openSUSE Build Service

Overview Repositories Revisions Requests Users Attributes Meta

File tar.changes of Package tar.10815

-------------------------------------------------------------------
Tue Mar 26 12:20:54 UTC 2019 - Kristýna Streitová <kstreitova@suse.com>

- add tar-1.27-CVE-2018-20482.patch to fix a security issue where
  tar when "--sparse" option is used, mishandles file shrinkage
  during read access, which allows local users to cause a denial
  of service (infinite read loop in sparse_dump_region in sparse.c)
  by modifying a file that is supposed to be archived by a different
  user's process [bsc#1120610] [CVE-2018-20482]
- add tar-1.27-CVE-2019-9923.patch to fix a security issue where
  pax_decode_header in sparse.c in tar had a NULL pointer
  dereference when parsing certain archives that have malformed
  extended headers [bsc#1130496] [CVE-2019-9923]

-------------------------------------------------------------------
Tue Jan  2 11:09:41 UTC 2018 - kstreitova@suse.com

- add tar-1.27-revert-optimize-c-sparse.patch to revert upstream
  commit a9895fd20c95 ("tar: optimize -c --sparse when file is
  entirely sparse") which causes a regression on offline files
  [bsc#1071340]

-------------------------------------------------------------------
Thu Dec 15 11:20:20 UTC 2016 - kstreitova@suse.com

- update tar-1.27.1-extract_pathname_bypass.patch to the upstream
  one that fixes POINTYFEATHER issue but it doesn't limit append or
  create operations as the initial patch did [bsc#1012633]
  [CVE-2016-6321]

-------------------------------------------------------------------
Thu Nov 10 16:34:34 UTC 2016 - kstreitova@suse.com

- add tar-1.27.1-recursive_files-from.patch to extract files
  recursively with --files-from [bsc#913058]

-------------------------------------------------------------------
Tue Nov  8 13:09:36 UTC 2016 - kstreitova@suse.com

- add tar-1.27.1-extract_pathname_bypass.patch to fix POINTYFEATHER
  vulnerability - GNU tar archiver can be tricked into extracting
  files and directories in the given destination, regardless of the
  path name(s) specified on the command line [bsc#1007188]
  [CVE-2016-6321]

-------------------------------------------------------------------
Mon Nov  9 13:56:45 UTC 2015 - kstreitova@suse.com

- add tar-1.27.1-default_ACLs_extraction.patch to explicitly set 
  or delete default ACLs when '--acls' option is on [bnc#950785]

-------------------------------------------------------------------
Wed Aug 26 15:24:11 UTC 2015 - kstreitova@suse.com

- compile in ACLs, Xattr and selinux support [bnc#940120],
  [fate#319391]

-------------------------------------------------------------------
Wed Mar 26 17:46:39 UTC 2014 - vcizek@suse.com

- fix an infinite loop in handle_option (bnc#867919 and bnc#870422)
  * added tar-fix_eternal_loop_in_handle_option.patch

-------------------------------------------------------------------
Tue Jan  7 11:09:24 CET 2014 - llipavsky@suse.com

- add tests subpackage.
  * It is the same testsuite that is run during make check.
  * It is now possible to run it in real system to verify that
    nothing is broken by incompatible libraries, etc.
- add add_readme-tests.patch: README for testsuite

-------------------------------------------------------------------
Tue Nov 19 22:16:18 UTC 2013 - andreas.stieger@gmx.de

- update to 1.27.1
  * Fix unquoting of file names obtained via the -T option.
  * Fix GNU long link header timestamp (backward compatibility).
  * Fix extracting sparse members from star archives.

-------------------------------------------------------------------
Thu Oct 24 21:57:57 UTC 2013 - andreas.stieger@gmx.de

- update to 1.27
- bug fixes:
  * PAX-format sparse archive files no longer restricted to 8 GiB.
  * adjust diagnostics and output to GNU coding 
- new features:
  * The --owner and --group options now accept numeric IDs
  * restore traditional functionality of --keep-old-files and
    --skip-old-files, treat existing file as errors for the former
  * --warning=existing-file gives verbose notice for this
  * Support for POSIX ACLs, extended attributes and SELinux context
    --xattrs, --acls and --selinux and their `--no-' counterparts
    --xattrs-include and --xattrs-exclude allows selective control
  * Any option taking a command name as its argument now accepts a
    full command line as well:
    --checkpoint-action=exec
    -I, --use-compress-program
    -F, --info-script
    --to-command
  * environment variables supplied to such commands can now be used
    in the command line itself
  * New warning control option --warning=[no-]record-size controls
    display of actual record size, if it differs from the default
  * New command line option --keep-directory-symlink to disable
    default behaviour that unlinks exising symbolic link for an
    extracted directory of the corresponding name
- packaging changes:
  * drop tar-1.26-stdio.in.patch, committed upstream
  * drop config-guess-sub-update.patch, newer version in upstream
  * verify source signature

-------------------------------------------------------------------
Thu Aug 22 12:47:33 UTC 2013 - vcizek@suse.com

- added fix for paxutils rtapelib which is bundled with tar.
  the very same fix was added to cpio too (bnc#658031)
  * paxutils-rtapelib_mtget.patch

-------------------------------------------------------------------
Fri Apr  5 10:43:39 UTC 2013 - idonmez@suse.com

- Add Source URL, see https://en.opensuse.org/SourceUrls

-------------------------------------------------------------------
Sat Feb  2 20:38:34 UTC 2013 - schwab@suse.de

- Add config-guess-sub-update.patch:
  Update config.guess/sub for aarch64

-------------------------------------------------------------------
Tue Jul 17 08:05:33 UTC 2012 - aj@suse.de

- Fix build failure with undefined gets (glibc 2.16).

-------------------------------------------------------------------
Wed May 30 13:08:28 UTC 2012 - sweet_f_a@gmx.de

- avoid automake dependency

-------------------------------------------------------------------
Fri Apr 20 19:55:01 UTC 2012 - crrodriguez@opensuse.org

- disable 'runtime checks' in m4/*.m4 that override
  system calls with custom implementations to workaround
  very old kernel/libc bugs (dating 2003-2009)
  we do not ship those buggy components nowdays.

-------------------------------------------------------------------
Fri Apr 20 15:38:17 UTC 2012 - crrodriguez@opensuse.org

- Switch to default archive type to POSIX.1-2001, which is ten years
  old and has no limits on filesize,filename length etc.

-------------------------------------------------------------------
Mon Dec 19 13:43:45 UTC 2011 - tcech@suse.cz

- tar-1.26-remove_O_NONBLOCK.patch:
  don't use O_NONBLOCK as a flag for read,
  when file is offline, read with O_NONBLOCK returns EAGAIN,
  but tar doesn't handle it 
  (bnc#737331)

-------------------------------------------------------------------
Sun Oct 30 23:16:20 CET 2011 - dmueller@suse.de

- disable testsuite on qemu build

-------------------------------------------------------------------
Wed Oct  5 11:38:57 UTC 2011 - sweet_f_a@gmx.de

- minor portability fixes

-------------------------------------------------------------------
Thu Sep 29 11:32:04 UTC 2011 - sweet_f_a@gmx.de

- spec cleaner, avoid some deprecated macros
- fix non-utf8-spec-file
- fix macro-in-comment
- enable make check
- remove upstream-fixed/obsolete patches (fortifysourcessigabrt,
  disable-listed02-test, disable_languages)
- call help2man inside specfile instead of paching tar's build chain

-------------------------------------------------------------------
Tue Mar 15 08:18:08 UTC 2011 - puzel@novell.com

- update to tar-1.26 
  * Fix the --verify option, which broke in version 1.24.
  * Fix storing long sparse file names in PAX archives.
  * Fix correctness of --atime-preserve=replace
  * tar --atime-preserve=replace no longer tries to restore atime of
    zero-sized files.
  * Fix bug with --one-file-system --listed-incremental

-------------------------------------------------------------------
Wed Nov 24 09:24:11 UTC 2010 - puzel@novell.com

- fix tar-backup-scripts (bnc#654199)
- add tar-backup-spec-fix-paths.patch
- cleanup spec

-------------------------------------------------------------------
Tue Nov  9 13:05:29 UTC 2010 - puzel@novell.com

- update to tar-1.25
  * Fix extraction of empty directories with the -C option in effect.
  * Fix extraction of device nodes.
  * Make sure name matching occurs before eventual name transformation.
  * Fix the behavior of tar -x --overwrite on hosts lacking O_NOFOLLOW.
  * Support alternative decompression programs.
- update to tar-1.24
  * The new --full-time option instructs tar to output file
    time stamps to the full resolution.
  * More reliable directory traversal when creating archives
  * When extracting symbolic links, tar now restores attributes
    such as last-modified time and link permissions, if the
    operating system supports this.
  * The --dereference (-h) option now applies to files that are
    copied into or out of archives, independently of other options. 
  * When receiving SIGPIPE, tar would exit with error status and
    "write error" diagnostics.
- disable-silent-rules
- updated tar-fortifysourcessigabrt.patch
    
-------------------------------------------------------------------
Mon Jun 28 06:38:35 UTC 2010 - jengelh@medozas.de

- use %_smp_mflags

-------------------------------------------------------------------
Fri Mar 12 16:21:49 UTC 2010 - mseben@novell.com

- updated to version 1.23
  * Improved record size autodetection
  * Use of lseek on seekable archives
  * New command line option --warning
  * New command line option --level
  * Improved behavior if some files were removed during incremental dumps
  * Modification times of PAX extended headers
  * Time references in the --pax-option argument
  * Augmented environment of the --to-command script
  * Fix handling of hard link targets by -c --transform
  * Fix hard links recognition with -c --remove-files
  * Fix restoring files from backup (debian bug #508199)
  * Correctly restore modes and permissions on existing directories
  * The --remove-files option removes files only if they were succesfully stored in the archive
  * Fix storing and listing of the volume labels in POSIX format
  * Improve algorithm for splitting long file names (ustar format)
  * Fix possible memory overflow in the rmt client code (CVE-2010-0624)
- deprecated heap_overflow_in_rtapelib.patch

-------------------------------------------------------------------
Wed Mar  3 09:29:23 UTC 2010 - mseben@novell.com

- added heap_overflow_in_rtapelib.patch fix possible heap overflow in 
  rtapelib.c (bnc#579475)

-------------------------------------------------------------------
Tue Feb  2 20:35:03 UTC 2010 - mseben@novell.com

- updated to version 1.22
  * Support for xz compression (--xz option)
  * Short option -J is reassigned as a shortcut for --xz
  * The option -I is a shortcut for --use-compress-program
  * The --no-recursive option works with --incremental
- deprecated recognize_xz.patch 
- created tar-backup-scripts subpackage (bnc#574688)

-------------------------------------------------------------------
Sun Dec  6 17:52:57 CET 2009 - jengelh@medozas.de

- enable parallel building

-------------------------------------------------------------------
Fri Dec  4 21:46:24 CET 2009 - meissner@suse.de

- fixed FORTIFY_SOURCE=2 issue with gcc 4.5.

-------------------------------------------------------------------
Sun Aug 30 18:36:08 UTC 2009 - aj@suse.de

- recommend not require language subpackage

-------------------------------------------------------------------
Tue Mar  3 14:49:58 CET 2009 - pth@suse.de

- Recognize .xz as lzma archive.

-------------------------------------------------------------------
Wed Feb 11 10:41:36 CET 2009 - coolo@suse.de

- update to version 1.21
   * New short option -J - A shortcut for --lzma.
   * New option --lzop
   * Compressed format recognition
   * Using --exclude-vcs handles also files used internally by 
     Bazaar, Mercurial and Darcs.
- split out language subpackage
- recommend xz instead of the old name of lzma

-------------------------------------------------------------------
Wed Nov 19 12:30:35 CET 2008 - mkoenig@suse.de

- fix incremental backup with wildcard option [bnc#445411]

-------------------------------------------------------------------
Mon Jun 23 17:16:19 CEST 2008 - mkoenig@suse.de

- update to version 1.20:
  * new options: --auto-compress, --lzma, --hard-dereference,
    --checkpoint-action, --(no-)check-device, --transform
  * Add recommends tag for lzma
- removed patches:
  tar-gcc43.patch
  tar-1.19-update_flag.patch

-------------------------------------------------------------------
Fri Mar 28 17:00:19 CET 2008 - mkoenig@suse.de

- apply upstream patch to avoid error message when updating
  an archive that does not exist [bnc#347525]

-------------------------------------------------------------------
Wed Nov 14 18:09:03 CET 2007 - mkoenig@suse.de

- update to version 1.19
  * New option --exclude-vcs
  * --exclude-tag and --exclude-cache options now work under
    incremental archives
  * Fix handling of renamed files in listed incremental archives
  * Fix --version output
  * Recognition of broken archives
- merged patches:
  tar-1.15.1-CVE-2001-1267.patch
  tar-1.17-paxlib-owl-alloca.patch

-------------------------------------------------------------------
Fri Oct  5 16:06:49 CEST 2007 - mkoenig@suse.de

- update to version 1.18 
  Licensed under the GPLv3
- merged patches:
  tar-1.17-testsuite12.patch

-------------------------------------------------------------------
Mon Oct  1 10:48:23 CEST 2007 - mkoenig@suse.de

- fix build with gcc-4.3

-------------------------------------------------------------------
Fri Aug 31 12:55:24 CEST 2007 - mkoenig@suse.de

- fixed another directory traversal vulnerability, CVE-2001-1267,
  CVE-2002-0399, [#29973]

-------------------------------------------------------------------
Mon Aug 20 17:56:38 CEST 2007 - mkoenig@suse.de

- use correct patch for paxlib stack overflow [#301416]

-------------------------------------------------------------------
Fri Aug 17 14:14:39 CEST 2007 - lmichnovic@suse.cz

- upstream fix: use of alloca can cause stack overflow
  (paxlib-owl-alloca.patch)

-------------------------------------------------------------------
Thu Jun 21 10:17:56 CEST 2007 - mkoenig@suse.de

- update to version 1.17:
  * Fix archivation of sparse files in posix mode
  * Fix operation of --verify --listed-incremental
  * Fix --occurence
  * Scope of --transform and --strip-components options
  * End-of-volume script can send the new volume name to tar 
- remove patch (fixed upstream)
  tar-1.6.1-futimens.patch
- fix test 12
  tar-1.17-testsuite12.patch

-------------------------------------------------------------------
Tue May 22 13:37:49 CEST 2007 - mkoenig@suse.de

- fix build

-------------------------------------------------------------------
Tue May 15 19:20:14 CEST 2007 - coolo@suse.de

- use %find_lang

-------------------------------------------------------------------
Wed Jan 24 10:51:46 CET 2007 - mkoenig@suse.de

- update to version 1.16.1:
  * tar-1.16-CVE-2006-6097.patch merged upstream
  * tar-1.16-xheader_unused.patch merged upstream
  * New option --exclude-tag
  * The --exclude-cache option excludes directories that 
    contain the CACHEDIR.TAG file from being archived
  * Race conditions have been fixed that in some cases briefly
    allowed files extracted by 'tar -x --same-owner' to be 
    accessed by users that they shouldn't have been.

-------------------------------------------------------------------
Tue Dec 05 16:07:51 CET 2006 - mkoenig@suse.de

- update to version 1.16:
  Bugfixes:
  * Avoid running off file descriptors when using multiple -C options.
  * tar --index-file=FILE --file=- sent the archive to FILE, and
    the listing to stderr.
  * Detect attempts to update compressed archives.
  * Allow non-option arguments to be interspersed with options.
  * Previous version created invalid archives when files shrink
    during reading.
  * Compare mode (tar d) hanged when trying to compare file contents.
  * Previous versions in certain cases failed to restore directory
    modification times.
  New features:
  * New option --mtime allows to set modification times
  * New option --transform allows to transform file names before 
    storing
  * --strip-components option works when deleting and comparing.  
  * New option --show-transformed-names
  * Short option -l is now an alias of --check-links option, 
    which complies with UNIX98
  * The --checkpoint option takes an optional argument specifying 
    the number of records between the two successive checkpoints.
  * The --totals option can be used with any tar operation
  * Any number of -T (--files-from) options may be used in the 
    command line.
  * List files containing null-separated file names are detected 
    and processed automatically.
  * New option --no-unquote disables the unquoting of input file 
    names.
  * New option --test-label tests the archive volume label.
  * New option --show-stored-names.
  * New option --to-command pipes the contents of archive members 
    to the specified command.
  * New option --atime-preserve=system
  * New option --delay-directory-restore
  * New option --restrict prohibits use of some potentially harmful 
    tar options.
  * New options --quoting-style and --quote-chars control the way 
    tar quotes member names on output.
  * Better support for full-resolution time stamps.
  Incompatible changes:
  * tar no longer uses globbing by default
- remove unused variable [#223847]
- create man page via help2man
- remove support for mangled names, due to security reasons
  CVE-2006-6097 [#223185]

-------------------------------------------------------------------
Mon Jul 24 15:34:35 CEST 2006 - rguenther@suse.de

- Do not build-depend on rsh, but provide the RSH environment.

-------------------------------------------------------------------
Mon Feb 27 17:39:46 CET 2006 - kssingvo@suse.de

- fixed buffer overflow issue CVE-2006-0300 (bugzilla#151516)
- not affected: traversal bug CVE-2005-1918 (bugzilla#145081)

-------------------------------------------------------------------
Sat Feb 18 10:12:23 CET 2006 - aj@suse.de

- Fix build.

-------------------------------------------------------------------
Wed Jan 25 21:31:00 CET 2006 - mls@suse.de

- converted neededforbuild to BuildRequires

-------------------------------------------------------------------
Thu Sep  1 11:23:17 CEST 2005 - mmj@suse.de

- Add patch from upstream for fixing sparse files > 4GB [#114540]

-------------------------------------------------------------------
Fri Jun 24 14:36:11 CEST 2005 - schwab@suse.de

- Fix broken test.

-------------------------------------------------------------------
Fri Apr  8 17:27:58 CEST 2005 - uli@suse.de

- ignore test suite fails on ARM

-------------------------------------------------------------------
Wed Mar  9 21:14:26 CET 2005 - mmj@suse.de

- Make gcc4 happy

-------------------------------------------------------------------
Tue Feb  1 13:40:06 CET 2005 - mmj@suse.de

- Disable test that breaks on reiserfs due to that filesystems
  limitations. Tar works fine on reiserfs.

-------------------------------------------------------------------
Tue Dec 21 18:23:54 CET 2004 - mmj@suse.de

- Update to 1.15.1 which fixes a bug introduced in 1.15 which caused
  tar to refuse to extract files from standard input.

-------------------------------------------------------------------
Tue Dec 21 13:33:31 CET 2004 - mmj@suse.de

- Update to tar-1.15 including:
- Features:
  o Compressed archives are recognised automatically, it is no
    longer necessary to specify -Z, -z, or -j options to read
    them.  Thus, you can now run `tar tf archive.tar.gz'.
  o When restoring incremental dumps, --one-file-system option
    prevents directory hierarchies residing on different devices
    from being purged. With the previous versions of tar it was
    dangerous to create incremental dumps with --one-file-system
    option, since they would recursively remove mount points when
    restoring from the back up. This change fixes the bug.
  o Renamed --strip-path to --strip-components for consistency with
    the GNU convention.
  o Skipping archive members is sped up if the archive media supports
    seeks.
  o Restore script starts restoring only if it is given --all (-a)
    option, or some patterns. This is to prevent accidental restores.
  o `tar --verify' prints a warning if during archive creation some of
    the file names had their prefixes stripped off.
  o New option --exclude-caches instructs tar to exclude cache
    directories automatically on archive creation. Cache directories
    are those containing a standardized tag file, as specified at:
    http://www.brynosaurus.com/cachedir/spec.html	
  o New configure option --with-rmt allows to specify full path
    name to the `rmt' utility. This supercedes DEFAULT_RMT_COMMAND
    variable introduced in version 1.14
  o New configure variable DEFAULT_RMT_DIR allows to specify the
    directory where to install `rmt' utility. This is necessary
    since modifying --libexecdir as was suggested for version 1.14
    produced a side effect: it also modified installation prefix
    for backup scripts (if --enable-backup-scripts was given).

- Bugfixes:
  o Fixed flow in recognizing files to be included in incremental dumps.
  o Correctly recognize sparse archive members when used with -T option.
  o GNU multivolume headers cannot store filenames longer than
    100 characters.  Do not allow multivolume archives to begin
    with such filenames.
  o If a member with link count > 2 was stored in the archive twice,
    previous versions of tar were not able to extract it, since they
    were trying to link the file to itself, which always failed and
    lead to removing the already extracted copy. Preserve the first
    extracted copy in such cases.
  o Restore script was passing improper argument to tar --listed
    option (which didn't affect the functionality, but was
    logically incorrect).
  o Fixed verification of created archives.
  o Fixed unquoting of file names containing backslash escapes (previous
    versions failed to recognize \a and \v).
  o When attempting to delete a non-existing member from the
    archive, previous versions of tar used to overwrite last
    archive block with zeroes.

-------------------------------------------------------------------
Mon Aug  9 23:51:47 CEST 2004 - mmj@suse.de

- Add patch from snwint with long filename fix [#43538]

-------------------------------------------------------------------
Sun May 30 10:37:44 CEST 2004 - mmj@suse.de

- Update to 1.14 which is the first stable release of tar
  since 1999.

-------------------------------------------------------------------
Thu Apr 15 20:45:11 CEST 2004 - mmj@suse.de

- Fix detection of remote paths [#38709]. Thanks Jürgen!

-------------------------------------------------------------------
Tue Apr 13 10:47:51 CEST 2004 - mmj@suse.de

- Update to 1.13.94 including fix for [#16531]

-------------------------------------------------------------------
Sat Jan 10 16:51:03 CET 2004 - adrian@suse.de

- build as user

-------------------------------------------------------------------
Fri Jun 20 02:39:41 CEST 2003 - ro@suse.de

- build with current gettext

-------------------------------------------------------------------
Thu May 15 11:25:45 CEST 2003 - pthomas@suse.de

- Remove unneeded files from build root.
- Add autoconf tests to properly guard K&R prototypes
- Clean up signed/unsigned compares.

-------------------------------------------------------------------
Thu Apr 24 12:20:23 CEST 2003 - ro@suse.de

- fix install_info --delete call and move from preun to postun

-------------------------------------------------------------------
Fri Feb  7 02:30:52 CET 2003 - ro@suse.de

- added install_info macros

-------------------------------------------------------------------
Mon Nov 18 14:28:50 CET 2002 - ro@suse.de

- add AM_GNU_GETTEXT_VERSION to configure.ac

-------------------------------------------------------------------
Thu Aug  1 15:40:08 CEST 2002 - ro@suse.de

- add acinclude.m4 with missing macros

-------------------------------------------------------------------
Tue Jun  4 12:01:42 CEST 2002 - pthomas@suse.de

- Make tar a package of its own.
- Update to tar-1.13.25.
- Make tar man page a seperate file instead of part of the patch.
- Patch de.po to reflect the addition of the --bunzip2 parameter
- Use AC_LIBOBJ instead of LIBOBJS

-------------------------------------------------------------------
Wed May 22 16:50:17 CEST 2002 - olh@suse.de

- allow build as user, use buildroot

-------------------------------------------------------------------
Fri Feb  8 18:41:26 CET 2002 - werner@suse.de

- Fix bug #12797: back to builtin behaviour, the widly used -I for
  bunzip2 can be reenabled with the environment var TAROLDOPT4BZIP2

-------------------------------------------------------------------
Mon Dec 17 16:24:20 CET 2001 - werner@suse.de

- draht@suse.de: package rsh is needed for build of tar(1) to
  enable rsh remote command execution.
  two successive execl() calls to /usr/bin/rsh with different
  args/remote commands do not make sense since the first execl() is
  successful if /usr/bin/rsh exists. Check for existence of /etc/rmt
  on the remote side and execute it, else exec /sbin/rmt . (#12605)
- Use one contstant string for command line

-------------------------------------------------------------------
Tue Nov 20 11:21:33 CET 2001 - werner@suse.de

- Add rsh to needeforbuild to be sure that remote shell for remote
  backup will be found.

-------------------------------------------------------------------
Wed Aug  1 15:01:13 MEST 2001 - werner@suse.de

- Make /etc/rmt versus /sbin/rmt switch dynamic.

-------------------------------------------------------------------
Tue Mar 27 21:06:49 CEST 2001 - werner@suse.de

- Fix man page of tar (#6741)

-------------------------------------------------------------------
Thu Dec 14 15:06:10 CET 2000 - werner@suse.de

- Update to tar 1.13.18
  * should avoid some crashes
  * avoid exclude file list problem

-------------------------------------------------------------------
Fri Nov 26 10:15:26 MET 1999 - kukuk@suse.de

- Add tar.1 to file list
- Remove obsolete entries from file list
- Build tar with locale support

Places

File tar.changes of Package tar.10815

Places