Change logs for tar source package in Edgy

  • tar (1.15.91-2ubuntu0.4) edgy-security; urgency=low
      * SECURITY UPDATE: directory traversal with malicious tar files.
      * src/names.c: adjust dot dot checking, patched inline.
      * References
     -- Kees Cook <email address hidden>   Tue, 28 Aug 2007 09:45:12 -0700
  • tar (1.15.91-2ubuntu0.3) edgy-security; urgency=low
      * SECURITY UPDATE: files can be overwritten/renamed in any writable location
        in the filesystem via GNUTYPE_NAMES type.
      * src/extract.c: disable GNUTYPE_NAMES type processing by default since it
        allows for immediate symlink creation and renames.
      * src/common.h, src/tar.c: add --allow-name-mangling option to restore
        default behavior.
      * debian/rules: lowered optimization level on i386 for testcase #29.
      * References
     -- Kees Cook <email address hidden>   Fri, 24 Nov 2006 12:48:25 -0800
  • tar (1.15.91-2) unstable; urgency=low
      * add a NEWS.Debian file that communicates the change in wildcard processing
      * re-institute the patch for filenames that are exactly 100 characters in 
        length originally reported in #230910, closes: #376909
     -- Ubuntu Archive Auto-Sync <email address hidden>   Mon,  10 Jul 2006 12:36:49 +0100
  • tar (1.15.91-1) unstable; urgency=low
      * new upstream version, retrieved from
      * update date in tar.1, closes: #367290
      * support rollbacks in maintainer scripts, drop removal of info since this
        package no longer delivers an info doc, closes: #374461
    tar (1.15.1dfsg-3) unstable; urgency=low
      * revert to upstream auto* products and take a different approach to eliding
        doc/ contents, since I'm clearly just not smart enough to use auto* tools
        without breaking more than I fix, closes: #362249
    tar (1.15.1dfsg-2) unstable; urgency=low
      * run aclocal and automake to get last reference to doc subdir out of, closes: #361931
    tar (1.15.1dfsg-1) unstable; urgency=low
      * remove the documentation source from this package, since it is licensed 
        under the GFDL with invariant cover texts that upstream is unwilling or
        unable to to remove, closes: #357259
      * remove install-info call from postinst, since it is no longer relevant
      * include URL for the online version of the tar documentation in the man page
      * run make with same env vars set as configure to avoid situation where
        make re-running configure causes rsh to not be found, etc, closes: #356657
      * another patch from Goswin to fix test failures on amd64, closes: #354847
    tar (1.15.1-6) unstable; urgency=low
      * patch from upstream to fix incorrect listing of a non-existing section as
        invariant in the GFDL license header, closes: #357259
    tar (1.15.1-5) unstable; urgency=low
      * patch from Goswin von Brederlow to sort tar output in test suite to 
        compensate for different file order when ext3 option dir_index is enabled
        on build system, first seen on amd64 autobuilder, closes: #354847
    tar (1.15.1-4) unstable; urgency=low
      * change section from base to utils to resolve override disparity
      * add build dependency on autoconf, closes: #354194
    tar (1.15.1-3) unstable; urgency=high
      * patch for src/xheader.c suggested by Martin Pitt, to fix exploitable
        buffer overflow [CVE-2006-0300], closes: #354091, #314805
      * change default path for rmt in lib/localedir.h to be correct for Debian
        systems, closes: #319635
      * updated Italian translation from Marco d'Itri, closes: #286978
      * patch from Loic Minier fixing wrong matching of file names when special
        characters are present, closes: #272888
      * patch suggested by Stephen Frost to convert fatal error to warning when
        an archive spanning multiple volumes contains a filename longer than
        100 characters, closes: #330187
      * patch from Peter Samuelson to fix hard link handling in the presence
        of the --strip-components option, closes: #343062
      * update debhelper compat level to 5
     -- Ian Jackson <email address hidden>   Sat,  01 Jul 2006 16:18:52 +0100
  • tar (1.15.1-2ubuntu2) dapper; urgency=low
      * Do not mess with directory permissions when extracting
        without -p.  Malone 19540.
     -- Ian Jackson <email address hidden>   Wed,  5 Apr 2006 17:25:15 +0100