lp:ubuntu/edgy-updates/tar
- Get this branch:
- bzr branch lp:ubuntu/edgy-updates/tar
Branch merges
Branch information
Recent revisions
- 11. By Kees Cook
-
* SECURITY UPDATE: directory traversal with malicious tar files.
* src/names.c: adjust dot dot checking, patched inline.
* References
CVE-2007-4131 - 10. By Kees Cook
-
* SECURITY UPDATE: files can be overwritten/renamed in any writable location
in the filesystem via GNUTYPE_NAMES type.
* src/extract.c: disable GNUTYPE_NAMES type processing by default since it
allows for immediate symlink creation and renames.
* src/common.h, src/tar.c: add --allow-name-mangling option to restore
default behavior.
* debian/rules: lowered optimization level on i386 for testcase #29.
* References
http://archives. neohapsis. com/archives/ fulldisclosure/ 2006-11/ 0344.html
CVE-2006-6097 - 9. By Bdale Garbee
-
* add a NEWS.Debian file that communicates the change in wildcard processing
* re-institute the patch for filenames that are exactly 100 characters in
length originally reported in #230910, closes: #376909 - 8. By Bdale Garbee
-
* new upstream version, retrieved from alpha.gnu.org
* update date in tar.1, closes: #367290
* support rollbacks in maintainer scripts, drop removal of info since this
package no longer delivers an info doc, closes: #374461 - 6. By Martin Pitt
-
* SECURITY UPDATE: Arbitrary code execution with crafted tar files.
* src/xheader.c:
- Add a new function decode_num() which wraps xstrtoumax() and adds
boundary and sanity checking.
- Use decode_num() instead of xstrtoumax() in the code to avoid buffer
overflows on excessively large field values like GNU.sparse.numblocks.
- Patch taken from upstream CVS.
* CVE-2006-0300 - 5. By Bdale Garbee
-
* patch from LaMont to fix gcc-4.0 error in the test suite,
closes: #308815, #310830
* patch for de.po from Jens Seidel, closes: #313900
* fix amanda upstream URL in the info pages, closes: #310158
* patch from NIIBE Yutaka to support cross builds, closes: #283723 - 4. By Bdale Garbee
-
* patch from Paul Eggert that does a better job of eliminating the
dependency on (buggy) valloc, closes: #234422, #248897
* patch for typo in upstream po/de.po, closes: #154511
* switch from dh_installmanpages to dh_installman - 3. By Bdale Garbee
-
* patch to stop issuing lone zero block warnings, closes: #235820
* patch to clean up hyphenation in man page, closes: #185670
* clean up manpage discussion of exclude and exclude-from, closes: #146196
* turn on regression tests in the build process - 2. By Bdale Garbee
-
* add a README.Debian that clarifies the situation with respect to 'compress'
in Debian and the impact on the -Z and related options, closes: #122336
* patch from Mark Eichin to fix archive corruption in special cases, which
has been accepted upstream for next release. closes: #126274
Branch metadata
- Branch format:
- Branch format 7
- Repository format:
- Bazaar repository format 2a (needs bzr 1.16 or later)
- Stacked on:
- lp:ubuntu/karmic/tar