WebSVN - Diff - Rev 29 and 30 - /trunk/debian/changelog


libtar (1.2.20-3) unstable; urgency=low

  * no_maxpathlen.patch: Fix two grave bugs in the patch. First,
    th_get_pathname would only allocate as much memory as was needed for
    the first filename encountered, causing heap corruption when/if
    encountering longer filenames later. Second, two variables were mixed
    up in tar_append_tree(). Also, fix a potential memory leak and trim
    the patch a bit.

 -- Magnus Holmgren <holmgren@debian.org>  Sat, 15 Feb 2014 21:54:56 +0100

libtar (1.2.20-2) unstable; urgency=low

  * no_static_buffers.patch: avoid using a static buffer in
    th_get_pathname(). Taken from upstream. Needed for no_maxpathlen.patch.
  * no_maxpathlen.patch: Fix FTBFS on Hurd by dynamically allocating path
    names (Closes: #657116). Thanks to Svante Signell and Petter
    Reinholdtsen.
  * [SECURITY] CVE-2013-4420.patch: Strip out leading slashes and any
    pathname prefix containing ".." components (Closes: #731860). This is
    done in th_get_pathname() (as well as to symlink targets when
    extracting symlinks), not merely when extracting files, which means
    applications calling that function will not see the stored
    filename. There is no way to disable this behaviour, but it can be
    expected that one will be provided when the issue is solved upstream.
  * Bump Standards-Version to 3.9.5.

 -- Magnus Holmgren <holmgren@debian.org>  Sat, 15 Feb 2014 21:49:37 +0100

libtar (1.2.20-1) unstable; urgency=high

  * [SECURITY] New upstream release. Fixes CVE-2013-4397: Integer
    overflow (Closes: #725938).
  * Bump Standards-Version to 3.9.4.

 -- Magnus Holmgren <holmgren@debian.org>  Thu, 10 Oct 2013 19:20:49 +0200

libtar (1.2.19-1) unstable; urgency=low

  * New upstream release.

 -- Magnus Holmgren <holmgren@debian.org>  Sun, 05 May 2013 17:59:29 +0200

libtar (1.2.16-1) unstable; urgency=low

  * New upstream: Chris Frey has stepped up with the consent of the
    original author, Mark Roth, and published an "official unofficial" git
    repo at http://repo.or.cz/w/libtar.git, which I will use for the time
    being.
  * Updated debian/watch to look for tags and corresponding snapshot
    tarballs at above URL.
  * All patches have been incorporated or (in the case of
    autoreconf.patch) made obsolete upstream.
  * debian/rules: Add build-indep and build-arch targets.
  * Updated debian/copyright.
  * Use dpkg-buildflags to set CFLAGS et al.
  * debian/control: Add VCS fields; bump Standards-Version to 3.9.3.

 -- Magnus Holmgren <holmgren@debian.org>  Sat, 23 Jun 2012 01:03:41 +0200

libtar (1.2.11-8) unstable; urgency=low

  * libtool.patch: Set SHELL to the configured shell in those Makefile.in
    where libtool is used; otherwise libtool fails when /bin/sh is dash
    but bash is expected (Closes: #621935).
  * man_hyphen_minus.patch (new): Escape hyphens that should be minus
    signs in man pages.
  * Rename libtar as libtar0 to follow policy.

 -- Magnus Holmgren <holmgren@debian.org>  Sun, 24 Apr 2011 21:11:52 +0200

libtar (1.2.11-7) unstable; urgency=low

  * New maintainer (Closes: #526618).
  * Change source format to 3.0 (quilt), clean up Debian diff and split
    into several patches:
    * libtool.patch: Using libtool to build dynamic library;
    * autoreconf.patch: Changes needed to call autoreconf (bug 511741);
    * memleak.patch: Fix memory leaks;
    * bad_ptrtoint.patch: Document stupidity of tartype_t in libtar.c 
      (bug 309945).
  * Increase Debhelper compat level to 7.
  * Use dh_autoreconf to avoid having to keep track of files to clean.
  * memleak2.patch (new): Applied instead of memleak.patch. Fix memory
    leak by making th_get_pathname() return a pointer to a static buffer
    instead of a pointer to a copy of a local buffer (LP: #41804).
  * Add homepage field and watch file (in case there is ever a new
    upstream release).
  * Upgrade to Standards-Version 3.9.1.

 -- Magnus Holmgren <holmgren@debian.org>  Sat, 26 Mar 2011 23:10:25 +0100

libtar (1.2.11-6) unstable; urgency=low

  * Fix autotools usage (Closes: #511741)

 -- Julien Danjou <acid@debian.org>  Sat, 02 May 2009 11:33:06 +0200

libtar (1.2.11-5) unstable; urgency=low

  * New maintainer (Closes: #465889)
  * Add missing binary-indep target in debian/rules (Closes: #395714)
  * Use ${binary:Version} instead of Source-Version
  * Bump standard version
  * Switch to debhelper 5

 -- Julien Danjou <acid@debian.org>  Wed, 02 Apr 2008 07:06:55 +0200

libtar (1.2.11-4) unstable; urgency=low

  * Always include the newest libtool.m4.  (Closes: #313612)

 -- James Morrison <phython@debian.org>  Sun, 28 Aug 2005 09:41:47 -0700

libtar (1.2.11-3) unstable; urgency=low

  * Document stupidity of tartype_t in libtar.c.  (Closes: #309945)

 -- James Morrison <phython@debian.org>  Sat, 11 Jun 2005 18:23:15 -0400

libtar (1.2.11-2) unstable; urgency=low

  * Move libtar-dev to libdevel. (Closes: #188207)
  * Fix potential memory leak.

 -- James Morrison <phython@debian.org>  Sun, 25 Jul 2004 12:59:08 -0700

libtar (1.2.11-1) unstable; urgency=low

  * New Upstream release.

 -- James Morrison <phython@debian.org>  Sat,  5 Apr 2003 14:03:19 -0500

libtar (1.2.10-1) unstable; urgency=low

  * New Upstream release.
     (Closes: #166602) New upstream uses autoconf 2.5x
  * Remove dependency on automake.  Hopefully upstream will except this
    use of libtool.
  * Remove all -static and -shared targets from debian/rules.
  * Use dh_install instead of dh_movefiles.
  * -

 -- James Morrison <phython@debian.org>  Sat,  5 Apr 2003 14:03:16 -0500

libtar (1.2.5-4) unstable; urgency=low

  * New maintainer. (Closes: #154597)
  * WSG_ENCAP is now defined.  (Closes: #147764)
  * libtar-dev depends on libc-dev instead of libc6-dev. 

 -- James Morrison <phython@debian.org>  Wed, 14 Aug 2002 23:44:16 -0400

libtar (1.2.5-3) unstable; urgency=low

  * Modify build commands to acomadate change in autoconf (Closes #147764)

 -- Glenn McGrath <bug1@debian.org>  Thu, 23 May 2002 01:06:16 +1000

libtar (1.2.5-2) unstable; urgency=low

  * Fix build problem (Closes #135360)

 -- Glenn McGrath <bug1@debian.org>  Sun, 24 Feb 2002 06:29:31 +1100

libtar (1.2.5-1) unstable; urgency=low

  * New upstream version
  * Change section of libtar-dev to devel and libtar to libs

 -- Glenn McGrath <bug1@debian.org>  Fri, 22 Feb 2002 04:23:15 +1100

libtar (1.2.4-2) unstable; urgency=low

  * Change section from devel to libs 

 -- Glenn McGrath <bug1@debian.org>  Sat,  2 Feb 2002 12:12:32 +1100

libtar (1.2.4-1) unstable; urgency=low

  * Initial Release. (closes #128042)

 -- Glenn McGrath <bug1@debian.org>  Sat,  5 Jan 2002 13:24:37 +1100


Subversion Repositories

(root)/trunk/debian/changelog - Rev 29 → 30

Rev 29		Rev 30
-		1	libtar (1.2.20-3) unstable; urgency=low
-		2
-		3	* no_maxpathlen.patch: Fix two grave bugs in the patch. First,
-		4	th_get_pathname would only allocate as much memory as was needed for
-		5	the first filename encountered, causing heap corruption when/if
-		6	encountering longer filenames later. Second, two variables were mixed
-		7	up in tar_append_tree(). Also, fix a potential memory leak and trim
-		8	the patch a bit.
-		9
-		10	-- Magnus Holmgren <holmgren@debian.org> Sat, 15 Feb 2014 21:54:56 +0100
-		11
1	libtar (1.2.20-2) unstable; urgency=low	12	libtar (1.2.20-2) unstable; urgency=low
2		13
3	* no_static_buffers.patch: avoid using a static buffer in	14	* no_static_buffers.patch: avoid using a static buffer in
4	th_get_pathname(). Taken from upstream. Needed for no_maxpathlen.patch.	15	th_get_pathname(). Taken from upstream. Needed for no_maxpathlen.patch.
5	* no_maxpathlen.patch: Fix FTBFS on Hurd by dynamically allocating path	16	* no_maxpathlen.patch: Fix FTBFS on Hurd by dynamically allocating path
6	names (Closes: #657116). Thanks to Svante Signell and Petter	17	names (Closes: #657116). Thanks to Svante Signell and Petter
7	Reinholdtsen.	18	Reinholdtsen.
8	* [SECURITY] CVE-2013-4420.patch: Strip out leading slashes and any	19	* [SECURITY] CVE-2013-4420.patch: Strip out leading slashes and any
9	pathname prefix containing ".." components (Closes: #731860). This is	20	pathname prefix containing ".." components (Closes: #731860). This is
10	done in th_get_pathname() (as well as to symlink targets when	21	done in th_get_pathname() (as well as to symlink targets when
11	extracting symlinks), not merely when extracting files, which means	22	extracting symlinks), not merely when extracting files, which means
12	applications calling that function will not see the stored	23	applications calling that function will not see the stored
13	filename. There is no way to disable this behaviour, but it can be	24	filename. There is no way to disable this behaviour, but it can be
14	expected that one will be provided when the issue is solved upstream.	25	expected that one will be provided when the issue is solved upstream.
15	* Bump Standards-Version to 3.9.5.	26	* Bump Standards-Version to 3.9.5.
16		27
17	-- Magnus Holmgren <holmgren@debian.org> Sat, 15 Feb 2014 21:49:37 +0100	28	-- Magnus Holmgren <holmgren@debian.org> Sat, 15 Feb 2014 21:49:37 +0100
18		29
19	libtar (1.2.20-1) unstable; urgency=high	30	libtar (1.2.20-1) unstable; urgency=high
20		31
21	* [SECURITY] New upstream release. Fixes CVE-2013-4397: Integer	32	* [SECURITY] New upstream release. Fixes CVE-2013-4397: Integer
22	overflow (Closes: #725938).	33	overflow (Closes: #725938).
23	* Bump Standards-Version to 3.9.4.	34	* Bump Standards-Version to 3.9.4.
24		35
25	-- Magnus Holmgren <holmgren@debian.org> Thu, 10 Oct 2013 19:20:49 +0200	36	-- Magnus Holmgren <holmgren@debian.org> Thu, 10 Oct 2013 19:20:49 +0200
26		37
27	libtar (1.2.19-1) unstable; urgency=low	38	libtar (1.2.19-1) unstable; urgency=low
28		39
29	* New upstream release.	40	* New upstream release.
30		41
31	-- Magnus Holmgren <holmgren@debian.org> Sun, 05 May 2013 17:59:29 +0200	42	-- Magnus Holmgren <holmgren@debian.org> Sun, 05 May 2013 17:59:29 +0200
32		43
33	libtar (1.2.16-1) unstable; urgency=low	44	libtar (1.2.16-1) unstable; urgency=low
34		45
35	* New upstream: Chris Frey has stepped up with the consent of the	46	* New upstream: Chris Frey has stepped up with the consent of the
36	original author, Mark Roth, and published an "official unofficial" git	47	original author, Mark Roth, and published an "official unofficial" git
37	repo at http://repo.or.cz/w/libtar.git, which I will use for the time	48	repo at http://repo.or.cz/w/libtar.git, which I will use for the time
38	being.	49	being.
39	* Updated debian/watch to look for tags and corresponding snapshot	50	* Updated debian/watch to look for tags and corresponding snapshot
40	tarballs at above URL.	51	tarballs at above URL.
41	* All patches have been incorporated or (in the case of	52	* All patches have been incorporated or (in the case of
42	autoreconf.patch) made obsolete upstream.	53	autoreconf.patch) made obsolete upstream.
43	* debian/rules: Add build-indep and build-arch targets.	54	* debian/rules: Add build-indep and build-arch targets.
44	* Updated debian/copyright.	55	* Updated debian/copyright.
45	* Use dpkg-buildflags to set CFLAGS et al.	56	* Use dpkg-buildflags to set CFLAGS et al.
46	* debian/control: Add VCS fields; bump Standards-Version to 3.9.3.	57	* debian/control: Add VCS fields; bump Standards-Version to 3.9.3.
47		58
48	-- Magnus Holmgren <holmgren@debian.org> Sat, 23 Jun 2012 01:03:41 +0200	59	-- Magnus Holmgren <holmgren@debian.org> Sat, 23 Jun 2012 01:03:41 +0200
49		60
50	libtar (1.2.11-8) unstable; urgency=low	61	libtar (1.2.11-8) unstable; urgency=low
51		62
52	* libtool.patch: Set SHELL to the configured shell in those Makefile.in	63	* libtool.patch: Set SHELL to the configured shell in those Makefile.in
53	where libtool is used; otherwise libtool fails when /bin/sh is dash	64	where libtool is used; otherwise libtool fails when /bin/sh is dash
54	but bash is expected (Closes: #621935).	65	but bash is expected (Closes: #621935).
55	* man_hyphen_minus.patch (new): Escape hyphens that should be minus	66	* man_hyphen_minus.patch (new): Escape hyphens that should be minus
56	signs in man pages.	67	signs in man pages.
57	* Rename libtar as libtar0 to follow policy.	68	* Rename libtar as libtar0 to follow policy.
58		69
59	-- Magnus Holmgren <holmgren@debian.org> Sun, 24 Apr 2011 21:11:52 +0200	70	-- Magnus Holmgren <holmgren@debian.org> Sun, 24 Apr 2011 21:11:52 +0200
60		71
61	libtar (1.2.11-7) unstable; urgency=low	72	libtar (1.2.11-7) unstable; urgency=low
62		73
63	* New maintainer (Closes: #526618).	74	* New maintainer (Closes: #526618).
64	* Change source format to 3.0 (quilt), clean up Debian diff and split	75	* Change source format to 3.0 (quilt), clean up Debian diff and split
65	into several patches:	76	into several patches:
66	* libtool.patch: Using libtool to build dynamic library;	77	* libtool.patch: Using libtool to build dynamic library;
67	* autoreconf.patch: Changes needed to call autoreconf (bug 511741);	78	* autoreconf.patch: Changes needed to call autoreconf (bug 511741);
68	* memleak.patch: Fix memory leaks;	79	* memleak.patch: Fix memory leaks;
69	* bad_ptrtoint.patch: Document stupidity of tartype_t in libtar.c	80	* bad_ptrtoint.patch: Document stupidity of tartype_t in libtar.c
70	(bug 309945).	81	(bug 309945).
71	* Increase Debhelper compat level to 7.	82	* Increase Debhelper compat level to 7.
72	* Use dh_autoreconf to avoid having to keep track of files to clean.	83	* Use dh_autoreconf to avoid having to keep track of files to clean.
73	* memleak2.patch (new): Applied instead of memleak.patch. Fix memory	84	* memleak2.patch (new): Applied instead of memleak.patch. Fix memory
74	leak by making th_get_pathname() return a pointer to a static buffer	85	leak by making th_get_pathname() return a pointer to a static buffer
75	instead of a pointer to a copy of a local buffer (LP: #41804).	86	instead of a pointer to a copy of a local buffer (LP: #41804).
76	* Add homepage field and watch file (in case there is ever a new	87	* Add homepage field and watch file (in case there is ever a new
77	upstream release).	88	upstream release).
78	* Upgrade to Standards-Version 3.9.1.	89	* Upgrade to Standards-Version 3.9.1.
79		90
80	-- Magnus Holmgren <holmgren@debian.org> Sat, 26 Mar 2011 23:10:25 +0100	91	-- Magnus Holmgren <holmgren@debian.org> Sat, 26 Mar 2011 23:10:25 +0100
81		92
82	libtar (1.2.11-6) unstable; urgency=low	93	libtar (1.2.11-6) unstable; urgency=low
83		94
84	* Fix autotools usage (Closes: #511741)	95	* Fix autotools usage (Closes: #511741)
85		96
86	-- Julien Danjou <acid@debian.org> Sat, 02 May 2009 11:33:06 +0200	97	-- Julien Danjou <acid@debian.org> Sat, 02 May 2009 11:33:06 +0200
87		98
88	libtar (1.2.11-5) unstable; urgency=low	99	libtar (1.2.11-5) unstable; urgency=low
89		100
90	* New maintainer (Closes: #465889)	101	* New maintainer (Closes: #465889)
91	* Add missing binary-indep target in debian/rules (Closes: #395714)	102	* Add missing binary-indep target in debian/rules (Closes: #395714)
92	* Use ${binary:Version} instead of Source-Version	103	* Use ${binary:Version} instead of Source-Version
93	* Bump standard version	104	* Bump standard version
94	* Switch to debhelper 5	105	* Switch to debhelper 5
95		106
96	-- Julien Danjou <acid@debian.org> Wed, 02 Apr 2008 07:06:55 +0200	107	-- Julien Danjou <acid@debian.org> Wed, 02 Apr 2008 07:06:55 +0200
97		108
98	libtar (1.2.11-4) unstable; urgency=low	109	libtar (1.2.11-4) unstable; urgency=low
99		110
100	* Always include the newest libtool.m4. (Closes: #313612)	111	* Always include the newest libtool.m4. (Closes: #313612)
101		112
102	-- James Morrison <phython@debian.org> Sun, 28 Aug 2005 09:41:47 -0700	113	-- James Morrison <phython@debian.org> Sun, 28 Aug 2005 09:41:47 -0700
103		114
104	libtar (1.2.11-3) unstable; urgency=low	115	libtar (1.2.11-3) unstable; urgency=low
105		116
106	* Document stupidity of tartype_t in libtar.c. (Closes: #309945)	117	* Document stupidity of tartype_t in libtar.c. (Closes: #309945)
107		118
108	-- James Morrison <phython@debian.org> Sat, 11 Jun 2005 18:23:15 -0400	119	-- James Morrison <phython@debian.org> Sat, 11 Jun 2005 18:23:15 -0400
109		120
110	libtar (1.2.11-2) unstable; urgency=low	121	libtar (1.2.11-2) unstable; urgency=low
111		122
112	* Move libtar-dev to libdevel. (Closes: #188207)	123	* Move libtar-dev to libdevel. (Closes: #188207)
113	* Fix potential memory leak.	124	* Fix potential memory leak.
114		125
115	-- James Morrison <phython@debian.org> Sun, 25 Jul 2004 12:59:08 -0700	126	-- James Morrison <phython@debian.org> Sun, 25 Jul 2004 12:59:08 -0700
116		127
117	libtar (1.2.11-1) unstable; urgency=low	128	libtar (1.2.11-1) unstable; urgency=low
118		129
119	* New Upstream release.	130	* New Upstream release.
120		131
121	-- James Morrison <phython@debian.org> Sat, 5 Apr 2003 14:03:19 -0500	132	-- James Morrison <phython@debian.org> Sat, 5 Apr 2003 14:03:19 -0500
122		133
123	libtar (1.2.10-1) unstable; urgency=low	134	libtar (1.2.10-1) unstable; urgency=low
124		135
125	* New Upstream release.	136	* New Upstream release.
126	(Closes: #166602) New upstream uses autoconf 2.5x	137	(Closes: #166602) New upstream uses autoconf 2.5x
127	* Remove dependency on automake. Hopefully upstream will except this	138	* Remove dependency on automake. Hopefully upstream will except this
128	use of libtool.	139	use of libtool.
129	* Remove all -static and -shared targets from debian/rules.	140	* Remove all -static and -shared targets from debian/rules.
130	* Use dh_install instead of dh_movefiles.	141	* Use dh_install instead of dh_movefiles.
131	* -	142	* -
132		143
133	-- James Morrison <phython@debian.org> Sat, 5 Apr 2003 14:03:16 -0500	144	-- James Morrison <phython@debian.org> Sat, 5 Apr 2003 14:03:16 -0500
134		145
135	libtar (1.2.5-4) unstable; urgency=low	146	libtar (1.2.5-4) unstable; urgency=low
136		147
137	* New maintainer. (Closes: #154597)	148	* New maintainer. (Closes: #154597)
138	* WSG_ENCAP is now defined. (Closes: #147764)	149	* WSG_ENCAP is now defined. (Closes: #147764)
139	* libtar-dev depends on libc-dev instead of libc6-dev.	150	* libtar-dev depends on libc-dev instead of libc6-dev.
140		151
141	-- James Morrison <phython@debian.org> Wed, 14 Aug 2002 23:44:16 -0400	152	-- James Morrison <phython@debian.org> Wed, 14 Aug 2002 23:44:16 -0400
142		153
143	libtar (1.2.5-3) unstable; urgency=low	154	libtar (1.2.5-3) unstable; urgency=low
144		155
145	* Modify build commands to acomadate change in autoconf (Closes #147764)	156	* Modify build commands to acomadate change in autoconf (Closes #147764)
146		157
147	-- Glenn McGrath <bug1@debian.org> Thu, 23 May 2002 01:06:16 +1000	158	-- Glenn McGrath <bug1@debian.org> Thu, 23 May 2002 01:06:16 +1000
148		159
149	libtar (1.2.5-2) unstable; urgency=low	160	libtar (1.2.5-2) unstable; urgency=low
150		161
151	* Fix build problem (Closes #135360)	162	* Fix build problem (Closes #135360)
152		163
153	-- Glenn McGrath <bug1@debian.org> Sun, 24 Feb 2002 06:29:31 +1100	164	-- Glenn McGrath <bug1@debian.org> Sun, 24 Feb 2002 06:29:31 +1100
154		165
155	libtar (1.2.5-1) unstable; urgency=low	166	libtar (1.2.5-1) unstable; urgency=low
156		167
157	* New upstream version	168	* New upstream version
158	* Change section of libtar-dev to devel and libtar to libs	169	* Change section of libtar-dev to devel and libtar to libs
159		170
160	-- Glenn McGrath <bug1@debian.org> Fri, 22 Feb 2002 04:23:15 +1100	171	-- Glenn McGrath <bug1@debian.org> Fri, 22 Feb 2002 04:23:15 +1100
161		172
162	libtar (1.2.4-2) unstable; urgency=low	173	libtar (1.2.4-2) unstable; urgency=low
163		174
164	* Change section from devel to libs	175	* Change section from devel to libs
165		176
166	-- Glenn McGrath <bug1@debian.org> Sat, 2 Feb 2002 12:12:32 +1100	177	-- Glenn McGrath <bug1@debian.org> Sat, 2 Feb 2002 12:12:32 +1100
167		178
168	libtar (1.2.4-1) unstable; urgency=low	179	libtar (1.2.4-1) unstable; urgency=low
169		180
170	* Initial Release. (closes #128042)	181	* Initial Release. (closes #128042)
171		182
172	-- Glenn McGrath <bug1@debian.org> Sat, 5 Jan 2002 13:24:37 +1100	183	-- Glenn McGrath <bug1@debian.org> Sat, 5 Jan 2002 13:24:37 +1100
173		184