|
|
|
|
Changelog for tar-rmt-1.30-lp150.7.1.x86_64.rpm :
* Mon Mar 25 2019 Kristýna Streitová - add tar-1.30-CVE-2018-20482.patch to fix a security issue where tar when \"--sparse\" option is used, mishandles file shrinkage during read access, which allows local users to cause a denial of service (infinite read loop in sparse_dump_region in sparse.c) by modifying a file that is supposed to be archived by a different user\'s process [bsc#1120610] [CVE-2018-20482]- add tar-1.30-CVE-2019-9923.patch to fix a security issue where pax_decode_header in sparse.c in tar had a NULL pointer dereference when parsing certain archives that have malformed extended headers [bsc#1130496] [CVE-2019-9923] * Fri May 11 2018 kstreitovaAATTsuse.com- add tar-1.30-tests_dirrem_race.patch to fix race in dirrem01 and dirrem02 tests that were passing/failing randomly because of that- run spec-cleaner- renumber patches * Tue Apr 03 2018 kukukAATTsuse.de- Use %license instead of %doc [bsc#1082318] * Thu Jan 04 2018 kstreitovaAATTsuse.com- add tar-1.30-tests-difflink.patch to fix difflink.at test (https://www.mail-archive.com/bug-tarAATTgnu.org/msg05440.html) * Mon Dec 18 2017 avindraAATTopensuse.org- GNU tar 1.30: * Member names containing \'..\' components are now skipped when extracting. * Report erroneous use of position-sensitive options. * --numeric-owner now affects private headers too. * Fixed the --delay-directory-restore option * The --warnings=failed-read option * The --warnings=none option now suppresses all warnings * Fix reporting of hardlink mismatches during compare- cleanup with spec-cleaner- switch all urls to https- drop upstreamed patches * add-return-values-to-backup-scripts.patch * tar-1.29-extract_pathname_bypass.patch- rebase add_readme-tests.patch * Thu Apr 20 2017 kstreitovaAATTsuse.com- remove tar-1.26-remove_O_NONBLOCK.patch as this issue was fixed in tar 1.27 (commit 03858cf583ce299b836d8a848967ce290a6bf303) * Mon Apr 03 2017 svalxAATTsvalx.net- Use update-alternatives according to current documentation * Mon Mar 27 2017 svalxAATTsvalx.net- Disable tar-1.26-remove_O_NONBLOCK.patch - this issue has been fixed in tar-1.27- backup-scripts subpackage change to noarch- Change rpm group of tar-tests to Development/Tools/Other- Enable rmt building, change package description- Switch rmt to alternatives system- Separate rmt subpackage - it can be used by different archiving tools as a dedicated program- Change rmt path to /usr/bin folder - it can be used by non privileged users for backup purposes. Security is controlled by access rights to the targets and remote shell.- Separate doc subpackage- Remove conditions for old SUSE builds and lang subpackage- Rename restore script to restore.sh for avoiding file conflicts with dump/restore * Thu Mar 23 2017 kstreitovaAATTsuse.com- move binaries from /bin to /usr/bin [bsc#1029977] * refresh tar-backup-spec-fix-paths.patch to change path of the tar binary from TAR=/bin/tar to TAR=/usr/bin/tar- use spec-cleaner * Thu Dec 15 2016 vcizekAATTsuse.com- update tar-1.29-extract_pathname_bypass.patch to the upstream one that fixes POINTYFEATHER issue but it doesn\'t limit append or create operations as the initial patch did [bsc#1012633] [CVE-2016-6321] * Tue Nov 08 2016 kstreitovaAATTsuse.com- add tar-1.29-extract_pathname_bypass.patch to fix POINTYFEATHER vulnerability - GNU tar archiver can be tricked into extracting files and directories in the given destination, regardless of the path name(s) specified on the command line [bsc#1007188] [CVE-2016-6321] * Sat May 28 2016 astiegerAATTsuse.com- GNU tar 1.29: * New options: --verbatim-files-from, --no-verbatim-files-from * --null option reads file names verbatim * New options: --owner-map=FILE and --group-map=FILE * New option --clamp-mtime * Deprecated --preserve option removed * Sparse file detection - now uses SEEK_DATA/SEEK_HOLE on systems that support it. This allows for considerable speed-up in sparse-file detection. New option --hole-detection for algorithm selection. * Wed Mar 23 2016 svalxAATTsvalx.net- Add add-return-values-to-backup-scripts.patch * Mon Apr 13 2015 vcizekAATTsuse.com- Revert tar-recursive--files-from.patch because it causes regression (bnc#918487, bnc#919233) * Mon Feb 09 2015 vcizekAATTsuse.com- extract files recursively with --files-from (bnc#913058) * added tar-recursive--files-from.patch- call autoreconf in %prep * Sun Dec 21 2014 meissnerAATTsuse.com- build with PIE * Thu Nov 20 2014 andreas.stiegerAATTgmx.de- compile in ACLs, Xattr and selinux support [boo#906413] * Fri Aug 29 2014 jengelhAATTinai.de- Improve on RPM group classification * Sat Aug 02 2014 andreas.stiegerAATTgmx.de- GNU tar 1.28: * New --checkpoint-action=totals * Extended checkpoint format specification * New option --one-top-level * New option --sort * New exclusion options: - -exclude-ignore=FILE - -exclude-ignore-recursive=FILE - -exclude-vcs-ignores * refuses to read input from and write output to a tty- packaging changes: * adjust patch for context change: add_readme-tests.patch * remove patch applied upstream: tar-fix_eternal_loop_in_handle_option.patch * Mon Jul 28 2014 vcizekAATTsuse.com- don\'t print lone zero blocks warning (bnc#881863) * there are many tar implementations around that create invalid archives with a zero block in the middle * https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=235820 * added tar-ignore_lone_zero_blocks.patch from Fedora * Wed Mar 26 2014 vcizekAATTsuse.com- fix an infinite loop in handle_option (bnc#867919 and bnc#870422) * added tar-fix_eternal_loop_in_handle_option.patch * Tue Jan 07 2014 llipavskyAATTsuse.com- add tests subpackage. * It is the same testsuite that is run during make check. * It is now possible to run it in real system to verify that nothing is broken by incompatible libraries, etc.- add add_readme-tests.patch: README for testsuite * Tue Nov 19 2013 andreas.stiegerAATTgmx.de- update to 1.27.1 * Fix unquoting of file names obtained via the -T option. * Fix GNU long link header timestamp (backward compatibility). * Fix extracting sparse members from star archives. * Thu Oct 24 2013 andreas.stiegerAATTgmx.de- update to 1.27- bug fixes: * PAX-format sparse archive files no longer restricted to 8 GiB. * adjust diagnostics and output to GNU coding- new features: * The --owner and --group options now accept numeric IDs * restore traditional functionality of --keep-old-files and - -skip-old-files, treat existing file as errors for the former * --warning=existing-file gives verbose notice for this * Support for POSIX ACLs, extended attributes and SELinux context - -xattrs, --acls and --selinux and their `--no-\' counterparts - -xattrs-include and --xattrs-exclude allows selective control * Any option taking a command name as its argument now accepts a full command line as well: - -checkpoint-action=exec - I, --use-compress-program - F, --info-script - -to-command * environment variables supplied to such commands can now be used in the command line itself * New warning control option --warning=[no-]record-size controls display of actual record size, if it differs from the default * New command line option --keep-directory-symlink to disable default behaviour that unlinks exising symbolic link for an extracted directory of the corresponding name- packaging changes: * drop tar-1.26-stdio.in.patch, committed upstream * drop config-guess-sub-update.patch, newer version in upstream * verify source signature * Thu Aug 22 2013 vcizekAATTsuse.com- added fix for paxutils rtapelib which is bundled with tar. the very same fix was added to cpio too (bnc#658031) * paxutils-rtapelib_mtget.patch * Fri Apr 05 2013 idonmezAATTsuse.com- Add Source URL, see https://en.opensuse.org/SourceUrls * Sat Feb 02 2013 schwabAATTsuse.de- Add config-guess-sub-update.patch: Update config.guess/sub for aarch64 * Tue Jul 17 2012 ajAATTsuse.de- Fix build failure with undefined gets (glibc 2.16). * Wed May 30 2012 sweet_f_aAATTgmx.de- avoid automake dependency * Fri Apr 20 2012 crrodriguezAATTopensuse.org- disable \'runtime checks\' in m4/ *.m4 that override system calls with custom implementations to workaround very old kernel/libc bugs (dating 2003-2009) we do not ship those buggy components nowdays. * Fri Apr 20 2012 crrodriguezAATTopensuse.org- Switch to default archive type to POSIX.1-2001, which is ten years old and has no limits on filesize,filename length etc. * Mon Dec 19 2011 tcechAATTsuse.cz- tar-1.26-remove_O_NONBLOCK.patch: don\'t use O_NONBLOCK as a flag for read, when file is offline, read with O_NONBLOCK returns EAGAIN, but tar doesn\'t handle it (bnc#737331) * Sun Oct 30 2011 dmuellerAATTsuse.de- disable testsuite on qemu build * Wed Oct 05 2011 sweet_f_aAATTgmx.de- minor portability fixes * Thu Sep 29 2011 sweet_f_aAATTgmx.de- spec cleaner, avoid some deprecated macros- fix non-utf8-spec-file- fix macro-in-comment- enable make check- remove upstream-fixed/obsolete patches (fortifysourcessigabrt, disable-listed02-test, disable_languages)- call help2man inside specfile instead of paching tar\'s build chain * Tue Mar 15 2011 puzelAATTnovell.com- update to tar-1.26 * Fix the --verify option, which broke in version 1.24. * Fix storing long sparse file names in PAX archives. * Fix correctness of --atime-preserve=replace * tar --atime-preserve=replace no longer tries to restore atime of zero-sized files. * Fix bug with --one-file-system --listed-incremental * Wed Nov 24 2010 puzelAATTnovell.com- fix tar-backup-scripts (bnc#654199)- add tar-backup-spec-fix-paths.patch- cleanup spec * Tue Nov 09 2010 puzelAATTnovell.com- update to tar-1.25 * Fix extraction of empty directories with the -C option in effect. * Fix extraction of device nodes. * Make sure name matching occurs before eventual name transformation. * Fix the behavior of tar -x --overwrite on hosts lacking O_NOFOLLOW. * Support alternative decompression programs.- update to tar-1.24 * The new --full-time option instructs tar to output file time stamps to the full resolution. * More reliable directory traversal when creating archives * When extracting symbolic links, tar now restores attributes such as last-modified time and link permissions, if the operating system supports this. * The --dereference (-h) option now applies to files that are copied into or out of archives, independently of other options. * When receiving SIGPIPE, tar would exit with error status and \"write error\" diagnostics.- disable-silent-rules- updated tar-fortifysourcessigabrt.patch * Mon Jun 28 2010 jengelhAATTmedozas.de- use %_smp_mflags * Fri Mar 12 2010 msebenAATTnovell.com- updated to version 1.23 * Improved record size autodetection * Use of lseek on seekable archives * New command line option --warning * New command line option --level * Improved behavior if some files were removed during incremental dumps * Modification times of PAX extended headers * Time references in the --pax-option argument * Augmented environment of the --to-command script * Fix handling of hard link targets by -c --transform * Fix hard links recognition with -c --remove-files * Fix restoring files from backup (debian bug #508199) * Correctly restore modes and permissions on existing directories * The --remove-files option removes files only if they were succesfully stored in the archive * Fix storing and listing of the volume labels in POSIX format * Improve algorithm for splitting long file names (ustar format) * Fix possible memory overflow in the rmt client code (CVE-2010-0624)- deprecated heap_overflow_in_rtapelib.patch * Wed Mar 03 2010 msebenAATTnovell.com- added heap_overflow_in_rtapelib.patch fix possible heap overflow in rtapelib.c (bnc#579475) * Tue Feb 02 2010 msebenAATTnovell.com- updated to version 1.22 * Support for xz compression (--xz option) * Short option -J is reassigned as a shortcut for --xz * The option -I is a shortcut for --use-compress-program * The --no-recursive option works with --incremental- deprecated recognize_xz.patch- created tar-backup-scripts subpackage (bnc#574688) * Sun Dec 06 2009 jengelhAATTmedozas.de- enable parallel building * Fri Dec 04 2009 meissnerAATTsuse.de- fixed FORTIFY_SOURCE=2 issue with gcc 4.5. * Sun Aug 30 2009 ajAATTsuse.de- recommend not require language subpackage * Tue Mar 03 2009 pthAATTsuse.de- Recognize .xz as lzma archive.
|
|
|