|
|
|
|
Changelog for tar-lang-1.35-lp156.175.1.noarch.rpm :
* Wed Jul 10 2024 Antonio Teixeira - Updated tar-fix-extract-unlink.patch * Replace patch with an equivalent upstreamed commit * Fixes bsc#1225407 * Wed Dec 06 2023 Joshua Smith - GNU tar 1.34: * Fail when building GNU tar if the platform supports 64-bit time_t but the build only uses 32-bit time_t. * Leave the devmajor and devminor fields empty (rather than zero) for non-special files, as this is more compatible with traditional tar. Fixes: * Fix interaction of --update with --wildcards. * When extracting archives into an empty directory, do not create hard links to files outside that directory. * Handle partial reads from regular files. * Warn file changed as we read it less often. Formerly, tar warned if the file\'s size or ctime changed. However, this generated a false positive if tar read a file while another process hard-linked to it, changing its ctime. Now, tar warns if the file\'s size, mtime, user ID, group ID, or mode changes. Although neither heuristic is perfect, the new one should work better in practice. * Fix --ignore-failed-read to ignore file-changed read errors as far as exit status is concerned. You can now suppress file-changed issues entirely with --ignore-failed-read - -warning=no-file-changed. * Fix --remove-files to not remove a file that changed while we read it. * Fix --atime-preserve=replace to not fail if there was no need to replace, either because we did not read the file, or the atime did not change. * Fix race when creating a parent directory while another process is also doing so. * Fix handling of prefix keywords not followed by \".\" in pax headers. * Fix handling of out-of-range sparse entries in pax headers. * Fix handling of --transform=\'s/s/AATT/2\'. * Fix treatment of options ending in slash in files-from list. * Fix crash on tar --checkpoint-action exec=\\\". * Fix low-memory crash when reading incremental dumps. * Fix --exclude-vcs-ignores memory allocation misuse.- Added patch: * add_forgotten-tests.patch: added 2 tests that upstream forgot in the release.- Update patch: * tar-backup-spec-fix-paths.patch: upstream fixed 2/3rd of paths * tar-fix-extract-unlink.patch some of this is overwritten by bsc1202436-1 and some was fixed upstream * add_readme-tests.patch as Makefile.in no longer exists- Removed: * tar-fix-race-condition.patch * tar-avoid-overflow-in-symlinks-tests.patch * bsc1200657.patch * bsc1202436-2.patch * bsc1202436-1.patch- Fix CVE-2023-39804, Incorrectly handled extension attributes in PAX archives can lead to a crash, bsc#1217969 * Tue Jul 25 2023 Andreas Schwab - Run testsuite also on qemu build * Thu Jul 20 2023 Guillaume GARDET - Update tests-skip-time01-on-32bit-time_t.patch to not run test on armv6 either * Tue Feb 14 2023 Danilo Spinella - Fix CVE-2022-48303, tar has a one-byte out-of-bounds read that results in use of uninitialized memory for a conditional jump (CVE-2022-48303, bsc#1207753) * fix-CVE-2022-48303.patch- Fix hang when unpacking test tarball, bsc#1202436 * bsc1202436.patch * bsc1202436-1.patch * bsc1202436-2.patch * go-testsuite-test-hang.patch * Tue Dec 27 2022 Ludwig Nussel - Replace transitional %usrmerged macro with regular version check (boo#1206798) * Thu Oct 27 2022 Danilo Spinella - Fix unexpected inconsistency when making directory, bsc#1203600 * tar-avoid-overflow-in-symlinks-tests.patch * tar-fix-extract-unlink.patch- Update race condition fix, bsc#1200657 * tar-fix-race-condition.patch- Refresh bsc1200657.patch * Sat Aug 20 2022 Dirk Müller - drop tar-recursive--files-from.patch (causes bsc#918487) * Wed Aug 17 2022 Simon Lees - bsc1200657.patch was previously incomplete leading to deadlocks * bsc#1202436 * bsc1200657.patch updated * Mon Jun 20 2022 Danilo Spinella - Fix race condition while creating intermediate subdirectories, bsc#1200657 * bsc1200657.patch * Wed Apr 13 2022 William Brown - Add recommends to zstd, a modern fast compression type. * Thu Oct 14 2021 Bernhard Voelker - tests-skip-time01-on-32bit-time_t.patch: Add patch to skip test \'tests/time01.at\' on platforms with 32-bit time_t for now.- tar.spec: Reference it. (%check): Output the testsuite.log in case the testsuite failed. * Fri Oct 08 2021 Danilo Spinella - The following issues have already been fixed in this package but weren\'t previously mentioned in the changes file: * bsc#1181131, CVE-2021-20193 * bsc#1120610 * Wed Jun 09 2021 Wolfgang Frisch - Link /var/lib/tests/tar/bin/genfile as Position-Independent Executable (bsc#1184124). + tar-PIE.patch * Sun Feb 14 2021 Andreas Stieger - GNU tar 1.34: * Fix extraction over pipe * Fix memory leak in read_header * Fix extraction when . and .. are unreadable * Gracefully handle duplicate symlinks when extracting * Re-initialize supplementary groups when switching to user privileges * Sat Jan 09 2021 Andreas Stieger - GNU tar 1.33: * POSIX extended format headers do not include PID by default * --delay-directory-restore works for archives with reversed member ordering * Fix extraction of a symbolic link hardlinked to another symbolic link * Wildcards in exclude-vcs-ignore mode don\'t match slash * Fix the --no-overwrite-dir option * Fix handling of chained renames in incremental backups * Link counting works for file names supplied with -T * Accept only position-sensitive (file-selection) options in file list files- remove deprecated texinfo packaging macros * Mon Oct 19 2020 Ludwig Nussel - prepare usrmerge (boo#1029961) * Fri Apr 03 2020 Dominique Leuenberger - Drop Requires(pre) info in the preamble: the main package does not contain any info files, and has not even a pre script. The - doc subpackage already has the correct deps. * Fri Jan 31 2020 Bjørn Lie - No longer recommend -lang: supplements are in use. * Mon Mar 25 2019 Kristýna Streitová - update to version 1.32 * Fix the use of --checkpoint without explicit --checkpoint-action * Fix extraction with the -U option * Fix iconv usage on BSD-based systems * Fix possible NULL dereference (savannah bug #55369) [bsc#1130496] [CVE-2019-9923] * Improve the testsuite- remove tar-1.31-tests_dirrem.patch and tar-1.31-racy_compress_tests.patch that are no longer needed (applied usptream) * Fri Mar 15 2019 Cristian Rodríguez - Remove libattr-devel from buildrequires, tar no longer uses it but finds xattr functions in libc. * Thu Feb 14 2019 kstreitovaAATTsuse.com- update to version 1.31 * Fix heap-buffer-overrun with --one-top-level, bug introduced with the addition of that option in 1.28 * Support for zstd compression * New option \'--zstd\' instructs tar to use zstd as compression program. When listing, extractng and comparing, zstd compressed archives are recognized automatically. When \'-a\' option is in effect, zstd compression is selected if the destination archive name ends in \'.zst\' or \'.tzst\'. * The -K option interacts properly with member names given in the command line. Names of members to extract can be specified along with the \"-K NAME\" option. In this case, tar will extract NAME and those of named members that appear in the archive after it, which is consistent with the semantics of the option. Previous versions of tar extracted NAME, those of named members that appeared before it, and everything after it. * Fix CVE-2018-20482 - When creating archives with the --sparse option, previous versions of tar would loop endlessly if a sparse file had been truncated while being archived.- remove the following patches (upstreamed) * tar-1.30-tests-difflink.patch * tar-1.30-tests_dirrem_race.patch- refresh add_readme-tests.patch- add tar-1.31-tests_dirrem.patch to fix expected output in dirrem tests- add tar-1.31-racy_compress_tests.patch to fix compression tests * Fri May 11 2018 kstreitovaAATTsuse.com- add tar-1.30-tests_dirrem_race.patch to fix race in dirrem01 and dirrem02 tests that were passing/failing randomly because of that- run spec-cleaner- renumber patches * Tue Apr 03 2018 kukukAATTsuse.de- Use %license instead of %doc [bsc#1082318] * Thu Jan 04 2018 kstreitovaAATTsuse.com- add tar-1.30-tests-difflink.patch to fix difflink.at test (https://www.mail-archive.com/bug-tarAATTgnu.org/msg05440.html) * Mon Dec 18 2017 avindraAATTopensuse.org- GNU tar 1.30: * Member names containing \'..\' components are now skipped when extracting. * Report erroneous use of position-sensitive options. * --numeric-owner now affects private headers too. * Fixed the --delay-directory-restore option * The --warnings=failed-read option * The --warnings=none option now suppresses all warnings * Fix reporting of hardlink mismatches during compare- cleanup with spec-cleaner- switch all urls to https- drop upstreamed patches * add-return-values-to-backup-scripts.patch * tar-1.29-extract_pathname_bypass.patch- rebase add_readme-tests.patch * Thu Apr 20 2017 kstreitovaAATTsuse.com- remove tar-1.26-remove_O_NONBLOCK.patch as this issue was fixed in tar 1.27 (commit 03858cf583ce299b836d8a848967ce290a6bf303) * Mon Apr 03 2017 svalxAATTsvalx.net- Use update-alternatives according to current documentation * Mon Mar 27 2017 svalxAATTsvalx.net- Disable tar-1.26-remove_O_NONBLOCK.patch - this issue has been fixed in tar-1.27- backup-scripts subpackage change to noarch- Change rpm group of tar-tests to Development/Tools/Other- Enable rmt building, change package description- Switch rmt to alternatives system- Separate rmt subpackage - it can be used by different archiving tools as a dedicated program- Change rmt path to /usr/bin folder - it can be used by non privileged users for backup purposes. Security is controlled by access rights to the targets and remote shell.- Separate doc subpackage- Remove conditions for old SUSE builds and lang subpackage- Rename restore script to restore.sh for avoiding file conflicts with dump/restore * Thu Mar 23 2017 kstreitovaAATTsuse.com- move binaries from /bin to /usr/bin [bsc#1029977] * refresh tar-backup-spec-fix-paths.patch to change path of the tar binary from TAR=/bin/tar to TAR=/usr/bin/tar- use spec-cleaner * Thu Dec 15 2016 vcizekAATTsuse.com- update tar-1.29-extract_pathname_bypass.patch to the upstream one that fixes POINTYFEATHER issue but it doesn\'t limit append or create operations as the initial patch did [bsc#1012633] [CVE-2016-6321] * Tue Nov 08 2016 kstreitovaAATTsuse.com- add tar-1.29-extract_pathname_bypass.patch to fix POINTYFEATHER vulnerability - GNU tar archiver can be tricked into extracting files and directories in the given destination, regardless of the path name(s) specified on the command line [bsc#1007188] [CVE-2016-6321] * Sat May 28 2016 astiegerAATTsuse.com- GNU tar 1.29: * New options: --verbatim-files-from, --no-verbatim-files-from * --null option reads file names verbatim * New options: --owner-map=FILE and --group-map=FILE * New option --clamp-mtime * Deprecated --preserve option removed * Sparse file detection - now uses SEEK_DATA/SEEK_HOLE on systems that support it. This allows for considerable speed-up in sparse-file detection. New option --hole-detection for algorithm selection. * Wed Mar 23 2016 svalxAATTsvalx.net- Add add-return-values-to-backup-scripts.patch * Mon Apr 13 2015 vcizekAATTsuse.com- Revert tar-recursive--files-from.patch because it causes regression (bnc#918487, bnc#919233) * Mon Feb 09 2015 vcizekAATTsuse.com- extract files recursively with --files-from (bnc#913058) * added tar-recursive--files-from.patch- call autoreconf in %prep * Sun Dec 21 2014 meissnerAATTsuse.com- build with PIE * Thu Nov 20 2014 andreas.stiegerAATTgmx.de- compile in ACLs, Xattr and selinux support [boo#906413]
|
|
|