[s3ql] [ANNOUNCE] S3QL 2.10.1 has been released
34 views
Skip to first unread message
Nikolaus Rath
Aug 27, 2014, 4:58:28 PM8/27/14
to s3...@googlegroups.com
Dear all,
I am pleased to announce a new release of S3QL, version 2.11.
From the changelog:
2014-08-27, S3QL 2.11
* SECURITY UPDATE (CVE-2014-0485).
A remote code execution vulnerability was fixed.
An attacker with control over the communication with the storage
backend or the ability to manipulate the data stored in the
backend was able to trigger execution of arbitrary code by
mount.s3ql, fsck.s3ql, mkfs.s3ql, s3qladm and s3ql_verify. Both
encrypted and unencrypted file systems were vulnerable.
* s3ql_verify no longer crashes when checking an empty file system.
* Fixed a crash when using Google OAuth2 and the first request after
the access token has expired is a write request.
* mount.s3ql now supports systemd-style readyness notification. To
use this feature, make sure that you have the 'systemd' module
installed for Python 3.
This feature has not been tested, if you use it or encounter
problems, please report back.
* Fixed a race condition that could cause tests/t5_failsafe.py to
fail.
* mount.s3ql no longer daemonizes on its own. With a modern init
system this should no longer be necessary, and when running
mount.s3ql from the command line the shell can be used to put the
process into background.
* There is a new --backend-options parameter that can be used to
pass backend-specific options to any S3QL command that accepts a
storage url.
* The --no-ssl and --ssl-ca-path parameters have been removed. For
those backends were these parameters make sense, you can use the
backend options of the same name instead (e.g. instead of
`--no-ssl` use `--backend-options no-ssl`).
* Several backends now accept a `tcp-timeout` option. If S3QL is
unable to communicate with the remote server for longer than this
period, the TCP/IP connection is re-established.
* The Amazon S3 backend now accepts a 'sse' option to enable server
side encryption. Both costs & benefits of S3 server side
encryption are probably very small, and this option does *not*
affect any client side encryption performed by S3QL itself.
* The Amazon S3 backend now accepts a 'rrs' option to enable reduced
redundancy storage for any newly created objects.
As usual, the release is available for download from
https://bitbucket.org/nikratio/s3ql/downloads
Please report any bugs on the mailing list (s3...@googlegroups.com) or
the issue tracker (https://bitbucket.org/nikratio/s3ql/issues).
Starting with version 2.0, S3QL requires Python 3.3 or newer. For older
systems, the S3QL 1.x branch (which only requires Python 2.7) will
continue to be supported for the time being. However, development
concentrates on S3QL 2.x while the 1.x branch only receives selected
bugfixes. When possible, upgrading to S3QL 2.x is therefore strongly
recommended.
Enjoy,
-Nikolaus
--
Encrypted emails preferred.
PGP fingerprint: 5B93 61F8 4EA2 E279 ABF6 02CF A9AD B7F8 AE4E 425C
»Time flies like an arrow, fruit flies like a Banana.«
I am pleased to announce a new release of S3QL, version 2.11.
From the changelog:
2014-08-27, S3QL 2.11
* SECURITY UPDATE (CVE-2014-0485).
A remote code execution vulnerability was fixed.
An attacker with control over the communication with the storage
backend or the ability to manipulate the data stored in the
backend was able to trigger execution of arbitrary code by
mount.s3ql, fsck.s3ql, mkfs.s3ql, s3qladm and s3ql_verify. Both
encrypted and unencrypted file systems were vulnerable.
* s3ql_verify no longer crashes when checking an empty file system.
* Fixed a crash when using Google OAuth2 and the first request after
the access token has expired is a write request.
* mount.s3ql now supports systemd-style readyness notification. To
use this feature, make sure that you have the 'systemd' module
installed for Python 3.
This feature has not been tested, if you use it or encounter
problems, please report back.
* Fixed a race condition that could cause tests/t5_failsafe.py to
fail.
* mount.s3ql no longer daemonizes on its own. With a modern init
system this should no longer be necessary, and when running
mount.s3ql from the command line the shell can be used to put the
process into background.
* There is a new --backend-options parameter that can be used to
pass backend-specific options to any S3QL command that accepts a
storage url.
* The --no-ssl and --ssl-ca-path parameters have been removed. For
those backends were these parameters make sense, you can use the
backend options of the same name instead (e.g. instead of
`--no-ssl` use `--backend-options no-ssl`).
* Several backends now accept a `tcp-timeout` option. If S3QL is
unable to communicate with the remote server for longer than this
period, the TCP/IP connection is re-established.
* The Amazon S3 backend now accepts a 'sse' option to enable server
side encryption. Both costs & benefits of S3 server side
encryption are probably very small, and this option does *not*
affect any client side encryption performed by S3QL itself.
* The Amazon S3 backend now accepts a 'rrs' option to enable reduced
redundancy storage for any newly created objects.
As usual, the release is available for download from
https://bitbucket.org/nikratio/s3ql/downloads
Please report any bugs on the mailing list (s3...@googlegroups.com) or
the issue tracker (https://bitbucket.org/nikratio/s3ql/issues).
Starting with version 2.0, S3QL requires Python 3.3 or newer. For older
systems, the S3QL 1.x branch (which only requires Python 2.7) will
continue to be supported for the time being. However, development
concentrates on S3QL 2.x while the 1.x branch only receives selected
bugfixes. When possible, upgrading to S3QL 2.x is therefore strongly
recommended.
Enjoy,
-Nikolaus
--
Encrypted emails preferred.
PGP fingerprint: 5B93 61F8 4EA2 E279 ABF6 02CF A9AD B7F8 AE4E 425C
»Time flies like an arrow, fruit flies like a Banana.«
Reply all
Reply to author
Forward
0 new messages