[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Fwd: Tarsnap 1.0.41



Hi alphatesters,

Please note that contrary to normal practice, 1.0.41 is not exactly the
same as 1.0.40.99 -- I added some security-related commits (mitigations
for a chosen-plaintext attack on the chunking algorithm, see the first
bullet point below) before I rolled the release.

So please update to 1.0.41 even if you're already running 1.0.40.99. :-)

Colin Percival

-------- Forwarded Message --------
Subject: Tarsnap 1.0.41
Date: Fri, 21 Mar 2025 10:01:59 -0700
From: Colin Percival <cperciva@tarsnap.com>
To: tarsnap-announce@tarsnap.com

Hi all,

Tarsnap 1.0.41 is now available.  This version brings a security improvement
and several new features compared to tarsnap 1.0.40:

* [security] Tarsnap now has mitigations to defend against information leakage
   via chunking: Chunks are padded using the PADME scheme, and small-alphabet
   cycles are prohibited in chunking to block a chosen-plaintext attack.  For
   more details on the attack, see my blog post
   https://www.daemonology.net/blog/2025-03-21-Chunking-attacks-on-Tarsnap.html
   and the paper
   "Chunking Attacks on File Backup Services using Content-Defined Chunking"
   which should be available on the Cryptology ePrint Archive shortly.

* tarsnap -c now accepts --dry-run-metadata, which simulates creating an
   archive without reading any file data.  This is significantly faster than a
   regular --dry-run, and is suitable for checking which filesystem entries
   will be archived (with -v) or checking the total archive size (with --totals
   or --progress-bytes).

* tarsnap now accepts --noatime with -c mode, which requests that the
   operating system does not update atime when reading files or directories.
   Not supported by all operating systems or filesystems.

* If the server-side state was modified and tarsnap exits with an error, it
   will now have an exit code of 2.

* tarsnap will read a config file in $XDG_CONFIG_HOME/tarsnap/tarsnap.conf;
   or ~/.config/tarsnap/tarsnap.conf if $XDG_CONFIG_HOME is not set.  The
   previous config file ~/.tarsnaprc is still supported, and will not be
   deprecated.

* tarsnap now accepts --null-input as a synonym for --null.  For compatibility
   reasons, --null is still supported, and will not be deprecated.

* tarsnap now accepts --null-output with --print-stats, --list-archives, -x,
   and -t, which produces NUL-separated output from those commands.

* A bug in tarsnap's scrypt code which caused a self-test failure when
   tarsnap is compiled on gcc and passphrased key files are used on systems
   without SSE2 (e.g. non-x86 systems) has been fixed.

As usual, there are also lots of minor build fixes, harmless bug fixes, and
code cleanups.

The new release is available from the usual location
    https://www.tarsnap.com/download.html
and the full set of changes can be see in the git repository:
    https://github.com/tarsnap/tarsnap

Users of the .deb packages we ship should find that their systems can now
fetch tarsnap 1.0.41.  Users of other packaging systems (FreeBSD / NetBSD
/ OpenBSD / Homebrew / MacPorts / Gentoo / OpenSUSE / etc.) should be able
to fetch tarsnap 1.0.41 once the maintainers of the respective ports have
updated them.

--
Colin Percival
Security Officer Emeritus, FreeBSD | The power to serve
Founder, Tarsnap | www.tarsnap.com | Online backups for the truly paranoid