Hello, Let's start this new year with a blast...
There was an obscure, but significant, oversight in skalibs, that allowed a client to DoS a server, among other things. The impact is small because only shared services are affected, which basically means a s6lockd service or a skadnsd service listening on a Unix socket. If you didn't have such a shared service, which should be more than 99% of people, you're safe. To fix the bug, I had to change a small part of the skalibs API (and of the ABI too). So, here's a batch of new releases to go with the latest skalibs API. Only s6 and s6-dns need to be rebuilt with the new skalibs. The other packages are unaffected by the bug or the API/ABI change. They still get a new release because they have new goodies, such as a more intuitive behaviour for ./configure options, more accurate INSTALL and ./configure --help documentation, and so on. On a related note, if you are a member of the IEEE or The Open Group and took part in the design or redaction of the sendmsg()/recvmsg() specification for POSIX.1-2008, please jump off a cliff immediately. This thing is so badly specified that it breaks in a subtly different way on every system, and a gigantic amount of wrapping code is needed to catch all the corner cases, and even that relies on the implementation not being too brain-damaged. Which obviously cannot be guaranteed - after all, there are still BSDs around. That's the price I pay for wanting to use an interface that is *only* twelve years old. Sigh. </rant> * skalibs-2.1.0.0 You want this if you're using unixmessage or skaclient (which s6 does for notification, typically). It's bigger and uglier, but it makes your servers more robust. http://skarnet.org/software/skalibs/ * execline-2.0.1.0 import -u. (That's why the 3rd number in the version string changes: new functionality.) http://skarnet.org/software/execline/ * s6-portable-utils-2.0.0.1 No changes. http://skarnet.org/software/s6-portable-utils/ * s6-linux-utils-2.0.0.1 No changes. http://skarnet.org/software/s6-linux-utils/ * s6-2.0.0.1 This version compiles with skalibs-2.1.0.0 and fixes the bug. http://skarnet.org/software/s6/ * s6-dns-2.0.0.1 http://skarnet.org/software/s6-dns/ This version compiles with skalibs-2.1.0.0 and fixes the bug. * s6-networking-2.0.0.1 No changes. http://skarnet.org/software/s6-networking/ Enjoy, and keep sending those bug-reports. -- Laurent
