[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Please test tarsnap 1.0.36
-----BEGIN PGP SIGNED MESSAGE-----
A potential version 1.0.36 of the Tarsnap client code is ready for testing.
You can find the new code at
and the tarball has SHA256 hash
You can also see all the changes between 1.0.35 and this version in the
newly-public git repository at
Substantive changes in this code compared to tarsnap 1.0.35:
SECURITY: An attacker with a machine's write keys, or with read keys and
control of the tarsnap service, can make tarsnap allocate a large amount of
memory upon listing archives or reading an archive the attacker created; on
32-bit machines, tarsnap can be caused to crash under the aforementioned
BUG FIX: Tarsnap no longer crashes if its first DNS lookup fails.
BUG FIX: Tarsnap no longer exits with "Callbacks uninitialized" when running
on a dual-stack network if the first IP stack it attempts fails to connect.
* tarsnap -c --dry-run can now run without a keyfile, allowing users to
predict how much Tarsnap will cost before signing up.
* tarsnap now has bash completion scripts.
* tarsnap now takes a --retry-forever option.
* tarsnap now automatically detects and uses AESNI and SSE2.
And as usual, lots of minor build fixes, harmless bug fixes, and code
refactoring / cleanups.
Assuming I don't get any emails complaining that something is broken, I'll
be releasing this officially as version 1.0.36 in about a week. As always,
if you find any newly introduced bugs before the official release, you'll
be eligible for double the normal Tarsnap bug bounties.
Security Officer Emeritus, FreeBSD | The power to serve
Founder, Tarsnap | www.tarsnap.com | Online backups for the truly paranoid
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2
-----END PGP SIGNATURE-----