[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Please test tarsnap 1.0.30 "bug bounty edition"

Hash: SHA1

Hi all,

Version 1.0.30 of the Tarsnap client code, which I'm calling the "bug bounty
edition", is now ready for testing.  You can download the source code at
https://www.tarsnap.com/download/tarsnap-autoconf-1.0.30a.tgz, which has SHA256
hash e83342ce4776ef575a36a182de277c9a9726a04c398bb3a265c8d2f065b0dce3.  (If I
upload a new tarball to fix things, it will be 1.0.30b, 1.0.30c, etc.  The final
release will be named 1.0.30.)

As the moniker "bug bounty edition" suggests, this release is mostly the result
of bugs reported to me.  I've awarded a total of $1165 for 209 bug fixes in this
release; most of them are trivial (e.g., "typo in source code comment") but a
few bug fixes are worth mentioning:

* If the readdir function failed while Tarsnap was looking for files to archive,
it is possible that files would be silently not archived.  It's unlikely that
this ever affected anyone, since it's very difficult for readdir to fail without
the hard drive in question failing, but it is theoretically possible.

* Handling of @archive directives with mtree files could break in several ways
relating to the parsing of integer values.  I doubt anyone has ever tried to use
@archive directives to create a Tarsnap archive out of an mtree file, but if
anyone did, it probably didn't work.

* If the current directory when Tarsnap is launched becomes unreadable (e.g., by
changing its permissions mode value) *and* more than one path is specified to be
archived (e.g., "tarsnap -c -f foo path/to/bar path/to/baz") then Tarsnap might
have archived the wrong paths.

At https://www.tarsnap.com/download/1.0.29-1.0.30a.patch you can find a complete
set of changes.  If you report a bug which was introduced in 1.0.30 between now
and the release (I'm aiming for August 24th) you will be eligible for double the
normal bug bounty.

Please test and let me know if I broke anything. :-)

- -- 
Colin Percival
Security Officer, FreeBSD | freebsd.org | The power to serve
Founder / author, Tarsnap | tarsnap.com | Online backups for the truly paranoid
Version: GnuPG v1.4.11 (FreeBSD)