[Spread-users] Spread 3.17.1 release
jonathan at cnds.jhu.edu
Fri Jun 20 18:20:48 EDT 2003
Spread Concepts LLC and Johns Hopkins Center for Networking and Distributed
System are happy to announce the release of a new stable version, 3.17.1,
of the Spread toolkit.
This release includes a number of bugfixes, including some that fix
daemon crashes and potential security issues, and some small cleanups
and stability improvements. So we highly encourage everyone to
upgrade to this release.
The 3.17.1 release has no new features, api changes or other dramatic
changes. The potential security issue is a buffer overflow in the C
language CLIENT library that could be exploited by a malicious daemon
or man-in-the-middle attack to execute code with the privileges of the
user running the client. This bug was uncovered by a DARPA funded
Red Team from SRI who were evaluating Spread and Secure Spread.
The list of bugfixes is:
*) Fix memory corruption and crash with groups of large size.
*) Correct make install so it installs header files.
*) Fix syntax error in build.xml file for Java/Ant.
*) Cleanup prototypes to remove compiler warnings.
*) Fix parser to correctly recognize upper, lower, and mixed case command options.
*) During make install, remove old symlinks.
*) Change setgroups call to be more portable. (fixes MacOSX)
*) Change name of r and s to sprecv and spsend, and add as make targets.
They can be built by "make testprog" (not built by default).
*) Work on making long group names possible.
*) Increase listen backlog for accepting client connections.
*) Fix Win32 project files to have correct path to source files.
(note CVS was always ok, but 3.17.0 release had incorrect path)
*) Fix bug where large groups overflow Mess_buf in groups.c.
*) Fix memory corruption bug when a message header is received in
several separate packets in session.c. Thanks to Ryan Caudy for
many, many hours tracking this down.
*) Change order of build in Makefile so binaries are built before
*) Fix Java bug where connection objects cannot be disconnected and
then reconnected, but must be created anew. They can now be reused.
*) Fix compile error on AIX for struct if_info.
*) Fix security issue with buffer checks in the C library.
*) Fix obscure off-by-one buffer error with the parser.
Spread is a toolkit that provides a high performance messaging service
that is resilient to faults across external or internal networks. Spread
functions as a unified message bus for distributed applications, and
provides highly tuned application-level multicast and group communication
support. Spread services range from reliable message passing to fully
ordered messages with delivery guarantees, even in case of computer
failures and network partitions.
Spread is designed to encapsulate the challenging aspects of asynchronous
networks and enable the construction of scalable distributed applications,
allowing application builders to focus on the differentiating components
of their application.
With the Spread Open Source License, the toolkit may be freely
used under some conditions. For example, the license includes the
requirement that all advertising materials (including web pages)
mentioning software that uses Spread display a specific acknowledgement.
Please review the license agreement for more details.
Other commercial licenses or other licensing arrangements are available.
Please contact michal at spreadconcepts.com. We are looking for partners
interested in using group communication and/or replication to solve
demanding, real-world problems.
Jonathan R. Stanton jonathan at cs.jhu.edu
Dept. of Computer Science
Johns Hopkins University
More information about the Spread-users