Ubuntu
tar package

lp:ubuntu/gutsy-updates/tar

Gutsy (7.10)
gutsy-updates

Created by James Westby on 2009-06-28 and last modified on 2009-06-28

Get this branch:: bzr branch lp:ubuntu/gutsy-updates/tar

Members of Ubuntu branches can upload to this branch. Log in for directions.

Branch merges

No branches dependent on this one.

Related bugs

Link a bug report

Related blueprints

Branch information

Owner:: Ubuntu branches

Review team:: Ubuntu Development Team

Status:: Development

Recent revisions

19. By Jamie Strandboge on 2009-01-14: * SECURITY UPDATE: stack-based buffer overflow with malicious tar files
  - lib/paxnames.c: updated src/names.c to rewrite hash_string_prefix as
    hash_string_insert_prefix and adjust safer_name_suffix to use
    hash_string_insert_prefix to avoid stack allocation
  - patch from upstream paxlib commits:
    http://git.savannah.gnu.org/gitweb/?p=paxutils.git;a=commitdiff;h=b9199bbdefd32382953dd8c01ec881e5463c5a88
    http://git.savannah.gnu.org/gitweb/?p=paxutils.git;a=commitdiff;h=64379227940699a92113e3fd7c583e705a1f849b
  - CVE-2007-4476
  - LP: #180299
18. By Matthias Klose on 2007-09-12: * Build with -fgnu89-inline, fixes build failure with gcc-4.3. LP: 138674.
* Set Ubuntu maintainer address.
17. By Michael Bienia on 2007-09-06: Fake-sync because of a different orig.tar.gz.
16. By Matthias Klose on 2007-08-13: Pseudo sync, not matching .orig.tar.gz.
15. By Matthias Klose on 2007-08-01: * New upstream version.
- Fixes build failure with glibc-2.6. Closes: #434015.
14. By Adam Conrad on 2007-07-30: Globally rename futimens to tar_futimens, so it doesn't clash with
the new glibc-2.6 symbol of the same name, causing build failures.
13. By Bdale Garbee on 2007-04-02: * new upstream version, closes: #402179
* updated Russian translation from Yuriy Talakan, closes: #411613
12. By Bdale Garbee on 2006-12-01: patch from Kees Cook via upstream to disable handling of GNUTYPE_NAMES
by default and add a new command-line switch --allow-name-mangling to
re-enable it, as a fix for directory traversal bug (CVE-2006-6097),
closes: #399845
11. By Kees Cook on 2006-11-22: * SECURITY UPDATE: files can be overwritten/renamed in any writable location
  in the filesystem via GNUTYPE_NAMES type.
* src/extract.c: disable GNUTYPE_NAMES type processing by default since it
  allows for immediate symlink creation and renames.
* src/common.h, src/tar.c: add --allow-name-mangling option to restore
  default behavior.
* References
  http://archives.neohapsis.com/archives/fulldisclosure/2006-11/0344.html
10. By Bdale Garbee on 2006-10-24: * new upstream version, closes: #376816, #363943, #377124, #377330
* fix for buffer overflow in test suite, closes: #377557
* force a clean in the tests directory before running the test suite, seems
  to work around test suite repeatability problems, closes: #377330, #379393
* accept patch from Raphael Bossek to zero nanoseconds, closes: #329843
* update man page to reflect change in -l definition and other misc changes
  to options since man page was last updated,
  closes: #384508, #391718, 361932, #315506
* stop delivering upstream README, closes: #323232

Branch metadata

Branch format:: Branch format 7

Repository format:: Bazaar repository format 2a (needs bzr 1.16 or later)

Stacked on:: lp:ubuntu/karmic/tar

This branch contains Public information

Everyone can see this information.

Subscribers

James Westby

Ubuntutar package