The Featureless Linux Library stable version 0.6.11 is released.
This release brings in fixes for problems exposed by more regular use of and by active development on the 0.7.x development branch. In particular, the Controller program has seen a lot of fixes and improvements.
I have been working on additional projects, such as Tacocat. This project has a different structure and has revealed some bugs or mistakes in the fakefile and settings standards for the Featureless Make program. I have already been aware of this potential problem but I had been hoping that I would not need to implement a new feature in the standard. Unfortunately, I have concluded that I do in fact need a new feature. The fakefile and settings standards now support a new Object called stage. I chose the word stage to avoid conflicts with existing build focused Object names. This new feature in the standard fixes a bug where multiple settings might conflict with each other. I opted to classify this new feature as a bug fix. This change further exposed an oversight where slashes are not supposed to be supported in the build name Object and the version Objects. The new stage Object as well as the build_name, version_major, version_major_prefix, version_minor, version_minor_prefix, version_micro, version_micro_prefix, version_nano, version_nano_prefix and version_target Objects now explicitly prohibit slashes.
I also found some notable bugs in the FSS read programs. The processing of comments is incorrect and the ranges being processed are entirely missing the necessary range checks. I back ported the runtime tests for the FSS read programs to better help catch problems and regressions.
A new feature is created for the Simple Packet (FSS-000F) standard for adding support for a magic block. A magic block provides the ability to identify the type of packet being transmitted. This has performance, firewalling, and also local storage implications. The packets can be directly saved as a file and that file can be easily identified and read. This does not define the magic identifiers themselves. This only adds the functionality to specify them. For security reasons, the presence of the magic block is optional. There is not network functionality in the 0.6 versions of the FLL project. This is only a change to the standard. The 0.7 versions and later of the FLL project implement network related functionality.
The memory consumption consumed by certain functions is now greatly reduced. The lazy allocation process works really well, except for certain key conditions. One of these conditions is when the allocation step is set to some large value, such as 128. Then, a huge amount of arrays are allocation, each with only one or two elements in the array. I found that when using fss_basic_read on a large data set that I would incur an 8 Gigabyte memory allocation cost. After the optimization that same allocation cost went down to about 500 Megabytes. The reason for this is directly because of about four or five differernt one element arrays are being allocation for maybe 2,000,000 Objects in some file. The optimization has a cost of additional logic and a few more allocations for small arrays. This is not considered too expensive because these arrays are small and the cost of re-allocating them is relatively inexpensive.
The following are changes since the 0.6.10 stable release.
Exploit Fixes:
- None.
Security Fixes:
- FLL: Console parameter single short values array is too small.
- Controller: Remove the simulate feature that actually executes a script.
- Controller: Incorrect sizeof() used in process pointers.
- Controller: Wrong sizeof() type used in allocation functions.
- FSS Read programs: Missing range checks on comment processing.
Features:
- FLL: Add "Magic Bit" to the FSS-000F (Simple Packet) format.
Bug Fixes:
- FLL: Enable missing support for grave (backtick) is IKI.
- FLL: The fl_directory_create() needs to also handle F_file_found_not.
- Controller: Stand alone build doesn't compile due to incorrect _di_f_thread_mutex_lock_timed_ config.h setting.
- Controller: Incorrect length on string CONTROLLER_rule_print_control_groups_prepare_s.
- Controller: Double creation of mutex alert lock.
- Controller: Parameter type is f_number_unsigned_t and not uint8_t.
- Controller: Incorrectly adding an extra '/' to the file name.
- Controller: Incorrect thread unlock in controller_rule_process().
- Controller: Improve error message regarding file not found..., found.
- Controller: Don't assign enabled variable on lock failure to avoid potential race condition.
- Controller: Error printing function has wrong locking.
- Controller: Replace f_signal_mask() with f_thread_signal_mask().
- Controller: New line is not being printed because sequence is missing.
- Controller: Incorrect error message describing wrong value number.
- Controller: Simulation is using error output rather than normal output in one case.
- Controller: The $ should instead be a % in the fl_print_format() call.
- Controller: Add missing 'extern' to controller_entry_settings_read_map().
- Controller: The help code is being used instead of the light code
- Fake: Add stage setting to standards to prevent build state file conflicts.
- Fake: The build_name and version numbers should not support forward or backward slashes.
- FSS Read programs: Bugfix: Incorrect runtime tests for FSS Read programs.
- FSS Read programs: Bugfix: Properly back port runtime tests for FSS Read programs.
Refactors:
- None.
Regressions:
- None.
Updates:
- FLL: Back port runtime tests for FSS Read programs.
- FLL: Apply the not operator logic to avoid needing to literally specify it.
- FLL: Greatly reduce memory consumption by implementing simple low allocation step.
- FLL: Reduce memory usage by fl_fss_basic_content_read() in some circumstances.
- FLL: Optimize away the isdigit(), isalpha(), isalnum(), and isxdigit().
- FLL: Yet another file with a copyright year that needs to be updated.
- FLL: Specifications to use grave as the common term for backtick.
- FLL: The f_iki test needs to be updated following the version update.
- Controller: Add additional protection around assignment of global.thread.enabled during Controller exit process.
- Controller: Use copy of flag to avoid possible race conditions with controller_thread_is_enabled().
- Controller: Provide fallback should the locks on exit fail to catch and update function using pointer.
- Controller: Rewrite timing logic in controller.
- Controller: Reset cache in some cases and do so after error messages.
- Controller: Add missing extern for prototype of controller_unlock_print_flush().
-----BEGIN PGP SIGNATURE-----