[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Please test tarsnap 1.0.36

To: tarsnap alphatesters <tarsnap-alphatest@tarsnap.com>
Subject: Please test tarsnap 1.0.36
From: Colin Percival <cperciva@tarsnap.com>
Date: Tue, 11 Aug 2015 01:20:28 -0700

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hi all,

A potential version 1.0.36 of the Tarsnap client code is ready for testing.

You can find the new code at
  https://www.tarsnap.com/download/tarsnap-autoconf-1.0.36a.tgz
and the tarball has SHA256 hash
  c1230f29054ce68fb3fe43712942f38583bd715a32c003e4a4ff96cf66ff7c8b .

You can also see all the changes between 1.0.35 and this version in the
newly-public git repository at
  https://github.com/Tarsnap/tarsnap

Substantive changes in this code compared to tarsnap 1.0.35:

SECURITY: An attacker with a machine's write keys, or with read keys and
control of the tarsnap service, can make tarsnap allocate a large amount of
memory upon listing archives or reading an archive the attacker created; on
32-bit machines, tarsnap can be caused to crash under the aforementioned
conditions.

BUG FIX: Tarsnap no longer crashes if its first DNS lookup fails.

BUG FIX: Tarsnap no longer exits with "Callbacks uninitialized" when running
on a dual-stack network if the first IP stack it attempts fails to connect.

New features:
* tarsnap -c --dry-run can now run without a keyfile, allowing users to
predict how much Tarsnap will cost before signing up.

* tarsnap now has bash completion scripts.

* tarsnap now takes a --retry-forever option.

* tarsnap now automatically detects and uses AESNI and SSE2.

And as usual, lots of minor build fixes, harmless bug fixes, and code
refactoring / cleanups.

Assuming I don't get any emails complaining that something is broken, I'll
be releasing this officially as version 1.0.36 in about a week.  As always,
if you find any newly introduced bugs before the official release, you'll
be eligible for double the normal Tarsnap bug bounties.

- -- 
Colin Percival
Security Officer Emeritus, FreeBSD | The power to serve
Founder, Tarsnap | www.tarsnap.com | Online backups for the truly paranoid
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2

iEYEARECAAYFAlXJsEUACgkQOM7KaQxqam658ACeJTeenL9piIetNRD0iHhkcFcU
gP4An0pLs+ql/AKSEYIg2vpvQWfWkpwa
=pXld
-----END PGP SIGNATURE-----

Prev by Date: Please test: scrypt 1.2.0b
Next by Date: Fwd: Tarsnap 1.0.36
Previous by thread: Please test: scrypt 1.2.0b
Next by thread: Fwd: Tarsnap 1.0.36
Index(es):
- Date
- Thread