Change log for tar package in Ubuntu
76 → 111 of 111 results | First • Previous • Next • Last |
tar (1.23-3) unstable; urgency=medium * add xz-utils back to the Suggests list since it may not be 'required' forever * current debhelper includes trigger support, closes: #561598 * patch from upstream to fix ability of rmt to accept mixed file mode representations, closes: #587702, #597672
Available diffs
- diff from 1.23-2 to 1.23-3 (2.6 KiB)
tar (1.22-2ubuntu1) lucid-proposed; urgency=low * lib/utimens.c: Patch from Debian bug #563726 to ensure that futimens is only called with a valid file descriptor. Fixes bootstrapping Lucid from Dapper (LP: #539814) -- Keith Ward <email address hidden> Tue, 24 Aug 2010 18:50:56 +0200
Available diffs
- diff from 1.22-2 to 1.22-2ubuntu1 (872 bytes)
tar (1.23-2) unstable; urgency=low * use xz when lzma is called for, and stop suggesting both lzma since it's no longer used, and xz-utils since it's now priority required, closes: #582706, #523494 -- Ubuntu Archive Auto-Sync <email address hidden> Tue, 15 Jun 2010 10:11:14 +0100
Available diffs
- diff from 1.23-1 to 1.23-2 (1.6 KiB)
tar (1.23-1) unstable; urgency=low * new upstream version, fixes security issue in rmt (CVE-2010-0624) * add suggests for lzma and xz-utils, closes: #523499 -- Ubuntu Archive Auto-Sync <email address hidden> Sun, 09 May 2010 14:03:47 +0100
Available diffs
- diff from 1.22-2 to 1.23-1 (2.2 MiB)
tar (1.22-2) unstable; urgency=low * Add Carl Worth as an uploader. * Fix to allow parallel build (-j2), closes: #535319 * Don't close file stream before EOF, closes: #525818 * Preserve hard links with --remove-files, closes: #188663 Thanks to Ted T'so for the idea and Sergey Poznyakoff for cleaning up my original implementation. * Respect DEB_BUILD_OPTIONS=nocheck to conform with Policy 3.8.2
Available diffs
- diff from 1.22-1 to 1.22-2 (3.1 KiB)
tar (1.22-1) unstable; urgency=low * new upstream version * version the Replaces entry for cpio, closes: #483355 * move config.* update to configure target, yields a smaller diff that doesn't clash with git-buildpackage... already had autotools-dev build dep! * script debian/tarman contributed by Marcus Watts now used to create tar.1 by processing usage text in source code! Partial fix for #473328. closes: #515578, #429776, #411707, -- Ubuntu Archive Auto-Sync <email address hidden> Wed, 29 Apr 2009 12:13:22 +0100
Available diffs
- diff from 1.20-1 to 1.22-1 (962.5 KiB)
tar (1.18-2ubuntu1.1) gutsy-security; urgency=low * SECURITY UPDATE: stack-based buffer overflow with malicious tar files - lib/paxnames.c: updated src/names.c to rewrite hash_string_prefix as hash_string_insert_prefix and adjust safer_name_suffix to use hash_string_insert_prefix to avoid stack allocation - patch from upstream paxlib commits: http://git.savannah.gnu.org/gitweb/?p=paxutils.git;a=commitdiff;h=b9199bbdefd32382953dd8c01ec881e5463c5a88 http://git.savannah.gnu.org/gitweb/?p=paxutils.git;a=commitdiff;h=64379227940699a92113e3fd7c583e705a1f849b - CVE-2007-4476 - LP: #180299 -- Jamie Strandboge <email address hidden> Wed, 14 Jan 2009 11:06:24 -0600
Available diffs
tar (1.15.1-2ubuntu2.3) dapper-security; urgency=low * SECURITY UPDATE: stack-based buffer overflow with malicious tar files - src/names.c: updated src/names.c to rewrite hash_string_prefix as hash_string_insert_prefix and adjust safer_name_suffix to use hash_string_insert_prefix to avoid stack allocation - patch from upstream paxlib commits: http://git.savannah.gnu.org/gitweb/?p=paxutils.git;a=commitdiff;h=b9199bbdefd32382953dd8c01ec881e5463c5a88 http://git.savannah.gnu.org/gitweb/?p=paxutils.git;a=commitdiff;h=64379227940699a92113e3fd7c583e705a1f849b - CVE-2007-4476 - LP: #180299 * adjust tests/pipe.at pipe the output from `tar xfv' through sort and regenerate tests/testsuite with autom4ke to get tests working again (how did it ever successfully build before?) -- Jamie Strandboge <email address hidden> Wed, 14 Jan 2009 09:10:49 -0600
Available diffs
Superseded in karmic-release |
Obsolete in jaunty-release |
Superseded in jaunty-release |
Obsolete in intrepid-release |
tar (1.20-1) unstable; urgency=low * new upstream version -- Ubuntu Archive Auto-Sync <email address hidden> Fri, 02 May 2008 02:27:03 +0100
tar (1.19-3) unstable; urgency=low * upstream patch to remove error message when updating a non-existing archive * patch from Phil Hands for man page prevents URL splitting, closes: #463215
Superseded in hardy-release |
tar (1.19-1ubuntu2) hardy; urgency=low * Added 01-update-flag.dpatch: - Closes KDE Bug #151708 * Fixed debian/rules and debian/control for dpatch -- Anthony Mercatante <tonio@kubuntu> Fri, 04 Jan 2008 15:05:07 +0100
Superseded in hardy-release |
tar (1.19-1ubuntu1) hardy; urgency=low * Merge from debian unstable, remaining changes: - Set Ubuntu maintainer address. - Fix build failures with gcc-4.3 in lib/argp{-fmstream}.h
tar (1.18-2ubuntu1) gutsy; urgency=low * Build with -fgnu89-inline, fixes build failure with gcc-4.3. LP: 138674. * Set Ubuntu maintainer address. -- Matthias Klose <email address hidden> Wed, 12 Sep 2007 19:58:51 +0000
Superseded in gutsy-release |
tar (1.18-2build1) gutsy; urgency=low * Fake-sync because of a different orig.tar.gz.
tar (1.16-2ubuntu0.1) feisty-security; urgency=low * SECURITY UPDATE: directory traversal with malicious tar files. * src/names.c: adjust dot dot checking, patched inline. * References CVE-2007-4131 -- Kees Cook <email address hidden> Tue, 28 Aug 2007 09:45:12 -0700
tar (1.15.91-2ubuntu0.4) edgy-security; urgency=low * SECURITY UPDATE: directory traversal with malicious tar files. * src/names.c: adjust dot dot checking, patched inline. * References CVE-2007-4131 -- Kees Cook <email address hidden> Tue, 28 Aug 2007 09:45:12 -0700
tar (1.15.1-2ubuntu2.2) dapper-security; urgency=low * SECURITY UPDATE: directory traversal with malicious tar files. * src/names.c: adjust dot dot checking, patched inline. * References CVE-2007-4131 -- Kees Cook <email address hidden> Tue, 28 Aug 2007 09:45:12 -0700
Superseded in gutsy-release |
tar (1.18-1build1) gutsy; urgency=low * Pseudo sync, not matching .orig.tar.gz. -- Matthias Klose <email address hidden> Mon, 13 Aug 2007 13:15:44 +0200
Superseded in gutsy-release |
tar (1.18-0ubuntu1) gutsy; urgency=low * New upstream version. - Fixes build failure with glibc-2.6. Closes: #434015. -- Matthias Klose <email address hidden> Wed, 01 Aug 2007 15:30:14 +0200
Superseded in gutsy-release |
tar (1.16.1-1ubuntu1) gutsy; urgency=low * Globally rename futimens to tar_futimens, so it doesn't clash with the new glibc-2.6 symbol of the same name, causing build failures. -- Adam Conrad <email address hidden> Mon, 30 Jul 2007 18:12:57 +1000
tar (1.16.1-1) unstable; urgency=low * new upstream version, closes: #402179 * updated Russian translation from Yuriy Talakan, closes: #411613 -- Ubuntu Archive Auto-Sync <email address hidden> Fri, 27 Apr 2007 13:18:48 +0100
tar (1.16-2) unstable; urgency=high * patch from Kees Cook via upstream to disable handling of GNUTYPE_NAMES by default and add a new command-line switch --allow-name-mangling to re-enable it, as a fix for directory traversal bug (CVE-2006-6097), closes: #399845 -- Kees Cook <email address hidden> Mon, 18 Dec 2006 12:17:30 +0000
Superseded in feisty-release |
tar (1.16-1ubuntu1) feisty; urgency=low * SECURITY UPDATE: files can be overwritten/renamed in any writable location in the filesystem via GNUTYPE_NAMES type. * src/extract.c: disable GNUTYPE_NAMES type processing by default since it allows for immediate symlink creation and renames. * src/common.h, src/tar.c: add --allow-name-mangling option to restore default behavior. * References http://archives.neohapsis.com/archives/fulldisclosure/2006-11/0344.html -- Kees Cook <email address hidden> Wed, 22 Nov 2006 19:46:54 -0800
Superseded in edgy-security |
tar (1.15.91-2ubuntu0.3) edgy-security; urgency=low * SECURITY UPDATE: files can be overwritten/renamed in any writable location in the filesystem via GNUTYPE_NAMES type. * src/extract.c: disable GNUTYPE_NAMES type processing by default since it allows for immediate symlink creation and renames. * src/common.h, src/tar.c: add --allow-name-mangling option to restore default behavior. * debian/rules: lowered optimization level on i386 for testcase #29. * References http://archives.neohapsis.com/archives/fulldisclosure/2006-11/0344.html CVE-2006-6097 -- Kees Cook <email address hidden> Fri, 24 Nov 2006 12:48:25 -0800
Superseded in dapper-security |
tar (1.15.1-2ubuntu2.1) dapper-security; urgency=low * SECURITY UPDATE: files can be overwritten/renamed in any writable location in the filesystem via GNUTYPE_NAMES type. * src/extract.c: disable GNUTYPE_NAMES type processing by default since it allows for immediate symlink creation and renames. * src/common.h, src/tar.c: add --allow-name-mangling option to restore default behavior. * References http://archives.neohapsis.com/archives/fulldisclosure/2006-11/0344.html -- Kees Cook <email address hidden> Wed, 22 Nov 2006 20:21:52 -0800
Obsolete in breezy-security |
tar (1.15.1-2ubuntu0.2) breezy-security; urgency=low * SECURITY UPDATE: files can be overwritten/renamed in any writable location in the filesystem via GNUTYPE_NAMES type. * src/extract.c: disable GNUTYPE_NAMES type processing by default since it allows for immediate symlink creation and renames. * src/common.h, src/tar.c: add --allow-name-mangling option to restore default behavior. * References http://archives.neohapsis.com/archives/fulldisclosure/2006-11/0344.html -- Kees Cook <email address hidden> Wed, 22 Nov 2006 20:15:02 -0800
tar (1.16-1) unstable; urgency=medium * new upstream version, closes: #376816, #363943, #377124, #377330 * fix for buffer overflow in test suite, closes: #377557 * force a clean in the tests directory before running the test suite, seems to work around test suite repeatability problems, closes: #377330, #379393 * accept patch from Raphael Bossek to zero nanoseconds, closes: #329843 * update man page to reflect change in -l definition and other misc changes to options since man page was last updated, closes: #384508, #391718, 361932, #315506 * stop delivering upstream README, closes: #323232 -- Ubuntu Archive Auto-Sync <email address hidden> Wed, 08 Nov 2006 19:47:13 +0000
tar (1.15.91-2) unstable; urgency=low * add a NEWS.Debian file that communicates the change in wildcard processing * re-institute the patch for filenames that are exactly 100 characters in length originally reported in #230910, closes: #376909 -- Ubuntu Archive Auto-Sync <email address hidden> Mon, 10 Jul 2006 12:36:49 +0100
tar (1.15.91-1) unstable; urgency=low * new upstream version, retrieved from alpha.gnu.org * update date in tar.1, closes: #367290 * support rollbacks in maintainer scripts, drop removal of info since this package no longer delivers an info doc, closes: #374461
tar (1.15.1-2ubuntu2) dapper; urgency=low * Do not mess with directory permissions when extracting without -p. Malone 19540. -- Ian Jackson <email address hidden> Wed, 5 Apr 2006 17:25:15 +0100
Superseded in breezy-security |
tar (1.15.1-2ubuntu0.1) breezy-security; urgency=low * SECURITY UPDATE: Arbitrary code execution with crafted tar files. * src/xheader.c: - Add a new function decode_num() which wraps xstrtoumax() and adds boundary and sanity checking. - Use decode_num() instead of xstrtoumax() in the code to avoid buffer overflows on excessively large field values like GNU.sparse.numblocks. - Patch taken from upstream CVS. * CVE-2006-0300 -- Martin Pitt <email address hidden> Thu, 23 Feb 2006 11:25:52 +0100
Obsolete in hoary-security |
tar (1.14-2ubuntu0.1) hoary-security; urgency=low * SECURITY UPDATE: Arbitrary code execution with crafted tar files. * src/xheader.c: - Add a new function decode_num() which wraps xstrtoumax() and adds boundary and sanity checking. - Use decode_num() instead of xstrtoumax() in the code to avoid buffer overflows on excessively large field values like GNU.sparse.numblocks. - Patch taken from upstream CVS. * CVE-2006-0300 -- Martin Pitt <email address hidden> Thu, 23 Feb 2006 10:27:25 +0000
Superseded in dapper-release |
tar (1.15.1-2ubuntu1) dapper; urgency=low * SECURITY UPDATE: Arbitrary code execution with crafted tar files. * src/xheader.c: - Add a new function decode_num() which wraps xstrtoumax() and adds boundary and sanity checking. - Use decode_num() instead of xstrtoumax() in the code to avoid buffer overflows on excessively large field values like GNU.sparse.numblocks. - Patch taken from upstream CVS. * CVE-2006-0300 -- Martin Pitt <email address hidden> Thu, 23 Feb 2006 11:07:05 +0100
tar (1.15.1-2) unstable; urgency=low * patch from LaMont to fix gcc-4.0 error in the test suite, closes: #308815, #310830 * patch for de.po from Jens Seidel, closes: #313900 * fix amanda upstream URL in the info pages, closes: #310158 * patch from NIIBE Yutaka to support cross builds, closes: #283723 -- Bdale Garbee <email address hidden> Tue, 14 Jun 2005 23:42:40 -0600
tar (1.14-2) unstable; urgency=low * patch from Paul Eggert that does a better job of eliminating the dependency on (buggy) valloc, closes: #234422, #248897 * patch for typo in upstream po/de.po, closes: #154511 * switch from dh_installmanpages to dh_installman -- Bdale Garbee <email address hidden> Tue, 3 Aug 2004 08:22:17 -0600
tar (1.13.93-4) unstable; urgency=high * patch to stop issuing lone zero block warnings, closes: #235820 * patch to clean up hyphenation in man page, closes: #185670 * clean up manpage discussion of exclude and exclude-from, closes: #146196 * turn on regression tests in the build process -- Bdale Garbee <email address hidden> Sat, 24 Apr 2004 15:38:32 -0600
76 → 111 of 111 results | First • Previous • Next • Last |