crystalcursorsdebpoollibdkimlibmail-dkim-perlliboopliboop-badlibspf2libtarlshnettleoidentdpikepike-oldpmkprayerprayer-errpyscrabblesa-eximssvnctvtimex2vnczxid

Català-Valencià - Catalan中文 - Chinese (Simplified)中文 - Chinese (Traditional)Česky - CzechDansk - DanishNederlands - DutchEnglish - EnglishSuomi - FinnishFrançais - FrenchDeutsch - Germanעברית - Hebrewहिंदी - HindiMagyar - HungarianBahasa Indonesia - IndonesianItaliano - Italian日本語 - Japanese한국어 - KoreanМакедонски - Macedonianमराठी - MarathiNorsk - NorwegianPolski - PolishPortuguês - PortuguesePortuguês - Portuguese (Brazil)Русский - RussianSlovenčina - SlovakSlovenščina - SlovenianEspañol - SpanishSvenska - SwedishTürkçe - TurkishУкраїнська - UkrainianOëzbekcha - Uzbek

Compare Revisions

• This comparison shows the changes necessary to convert path

  → /tags/ @ HEAD

  → /tags/ @ 1

  ↔ Reverse comparison

• Compare Path:	Rev

  With Path:	Rev

Ignore whitespace Rev HEAD → Rev 1

/tags/1.2.16-1/debian/changelog
File deleted

/tags/1.2.16-1/debian/copyright
File deleted

/tags/1.2.16-1/debian/docs
File deleted

/tags/1.2.16-1/debian/rules
File deleted
Property changes:
Deleted: svn:executable
## -1 +0,0 ##
-*
\ No newline at end of property
Index: 1.2.16-1/debian/libtar-dev.install
===================================================================
--- 1.2.16-1/debian/libtar-dev.install (revision 51)
+++ 1.2.16-1/debian/libtar-dev.install (nonexistent)
@@ -1,4 +0,0 @@
-usr/include/libtar.h
-usr/include/libtar_listhash.h
-usr/lib/lib*.a
-usr/lib/lib*so
Index: 1.2.16-1/debian/source/format
===================================================================
--- 1.2.16-1/debian/source/format (revision 51)
+++ 1.2.16-1/debian/source/format (nonexistent)
@@ -1 +0,0 @@
-3.0 (quilt)
Index: 1.2.16-1/debian/control
===================================================================
--- 1.2.16-1/debian/control (revision 51)
+++ 1.2.16-1/debian/control (nonexistent)
@@ -1,29 +0,0 @@
-Source: libtar
-Section: libs
-Priority: optional
-Maintainer: Magnus Holmgren <holmgren@debian.org>
-Build-Depends: dpkg-dev (>= 1.15.7), debhelper (>= 7), dh-autoreconf,
- autoconf, libtool
-Standards-Version: 3.9.3
-Homepage: http://www.feep.net/libtar/
-Vcs-Browser: http://svn.kibibyte.se/libtar
-Vcs-Svn: svn://svn.kibibyte.se/libtar/trunk
-
-Package: libtar-dev
-Architecture: any
-Section: libdevel
-Depends: libtar0 (= ${binary:Version}), ${misc:Depends}
-Description: C library for manipulating tar archives (development files)
- Contains static library, headers, example code and development manpages
- for libtar
-
-Package: libtar0
-Architecture: any
-Depends: ${shlibs:Depends}, ${misc:Depends}
-Replaces: libtar
-Breaks: libtar
-Provides: libtar
-Description: C library for manipulating tar archives
- libtar allows programs to create, extract and test tar archives.
- It supports both the strict POSIX tar format and many of the commonly-used
- GNU extensions.
Index: 1.2.16-1/debian/libtar0.install
===================================================================
--- 1.2.16-1/debian/libtar0.install (revision 51)
+++ 1.2.16-1/debian/libtar0.install (nonexistent)
@@ -1 +0,0 @@
-usr/lib/lib*.so.*
Index: 1.2.16-1/debian/libtar-dev.manpages
===================================================================
--- 1.2.16-1/debian/libtar-dev.manpages (revision 51)
+++ 1.2.16-1/debian/libtar-dev.manpages (nonexistent)
@@ -1,11 +0,0 @@
-debian/tmp/usr/share/man/man3/libtar_hash_new.3
-debian/tmp/usr/share/man/man3/libtar_list_new.3
-debian/tmp/usr/share/man/man3/tar_append_file.3
-debian/tmp/usr/share/man/man3/tar_block_read.3
-debian/tmp/usr/share/man/man3/tar_extract_all.3
-debian/tmp/usr/share/man/man3/tar_extract_file.3
-debian/tmp/usr/share/man/man3/tar_open.3
-debian/tmp/usr/share/man/man3/th_get_pathname.3
-debian/tmp/usr/share/man/man3/th_print_long_ls.3
-debian/tmp/usr/share/man/man3/th_read.3
-debian/tmp/usr/share/man/man3/th_set_from_stat.3
Index: 1.2.16-1/debian/compat
===================================================================
--- 1.2.16-1/debian/compat (revision 51)
+++ 1.2.16-1/debian/compat (nonexistent)
@@ -1 +0,0 @@
-7
Index: 1.2.16-1/debian/libtar-dev.examples
===================================================================
--- 1.2.16-1/debian/libtar-dev.examples (revision 51)
+++ 1.2.16-1/debian/libtar-dev.examples (nonexistent)
@@ -1,2 +0,0 @@
-libtar/libtar.c
-libtar/Makefile
Index: 1.2.16-1/debian/watch
===================================================================
--- 1.2.16-1/debian/watch (revision 51)
+++ 1.2.16-1/debian/watch (nonexistent)
@@ -1,6 +0,0 @@
-version=3
-
-#ftp://ftp.feep.net/pub/software/libtar/libtar-(.*).tar.gz
-
-opts=downloadurlmangle=s/tag/snapshot/,filenamemangle=s/.*\/v([\d\.]+)$/libtar-$1.tar.gz/ \
- http://repo.or.cz/w/libtar.git/shortlog ^.*/v([\d\.]+)
Index: 1.2.16-1/debian
===================================================================
--- 1.2.16-1/debian (revision 51)
+++ 1.2.16-1/debian (nonexistent)

/1.2.16-1/debian
Property changes:
Deleted: mergeWithUpstream
## -1 +0,0 ##
-1
\ No newline at end of property
Index: 1.2.19-1/debian/copyright
===================================================================
--- 1.2.19-1/debian/copyright (revision 51)
+++ 1.2.19-1/debian/copyright (nonexistent)
@@ -1,45 +0,0 @@
-This package was debianized by Glenn McGrath <bug1@debian.org> on
-Sat, 5 Jan 2002 13:24:37 +1100.
-
-It was downloaded from http://repo.or.cz/w/libtar.git; previously from
-http://www.feep.net/libtar/
-
-Upstream Authors: Mark D. Roth <roth@uiuc.edu> and Chris Frey
-<cdfrey@foursquare.net>
-
-Copyright:
-Copyright (c) 1998-2003 University of Illinois Board of Trustees
-Copyright (c) 1998-2003 Mark D. Roth
-All rights reserved.
-
-Developed by: Campus Information Technologies and Educational Services,
- University of Illinois at Urbana-Champaign
-
-Permission is hereby granted, free of charge, to any person obtaining
-a copy of this software and associated documentation files (the
-``Software''), to deal with the Software without restriction, including
-without limitation the rights to use, copy, modify, merge, publish,
-distribute, sublicense, and/or sell copies of the Software, and to
-permit persons to whom the Software is furnished to do so, subject to
-the following conditions:
-
-* Redistributions of source code must retain the above copyright
- notice, this list of conditions and the following disclaimers.
-
-* Redistributions in binary form must reproduce the above copyright
- notice, this list of conditions and the following disclaimers in the
- documentation and/or other materials provided with the distribution.
-
-* Neither the names of Campus Information Technologies and Educational
- Services, University of Illinois at Urbana-Champaign, nor the names
- of its contributors may be used to endorse or promote products derived
- from this Software without specific prior written permission.
-
-THE SOFTWARE IS PROVIDED ``AS IS'', WITHOUT WARRANTY OF ANY KIND,
-EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
-MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT.
-IN NO EVENT SHALL THE CONTRIBUTORS OR COPYRIGHT HOLDERS BE LIABLE FOR
-ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT,
-TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE
-OR THE USE OR OTHER DEALINGS WITH THE SOFTWARE.
-
Index: 1.2.19-1/debian/docs
===================================================================
--- 1.2.19-1/debian/docs (revision 51)
+++ 1.2.19-1/debian/docs (nonexistent)
@@ -1,3 +0,0 @@
-README
-TODO
-ChangeLog-1.0.x
Index: 1.2.19-1/debian/rules
===================================================================
--- 1.2.19-1/debian/rules (revision 51)
+++ 1.2.19-1/debian/rules (nonexistent)
@@ -1,62 +0,0 @@
-#!/usr/bin/make -f
-
-export LIBTOOLIZE = libtoolize --install
-
-configure: configure-stamp
-configure-stamp:
- dh_testdir
- [ -f debian/autoreconf.before ] || dh_autoreconf
- ./configure \
- --prefix=/usr \
- --mandir=\$${prefix}/share/man \
- $(shell dpkg-buildflags --export=configure)
- touch configure-stamp
-
-build-arch: build
-build-indep:
-build: build-stamp
-build-stamp: configure-stamp
- dh_testdir
- $(MAKE)
- touch build-stamp
-
-clean:
- dh_testdir
- dh_testroot
- # Stale build files
- [ ! -f Makefile ] || $(MAKE) distclean
- -rm -f build-stamp configure-stamp
- dh_autoreconf_clean
- dh_clean libtool configure
-
-install: build-stamp
- dh_testdir
- dh_testroot
- dh_prep
-
- $(MAKE) install DESTDIR=$(CURDIR)/debian/tmp
-
-binary-indep:
-
-binary-arch: install
- dh_testdir
- dh_testroot
- dh_install --sourcedir=debian/tmp
-
- dh_installdocs
- dh_installexamples
- dh_installman
- dh_installchangelogs ChangeLog
- dh_link
- dh_strip
- dh_compress
- dh_fixperms
- dh_makeshlibs
- dh_installdeb
- dh_shlibdeps
- dh_gencontrol
- dh_md5sums
- dh_builddeb
-
-binary: binary-indep binary-arch
-.PHONY: build clean binary-indep binary-arch binary install configure

/1.2.19-1/debian/rules
Property changes:
Deleted: svn:executable
## -1 +0,0 ##
-*
\ No newline at end of property
Index: 1.2.19-1/debian/libtar-dev.install
===================================================================
--- 1.2.19-1/debian/libtar-dev.install (revision 51)
+++ 1.2.19-1/debian/libtar-dev.install (nonexistent)
@@ -1,4 +0,0 @@
-usr/include/libtar.h
-usr/include/libtar_listhash.h
-usr/lib/lib*.a
-usr/lib/lib*so
Index: 1.2.19-1/debian/source/format
===================================================================
--- 1.2.19-1/debian/source/format (revision 51)
+++ 1.2.19-1/debian/source/format (nonexistent)
@@ -1 +0,0 @@
-3.0 (quilt)
Index: 1.2.19-1/debian/control
===================================================================
--- 1.2.19-1/debian/control (revision 51)
+++ 1.2.19-1/debian/control (nonexistent)
@@ -1,29 +0,0 @@
-Source: libtar
-Section: libs
-Priority: optional
-Maintainer: Magnus Holmgren <holmgren@debian.org>
-Build-Depends: dpkg-dev (>= 1.15.7), debhelper (>= 7), dh-autoreconf,
- autoconf, libtool
-Standards-Version: 3.9.3
-Homepage: http://www.feep.net/libtar/
-Vcs-Browser: http://svn.kibibyte.se/libtar
-Vcs-Svn: svn://svn.kibibyte.se/libtar/trunk
-
-Package: libtar-dev
-Architecture: any
-Section: libdevel
-Depends: libtar0 (= ${binary:Version}), ${misc:Depends}
-Description: C library for manipulating tar archives (development files)
- Contains static library, headers, example code and development manpages
- for libtar
-
-Package: libtar0
-Architecture: any
-Depends: ${shlibs:Depends}, ${misc:Depends}
-Replaces: libtar
-Breaks: libtar
-Provides: libtar
-Description: C library for manipulating tar archives
- libtar allows programs to create, extract and test tar archives.
- It supports both the strict POSIX tar format and many of the commonly-used
- GNU extensions.
Index: 1.2.19-1/debian/libtar0.install
===================================================================
--- 1.2.19-1/debian/libtar0.install (revision 51)
+++ 1.2.19-1/debian/libtar0.install (nonexistent)
@@ -1 +0,0 @@
-usr/lib/lib*.so.*
Index: 1.2.19-1/debian/libtar-dev.manpages
===================================================================
--- 1.2.19-1/debian/libtar-dev.manpages (revision 51)
+++ 1.2.19-1/debian/libtar-dev.manpages (nonexistent)
@@ -1,11 +0,0 @@
-debian/tmp/usr/share/man/man3/libtar_hash_new.3
-debian/tmp/usr/share/man/man3/libtar_list_new.3
-debian/tmp/usr/share/man/man3/tar_append_file.3
-debian/tmp/usr/share/man/man3/tar_block_read.3
-debian/tmp/usr/share/man/man3/tar_extract_all.3
-debian/tmp/usr/share/man/man3/tar_extract_file.3
-debian/tmp/usr/share/man/man3/tar_open.3
-debian/tmp/usr/share/man/man3/th_get_pathname.3
-debian/tmp/usr/share/man/man3/th_print_long_ls.3
-debian/tmp/usr/share/man/man3/th_read.3
-debian/tmp/usr/share/man/man3/th_set_from_stat.3
Index: 1.2.19-1/debian/compat
===================================================================
--- 1.2.19-1/debian/compat (revision 51)
+++ 1.2.19-1/debian/compat (nonexistent)
@@ -1 +0,0 @@
-7
Index: 1.2.19-1/debian/libtar-dev.examples
===================================================================
--- 1.2.19-1/debian/libtar-dev.examples (revision 51)
+++ 1.2.19-1/debian/libtar-dev.examples (nonexistent)
@@ -1,2 +0,0 @@
-libtar/libtar.c
-libtar/Makefile
Index: 1.2.19-1/debian/watch
===================================================================
--- 1.2.19-1/debian/watch (revision 51)
+++ 1.2.19-1/debian/watch (nonexistent)
@@ -1,6 +0,0 @@
-version=3
-
-#ftp://ftp.feep.net/pub/software/libtar/libtar-(.*).tar.gz
-
-opts=downloadurlmangle=s/tag/snapshot/,filenamemangle=s/.*\/v([\d\.]+)$/libtar-$1.tar.gz/ \
- http://repo.or.cz/w/libtar.git/shortlog ^.*/v([\d\.]+)
Index: 1.2.19-1/debian/changelog
===================================================================
--- 1.2.19-1/debian/changelog (revision 51)
+++ 1.2.19-1/debian/changelog (nonexistent)
@@ -1,147 +0,0 @@
-libtar (1.2.19-1) unstable; urgency=low
-
- * New upstream release.
-
- -- Magnus Holmgren <holmgren@debian.org> Sun, 05 May 2013 17:59:29 +0200
-
-libtar (1.2.16-1) unstable; urgency=low
-
- * New upstream: Chris Frey has stepped up with the consent of the
- original author, Mark Roth, and published an "official unofficial" git
- repo at http://repo.or.cz/w/libtar.git, which I will use for the time
- being.
- * Updated debian/watch to look for tags and corresponding snapshot
- tarballs at above URL.
- * All patches have been incorporated or (in the case of
- autoreconf.patch) made obsolete upstream.
- * debian/rules: Add build-indep and build-arch targets.
- * Updated debian/copyright.
- * Use dpkg-buildflags to set CFLAGS et al.
- * debian/control: Add VCS fields; bump Standards-Version to 3.9.3.
-
- -- Magnus Holmgren <holmgren@debian.org> Sat, 23 Jun 2012 01:03:41 +0200
-
-libtar (1.2.11-8) unstable; urgency=low
-
- * libtool.patch: Set SHELL to the configured shell in those Makefile.in
- where libtool is used; otherwise libtool fails when /bin/sh is dash
- but bash is expected (Closes: #621935).
- * man_hyphen_minus.patch (new): Escape hyphens that should be minus
- signs in man pages.
- * Rename libtar as libtar0 to follow policy.
-
- -- Magnus Holmgren <holmgren@debian.org> Sun, 24 Apr 2011 21:11:52 +0200
-
-libtar (1.2.11-7) unstable; urgency=low
-
- * New maintainer (Closes: #526618).
- * Change source format to 3.0 (quilt), clean up Debian diff and split
- into several patches:
- * libtool.patch: Using libtool to build dynamic library;
- * autoreconf.patch: Changes needed to call autoreconf (bug 511741);
- * memleak.patch: Fix memory leaks;
- * bad_ptrtoint.patch: Document stupidity of tartype_t in libtar.c
- (bug 309945).
- * Increase Debhelper compat level to 7.
- * Use dh_autoreconf to avoid having to keep track of files to clean.
- * memleak2.patch (new): Applied instead of memleak.patch. Fix memory
- leak by making th_get_pathname() return a pointer to a static buffer
- instead of a pointer to a copy of a local buffer (LP: #41804).
- * Add homepage field and watch file (in case there is ever a new
- upstream release).
- * Upgrade to Standards-Version 3.9.1.
-
- -- Magnus Holmgren <holmgren@debian.org> Sat, 26 Mar 2011 23:10:25 +0100
-
-libtar (1.2.11-6) unstable; urgency=low
-
- * Fix autotools usage (Closes: #511741)
-
- -- Julien Danjou <acid@debian.org> Sat, 02 May 2009 11:33:06 +0200
-
-libtar (1.2.11-5) unstable; urgency=low
-
- * New maintainer (Closes: #465889)
- * Add missing binary-indep target in debian/rules (Closes: #395714)
- * Use ${binary:Version} instead of Source-Version
- * Bump standard version
- * Switch to debhelper 5
-
- -- Julien Danjou <acid@debian.org> Wed, 02 Apr 2008 07:06:55 +0200
-
-libtar (1.2.11-4) unstable; urgency=low
-
- * Always include the newest libtool.m4. (Closes: #313612)
-
- -- James Morrison <phython@debian.org> Sun, 28 Aug 2005 09:41:47 -0700
-
-libtar (1.2.11-3) unstable; urgency=low
-
- * Document stupidity of tartype_t in libtar.c. (Closes: #309945)
-
- -- James Morrison <phython@debian.org> Sat, 11 Jun 2005 18:23:15 -0400
-
-libtar (1.2.11-2) unstable; urgency=low
-
- * Move libtar-dev to libdevel. (Closes: #188207)
- * Fix potential memory leak.
-
- -- James Morrison <phython@debian.org> Sun, 25 Jul 2004 12:59:08 -0700
-
-libtar (1.2.11-1) unstable; urgency=low
-
- * New Upstream release.
-
- -- James Morrison <phython@debian.org> Sat, 5 Apr 2003 14:03:19 -0500
-
-libtar (1.2.10-1) unstable; urgency=low
-
- * New Upstream release.
- (Closes: #166602) New upstream uses autoconf 2.5x
- * Remove dependency on automake. Hopefully upstream will except this
- use of libtool.
- * Remove all -static and -shared targets from debian/rules.
- * Use dh_install instead of dh_movefiles.
- * -
-
- -- James Morrison <phython@debian.org> Sat, 5 Apr 2003 14:03:16 -0500
-
-libtar (1.2.5-4) unstable; urgency=low
-
- * New maintainer. (Closes: #154597)
- * WSG_ENCAP is now defined. (Closes: #147764)
- * libtar-dev depends on libc-dev instead of libc6-dev.
-
- -- James Morrison <phython@debian.org> Wed, 14 Aug 2002 23:44:16 -0400
-
-libtar (1.2.5-3) unstable; urgency=low
-
- * Modify build commands to acomadate change in autoconf (Closes #147764)
-
- -- Glenn McGrath <bug1@debian.org> Thu, 23 May 2002 01:06:16 +1000
-
-libtar (1.2.5-2) unstable; urgency=low
-
- * Fix build problem (Closes #135360)
-
- -- Glenn McGrath <bug1@debian.org> Sun, 24 Feb 2002 06:29:31 +1100
-
-libtar (1.2.5-1) unstable; urgency=low
-
- * New upstream version
- * Change section of libtar-dev to devel and libtar to libs
-
- -- Glenn McGrath <bug1@debian.org> Fri, 22 Feb 2002 04:23:15 +1100
-
-libtar (1.2.4-2) unstable; urgency=low
-
- * Change section from devel to libs
-
- -- Glenn McGrath <bug1@debian.org> Sat, 2 Feb 2002 12:12:32 +1100
-
-libtar (1.2.4-1) unstable; urgency=low
-
- * Initial Release. (closes #128042)
-
- -- Glenn McGrath <bug1@debian.org> Sat, 5 Jan 2002 13:24:37 +1100
-
Index: 1.2.19-1/debian
===================================================================
--- 1.2.19-1/debian (revision 51)
+++ 1.2.19-1/debian (nonexistent)

/1.2.19-1/debian
Property changes:
Deleted: mergeWithUpstream
## -1 +0,0 ##
-1
\ No newline at end of property
Index: 1.2.20-1/debian/libtar-dev.manpages
===================================================================
--- 1.2.20-1/debian/libtar-dev.manpages (revision 51)
+++ 1.2.20-1/debian/libtar-dev.manpages (nonexistent)
@@ -1,11 +0,0 @@
-debian/tmp/usr/share/man/man3/libtar_hash_new.3
-debian/tmp/usr/share/man/man3/libtar_list_new.3
-debian/tmp/usr/share/man/man3/tar_append_file.3
-debian/tmp/usr/share/man/man3/tar_block_read.3
-debian/tmp/usr/share/man/man3/tar_extract_all.3
-debian/tmp/usr/share/man/man3/tar_extract_file.3
-debian/tmp/usr/share/man/man3/tar_open.3
-debian/tmp/usr/share/man/man3/th_get_pathname.3
-debian/tmp/usr/share/man/man3/th_print_long_ls.3
-debian/tmp/usr/share/man/man3/th_read.3
-debian/tmp/usr/share/man/man3/th_set_from_stat.3
Index: 1.2.20-1/debian/compat
===================================================================
--- 1.2.20-1/debian/compat (revision 51)
+++ 1.2.20-1/debian/compat (nonexistent)
@@ -1 +0,0 @@
-7
Index: 1.2.20-1/debian/libtar-dev.examples
===================================================================
--- 1.2.20-1/debian/libtar-dev.examples (revision 51)
+++ 1.2.20-1/debian/libtar-dev.examples (nonexistent)
@@ -1,2 +0,0 @@
-libtar/libtar.c
-libtar/Makefile
Index: 1.2.20-1/debian/watch
===================================================================
--- 1.2.20-1/debian/watch (revision 51)
+++ 1.2.20-1/debian/watch (nonexistent)
@@ -1,6 +0,0 @@
-version=3
-
-#ftp://ftp.feep.net/pub/software/libtar/libtar-(.*).tar.gz
-
-opts=downloadurlmangle=s/tag/snapshot/,filenamemangle=s/.*\/v([\d\.]+)$/libtar-$1.tar.gz/ \
- http://repo.or.cz/w/libtar.git/shortlog ^.*/v([\d\.]+)
Index: 1.2.20-1/debian/changelog
===================================================================
--- 1.2.20-1/debian/changelog (revision 51)
+++ 1.2.20-1/debian/changelog (nonexistent)
@@ -1,155 +0,0 @@
-libtar (1.2.20-1) unstable; urgency=high
-
- * [SECURITY] New upstream release. Fixes CVE-2013-4397: Integer
- overflow (Closes: #725938).
- * Bump Standards-Version to 3.9.4.
-
- -- Magnus Holmgren <holmgren@debian.org> Thu, 10 Oct 2013 19:20:49 +0200
-
-libtar (1.2.19-1) unstable; urgency=low
-
- * New upstream release.
-
- -- Magnus Holmgren <holmgren@debian.org> Sun, 05 May 2013 17:59:29 +0200
-
-libtar (1.2.16-1) unstable; urgency=low
-
- * New upstream: Chris Frey has stepped up with the consent of the
- original author, Mark Roth, and published an "official unofficial" git
- repo at http://repo.or.cz/w/libtar.git, which I will use for the time
- being.
- * Updated debian/watch to look for tags and corresponding snapshot
- tarballs at above URL.
- * All patches have been incorporated or (in the case of
- autoreconf.patch) made obsolete upstream.
- * debian/rules: Add build-indep and build-arch targets.
- * Updated debian/copyright.
- * Use dpkg-buildflags to set CFLAGS et al.
- * debian/control: Add VCS fields; bump Standards-Version to 3.9.3.
-
- -- Magnus Holmgren <holmgren@debian.org> Sat, 23 Jun 2012 01:03:41 +0200
-
-libtar (1.2.11-8) unstable; urgency=low
-
- * libtool.patch: Set SHELL to the configured shell in those Makefile.in
- where libtool is used; otherwise libtool fails when /bin/sh is dash
- but bash is expected (Closes: #621935).
- * man_hyphen_minus.patch (new): Escape hyphens that should be minus
- signs in man pages.
- * Rename libtar as libtar0 to follow policy.
-
- -- Magnus Holmgren <holmgren@debian.org> Sun, 24 Apr 2011 21:11:52 +0200
-
-libtar (1.2.11-7) unstable; urgency=low
-
- * New maintainer (Closes: #526618).
- * Change source format to 3.0 (quilt), clean up Debian diff and split
- into several patches:
- * libtool.patch: Using libtool to build dynamic library;
- * autoreconf.patch: Changes needed to call autoreconf (bug 511741);
- * memleak.patch: Fix memory leaks;
- * bad_ptrtoint.patch: Document stupidity of tartype_t in libtar.c
- (bug 309945).
- * Increase Debhelper compat level to 7.
- * Use dh_autoreconf to avoid having to keep track of files to clean.
- * memleak2.patch (new): Applied instead of memleak.patch. Fix memory
- leak by making th_get_pathname() return a pointer to a static buffer
- instead of a pointer to a copy of a local buffer (LP: #41804).
- * Add homepage field and watch file (in case there is ever a new
- upstream release).
- * Upgrade to Standards-Version 3.9.1.
-
- -- Magnus Holmgren <holmgren@debian.org> Sat, 26 Mar 2011 23:10:25 +0100
-
-libtar (1.2.11-6) unstable; urgency=low
-
- * Fix autotools usage (Closes: #511741)
-
- -- Julien Danjou <acid@debian.org> Sat, 02 May 2009 11:33:06 +0200
-
-libtar (1.2.11-5) unstable; urgency=low
-
- * New maintainer (Closes: #465889)
- * Add missing binary-indep target in debian/rules (Closes: #395714)
- * Use ${binary:Version} instead of Source-Version
- * Bump standard version
- * Switch to debhelper 5
-
- -- Julien Danjou <acid@debian.org> Wed, 02 Apr 2008 07:06:55 +0200
-
-libtar (1.2.11-4) unstable; urgency=low
-
- * Always include the newest libtool.m4. (Closes: #313612)
-
- -- James Morrison <phython@debian.org> Sun, 28 Aug 2005 09:41:47 -0700
-
-libtar (1.2.11-3) unstable; urgency=low
-
- * Document stupidity of tartype_t in libtar.c. (Closes: #309945)
-
- -- James Morrison <phython@debian.org> Sat, 11 Jun 2005 18:23:15 -0400
-
-libtar (1.2.11-2) unstable; urgency=low
-
- * Move libtar-dev to libdevel. (Closes: #188207)
- * Fix potential memory leak.
-
- -- James Morrison <phython@debian.org> Sun, 25 Jul 2004 12:59:08 -0700
-
-libtar (1.2.11-1) unstable; urgency=low
-
- * New Upstream release.
-
- -- James Morrison <phython@debian.org> Sat, 5 Apr 2003 14:03:19 -0500
-
-libtar (1.2.10-1) unstable; urgency=low
-
- * New Upstream release.
- (Closes: #166602) New upstream uses autoconf 2.5x
- * Remove dependency on automake. Hopefully upstream will except this
- use of libtool.
- * Remove all -static and -shared targets from debian/rules.
- * Use dh_install instead of dh_movefiles.
- * -
-
- -- James Morrison <phython@debian.org> Sat, 5 Apr 2003 14:03:16 -0500
-
-libtar (1.2.5-4) unstable; urgency=low
-
- * New maintainer. (Closes: #154597)
- * WSG_ENCAP is now defined. (Closes: #147764)
- * libtar-dev depends on libc-dev instead of libc6-dev.
-
- -- James Morrison <phython@debian.org> Wed, 14 Aug 2002 23:44:16 -0400
-
-libtar (1.2.5-3) unstable; urgency=low
-
- * Modify build commands to acomadate change in autoconf (Closes #147764)
-
- -- Glenn McGrath <bug1@debian.org> Thu, 23 May 2002 01:06:16 +1000
-
-libtar (1.2.5-2) unstable; urgency=low
-
- * Fix build problem (Closes #135360)
-
- -- Glenn McGrath <bug1@debian.org> Sun, 24 Feb 2002 06:29:31 +1100
-
-libtar (1.2.5-1) unstable; urgency=low
-
- * New upstream version
- * Change section of libtar-dev to devel and libtar to libs
-
- -- Glenn McGrath <bug1@debian.org> Fri, 22 Feb 2002 04:23:15 +1100
-
-libtar (1.2.4-2) unstable; urgency=low
-
- * Change section from devel to libs
-
- -- Glenn McGrath <bug1@debian.org> Sat, 2 Feb 2002 12:12:32 +1100
-
-libtar (1.2.4-1) unstable; urgency=low
-
- * Initial Release. (closes #128042)
-
- -- Glenn McGrath <bug1@debian.org> Sat, 5 Jan 2002 13:24:37 +1100
-
Index: 1.2.20-1/debian/copyright
===================================================================
--- 1.2.20-1/debian/copyright (revision 51)
+++ 1.2.20-1/debian/copyright (nonexistent)
@@ -1,45 +0,0 @@
-This package was debianized by Glenn McGrath <bug1@debian.org> on
-Sat, 5 Jan 2002 13:24:37 +1100.
-
-It was downloaded from http://repo.or.cz/w/libtar.git; previously from
-http://www.feep.net/libtar/
-
-Upstream Authors: Mark D. Roth <roth@uiuc.edu> and Chris Frey
-<cdfrey@foursquare.net>
-
-Copyright:
-Copyright (c) 1998-2003 University of Illinois Board of Trustees
-Copyright (c) 1998-2003 Mark D. Roth
-All rights reserved.
-
-Developed by: Campus Information Technologies and Educational Services,
- University of Illinois at Urbana-Champaign
-
-Permission is hereby granted, free of charge, to any person obtaining
-a copy of this software and associated documentation files (the
-``Software''), to deal with the Software without restriction, including
-without limitation the rights to use, copy, modify, merge, publish,
-distribute, sublicense, and/or sell copies of the Software, and to
-permit persons to whom the Software is furnished to do so, subject to
-the following conditions:
-
-* Redistributions of source code must retain the above copyright
- notice, this list of conditions and the following disclaimers.
-
-* Redistributions in binary form must reproduce the above copyright
- notice, this list of conditions and the following disclaimers in the
- documentation and/or other materials provided with the distribution.
-
-* Neither the names of Campus Information Technologies and Educational
- Services, University of Illinois at Urbana-Champaign, nor the names
- of its contributors may be used to endorse or promote products derived
- from this Software without specific prior written permission.
-
-THE SOFTWARE IS PROVIDED ``AS IS'', WITHOUT WARRANTY OF ANY KIND,
-EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
-MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT.
-IN NO EVENT SHALL THE CONTRIBUTORS OR COPYRIGHT HOLDERS BE LIABLE FOR
-ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT,
-TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE
-OR THE USE OR OTHER DEALINGS WITH THE SOFTWARE.
-
Index: 1.2.20-1/debian/docs
===================================================================
--- 1.2.20-1/debian/docs (revision 51)
+++ 1.2.20-1/debian/docs (nonexistent)
@@ -1,3 +0,0 @@
-README
-TODO
-ChangeLog-1.0.x
Index: 1.2.20-1/debian/rules
===================================================================
--- 1.2.20-1/debian/rules (revision 51)
+++ 1.2.20-1/debian/rules (nonexistent)
@@ -1,62 +0,0 @@
-#!/usr/bin/make -f
-
-export LIBTOOLIZE = libtoolize --install
-
-configure: configure-stamp
-configure-stamp:
- dh_testdir
- [ -f debian/autoreconf.before ] || dh_autoreconf
- ./configure \
- --prefix=/usr \
- --mandir=\$${prefix}/share/man \
- $(shell dpkg-buildflags --export=configure)
- touch configure-stamp
-
-build-arch: build
-build-indep:
-build: build-stamp
-build-stamp: configure-stamp
- dh_testdir
- $(MAKE)
- touch build-stamp
-
-clean:
- dh_testdir
- dh_testroot
- # Stale build files
- [ ! -f Makefile ] || $(MAKE) distclean
- -rm -f build-stamp configure-stamp
- dh_autoreconf_clean
- dh_clean libtool configure
-
-install: build-stamp
- dh_testdir
- dh_testroot
- dh_prep
-
- $(MAKE) install DESTDIR=$(CURDIR)/debian/tmp
-
-binary-indep:
-
-binary-arch: install
- dh_testdir
- dh_testroot
- dh_install --sourcedir=debian/tmp
-
- dh_installdocs
- dh_installexamples
- dh_installman
- dh_installchangelogs ChangeLog
- dh_link
- dh_strip
- dh_compress
- dh_fixperms
- dh_makeshlibs
- dh_installdeb
- dh_shlibdeps
- dh_gencontrol
- dh_md5sums
- dh_builddeb
-
-binary: binary-indep binary-arch
-.PHONY: build clean binary-indep binary-arch binary install configure

/1.2.20-1/debian/rules
Property changes:
Deleted: svn:executable
## -1 +0,0 ##
-*
\ No newline at end of property
Index: 1.2.20-1/debian/libtar-dev.install
===================================================================
--- 1.2.20-1/debian/libtar-dev.install (revision 51)
+++ 1.2.20-1/debian/libtar-dev.install (nonexistent)
@@ -1,4 +0,0 @@
-usr/include/libtar.h
-usr/include/libtar_listhash.h
-usr/lib/lib*.a
-usr/lib/lib*so
Index: 1.2.20-1/debian/source/format
===================================================================
--- 1.2.20-1/debian/source/format (revision 51)
+++ 1.2.20-1/debian/source/format (nonexistent)
@@ -1 +0,0 @@
-3.0 (quilt)
Index: 1.2.20-1/debian/control
===================================================================
--- 1.2.20-1/debian/control (revision 51)
+++ 1.2.20-1/debian/control (nonexistent)
@@ -1,29 +0,0 @@
-Source: libtar
-Section: libs
-Priority: optional
-Maintainer: Magnus Holmgren <holmgren@debian.org>
-Build-Depends: dpkg-dev (>= 1.15.7), debhelper (>= 7), dh-autoreconf,
- autoconf, libtool
-Standards-Version: 3.9.4
-Homepage: http://www.feep.net/libtar/
-Vcs-Browser: http://svn.kibibyte.se/libtar
-Vcs-Svn: svn://svn.kibibyte.se/libtar/trunk
-
-Package: libtar-dev
-Architecture: any
-Section: libdevel
-Depends: libtar0 (= ${binary:Version}), ${misc:Depends}
-Description: C library for manipulating tar archives (development files)
- Contains static library, headers, example code and development manpages
- for libtar
-
-Package: libtar0
-Architecture: any
-Depends: ${shlibs:Depends}, ${misc:Depends}
-Replaces: libtar
-Breaks: libtar
-Provides: libtar
-Description: C library for manipulating tar archives
- libtar allows programs to create, extract and test tar archives.
- It supports both the strict POSIX tar format and many of the commonly-used
- GNU extensions.
Index: 1.2.20-1/debian/libtar0.install
===================================================================
--- 1.2.20-1/debian/libtar0.install (revision 51)
+++ 1.2.20-1/debian/libtar0.install (nonexistent)
@@ -1 +0,0 @@
-usr/lib/lib*.so.*
Index: 1.2.20-1/debian
===================================================================
--- 1.2.20-1/debian (revision 51)
+++ 1.2.20-1/debian (nonexistent)

/1.2.20-1/debian
Property changes:
Deleted: mergeWithUpstream
## -1 +0,0 ##
-1
\ No newline at end of property
Index: 1.2.20-2/debian/libtar-dev.install
===================================================================
--- 1.2.20-2/debian/libtar-dev.install (revision 51)
+++ 1.2.20-2/debian/libtar-dev.install (nonexistent)
@@ -1,4 +0,0 @@
-usr/include/libtar.h
-usr/include/libtar_listhash.h
-usr/lib/lib*.a
-usr/lib/lib*so
Index: 1.2.20-2/debian/source/format
===================================================================
--- 1.2.20-2/debian/source/format (revision 51)
+++ 1.2.20-2/debian/source/format (nonexistent)
@@ -1 +0,0 @@
-3.0 (quilt)
Index: 1.2.20-2/debian/control
===================================================================
--- 1.2.20-2/debian/control (revision 51)
+++ 1.2.20-2/debian/control (nonexistent)
@@ -1,29 +0,0 @@
-Source: libtar
-Section: libs
-Priority: optional
-Maintainer: Magnus Holmgren <holmgren@debian.org>
-Build-Depends: dpkg-dev (>= 1.15.7), debhelper (>= 7), dh-autoreconf,
- autoconf, libtool
-Standards-Version: 3.9.5
-Homepage: http://www.feep.net/libtar/
-Vcs-Browser: http://svn.kibibyte.se/libtar
-Vcs-Svn: svn://svn.kibibyte.se/libtar/trunk
-
-Package: libtar-dev
-Architecture: any
-Section: libdevel
-Depends: libtar0 (= ${binary:Version}), ${misc:Depends}
-Description: C library for manipulating tar archives (development files)
- Contains static library, headers, example code and development manpages
- for libtar
-
-Package: libtar0
-Architecture: any
-Depends: ${shlibs:Depends}, ${misc:Depends}
-Replaces: libtar
-Breaks: libtar
-Provides: libtar
-Description: C library for manipulating tar archives
- libtar allows programs to create, extract and test tar archives.
- It supports both the strict POSIX tar format and many of the commonly-used
- GNU extensions.
Index: 1.2.20-2/debian/libtar0.install
===================================================================
--- 1.2.20-2/debian/libtar0.install (revision 51)
+++ 1.2.20-2/debian/libtar0.install (nonexistent)
@@ -1 +0,0 @@
-usr/lib/lib*.so.*
Index: 1.2.20-2/debian/libtar-dev.manpages
===================================================================
--- 1.2.20-2/debian/libtar-dev.manpages (revision 51)
+++ 1.2.20-2/debian/libtar-dev.manpages (nonexistent)
@@ -1,11 +0,0 @@
-debian/tmp/usr/share/man/man3/libtar_hash_new.3
-debian/tmp/usr/share/man/man3/libtar_list_new.3
-debian/tmp/usr/share/man/man3/tar_append_file.3
-debian/tmp/usr/share/man/man3/tar_block_read.3
-debian/tmp/usr/share/man/man3/tar_extract_all.3
-debian/tmp/usr/share/man/man3/tar_extract_file.3
-debian/tmp/usr/share/man/man3/tar_open.3
-debian/tmp/usr/share/man/man3/th_get_pathname.3
-debian/tmp/usr/share/man/man3/th_print_long_ls.3
-debian/tmp/usr/share/man/man3/th_read.3
-debian/tmp/usr/share/man/man3/th_set_from_stat.3
Index: 1.2.20-2/debian/compat
===================================================================
--- 1.2.20-2/debian/compat (revision 51)
+++ 1.2.20-2/debian/compat (nonexistent)
@@ -1 +0,0 @@
-7
Index: 1.2.20-2/debian/libtar-dev.examples
===================================================================
--- 1.2.20-2/debian/libtar-dev.examples (revision 51)
+++ 1.2.20-2/debian/libtar-dev.examples (nonexistent)
@@ -1,2 +0,0 @@
-libtar/libtar.c
-libtar/Makefile
Index: 1.2.20-2/debian/watch
===================================================================
--- 1.2.20-2/debian/watch (revision 51)
+++ 1.2.20-2/debian/watch (nonexistent)
@@ -1,6 +0,0 @@
-version=3
-
-#ftp://ftp.feep.net/pub/software/libtar/libtar-(.*).tar.gz
-
-opts=downloadurlmangle=s/tag/snapshot/,filenamemangle=s/.*\/v([\d\.]+)$/libtar-$1.tar.gz/ \
- http://repo.or.cz/w/libtar.git/shortlog ^.*/v([\d\.]+)
Index: 1.2.20-2/debian/changelog
===================================================================
--- 1.2.20-2/debian/changelog (revision 51)
+++ 1.2.20-2/debian/changelog (nonexistent)
@@ -1,173 +0,0 @@
-libtar (1.2.20-2) unstable; urgency=low
-
- * no_static_buffers.patch: avoid using a static buffer in
- th_get_pathname(). Taken from upstream. Needed for no_maxpathlen.patch.
- * maxpathlen.patch: Fix FTBFS on Hurd by dynamically allocating path
- names (Closes: #657116). Thanks to Svante Signell and Petter
- Reinholdtsen.
- * [SECURITY] CVE-2013-4420.patch: Strip out leading slashes and any
- pathname prefix containing ".." components (Closes: #731860). This is
- done in th_get_pathname() (as well as to symlink targets when
- extracting symlinks), not merely when extracting files, which means
- applications calling that function will not see the stored
- filename. There is no way to disable this behaviour, but it can be
- expected that one will be provided when the issue is solved upstream.
- * Bump Standards-Version to 3.9.5.
-
- -- Magnus Holmgren <holmgren@debian.org> Sat, 15 Feb 2014 21:49:37 +0100
-
-libtar (1.2.20-1) unstable; urgency=high
-
- * [SECURITY] New upstream release. Fixes CVE-2013-4397: Integer
- overflow (Closes: #725938).
- * Bump Standards-Version to 3.9.4.
-
- -- Magnus Holmgren <holmgren@debian.org> Thu, 10 Oct 2013 19:20:49 +0200
-
-libtar (1.2.19-1) unstable; urgency=low
-
- * New upstream release.
-
- -- Magnus Holmgren <holmgren@debian.org> Sun, 05 May 2013 17:59:29 +0200
-
-libtar (1.2.16-1) unstable; urgency=low
-
- * New upstream: Chris Frey has stepped up with the consent of the
- original author, Mark Roth, and published an "official unofficial" git
- repo at http://repo.or.cz/w/libtar.git, which I will use for the time
- being.
- * Updated debian/watch to look for tags and corresponding snapshot
- tarballs at above URL.
- * All patches have been incorporated or (in the case of
- autoreconf.patch) made obsolete upstream.
- * debian/rules: Add build-indep and build-arch targets.
- * Updated debian/copyright.
- * Use dpkg-buildflags to set CFLAGS et al.
- * debian/control: Add VCS fields; bump Standards-Version to 3.9.3.
-
- -- Magnus Holmgren <holmgren@debian.org> Sat, 23 Jun 2012 01:03:41 +0200
-
-libtar (1.2.11-8) unstable; urgency=low
-
- * libtool.patch: Set SHELL to the configured shell in those Makefile.in
- where libtool is used; otherwise libtool fails when /bin/sh is dash
- but bash is expected (Closes: #621935).
- * man_hyphen_minus.patch (new): Escape hyphens that should be minus
- signs in man pages.
- * Rename libtar as libtar0 to follow policy.
-
- -- Magnus Holmgren <holmgren@debian.org> Sun, 24 Apr 2011 21:11:52 +0200
-
-libtar (1.2.11-7) unstable; urgency=low
-
- * New maintainer (Closes: #526618).
- * Change source format to 3.0 (quilt), clean up Debian diff and split
- into several patches:
- * libtool.patch: Using libtool to build dynamic library;
- * autoreconf.patch: Changes needed to call autoreconf (bug 511741);
- * memleak.patch: Fix memory leaks;
- * bad_ptrtoint.patch: Document stupidity of tartype_t in libtar.c
- (bug 309945).
- * Increase Debhelper compat level to 7.
- * Use dh_autoreconf to avoid having to keep track of files to clean.
- * memleak2.patch (new): Applied instead of memleak.patch. Fix memory
- leak by making th_get_pathname() return a pointer to a static buffer
- instead of a pointer to a copy of a local buffer (LP: #41804).
- * Add homepage field and watch file (in case there is ever a new
- upstream release).
- * Upgrade to Standards-Version 3.9.1.
-
- -- Magnus Holmgren <holmgren@debian.org> Sat, 26 Mar 2011 23:10:25 +0100
-
-libtar (1.2.11-6) unstable; urgency=low
-
- * Fix autotools usage (Closes: #511741)
-
- -- Julien Danjou <acid@debian.org> Sat, 02 May 2009 11:33:06 +0200
-
-libtar (1.2.11-5) unstable; urgency=low
-
- * New maintainer (Closes: #465889)
- * Add missing binary-indep target in debian/rules (Closes: #395714)
- * Use ${binary:Version} instead of Source-Version
- * Bump standard version
- * Switch to debhelper 5
-
- -- Julien Danjou <acid@debian.org> Wed, 02 Apr 2008 07:06:55 +0200
-
-libtar (1.2.11-4) unstable; urgency=low
-
- * Always include the newest libtool.m4. (Closes: #313612)
-
- -- James Morrison <phython@debian.org> Sun, 28 Aug 2005 09:41:47 -0700
-
-libtar (1.2.11-3) unstable; urgency=low
-
- * Document stupidity of tartype_t in libtar.c. (Closes: #309945)
-
- -- James Morrison <phython@debian.org> Sat, 11 Jun 2005 18:23:15 -0400
-
-libtar (1.2.11-2) unstable; urgency=low
-
- * Move libtar-dev to libdevel. (Closes: #188207)
- * Fix potential memory leak.
-
- -- James Morrison <phython@debian.org> Sun, 25 Jul 2004 12:59:08 -0700
-
-libtar (1.2.11-1) unstable; urgency=low
-
- * New Upstream release.
-
- -- James Morrison <phython@debian.org> Sat, 5 Apr 2003 14:03:19 -0500
-
-libtar (1.2.10-1) unstable; urgency=low
-
- * New Upstream release.
- (Closes: #166602) New upstream uses autoconf 2.5x
- * Remove dependency on automake. Hopefully upstream will except this
- use of libtool.
- * Remove all -static and -shared targets from debian/rules.
- * Use dh_install instead of dh_movefiles.
- * -
-
- -- James Morrison <phython@debian.org> Sat, 5 Apr 2003 14:03:16 -0500
-
-libtar (1.2.5-4) unstable; urgency=low
-
- * New maintainer. (Closes: #154597)
- * WSG_ENCAP is now defined. (Closes: #147764)
- * libtar-dev depends on libc-dev instead of libc6-dev.
-
- -- James Morrison <phython@debian.org> Wed, 14 Aug 2002 23:44:16 -0400
-
-libtar (1.2.5-3) unstable; urgency=low
-
- * Modify build commands to acomadate change in autoconf (Closes #147764)
-
- -- Glenn McGrath <bug1@debian.org> Thu, 23 May 2002 01:06:16 +1000
-
-libtar (1.2.5-2) unstable; urgency=low
-
- * Fix build problem (Closes #135360)
-
- -- Glenn McGrath <bug1@debian.org> Sun, 24 Feb 2002 06:29:31 +1100
-
-libtar (1.2.5-1) unstable; urgency=low
-
- * New upstream version
- * Change section of libtar-dev to devel and libtar to libs
-
- -- Glenn McGrath <bug1@debian.org> Fri, 22 Feb 2002 04:23:15 +1100
-
-libtar (1.2.4-2) unstable; urgency=low
-
- * Change section from devel to libs
-
- -- Glenn McGrath <bug1@debian.org> Sat, 2 Feb 2002 12:12:32 +1100
-
-libtar (1.2.4-1) unstable; urgency=low
-
- * Initial Release. (closes #128042)
-
- -- Glenn McGrath <bug1@debian.org> Sat, 5 Jan 2002 13:24:37 +1100
-
Index: 1.2.20-2/debian/patches/no_maxpathlen.patch
===================================================================
--- 1.2.20-2/debian/patches/no_maxpathlen.patch (revision 51)
+++ 1.2.20-2/debian/patches/no_maxpathlen.patch (nonexistent)
@@ -1,477 +0,0 @@
-Author: Svante Signell <svante.signell@telia.com>
-Author: Petter Reinholdtsen <pere@hungry.com>
-Author: Magnus Holmgren <magnus@debian.org>
-Bug-Debian: http://bugs.debian.org/657116
-Description: Fix FTBFS on Hurd by dynamically allocating path names.
- Depends on no_static_buffers.patch, which introduced the th_pathname field.
-
---- a/compat/basename.c
-+++ b/compat/basename.c
-@@ -34,13 +34,25 @@ static char rcsid[] = "$OpenBSD: basenam
- #include <errno.h>
- #include <string.h>
- #include <sys/param.h>
-+#include <stdlib.h>
-
- char *
- openbsd_basename(path)
- const char *path;
- {
-- static char bname[MAXPATHLEN];
-+ static char *bname = NULL;
-+ static size_t allocated = 0;
- register const char *endp, *startp;
-+ int len = 0;
-+
-+ if (!allocated) {
-+ allocated = 64;
-+ bname = malloc(allocated);
-+ if (!bname) {
-+ allocated = 0;
-+ return NULL;
-+ }
-+ }
-
- /* Empty or NULL string gets treated as "." */
- if (path == NULL || *path == '\0') {
-@@ -64,11 +76,19 @@ openbsd_basename(path)
- while (startp > path && *(startp - 1) != '/')
- startp--;
-
-- if (endp - startp + 1 > sizeof(bname)) {
-- errno = ENAMETOOLONG;
-- return(NULL);
-+ len = endp - startp + 1;
-+
-+ if (len + 1 > allocated) {
-+ size_t new_allocated = 2*(len+1);
-+ void *new_bname = malloc(new_allocated);
-+ if (!new_bname)
-+ return NULL;
-+ allocated = new_allocated;
-+ free(bname);
-+ bname = new_bname;
- }
-- (void)strncpy(bname, startp, endp - startp + 1);
-- bname[endp - startp + 1] = '\0';
-+
-+ (void)strncpy(bname, startp, len);
-+ bname[len] = '\0';
- return(bname);
- }
---- a/compat/dirname.c
-+++ b/compat/dirname.c
-@@ -34,13 +34,25 @@ static char rcsid[] = "$OpenBSD: dirname
- #include <errno.h>
- #include <string.h>
- #include <sys/param.h>
-+#include <stdlib.h>
-
- char *
- openbsd_dirname(path)
- const char *path;
- {
-- static char bname[MAXPATHLEN];
-+ static char *bname = NULL;
-+ static size_t allocated = 0;
- register const char *endp;
-+ int len;
-+
-+ if (!allocated) {
-+ allocated = 64;
-+ bname = malloc(allocated);
-+ if (!bname) {
-+ allocated = 0;
-+ return NULL;
-+ }
-+ }
-
- /* Empty or NULL string gets treated as "." */
- if (path == NULL || *path == '\0') {
---- a/lib/append.c
-+++ b/lib/append.c
-@@ -38,7 +38,7 @@ typedef struct tar_dev tar_dev_t;
- struct tar_ino
- {
- ino_t ti_ino;
-- char ti_name[MAXPATHLEN];
-+ char ti_name[];
- };
- typedef struct tar_ino tar_ino_t;
-
-@@ -61,7 +61,7 @@ tar_append_file(TAR *t, const char *real
- libtar_hashptr_t hp;
- tar_dev_t *td = NULL;
- tar_ino_t *ti = NULL;
-- char path[MAXPATHLEN];
-+ char *path = NULL;
-
- #ifdef DEBUG
- printf("==> tar_append_file(TAR=0x%lx (\"%s\"), realname=\"%s\", "
-@@ -126,34 +126,39 @@ tar_append_file(TAR *t, const char *real
- }
- else
- {
-+ const char *name;
- #ifdef DEBUG
- printf("+++ adding entry: device (0x%lx,0x%lx), inode %ld "
- "(\"%s\")...\n", major(s.st_dev), minor(s.st_dev),
- s.st_ino, realname);
- #endif
-- ti = (tar_ino_t *)calloc(1, sizeof(tar_ino_t));
-+ name = savename ? savename : realname;
-+ ti = (tar_ino_t *)calloc(1, sizeof(tar_ino_t) + strlen(name) + 1);
- if (ti == NULL)
- return -1;
- ti->ti_ino = s.st_ino;
-- snprintf(ti->ti_name, sizeof(ti->ti_name), "%s",
-- savename ? savename : realname);
-+ snprintf(ti->ti_name, strlen(name) + 1, "%s", name);
- libtar_hash_add(td->td_h, ti);
- }
-
- /* check if it's a symlink */
- if (TH_ISSYM(t))
- {
-- i = readlink(realname, path, sizeof(path));
-+ if ((path = malloc(s.st_size + 1)) == NULL)
-+ return -1;
-+ i = readlink(realname, path, s.st_size);
- if (i == -1)
-+ {
-+ free(path);
- return -1;
-- if (i >= MAXPATHLEN)
-- i = MAXPATHLEN - 1;
-+ }
- path[i] = '\0';
- #ifdef DEBUG
- printf(" tar_append_file(): encoding symlink \"%s\" -> "
- "\"%s\"...\n", realname, path);
- #endif
- th_set_link(t, path);
-+ free(path);
- }
-
- /* print file info */
---- a/lib/decode.c
-+++ b/lib/decode.c
-@@ -29,10 +29,13 @@ th_get_pathname(TAR *t)
- if (t->th_buf.gnu_longname)
- return t->th_buf.gnu_longname;
-
-+ size_t pathlen =
-+ strlen(t->th_buf.prefix) + strlen(t->th_buf.name) + 2;
-+
- /* allocate the th_pathname buffer if not already */
- if (t->th_pathname == NULL)
- {
-- t->th_pathname = malloc(MAXPATHLEN * sizeof(char));
-+ t->th_pathname = malloc(pathlen);
- if (t->th_pathname == NULL)
- /* out of memory */
- return NULL;
-@@ -40,11 +43,11 @@ th_get_pathname(TAR *t)
-
- if (t->th_buf.prefix[0] == '\0')
- {
-- snprintf(t->th_pathname, MAXPATHLEN, "%.100s", t->th_buf.name);
-+ snprintf(t->th_pathname, pathlen, "%.100s", t->th_buf.name);
- }
- else
- {
-- snprintf(t->th_pathname, MAXPATHLEN, "%.155s/%.100s",
-+ snprintf(t->th_pathname, pathlen, "%.155s/%.100s",
- t->th_buf.prefix, t->th_buf.name);
- }
-
---- a/lib/util.c
-+++ b/lib/util.c
-@@ -15,6 +15,7 @@
- #include <stdio.h>
- #include <sys/param.h>
- #include <errno.h>
-+#include <stdlib.h>
-
- #ifdef STDC_HEADERS
- # include <string.h>
-@@ -25,13 +26,15 @@
- int
- path_hashfunc(char *key, int numbuckets)
- {
-- char buf[MAXPATHLEN];
-+ char *buf;
- char *p;
-+ int i;
-
-- strcpy(buf, key);
-+ buf = strdup(key);
- p = basename(buf);
--
-- return (((unsigned int)p[0]) % numbuckets);
-+ i = ((unsigned int)p[0]) % numbuckets;
-+ free(buf);
-+ return (i);
- }
-
-
-@@ -77,15 +80,26 @@ ino_hash(ino_t *inode)
- int
- mkdirhier(char *path)
- {
-- char src[MAXPATHLEN], dst[MAXPATHLEN] = "";
-- char *dirp, *nextp = src;
-- int retval = 1;
-+ char *src, *dst = NULL;
-+ char *dirp, *nextp = NULL;
-+ int retval = 1, len;
-+
-+ len = strlen(path);
-+ if ((src = strdup(path)) == NULL)
-+ {
-+ errno = ENOMEM;
-+ return -1;
-+ }
-+ nextp = src;
-
-- if (strlcpy(src, path, sizeof(src)) > sizeof(src))
-+ /* Make room for // with absolute paths */
-+ if ((dst = malloc(len + 2)) == NULL)
- {
-- errno = ENAMETOOLONG;
-+ free(src);
-+ errno = ENOMEM;
- return -1;
- }
-+ dst[0] = '\0';
-
- if (path[0] == '/')
- strcpy(dst, "/");
-@@ -102,12 +116,18 @@ mkdirhier(char *path)
- if (mkdir(dst, 0777) == -1)
- {
- if (errno != EEXIST)
-+ {
-+ free(src);
-+ free(dst);
- return -1;
-+ }
- }
- else
- retval = 0;
- }
-
-+ free(src);
-+ free(dst);
- return retval;
- }
-
---- a/lib/wrapper.c
-+++ b/lib/wrapper.c
-@@ -16,18 +16,18 @@
- #include <sys/param.h>
- #include <dirent.h>
- #include <errno.h>
-+#include <stdlib.h>
-
- #ifdef STDC_HEADERS
- # include <string.h>
- #endif
-
--
- int
- tar_extract_glob(TAR *t, char *globname, char *prefix)
- {
- char *filename;
-- char buf[MAXPATHLEN];
-- int i;
-+ char *buf = NULL;
-+ int i, len;
-
- while ((i = th_read(t)) == 0)
- {
-@@ -41,11 +41,25 @@ tar_extract_glob(TAR *t, char *globname,
- if (t->options & TAR_VERBOSE)
- th_print_long_ls(t);
- if (prefix != NULL)
-- snprintf(buf, sizeof(buf), "%s/%s", prefix, filename);
-+ {
-+ len = strlen(prefix) + 1 + strlen(filename);
-+ if ((buf = malloc(len + 1)) == NULL)
-+ return -1;
-+ sprintf(buf, "%s/%s", prefix, filename);
-+ }
- else
-- strlcpy(buf, filename, sizeof(buf));
-+ {
-+ len = strlen(filename);
-+ if ((buf = malloc(len + 1)) == NULL)
-+ return -1;
-+ strcpy(buf, filename);
-+ }
- if (tar_extract_file(t, buf) != 0)
-+ {
-+ free(buf);
- return -1;
-+ }
-+ free(buf);
- }
-
- return (i == 1 ? 0 : -1);
-@@ -56,8 +70,9 @@ int
- tar_extract_all(TAR *t, char *prefix)
- {
- char *filename;
-- char buf[MAXPATHLEN];
-- int i;
-+ char *buf = NULL;
-+ size_t bufsize = 0;
-+ int i, len;
-
- #ifdef DEBUG
- printf("==> tar_extract_all(TAR *t, \"%s\")\n",
-@@ -69,19 +84,34 @@ tar_extract_all(TAR *t, char *prefix)
- #ifdef DEBUG
- puts(" tar_extract_all(): calling th_get_pathname()");
- #endif
-+
- filename = th_get_pathname(t);
- if (t->options & TAR_VERBOSE)
- th_print_long_ls(t);
- if (prefix != NULL)
-- snprintf(buf, sizeof(buf), "%s/%s", prefix, filename);
-+ {
-+ len = strlen(prefix) + 1 + strlen(filename);
-+ if ((buf = malloc(len + 1)) == NULL)
-+ return -1;
-+ sprintf(buf, "%s/%s", prefix, filename);
-+ }
- else
-- strlcpy(buf, filename, sizeof(buf));
-+ {
-+ len = strlen(filename);
-+ if ((buf = malloc(len + 1)) == NULL)
-+ return -1;
-+ strcpy(buf, filename);
-+ }
- #ifdef DEBUG
- printf(" tar_extract_all(): calling tar_extract_file(t, "
- "\"%s\")\n", buf);
- #endif
- if (tar_extract_file(t, buf) != 0)
-+ {
-+ free(buf);
- return -1;
-+ }
-+ free(buf);
- }
-
- return (i == 1 ? 0 : -1);
-@@ -91,11 +121,14 @@ tar_extract_all(TAR *t, char *prefix)
- int
- tar_append_tree(TAR *t, char *realdir, char *savedir)
- {
-- char realpath[MAXPATHLEN];
-- char savepath[MAXPATHLEN];
-+ char *realpath = NULL;
-+ size_t realpathsize = 0;
-+ char *savepath = NULL;
-+ size_t savepathsize = 0;
- struct dirent *dent;
- DIR *dp;
- struct stat s;
-+ int len;
-
- #ifdef DEBUG
- printf("==> tar_append_tree(0x%lx, \"%s\", \"%s\")\n",
-@@ -122,11 +155,19 @@ tar_append_tree(TAR *t, char *realdir, c
- strcmp(dent->d_name, "..") == 0)
- continue;
-
-- snprintf(realpath, MAXPATHLEN, "%s/%s", realdir,
-+ len = strlen(realdir) + 1 + strlen(dent->d_name);
-+ if ((realpath = malloc(len + 1)) == NULL)
-+ return -1;
-+ snprintf(realpath, len + 1, "%s/%s", realdir,
- dent->d_name);
- if (savedir)
-- snprintf(savepath, MAXPATHLEN, "%s/%s", savedir,
-+ {
-+ len = strlen(savedir) + 1 + strlen(dent->d_name);
-+ if ((savepath = malloc(len + 1)) == NULL)
-+ return -1;
-+ snprintf(realpath, len + 1, "%s/%s", savedir,
- dent->d_name);
-+ }
-
- if (lstat(realpath, &s) != 0)
- return -1;
-@@ -135,13 +176,23 @@ tar_append_tree(TAR *t, char *realdir, c
- {
- if (tar_append_tree(t, realpath,
- (savedir ? savepath : NULL)) != 0)
-+ {
-+ free(realpath);
-+ free(savepath);
- return -1;
-+ }
- continue;
- }
-
- if (tar_append_file(t, realpath,
- (savedir ? savepath : NULL)) != 0)
-+ {
-+ free(realpath);
-+ free(savepath);
- return -1;
-+ }
-+ free(realpath);
-+ free(savepath);
- }
-
- closedir(dp);
---- a/libtar/libtar.c
-+++ b/libtar/libtar.c
-@@ -111,8 +111,9 @@ create(char *tarfile, char *rootdir, lib
- {
- TAR *t;
- char *pathname;
-- char buf[MAXPATHLEN];
-+ char *buf = NULL;
- libtar_listptr_t lp;
-+ int len;
-
- if (tar_open(&t, tarfile,
- #ifdef HAVE_LIBZ
-@@ -133,17 +134,29 @@ create(char *tarfile, char *rootdir, lib
- {
- pathname = (char *)libtar_listptr_data(&lp);
- if (pathname[0] != '/' && rootdir != NULL)
-- snprintf(buf, sizeof(buf), "%s/%s", rootdir, pathname);
-+ {
-+ len = strlen(rootdir) + 1 + strlen(pathname);
-+ if ((buf = malloc(len + 1)) == NULL)
-+ return -1;
-+ snprintf(buf, len + 1, "%s/%s", rootdir, pathname);
-+ }
- else
-- strlcpy(buf, pathname, sizeof(buf));
-+ {
-+ len = strlen(pathname);
-+ if ((buf = malloc(len + 1)) == NULL)
-+ return -1;
-+ strlcpy(buf, pathname, len + 1);
-+ }
- if (tar_append_tree(t, buf, pathname) != 0)
- {
- fprintf(stderr,
- "tar_append_tree(\"%s\", \"%s\"): %s\n", buf,
- pathname, strerror(errno));
- tar_close(t);
-+ free(buf);
- return -1;
- }
-+ free(buf);
- }
-
- if (tar_append_eof(t) != 0)
Index: 1.2.20-2/debian/patches/no_static_buffers.patch
===================================================================
--- 1.2.20-2/debian/patches/no_static_buffers.patch (revision 51)
+++ 1.2.20-2/debian/patches/no_static_buffers.patch (nonexistent)
@@ -1,74 +0,0 @@
-From: Kamil Dudka <kdudka@redhat.com>
-Date: Wed, 23 Oct 2013 13:04:22 +0000 (+0200)
-Origin: http://repo.or.cz/w/libtar.git/commitdiff/ec613af2e9371d7a3e1f7c7a6822164a4255b4d1
-Subject: decode: avoid using a static buffer in th_get_pathname()
-
-decode: avoid using a static buffer in th_get_pathname()
-
-A solution suggested by Chris Frey:
-https://lists.feep.net:8080/pipermail/libtar/2013-October/000377.html
-
-Note this can break programs that expect sizeof(TAR) to be fixed.
-
---- a/lib/decode.c
-+++ b/lib/decode.c
-@@ -26,20 +26,30 @@
- char *
- th_get_pathname(TAR *t)
- {
-- static TLS_THREAD char filename[MAXPATHLEN];
--
- if (t->th_buf.gnu_longname)
- return t->th_buf.gnu_longname;
-
-- if (t->th_buf.prefix[0] != '\0')
-+ /* allocate the th_pathname buffer if not already */
-+ if (t->th_pathname == NULL)
-+ {
-+ t->th_pathname = malloc(MAXPATHLEN * sizeof(char));
-+ if (t->th_pathname == NULL)
-+ /* out of memory */
-+ return NULL;
-+ }
-+
-+ if (t->th_buf.prefix[0] == '\0')
-+ {
-+ snprintf(t->th_pathname, MAXPATHLEN, "%.100s", t->th_buf.name);
-+ }
-+ else
- {
-- snprintf(filename, sizeof(filename), "%.155s/%.100s",
-+ snprintf(t->th_pathname, MAXPATHLEN, "%.155s/%.100s",
- t->th_buf.prefix, t->th_buf.name);
-- return filename;
- }
-
-- snprintf(filename, sizeof(filename), "%.100s", t->th_buf.name);
-- return filename;
-+ /* will be deallocated in tar_close() */
-+ return t->th_pathname;
- }
-
-
---- a/lib/handle.c
-+++ b/lib/handle.c
-@@ -121,6 +121,7 @@ tar_close(TAR *t)
- libtar_hash_free(t->h, ((t->oflags & O_ACCMODE) == O_RDONLY
- ? free
- : (libtar_freefunc_t)tar_dev_free));
-+ free(t->th_pathname);
- free(t);
-
- return i;
---- a/lib/libtar.h
-+++ b/lib/libtar.h
-@@ -85,6 +85,9 @@ typedef struct
- int options;
- struct tar_header th_buf;
- libtar_hash_t *h;
-+
-+ /* introduced in libtar 1.2.21 */
-+ char *th_pathname;
- }
- TAR;
-
Index: 1.2.20-2/debian/patches/CVE-2013-4420.patch
===================================================================
--- 1.2.20-2/debian/patches/CVE-2013-4420.patch (revision 51)
+++ 1.2.20-2/debian/patches/CVE-2013-4420.patch (nonexistent)
@@ -1,105 +0,0 @@
-Author: Raphael Geissert <geissert@debian.org>
-Bug-Debian: https://bugs.debian.org/731860
-Description: Avoid directory traversal when extracting archives
- by skipping over leading slashes and any prefix containing ".." components.
-Forwarded: yes
-
---- a/lib/decode.c
-+++ b/lib/decode.c
-@@ -21,13 +21,42 @@
- # include <string.h>
- #endif
-
-+char *
-+safer_name_suffix (char const *file_name)
-+{
-+ char const *p, *t;
-+ p = t = file_name;
-+ while (*p == '/') t = ++p;
-+ while (*p)
-+ {
-+ while (p[0] == '.' && p[0] == p[1] && p[2] == '/')
-+ {
-+ p += 3;
-+ t = p;
-+ }
-+ /* advance pointer past the next slash */
-+ while (*p && (p++)[0] != '/');
-+ }
-+
-+ if (!*t)
-+ {
-+ t = ".";
-+ }
-+
-+ if (t != file_name)
-+ {
-+ /* TODO: warn somehow that the path was modified */
-+ }
-+ return (char*)t;
-+}
-+
-
- /* determine full path name */
- char *
- th_get_pathname(TAR *t)
- {
- if (t->th_buf.gnu_longname)
-- return t->th_buf.gnu_longname;
-+ return safer_name_suffix(t->th_buf.gnu_longname);
-
- size_t pathlen =
- strlen(t->th_buf.prefix) + strlen(t->th_buf.name) + 2;
-@@ -43,12 +72,12 @@ th_get_pathname(TAR *t)
-
- if (t->th_buf.prefix[0] == '\0')
- {
-- snprintf(t->th_pathname, pathlen, "%.100s", t->th_buf.name);
-+ snprintf(t->th_pathname, pathlen, "%.100s", safer_name_suffix(t->th_buf.name));
- }
- else
- {
- snprintf(t->th_pathname, pathlen, "%.155s/%.100s",
-- t->th_buf.prefix, t->th_buf.name);
-+ t->th_buf.prefix, safer_name_suffix(t->th_buf.name));
- }
-
- /* will be deallocated in tar_close() */
---- a/lib/extract.c
-+++ b/lib/extract.c
-@@ -298,14 +298,14 @@ tar_extract_hardlink(TAR * t, char *real
- if (mkdirhier(dirname(filename)) == -1)
- return -1;
- libtar_hashptr_reset(&hp);
-- if (libtar_hash_getkey(t->h, &hp, th_get_linkname(t),
-+ if (libtar_hash_getkey(t->h, &hp, safer_name_suffix(th_get_linkname(t)),
- (libtar_matchfunc_t)libtar_str_match) != 0)
- {
- lnp = (char *)libtar_hashptr_data(&hp);
- linktgt = &lnp[strlen(lnp) + 1];
- }
- else
-- linktgt = th_get_linkname(t);
-+ linktgt = safer_name_suffix(th_get_linkname(t));
-
- #ifdef DEBUG
- printf(" ==> extracting: %s (link to %s)\n", filename, linktgt);
-@@ -343,9 +343,9 @@ tar_extract_symlink(TAR *t, char *realna
-
- #ifdef DEBUG
- printf(" ==> extracting: %s (symlink to %s)\n",
-- filename, th_get_linkname(t));
-+ filename, safer_name_suffix(th_get_linkname(t)));
- #endif
-- if (symlink(th_get_linkname(t), filename) == -1)
-+ if (symlink(safer_name_suffix(th_get_linkname(t)), filename) == -1)
- {
- #ifdef DEBUG
- perror("symlink()");
---- a/lib/internal.h
-+++ b/lib/internal.h
-@@ -21,3 +21,4 @@
- #define TLS_THREAD
- #endif
-
-+char* safer_name_suffix(char const*);
Index: 1.2.20-2/debian/patches/series
===================================================================
--- 1.2.20-2/debian/patches/series (revision 51)
+++ 1.2.20-2/debian/patches/series (nonexistent)
@@ -1,3 +0,0 @@
-no_static_buffers.patch
-no_maxpathlen.patch
-CVE-2013-4420.patch
Index: 1.2.20-2/debian/copyright
===================================================================
--- 1.2.20-2/debian/copyright (revision 51)
+++ 1.2.20-2/debian/copyright (nonexistent)
@@ -1,45 +0,0 @@
-This package was debianized by Glenn McGrath <bug1@debian.org> on
-Sat, 5 Jan 2002 13:24:37 +1100.
-
-It was downloaded from http://repo.or.cz/w/libtar.git; previously from
-http://www.feep.net/libtar/
-
-Upstream Authors: Mark D. Roth <roth@uiuc.edu> and Chris Frey
-<cdfrey@foursquare.net>
-
-Copyright:
-Copyright (c) 1998-2003 University of Illinois Board of Trustees
-Copyright (c) 1998-2003 Mark D. Roth
-All rights reserved.
-
-Developed by: Campus Information Technologies and Educational Services,
- University of Illinois at Urbana-Champaign
-
-Permission is hereby granted, free of charge, to any person obtaining
-a copy of this software and associated documentation files (the
-``Software''), to deal with the Software without restriction, including
-without limitation the rights to use, copy, modify, merge, publish,
-distribute, sublicense, and/or sell copies of the Software, and to
-permit persons to whom the Software is furnished to do so, subject to
-the following conditions:
-
-* Redistributions of source code must retain the above copyright
- notice, this list of conditions and the following disclaimers.
-
-* Redistributions in binary form must reproduce the above copyright
- notice, this list of conditions and the following disclaimers in the
- documentation and/or other materials provided with the distribution.
-
-* Neither the names of Campus Information Technologies and Educational
- Services, University of Illinois at Urbana-Champaign, nor the names
- of its contributors may be used to endorse or promote products derived
- from this Software without specific prior written permission.
-
-THE SOFTWARE IS PROVIDED ``AS IS'', WITHOUT WARRANTY OF ANY KIND,
-EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
-MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT.
-IN NO EVENT SHALL THE CONTRIBUTORS OR COPYRIGHT HOLDERS BE LIABLE FOR
-ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT,
-TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE
-OR THE USE OR OTHER DEALINGS WITH THE SOFTWARE.
-
Index: 1.2.20-2/debian/docs
===================================================================
--- 1.2.20-2/debian/docs (revision 51)
+++ 1.2.20-2/debian/docs (nonexistent)
@@ -1,3 +0,0 @@
-README
-TODO
-ChangeLog-1.0.x
Index: 1.2.20-2/debian/rules
===================================================================
--- 1.2.20-2/debian/rules (revision 51)
+++ 1.2.20-2/debian/rules (nonexistent)
@@ -1,62 +0,0 @@
-#!/usr/bin/make -f
-
-export LIBTOOLIZE = libtoolize --install
-
-configure: configure-stamp
-configure-stamp:
- dh_testdir
- [ -f debian/autoreconf.before ] || dh_autoreconf
- ./configure \
- --prefix=/usr \
- --mandir=\$${prefix}/share/man \
- $(shell dpkg-buildflags --export=configure)
- touch configure-stamp
-
-build-arch: build
-build-indep:
-build: build-stamp
-build-stamp: configure-stamp
- dh_testdir
- $(MAKE)
- touch build-stamp
-
-clean:
- dh_testdir
- dh_testroot
- # Stale build files
- [ ! -f Makefile ] || $(MAKE) distclean
- -rm -f build-stamp configure-stamp
- dh_autoreconf_clean
- dh_clean libtool configure
-
-install: build-stamp
- dh_testdir
- dh_testroot
- dh_prep
-
- $(MAKE) install DESTDIR=$(CURDIR)/debian/tmp
-
-binary-indep:
-
-binary-arch: install
- dh_testdir
- dh_testroot
- dh_install --sourcedir=debian/tmp
-
- dh_installdocs
- dh_installexamples
- dh_installman
- dh_installchangelogs ChangeLog
- dh_link
- dh_strip
- dh_compress
- dh_fixperms
- dh_makeshlibs
- dh_installdeb
- dh_shlibdeps
- dh_gencontrol
- dh_md5sums
- dh_builddeb
-
-binary: binary-indep binary-arch
-.PHONY: build clean binary-indep binary-arch binary install configure

/1.2.20-2/debian/rules
Property changes:
Deleted: svn:executable
## -1 +0,0 ##
-*
\ No newline at end of property
Index: 1.2.20-2/debian
===================================================================
--- 1.2.20-2/debian (revision 51)
+++ 1.2.20-2/debian (nonexistent)

/1.2.20-2/debian
Property changes:
Deleted: mergeWithUpstream
## -1 +0,0 ##
-1
\ No newline at end of property
Index: 1.2.20-3/debian/source/format
===================================================================
--- 1.2.20-3/debian/source/format (revision 51)
+++ 1.2.20-3/debian/source/format (nonexistent)
@@ -1 +0,0 @@
-3.0 (quilt)
Index: 1.2.20-3/debian/control
===================================================================
--- 1.2.20-3/debian/control (revision 51)
+++ 1.2.20-3/debian/control (nonexistent)
@@ -1,29 +0,0 @@
-Source: libtar
-Section: libs
-Priority: optional
-Maintainer: Magnus Holmgren <holmgren@debian.org>
-Build-Depends: dpkg-dev (>= 1.15.7), debhelper (>= 7), dh-autoreconf,
- autoconf, libtool
-Standards-Version: 3.9.5
-Homepage: http://www.feep.net/libtar/
-Vcs-Browser: http://svn.kibibyte.se/libtar
-Vcs-Svn: svn://svn.kibibyte.se/libtar/trunk
-
-Package: libtar-dev
-Architecture: any
-Section: libdevel
-Depends: libtar0 (= ${binary:Version}), ${misc:Depends}
-Description: C library for manipulating tar archives (development files)
- Contains static library, headers, example code and development manpages
- for libtar
-
-Package: libtar0
-Architecture: any
-Depends: ${shlibs:Depends}, ${misc:Depends}
-Replaces: libtar
-Breaks: libtar
-Provides: libtar
-Description: C library for manipulating tar archives
- libtar allows programs to create, extract and test tar archives.
- It supports both the strict POSIX tar format and many of the commonly-used
- GNU extensions.
Index: 1.2.20-3/debian/libtar0.install
===================================================================
--- 1.2.20-3/debian/libtar0.install (revision 51)
+++ 1.2.20-3/debian/libtar0.install (nonexistent)
@@ -1 +0,0 @@
-usr/lib/lib*.so.*
Index: 1.2.20-3/debian/libtar-dev.manpages
===================================================================
--- 1.2.20-3/debian/libtar-dev.manpages (revision 51)
+++ 1.2.20-3/debian/libtar-dev.manpages (nonexistent)
@@ -1,11 +0,0 @@
-debian/tmp/usr/share/man/man3/libtar_hash_new.3
-debian/tmp/usr/share/man/man3/libtar_list_new.3
-debian/tmp/usr/share/man/man3/tar_append_file.3
-debian/tmp/usr/share/man/man3/tar_block_read.3
-debian/tmp/usr/share/man/man3/tar_extract_all.3
-debian/tmp/usr/share/man/man3/tar_extract_file.3
-debian/tmp/usr/share/man/man3/tar_open.3
-debian/tmp/usr/share/man/man3/th_get_pathname.3
-debian/tmp/usr/share/man/man3/th_print_long_ls.3
-debian/tmp/usr/share/man/man3/th_read.3
-debian/tmp/usr/share/man/man3/th_set_from_stat.3
Index: 1.2.20-3/debian/compat
===================================================================
--- 1.2.20-3/debian/compat (revision 51)
+++ 1.2.20-3/debian/compat (nonexistent)
@@ -1 +0,0 @@
-7
Index: 1.2.20-3/debian/libtar-dev.examples
===================================================================
--- 1.2.20-3/debian/libtar-dev.examples (revision 51)
+++ 1.2.20-3/debian/libtar-dev.examples (nonexistent)
@@ -1,2 +0,0 @@
-libtar/libtar.c
-libtar/Makefile
Index: 1.2.20-3/debian/watch
===================================================================
--- 1.2.20-3/debian/watch (revision 51)
+++ 1.2.20-3/debian/watch (nonexistent)
@@ -1,6 +0,0 @@
-version=3
-
-#ftp://ftp.feep.net/pub/software/libtar/libtar-(.*).tar.gz
-
-opts=downloadurlmangle=s/tag/snapshot/,filenamemangle=s/.*\/v([\d\.]+)$/libtar-$1.tar.gz/ \
- http://repo.or.cz/w/libtar.git/shortlog ^.*/v([\d\.]+)
Index: 1.2.20-3/debian/changelog
===================================================================
--- 1.2.20-3/debian/changelog (revision 51)
+++ 1.2.20-3/debian/changelog (nonexistent)
@@ -1,192 +0,0 @@
-libtar (1.2.20-3) unstable; urgency=low
-
- * no_maxpathlen.patch: Fix two grave bugs in the patch. First,
- th_get_pathname would only allocate as much memory as was needed for
- the first filename encountered, causing heap corruption when/if
- encountering longer filenames later. Second, two variables were mixed
- up in tar_append_tree(). Also, fix a potential memory leak and trim
- the patch a bit.
- * [SECURITY] CVE-2013-4420.patch: When the prefix field is in use, the
- safer_name_suffix() function should certainly be applied to the
- combination of it and the name field, not just on the name field.
- * th_get_size-unsigned-int.patch: Make the th_get_size() macro cast the
- result from oct_to_int() to unsigned int. This is the right fix for
- bug #725938 on 64-bit systems, where a specially crafted tar file
- would not cause an integer overflow, but a memory allocation of almost
- 16 exbibytes, which would certainly fail outright without harm.
-
- -- Magnus Holmgren <holmgren@debian.org> Sat, 15 Feb 2014 23:51:51 +0100
-
-libtar (1.2.20-2) unstable; urgency=low
-
- * no_static_buffers.patch: avoid using a static buffer in
- th_get_pathname(). Taken from upstream. Needed for no_maxpathlen.patch.
- * no_maxpathlen.patch: Fix FTBFS on Hurd by dynamically allocating path
- names (Closes: #657116). Thanks to Svante Signell and Petter
- Reinholdtsen.
- * [SECURITY] CVE-2013-4420.patch: Strip out leading slashes and any
- pathname prefix containing ".." components (Closes: #731860). This is
- done in th_get_pathname() (as well as to symlink targets when
- extracting symlinks), not merely when extracting files, which means
- applications calling that function will not see the stored
- filename. There is no way to disable this behaviour, but it can be
- expected that one will be provided when the issue is solved upstream.
- * Bump Standards-Version to 3.9.5.
-
- -- Magnus Holmgren <holmgren@debian.org> Sat, 15 Feb 2014 21:49:37 +0100
-
-libtar (1.2.20-1) unstable; urgency=high
-
- * [SECURITY] New upstream release. Fixes CVE-2013-4397: Integer
- overflow (Closes: #725938).
- * Bump Standards-Version to 3.9.4.
-
- -- Magnus Holmgren <holmgren@debian.org> Thu, 10 Oct 2013 19:20:49 +0200
-
-libtar (1.2.19-1) unstable; urgency=low
-
- * New upstream release.
-
- -- Magnus Holmgren <holmgren@debian.org> Sun, 05 May 2013 17:59:29 +0200
-
-libtar (1.2.16-1) unstable; urgency=low
-
- * New upstream: Chris Frey has stepped up with the consent of the
- original author, Mark Roth, and published an "official unofficial" git
- repo at http://repo.or.cz/w/libtar.git, which I will use for the time
- being.
- * Updated debian/watch to look for tags and corresponding snapshot
- tarballs at above URL.
- * All patches have been incorporated or (in the case of
- autoreconf.patch) made obsolete upstream.
- * debian/rules: Add build-indep and build-arch targets.
- * Updated debian/copyright.
- * Use dpkg-buildflags to set CFLAGS et al.
- * debian/control: Add VCS fields; bump Standards-Version to 3.9.3.
-
- -- Magnus Holmgren <holmgren@debian.org> Sat, 23 Jun 2012 01:03:41 +0200
-
-libtar (1.2.11-8) unstable; urgency=low
-
- * libtool.patch: Set SHELL to the configured shell in those Makefile.in
- where libtool is used; otherwise libtool fails when /bin/sh is dash
- but bash is expected (Closes: #621935).
- * man_hyphen_minus.patch (new): Escape hyphens that should be minus
- signs in man pages.
- * Rename libtar as libtar0 to follow policy.
-
- -- Magnus Holmgren <holmgren@debian.org> Sun, 24 Apr 2011 21:11:52 +0200
-
-libtar (1.2.11-7) unstable; urgency=low
-
- * New maintainer (Closes: #526618).
- * Change source format to 3.0 (quilt), clean up Debian diff and split
- into several patches:
- * libtool.patch: Using libtool to build dynamic library;
- * autoreconf.patch: Changes needed to call autoreconf (bug 511741);
- * memleak.patch: Fix memory leaks;
- * bad_ptrtoint.patch: Document stupidity of tartype_t in libtar.c
- (bug 309945).
- * Increase Debhelper compat level to 7.
- * Use dh_autoreconf to avoid having to keep track of files to clean.
- * memleak2.patch (new): Applied instead of memleak.patch. Fix memory
- leak by making th_get_pathname() return a pointer to a static buffer
- instead of a pointer to a copy of a local buffer (LP: #41804).
- * Add homepage field and watch file (in case there is ever a new
- upstream release).
- * Upgrade to Standards-Version 3.9.1.
-
- -- Magnus Holmgren <holmgren@debian.org> Sat, 26 Mar 2011 23:10:25 +0100
-
-libtar (1.2.11-6) unstable; urgency=low
-
- * Fix autotools usage (Closes: #511741)
-
- -- Julien Danjou <acid@debian.org> Sat, 02 May 2009 11:33:06 +0200
-
-libtar (1.2.11-5) unstable; urgency=low
-
- * New maintainer (Closes: #465889)
- * Add missing binary-indep target in debian/rules (Closes: #395714)
- * Use ${binary:Version} instead of Source-Version
- * Bump standard version
- * Switch to debhelper 5
-
- -- Julien Danjou <acid@debian.org> Wed, 02 Apr 2008 07:06:55 +0200
-
-libtar (1.2.11-4) unstable; urgency=low
-
- * Always include the newest libtool.m4. (Closes: #313612)
-
- -- James Morrison <phython@debian.org> Sun, 28 Aug 2005 09:41:47 -0700
-
-libtar (1.2.11-3) unstable; urgency=low
-
- * Document stupidity of tartype_t in libtar.c. (Closes: #309945)
-
- -- James Morrison <phython@debian.org> Sat, 11 Jun 2005 18:23:15 -0400
-
-libtar (1.2.11-2) unstable; urgency=low
-
- * Move libtar-dev to libdevel. (Closes: #188207)
- * Fix potential memory leak.
-
- -- James Morrison <phython@debian.org> Sun, 25 Jul 2004 12:59:08 -0700
-
-libtar (1.2.11-1) unstable; urgency=low
-
- * New Upstream release.
-
- -- James Morrison <phython@debian.org> Sat, 5 Apr 2003 14:03:19 -0500
-
-libtar (1.2.10-1) unstable; urgency=low
-
- * New Upstream release.
- (Closes: #166602) New upstream uses autoconf 2.5x
- * Remove dependency on automake. Hopefully upstream will except this
- use of libtool.
- * Remove all -static and -shared targets from debian/rules.
- * Use dh_install instead of dh_movefiles.
- * -
-
- -- James Morrison <phython@debian.org> Sat, 5 Apr 2003 14:03:16 -0500
-
-libtar (1.2.5-4) unstable; urgency=low
-
- * New maintainer. (Closes: #154597)
- * WSG_ENCAP is now defined. (Closes: #147764)
- * libtar-dev depends on libc-dev instead of libc6-dev.
-
- -- James Morrison <phython@debian.org> Wed, 14 Aug 2002 23:44:16 -0400
-
-libtar (1.2.5-3) unstable; urgency=low
-
- * Modify build commands to acomadate change in autoconf (Closes #147764)
-
- -- Glenn McGrath <bug1@debian.org> Thu, 23 May 2002 01:06:16 +1000
-
-libtar (1.2.5-2) unstable; urgency=low
-
- * Fix build problem (Closes #135360)
-
- -- Glenn McGrath <bug1@debian.org> Sun, 24 Feb 2002 06:29:31 +1100
-
-libtar (1.2.5-1) unstable; urgency=low
-
- * New upstream version
- * Change section of libtar-dev to devel and libtar to libs
-
- -- Glenn McGrath <bug1@debian.org> Fri, 22 Feb 2002 04:23:15 +1100
-
-libtar (1.2.4-2) unstable; urgency=low
-
- * Change section from devel to libs
-
- -- Glenn McGrath <bug1@debian.org> Sat, 2 Feb 2002 12:12:32 +1100
-
-libtar (1.2.4-1) unstable; urgency=low
-
- * Initial Release. (closes #128042)
-
- -- Glenn McGrath <bug1@debian.org> Sat, 5 Jan 2002 13:24:37 +1100
-
Index: 1.2.20-3/debian/patches/CVE-2013-4420.patch
===================================================================
--- 1.2.20-3/debian/patches/CVE-2013-4420.patch (revision 51)
+++ 1.2.20-3/debian/patches/CVE-2013-4420.patch (nonexistent)
@@ -1,113 +0,0 @@
-Author: Raphael Geissert <geissert@debian.org>
-Bug-Debian: https://bugs.debian.org/731860
-Description: Avoid directory traversal when extracting archives
- by skipping over leading slashes and any prefix containing ".." components.
-Forwarded: yes
-
---- a/lib/decode.c
-+++ b/lib/decode.c
-@@ -22,13 +22,42 @@
- # include <string.h>
- #endif
-
-+char *
-+safer_name_suffix (char const *file_name)
-+{
-+ char const *p, *t;
-+ p = t = file_name;
-+ while (*p == '/') t = ++p;
-+ while (*p)
-+ {
-+ while (p[0] == '.' && p[0] == p[1] && p[2] == '/')
-+ {
-+ p += 3;
-+ t = p;
-+ }
-+ /* advance pointer past the next slash */
-+ while (*p && (p++)[0] != '/');
-+ }
-+
-+ if (!*t)
-+ {
-+ t = ".";
-+ }
-+
-+ if (t != file_name)
-+ {
-+ /* TODO: warn somehow that the path was modified */
-+ }
-+ return (char*)t;
-+}
-+
-
- /* determine full path name */
- char *
- th_get_pathname(TAR *t)
- {
- if (t->th_buf.gnu_longname)
-- return t->th_buf.gnu_longname;
-+ return safer_name_suffix(t->th_buf.gnu_longname);
-
- /* allocate the th_pathname buffer if not already */
- if (t->th_pathname == NULL)
-@@ -51,7 +80,7 @@ th_get_pathname(TAR *t)
- }
-
- /* will be deallocated in tar_close() */
-- return t->th_pathname;
-+ return safer_name_suffix(t->th_pathname);
- }
-
-
---- a/lib/extract.c
-+++ b/lib/extract.c
-@@ -298,14 +298,14 @@ tar_extract_hardlink(TAR * t, char *real
- if (mkdirhier(dirname(filename)) == -1)
- return -1;
- libtar_hashptr_reset(&hp);
-- if (libtar_hash_getkey(t->h, &hp, th_get_linkname(t),
-+ if (libtar_hash_getkey(t->h, &hp, safer_name_suffix(th_get_linkname(t)),
- (libtar_matchfunc_t)libtar_str_match) != 0)
- {
- lnp = (char *)libtar_hashptr_data(&hp);
- linktgt = &lnp[strlen(lnp) + 1];
- }
- else
-- linktgt = th_get_linkname(t);
-+ linktgt = safer_name_suffix(th_get_linkname(t));
-
- #ifdef DEBUG
- printf(" ==> extracting: %s (link to %s)\n", filename, linktgt);
-@@ -343,9 +343,9 @@ tar_extract_symlink(TAR *t, char *realna
-
- #ifdef DEBUG
- printf(" ==> extracting: %s (symlink to %s)\n",
-- filename, th_get_linkname(t));
-+ filename, safer_name_suffix(th_get_linkname(t)));
- #endif
-- if (symlink(th_get_linkname(t), filename) == -1)
-+ if (symlink(safer_name_suffix(th_get_linkname(t)), filename) == -1)
- {
- #ifdef DEBUG
- perror("symlink()");
---- a/lib/internal.h
-+++ b/lib/internal.h
-@@ -21,3 +21,4 @@
- #define TLS_THREAD
- #endif
-
-+char* safer_name_suffix(char const*);
---- a/lib/output.c
-+++ b/lib/output.c
-@@ -123,9 +123,9 @@ th_print_long_ls(TAR *t)
- else
- printf(" link to ");
- if ((t->options & TAR_GNU) && t->th_buf.gnu_longlink != NULL)
-- printf("%s", t->th_buf.gnu_longlink);
-+ printf("%s", safer_name_suffix(t->th_buf.gnu_longlink));
- else
-- printf("%.100s", t->th_buf.linkname);
-+ printf("%.100s", safer_name_suffix(t->th_buf.linkname));
- }
-
- putchar('\n');
Index: 1.2.20-3/debian/patches/series
===================================================================
--- 1.2.20-3/debian/patches/series (revision 51)
+++ 1.2.20-3/debian/patches/series (nonexistent)
@@ -1,4 +0,0 @@
-no_static_buffers.patch
-no_maxpathlen.patch
-CVE-2013-4420.patch
-th_get_size-unsigned-int.patch
Index: 1.2.20-3/debian/patches/no_maxpathlen.patch
===================================================================
--- 1.2.20-3/debian/patches/no_maxpathlen.patch (revision 51)
+++ 1.2.20-3/debian/patches/no_maxpathlen.patch (nonexistent)
@@ -1,466 +0,0 @@
-Author: Svante Signell <svante.signell@telia.com>
-Author: Petter Reinholdtsen <pere@hungry.com>
-Author: Magnus Holmgren <magnus@debian.org>
-Bug-Debian: http://bugs.debian.org/657116
-Description: Fix FTBFS on Hurd by dynamically allocating path names.
- Depends on no_static_buffers.patch, which introduced the th_pathname field.
-
---- a/compat/basename.c
-+++ b/compat/basename.c
-@@ -34,13 +34,25 @@ static char rcsid[] = "$OpenBSD: basenam
- #include <errno.h>
- #include <string.h>
- #include <sys/param.h>
-+#include <stdlib.h>
-
- char *
- openbsd_basename(path)
- const char *path;
- {
-- static char bname[MAXPATHLEN];
-+ static char *bname = NULL;
-+ static size_t allocated = 0;
- register const char *endp, *startp;
-+ int len = 0;
-+
-+ if (!allocated) {
-+ allocated = 64;
-+ bname = malloc(allocated);
-+ if (!bname) {
-+ allocated = 0;
-+ return NULL;
-+ }
-+ }
-
- /* Empty or NULL string gets treated as "." */
- if (path == NULL || *path == '\0') {
-@@ -64,11 +76,19 @@ openbsd_basename(path)
- while (startp > path && *(startp - 1) != '/')
- startp--;
-
-- if (endp - startp + 1 > sizeof(bname)) {
-- errno = ENAMETOOLONG;
-- return(NULL);
-+ len = endp - startp + 1;
-+
-+ if (len + 1 > allocated) {
-+ size_t new_allocated = 2*(len+1);
-+ void *new_bname = malloc(new_allocated);
-+ if (!new_bname)
-+ return NULL;
-+ allocated = new_allocated;
-+ free(bname);
-+ bname = new_bname;
- }
-- (void)strncpy(bname, startp, endp - startp + 1);
-- bname[endp - startp + 1] = '\0';
-+
-+ (void)strncpy(bname, startp, len);
-+ bname[len] = '\0';
- return(bname);
- }
---- a/compat/dirname.c
-+++ b/compat/dirname.c
-@@ -34,13 +34,25 @@ static char rcsid[] = "$OpenBSD: dirname
- #include <errno.h>
- #include <string.h>
- #include <sys/param.h>
-+#include <stdlib.h>
-
- char *
- openbsd_dirname(path)
- const char *path;
- {
-- static char bname[MAXPATHLEN];
-+ static char *bname = NULL;
-+ static size_t allocated = 0;
- register const char *endp;
-+ int len;
-+
-+ if (!allocated) {
-+ allocated = 64;
-+ bname = malloc(allocated);
-+ if (!bname) {
-+ allocated = 0;
-+ return NULL;
-+ }
-+ }
-
- /* Empty or NULL string gets treated as "." */
- if (path == NULL || *path == '\0') {
---- a/lib/append.c
-+++ b/lib/append.c
-@@ -38,7 +38,7 @@ typedef struct tar_dev tar_dev_t;
- struct tar_ino
- {
- ino_t ti_ino;
-- char ti_name[MAXPATHLEN];
-+ char ti_name[];
- };
- typedef struct tar_ino tar_ino_t;
-
-@@ -61,7 +61,7 @@ tar_append_file(TAR *t, const char *real
- libtar_hashptr_t hp;
- tar_dev_t *td = NULL;
- tar_ino_t *ti = NULL;
-- char path[MAXPATHLEN];
-+ char *path = NULL;
-
- #ifdef DEBUG
- printf("==> tar_append_file(TAR=0x%lx (\"%s\"), realname=\"%s\", "
-@@ -126,34 +126,39 @@ tar_append_file(TAR *t, const char *real
- }
- else
- {
-+ const char *name;
- #ifdef DEBUG
- printf("+++ adding entry: device (0x%lx,0x%lx), inode %ld "
- "(\"%s\")...\n", major(s.st_dev), minor(s.st_dev),
- s.st_ino, realname);
- #endif
-- ti = (tar_ino_t *)calloc(1, sizeof(tar_ino_t));
-+ name = savename ? savename : realname;
-+ ti = (tar_ino_t *)calloc(1, sizeof(tar_ino_t) + strlen(name) + 1);
- if (ti == NULL)
- return -1;
- ti->ti_ino = s.st_ino;
-- snprintf(ti->ti_name, sizeof(ti->ti_name), "%s",
-- savename ? savename : realname);
-+ snprintf(ti->ti_name, strlen(name) + 1, "%s", name);
- libtar_hash_add(td->td_h, ti);
- }
-
- /* check if it's a symlink */
- if (TH_ISSYM(t))
- {
-- i = readlink(realname, path, sizeof(path));
-+ if ((path = malloc(s.st_size + 1)) == NULL)
-+ return -1;
-+ i = readlink(realname, path, s.st_size);
- if (i == -1)
-+ {
-+ free(path);
- return -1;
-- if (i >= MAXPATHLEN)
-- i = MAXPATHLEN - 1;
-+ }
- path[i] = '\0';
- #ifdef DEBUG
- printf(" tar_append_file(): encoding symlink \"%s\" -> "
- "\"%s\"...\n", realname, path);
- #endif
- th_set_link(t, path);
-+ free(path);
- }
-
- /* print file info */
---- a/lib/decode.c
-+++ b/lib/decode.c
-@@ -33,7 +33,8 @@ th_get_pathname(TAR *t)
- /* allocate the th_pathname buffer if not already */
- if (t->th_pathname == NULL)
- {
-- t->th_pathname = malloc(MAXPATHLEN * sizeof(char));
-+ /* Allocate the maximum length of prefix + '/' + name + '\0' */
-+ t->th_pathname = malloc(155 + 1 + 100 + 1);
- if (t->th_pathname == NULL)
- /* out of memory */
- return NULL;
-@@ -41,11 +42,11 @@ th_get_pathname(TAR *t)
-
- if (t->th_buf.prefix[0] == '\0')
- {
-- snprintf(t->th_pathname, MAXPATHLEN, "%.100s", t->th_buf.name);
-+ sprintf(t->th_pathname, "%.100s", t->th_buf.name);
- }
- else
- {
-- snprintf(t->th_pathname, MAXPATHLEN, "%.155s/%.100s",
-+ sprintf(t->th_pathname, "%.155s/%.100s",
- t->th_buf.prefix, t->th_buf.name);
- }
-
---- a/lib/util.c
-+++ b/lib/util.c
-@@ -15,6 +15,7 @@
- #include <stdio.h>
- #include <sys/param.h>
- #include <errno.h>
-+#include <stdlib.h>
-
- #ifdef STDC_HEADERS
- # include <string.h>
-@@ -25,13 +26,15 @@
- int
- path_hashfunc(char *key, int numbuckets)
- {
-- char buf[MAXPATHLEN];
-+ char *buf;
- char *p;
-+ int i;
-
-- strcpy(buf, key);
-+ buf = strdup(key);
- p = basename(buf);
--
-- return (((unsigned int)p[0]) % numbuckets);
-+ i = ((unsigned int)p[0]) % numbuckets;
-+ free(buf);
-+ return (i);
- }
-
-
-@@ -77,15 +80,26 @@ ino_hash(ino_t *inode)
- int
- mkdirhier(char *path)
- {
-- char src[MAXPATHLEN], dst[MAXPATHLEN] = "";
-- char *dirp, *nextp = src;
-- int retval = 1;
-+ char *src, *dst = NULL;
-+ char *dirp, *nextp = NULL;
-+ int retval = 1, len;
-+
-+ len = strlen(path);
-+ if ((src = strdup(path)) == NULL)
-+ {
-+ errno = ENOMEM;
-+ return -1;
-+ }
-+ nextp = src;
-
-- if (strlcpy(src, path, sizeof(src)) > sizeof(src))
-+ /* Make room for // with absolute paths */
-+ if ((dst = malloc(len + 2)) == NULL)
- {
-- errno = ENAMETOOLONG;
-+ free(src);
-+ errno = ENOMEM;
- return -1;
- }
-+ dst[0] = '\0';
-
- if (path[0] == '/')
- strcpy(dst, "/");
-@@ -102,12 +116,18 @@ mkdirhier(char *path)
- if (mkdir(dst, 0777) == -1)
- {
- if (errno != EEXIST)
-+ {
-+ free(src);
-+ free(dst);
- return -1;
-+ }
- }
- else
- retval = 0;
- }
-
-+ free(src);
-+ free(dst);
- return retval;
- }
-
---- a/lib/wrapper.c
-+++ b/lib/wrapper.c
-@@ -16,6 +16,7 @@
- #include <sys/param.h>
- #include <dirent.h>
- #include <errno.h>
-+#include <stdlib.h>
-
- #ifdef STDC_HEADERS
- # include <string.h>
-@@ -26,8 +27,8 @@ int
- tar_extract_glob(TAR *t, char *globname, char *prefix)
- {
- char *filename;
-- char buf[MAXPATHLEN];
-- int i;
-+ char *buf = NULL;
-+ int i, len;
-
- while ((i = th_read(t)) == 0)
- {
-@@ -41,11 +42,25 @@ tar_extract_glob(TAR *t, char *globname,
- if (t->options & TAR_VERBOSE)
- th_print_long_ls(t);
- if (prefix != NULL)
-- snprintf(buf, sizeof(buf), "%s/%s", prefix, filename);
-+ {
-+ len = strlen(prefix) + 1 + strlen(filename);
-+ if ((buf = malloc(len + 1)) == NULL)
-+ return -1;
-+ sprintf(buf, "%s/%s", prefix, filename);
-+ }
- else
-- strlcpy(buf, filename, sizeof(buf));
-+ {
-+ len = strlen(filename);
-+ if ((buf = malloc(len + 1)) == NULL)
-+ return -1;
-+ strcpy(buf, filename);
-+ }
- if (tar_extract_file(t, buf) != 0)
-+ {
-+ free(buf);
- return -1;
-+ }
-+ free(buf);
- }
-
- return (i == 1 ? 0 : -1);
-@@ -56,8 +71,9 @@ int
- tar_extract_all(TAR *t, char *prefix)
- {
- char *filename;
-- char buf[MAXPATHLEN];
-- int i;
-+ char *buf = NULL;
-+ size_t bufsize = 0;
-+ int i, len;
-
- #ifdef DEBUG
- printf("==> tar_extract_all(TAR *t, \"%s\")\n",
-@@ -73,15 +89,29 @@ tar_extract_all(TAR *t, char *prefix)
- if (t->options & TAR_VERBOSE)
- th_print_long_ls(t);
- if (prefix != NULL)
-- snprintf(buf, sizeof(buf), "%s/%s", prefix, filename);
-+ {
-+ len = strlen(prefix) + 1 + strlen(filename);
-+ if ((buf = malloc(len + 1)) == NULL)
-+ return -1;
-+ sprintf(buf, "%s/%s", prefix, filename);
-+ }
- else
-- strlcpy(buf, filename, sizeof(buf));
-+ {
-+ len = strlen(filename);
-+ if ((buf = malloc(len + 1)) == NULL)
-+ return -1;
-+ strcpy(buf, filename);
-+ }
- #ifdef DEBUG
- printf(" tar_extract_all(): calling tar_extract_file(t, "
- "\"%s\")\n", buf);
- #endif
- if (tar_extract_file(t, buf) != 0)
-+ {
-+ free(buf);
- return -1;
-+ }
-+ free(buf);
- }
-
- return (i == 1 ? 0 : -1);
-@@ -91,11 +121,14 @@ tar_extract_all(TAR *t, char *prefix)
- int
- tar_append_tree(TAR *t, char *realdir, char *savedir)
- {
-- char realpath[MAXPATHLEN];
-- char savepath[MAXPATHLEN];
-+ char *realpath = NULL;
-+ size_t realpathsize = 0;
-+ char *savepath = NULL;
-+ size_t savepathsize = 0;
- struct dirent *dent;
- DIR *dp;
- struct stat s;
-+ int len;
-
- #ifdef DEBUG
- printf("==> tar_append_tree(0x%lx, \"%s\", \"%s\")\n",
-@@ -122,11 +155,21 @@ tar_append_tree(TAR *t, char *realdir, c
- strcmp(dent->d_name, "..") == 0)
- continue;
-
-- snprintf(realpath, MAXPATHLEN, "%s/%s", realdir,
-+ len = strlen(realdir) + 1 + strlen(dent->d_name);
-+ if ((realpath = malloc(len + 1)) == NULL)
-+ return -1;
-+ snprintf(realpath, len + 1, "%s/%s", realdir,
- dent->d_name);
- if (savedir)
-- snprintf(savepath, MAXPATHLEN, "%s/%s", savedir,
-+ {
-+ len = strlen(savedir) + 1 + strlen(dent->d_name);
-+ if ((savepath = malloc(len + 1)) == NULL) {
-+ free(realpath);
-+ return -1;
-+ }
-+ snprintf(savepath, len + 1, "%s/%s", savedir,
- dent->d_name);
-+ }
-
- if (lstat(realpath, &s) != 0)
- return -1;
-@@ -135,13 +178,23 @@ tar_append_tree(TAR *t, char *realdir, c
- {
- if (tar_append_tree(t, realpath,
- (savedir ? savepath : NULL)) != 0)
-+ {
-+ free(realpath);
-+ free(savepath);
- return -1;
-+ }
- continue;
- }
-
- if (tar_append_file(t, realpath,
- (savedir ? savepath : NULL)) != 0)
-+ {
-+ free(realpath);
-+ free(savepath);
- return -1;
-+ }
-+ free(realpath);
-+ free(savepath);
- }
-
- closedir(dp);
---- a/libtar/libtar.c
-+++ b/libtar/libtar.c
-@@ -111,8 +111,9 @@ create(char *tarfile, char *rootdir, lib
- {
- TAR *t;
- char *pathname;
-- char buf[MAXPATHLEN];
-+ char *buf = NULL;
- libtar_listptr_t lp;
-+ int len;
-
- if (tar_open(&t, tarfile,
- #ifdef HAVE_LIBZ
-@@ -133,17 +134,29 @@ create(char *tarfile, char *rootdir, lib
- {
- pathname = (char *)libtar_listptr_data(&lp);
- if (pathname[0] != '/' && rootdir != NULL)
-- snprintf(buf, sizeof(buf), "%s/%s", rootdir, pathname);
-+ {
-+ len = strlen(rootdir) + 1 + strlen(pathname);
-+ if ((buf = malloc(len + 1)) == NULL)
-+ return -1;
-+ snprintf(buf, len + 1, "%s/%s", rootdir, pathname);
-+ }
- else
-- strlcpy(buf, pathname, sizeof(buf));
-+ {
-+ len = strlen(pathname);
-+ if ((buf = malloc(len + 1)) == NULL)
-+ return -1;
-+ strlcpy(buf, pathname, len + 1);
-+ }
- if (tar_append_tree(t, buf, pathname) != 0)
- {
- fprintf(stderr,
- "tar_append_tree(\"%s\", \"%s\"): %s\n", buf,
- pathname, strerror(errno));
- tar_close(t);
-+ free(buf);
- return -1;
- }
-+ free(buf);
- }
-
- if (tar_append_eof(t) != 0)
Index: 1.2.20-3/debian/patches/no_static_buffers.patch
===================================================================
--- 1.2.20-3/debian/patches/no_static_buffers.patch (revision 51)
+++ 1.2.20-3/debian/patches/no_static_buffers.patch (nonexistent)
@@ -1,82 +0,0 @@
-From: Kamil Dudka <kdudka@redhat.com>
-Date: Wed, 23 Oct 2013 13:04:22 +0000 (+0200)
-Origin: http://repo.or.cz/w/libtar.git/commitdiff/ec613af2e9371d7a3e1f7c7a6822164a4255b4d1
-Subject: decode: avoid using a static buffer in th_get_pathname()
-
-decode: avoid using a static buffer in th_get_pathname()
-
-A solution suggested by Chris Frey:
-https://lists.feep.net:8080/pipermail/libtar/2013-October/000377.html
-
-Note this can break programs that expect sizeof(TAR) to be fixed.
-
---- a/lib/decode.c
-+++ b/lib/decode.c
-@@ -13,6 +13,7 @@
- #include <internal.h>
-
- #include <stdio.h>
-+#include <stdlib.h>
- #include <sys/param.h>
- #include <pwd.h>
- #include <grp.h>
-@@ -26,20 +27,30 @@
- char *
- th_get_pathname(TAR *t)
- {
-- static TLS_THREAD char filename[MAXPATHLEN];
--
- if (t->th_buf.gnu_longname)
- return t->th_buf.gnu_longname;
-
-- if (t->th_buf.prefix[0] != '\0')
-+ /* allocate the th_pathname buffer if not already */
-+ if (t->th_pathname == NULL)
-+ {
-+ t->th_pathname = malloc(MAXPATHLEN * sizeof(char));
-+ if (t->th_pathname == NULL)
-+ /* out of memory */
-+ return NULL;
-+ }
-+
-+ if (t->th_buf.prefix[0] == '\0')
-+ {
-+ snprintf(t->th_pathname, MAXPATHLEN, "%.100s", t->th_buf.name);
-+ }
-+ else
- {
-- snprintf(filename, sizeof(filename), "%.155s/%.100s",
-+ snprintf(t->th_pathname, MAXPATHLEN, "%.155s/%.100s",
- t->th_buf.prefix, t->th_buf.name);
-- return filename;
- }
-
-- snprintf(filename, sizeof(filename), "%.100s", t->th_buf.name);
-- return filename;
-+ /* will be deallocated in tar_close() */
-+ return t->th_pathname;
- }
-
-
---- a/lib/handle.c
-+++ b/lib/handle.c
-@@ -121,6 +121,7 @@ tar_close(TAR *t)
- libtar_hash_free(t->h, ((t->oflags & O_ACCMODE) == O_RDONLY
- ? free
- : (libtar_freefunc_t)tar_dev_free));
-+ free(t->th_pathname);
- free(t);
-
- return i;
---- a/lib/libtar.h
-+++ b/lib/libtar.h
-@@ -85,6 +85,9 @@ typedef struct
- int options;
- struct tar_header th_buf;
- libtar_hash_t *h;
-+
-+ /* introduced in libtar 1.2.21 */
-+ char *th_pathname;
- }
- TAR;
-
Index: 1.2.20-3/debian/patches/th_get_size-unsigned-int.patch
===================================================================
--- 1.2.20-3/debian/patches/th_get_size-unsigned-int.patch (revision 51)
+++ 1.2.20-3/debian/patches/th_get_size-unsigned-int.patch (nonexistent)
@@ -1,52 +0,0 @@
-Origin: http://repo.or.cz/w/libtar.git/commitdiff/e4c1f2974258d6a325622cfd712873d49b5e7a73
-From: Chris Frey <cdfrey@foursquare.net>
-Date: Thu, 24 Oct 2013 18:52:44 -0400
-Subject: [PATCH] Change th_get_size() macro to return unsigned int
-
-On systems where size_t is larger than an int (and larger than
-unsigned int), then in various places in the library, where
-stuff like this happens:
-
- size_t sz = th_get_size(t);
-
-then the int value returned from th_get_size() is sign extended to
-some unwieldy amount.
-
-On 64bit systems, this can yield extremely large values.
-
-By fixing this problem in the header, and only for th_get_size(),
-we avoid breaking the API of the function call oct_to_int()
-(which arguably should return an unsigned int, since the sscanf()
-it uses expects to yield an unsigned int). We also fix the library,
-which uses th_get_size() internally to assign sizes to size_t.
-
-The drawback is that not all client code that uses th_get_size()
-will be fixed, until they recompile, but they will automatically
-take advantage of the bugs fixed *inside* the library.
-
-The remaining th_get_*() functions operate on modes and CRC values
-and the like, and should be fine, remaining as ints.
-
-Thanks very much to Magnus Holmgren for catching this behaviour.
-https://lists.feep.net:8080/pipermail/libtar/2013-October/000365.html
----
- lib/libtar.h | 6 +++++-
- 1 file changed, 5 insertions(+), 1 deletion(-)
-
-diff --git a/lib/libtar.h b/lib/libtar.h
-index 2fefee0..13bb82d 100644
---- a/lib/libtar.h
-+++ b/lib/libtar.h
-@@ -185,7 +185,11 @@ int th_write(TAR *t);
-
- /* decode tar header info */
- #define th_get_crc(t) oct_to_int((t)->th_buf.chksum)
--#define th_get_size(t) oct_to_int((t)->th_buf.size)
-+/* We cast from int (what oct_to_int() returns) to
-+ unsigned int, to avoid unwieldy sign extensions
-+ from occurring on systems where size_t is bigger than int,
-+ since th_get_size() is often stored into a size_t. */
-+#define th_get_size(t) ((unsigned int)oct_to_int((t)->th_buf.size))
- #define th_get_mtime(t) oct_to_int((t)->th_buf.mtime)
- #define th_get_devmajor(t) oct_to_int((t)->th_buf.devmajor)
- #define th_get_devminor(t) oct_to_int((t)->th_buf.devminor)
Index: 1.2.20-3/debian/copyright
===================================================================
--- 1.2.20-3/debian/copyright (revision 51)
+++ 1.2.20-3/debian/copyright (nonexistent)
@@ -1,45 +0,0 @@
-This package was debianized by Glenn McGrath <bug1@debian.org> on
-Sat, 5 Jan 2002 13:24:37 +1100.
-
-It was downloaded from http://repo.or.cz/w/libtar.git; previously from
-http://www.feep.net/libtar/
-
-Upstream Authors: Mark D. Roth <roth@uiuc.edu> and Chris Frey
-<cdfrey@foursquare.net>
-
-Copyright:
-Copyright (c) 1998-2003 University of Illinois Board of Trustees
-Copyright (c) 1998-2003 Mark D. Roth
-All rights reserved.
-
-Developed by: Campus Information Technologies and Educational Services,
- University of Illinois at Urbana-Champaign
-
-Permission is hereby granted, free of charge, to any person obtaining
-a copy of this software and associated documentation files (the
-``Software''), to deal with the Software without restriction, including
-without limitation the rights to use, copy, modify, merge, publish,
-distribute, sublicense, and/or sell copies of the Software, and to
-permit persons to whom the Software is furnished to do so, subject to
-the following conditions:
-
-* Redistributions of source code must retain the above copyright
- notice, this list of conditions and the following disclaimers.
-
-* Redistributions in binary form must reproduce the above copyright
- notice, this list of conditions and the following disclaimers in the
- documentation and/or other materials provided with the distribution.
-
-* Neither the names of Campus Information Technologies and Educational
- Services, University of Illinois at Urbana-Champaign, nor the names
- of its contributors may be used to endorse or promote products derived
- from this Software without specific prior written permission.
-
-THE SOFTWARE IS PROVIDED ``AS IS'', WITHOUT WARRANTY OF ANY KIND,
-EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
-MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT.
-IN NO EVENT SHALL THE CONTRIBUTORS OR COPYRIGHT HOLDERS BE LIABLE FOR
-ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT,
-TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE
-OR THE USE OR OTHER DEALINGS WITH THE SOFTWARE.
-
Index: 1.2.20-3/debian/docs
===================================================================
--- 1.2.20-3/debian/docs (revision 51)
+++ 1.2.20-3/debian/docs (nonexistent)
@@ -1,3 +0,0 @@
-README
-TODO
-ChangeLog-1.0.x
Index: 1.2.20-3/debian/rules
===================================================================
--- 1.2.20-3/debian/rules (revision 51)
+++ 1.2.20-3/debian/rules (nonexistent)
@@ -1,62 +0,0 @@
-#!/usr/bin/make -f
-
-export LIBTOOLIZE = libtoolize --install
-
-configure: configure-stamp
-configure-stamp:
- dh_testdir
- [ -f debian/autoreconf.before ] || dh_autoreconf
- ./configure \
- --prefix=/usr \
- --mandir=\$${prefix}/share/man \
- $(shell dpkg-buildflags --export=configure)
- touch configure-stamp
-
-build-arch: build
-build-indep:
-build: build-stamp
-build-stamp: configure-stamp
- dh_testdir
- $(MAKE)
- touch build-stamp
-
-clean:
- dh_testdir
- dh_testroot
- # Stale build files
- [ ! -f Makefile ] || $(MAKE) distclean
- -rm -f build-stamp configure-stamp
- dh_autoreconf_clean
- dh_clean libtool configure
-
-install: build-stamp
- dh_testdir
- dh_testroot
- dh_prep
-
- $(MAKE) install DESTDIR=$(CURDIR)/debian/tmp
-
-binary-indep:
-
-binary-arch: install
- dh_testdir
- dh_testroot
- dh_install --sourcedir=debian/tmp
-
- dh_installdocs
- dh_installexamples
- dh_installman
- dh_installchangelogs ChangeLog
- dh_link
- dh_strip
- dh_compress
- dh_fixperms
- dh_makeshlibs
- dh_installdeb
- dh_shlibdeps
- dh_gencontrol
- dh_md5sums
- dh_builddeb
-
-binary: binary-indep binary-arch
-.PHONY: build clean binary-indep binary-arch binary install configure

/1.2.20-3/debian/rules
Property changes:
Deleted: svn:executable
## -1 +0,0 ##
-*
\ No newline at end of property
Index: 1.2.20-3/debian/libtar-dev.install
===================================================================
--- 1.2.20-3/debian/libtar-dev.install (revision 51)
+++ 1.2.20-3/debian/libtar-dev.install (nonexistent)
@@ -1,4 +0,0 @@
-usr/include/libtar.h
-usr/include/libtar_listhash.h
-usr/lib/lib*.a
-usr/lib/lib*so
Index: 1.2.20-3/debian
===================================================================
--- 1.2.20-3/debian (revision 51)
+++ 1.2.20-3/debian (nonexistent)

/1.2.20-3/debian
Property changes:
Deleted: mergeWithUpstream
## -1 +0,0 ##
-1
\ No newline at end of property
Index: 1.2.20-4/debian/libtar-dev.install
===================================================================
--- 1.2.20-4/debian/libtar-dev.install (revision 51)
+++ 1.2.20-4/debian/libtar-dev.install (nonexistent)
@@ -1,4 +0,0 @@
-usr/include/libtar.h
-usr/include/libtar_listhash.h
-usr/lib/lib*.a
-usr/lib/lib*so
Index: 1.2.20-4/debian/source/format
===================================================================
--- 1.2.20-4/debian/source/format (revision 51)
+++ 1.2.20-4/debian/source/format (nonexistent)
@@ -1 +0,0 @@
-3.0 (quilt)
Index: 1.2.20-4/debian/control
===================================================================
--- 1.2.20-4/debian/control (revision 51)
+++ 1.2.20-4/debian/control (nonexistent)
@@ -1,29 +0,0 @@
-Source: libtar
-Section: libs
-Priority: optional
-Maintainer: Magnus Holmgren <holmgren@debian.org>
-Build-Depends: dpkg-dev (>= 1.15.7), debhelper (>= 7), dh-autoreconf,
- autoconf, libtool
-Standards-Version: 3.9.5
-Homepage: http://www.feep.net/libtar/
-Vcs-Browser: http://svn.kibibyte.se/libtar
-Vcs-Svn: svn://svn.kibibyte.se/libtar/trunk
-
-Package: libtar-dev
-Architecture: any
-Section: libdevel
-Depends: libtar0 (= ${binary:Version}), ${misc:Depends}
-Description: C library for manipulating tar archives (development files)
- Contains static library, headers, example code and development manpages
- for libtar
-
-Package: libtar0
-Architecture: any
-Depends: ${shlibs:Depends}, ${misc:Depends}
-Replaces: libtar
-Breaks: libtar
-Provides: libtar
-Description: C library for manipulating tar archives
- libtar allows programs to create, extract and test tar archives.
- It supports both the strict POSIX tar format and many of the commonly-used
- GNU extensions.
Index: 1.2.20-4/debian/libtar0.install
===================================================================
--- 1.2.20-4/debian/libtar0.install (revision 51)
+++ 1.2.20-4/debian/libtar0.install (nonexistent)
@@ -1 +0,0 @@
-usr/lib/lib*.so.*
Index: 1.2.20-4/debian/libtar-dev.manpages
===================================================================
--- 1.2.20-4/debian/libtar-dev.manpages (revision 51)
+++ 1.2.20-4/debian/libtar-dev.manpages (nonexistent)
@@ -1,11 +0,0 @@
-debian/tmp/usr/share/man/man3/libtar_hash_new.3
-debian/tmp/usr/share/man/man3/libtar_list_new.3
-debian/tmp/usr/share/man/man3/tar_append_file.3
-debian/tmp/usr/share/man/man3/tar_block_read.3
-debian/tmp/usr/share/man/man3/tar_extract_all.3
-debian/tmp/usr/share/man/man3/tar_extract_file.3
-debian/tmp/usr/share/man/man3/tar_open.3
-debian/tmp/usr/share/man/man3/th_get_pathname.3
-debian/tmp/usr/share/man/man3/th_print_long_ls.3
-debian/tmp/usr/share/man/man3/th_read.3
-debian/tmp/usr/share/man/man3/th_set_from_stat.3
Index: 1.2.20-4/debian/compat
===================================================================
--- 1.2.20-4/debian/compat (revision 51)
+++ 1.2.20-4/debian/compat (nonexistent)
@@ -1 +0,0 @@
-7
Index: 1.2.20-4/debian/libtar-dev.examples
===================================================================
--- 1.2.20-4/debian/libtar-dev.examples (revision 51)
+++ 1.2.20-4/debian/libtar-dev.examples (nonexistent)
@@ -1,2 +0,0 @@
-libtar/libtar.c
-libtar/Makefile
Index: 1.2.20-4/debian/watch
===================================================================
--- 1.2.20-4/debian/watch (revision 51)
+++ 1.2.20-4/debian/watch (nonexistent)
@@ -1,6 +0,0 @@
-version=3
-
-#ftp://ftp.feep.net/pub/software/libtar/libtar-(.*).tar.gz
-
-opts=downloadurlmangle=s/tag/snapshot/,filenamemangle=s/.*\/v([\d\.]+)$/libtar-$1.tar.gz/ \
- http://repo.or.cz/w/libtar.git/shortlog ^.*/v([\d\.]+)
Index: 1.2.20-4/debian/changelog
===================================================================
--- 1.2.20-4/debian/changelog (revision 51)
+++ 1.2.20-4/debian/changelog (nonexistent)
@@ -1,203 +0,0 @@
-libtar (1.2.20-4) unstable; urgency=high
-
- * no_maxpathlen.patch: Half of the part of the patch modifying
- compat/dirname.c was missing, causing libtar's dirname to always
- return NULL (except in special circumstances). Actually make it work
- (Closes: #745352). (The reason that libtar doesn't use libc's
- dirname() and basename() on some or most platforms is that the code
- doesn't work with destructive versions of these functions).
-
- -- Magnus Holmgren <holmgren@debian.org> Sat, 03 May 2014 20:39:02 +0200
-
-libtar (1.2.20-3) unstable; urgency=low
-
- * no_maxpathlen.patch: Fix two grave bugs in the patch. First,
- th_get_pathname would only allocate as much memory as was needed for
- the first filename encountered, causing heap corruption when/if
- encountering longer filenames later. Second, two variables were mixed
- up in tar_append_tree(). Also, fix a potential memory leak and trim
- the patch a bit.
- * [SECURITY] CVE-2013-4420.patch: When the prefix field is in use, the
- safer_name_suffix() function should certainly be applied to the
- combination of it and the name field, not just on the name field.
- * th_get_size-unsigned-int.patch: Make the th_get_size() macro cast the
- result from oct_to_int() to unsigned int. This is the right fix for
- bug #725938 on 64-bit systems, where a specially crafted tar file
- would not cause an integer overflow, but a memory allocation of almost
- 16 exbibytes, which would certainly fail outright without harm.
-
- -- Magnus Holmgren <holmgren@debian.org> Sat, 15 Feb 2014 23:51:51 +0100
-
-libtar (1.2.20-2) unstable; urgency=low
-
- * no_static_buffers.patch: avoid using a static buffer in
- th_get_pathname(). Taken from upstream. Needed for no_maxpathlen.patch.
- * no_maxpathlen.patch: Fix FTBFS on Hurd by dynamically allocating path
- names (Closes: #657116). Thanks to Svante Signell and Petter
- Reinholdtsen.
- * [SECURITY] CVE-2013-4420.patch: Strip out leading slashes and any
- pathname prefix containing ".." components (Closes: #731860). This is
- done in th_get_pathname() (as well as to symlink targets when
- extracting symlinks), not merely when extracting files, which means
- applications calling that function will not see the stored
- filename. There is no way to disable this behaviour, but it can be
- expected that one will be provided when the issue is solved upstream.
- * Bump Standards-Version to 3.9.5.
-
- -- Magnus Holmgren <holmgren@debian.org> Sat, 15 Feb 2014 21:49:37 +0100
-
-libtar (1.2.20-1) unstable; urgency=high
-
- * [SECURITY] New upstream release. Fixes CVE-2013-4397: Integer
- overflow (Closes: #725938).
- * Bump Standards-Version to 3.9.4.
-
- -- Magnus Holmgren <holmgren@debian.org> Thu, 10 Oct 2013 19:20:49 +0200
-
-libtar (1.2.19-1) unstable; urgency=low
-
- * New upstream release.
-
- -- Magnus Holmgren <holmgren@debian.org> Sun, 05 May 2013 17:59:29 +0200
-
-libtar (1.2.16-1) unstable; urgency=low
-
- * New upstream: Chris Frey has stepped up with the consent of the
- original author, Mark Roth, and published an "official unofficial" git
- repo at http://repo.or.cz/w/libtar.git, which I will use for the time
- being.
- * Updated debian/watch to look for tags and corresponding snapshot
- tarballs at above URL.
- * All patches have been incorporated or (in the case of
- autoreconf.patch) made obsolete upstream.
- * debian/rules: Add build-indep and build-arch targets.
- * Updated debian/copyright.
- * Use dpkg-buildflags to set CFLAGS et al.
- * debian/control: Add VCS fields; bump Standards-Version to 3.9.3.
-
- -- Magnus Holmgren <holmgren@debian.org> Sat, 23 Jun 2012 01:03:41 +0200
-
-libtar (1.2.11-8) unstable; urgency=low
-
- * libtool.patch: Set SHELL to the configured shell in those Makefile.in
- where libtool is used; otherwise libtool fails when /bin/sh is dash
- but bash is expected (Closes: #621935).
- * man_hyphen_minus.patch (new): Escape hyphens that should be minus
- signs in man pages.
- * Rename libtar as libtar0 to follow policy.
-
- -- Magnus Holmgren <holmgren@debian.org> Sun, 24 Apr 2011 21:11:52 +0200
-
-libtar (1.2.11-7) unstable; urgency=low
-
- * New maintainer (Closes: #526618).
- * Change source format to 3.0 (quilt), clean up Debian diff and split
- into several patches:
- * libtool.patch: Using libtool to build dynamic library;
- * autoreconf.patch: Changes needed to call autoreconf (bug 511741);
- * memleak.patch: Fix memory leaks;
- * bad_ptrtoint.patch: Document stupidity of tartype_t in libtar.c
- (bug 309945).
- * Increase Debhelper compat level to 7.
- * Use dh_autoreconf to avoid having to keep track of files to clean.
- * memleak2.patch (new): Applied instead of memleak.patch. Fix memory
- leak by making th_get_pathname() return a pointer to a static buffer
- instead of a pointer to a copy of a local buffer (LP: #41804).
- * Add homepage field and watch file (in case there is ever a new
- upstream release).
- * Upgrade to Standards-Version 3.9.1.
-
- -- Magnus Holmgren <holmgren@debian.org> Sat, 26 Mar 2011 23:10:25 +0100
-
-libtar (1.2.11-6) unstable; urgency=low
-
- * Fix autotools usage (Closes: #511741)
-
- -- Julien Danjou <acid@debian.org> Sat, 02 May 2009 11:33:06 +0200
-
-libtar (1.2.11-5) unstable; urgency=low
-
- * New maintainer (Closes: #465889)
- * Add missing binary-indep target in debian/rules (Closes: #395714)
- * Use ${binary:Version} instead of Source-Version
- * Bump standard version
- * Switch to debhelper 5
-
- -- Julien Danjou <acid@debian.org> Wed, 02 Apr 2008 07:06:55 +0200
-
-libtar (1.2.11-4) unstable; urgency=low
-
- * Always include the newest libtool.m4. (Closes: #313612)
-
- -- James Morrison <phython@debian.org> Sun, 28 Aug 2005 09:41:47 -0700
-
-libtar (1.2.11-3) unstable; urgency=low
-
- * Document stupidity of tartype_t in libtar.c. (Closes: #309945)
-
- -- James Morrison <phython@debian.org> Sat, 11 Jun 2005 18:23:15 -0400
-
-libtar (1.2.11-2) unstable; urgency=low
-
- * Move libtar-dev to libdevel. (Closes: #188207)
- * Fix potential memory leak.
-
- -- James Morrison <phython@debian.org> Sun, 25 Jul 2004 12:59:08 -0700
-
-libtar (1.2.11-1) unstable; urgency=low
-
- * New Upstream release.
-
- -- James Morrison <phython@debian.org> Sat, 5 Apr 2003 14:03:19 -0500
-
-libtar (1.2.10-1) unstable; urgency=low
-
- * New Upstream release.
- (Closes: #166602) New upstream uses autoconf 2.5x
- * Remove dependency on automake. Hopefully upstream will except this
- use of libtool.
- * Remove all -static and -shared targets from debian/rules.
- * Use dh_install instead of dh_movefiles.
- * -
-
- -- James Morrison <phython@debian.org> Sat, 5 Apr 2003 14:03:16 -0500
-
-libtar (1.2.5-4) unstable; urgency=low
-
- * New maintainer. (Closes: #154597)
- * WSG_ENCAP is now defined. (Closes: #147764)
- * libtar-dev depends on libc-dev instead of libc6-dev.
-
- -- James Morrison <phython@debian.org> Wed, 14 Aug 2002 23:44:16 -0400
-
-libtar (1.2.5-3) unstable; urgency=low
-
- * Modify build commands to acomadate change in autoconf (Closes #147764)
-
- -- Glenn McGrath <bug1@debian.org> Thu, 23 May 2002 01:06:16 +1000
-
-libtar (1.2.5-2) unstable; urgency=low
-
- * Fix build problem (Closes #135360)
-
- -- Glenn McGrath <bug1@debian.org> Sun, 24 Feb 2002 06:29:31 +1100
-
-libtar (1.2.5-1) unstable; urgency=low
-
- * New upstream version
- * Change section of libtar-dev to devel and libtar to libs
-
- -- Glenn McGrath <bug1@debian.org> Fri, 22 Feb 2002 04:23:15 +1100
-
-libtar (1.2.4-2) unstable; urgency=low
-
- * Change section from devel to libs
-
- -- Glenn McGrath <bug1@debian.org> Sat, 2 Feb 2002 12:12:32 +1100
-
-libtar (1.2.4-1) unstable; urgency=low
-
- * Initial Release. (closes #128042)
-
- -- Glenn McGrath <bug1@debian.org> Sat, 5 Jan 2002 13:24:37 +1100
-
Index: 1.2.20-4/debian/patches/series
===================================================================
--- 1.2.20-4/debian/patches/series (revision 51)
+++ 1.2.20-4/debian/patches/series (nonexistent)
@@ -1,4 +0,0 @@
-no_static_buffers.patch
-no_maxpathlen.patch
-CVE-2013-4420.patch
-th_get_size-unsigned-int.patch
Index: 1.2.20-4/debian/patches/no_maxpathlen.patch
===================================================================
--- 1.2.20-4/debian/patches/no_maxpathlen.patch (revision 51)
+++ 1.2.20-4/debian/patches/no_maxpathlen.patch (nonexistent)
@@ -1,491 +0,0 @@
-Author: Svante Signell <svante.signell@telia.com>
-Author: Petter Reinholdtsen <pere@hungry.com>
-Author: Magnus Holmgren <magnus@debian.org>
-Bug-Debian: http://bugs.debian.org/657116
-Description: Fix FTBFS on Hurd by dynamically allocating path names.
- Depends on no_static_buffers.patch, which introduced the th_pathname field.
-
---- a/compat/basename.c
-+++ b/compat/basename.c
-@@ -34,13 +34,25 @@ static char rcsid[] = "$OpenBSD: basenam
- #include <errno.h>
- #include <string.h>
- #include <sys/param.h>
-+#include <stdlib.h>
-
- char *
- openbsd_basename(path)
- const char *path;
- {
-- static char bname[MAXPATHLEN];
-+ static char *bname = NULL;
-+ static size_t allocated = 0;
- register const char *endp, *startp;
-+ int len = 0;
-+
-+ if (!allocated) {
-+ allocated = 64;
-+ bname = malloc(allocated);
-+ if (!bname) {
-+ allocated = 0;
-+ return NULL;
-+ }
-+ }
-
- /* Empty or NULL string gets treated as "." */
- if (path == NULL || *path == '\0') {
-@@ -64,11 +76,19 @@ openbsd_basename(path)
- while (startp > path && *(startp - 1) != '/')
- startp--;
-
-- if (endp - startp + 1 > sizeof(bname)) {
-- errno = ENAMETOOLONG;
-- return(NULL);
-+ len = endp - startp + 1;
-+
-+ if (len + 1 > allocated) {
-+ size_t new_allocated = 2*(len+1);
-+ void *new_bname = malloc(new_allocated);
-+ if (!new_bname)
-+ return NULL;
-+ allocated = new_allocated;
-+ free(bname);
-+ bname = new_bname;
- }
-- (void)strncpy(bname, startp, endp - startp + 1);
-- bname[endp - startp + 1] = '\0';
-+
-+ (void)strncpy(bname, startp, len);
-+ bname[len] = '\0';
- return(bname);
- }
---- a/compat/dirname.c
-+++ b/compat/dirname.c
-@@ -34,13 +34,25 @@ static char rcsid[] = "$OpenBSD: dirname
- #include <errno.h>
- #include <string.h>
- #include <sys/param.h>
-+#include <stdlib.h>
-
- char *
- openbsd_dirname(path)
- const char *path;
- {
-- static char bname[MAXPATHLEN];
-+ static char *bname = NULL;
-+ static size_t allocated = 0;
- register const char *endp;
-+ int len;
-+
-+ if (!allocated) {
-+ allocated = 64;
-+ bname = malloc(allocated);
-+ if (!bname) {
-+ allocated = 0;
-+ return NULL;
-+ }
-+ }
-
- /* Empty or NULL string gets treated as "." */
- if (path == NULL || *path == '\0') {
-@@ -67,11 +79,19 @@ openbsd_dirname(path)
- } while (endp > path && *endp == '/');
- }
-
-- if (endp - path + 1 > sizeof(bname)) {
-- errno = ENAMETOOLONG;
-- return(NULL);
-+ len = endp - path + 1;
-+
-+ if (len + 1 > allocated) {
-+ size_t new_allocated = 2*(len+1);
-+ void *new_bname = malloc(new_allocated);
-+ if (!new_bname)
-+ return NULL;
-+ allocated = new_allocated;
-+ free(bname);
-+ bname = new_bname;
- }
-- (void)strncpy(bname, path, endp - path + 1);
-- bname[endp - path + 1] = '\0';
-+
-+ (void)strncpy(bname, path, len);
-+ bname[len] = '\0';
- return(bname);
- }
---- a/lib/append.c
-+++ b/lib/append.c
-@@ -38,7 +38,7 @@ typedef struct tar_dev tar_dev_t;
- struct tar_ino
- {
- ino_t ti_ino;
-- char ti_name[MAXPATHLEN];
-+ char ti_name[];
- };
- typedef struct tar_ino tar_ino_t;
-
-@@ -61,7 +61,7 @@ tar_append_file(TAR *t, const char *real
- libtar_hashptr_t hp;
- tar_dev_t *td = NULL;
- tar_ino_t *ti = NULL;
-- char path[MAXPATHLEN];
-+ char *path = NULL;
-
- #ifdef DEBUG
- printf("==> tar_append_file(TAR=0x%lx (\"%s\"), realname=\"%s\", "
-@@ -126,34 +126,39 @@ tar_append_file(TAR *t, const char *real
- }
- else
- {
-+ const char *name;
- #ifdef DEBUG
- printf("+++ adding entry: device (0x%lx,0x%lx), inode %ld "
- "(\"%s\")...\n", major(s.st_dev), minor(s.st_dev),
- s.st_ino, realname);
- #endif
-- ti = (tar_ino_t *)calloc(1, sizeof(tar_ino_t));
-+ name = savename ? savename : realname;
-+ ti = (tar_ino_t *)calloc(1, sizeof(tar_ino_t) + strlen(name) + 1);
- if (ti == NULL)
- return -1;
- ti->ti_ino = s.st_ino;
-- snprintf(ti->ti_name, sizeof(ti->ti_name), "%s",
-- savename ? savename : realname);
-+ snprintf(ti->ti_name, strlen(name) + 1, "%s", name);
- libtar_hash_add(td->td_h, ti);
- }
-
- /* check if it's a symlink */
- if (TH_ISSYM(t))
- {
-- i = readlink(realname, path, sizeof(path));
-+ if ((path = malloc(s.st_size + 1)) == NULL)
-+ return -1;
-+ i = readlink(realname, path, s.st_size);
- if (i == -1)
-+ {
-+ free(path);
- return -1;
-- if (i >= MAXPATHLEN)
-- i = MAXPATHLEN - 1;
-+ }
- path[i] = '\0';
- #ifdef DEBUG
- printf(" tar_append_file(): encoding symlink \"%s\" -> "
- "\"%s\"...\n", realname, path);
- #endif
- th_set_link(t, path);
-+ free(path);
- }
-
- /* print file info */
---- a/lib/decode.c
-+++ b/lib/decode.c
-@@ -33,7 +33,8 @@ th_get_pathname(TAR *t)
- /* allocate the th_pathname buffer if not already */
- if (t->th_pathname == NULL)
- {
-- t->th_pathname = malloc(MAXPATHLEN * sizeof(char));
-+ /* Allocate the maximum length of prefix + '/' + name + '\0' */
-+ t->th_pathname = malloc(155 + 1 + 100 + 1);
- if (t->th_pathname == NULL)
- /* out of memory */
- return NULL;
-@@ -41,11 +42,11 @@ th_get_pathname(TAR *t)
-
- if (t->th_buf.prefix[0] == '\0')
- {
-- snprintf(t->th_pathname, MAXPATHLEN, "%.100s", t->th_buf.name);
-+ sprintf(t->th_pathname, "%.100s", t->th_buf.name);
- }
- else
- {
-- snprintf(t->th_pathname, MAXPATHLEN, "%.155s/%.100s",
-+ sprintf(t->th_pathname, "%.155s/%.100s",
- t->th_buf.prefix, t->th_buf.name);
- }
-
---- a/lib/util.c
-+++ b/lib/util.c
-@@ -15,6 +15,7 @@
- #include <stdio.h>
- #include <sys/param.h>
- #include <errno.h>
-+#include <stdlib.h>
-
- #ifdef STDC_HEADERS
- # include <string.h>
-@@ -25,13 +26,15 @@
- int
- path_hashfunc(char *key, int numbuckets)
- {
-- char buf[MAXPATHLEN];
-+ char *buf;
- char *p;
-+ int i;
-
-- strcpy(buf, key);
-+ buf = strdup(key);
- p = basename(buf);
--
-- return (((unsigned int)p[0]) % numbuckets);
-+ i = ((unsigned int)p[0]) % numbuckets;
-+ free(buf);
-+ return (i);
- }
-
-
-@@ -77,15 +80,26 @@ ino_hash(ino_t *inode)
- int
- mkdirhier(char *path)
- {
-- char src[MAXPATHLEN], dst[MAXPATHLEN] = "";
-- char *dirp, *nextp = src;
-- int retval = 1;
-+ char *src, *dst = NULL;
-+ char *dirp, *nextp = NULL;
-+ int retval = 1, len;
-+
-+ len = strlen(path);
-+ if ((src = strdup(path)) == NULL)
-+ {
-+ errno = ENOMEM;
-+ return -1;
-+ }
-+ nextp = src;
-
-- if (strlcpy(src, path, sizeof(src)) > sizeof(src))
-+ /* Make room for // with absolute paths */
-+ if ((dst = malloc(len + 2)) == NULL)
- {
-- errno = ENAMETOOLONG;
-+ free(src);
-+ errno = ENOMEM;
- return -1;
- }
-+ dst[0] = '\0';
-
- if (path[0] == '/')
- strcpy(dst, "/");
-@@ -102,12 +116,18 @@ mkdirhier(char *path)
- if (mkdir(dst, 0777) == -1)
- {
- if (errno != EEXIST)
-+ {
-+ free(src);
-+ free(dst);
- return -1;
-+ }
- }
- else
- retval = 0;
- }
-
-+ free(src);
-+ free(dst);
- return retval;
- }
-
---- a/lib/wrapper.c
-+++ b/lib/wrapper.c
-@@ -16,6 +16,7 @@
- #include <sys/param.h>
- #include <dirent.h>
- #include <errno.h>
-+#include <stdlib.h>
-
- #ifdef STDC_HEADERS
- # include <string.h>
-@@ -26,8 +27,8 @@ int
- tar_extract_glob(TAR *t, char *globname, char *prefix)
- {
- char *filename;
-- char buf[MAXPATHLEN];
-- int i;
-+ char *buf = NULL;
-+ int i, len;
-
- while ((i = th_read(t)) == 0)
- {
-@@ -41,11 +42,25 @@ tar_extract_glob(TAR *t, char *globname,
- if (t->options & TAR_VERBOSE)
- th_print_long_ls(t);
- if (prefix != NULL)
-- snprintf(buf, sizeof(buf), "%s/%s", prefix, filename);
-+ {
-+ len = strlen(prefix) + 1 + strlen(filename);
-+ if ((buf = malloc(len + 1)) == NULL)
-+ return -1;
-+ sprintf(buf, "%s/%s", prefix, filename);
-+ }
- else
-- strlcpy(buf, filename, sizeof(buf));
-+ {
-+ len = strlen(filename);
-+ if ((buf = malloc(len + 1)) == NULL)
-+ return -1;
-+ strcpy(buf, filename);
-+ }
- if (tar_extract_file(t, buf) != 0)
-+ {
-+ free(buf);
- return -1;
-+ }
-+ free(buf);
- }
-
- return (i == 1 ? 0 : -1);
-@@ -56,8 +71,9 @@ int
- tar_extract_all(TAR *t, char *prefix)
- {
- char *filename;
-- char buf[MAXPATHLEN];
-- int i;
-+ char *buf = NULL;
-+ size_t bufsize = 0;
-+ int i, len;
-
- #ifdef DEBUG
- printf("==> tar_extract_all(TAR *t, \"%s\")\n",
-@@ -73,15 +89,29 @@ tar_extract_all(TAR *t, char *prefix)
- if (t->options & TAR_VERBOSE)
- th_print_long_ls(t);
- if (prefix != NULL)
-- snprintf(buf, sizeof(buf), "%s/%s", prefix, filename);
-+ {
-+ len = strlen(prefix) + 1 + strlen(filename);
-+ if ((buf = malloc(len + 1)) == NULL)
-+ return -1;
-+ sprintf(buf, "%s/%s", prefix, filename);
-+ }
- else
-- strlcpy(buf, filename, sizeof(buf));
-+ {
-+ len = strlen(filename);
-+ if ((buf = malloc(len + 1)) == NULL)
-+ return -1;
-+ strcpy(buf, filename);
-+ }
- #ifdef DEBUG
- printf(" tar_extract_all(): calling tar_extract_file(t, "
- "\"%s\")\n", buf);
- #endif
- if (tar_extract_file(t, buf) != 0)
-+ {
-+ free(buf);
- return -1;
-+ }
-+ free(buf);
- }
-
- return (i == 1 ? 0 : -1);
-@@ -91,11 +121,14 @@ tar_extract_all(TAR *t, char *prefix)
- int
- tar_append_tree(TAR *t, char *realdir, char *savedir)
- {
-- char realpath[MAXPATHLEN];
-- char savepath[MAXPATHLEN];
-+ char *realpath = NULL;
-+ size_t realpathsize = 0;
-+ char *savepath = NULL;
-+ size_t savepathsize = 0;
- struct dirent *dent;
- DIR *dp;
- struct stat s;
-+ int len;
-
- #ifdef DEBUG
- printf("==> tar_append_tree(0x%lx, \"%s\", \"%s\")\n",
-@@ -122,11 +155,21 @@ tar_append_tree(TAR *t, char *realdir, c
- strcmp(dent->d_name, "..") == 0)
- continue;
-
-- snprintf(realpath, MAXPATHLEN, "%s/%s", realdir,
-+ len = strlen(realdir) + 1 + strlen(dent->d_name);
-+ if ((realpath = malloc(len + 1)) == NULL)
-+ return -1;
-+ snprintf(realpath, len + 1, "%s/%s", realdir,
- dent->d_name);
- if (savedir)
-- snprintf(savepath, MAXPATHLEN, "%s/%s", savedir,
-+ {
-+ len = strlen(savedir) + 1 + strlen(dent->d_name);
-+ if ((savepath = malloc(len + 1)) == NULL) {
-+ free(realpath);
-+ return -1;
-+ }
-+ snprintf(savepath, len + 1, "%s/%s", savedir,
- dent->d_name);
-+ }
-
- if (lstat(realpath, &s) != 0)
- return -1;
-@@ -135,13 +178,23 @@ tar_append_tree(TAR *t, char *realdir, c
- {
- if (tar_append_tree(t, realpath,
- (savedir ? savepath : NULL)) != 0)
-+ {
-+ free(realpath);
-+ free(savepath);
- return -1;
-+ }
- continue;
- }
-
- if (tar_append_file(t, realpath,
- (savedir ? savepath : NULL)) != 0)
-+ {
-+ free(realpath);
-+ free(savepath);
- return -1;
-+ }
-+ free(realpath);
-+ free(savepath);
- }
-
- closedir(dp);
---- a/libtar/libtar.c
-+++ b/libtar/libtar.c
-@@ -111,8 +111,9 @@ create(char *tarfile, char *rootdir, lib
- {
- TAR *t;
- char *pathname;
-- char buf[MAXPATHLEN];
-+ char *buf = NULL;
- libtar_listptr_t lp;
-+ int len;
-
- if (tar_open(&t, tarfile,
- #ifdef HAVE_LIBZ
-@@ -133,17 +134,29 @@ create(char *tarfile, char *rootdir, lib
- {
- pathname = (char *)libtar_listptr_data(&lp);
- if (pathname[0] != '/' && rootdir != NULL)
-- snprintf(buf, sizeof(buf), "%s/%s", rootdir, pathname);
-+ {
-+ len = strlen(rootdir) + 1 + strlen(pathname);
-+ if ((buf = malloc(len + 1)) == NULL)
-+ return -1;
-+ snprintf(buf, len + 1, "%s/%s", rootdir, pathname);
-+ }
- else
-- strlcpy(buf, pathname, sizeof(buf));
-+ {
-+ len = strlen(pathname);
-+ if ((buf = malloc(len + 1)) == NULL)
-+ return -1;
-+ strlcpy(buf, pathname, len + 1);
-+ }
- if (tar_append_tree(t, buf, pathname) != 0)
- {
- fprintf(stderr,
- "tar_append_tree(\"%s\", \"%s\"): %s\n", buf,
- pathname, strerror(errno));
- tar_close(t);
-+ free(buf);
- return -1;
- }
-+ free(buf);
- }
-
- if (tar_append_eof(t) != 0)
Index: 1.2.20-4/debian/patches/no_static_buffers.patch
===================================================================
--- 1.2.20-4/debian/patches/no_static_buffers.patch (revision 51)
+++ 1.2.20-4/debian/patches/no_static_buffers.patch (nonexistent)
@@ -1,82 +0,0 @@
-From: Kamil Dudka <kdudka@redhat.com>
-Date: Wed, 23 Oct 2013 13:04:22 +0000 (+0200)
-Origin: http://repo.or.cz/w/libtar.git/commitdiff/ec613af2e9371d7a3e1f7c7a6822164a4255b4d1
-Subject: decode: avoid using a static buffer in th_get_pathname()
-
-decode: avoid using a static buffer in th_get_pathname()
-
-A solution suggested by Chris Frey:
-https://lists.feep.net:8080/pipermail/libtar/2013-October/000377.html
-
-Note this can break programs that expect sizeof(TAR) to be fixed.
-
---- a/lib/decode.c
-+++ b/lib/decode.c
-@@ -13,6 +13,7 @@
- #include <internal.h>
-
- #include <stdio.h>
-+#include <stdlib.h>
- #include <sys/param.h>
- #include <pwd.h>
- #include <grp.h>
-@@ -26,20 +27,30 @@
- char *
- th_get_pathname(TAR *t)
- {
-- static TLS_THREAD char filename[MAXPATHLEN];
--
- if (t->th_buf.gnu_longname)
- return t->th_buf.gnu_longname;
-
-- if (t->th_buf.prefix[0] != '\0')
-+ /* allocate the th_pathname buffer if not already */
-+ if (t->th_pathname == NULL)
-+ {
-+ t->th_pathname = malloc(MAXPATHLEN * sizeof(char));
-+ if (t->th_pathname == NULL)
-+ /* out of memory */
-+ return NULL;
-+ }
-+
-+ if (t->th_buf.prefix[0] == '\0')
-+ {
-+ snprintf(t->th_pathname, MAXPATHLEN, "%.100s", t->th_buf.name);
-+ }
-+ else
- {
-- snprintf(filename, sizeof(filename), "%.155s/%.100s",
-+ snprintf(t->th_pathname, MAXPATHLEN, "%.155s/%.100s",
- t->th_buf.prefix, t->th_buf.name);
-- return filename;
- }
-
-- snprintf(filename, sizeof(filename), "%.100s", t->th_buf.name);
-- return filename;
-+ /* will be deallocated in tar_close() */
-+ return t->th_pathname;
- }
-
-
---- a/lib/handle.c
-+++ b/lib/handle.c
-@@ -121,6 +121,7 @@ tar_close(TAR *t)
- libtar_hash_free(t->h, ((t->oflags & O_ACCMODE) == O_RDONLY
- ? free
- : (libtar_freefunc_t)tar_dev_free));
-+ free(t->th_pathname);
- free(t);
-
- return i;
---- a/lib/libtar.h
-+++ b/lib/libtar.h
-@@ -85,6 +85,9 @@ typedef struct
- int options;
- struct tar_header th_buf;
- libtar_hash_t *h;
-+
-+ /* introduced in libtar 1.2.21 */
-+ char *th_pathname;
- }
- TAR;
-
Index: 1.2.20-4/debian/patches/th_get_size-unsigned-int.patch
===================================================================
--- 1.2.20-4/debian/patches/th_get_size-unsigned-int.patch (revision 51)
+++ 1.2.20-4/debian/patches/th_get_size-unsigned-int.patch (nonexistent)
@@ -1,52 +0,0 @@
-Origin: http://repo.or.cz/w/libtar.git/commitdiff/e4c1f2974258d6a325622cfd712873d49b5e7a73
-From: Chris Frey <cdfrey@foursquare.net>
-Date: Thu, 24 Oct 2013 18:52:44 -0400
-Subject: [PATCH] Change th_get_size() macro to return unsigned int
-
-On systems where size_t is larger than an int (and larger than
-unsigned int), then in various places in the library, where
-stuff like this happens:
-
- size_t sz = th_get_size(t);
-
-then the int value returned from th_get_size() is sign extended to
-some unwieldy amount.
-
-On 64bit systems, this can yield extremely large values.
-
-By fixing this problem in the header, and only for th_get_size(),
-we avoid breaking the API of the function call oct_to_int()
-(which arguably should return an unsigned int, since the sscanf()
-it uses expects to yield an unsigned int). We also fix the library,
-which uses th_get_size() internally to assign sizes to size_t.
-
-The drawback is that not all client code that uses th_get_size()
-will be fixed, until they recompile, but they will automatically
-take advantage of the bugs fixed *inside* the library.
-
-The remaining th_get_*() functions operate on modes and CRC values
-and the like, and should be fine, remaining as ints.
-
-Thanks very much to Magnus Holmgren for catching this behaviour.
-https://lists.feep.net:8080/pipermail/libtar/2013-October/000365.html
----
- lib/libtar.h | 6 +++++-
- 1 file changed, 5 insertions(+), 1 deletion(-)
-
-diff --git a/lib/libtar.h b/lib/libtar.h
-index 2fefee0..13bb82d 100644
---- a/lib/libtar.h
-+++ b/lib/libtar.h
-@@ -185,7 +185,11 @@ int th_write(TAR *t);
-
- /* decode tar header info */
- #define th_get_crc(t) oct_to_int((t)->th_buf.chksum)
--#define th_get_size(t) oct_to_int((t)->th_buf.size)
-+/* We cast from int (what oct_to_int() returns) to
-+ unsigned int, to avoid unwieldy sign extensions
-+ from occurring on systems where size_t is bigger than int,
-+ since th_get_size() is often stored into a size_t. */
-+#define th_get_size(t) ((unsigned int)oct_to_int((t)->th_buf.size))
- #define th_get_mtime(t) oct_to_int((t)->th_buf.mtime)
- #define th_get_devmajor(t) oct_to_int((t)->th_buf.devmajor)
- #define th_get_devminor(t) oct_to_int((t)->th_buf.devminor)
Index: 1.2.20-4/debian/patches/CVE-2013-4420.patch
===================================================================
--- 1.2.20-4/debian/patches/CVE-2013-4420.patch (revision 51)
+++ 1.2.20-4/debian/patches/CVE-2013-4420.patch (nonexistent)
@@ -1,113 +0,0 @@
-Author: Raphael Geissert <geissert@debian.org>
-Bug-Debian: https://bugs.debian.org/731860
-Description: Avoid directory traversal when extracting archives
- by skipping over leading slashes and any prefix containing ".." components.
-Forwarded: yes
-
---- a/lib/decode.c
-+++ b/lib/decode.c
-@@ -22,13 +22,42 @@
- # include <string.h>
- #endif
-
-+char *
-+safer_name_suffix (char const *file_name)
-+{
-+ char const *p, *t;
-+ p = t = file_name;
-+ while (*p == '/') t = ++p;
-+ while (*p)
-+ {
-+ while (p[0] == '.' && p[0] == p[1] && p[2] == '/')
-+ {
-+ p += 3;
-+ t = p;
-+ }
-+ /* advance pointer past the next slash */
-+ while (*p && (p++)[0] != '/');
-+ }
-+
-+ if (!*t)
-+ {
-+ t = ".";
-+ }
-+
-+ if (t != file_name)
-+ {
-+ /* TODO: warn somehow that the path was modified */
-+ }
-+ return (char*)t;
-+}
-+
-
- /* determine full path name */
- char *
- th_get_pathname(TAR *t)
- {
- if (t->th_buf.gnu_longname)
-- return t->th_buf.gnu_longname;
-+ return safer_name_suffix(t->th_buf.gnu_longname);
-
- /* allocate the th_pathname buffer if not already */
- if (t->th_pathname == NULL)
-@@ -51,7 +80,7 @@ th_get_pathname(TAR *t)
- }
-
- /* will be deallocated in tar_close() */
-- return t->th_pathname;
-+ return safer_name_suffix(t->th_pathname);
- }
-
-
---- a/lib/extract.c
-+++ b/lib/extract.c
-@@ -298,14 +298,14 @@ tar_extract_hardlink(TAR * t, char *real
- if (mkdirhier(dirname(filename)) == -1)
- return -1;
- libtar_hashptr_reset(&hp);
-- if (libtar_hash_getkey(t->h, &hp, th_get_linkname(t),
-+ if (libtar_hash_getkey(t->h, &hp, safer_name_suffix(th_get_linkname(t)),
- (libtar_matchfunc_t)libtar_str_match) != 0)
- {
- lnp = (char *)libtar_hashptr_data(&hp);
- linktgt = &lnp[strlen(lnp) + 1];
- }
- else
-- linktgt = th_get_linkname(t);
-+ linktgt = safer_name_suffix(th_get_linkname(t));
-
- #ifdef DEBUG
- printf(" ==> extracting: %s (link to %s)\n", filename, linktgt);
-@@ -343,9 +343,9 @@ tar_extract_symlink(TAR *t, char *realna
-
- #ifdef DEBUG
- printf(" ==> extracting: %s (symlink to %s)\n",
-- filename, th_get_linkname(t));
-+ filename, safer_name_suffix(th_get_linkname(t)));
- #endif
-- if (symlink(th_get_linkname(t), filename) == -1)
-+ if (symlink(safer_name_suffix(th_get_linkname(t)), filename) == -1)
- {
- #ifdef DEBUG
- perror("symlink()");
---- a/lib/internal.h
-+++ b/lib/internal.h
-@@ -21,3 +21,4 @@
- #define TLS_THREAD
- #endif
-
-+char* safer_name_suffix(char const*);
---- a/lib/output.c
-+++ b/lib/output.c
-@@ -123,9 +123,9 @@ th_print_long_ls(TAR *t)
- else
- printf(" link to ");
- if ((t->options & TAR_GNU) && t->th_buf.gnu_longlink != NULL)
-- printf("%s", t->th_buf.gnu_longlink);
-+ printf("%s", safer_name_suffix(t->th_buf.gnu_longlink));
- else
-- printf("%.100s", t->th_buf.linkname);
-+ printf("%.100s", safer_name_suffix(t->th_buf.linkname));
- }
-
- putchar('\n');
Index: 1.2.20-4/debian/copyright
===================================================================
--- 1.2.20-4/debian/copyright (revision 51)
+++ 1.2.20-4/debian/copyright (nonexistent)
@@ -1,45 +0,0 @@
-This package was debianized by Glenn McGrath <bug1@debian.org> on
-Sat, 5 Jan 2002 13:24:37 +1100.
-
-It was downloaded from http://repo.or.cz/w/libtar.git; previously from
-http://www.feep.net/libtar/
-
-Upstream Authors: Mark D. Roth <roth@uiuc.edu> and Chris Frey
-<cdfrey@foursquare.net>
-
-Copyright:
-Copyright (c) 1998-2003 University of Illinois Board of Trustees
-Copyright (c) 1998-2003 Mark D. Roth
-All rights reserved.
-
-Developed by: Campus Information Technologies and Educational Services,
- University of Illinois at Urbana-Champaign
-
-Permission is hereby granted, free of charge, to any person obtaining
-a copy of this software and associated documentation files (the
-``Software''), to deal with the Software without restriction, including
-without limitation the rights to use, copy, modify, merge, publish,
-distribute, sublicense, and/or sell copies of the Software, and to
-permit persons to whom the Software is furnished to do so, subject to
-the following conditions:
-
-* Redistributions of source code must retain the above copyright
- notice, this list of conditions and the following disclaimers.
-
-* Redistributions in binary form must reproduce the above copyright
- notice, this list of conditions and the following disclaimers in the
- documentation and/or other materials provided with the distribution.
-
-* Neither the names of Campus Information Technologies and Educational
- Services, University of Illinois at Urbana-Champaign, nor the names
- of its contributors may be used to endorse or promote products derived
- from this Software without specific prior written permission.
-
-THE SOFTWARE IS PROVIDED ``AS IS'', WITHOUT WARRANTY OF ANY KIND,
-EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
-MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT.
-IN NO EVENT SHALL THE CONTRIBUTORS OR COPYRIGHT HOLDERS BE LIABLE FOR
-ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT,
-TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE
-OR THE USE OR OTHER DEALINGS WITH THE SOFTWARE.
-
Index: 1.2.20-4/debian/docs
===================================================================
--- 1.2.20-4/debian/docs (revision 51)
+++ 1.2.20-4/debian/docs (nonexistent)
@@ -1,3 +0,0 @@
-README
-TODO
-ChangeLog-1.0.x
Index: 1.2.20-4/debian/rules
===================================================================
--- 1.2.20-4/debian/rules (revision 51)
+++ 1.2.20-4/debian/rules (nonexistent)
@@ -1,62 +0,0 @@
-#!/usr/bin/make -f
-
-export LIBTOOLIZE = libtoolize --install
-
-configure: configure-stamp
-configure-stamp:
- dh_testdir
- [ -f debian/autoreconf.before ] || dh_autoreconf
- ./configure \
- --prefix=/usr \
- --mandir=\$${prefix}/share/man \
- $(shell dpkg-buildflags --export=configure)
- touch configure-stamp
-
-build-arch: build
-build-indep:
-build: build-stamp
-build-stamp: configure-stamp
- dh_testdir
- $(MAKE)
- touch build-stamp
-
-clean:
- dh_testdir
- dh_testroot
- # Stale build files
- [ ! -f Makefile ] || $(MAKE) distclean
- -rm -f build-stamp configure-stamp
- dh_autoreconf_clean
- dh_clean libtool configure
-
-install: build-stamp
- dh_testdir
- dh_testroot
- dh_prep
-
- $(MAKE) install DESTDIR=$(CURDIR)/debian/tmp
-
-binary-indep:
-
-binary-arch: install
- dh_testdir
- dh_testroot
- dh_install --sourcedir=debian/tmp
-
- dh_installdocs
- dh_installexamples
- dh_installman
- dh_installchangelogs ChangeLog
- dh_link
- dh_strip
- dh_compress
- dh_fixperms
- dh_makeshlibs
- dh_installdeb
- dh_shlibdeps
- dh_gencontrol
- dh_md5sums
- dh_builddeb
-
-binary: binary-indep binary-arch
-.PHONY: build clean binary-indep binary-arch binary install configure

/1.2.20-4/debian/rules
Property changes:
Deleted: svn:executable
## -1 +0,0 ##
-*
\ No newline at end of property
Index: 1.2.20-4/debian
===================================================================
--- 1.2.20-4/debian (revision 51)
+++ 1.2.20-4/debian (nonexistent)

/1.2.20-4/debian
Property changes:
Deleted: mergeWithUpstream
## -1 +0,0 ##
-1
\ No newline at end of property
Index: 1.2.20-5/debian/rules
===================================================================
--- 1.2.20-5/debian/rules (revision 51)
+++ 1.2.20-5/debian/rules (nonexistent)
@@ -1,67 +0,0 @@
-#!/usr/bin/make -f
-
-export LIBTOOLIZE = libtoolize --install
-
-configure: configure-stamp
-configure-stamp:
- dh_testdir
- [ -f debian/autoreconf.before ] || dh_autoreconf
- ./configure \
- --prefix=/usr \
- --without-zlib \
- --mandir=\$${prefix}/share/man \
- $(shell dpkg-buildflags --export=configure)
- touch configure-stamp
-
-build-arch: build
-build-indep:
-build: build-stamp
-build-stamp: configure-stamp
- dh_testdir
- $(MAKE)
- touch build-stamp
-
-ifeq (,$(filter nocheck,$(DEB_BUILD_OPTIONS)))
- $(MAKE) check
-endif
-
-clean:
- dh_testdir
- dh_testroot
- # Stale build files
- [ ! -f Makefile ] || $(MAKE) distclean
- -rm -f build-stamp configure-stamp
- dh_autoreconf_clean
- dh_clean libtool configure
-
-install: build-stamp
- dh_testdir
- dh_testroot
- dh_prep
-
- $(MAKE) install DESTDIR=$(CURDIR)/debian/tmp
-
-binary-indep:
-
-binary-arch: install
- dh_testdir
- dh_testroot
- dh_install --sourcedir=debian/tmp
-
- dh_installdocs
- dh_installexamples
- dh_installman
- dh_installchangelogs ChangeLog
- dh_link
- dh_strip
- dh_compress
- dh_fixperms
- dh_makeshlibs
- dh_installdeb
- dh_shlibdeps
- dh_gencontrol
- dh_md5sums
- dh_builddeb
-
-binary: binary-indep binary-arch
-.PHONY: build clean binary-indep binary-arch binary install configure

/1.2.20-5/debian/rules
Property changes:
Deleted: svn:executable
## -1 +0,0 ##
-*
\ No newline at end of property
Index: 1.2.20-5/debian/libtar-dev.install
===================================================================
--- 1.2.20-5/debian/libtar-dev.install (revision 51)
+++ 1.2.20-5/debian/libtar-dev.install (nonexistent)
@@ -1,4 +0,0 @@
-usr/include/libtar.h
-usr/include/libtar_listhash.h
-usr/lib/lib*.a
-usr/lib/lib*so
Index: 1.2.20-5/debian/source/format
===================================================================
--- 1.2.20-5/debian/source/format (revision 51)
+++ 1.2.20-5/debian/source/format (nonexistent)
@@ -1 +0,0 @@
-3.0 (quilt)
Index: 1.2.20-5/debian/control
===================================================================
--- 1.2.20-5/debian/control (revision 51)
+++ 1.2.20-5/debian/control (nonexistent)
@@ -1,29 +0,0 @@
-Source: libtar
-Section: libs
-Priority: optional
-Maintainer: Magnus Holmgren <holmgren@debian.org>
-Build-Depends: dpkg-dev (>= 1.15.7), debhelper (>= 7), dh-autoreconf,
- autoconf, libtool
-Standards-Version: 3.9.7
-Homepage: http://www.feep.net/libtar/
-Vcs-Browser: http://svn.kibibyte.se/libtar
-Vcs-Svn: svn://svn.kibibyte.se/libtar/trunk
-
-Package: libtar-dev
-Architecture: any
-Section: libdevel
-Depends: libtar0 (= ${binary:Version}), ${misc:Depends}
-Description: C library for manipulating tar archives (development files)
- Contains static library, headers, example code and development manpages
- for libtar
-
-Package: libtar0
-Architecture: any
-Depends: ${shlibs:Depends}, ${misc:Depends}
-Replaces: libtar
-Breaks: libtar
-Provides: libtar
-Description: C library for manipulating tar archives
- libtar allows programs to create, extract and test tar archives.
- It supports both the strict POSIX tar format and many of the commonly-used
- GNU extensions.
Index: 1.2.20-5/debian/libtar0.install
===================================================================
--- 1.2.20-5/debian/libtar0.install (revision 51)
+++ 1.2.20-5/debian/libtar0.install (nonexistent)
@@ -1 +0,0 @@
-usr/lib/lib*.so.*
Index: 1.2.20-5/debian/libtar-dev.manpages
===================================================================
--- 1.2.20-5/debian/libtar-dev.manpages (revision 51)
+++ 1.2.20-5/debian/libtar-dev.manpages (nonexistent)
@@ -1,11 +0,0 @@
-debian/tmp/usr/share/man/man3/libtar_hash_new.3
-debian/tmp/usr/share/man/man3/libtar_list_new.3
-debian/tmp/usr/share/man/man3/tar_append_file.3
-debian/tmp/usr/share/man/man3/tar_block_read.3
-debian/tmp/usr/share/man/man3/tar_extract_all.3
-debian/tmp/usr/share/man/man3/tar_extract_file.3
-debian/tmp/usr/share/man/man3/tar_open.3
-debian/tmp/usr/share/man/man3/th_get_pathname.3
-debian/tmp/usr/share/man/man3/th_print_long_ls.3
-debian/tmp/usr/share/man/man3/th_read.3
-debian/tmp/usr/share/man/man3/th_set_from_stat.3
Index: 1.2.20-5/debian/compat
===================================================================
--- 1.2.20-5/debian/compat (revision 51)
+++ 1.2.20-5/debian/compat (nonexistent)
@@ -1 +0,0 @@
-7
Index: 1.2.20-5/debian/libtar-dev.examples
===================================================================
--- 1.2.20-5/debian/libtar-dev.examples (revision 51)
+++ 1.2.20-5/debian/libtar-dev.examples (nonexistent)
@@ -1,2 +0,0 @@
-libtar/libtar.c
-libtar/Makefile
Index: 1.2.20-5/debian/watch
===================================================================
--- 1.2.20-5/debian/watch (revision 51)
+++ 1.2.20-5/debian/watch (nonexistent)
@@ -1,6 +0,0 @@
-version=3
-
-#ftp://ftp.feep.net/pub/software/libtar/libtar-(.*).tar.gz
-
-opts=downloadurlmangle=s/tag/snapshot/,filenamemangle=s/.*\/v([\d\.]+)$/libtar-$1.tar.gz/ \
- http://repo.or.cz/w/libtar.git/shortlog ^.*/v([\d\.]+)
Index: 1.2.20-5/debian/changelog
===================================================================
--- 1.2.20-5/debian/changelog (revision 51)
+++ 1.2.20-5/debian/changelog (nonexistent)
@@ -1,214 +0,0 @@
-libtar (1.2.20-5) unstable; urgency=low
-
- * oldgnu_prefix.patch: Detect old-style GNU headers correctly (Closes:
- #763119). Those appear in incremental archives and use the bytes that
- the new-style headers use for the prefix field for other fields.
- Thanks to Steinar H. Gunderson.
- * testsuite.patch: Add a simple test (Closes: #737258).
- * Bump Standards-Version to 3.9.7.
-
- -- Magnus Holmgren <holmgren@debian.org> Fri, 25 Mar 2016 19:12:23 +0100
-
-libtar (1.2.20-4) unstable; urgency=high
-
- * no_maxpathlen.patch: Half of the part of the patch modifying
- compat/dirname.c was missing, causing libtar's dirname to always
- return NULL (except in special circumstances). Actually make it work
- (Closes: #745352). (The reason that libtar doesn't use libc's
- dirname() and basename() on some or most platforms is that the code
- doesn't work with destructive versions of these functions).
-
- -- Magnus Holmgren <holmgren@debian.org> Sat, 03 May 2014 20:39:02 +0200
-
-libtar (1.2.20-3) unstable; urgency=low
-
- * no_maxpathlen.patch: Fix two grave bugs in the patch. First,
- th_get_pathname would only allocate as much memory as was needed for
- the first filename encountered, causing heap corruption when/if
- encountering longer filenames later. Second, two variables were mixed
- up in tar_append_tree(). Also, fix a potential memory leak and trim
- the patch a bit.
- * [SECURITY] CVE-2013-4420.patch: When the prefix field is in use, the
- safer_name_suffix() function should certainly be applied to the
- combination of it and the name field, not just on the name field.
- * th_get_size-unsigned-int.patch: Make the th_get_size() macro cast the
- result from oct_to_int() to unsigned int. This is the right fix for
- bug #725938 on 64-bit systems, where a specially crafted tar file
- would not cause an integer overflow, but a memory allocation of almost
- 16 exbibytes, which would certainly fail outright without harm.
-
- -- Magnus Holmgren <holmgren@debian.org> Sat, 15 Feb 2014 23:51:51 +0100
-
-libtar (1.2.20-2) unstable; urgency=low
-
- * no_static_buffers.patch: avoid using a static buffer in
- th_get_pathname(). Taken from upstream. Needed for no_maxpathlen.patch.
- * no_maxpathlen.patch: Fix FTBFS on Hurd by dynamically allocating path
- names (Closes: #657116). Thanks to Svante Signell and Petter
- Reinholdtsen.
- * [SECURITY] CVE-2013-4420.patch: Strip out leading slashes and any
- pathname prefix containing ".." components (Closes: #731860). This is
- done in th_get_pathname() (as well as to symlink targets when
- extracting symlinks), not merely when extracting files, which means
- applications calling that function will not see the stored
- filename. There is no way to disable this behaviour, but it can be
- expected that one will be provided when the issue is solved upstream.
- * Bump Standards-Version to 3.9.5.
-
- -- Magnus Holmgren <holmgren@debian.org> Sat, 15 Feb 2014 21:49:37 +0100
-
-libtar (1.2.20-1) unstable; urgency=high
-
- * [SECURITY] New upstream release. Fixes CVE-2013-4397: Integer
- overflow (Closes: #725938).
- * Bump Standards-Version to 3.9.4.
-
- -- Magnus Holmgren <holmgren@debian.org> Thu, 10 Oct 2013 19:20:49 +0200
-
-libtar (1.2.19-1) unstable; urgency=low
-
- * New upstream release.
-
- -- Magnus Holmgren <holmgren@debian.org> Sun, 05 May 2013 17:59:29 +0200
-
-libtar (1.2.16-1) unstable; urgency=low
-
- * New upstream: Chris Frey has stepped up with the consent of the
- original author, Mark Roth, and published an "official unofficial" git
- repo at http://repo.or.cz/w/libtar.git, which I will use for the time
- being.
- * Updated debian/watch to look for tags and corresponding snapshot
- tarballs at above URL.
- * All patches have been incorporated or (in the case of
- autoreconf.patch) made obsolete upstream.
- * debian/rules: Add build-indep and build-arch targets.
- * Updated debian/copyright.
- * Use dpkg-buildflags to set CFLAGS et al.
- * debian/control: Add VCS fields; bump Standards-Version to 3.9.3.
-
- -- Magnus Holmgren <holmgren@debian.org> Sat, 23 Jun 2012 01:03:41 +0200
-
-libtar (1.2.11-8) unstable; urgency=low
-
- * libtool.patch: Set SHELL to the configured shell in those Makefile.in
- where libtool is used; otherwise libtool fails when /bin/sh is dash
- but bash is expected (Closes: #621935).
- * man_hyphen_minus.patch (new): Escape hyphens that should be minus
- signs in man pages.
- * Rename libtar as libtar0 to follow policy.
-
- -- Magnus Holmgren <holmgren@debian.org> Sun, 24 Apr 2011 21:11:52 +0200
-
-libtar (1.2.11-7) unstable; urgency=low
-
- * New maintainer (Closes: #526618).
- * Change source format to 3.0 (quilt), clean up Debian diff and split
- into several patches:
- * libtool.patch: Using libtool to build dynamic library;
- * autoreconf.patch: Changes needed to call autoreconf (bug 511741);
- * memleak.patch: Fix memory leaks;
- * bad_ptrtoint.patch: Document stupidity of tartype_t in libtar.c
- (bug 309945).
- * Increase Debhelper compat level to 7.
- * Use dh_autoreconf to avoid having to keep track of files to clean.
- * memleak2.patch (new): Applied instead of memleak.patch. Fix memory
- leak by making th_get_pathname() return a pointer to a static buffer
- instead of a pointer to a copy of a local buffer (LP: #41804).
- * Add homepage field and watch file (in case there is ever a new
- upstream release).
- * Upgrade to Standards-Version 3.9.1.
-
- -- Magnus Holmgren <holmgren@debian.org> Sat, 26 Mar 2011 23:10:25 +0100
-
-libtar (1.2.11-6) unstable; urgency=low
-
- * Fix autotools usage (Closes: #511741)
-
- -- Julien Danjou <acid@debian.org> Sat, 02 May 2009 11:33:06 +0200
-
-libtar (1.2.11-5) unstable; urgency=low
-
- * New maintainer (Closes: #465889)
- * Add missing binary-indep target in debian/rules (Closes: #395714)
- * Use ${binary:Version} instead of Source-Version
- * Bump standard version
- * Switch to debhelper 5
-
- -- Julien Danjou <acid@debian.org> Wed, 02 Apr 2008 07:06:55 +0200
-
-libtar (1.2.11-4) unstable; urgency=low
-
- * Always include the newest libtool.m4. (Closes: #313612)
-
- -- James Morrison <phython@debian.org> Sun, 28 Aug 2005 09:41:47 -0700
-
-libtar (1.2.11-3) unstable; urgency=low
-
- * Document stupidity of tartype_t in libtar.c. (Closes: #309945)
-
- -- James Morrison <phython@debian.org> Sat, 11 Jun 2005 18:23:15 -0400
-
-libtar (1.2.11-2) unstable; urgency=low
-
- * Move libtar-dev to libdevel. (Closes: #188207)
- * Fix potential memory leak.
-
- -- James Morrison <phython@debian.org> Sun, 25 Jul 2004 12:59:08 -0700
-
-libtar (1.2.11-1) unstable; urgency=low
-
- * New Upstream release.
-
- -- James Morrison <phython@debian.org> Sat, 5 Apr 2003 14:03:19 -0500
-
-libtar (1.2.10-1) unstable; urgency=low
-
- * New Upstream release.
- (Closes: #166602) New upstream uses autoconf 2.5x
- * Remove dependency on automake. Hopefully upstream will except this
- use of libtool.
- * Remove all -static and -shared targets from debian/rules.
- * Use dh_install instead of dh_movefiles.
- * -
-
- -- James Morrison <phython@debian.org> Sat, 5 Apr 2003 14:03:16 -0500
-
-libtar (1.2.5-4) unstable; urgency=low
-
- * New maintainer. (Closes: #154597)
- * WSG_ENCAP is now defined. (Closes: #147764)
- * libtar-dev depends on libc-dev instead of libc6-dev.
-
- -- James Morrison <phython@debian.org> Wed, 14 Aug 2002 23:44:16 -0400
-
-libtar (1.2.5-3) unstable; urgency=low
-
- * Modify build commands to acomadate change in autoconf (Closes #147764)
-
- -- Glenn McGrath <bug1@debian.org> Thu, 23 May 2002 01:06:16 +1000
-
-libtar (1.2.5-2) unstable; urgency=low
-
- * Fix build problem (Closes #135360)
-
- -- Glenn McGrath <bug1@debian.org> Sun, 24 Feb 2002 06:29:31 +1100
-
-libtar (1.2.5-1) unstable; urgency=low
-
- * New upstream version
- * Change section of libtar-dev to devel and libtar to libs
-
- -- Glenn McGrath <bug1@debian.org> Fri, 22 Feb 2002 04:23:15 +1100
-
-libtar (1.2.4-2) unstable; urgency=low
-
- * Change section from devel to libs
-
- -- Glenn McGrath <bug1@debian.org> Sat, 2 Feb 2002 12:12:32 +1100
-
-libtar (1.2.4-1) unstable; urgency=low
-
- * Initial Release. (closes #128042)
-
- -- Glenn McGrath <bug1@debian.org> Sat, 5 Jan 2002 13:24:37 +1100
-
Index: 1.2.20-5/debian/patches/no_static_buffers.patch
===================================================================
--- 1.2.20-5/debian/patches/no_static_buffers.patch (revision 51)
+++ 1.2.20-5/debian/patches/no_static_buffers.patch (nonexistent)
@@ -1,82 +0,0 @@
-From: Kamil Dudka <kdudka@redhat.com>
-Date: Wed, 23 Oct 2013 13:04:22 +0000 (+0200)
-Origin: http://repo.or.cz/w/libtar.git/commitdiff/ec613af2e9371d7a3e1f7c7a6822164a4255b4d1
-Subject: decode: avoid using a static buffer in th_get_pathname()
-
-decode: avoid using a static buffer in th_get_pathname()
-
-A solution suggested by Chris Frey:
-https://lists.feep.net:8080/pipermail/libtar/2013-October/000377.html
-
-Note this can break programs that expect sizeof(TAR) to be fixed.
-
---- a/lib/decode.c
-+++ b/lib/decode.c
-@@ -13,6 +13,7 @@
- #include <internal.h>
-
- #include <stdio.h>
-+#include <stdlib.h>
- #include <sys/param.h>
- #include <pwd.h>
- #include <grp.h>
-@@ -26,20 +27,30 @@
- char *
- th_get_pathname(TAR *t)
- {
-- static TLS_THREAD char filename[MAXPATHLEN];
--
- if (t->th_buf.gnu_longname)
- return t->th_buf.gnu_longname;
-
-- if (t->th_buf.prefix[0] != '\0')
-+ /* allocate the th_pathname buffer if not already */
-+ if (t->th_pathname == NULL)
-+ {
-+ t->th_pathname = malloc(MAXPATHLEN * sizeof(char));
-+ if (t->th_pathname == NULL)
-+ /* out of memory */
-+ return NULL;
-+ }
-+
-+ if (t->th_buf.prefix[0] == '\0')
-+ {
-+ snprintf(t->th_pathname, MAXPATHLEN, "%.100s", t->th_buf.name);
-+ }
-+ else
- {
-- snprintf(filename, sizeof(filename), "%.155s/%.100s",
-+ snprintf(t->th_pathname, MAXPATHLEN, "%.155s/%.100s",
- t->th_buf.prefix, t->th_buf.name);
-- return filename;
- }
-
-- snprintf(filename, sizeof(filename), "%.100s", t->th_buf.name);
-- return filename;
-+ /* will be deallocated in tar_close() */
-+ return t->th_pathname;
- }
-
-
---- a/lib/handle.c
-+++ b/lib/handle.c
-@@ -121,6 +121,7 @@ tar_close(TAR *t)
- libtar_hash_free(t->h, ((t->oflags & O_ACCMODE) == O_RDONLY
- ? free
- : (libtar_freefunc_t)tar_dev_free));
-+ free(t->th_pathname);
- free(t);
-
- return i;
---- a/lib/libtar.h
-+++ b/lib/libtar.h
-@@ -85,6 +85,9 @@ typedef struct
- int options;
- struct tar_header th_buf;
- libtar_hash_t *h;
-+
-+ /* introduced in libtar 1.2.21 */
-+ char *th_pathname;
- }
- TAR;
-
Index: 1.2.20-5/debian/patches/oldgnu_prefix.patch
===================================================================
--- 1.2.20-5/debian/patches/oldgnu_prefix.patch (revision 51)
+++ 1.2.20-5/debian/patches/oldgnu_prefix.patch (nonexistent)
@@ -1,21 +0,0 @@
-Description: Detect old-style GNU headers correctly
-Author: Steinar H. Gunderson <sesse@debian.org>
-
---- libtar-1.2.20.orig/lib/decode.c
-+++ libtar-1.2.20/lib/decode.c
-@@ -69,7 +69,14 @@ th_get_pathname(TAR *t)
- return NULL;
- }
-
-- if (t->th_buf.prefix[0] == '\0')
-+ /*
-+ * Old GNU headers (also used by newer GNU tar when doing incremental
-+ * dumps) use the POSIX prefix field for many other things, such as
-+ * mtime and ctime. New-style GNU headers don't, but also don't use the
-+ * POSIX prefix field. Thus, only honor the prefix field if the archive
-+ * is actually a POSIX archive. This is the same logic as GNU tar uses.
-+ */
-+ if (strncmp(t->th_buf.magic, TMAGIC, TMAGLEN - 1) != 0 || t->th_buf.prefix[0] == '\0')
- {
- sprintf(t->th_pathname, "%.100s", t->th_buf.name);
- }
Index: 1.2.20-5/debian/patches/th_get_size-unsigned-int.patch
===================================================================
--- 1.2.20-5/debian/patches/th_get_size-unsigned-int.patch (revision 51)
+++ 1.2.20-5/debian/patches/th_get_size-unsigned-int.patch (nonexistent)
@@ -1,52 +0,0 @@
-Origin: http://repo.or.cz/w/libtar.git/commitdiff/e4c1f2974258d6a325622cfd712873d49b5e7a73
-From: Chris Frey <cdfrey@foursquare.net>
-Date: Thu, 24 Oct 2013 18:52:44 -0400
-Subject: [PATCH] Change th_get_size() macro to return unsigned int
-
-On systems where size_t is larger than an int (and larger than
-unsigned int), then in various places in the library, where
-stuff like this happens:
-
- size_t sz = th_get_size(t);
-
-then the int value returned from th_get_size() is sign extended to
-some unwieldy amount.
-
-On 64bit systems, this can yield extremely large values.
-
-By fixing this problem in the header, and only for th_get_size(),
-we avoid breaking the API of the function call oct_to_int()
-(which arguably should return an unsigned int, since the sscanf()
-it uses expects to yield an unsigned int). We also fix the library,
-which uses th_get_size() internally to assign sizes to size_t.
-
-The drawback is that not all client code that uses th_get_size()
-will be fixed, until they recompile, but they will automatically
-take advantage of the bugs fixed *inside* the library.
-
-The remaining th_get_*() functions operate on modes and CRC values
-and the like, and should be fine, remaining as ints.
-
-Thanks very much to Magnus Holmgren for catching this behaviour.
-https://lists.feep.net:8080/pipermail/libtar/2013-October/000365.html
----
- lib/libtar.h | 6 +++++-
- 1 file changed, 5 insertions(+), 1 deletion(-)
-
-diff --git a/lib/libtar.h b/lib/libtar.h
-index 2fefee0..13bb82d 100644
---- a/lib/libtar.h
-+++ b/lib/libtar.h
-@@ -185,7 +185,11 @@ int th_write(TAR *t);
-
- /* decode tar header info */
- #define th_get_crc(t) oct_to_int((t)->th_buf.chksum)
--#define th_get_size(t) oct_to_int((t)->th_buf.size)
-+/* We cast from int (what oct_to_int() returns) to
-+ unsigned int, to avoid unwieldy sign extensions
-+ from occurring on systems where size_t is bigger than int,
-+ since th_get_size() is often stored into a size_t. */
-+#define th_get_size(t) ((unsigned int)oct_to_int((t)->th_buf.size))
- #define th_get_mtime(t) oct_to_int((t)->th_buf.mtime)
- #define th_get_devmajor(t) oct_to_int((t)->th_buf.devmajor)
- #define th_get_devminor(t) oct_to_int((t)->th_buf.devminor)
Index: 1.2.20-5/debian/patches/CVE-2013-4420.patch
===================================================================
--- 1.2.20-5/debian/patches/CVE-2013-4420.patch (revision 51)
+++ 1.2.20-5/debian/patches/CVE-2013-4420.patch (nonexistent)
@@ -1,113 +0,0 @@
-Author: Raphael Geissert <geissert@debian.org>
-Bug-Debian: https://bugs.debian.org/731860
-Description: Avoid directory traversal when extracting archives
- by skipping over leading slashes and any prefix containing ".." components.
-Forwarded: yes
-
---- a/lib/decode.c
-+++ b/lib/decode.c
-@@ -22,13 +22,42 @@
- # include <string.h>
- #endif
-
-+char *
-+safer_name_suffix (char const *file_name)
-+{
-+ char const *p, *t;
-+ p = t = file_name;
-+ while (*p == '/') t = ++p;
-+ while (*p)
-+ {
-+ while (p[0] == '.' && p[0] == p[1] && p[2] == '/')
-+ {
-+ p += 3;
-+ t = p;
-+ }
-+ /* advance pointer past the next slash */
-+ while (*p && (p++)[0] != '/');
-+ }
-+
-+ if (!*t)
-+ {
-+ t = ".";
-+ }
-+
-+ if (t != file_name)
-+ {
-+ /* TODO: warn somehow that the path was modified */
-+ }
-+ return (char*)t;
-+}
-+
-
- /* determine full path name */
- char *
- th_get_pathname(TAR *t)
- {
- if (t->th_buf.gnu_longname)
-- return t->th_buf.gnu_longname;
-+ return safer_name_suffix(t->th_buf.gnu_longname);
-
- /* allocate the th_pathname buffer if not already */
- if (t->th_pathname == NULL)
-@@ -51,7 +80,7 @@ th_get_pathname(TAR *t)
- }
-
- /* will be deallocated in tar_close() */
-- return t->th_pathname;
-+ return safer_name_suffix(t->th_pathname);
- }
-
-
---- a/lib/extract.c
-+++ b/lib/extract.c
-@@ -298,14 +298,14 @@ tar_extract_hardlink(TAR * t, char *real
- if (mkdirhier(dirname(filename)) == -1)
- return -1;
- libtar_hashptr_reset(&hp);
-- if (libtar_hash_getkey(t->h, &hp, th_get_linkname(t),
-+ if (libtar_hash_getkey(t->h, &hp, safer_name_suffix(th_get_linkname(t)),
- (libtar_matchfunc_t)libtar_str_match) != 0)
- {
- lnp = (char *)libtar_hashptr_data(&hp);
- linktgt = &lnp[strlen(lnp) + 1];
- }
- else
-- linktgt = th_get_linkname(t);
-+ linktgt = safer_name_suffix(th_get_linkname(t));
-
- #ifdef DEBUG
- printf(" ==> extracting: %s (link to %s)\n", filename, linktgt);
-@@ -343,9 +343,9 @@ tar_extract_symlink(TAR *t, char *realna
-
- #ifdef DEBUG
- printf(" ==> extracting: %s (symlink to %s)\n",
-- filename, th_get_linkname(t));
-+ filename, safer_name_suffix(th_get_linkname(t)));
- #endif
-- if (symlink(th_get_linkname(t), filename) == -1)
-+ if (symlink(safer_name_suffix(th_get_linkname(t)), filename) == -1)
- {
- #ifdef DEBUG
- perror("symlink()");
---- a/lib/internal.h
-+++ b/lib/internal.h
-@@ -21,3 +21,4 @@
- #define TLS_THREAD
- #endif
-
-+char* safer_name_suffix(char const*);
---- a/lib/output.c
-+++ b/lib/output.c
-@@ -123,9 +123,9 @@ th_print_long_ls(TAR *t)
- else
- printf(" link to ");
- if ((t->options & TAR_GNU) && t->th_buf.gnu_longlink != NULL)
-- printf("%s", t->th_buf.gnu_longlink);
-+ printf("%s", safer_name_suffix(t->th_buf.gnu_longlink));
- else
-- printf("%.100s", t->th_buf.linkname);
-+ printf("%.100s", safer_name_suffix(t->th_buf.linkname));
- }
-
- putchar('\n');
Index: 1.2.20-5/debian/patches/testsuite.patch
===================================================================
--- 1.2.20-5/debian/patches/testsuite.patch (revision 51)
+++ 1.2.20-5/debian/patches/testsuite.patch (nonexistent)
@@ -1,50 +0,0 @@
---- a/Makefile.am
-+++ b/Makefile.am
-@@ -10,5 +10,5 @@ ACLOCAL_AMFLAGS = -I autoconf
-
- #@SET_MAKE@
-
--SUBDIRS = lib libtar doc
-+SUBDIRS = lib libtar doc testsuite
-
---- a/doc/Makefile.in
-+++ b/doc/Makefile.in
-@@ -151,3 +151,4 @@ install: all
- echo ".so man3/@LISTHASH_PREFIX@_list_new.3" > ${DESTDIR}${mandir}/man3/$${i}.3; \
- done
-
-+check:
---- a/lib/Makefile.in
-+++ b/lib/Makefile.in
-@@ -104,3 +104,4 @@ install: ${ALL}
- ${INSTALL_DATA} ${srcdir}/libtar.h ${DESTDIR}${includedir}
- ${INSTALL_DATA} ../listhash/libtar_listhash.h ${DESTDIR}${includedir}
-
-+check:
---- a/libtar/Makefile.in
-+++ b/libtar/Makefile.in
-@@ -76,3 +76,4 @@ install: ${ALL}
- ${MKDIR} ${DESTDIR}${bindir}
- $(LIBTOOL) --mode=install ${INSTALL_PROGRAM} libtar ${DESTDIR}${bindir}
-
-+check:
---- /dev/null
-+++ b/testsuite/Makefile.in
-@@ -0,0 +1,7 @@
-+all:
-+
-+check: ../libtar/libtar
-+ ../libtar/libtar -C ../doc -c test.tar .
-+ ../libtar/libtar -t test.tar
-+ $(RM) test.tar
-+install:
---- a/configure.ac
-+++ b/configure.ac
-@@ -120,6 +120,6 @@ fi
-
-
- dnl ### Create output files. #######################################
--AC_CONFIG_FILES([Makefile lib/Makefile libtar/Makefile doc/Makefile])
-+AC_CONFIG_FILES([Makefile lib/Makefile libtar/Makefile doc/Makefile testsuite/Makefile])
- AC_OUTPUT
-
Index: 1.2.20-5/debian/patches/series
===================================================================
--- 1.2.20-5/debian/patches/series (revision 51)
+++ 1.2.20-5/debian/patches/series (nonexistent)
@@ -1,6 +0,0 @@
-no_static_buffers.patch
-no_maxpathlen.patch
-CVE-2013-4420.patch
-th_get_size-unsigned-int.patch
-oldgnu_prefix.patch
-testsuite.patch
Index: 1.2.20-5/debian/patches/no_maxpathlen.patch
===================================================================
--- 1.2.20-5/debian/patches/no_maxpathlen.patch (revision 51)
+++ 1.2.20-5/debian/patches/no_maxpathlen.patch (nonexistent)
@@ -1,491 +0,0 @@
-Author: Svante Signell <svante.signell@telia.com>
-Author: Petter Reinholdtsen <pere@hungry.com>
-Author: Magnus Holmgren <magnus@debian.org>
-Bug-Debian: http://bugs.debian.org/657116
-Description: Fix FTBFS on Hurd by dynamically allocating path names.
- Depends on no_static_buffers.patch, which introduced the th_pathname field.
-
---- a/compat/basename.c
-+++ b/compat/basename.c
-@@ -34,13 +34,25 @@ static char rcsid[] = "$OpenBSD: basenam
- #include <errno.h>
- #include <string.h>
- #include <sys/param.h>
-+#include <stdlib.h>
-
- char *
- openbsd_basename(path)
- const char *path;
- {
-- static char bname[MAXPATHLEN];
-+ static char *bname = NULL;
-+ static size_t allocated = 0;
- register const char *endp, *startp;
-+ int len = 0;
-+
-+ if (!allocated) {
-+ allocated = 64;
-+ bname = malloc(allocated);
-+ if (!bname) {
-+ allocated = 0;
-+ return NULL;
-+ }
-+ }
-
- /* Empty or NULL string gets treated as "." */
- if (path == NULL || *path == '\0') {
-@@ -64,11 +76,19 @@ openbsd_basename(path)
- while (startp > path && *(startp - 1) != '/')
- startp--;
-
-- if (endp - startp + 1 > sizeof(bname)) {
-- errno = ENAMETOOLONG;
-- return(NULL);
-+ len = endp - startp + 1;
-+
-+ if (len + 1 > allocated) {
-+ size_t new_allocated = 2*(len+1);
-+ void *new_bname = malloc(new_allocated);
-+ if (!new_bname)
-+ return NULL;
-+ allocated = new_allocated;
-+ free(bname);
-+ bname = new_bname;
- }
-- (void)strncpy(bname, startp, endp - startp + 1);
-- bname[endp - startp + 1] = '\0';
-+
-+ (void)strncpy(bname, startp, len);
-+ bname[len] = '\0';
- return(bname);
- }
---- a/compat/dirname.c
-+++ b/compat/dirname.c
-@@ -34,13 +34,25 @@ static char rcsid[] = "$OpenBSD: dirname
- #include <errno.h>
- #include <string.h>
- #include <sys/param.h>
-+#include <stdlib.h>
-
- char *
- openbsd_dirname(path)
- const char *path;
- {
-- static char bname[MAXPATHLEN];
-+ static char *bname = NULL;
-+ static size_t allocated = 0;
- register const char *endp;
-+ int len;
-+
-+ if (!allocated) {
-+ allocated = 64;
-+ bname = malloc(allocated);
-+ if (!bname) {
-+ allocated = 0;
-+ return NULL;
-+ }
-+ }
-
- /* Empty or NULL string gets treated as "." */
- if (path == NULL || *path == '\0') {
-@@ -67,11 +79,19 @@ openbsd_dirname(path)
- } while (endp > path && *endp == '/');
- }
-
-- if (endp - path + 1 > sizeof(bname)) {
-- errno = ENAMETOOLONG;
-- return(NULL);
-+ len = endp - path + 1;
-+
-+ if (len + 1 > allocated) {
-+ size_t new_allocated = 2*(len+1);
-+ void *new_bname = malloc(new_allocated);
-+ if (!new_bname)
-+ return NULL;
-+ allocated = new_allocated;
-+ free(bname);
-+ bname = new_bname;
- }
-- (void)strncpy(bname, path, endp - path + 1);
-- bname[endp - path + 1] = '\0';
-+
-+ (void)strncpy(bname, path, len);
-+ bname[len] = '\0';
- return(bname);
- }
---- a/lib/append.c
-+++ b/lib/append.c
-@@ -38,7 +38,7 @@ typedef struct tar_dev tar_dev_t;
- struct tar_ino
- {
- ino_t ti_ino;
-- char ti_name[MAXPATHLEN];
-+ char ti_name[];
- };
- typedef struct tar_ino tar_ino_t;
-
-@@ -61,7 +61,7 @@ tar_append_file(TAR *t, const char *real
- libtar_hashptr_t hp;
- tar_dev_t *td = NULL;
- tar_ino_t *ti = NULL;
-- char path[MAXPATHLEN];
-+ char *path = NULL;
-
- #ifdef DEBUG
- printf("==> tar_append_file(TAR=0x%lx (\"%s\"), realname=\"%s\", "
-@@ -126,34 +126,39 @@ tar_append_file(TAR *t, const char *real
- }
- else
- {
-+ const char *name;
- #ifdef DEBUG
- printf("+++ adding entry: device (0x%lx,0x%lx), inode %ld "
- "(\"%s\")...\n", major(s.st_dev), minor(s.st_dev),
- s.st_ino, realname);
- #endif
-- ti = (tar_ino_t *)calloc(1, sizeof(tar_ino_t));
-+ name = savename ? savename : realname;
-+ ti = (tar_ino_t *)calloc(1, sizeof(tar_ino_t) + strlen(name) + 1);
- if (ti == NULL)
- return -1;
- ti->ti_ino = s.st_ino;
-- snprintf(ti->ti_name, sizeof(ti->ti_name), "%s",
-- savename ? savename : realname);
-+ snprintf(ti->ti_name, strlen(name) + 1, "%s", name);
- libtar_hash_add(td->td_h, ti);
- }
-
- /* check if it's a symlink */
- if (TH_ISSYM(t))
- {
-- i = readlink(realname, path, sizeof(path));
-+ if ((path = malloc(s.st_size + 1)) == NULL)
-+ return -1;
-+ i = readlink(realname, path, s.st_size);
- if (i == -1)
-+ {
-+ free(path);
- return -1;
-- if (i >= MAXPATHLEN)
-- i = MAXPATHLEN - 1;
-+ }
- path[i] = '\0';
- #ifdef DEBUG
- printf(" tar_append_file(): encoding symlink \"%s\" -> "
- "\"%s\"...\n", realname, path);
- #endif
- th_set_link(t, path);
-+ free(path);
- }
-
- /* print file info */
---- a/lib/decode.c
-+++ b/lib/decode.c
-@@ -33,7 +33,8 @@ th_get_pathname(TAR *t)
- /* allocate the th_pathname buffer if not already */
- if (t->th_pathname == NULL)
- {
-- t->th_pathname = malloc(MAXPATHLEN * sizeof(char));
-+ /* Allocate the maximum length of prefix + '/' + name + '\0' */
-+ t->th_pathname = malloc(155 + 1 + 100 + 1);
- if (t->th_pathname == NULL)
- /* out of memory */
- return NULL;
-@@ -41,11 +42,11 @@ th_get_pathname(TAR *t)
-
- if (t->th_buf.prefix[0] == '\0')
- {
-- snprintf(t->th_pathname, MAXPATHLEN, "%.100s", t->th_buf.name);
-+ sprintf(t->th_pathname, "%.100s", t->th_buf.name);
- }
- else
- {
-- snprintf(t->th_pathname, MAXPATHLEN, "%.155s/%.100s",
-+ sprintf(t->th_pathname, "%.155s/%.100s",
- t->th_buf.prefix, t->th_buf.name);
- }
-
---- a/lib/util.c
-+++ b/lib/util.c
-@@ -15,6 +15,7 @@
- #include <stdio.h>
- #include <sys/param.h>
- #include <errno.h>
-+#include <stdlib.h>
-
- #ifdef STDC_HEADERS
- # include <string.h>
-@@ -25,13 +26,15 @@
- int
- path_hashfunc(char *key, int numbuckets)
- {
-- char buf[MAXPATHLEN];
-+ char *buf;
- char *p;
-+ int i;
-
-- strcpy(buf, key);
-+ buf = strdup(key);
- p = basename(buf);
--
-- return (((unsigned int)p[0]) % numbuckets);
-+ i = ((unsigned int)p[0]) % numbuckets;
-+ free(buf);
-+ return (i);
- }
-
-
-@@ -77,15 +80,26 @@ ino_hash(ino_t *inode)
- int
- mkdirhier(char *path)
- {
-- char src[MAXPATHLEN], dst[MAXPATHLEN] = "";
-- char *dirp, *nextp = src;
-- int retval = 1;
-+ char *src, *dst = NULL;
-+ char *dirp, *nextp = NULL;
-+ int retval = 1, len;
-+
-+ len = strlen(path);
-+ if ((src = strdup(path)) == NULL)
-+ {
-+ errno = ENOMEM;
-+ return -1;
-+ }
-+ nextp = src;
-
-- if (strlcpy(src, path, sizeof(src)) > sizeof(src))
-+ /* Make room for // with absolute paths */
-+ if ((dst = malloc(len + 2)) == NULL)
- {
-- errno = ENAMETOOLONG;
-+ free(src);
-+ errno = ENOMEM;
- return -1;
- }
-+ dst[0] = '\0';
-
- if (path[0] == '/')
- strcpy(dst, "/");
-@@ -102,12 +116,18 @@ mkdirhier(char *path)
- if (mkdir(dst, 0777) == -1)
- {
- if (errno != EEXIST)
-+ {
-+ free(src);
-+ free(dst);
- return -1;
-+ }
- }
- else
- retval = 0;
- }
-
-+ free(src);
-+ free(dst);
- return retval;
- }
-
---- a/lib/wrapper.c
-+++ b/lib/wrapper.c
-@@ -16,6 +16,7 @@
- #include <sys/param.h>
- #include <dirent.h>
- #include <errno.h>
-+#include <stdlib.h>
-
- #ifdef STDC_HEADERS
- # include <string.h>
-@@ -26,8 +27,8 @@ int
- tar_extract_glob(TAR *t, char *globname, char *prefix)
- {
- char *filename;
-- char buf[MAXPATHLEN];
-- int i;
-+ char *buf = NULL;
-+ int i, len;
-
- while ((i = th_read(t)) == 0)
- {
-@@ -41,11 +42,25 @@ tar_extract_glob(TAR *t, char *globname,
- if (t->options & TAR_VERBOSE)
- th_print_long_ls(t);
- if (prefix != NULL)
-- snprintf(buf, sizeof(buf), "%s/%s", prefix, filename);
-+ {
-+ len = strlen(prefix) + 1 + strlen(filename);
-+ if ((buf = malloc(len + 1)) == NULL)
-+ return -1;
-+ sprintf(buf, "%s/%s", prefix, filename);
-+ }
- else
-- strlcpy(buf, filename, sizeof(buf));
-+ {
-+ len = strlen(filename);
-+ if ((buf = malloc(len + 1)) == NULL)
-+ return -1;
-+ strcpy(buf, filename);
-+ }
- if (tar_extract_file(t, buf) != 0)
-+ {
-+ free(buf);
- return -1;
-+ }
-+ free(buf);
- }
-
- return (i == 1 ? 0 : -1);
-@@ -56,8 +71,9 @@ int
- tar_extract_all(TAR *t, char *prefix)
- {
- char *filename;
-- char buf[MAXPATHLEN];
-- int i;
-+ char *buf = NULL;
-+ size_t bufsize = 0;
-+ int i, len;
-
- #ifdef DEBUG
- printf("==> tar_extract_all(TAR *t, \"%s\")\n",
-@@ -73,15 +89,29 @@ tar_extract_all(TAR *t, char *prefix)
- if (t->options & TAR_VERBOSE)
- th_print_long_ls(t);
- if (prefix != NULL)
-- snprintf(buf, sizeof(buf), "%s/%s", prefix, filename);
-+ {
-+ len = strlen(prefix) + 1 + strlen(filename);
-+ if ((buf = malloc(len + 1)) == NULL)
-+ return -1;
-+ sprintf(buf, "%s/%s", prefix, filename);
-+ }
- else
-- strlcpy(buf, filename, sizeof(buf));
-+ {
-+ len = strlen(filename);
-+ if ((buf = malloc(len + 1)) == NULL)
-+ return -1;
-+ strcpy(buf, filename);
-+ }
- #ifdef DEBUG
- printf(" tar_extract_all(): calling tar_extract_file(t, "
- "\"%s\")\n", buf);
- #endif
- if (tar_extract_file(t, buf) != 0)
-+ {
-+ free(buf);
- return -1;
-+ }
-+ free(buf);
- }
-
- return (i == 1 ? 0 : -1);
-@@ -91,11 +121,14 @@ tar_extract_all(TAR *t, char *prefix)
- int
- tar_append_tree(TAR *t, char *realdir, char *savedir)
- {
-- char realpath[MAXPATHLEN];
-- char savepath[MAXPATHLEN];
-+ char *realpath = NULL;
-+ size_t realpathsize = 0;
-+ char *savepath = NULL;
-+ size_t savepathsize = 0;
- struct dirent *dent;
- DIR *dp;
- struct stat s;
-+ int len;
-
- #ifdef DEBUG
- printf("==> tar_append_tree(0x%lx, \"%s\", \"%s\")\n",
-@@ -122,11 +155,21 @@ tar_append_tree(TAR *t, char *realdir, c
- strcmp(dent->d_name, "..") == 0)
- continue;
-
-- snprintf(realpath, MAXPATHLEN, "%s/%s", realdir,
-+ len = strlen(realdir) + 1 + strlen(dent->d_name);
-+ if ((realpath = malloc(len + 1)) == NULL)
-+ return -1;
-+ snprintf(realpath, len + 1, "%s/%s", realdir,
- dent->d_name);
- if (savedir)
-- snprintf(savepath, MAXPATHLEN, "%s/%s", savedir,
-+ {
-+ len = strlen(savedir) + 1 + strlen(dent->d_name);
-+ if ((savepath = malloc(len + 1)) == NULL) {
-+ free(realpath);
-+ return -1;
-+ }
-+ snprintf(savepath, len + 1, "%s/%s", savedir,
- dent->d_name);
-+ }
-
- if (lstat(realpath, &s) != 0)
- return -1;
-@@ -135,13 +178,23 @@ tar_append_tree(TAR *t, char *realdir, c
- {
- if (tar_append_tree(t, realpath,
- (savedir ? savepath : NULL)) != 0)
-+ {
-+ free(realpath);
-+ free(savepath);
- return -1;
-+ }
- continue;
- }
-
- if (tar_append_file(t, realpath,
- (savedir ? savepath : NULL)) != 0)
-+ {
-+ free(realpath);
-+ free(savepath);
- return -1;
-+ }
-+ free(realpath);
-+ free(savepath);
- }
-
- closedir(dp);
---- a/libtar/libtar.c
-+++ b/libtar/libtar.c
-@@ -111,8 +111,9 @@ create(char *tarfile, char *rootdir, lib
- {
- TAR *t;
- char *pathname;
-- char buf[MAXPATHLEN];
-+ char *buf = NULL;
- libtar_listptr_t lp;
-+ int len;
-
- if (tar_open(&t, tarfile,
- #ifdef HAVE_LIBZ
-@@ -133,17 +134,29 @@ create(char *tarfile, char *rootdir, lib
- {
- pathname = (char *)libtar_listptr_data(&lp);
- if (pathname[0] != '/' && rootdir != NULL)
-- snprintf(buf, sizeof(buf), "%s/%s", rootdir, pathname);
-+ {
-+ len = strlen(rootdir) + 1 + strlen(pathname);
-+ if ((buf = malloc(len + 1)) == NULL)
-+ return -1;
-+ snprintf(buf, len + 1, "%s/%s", rootdir, pathname);
-+ }
- else
-- strlcpy(buf, pathname, sizeof(buf));
-+ {
-+ len = strlen(pathname);
-+ if ((buf = malloc(len + 1)) == NULL)
-+ return -1;
-+ strlcpy(buf, pathname, len + 1);
-+ }
- if (tar_append_tree(t, buf, pathname) != 0)
- {
- fprintf(stderr,
- "tar_append_tree(\"%s\", \"%s\"): %s\n", buf,
- pathname, strerror(errno));
- tar_close(t);
-+ free(buf);
- return -1;
- }
-+ free(buf);
- }
-
- if (tar_append_eof(t) != 0)
Index: 1.2.20-5/debian/copyright
===================================================================
--- 1.2.20-5/debian/copyright (revision 51)
+++ 1.2.20-5/debian/copyright (nonexistent)
@@ -1,45 +0,0 @@
-This package was debianized by Glenn McGrath <bug1@debian.org> on
-Sat, 5 Jan 2002 13:24:37 +1100.
-
-It was downloaded from http://repo.or.cz/w/libtar.git; previously from
-http://www.feep.net/libtar/
-
-Upstream Authors: Mark D. Roth <roth@uiuc.edu> and Chris Frey
-<cdfrey@foursquare.net>
-
-Copyright:
-Copyright (c) 1998-2003 University of Illinois Board of Trustees
-Copyright (c) 1998-2003 Mark D. Roth
-All rights reserved.
-
-Developed by: Campus Information Technologies and Educational Services,
- University of Illinois at Urbana-Champaign
-
-Permission is hereby granted, free of charge, to any person obtaining
-a copy of this software and associated documentation files (the
-``Software''), to deal with the Software without restriction, including
-without limitation the rights to use, copy, modify, merge, publish,
-distribute, sublicense, and/or sell copies of the Software, and to
-permit persons to whom the Software is furnished to do so, subject to
-the following conditions:
-
-* Redistributions of source code must retain the above copyright
- notice, this list of conditions and the following disclaimers.
-
-* Redistributions in binary form must reproduce the above copyright
- notice, this list of conditions and the following disclaimers in the
- documentation and/or other materials provided with the distribution.
-
-* Neither the names of Campus Information Technologies and Educational
- Services, University of Illinois at Urbana-Champaign, nor the names
- of its contributors may be used to endorse or promote products derived
- from this Software without specific prior written permission.
-
-THE SOFTWARE IS PROVIDED ``AS IS'', WITHOUT WARRANTY OF ANY KIND,
-EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
-MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT.
-IN NO EVENT SHALL THE CONTRIBUTORS OR COPYRIGHT HOLDERS BE LIABLE FOR
-ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT,
-TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE
-OR THE USE OR OTHER DEALINGS WITH THE SOFTWARE.
-
Index: 1.2.20-5/debian/docs
===================================================================
--- 1.2.20-5/debian/docs (revision 51)
+++ 1.2.20-5/debian/docs (nonexistent)
@@ -1,3 +0,0 @@
-README
-TODO
-ChangeLog-1.0.x
Index: 1.2.20-5/debian
===================================================================
--- 1.2.20-5/debian (revision 51)
+++ 1.2.20-5/debian (nonexistent)

/1.2.20-5/debian
Property changes:
Deleted: mergeWithUpstream
## -1 +0,0 ##
-1
\ No newline at end of property
Index: 1.2.16-1+deb7u1/debian/libtar-dev.manpages
===================================================================
--- 1.2.16-1+deb7u1/debian/libtar-dev.manpages (revision 51)
+++ 1.2.16-1+deb7u1/debian/libtar-dev.manpages (nonexistent)
@@ -1,11 +0,0 @@
-debian/tmp/usr/share/man/man3/libtar_hash_new.3
-debian/tmp/usr/share/man/man3/libtar_list_new.3
-debian/tmp/usr/share/man/man3/tar_append_file.3
-debian/tmp/usr/share/man/man3/tar_block_read.3
-debian/tmp/usr/share/man/man3/tar_extract_all.3
-debian/tmp/usr/share/man/man3/tar_extract_file.3
-debian/tmp/usr/share/man/man3/tar_open.3
-debian/tmp/usr/share/man/man3/th_get_pathname.3
-debian/tmp/usr/share/man/man3/th_print_long_ls.3
-debian/tmp/usr/share/man/man3/th_read.3
-debian/tmp/usr/share/man/man3/th_set_from_stat.3
Index: 1.2.16-1+deb7u1/debian/compat
===================================================================
--- 1.2.16-1+deb7u1/debian/compat (revision 51)
+++ 1.2.16-1+deb7u1/debian/compat (nonexistent)
@@ -1 +0,0 @@
-7
Index: 1.2.16-1+deb7u1/debian/libtar-dev.examples
===================================================================
--- 1.2.16-1+deb7u1/debian/libtar-dev.examples (revision 51)
+++ 1.2.16-1+deb7u1/debian/libtar-dev.examples (nonexistent)
@@ -1,2 +0,0 @@
-libtar/libtar.c
-libtar/Makefile
Index: 1.2.16-1+deb7u1/debian/watch
===================================================================
--- 1.2.16-1+deb7u1/debian/watch (revision 51)
+++ 1.2.16-1+deb7u1/debian/watch (nonexistent)
@@ -1,6 +0,0 @@
-version=3
-
-#ftp://ftp.feep.net/pub/software/libtar/libtar-(.*).tar.gz
-
-opts=downloadurlmangle=s/tag/snapshot/,filenamemangle=s/.*\/v([\d\.]+)$/libtar-$1.tar.gz/ \
- http://repo.or.cz/w/libtar.git/shortlog ^.*/v([\d\.]+)
Index: 1.2.16-1+deb7u1/debian/changelog
===================================================================
--- 1.2.16-1+deb7u1/debian/changelog (revision 51)
+++ 1.2.16-1+deb7u1/debian/changelog (nonexistent)
@@ -1,148 +0,0 @@
-libtar (1.2.16-1+deb7u1) wheezy-security; urgency=low
-
- * [SECURITY] size_t-overflow_cve-2013-4397.patch: Fix CVE-2013-4397:
- Integer overflow (Closes: #725938).
-
- -- Magnus Holmgren <holmgren@debian.org> Thu, 10 Oct 2013 20:23:17 +0200
-
-libtar (1.2.16-1) unstable; urgency=low
-
- * New upstream: Chris Frey has stepped up with the consent of the
- original author, Mark Roth, and published an "official unofficial" git
- repo at http://repo.or.cz/w/libtar.git, which I will use for the time
- being.
- * Updated debian/watch to look for tags and corresponding snapshot
- tarballs at above URL.
- * All patches have been incorporated or (in the case of
- autoreconf.patch) made obsolete upstream.
- * debian/rules: Add build-indep and build-arch targets.
- * Updated debian/copyright.
- * Use dpkg-buildflags to set CFLAGS et al.
- * debian/control: Add VCS fields; bump Standards-Version to 3.9.3.
-
- -- Magnus Holmgren <holmgren@debian.org> Sat, 23 Jun 2012 01:03:41 +0200
-
-libtar (1.2.11-8) unstable; urgency=low
-
- * libtool.patch: Set SHELL to the configured shell in those Makefile.in
- where libtool is used; otherwise libtool fails when /bin/sh is dash
- but bash is expected (Closes: #621935).
- * man_hyphen_minus.patch (new): Escape hyphens that should be minus
- signs in man pages.
- * Rename libtar as libtar0 to follow policy.
-
- -- Magnus Holmgren <holmgren@debian.org> Sun, 24 Apr 2011 21:11:52 +0200
-
-libtar (1.2.11-7) unstable; urgency=low
-
- * New maintainer (Closes: #526618).
- * Change source format to 3.0 (quilt), clean up Debian diff and split
- into several patches:
- * libtool.patch: Using libtool to build dynamic library;
- * autoreconf.patch: Changes needed to call autoreconf (bug 511741);
- * memleak.patch: Fix memory leaks;
- * bad_ptrtoint.patch: Document stupidity of tartype_t in libtar.c
- (bug 309945).
- * Increase Debhelper compat level to 7.
- * Use dh_autoreconf to avoid having to keep track of files to clean.
- * memleak2.patch (new): Applied instead of memleak.patch. Fix memory
- leak by making th_get_pathname() return a pointer to a static buffer
- instead of a pointer to a copy of a local buffer (LP: #41804).
- * Add homepage field and watch file (in case there is ever a new
- upstream release).
- * Upgrade to Standards-Version 3.9.1.
-
- -- Magnus Holmgren <holmgren@debian.org> Sat, 26 Mar 2011 23:10:25 +0100
-
-libtar (1.2.11-6) unstable; urgency=low
-
- * Fix autotools usage (Closes: #511741)
-
- -- Julien Danjou <acid@debian.org> Sat, 02 May 2009 11:33:06 +0200
-
-libtar (1.2.11-5) unstable; urgency=low
-
- * New maintainer (Closes: #465889)
- * Add missing binary-indep target in debian/rules (Closes: #395714)
- * Use ${binary:Version} instead of Source-Version
- * Bump standard version
- * Switch to debhelper 5
-
- -- Julien Danjou <acid@debian.org> Wed, 02 Apr 2008 07:06:55 +0200
-
-libtar (1.2.11-4) unstable; urgency=low
-
- * Always include the newest libtool.m4. (Closes: #313612)
-
- -- James Morrison <phython@debian.org> Sun, 28 Aug 2005 09:41:47 -0700
-
-libtar (1.2.11-3) unstable; urgency=low
-
- * Document stupidity of tartype_t in libtar.c. (Closes: #309945)
-
- -- James Morrison <phython@debian.org> Sat, 11 Jun 2005 18:23:15 -0400
-
-libtar (1.2.11-2) unstable; urgency=low
-
- * Move libtar-dev to libdevel. (Closes: #188207)
- * Fix potential memory leak.
-
- -- James Morrison <phython@debian.org> Sun, 25 Jul 2004 12:59:08 -0700
-
-libtar (1.2.11-1) unstable; urgency=low
-
- * New Upstream release.
-
- -- James Morrison <phython@debian.org> Sat, 5 Apr 2003 14:03:19 -0500
-
-libtar (1.2.10-1) unstable; urgency=low
-
- * New Upstream release.
- (Closes: #166602) New upstream uses autoconf 2.5x
- * Remove dependency on automake. Hopefully upstream will except this
- use of libtool.
- * Remove all -static and -shared targets from debian/rules.
- * Use dh_install instead of dh_movefiles.
- * -
-
- -- James Morrison <phython@debian.org> Sat, 5 Apr 2003 14:03:16 -0500
-
-libtar (1.2.5-4) unstable; urgency=low
-
- * New maintainer. (Closes: #154597)
- * WSG_ENCAP is now defined. (Closes: #147764)
- * libtar-dev depends on libc-dev instead of libc6-dev.
-
- -- James Morrison <phython@debian.org> Wed, 14 Aug 2002 23:44:16 -0400
-
-libtar (1.2.5-3) unstable; urgency=low
-
- * Modify build commands to acomadate change in autoconf (Closes #147764)
-
- -- Glenn McGrath <bug1@debian.org> Thu, 23 May 2002 01:06:16 +1000
-
-libtar (1.2.5-2) unstable; urgency=low
-
- * Fix build problem (Closes #135360)
-
- -- Glenn McGrath <bug1@debian.org> Sun, 24 Feb 2002 06:29:31 +1100
-
-libtar (1.2.5-1) unstable; urgency=low
-
- * New upstream version
- * Change section of libtar-dev to devel and libtar to libs
-
- -- Glenn McGrath <bug1@debian.org> Fri, 22 Feb 2002 04:23:15 +1100
-
-libtar (1.2.4-2) unstable; urgency=low
-
- * Change section from devel to libs
-
- -- Glenn McGrath <bug1@debian.org> Sat, 2 Feb 2002 12:12:32 +1100
-
-libtar (1.2.4-1) unstable; urgency=low
-
- * Initial Release. (closes #128042)
-
- -- Glenn McGrath <bug1@debian.org> Sat, 5 Jan 2002 13:24:37 +1100
-
Index: 1.2.16-1+deb7u1/debian/patches/series
===================================================================
--- 1.2.16-1+deb7u1/debian/patches/series (revision 51)
+++ 1.2.16-1+deb7u1/debian/patches/series (nonexistent)
@@ -1 +0,0 @@
-size_t-overflow_cve-2013-4397.patch
Index: 1.2.16-1+deb7u1/debian/patches/size_t-overflow_cve-2013-4397.patch
===================================================================
--- 1.2.16-1+deb7u1/debian/patches/size_t-overflow_cve-2013-4397.patch (revision 51)
+++ 1.2.16-1+deb7u1/debian/patches/size_t-overflow_cve-2013-4397.patch (nonexistent)
@@ -1,93 +0,0 @@
-Origin: upstream, http://repo.or.cz/w/libtar.git/commitdiff/45448e8bae671c2f7e80b860ae0fc0cedf2bdc04
-From: Chris Frey <cdfrey@foursquare.net>
-Date: Tue, 1 Oct 2013 15:58:52 -0400
-Subject: [PATCH] Fixed size_t overflow bug, as reported by Timo Warns
-
----
- lib/block.c | 38 ++++++++++++++++++++++++--------------
- 1 file changed, 24 insertions(+), 14 deletions(-)
-
-diff --git a/lib/block.c b/lib/block.c
-index 2917dc6..092bc28 100644
---- a/lib/block.c
-+++ b/lib/block.c
-@@ -90,8 +90,8 @@ th_read_internal(TAR *t)
- int
- th_read(TAR *t)
- {
-- int i, j;
-- size_t sz;
-+ int i;
-+ size_t sz, j, blocks;
- char *ptr;
-
- #ifdef DEBUG
-@@ -118,21 +118,26 @@ th_read(TAR *t)
- if (TH_ISLONGLINK(t))
- {
- sz = th_get_size(t);
-- j = (sz / T_BLOCKSIZE) + (sz % T_BLOCKSIZE ? 1 : 0);
-+ blocks = (sz / T_BLOCKSIZE) + (sz % T_BLOCKSIZE ? 1 : 0);
-+ if (blocks > ((size_t)-1 / T_BLOCKSIZE))
-+ {
-+ errno = E2BIG;
-+ return -1;
-+ }
- #ifdef DEBUG
- printf(" th_read(): GNU long linkname detected "
-- "(%ld bytes, %d blocks)\n", sz, j);
-+ "(%ld bytes, %d blocks)\n", sz, blocks);
- #endif
-- t->th_buf.gnu_longlink = (char *)malloc(j * T_BLOCKSIZE);
-+ t->th_buf.gnu_longlink = (char *)malloc(blocks * T_BLOCKSIZE);
- if (t->th_buf.gnu_longlink == NULL)
- return -1;
-
-- for (ptr = t->th_buf.gnu_longlink; j > 0;
-- j--, ptr += T_BLOCKSIZE)
-+ for (j = 0, ptr = t->th_buf.gnu_longlink; j < blocks;
-+ j++, ptr += T_BLOCKSIZE)
- {
- #ifdef DEBUG
- printf(" th_read(): reading long linkname "
-- "(%d blocks left, ptr == %ld)\n", j, ptr);
-+ "(%d blocks left, ptr == %ld)\n", blocks-j, ptr);
- #endif
- i = tar_block_read(t, ptr);
- if (i != T_BLOCKSIZE)
-@@ -163,21 +168,26 @@ th_read(TAR *t)
- if (TH_ISLONGNAME(t))
- {
- sz = th_get_size(t);
-- j = (sz / T_BLOCKSIZE) + (sz % T_BLOCKSIZE ? 1 : 0);
-+ blocks = (sz / T_BLOCKSIZE) + (sz % T_BLOCKSIZE ? 1 : 0);
-+ if (blocks > ((size_t)-1 / T_BLOCKSIZE))
-+ {
-+ errno = E2BIG;
-+ return -1;
-+ }
- #ifdef DEBUG
- printf(" th_read(): GNU long filename detected "
-- "(%ld bytes, %d blocks)\n", sz, j);
-+ "(%ld bytes, %d blocks)\n", sz, blocks);
- #endif
-- t->th_buf.gnu_longname = (char *)malloc(j * T_BLOCKSIZE);
-+ t->th_buf.gnu_longname = (char *)malloc(blocks * T_BLOCKSIZE);
- if (t->th_buf.gnu_longname == NULL)
- return -1;
-
-- for (ptr = t->th_buf.gnu_longname; j > 0;
-- j--, ptr += T_BLOCKSIZE)
-+ for (j = 0, ptr = t->th_buf.gnu_longname; j < blocks;
-+ j++, ptr += T_BLOCKSIZE)
- {
- #ifdef DEBUG
- printf(" th_read(): reading long filename "
-- "(%d blocks left, ptr == %ld)\n", j, ptr);
-+ "(%d blocks left, ptr == %ld)\n", blocks-j, ptr);
- #endif
- i = tar_block_read(t, ptr);
- if (i != T_BLOCKSIZE)
---
-1.8.4.rc3
-
Index: 1.2.16-1+deb7u1/debian/copyright
===================================================================
--- 1.2.16-1+deb7u1/debian/copyright (revision 51)
+++ 1.2.16-1+deb7u1/debian/copyright (nonexistent)
@@ -1,45 +0,0 @@
-This package was debianized by Glenn McGrath <bug1@debian.org> on
-Sat, 5 Jan 2002 13:24:37 +1100.
-
-It was downloaded from http://repo.or.cz/w/libtar.git; previously from
-http://www.feep.net/libtar/
-
-Upstream Authors: Mark D. Roth <roth@uiuc.edu> and Chris Frey
-<cdfrey@foursquare.net>
-
-Copyright:
-Copyright (c) 1998-2003 University of Illinois Board of Trustees
-Copyright (c) 1998-2003 Mark D. Roth
-All rights reserved.
-
-Developed by: Campus Information Technologies and Educational Services,
- University of Illinois at Urbana-Champaign
-
-Permission is hereby granted, free of charge, to any person obtaining
-a copy of this software and associated documentation files (the
-``Software''), to deal with the Software without restriction, including
-without limitation the rights to use, copy, modify, merge, publish,
-distribute, sublicense, and/or sell copies of the Software, and to
-permit persons to whom the Software is furnished to do so, subject to
-the following conditions:
-
-* Redistributions of source code must retain the above copyright
- notice, this list of conditions and the following disclaimers.
-
-* Redistributions in binary form must reproduce the above copyright
- notice, this list of conditions and the following disclaimers in the
- documentation and/or other materials provided with the distribution.
-
-* Neither the names of Campus Information Technologies and Educational
- Services, University of Illinois at Urbana-Champaign, nor the names
- of its contributors may be used to endorse or promote products derived
- from this Software without specific prior written permission.
-
-THE SOFTWARE IS PROVIDED ``AS IS'', WITHOUT WARRANTY OF ANY KIND,
-EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
-MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT.
-IN NO EVENT SHALL THE CONTRIBUTORS OR COPYRIGHT HOLDERS BE LIABLE FOR
-ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT,
-TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE
-OR THE USE OR OTHER DEALINGS WITH THE SOFTWARE.
-
Index: 1.2.16-1+deb7u1/debian/docs
===================================================================
--- 1.2.16-1+deb7u1/debian/docs (revision 51)
+++ 1.2.16-1+deb7u1/debian/docs (nonexistent)
@@ -1,3 +0,0 @@
-README
-TODO
-ChangeLog-1.0.x
Index: 1.2.16-1+deb7u1/debian/rules
===================================================================
--- 1.2.16-1+deb7u1/debian/rules (revision 51)
+++ 1.2.16-1+deb7u1/debian/rules (nonexistent)
@@ -1,62 +0,0 @@
-#!/usr/bin/make -f
-
-export LIBTOOLIZE = libtoolize --install
-
-configure: configure-stamp
-configure-stamp:
- dh_testdir
- [ -f debian/autoreconf.before ] || dh_autoreconf
- ./configure \
- --prefix=/usr \
- --mandir=\$${prefix}/share/man \
- $(shell dpkg-buildflags --export=configure)
- touch configure-stamp
-
-build-arch: build
-build-indep:
-build: build-stamp
-build-stamp: configure-stamp
- dh_testdir
- $(MAKE)
- touch build-stamp
-
-clean:
- dh_testdir
- dh_testroot
- # Stale build files
- [ ! -f Makefile ] || $(MAKE) distclean
- -rm -f build-stamp configure-stamp
- dh_autoreconf_clean
- dh_clean libtool configure
-
-install: build-stamp
- dh_testdir
- dh_testroot
- dh_prep
-
- $(MAKE) install DESTDIR=$(CURDIR)/debian/tmp
-
-binary-indep:
-
-binary-arch: install
- dh_testdir
- dh_testroot
- dh_install --sourcedir=debian/tmp
-
- dh_installdocs
- dh_installexamples
- dh_installman
- dh_installchangelogs ChangeLog
- dh_link
- dh_strip
- dh_compress
- dh_fixperms
- dh_makeshlibs
- dh_installdeb
- dh_shlibdeps
- dh_gencontrol
- dh_md5sums
- dh_builddeb
-
-binary: binary-indep binary-arch
-.PHONY: build clean binary-indep binary-arch binary install configure

/1.2.16-1+deb7u1/debian/rules
Property changes:
Deleted: svn:executable
## -1 +0,0 ##
-*
\ No newline at end of property
Index: 1.2.16-1+deb7u1/debian/libtar-dev.install
===================================================================
--- 1.2.16-1+deb7u1/debian/libtar-dev.install (revision 51)
+++ 1.2.16-1+deb7u1/debian/libtar-dev.install (nonexistent)
@@ -1,4 +0,0 @@
-usr/include/libtar.h
-usr/include/libtar_listhash.h
-usr/lib/lib*.a
-usr/lib/lib*so
Index: 1.2.16-1+deb7u1/debian/source/format
===================================================================
--- 1.2.16-1+deb7u1/debian/source/format (revision 51)
+++ 1.2.16-1+deb7u1/debian/source/format (nonexistent)
@@ -1 +0,0 @@
-3.0 (quilt)
Index: 1.2.16-1+deb7u1/debian/control
===================================================================
--- 1.2.16-1+deb7u1/debian/control (revision 51)
+++ 1.2.16-1+deb7u1/debian/control (nonexistent)
@@ -1,29 +0,0 @@
-Source: libtar
-Section: libs
-Priority: optional
-Maintainer: Magnus Holmgren <holmgren@debian.org>
-Build-Depends: dpkg-dev (>= 1.15.7), debhelper (>= 7), dh-autoreconf,
- autoconf, libtool
-Standards-Version: 3.9.3
-Homepage: http://www.feep.net/libtar/
-Vcs-Browser: http://svn.kibibyte.se/libtar
-Vcs-Svn: svn://svn.kibibyte.se/libtar/trunk
-
-Package: libtar-dev
-Architecture: any
-Section: libdevel
-Depends: libtar0 (= ${binary:Version}), ${misc:Depends}
-Description: C library for manipulating tar archives (development files)
- Contains static library, headers, example code and development manpages
- for libtar
-
-Package: libtar0
-Architecture: any
-Depends: ${shlibs:Depends}, ${misc:Depends}
-Replaces: libtar
-Breaks: libtar
-Provides: libtar
-Description: C library for manipulating tar archives
- libtar allows programs to create, extract and test tar archives.
- It supports both the strict POSIX tar format and many of the commonly-used
- GNU extensions.
Index: 1.2.16-1+deb7u1/debian/libtar0.install
===================================================================
--- 1.2.16-1+deb7u1/debian/libtar0.install (revision 51)
+++ 1.2.16-1+deb7u1/debian/libtar0.install (nonexistent)
@@ -1 +0,0 @@
-usr/lib/lib*.so.*
Index: 1.2.16-1+deb7u1/debian
===================================================================
--- 1.2.16-1+deb7u1/debian (revision 51)
+++ 1.2.16-1+deb7u1/debian (nonexistent)

/1.2.16-1+deb7u1/debian
Property changes:
Deleted: mergeWithUpstream
## -1 +0,0 ##
-1
\ No newline at end of property