Subversion Repositories

(root)/ - Rev 38

?revision_form?

Rev ?revision_input??revision_submit?

?revision_endform?

Go to most recent revision | Show changed files | Directory listing | RSS feed

Filtering Options

From rev	To rev	Max revs

Search history for

Show All

Clear current filter

Rev	Age	Author	Path	Log message
38	3509d 04h	magnus	/trunk/debian/	oldgnu_prefix.patch: Detect old-style GNU headers correctly (Closes: #763119). Those appear in incremental archives and use the bytes that the new-style headers use for the prefix field for other fields. Thanks to Steinar H. Gunderson.
37	3671d 05h	magnus	/tags/1.2.20-4/	[svn-buildpackage] Tagging libtar 1.2.20-4
36	3671d 05h	magnus	/trunk/debian/	no_maxpathlen.patch: Half of the part of the patch modifying compat/dirname.c was missing, causing libtar's dirname to always return NULL (except in special circumstances). Actually make it work (Closes: #745352). (The reason that libtar doesn't use libc's dirname() and basename() on some or most platforms is that the code doesn't work with destructive versions of these functions).
35	3747d 05h	magnus	/branches/wheezy/debian/	[SECURITY] CVE-2013-4420.patch: Strip out leading slashes and any pathname prefix containing ".." components (Closes: #731860). This is done in th_get_pathname() (as well as to symlink targets when extracting symlinks), not merely when extracting files, which means applications calling that function will not see the stored filename. There is no way to disable this behaviour, but it can be expected that one will be provided when the issue is solved upstream.
34	3748d 00h	magnus	/tags/1.2.20-3/	[svn-buildpackage] Tagging libtar 1.2.20-3
33	3748d 00h	magnus	/trunk/debian/	th_get_size-unsigned-int.patch: Make the th_get_size() macro cast the result from oct_to_int() to unsigned int. This is the right fix for bug #725938 on 64-bit systems, where a specially crafted tar file would not cause an integer overflow, but a memory allocation of almost 16 exbibytes, which would certainly fail outright without harm.
32	3748d 01h	magnus	/trunk/debian/patches/	Add stdlib.h for malloc() in lib/decode.c
31	3748d 01h	magnus	/trunk/debian/	[SECURITY] CVE-2013-4420.patch: When the prefix field is in use, the safer_name_suffix() function should certainly be applied to the combination of it and the name field, not just on the name field.
30	3748d 01h	magnus	/trunk/debian/	no_maxpathlen.patch: Fix two grave bugs in the patch. First, th_get_pathname would only allocate as much memory as was needed for the first filename encountered, causing heap corruption when/if encountering longer filenames later. Second, two variables were mixed up in tar_append_tree(). Also, fix a potential memory leak and trim the patch a bit.
29	3748d 01h	magnus	/trunk/debian/	Correct patch name in changelog.
28	3748d 02h	magnus	/tags/1.2.16-1+deb7u1/	[svn-buildpackage] Tagging libtar 1.2.16-1+deb7u1
27	3748d 02h	magnus	/branches/wheezy/debian/	[SECURITY] size_t-overflow_cve-2013-4397.patch: Fix CVE-2013-4397: Integer overflow (Closes: #725938).
26	3748d 02h	magnus	/tags/1.2.20-2/	[svn-buildpackage] Tagging libtar 1.2.20-2
25	3748d 02h	magnus	/trunk/debian/	Bump Standards-Version to 3.9.5.
24	3748d 03h	magnus	/trunk/debian/	[SECURITY] CVE-2013-4420.patch: Strip out leading slashes and any pathname prefix containing ".." components (Closes: #731860). This is done in th_get_pathname() (as well as to symlink targets when extracting symlinks), not merely when extracting files, which means applications calling that function will not see the stored filename. There is no way to disable this behaviour, but it can be expected that one will be provided when the issue is solved upstream.
23	3750d 03h	magnus	/trunk/debian/	* no_static_buffers.patch: avoid using a static buffer in th_get_pathname(). Taken from upstream. Needed for no_maxpathlen.patch. * maxpathlen.patch: Fix FTBFS on Hurd by dynamically allocating path names (Closes: #657116). Thanks to Svante Signell and Petter Reinholdtsen.
22	3876d 05h	magnus	/tags/1.2.20-1/	[svn-buildpackage] Tagging libtar 1.2.20-1
21	3876d 06h	magnus	/branches/wheezy/	Create wheezy branch
20	3876d 06h	magnus	/branches/	Create branches directory
19	3876d 06h	magnus	/trunk/debian/	Bump Standards-Version to 3.9.4.
18	3876d 06h	magnus	/trunk/debian/	[SECURITY] New upstream release. Fixes CVE-2013-4397: Integer overflow (Closes: #725938).
17	4034d 01h	magnus	/tags/1.2.19-1/	[svn-buildpackage] Tagging libtar 1.2.19-1
16	4034d 07h	magnus	/trunk/debian/patches/	Delete the patch series again.
15	4034d 07h	magnus	/trunk/debian/	New upstream release.
14	4351d 00h	magnus	/tags/1.2.16-1/	[svn-buildpackage] Tagging libtar 1.2.16-1
13	4351d 00h	magnus	/trunk/debian/	debian/control: Add VCS fields; bump Standards-Version to 3.9.3.
12	4351d 00h	magnus	/trunk/debian/	Use dpkg-buildflags to set CFLAGS et al.
11	4351d 01h	magnus	/trunk/debian/	Updated debian/copyright.
10	4351d 01h	magnus	/trunk/debian/	Updated debian/watch to look for tags and corresponding snapshot tarballs at above URL.
9	4499d 02h	magnus	/trunk/debian/	debian/rules: Add build-indep and build-arch targets.
8	4499d 02h	magnus	/trunk/debian/	* New upstream: Chris Frey has stepped up with the consent of the original author, Mark Roth, and published an "official unofficial" git repo at http://repo.or.cz/w/libtar.git, which I will use for the time being. * All patches have been incorporated or (in the case of autoreconf.patch) made obsolete upstream.
7	4499d 03h	magnus	/trunk/debian/	binary-indep doesn't need any prereqs.
6	4499d 03h	magnus	/trunk/debian/	[svn-inject] Applying Debian modifications (1.2.11-8) to trunk
5	4499d 03h	magnus	/trunk/	[svn-inject] Applying Debian modifications (1.2.11-7) to trunk
4	4499d 03h	magnus	/trunk/	[svn-inject] Applying Debian modifications (1.2.11-6) to trunk
3	4804d 02h	magnus	/trunk/debian/	[svn-inject] Applying Debian modifications (1.2.11-7) to trunk
2	4804d 02h	magnus	/trunk/	Creating trunk directory
1	4804d 02h	magnus	/tags/	[svn-inject] Creating tags/ directory.