Dear all, I am pleased to announce a new release of S3QL, version 2.13.
>From the changelog:
2015-01-31, S3QL 2.13
* The internal file system revision has changed. File systems
created with S3QL 2.13 or newer are not compatible with prior S3QL
versions.
To update an existing file system to the newest revision, use the
's3qladm upgrade' command. During the upgrade, all storage objects
that were created by S3QL 1.1 or earlier will be downloaded and
re-uploaded. For objects created by S3QL 1.1.2 or later, the
upgrade will only affect the storage object's metadata (so no
contents need to be transferred).
* SECURITY ADVISORY: Previous mkfs.s3ql versions used /dev/urandom
to generate the master key when creating a new encrypted file
system. However, /dev/urandom is not guaranteed to provide the
256-bits of entropy requested by S3QL. This may have allowed an
attacker to predict parts of the master key in situations where
little entropy is available (e.g. right after system boot, or if a
different program has previously drained the entropy pool).
Note that the master key is not affected when the file system
passphrase is changed. The only way to recover from a potentially
compromised master key is to create a new file system and copy
over all data.
* When creating new file systems, the master key is now generated by
reading /dev/random rather than /dev/urandom to ensure sufficient
entropy.
* The 'no-ssl' option for the swift backend is now used only when
connecting to the authentication server. Whether SSL is used when
connecting to the storage server is determined by the
authentication server.
* Fixed a crash when using the "disable-expect100" swift backend
option.
* Fixed a race condition that could lead to a "KeyError" crash
when refreshing a Google Storage OAuth2 access token.
* Fixed a race condition that could lead to a hanging mount.s3ql
process and hanging test_thread_hang() unit test.
* Updated internal metadata storage and checksum format. The old
format was difficult to secure against malicious backend data and
could have resulted in false-positive checksum mismatches with
future or different Python interpreters.
* Sizes (e.g. in the s3qlstat output) are now always reported
with three significant digits.
* Fixed a bug that caused fsck.s3ql to either abort with a
"apsw.ConstraintError" or to incorrectly consider storage
objects as missing when the connection to remote server is
interrupted while retrieving the object list.
* Storage urls without any prefix (e.g. s3://foo, but also
s3://foo/) are now using the same local cache
directory. Previously they would use different directories,
despite pointing to the same file system.
(Note that this does not affect storage urls with a prefix,
s3://foo/bar and s3://foo/bar/ refer to different locations in the
bucket, and thus correctly use different cache directories).
* Fixed a problem where mount.s3ql would crash when unmouting the
file system because it could not delete the cache directory. This
could happen when the file system was not unmounted cleanly, but
fsck.s3ql was then run on a different system (or using a different
cache directory).
* S3QL now requires at least version 3.4 of the dugong Python
module.
As usual, the release is available for download from
https://bitbucket.org/nikratio/s3ql/downloads
Please report any bugs on the mailing list ([email protected]) or
the issue tracker (https://bitbucket.org/nikratio/s3ql/issues).
Starting with version 2.0, S3QL requires Python 3.3 or newer. For older
systems, the S3QL 1.x branch (which only requires Python 2.7) will
continue to be supported for the time being. However, development
concentrates on S3QL 2.x while the 1.x branch only receives selected
bugfixes. When possible, upgrading to S3QL 2.x is therefore strongly
recommended.
Enjoy,
-Nikolaus
--
GPG encrypted emails preferred. Key id: 0xD113FCAC3C4E599F
Fingerprint: ED31 791B 2C5C 1613 AF38 8B8A D113 FCAC 3C4E 599F
»Time flies like an arrow, fruit flies like a Banana.«
--
You received this message because you are subscribed to the Google Groups
"s3ql" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
For more options, visit https://groups.google.com/d/optout.
signature.asc
Description: PGP signature
