diff options
| author | tron <tron> | 2015-08-24 19:10:29 +0000 |
|---|---|---|
| committer | tron <tron> | 2015-08-24 19:10:29 +0000 |
| commit | 717625abab5693318bd026aed8c26ba1b6d155bd (patch) | |
| tree | 898672bba44dc43c8fceeeab05340f6f22ec2bd1 | |
| parent | 7931208d3a2cee3dd997fbe76abf6550093d10f4 (diff) | |
| download | pkgsrc-717625abab5693318bd026aed8c26ba1b6d155bd.tar.gz | |
Pullup ticket #4797 - requested by wiz
sysutils/tarsnap: security update
Revisions pulled up:
- sysutils/tarsnap/Makefile 1.10-1.11
- sysutils/tarsnap/distinfo 1.6-1.7
---
Module Name: pkgsrc
Committed By: wiz
Date: Fri Aug 21 14:43:17 UTC 2015
Modified Files:
pkgsrc/sysutils/tarsnap: Makefile distinfo
Log Message:
Update to 1.0.36:
1. SECURITY FIX: When constructing paths of objects being archived, a buffer
could overflow by one byte upon encountering 1024, 2048, 4096, etc. byte
paths. Theoretically this could be exploited by an unprivileged user whose
files are being archived; I do not believe it is exploitable in practice,
but I am offering a $1000 bounty for the first person who can prove me wrong:
http://www.daemonology.net/blog/2015-08-21-tarsnap-1000-exploit-bounty.html
2. SECURITY FIX: An attacker with a machine's write keys, or with read keys
and control of the tarsnap service, could make tarsnap allocate a large
amount of memory upon listing archives or reading an archive the attacker
created; on 32-bit machines, tarsnap can be caused to crash under the
aforementioned conditions.
3. BUG FIX: Tarsnap no longer crashes if its first DNS lookup fails.
4. BUG FIX: Tarsnap no longer exits with "Callbacks uninitialized" when
running on a dual-stack network if the first IP stack it attempts fails to
connect.
5. tarsnap now avoids opening devices nodes on linux if it is instructed to
archive /dev/. This change may prevent "watchdog"-triggered reboots.
6. tarsnap -c --dry-run can now run without a keyfile, allowing users to
predict how much Tarsnap will cost before signing up.
7. tarsnap now has bash completion scripts.
8. tarsnap now takes a --retry-forever option.
9. tarsnap now automatically detects and uses AESNI and SSE2.
As usual, there are also many minor build fixes, harmless bug fixes, and code
refactoring / cleanup changes. For a full listing of changes, consult the
tarsnap git repository: https://github.com/Tarsnap/tarsnap
---
Module Name: pkgsrc
Committed By: wiz
Date: Fri Aug 21 18:03:22 UTC 2015
Modified Files:
pkgsrc/sysutils/tarsnap: Makefile distinfo
Log Message:
Update to 1.0.36.1:
OS X lacks the POSIX-mandated clock_gettime function, and tarsnap is
not using libcperciva's "support broken operating systems" compatibility
mechanism yet. Add -DPOSIXFAIL_CLOCK_REALTIME to the build.
| -rw-r--r-- | sysutils/tarsnap/Makefile | 4 | ||||
| -rw-r--r-- | sysutils/tarsnap/distinfo | 8 |
2 files changed, 6 insertions, 6 deletions
diff --git a/sysutils/tarsnap/Makefile b/sysutils/tarsnap/Makefile index d318d274266..22ae59474b7 100644 --- a/sysutils/tarsnap/Makefile +++ b/sysutils/tarsnap/Makefile @@ -1,6 +1,6 @@ -# $NetBSD: Makefile,v 1.9 2014/08/21 16:02:11 jperkin Exp $ +# $NetBSD: Makefile,v 1.9.8.1 2015/08/24 19:10:29 tron Exp $ -DISTNAME= tarsnap-autoconf-1.0.35 +DISTNAME= tarsnap-autoconf-1.0.36.1 PKGNAME= ${DISTNAME:S/-autoconf//} CATEGORIES= sysutils archivers security MASTER_SITES= https://www.tarsnap.com/download/ diff --git a/sysutils/tarsnap/distinfo b/sysutils/tarsnap/distinfo index bbcd27be681..901d48c198d 100644 --- a/sysutils/tarsnap/distinfo +++ b/sysutils/tarsnap/distinfo @@ -1,5 +1,5 @@ -$NetBSD: distinfo,v 1.5 2014/04/02 12:04:50 wiz Exp $ +$NetBSD: distinfo,v 1.5.10.1 2015/08/24 19:10:29 tron Exp $ -SHA1 (tarsnap-autoconf-1.0.35.tgz) = 542a934daa58538c392e199bc6272e95a465eb08 -RMD160 (tarsnap-autoconf-1.0.35.tgz) = 8573fe7e4a3d1ad6fe8f6d5fa489c46b8e79de31 -Size (tarsnap-autoconf-1.0.35.tgz) = 600115 bytes +SHA1 (tarsnap-autoconf-1.0.36.1.tgz) = d678c2d7701f013901540dab6899aca9ea5e146f +RMD160 (tarsnap-autoconf-1.0.36.1.tgz) = 1b0c780f743367f12cd2a7738b63aefd6554e982 +Size (tarsnap-autoconf-1.0.36.1.tgz) = 615739 bytes |