 2.
2.3.2
-----
The 'restore_client' option now takes into consideration the 'client_can_X'
settings of the original client before considering the 'client_can_X' settings
of the restore client. To get the previous behaviour, where only the restore
client's settings were considered, use the new 'super_client' option instead
of 'restore_client'.
2.2.14
------
For security, the burp client will no longer let you restore over symlinks
that point outside of your desired destination directory. Specifying a
'-d <directory>' with your restore parameters is now mandatory. If you wish
to restore everything back to the original locations, you can give '-d /',
which will also work on Windows clients. If you wish server-initiated restores
to restore to original locations, you should add '-d /' to the timed job
in the client side.
2.2.12
------
The command line option to print the version number, is now '-V'.
It has made way for the new '-v' option, which means 'log to stdout'.
2.2.10
------
The server side options 'address', 'port', 'status_address', and 'status_port'
have been removed. They have been replaced with 'listen' and 'listen_status'.
2.0.42
------
A bug in generating protocol 2 rabin checksums was fixed. Any protocol 2
backups made up to this point should be discarded.
2.0.32
------
'make install' will now install everything except configuration files.
'make install-config' will install configuration files, and will overwrite
without warning.
'make install-all' will install everything.
2.0.30
------
The configure system has been rewritten and vastly improved. One difference
to watch out for is that 'make install' will now overwrite any existing burp
config files and scripts without any warning.
2.0.26
------
The dhfile generation command in burp_ca has changed from 'openssl dhparam -out
"$dhfile" 1024' to 'openssl dhparam -dsaparam -out "$dhfile" 2048' in order
to make ssl key exchange more secure.
Your existing /etc/burp/dhfile.pem on your burp server will not be regenerated
unless you delete /etc/burp/dhfile.pem by hand (rm -f /etc/burp/dhfile.pem)
and restart the burp server.
2.0.22
------
The protocol2 manifest formats have changed. You should therefore not mix
earlier 2.0.x servers and clients with this version, and protocol2 backups from
earlier versions will no longer work.
2.0.20
------
The option 'working_dir_recovery_method = use' has been removed.
2.0.12
------
Executable scripts that used to be in /etc/burp are now installed in
/usr/share/burp/scripts: notify_script, ssl_extra_checks_script,
summary_script, and timer_script.
On upgrading, you should probably fix the paths to these scripts in
/etc/burp/burp-server.conf.
Package building files have not yet been updated to reflect this change.
Patches gratefully accepted.
2.0.10
------
The status monitor system and ncurses client are now working to some degree.
You now need to use a burp client to connect to the status port via SSL.
This also means that you may use the ncurses client on a machine that is not
the burp server.
You can use 'burp -a m' to get a raw connection (useful for debugging or to
see the JSON), or 'burp -a s' to use the ncurses client.
You will not be able to see details of any clients unless you are connecting
from the client in question, or you are a restore_client (see the man page
for this option).
On upgrading from previous versions of burp, you will not have some of the
necessary config values for connecting to the status port.
Both server and client will need 'status_port = 4972'.
The client will need 'server = <server address>'.
The server address may need to be '::1' if you are connecting locally. You may
use 'netstat -plant | grep burp' to determine the address that burp is
listening on.
There are still some pieces in the ncurses client that are not fully
implemented.
More details about all this will be in documentation to be written soon.
2.0.9
-----
The configuration file parser now understands single quotes and double quotes
properly. If you have single quotes or double quotes around your config value,
the parser will now treat backslash as the escaping character. If you do not
have quotes around your config value, the config value will be taken literally.
2.0.7
-----
The bedup program is now contained within the burp binary. 'make install' will
create a 'bedup' symlink to the burp binary. Executing 'bedup' will then work
as before.
2.0.6
-----
Warning about hardlinked_archive in protocol1 style backups:
In this version, I have changed the way that hardlinked_archive works slightly,
in order to fix https://github.com/grke/burp/issues/176 - unnecessary
duplication and deletion.
In the past, the previous current backup would have a file called 'hardlinked'
created when the next backup was being finalised. So, the decision was being
made during the next backup.
Now, the decision is being made for each backup when it is being finalised
itself (rather than waiting for the next one).
This means that, when you upgrade, your most recent backup will look like a
non-hardlinked_archive, and when you make you next protocol1 style backup with a
2.0.x server, it will treat the previous backup as a non-hardlinked_archive.
If you need it to be a hardlinked_archive, make sure that you anticipate this
before the next backup happens, by creating a file called something like:
/var/spool/burp/<client>/current/hardlinked
2.0.4
-----
There has been a massive rewrite of most of burp.
The intention is that burp1 clients will continue to work with burp2
servers.
Burp2 clients can also be configured to work in burp1 mode. See the 'protocol'
option in the man page and example config files.
Burp2 code is capable of doing variable length chunking for inline
deduplication, with sparse indexing on the server side.
Use this version with extreme caution.
Burp2 is currently missing some features, such as acl/xattr, Windows EFS,
encryption and compression support.
The burp1 protocol should still work with these features, but be careful.
The status monitor is also not working.
Due to the extent of the rewrite, pretty much anything may not working
correctly.
Do not expect burp2, and the backups that it makes, to be compatible
with future releases of burp2.
1.3.24
------
If installing with 'make install' and you want to use the
server_script_pre/post_notify feature, then you will probably need to overwrite
/etc/burp/notify_script by hand. The arguments to it have not changed though,
so if you do not want to use that feature, you do not need to do this.
1.3.18
------
Special care is advised when testing this release, as some of the main
structure of the program has been tweaked in order to support the stripping
out of Windows VSS information.
1.3.16
------
If you have any clients on 1.3.14, you should upgrade them to 1.3.14 due to
a bug in the exclude_comp feature.
1.3.14
------
If installing with 'make install', you will probably need to overwrite
/etc/burp/notify_script by hand.
The arguments to it have changed, so you will also need to update the
configuration in /etc/burp/burp-server.conf to be in the new style. The example
config in configs/server/burp.conf will help.
The '-l <path>' and 'logfile = <path>' options have been removed because they
didn't work properly, and there was no sensible way to make the work properly.
There are now three settings in the conf files: stdout=[0|1], syslog=[0|1],
and progress_counters=[0|1]. If you want to see output, you may need to set
these options.
1.3.3
-----
If installing with 'make install' and you want to use the 'initialise manual
backup from server' feature, you will need to replace /etc/burp/timer_script
with configs/server/timer_script from the source, because 'make install' will
not overwrite the old version.
1.3.2
-----
The process of generating SSL certificates has been automated, so the old
default keys and certificates have been removed from new installs.
See docs/burp_ca.txt for more information.
1.3.1
-----
Due to Debian policy, burp and bedup will now be installed in /usr/sbin.
Therefore, you may need to update any cron jobs that were previously using
/sbin.
1.2.4
-----
There was a critical bug in 1.2.4.
Please upgrade clients and servers to 1.2.5 as soon as you can.
1.1.x to 1.2.0
---------------
* Clients on 1.1.70 or older will not work with a 1.2.0 server. You will need
to upgrade the clients at the same time. Your old backups will continue to
work.
* If you previously compiled with './configure --prefix=/usr', you will probably
now want to compile with just './configure'. The binary will now go to
/sbin/burp, with a symlink from /usr/sbin/burp.
* If you are installing from source onto the server, you may want to
'rm /etc/burp/notify_script' before 'make installation', otherwise you won't
get the updated version.