Change logs for tar source package in Edgy

tar (1.15.91-2ubuntu0.4) edgy-security; urgency=low

  * SECURITY UPDATE: directory traversal with malicious tar files.
  * src/names.c: adjust dot dot checking, patched inline.
  * References
    CVE-2007-4131

 -- Kees Cook <email address hidden>   Tue, 28 Aug 2007 09:45:12 -0700

tar (1.15.91-2ubuntu0.3) edgy-security; urgency=low

  * SECURITY UPDATE: files can be overwritten/renamed in any writable location
    in the filesystem via GNUTYPE_NAMES type.
  * src/extract.c: disable GNUTYPE_NAMES type processing by default since it
    allows for immediate symlink creation and renames.
  * src/common.h, src/tar.c: add --allow-name-mangling option to restore
    default behavior.
  * debian/rules: lowered optimization level on i386 for testcase #29.
  * References
    http://archives.neohapsis.com/archives/fulldisclosure/2006-11/0344.html
    CVE-2006-6097

 -- Kees Cook <email address hidden>   Fri, 24 Nov 2006 12:48:25 -0800

tar (1.15.91-2) unstable; urgency=low

  * add a NEWS.Debian file that communicates the change in wildcard processing
  * re-institute the patch for filenames that are exactly 100 characters in 
    length originally reported in #230910, closes: #376909

 -- Ubuntu Archive Auto-Sync <email address hidden>   Mon,  10 Jul 2006 12:36:49 +0100

tar (1.15.91-1) unstable; urgency=low

  * new upstream version, retrieved from alpha.gnu.org
  * update date in tar.1, closes: #367290
  * support rollbacks in maintainer scripts, drop removal of info since this
    package no longer delivers an info doc, closes: #374461

tar (1.15.1dfsg-3) unstable; urgency=low

  * revert to upstream auto* products and take a different approach to eliding
    doc/ contents, since I'm clearly just not smart enough to use auto* tools
    without breaking more than I fix, closes: #362249

tar (1.15.1dfsg-2) unstable; urgency=low

  * run aclocal and automake to get last reference to doc subdir out of
    Makefile.in, closes: #361931

tar (1.15.1dfsg-1) unstable; urgency=low

  * remove the documentation source from this package, since it is licensed 
    under the GFDL with invariant cover texts that upstream is unwilling or
    unable to to remove, closes: #357259
  * remove install-info call from postinst, since it is no longer relevant
  * include URL for the online version of the tar documentation in the man page
  * run make with same env vars set as configure to avoid situation where
    make re-running configure causes rsh to not be found, etc, closes: #356657
  * another patch from Goswin to fix test failures on amd64, closes: #354847

tar (1.15.1-6) unstable; urgency=low

  * patch from upstream to fix incorrect listing of a non-existing section as
    invariant in the GFDL license header, closes: #357259

tar (1.15.1-5) unstable; urgency=low

  * patch from Goswin von Brederlow to sort tar output in test suite to 
    compensate for different file order when ext3 option dir_index is enabled
    on build system, first seen on amd64 autobuilder, closes: #354847

tar (1.15.1-4) unstable; urgency=low

  * change section from base to utils to resolve override disparity
  * add build dependency on autoconf, closes: #354194

tar (1.15.1-3) unstable; urgency=high

  * patch for src/xheader.c suggested by Martin Pitt, to fix exploitable
    buffer overflow [CVE-2006-0300], closes: #354091, #314805
  * change default path for rmt in lib/localedir.h to be correct for Debian
    systems, closes: #319635
  * updated Italian translation from Marco d'Itri, closes: #286978
  * patch from Loic Minier fixing wrong matching of file names when special
    characters are present, closes: #272888
  * patch suggested by Stephen Frost to convert fatal error to warning when
    an archive spanning multiple volumes contains a filename longer than
    100 characters, closes: #330187
  * patch from Peter Samuelson to fix hard link handling in the presence
    of the --strip-components option, closes: #343062
  * update debhelper compat level to 5

 -- Ian Jackson <email address hidden>   Sat,  01 Jul 2006 16:18:52 +0100

tar (1.15.1-2ubuntu2) dapper; urgency=low

  * Do not mess with directory permissions when extracting
    without -p.  Malone 19540.

 -- Ian Jackson <email address hidden>   Wed,  5 Apr 2006 17:25:15 +0100