[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Tarsnap 1.0.31



Hi all,

Tarsnap 1.0.31 is now available.  This new version brings:

1. Two security fixes relating to key generation on multi-user systems:
 * If a key file was created in a world-readable directory by a user
   with a permissive umask, it could be readable for a short time.
 * If a key file was created in a world-writable directory (e.g., /tmp)
   it could be read or caused to overwrite another file.
Thanks to Tavis Ormandy for reporting this.

2. Minix support.  Thanks to Ben Gras for identifying the changes which
were needed and for testing the resulting code.

3. Minor improvements:
 * Tarsnap now ignores blank lines in key files.
 * Tarsnap now line-buffers its output (useful when --list-archives output
   is being piped to another command).
 * Tarsnap now prints a more useful progress indicator when running --fsck.

4. Several minor bug fixes and compiler warning eliminations.

The new release is available from the usual location:
  https://www.tarsnap.com/download.html

-- 
Colin Percival
Security Officer, FreeBSD | freebsd.org | The power to serve
Founder / author, Tarsnap | tarsnap.com | Online backups for the truly paranoid