Changelog for
tar-debugsource-1.30-lp152.4.6.1.i586.rpm :
* Wed Jun 09 2021 Wolfgang Frisch
- Link /var/lib/tests/tar/bin/genfile as Position-Independent Executable (bsc#1184124). + tar-PIE.patch
* Mon Mar 15 2021 pgajdosAATTsuse.com- security update- added patches fix CVE-2021-20193 [bsc#1181131], Memory leak in read_header() in list.c + tar-CVE-2021-20193.patch
* Mon Mar 25 2019 Kristýna Streitová - add tar-1.30-CVE-2018-20482.patch to fix a security issue where tar when \"--sparse\" option is used, mishandles file shrinkage during read access, which allows local users to cause a denial of service (infinite read loop in sparse_dump_region in sparse.c) by modifying a file that is supposed to be archived by a different user\'s process [bsc#1120610] [CVE-2018-20482]- add tar-1.30-CVE-2019-9923.patch to fix a security issue where pax_decode_header in sparse.c in tar had a NULL pointer dereference when parsing certain archives that have malformed extended headers [bsc#1130496] [CVE-2019-9923]
* Fri May 11 2018 kstreitovaAATTsuse.com- add tar-1.30-tests_dirrem_race.patch to fix race in dirrem01 and dirrem02 tests that were passing/failing randomly because of that- run spec-cleaner- renumber patches
* Tue Apr 03 2018 kukukAATTsuse.de- Use %license instead of %doc [bsc#1082318]
* Thu Jan 04 2018 kstreitovaAATTsuse.com- add tar-1.30-tests-difflink.patch to fix difflink.at test (https://www.mail-archive.com/bug-tarAATTgnu.org/msg05440.html)
* Mon Dec 18 2017 avindraAATTopensuse.org- GNU tar 1.30:
* Member names containing \'..\' components are now skipped when extracting.
* Report erroneous use of position-sensitive options.
* --numeric-owner now affects private headers too.
* Fixed the --delay-directory-restore option
* The --warnings=failed-read option
* The --warnings=none option now suppresses all warnings
* Fix reporting of hardlink mismatches during compare- cleanup with spec-cleaner- switch all urls to https- drop upstreamed patches
* add-return-values-to-backup-scripts.patch
* tar-1.29-extract_pathname_bypass.patch- rebase add_readme-tests.patch
* Thu Apr 20 2017 kstreitovaAATTsuse.com- remove tar-1.26-remove_O_NONBLOCK.patch as this issue was fixed in tar 1.27 (commit 03858cf583ce299b836d8a848967ce290a6bf303)
* Mon Apr 03 2017 svalxAATTsvalx.net- Use update-alternatives according to current documentation
* Mon Mar 27 2017 svalxAATTsvalx.net- Disable tar-1.26-remove_O_NONBLOCK.patch - this issue has been fixed in tar-1.27- backup-scripts subpackage change to noarch- Change rpm group of tar-tests to Development/Tools/Other- Enable rmt building, change package description- Switch rmt to alternatives system- Separate rmt subpackage - it can be used by different archiving tools as a dedicated program- Change rmt path to /usr/bin folder - it can be used by non privileged users for backup purposes. Security is controlled by access rights to the targets and remote shell.- Separate doc subpackage- Remove conditions for old SUSE builds and lang subpackage- Rename restore script to restore.sh for avoiding file conflicts with dump/restore
* Thu Mar 23 2017 kstreitovaAATTsuse.com- move binaries from /bin to /usr/bin [bsc#1029977]
* refresh tar-backup-spec-fix-paths.patch to change path of the tar binary from TAR=/bin/tar to TAR=/usr/bin/tar- use spec-cleaner
* Thu Dec 15 2016 vcizekAATTsuse.com- update tar-1.29-extract_pathname_bypass.patch to the upstream one that fixes POINTYFEATHER issue but it doesn\'t limit append or create operations as the initial patch did [bsc#1012633] [CVE-2016-6321]
* Tue Nov 08 2016 kstreitovaAATTsuse.com- add tar-1.29-extract_pathname_bypass.patch to fix POINTYFEATHER vulnerability - GNU tar archiver can be tricked into extracting files and directories in the given destination, regardless of the path name(s) specified on the command line [bsc#1007188] [CVE-2016-6321]
* Sat May 28 2016 astiegerAATTsuse.com- GNU tar 1.29:
* New options: --verbatim-files-from, --no-verbatim-files-from
* --null option reads file names verbatim
* New options: --owner-map=FILE and --group-map=FILE
* New option --clamp-mtime
* Deprecated --preserve option removed
* Sparse file detection - now uses SEEK_DATA/SEEK_HOLE on systems that support it. This allows for considerable speed-up in sparse-file detection. New option --hole-detection for algorithm selection.
* Wed Mar 23 2016 svalxAATTsvalx.net- Add add-return-values-to-backup-scripts.patch
* Mon Apr 13 2015 vcizekAATTsuse.com- Revert tar-recursive--files-from.patch because it causes regression (bnc#918487, bnc#919233)
* Mon Feb 09 2015 vcizekAATTsuse.com- extract files recursively with --files-from (bnc#913058)
* added tar-recursive--files-from.patch- call autoreconf in %prep
* Sun Dec 21 2014 meissnerAATTsuse.com- build with PIE
* Thu Nov 20 2014 andreas.stiegerAATTgmx.de- compile in ACLs, Xattr and selinux support [boo#906413]