[announce] Bugfix release from Laurent Bercot on 2015-01-06 (skaware)

From: Laurent Bercot <ska-skaware_at_skarnet.org>
Date: Tue, 06 Jan 2015 03:45:17 +0100

  Hello,
  Let's start this new year with a blast...

  There was an obscure, but significant, oversight in skalibs,
that allowed a client to DoS a server, among other things. The
impact is small because only shared services are affected,
which basically means a s6lockd service or a skadnsd service
listening on a Unix socket. If you didn't have such a shared
service, which should be more than 99% of people, you're safe.

  To fix the bug, I had to change a small part of the skalibs
API (and of the ABI too). So, here's a batch of new releases
to go with the latest skalibs API.

  Only s6 and s6-dns need to be rebuilt with the new skalibs.
The other packages are unaffected by the bug or the API/ABI
change. They still get a new release because they have new goodies,
such as a more intuitive behaviour for ./configure options, more
accurate INSTALL and ./configure --help documentation, and so on.

  On a related note, if you are a member of the IEEE or The Open Group
and took part in the design or redaction of the sendmsg()/recvmsg()
specification for POSIX.1-2008, please jump off a cliff immediately.
This thing is so badly specified that it breaks in a subtly different
way on every system, and a gigantic amount of wrapping code is needed
to catch all the corner cases, and even that relies on the
implementation not being too brain-damaged. Which obviously cannot be
guaranteed - after all, there are still BSDs around.
  That's the price I pay for wanting to use an interface that is
*only* twelve years old. Sigh. </rant>

  * skalibs-2.1.0.0
  You want this if you're using unixmessage or skaclient (which s6 does
for notification, typically). It's bigger and uglier, but it makes your
servers more robust.
  http://skarnet.org/software/skalibs/

  * execline-2.0.1.0
  import -u. (That's why the 3rd number in the version string changes:
new functionality.)
  http://skarnet.org/software/execline/

  * s6-portable-utils-2.0.0.1
  No changes.
  http://skarnet.org/software/s6-portable-utils/

  * s6-linux-utils-2.0.0.1
  No changes.
  http://skarnet.org/software/s6-linux-utils/

  * s6-2.0.0.1
  This version compiles with skalibs-2.1.0.0 and fixes the bug.
  http://skarnet.org/software/s6/

  * s6-dns-2.0.0.1
  http://skarnet.org/software/s6-dns/
  This version compiles with skalibs-2.1.0.0 and fixes the bug.

  * s6-networking-2.0.0.1
  No changes.
  http://skarnet.org/software/s6-networking/

  Enjoy, and keep sending those bug-reports.

-- 
  Laurent

Received on Tue Jan 06 2015 - 02:45:17 UTC

This archive was generated by hypermail 2.3.0 : Sun May 09 2021 - 19:38:49 UTC