diff options
| author | wiz <wiz@pkgsrc.org> | 2015-08-21 14:43:17 +0000 |
|---|---|---|
| committer | wiz <wiz@pkgsrc.org> | 2015-08-21 14:43:17 +0000 |
| commit | 05e2ae3cf2a1c9668b6ebdb23b70973795375f99 (patch) | |
| tree | 47d86f86c4a00f9806f9ed11d10a4bd4de9c5ca7 /sysutils | |
| parent | ab31116ebad89d38464da560a2f58214b3f8b335 (diff) | |
| download | pkgsrc-05e2ae3cf2a1c9668b6ebdb23b70973795375f99.tar.gz | |
Update to 1.0.36:
1. SECURITY FIX: When constructing paths of objects being archived, a buffer
could overflow by one byte upon encountering 1024, 2048, 4096, etc. byte
paths. Theoretically this could be exploited by an unprivileged user whose
files are being archived; I do not believe it is exploitable in practice,
but I am offering a $1000 bounty for the first person who can prove me wrong:
http://www.daemonology.net/blog/2015-08-21-tarsnap-1000-exploit-bounty.html
2. SECURITY FIX: An attacker with a machine's write keys, or with read keys
and control of the tarsnap service, could make tarsnap allocate a large
amount of memory upon listing archives or reading an archive the attacker
created; on 32-bit machines, tarsnap can be caused to crash under the
aforementioned conditions.
3. BUG FIX: Tarsnap no longer crashes if its first DNS lookup fails.
4. BUG FIX: Tarsnap no longer exits with "Callbacks uninitialized" when
running on a dual-stack network if the first IP stack it attempts fails to
connect.
5. tarsnap now avoids opening devices nodes on linux if it is instructed to
archive /dev/. This change may prevent "watchdog"-triggered reboots.
6. tarsnap -c --dry-run can now run without a keyfile, allowing users to
predict how much Tarsnap will cost before signing up.
7. tarsnap now has bash completion scripts.
8. tarsnap now takes a --retry-forever option.
9. tarsnap now automatically detects and uses AESNI and SSE2.
As usual, there are also many minor build fixes, harmless bug fixes, and code
refactoring / cleanup changes. For a full listing of changes, consult the
tarsnap git repository: https://github.com/Tarsnap/tarsnap
Diffstat (limited to 'sysutils')
| -rw-r--r-- | sysutils/tarsnap/Makefile | 4 | ||||
| -rw-r--r-- | sysutils/tarsnap/distinfo | 8 |
2 files changed, 6 insertions, 6 deletions
diff --git a/sysutils/tarsnap/Makefile b/sysutils/tarsnap/Makefile index d318d274266..1609cceb0c5 100644 --- a/sysutils/tarsnap/Makefile +++ b/sysutils/tarsnap/Makefile @@ -1,6 +1,6 @@ -# $NetBSD: Makefile,v 1.9 2014/08/21 16:02:11 jperkin Exp $ +# $NetBSD: Makefile,v 1.10 2015/08/21 14:43:17 wiz Exp $ -DISTNAME= tarsnap-autoconf-1.0.35 +DISTNAME= tarsnap-autoconf-1.0.36 PKGNAME= ${DISTNAME:S/-autoconf//} CATEGORIES= sysutils archivers security MASTER_SITES= https://www.tarsnap.com/download/ diff --git a/sysutils/tarsnap/distinfo b/sysutils/tarsnap/distinfo index bbcd27be681..43ad8706c62 100644 --- a/sysutils/tarsnap/distinfo +++ b/sysutils/tarsnap/distinfo @@ -1,5 +1,5 @@ -$NetBSD: distinfo,v 1.5 2014/04/02 12:04:50 wiz Exp $ +$NetBSD: distinfo,v 1.6 2015/08/21 14:43:17 wiz Exp $ -SHA1 (tarsnap-autoconf-1.0.35.tgz) = 542a934daa58538c392e199bc6272e95a465eb08 -RMD160 (tarsnap-autoconf-1.0.35.tgz) = 8573fe7e4a3d1ad6fe8f6d5fa489c46b8e79de31 -Size (tarsnap-autoconf-1.0.35.tgz) = 600115 bytes +SHA1 (tarsnap-autoconf-1.0.36.tgz) = 3c98707d20e6f107c56e29f5037f1ed79fa8aaa6 +RMD160 (tarsnap-autoconf-1.0.36.tgz) = 97b4edd89f0cfbaed38354f802f8de1cda5127ae +Size (tarsnap-autoconf-1.0.36.tgz) = 615709 bytes |