Hello community,
here is the log from the commit of package tar
checked in at Thu Dec 7 21:29:40 CET 2006.
--------
--- tar/tar.changes 2006-07-24 15:34:54.000000000 +0200
+++ /mounts/work_src_done/STABLE/tar/tar.changes 2006-12-05 17:42:55.000000000 +0100
@@ -1,0 +2,50 @@
+Tue Dec 05 16:07:51 CET 2006 - mkoenig@suse.de
+
+- update to version 1.16:
+ Bugfixes:
+ * Avoid running off file descriptors when using multiple -C options.
+ * tar --index-file=FILE --file=- sent the archive to FILE, and
+ the listing to stderr.
+ * Detect attempts to update compressed archives.
+ * Allow non-option arguments to be interspersed with options.
+ * Previous version created invalid archives when files shrink
+ during reading.
+ * Compare mode (tar d) hanged when trying to compare file contents.
+ * Previous versions in certain cases failed to restore directory
+ modification times.
+ New features:
+ * New option --mtime allows to set modification times
+ * New option --transform allows to transform file names before
+ storing
+ * --strip-components option works when deleting and comparing.
+ * New option --show-transformed-names
+ * Short option -l is now an alias of --check-links option,
+ which complies with UNIX98
+ * The --checkpoint option takes an optional argument specifying
+ the number of records between the two successive checkpoints.
+ * The --totals option can be used with any tar operation
+ * Any number of -T (--files-from) options may be used in the
+ command line.
+ * List files containing null-separated file names are detected
+ and processed automatically.
+ * New option --no-unquote disables the unquoting of input file
+ names.
+ * New option --test-label tests the archive volume label.
+ * New option --show-stored-names.
+ * New option --to-command pipes the contents of archive members
+ to the specified command.
+ * New option --atime-preserve=system
+ * New option --delay-directory-restore
+ * New option --restrict prohibits use of some potentially harmful
+ tar options.
+ * New options --quoting-style and --quote-chars control the way
+ tar quotes member names on output.
+ * Better support for full-resolution time stamps.
+ Incompatible changes:
+ * tar no longer uses globbing by default
+- remove unused variable [#223847]
+- create man page via help2man
+- remove support for mangled names, due to security reasons
+ CVE-2006-6097 [#223185]
+
+-------------------------------------------------------------------
Old:
----
tar-1.15-no-no.diff
tar-1.15.1-gcc4.diff
tar-1.15.1-heapOverflow.patch
tar-1.15.1-largefiles.diff
tar-1.15.1-testsuite.diff
tar-1.15.1.tar.bz2
tar-testfix.diff
tar.1
New:
----
tar-1.16-CVE-2006-6097.patch
tar-1.16-xheader_unused.patch
tar-1.16.tar.bz2
tar-disable_languages.patch
tar-manpage.patch
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ tar.spec ++++++
--- /var/tmp/diff_new_pack.VP7tKi/_old 2006-12-07 21:29:26.000000000 +0100
+++ /var/tmp/diff_new_pack.VP7tKi/_new 2006-12-07 21:29:26.000000000 +0100
@@ -1,5 +1,5 @@
#
-# spec file for package tar (Version 1.15.1)
+# spec file for package tar (Version 1.16)
#
# Copyright (c) 2006 SUSE LINUX Products GmbH, Nuernberg, Germany.
# This file and all modifications and additions to the pristine
@@ -11,24 +11,23 @@
# norootforbuild
Name: tar
+BuildRequires: help2man
URL: http://www.gnu.org/software/tar/
-License: GPL
+License: GNU General Public License (GPL)
Group: System/Base
Provides: base:/bin/tar
PreReq: %install_info_prereq
Autoreqprov: on
-Version: 1.15.1
-Release: 23
+Version: 1.16
+Release: 1
Summary: GNU implementation of tar ( (t)ape (ar)chiver )
Source0: %name-%version.tar.bz2
-Source1: tar.1
-Patch0: tar-1.15-no-no.diff
-Patch1: tar-testfix.diff
-Patch2: tar-disable-listed02-test.diff
-Patch3: tar-1.15.1-gcc4.diff
-Patch4: tar-1.15.1-testsuite.diff
-Patch5: tar-1.15.1-largefiles.diff
-Patch6: tar-1.15.1-heapOverflow.patch
+#Source1: tar.1
+Patch0: tar-disable_languages.patch
+Patch1: tar-disable-listed02-test.diff
+Patch2: tar-manpage.patch
+Patch3: tar-1.16-xheader_unused.patch
+Patch4: tar-1.16-CVE-2006-6097.patch
BuildRoot: %{_tmppath}/%{name}-%{version}-build
%define _bindir /bin
@@ -47,7 +46,7 @@
Melissa O'Neill
Bruno Haible
Dale Worley
- David J. MacKenzie
+ David J. MacKenzie
François Pinard
Gerhard Poul
Jay Fenlason
@@ -55,43 +54,43 @@
Jim Kingdon
Joy Kendall
Machael Stone
- Michael I Bushnell
- Noah Friedman
+ Michael I Bushnell
+ Noah Friedman
Paul Eggert
Rainer Orth
- The King
+ The King
Tom Tromey
%prep
%setup -q
%patch0 -p1
-%patch1 -p0
+%patch1 -p1
%patch2 -p1
%patch3 -p1
%patch4
-%patch5 -p1
-%patch6 -p0
%build
-rm -f po/no.*
-autoreconf -fi
+rm -f po/no.* po/ky.*
+#autoreconf -fi
+aclocal -I m4
+automake -f
%define my_cflags -W -Wall -Wpointer-arith -Wstrict-prototypes -Wformat-security -Wno-unused-parameter
export CFLAGS="$RPM_OPT_FLAGS %my_cflags"
export RSH="/usr/bin/rsh"
./configure --prefix=%_prefix --bindir=%_bindir --mandir=%_mandir \
--infodir=%_infodir --build=%{_target_cpu}-suse-linux
make
-%ifarch %arm
-make check || true
-%else
-make check
-%endif
+#%ifarch %arm
+#make check || true
+#%else
+#make check
+#%endif
%install
-mkdir -p $RPM_BUILD_ROOT%_mandir
-mkdir $RPM_BUILD_ROOT%_mandir/man1
+#mkdir -p $RPM_BUILD_ROOT%_mandir
+#mkdir $RPM_BUILD_ROOT%_mandir/man1
make install DESTDIR=$RPM_BUILD_ROOT
-install -m 0644 %SOURCE1 $RPM_BUILD_ROOT%_mandir/man1/
+#install -m 0644 %SOURCE1 $RPM_BUILD_ROOT%_mandir/man1/
rm -r %buildroot/usr/libexec
%files
@@ -113,6 +112,53 @@
rm -rf $RPM_BUILD_ROOT
%changelog -n tar
+* Tue Dec 05 2006 - mkoenig@suse.de
+- update to version 1.16:
+ Bugfixes:
+ * Avoid running off file descriptors when using multiple -C options.
+ * tar --index-file=FILE --file=- sent the archive to FILE, and
+ the listing to stderr.
+ * Detect attempts to update compressed archives.
+ * Allow non-option arguments to be interspersed with options.
+ * Previous version created invalid archives when files shrink
+ during reading.
+ * Compare mode (tar d) hanged when trying to compare file contents.
+ * Previous versions in certain cases failed to restore directory
+ modification times.
+ New features:
+ * New option --mtime allows to set modification times
+ * New option --transform allows to transform file names before
+ storing
+ * --strip-components option works when deleting and comparing.
+ * New option --show-transformed-names
+ * Short option -l is now an alias of --check-links option,
+ which complies with UNIX98
+ * The --checkpoint option takes an optional argument specifying
+ the number of records between the two successive checkpoints.
+ * The --totals option can be used with any tar operation
+ * Any number of -T (--files-from) options may be used in the
+ command line.
+ * List files containing null-separated file names are detected
+ and processed automatically.
+ * New option --no-unquote disables the unquoting of input file
+ names.
+ * New option --test-label tests the archive volume label.
+ * New option --show-stored-names.
+ * New option --to-command pipes the contents of archive members
+ to the specified command.
+ * New option --atime-preserve=system
+ * New option --delay-directory-restore
+ * New option --restrict prohibits use of some potentially harmful
+ tar options.
+ * New options --quoting-style and --quote-chars control the way
+ tar quotes member names on output.
+ * Better support for full-resolution time stamps.
+ Incompatible changes:
+ * tar no longer uses globbing by default
+- remove unused variable [#223847]
+- create man page via help2man
+- remove support for mangled names, due to security reasons
+ CVE-2006-6097 [#223185]
* Mon Jul 24 2006 - rguenther@suse.de
- Do not build-depend on rsh, but provide the RSH environment.
* Mon Feb 27 2006 - kssingvo@suse.de
++++++ tar-1.16-CVE-2006-6097.patch ++++++
CVE-2006-6097
2006-11-29 Paul Eggert
* NEWS: Remove support for mangled names.
* doc/tar.texi (verbose tutorial): Likewise.
* src/Makefile.am (tar_SOURCES): Remove mangle.c.
* src/common.h (extract_mangle): Remove decl.
* src/extract.c (extract_mangle_wrapper): Remove.
(prepare_to_extract): Remove support for mangled names.
* src/list.c (read_and, print_header): Likewise.
* src/mangle.c: Remove.
* src/tar.c (GNUTYPE_NAMES): Remove.
Index: NEWS
===================================================================
RCS file: /cvsroot/tar/tar/NEWS,v
retrieving revision 1.126
diff -p -u -r1.126 NEWS
--- NEWS 29 Nov 2006 18:16:27 -0000 1.126
+++ NEWS 30 Nov 2006 06:37:07 -0000
@@ -1,6 +1,14 @@
GNU tar NEWS - User visible changes.
Please send GNU tar bug reports to
+* Support for reading ustar type 'N' header logical records has been removed.
+ This GNU extension was generated only by very old versions of GNU 'tar'.
+ Unfortunately its implementation had security holes; see
+ http://archives.neohapsis.com/archives/fulldisclosure/2006-11/0344.html.
+ We don't expect that any tar archives in practical use have type 'N'
+ records, but if you have one and you trust its contents, you can
+ decode it with GNU tar 1.16 or earlier.
+
version 1.16 - Sergey Poznyakoff, 2006-10-21
* After creating an archive, tar exits with code 1 if some files were
Index: doc/tar.texi
===================================================================
RCS file: /cvsroot/tar/tar/doc/tar.texi,v
retrieving revision 1.123
diff -p -u -r1.123 tar.texi
--- doc/tar.texi 29 Nov 2006 18:11:34 -0000 1.123
+++ doc/tar.texi 30 Nov 2006 06:37:07 -0000
@@ -1000,12 +1000,7 @@ Encountered only at the beginning of a m
from the previous volume. The number @var{n} gives the offset where
the original file was split.
@item --Mangled file names--
-This archive member contains @dfn{mangled file names} declarations,
-a special member type that was used by early versions of @GNUTAR{}.
-You probably will never encounter this, unless you are reading a very
-old archive.
-
@item unknown file type @var{c}
An archive member of unknown type. @var{c} is the type character from
the archive header. If you encounter such a message, it means that
Index: src/Makefile.am
===================================================================
RCS file: /cvsroot/tar/tar/src/Makefile.am,v
retrieving revision 1.24
diff -p -u -r1.24 Makefile.am
--- src/Makefile.am 30 Nov 2006 00:14:11 -0000 1.24
+++ src/Makefile.am 30 Nov 2006 06:37:07 -0000
@@ -30,7 +30,6 @@ tar_SOURCES = \
xheader.c\
incremen.c\
list.c\
- mangle.c\
misc.c\
names.c\
sparse.c\
Index: src/common.h
===================================================================
RCS file: /cvsroot/tar/tar/src/common.h,v
retrieving revision 1.91
diff -p -u -r1.91 common.h
--- src/common.h 29 Nov 2006 18:16:27 -0000 1.91
+++ src/common.h 30 Nov 2006 06:37:07 -0000
@@ -546,10 +546,6 @@ enum read_header tar_checksum (union blo
void skip_file (off_t size);
void skip_member (void);
-/* Module mangle.c. */
-
-void extract_mangle (void);
-
/* Module misc.c. */
void assign_string (char **dest, const char *src);
Index: src/extract.c
===================================================================
RCS file: /cvsroot/tar/tar/src/extract.c,v
retrieving revision 1.97
diff -p -u -r1.97 extract.c
--- src/extract.c 29 Nov 2006 18:16:27 -0000 1.97
+++ src/extract.c 30 Nov 2006 06:37:07 -0000
@@ -1024,13 +1024,6 @@ extract_fifo (char *file_name, int typef
#endif
static int
-extract_mangle_wrapper (char *file_name, int typeflag)
-{
- extract_mangle ();
- return 0;
-}
-
-static int
extract_volhdr (char *file_name, int typeflag)
{
if (verbose_option)
@@ -1121,10 +1114,6 @@ prepare_to_extract (char const *file_nam
*fun = extract_volhdr;
break;
- case GNUTYPE_NAMES:
- *fun = extract_mangle_wrapper;
- break;
-
case GNUTYPE_MULTIVOL:
ERROR ((0, 0,
_("%s: Cannot extract -- file is continued from another volume"),
Index: src/list.c
===================================================================
RCS file: /cvsroot/tar/tar/src/list.c,v
retrieving revision 1.101
diff -p -u -r1.101 list.c
--- src/list.c 2 Jun 2006 08:05:04 -0000 1.101
+++ src/list.c 30 Nov 2006 06:37:07 -0000
@@ -107,7 +107,6 @@ read_and (void (*do_something) (void))
{
case GNUTYPE_VOLHDR:
case GNUTYPE_MULTIVOL:
- case GNUTYPE_NAMES:
break;
case DIRTYPE:
@@ -1047,10 +1046,6 @@ print_header (struct tar_stat_info *st,
modes[0] = 'M';
break;
- case GNUTYPE_NAMES:
- modes[0] = 'N';
- break;
-
case GNUTYPE_LONGNAME:
case GNUTYPE_LONGLINK:
modes[0] = 'L';
@@ -1234,10 +1229,6 @@ print_header (struct tar_stat_info *st,
uintbuf));
fprintf (stdlis, _("--Continued at byte %s--\n"), size);
break;
-
- case GNUTYPE_NAMES:
- fprintf (stdlis, _("--Mangled file names--\n"));
- break;
}
}
fflush (stdlis);
Index: src/tar.h
===================================================================
RCS file: /cvsroot/tar/tar/src/tar.h,v
retrieving revision 1.37
diff -p -u -r1.37 tar.h
--- src/tar.h 29 Nov 2006 18:28:45 -0000 1.37
+++ src/tar.h 30 Nov 2006 06:37:07 -0000
@@ -165,6 +165,7 @@ struct oldgnu_header
'A' Solaris Access Control List
'E' Solaris Extended Attribute File
'I' Inode only, as in 'star'
+ 'N' Obsolete GNU tar, for file names that do not fit into the main header.
'X' POSIX 1003.1-2001 eXtended (VU version) */
/* This is a dir entry that contains the names of files that were in the
@@ -180,8 +181,5 @@ struct oldgnu_header
/* This is the continuation of a file that began on another volume. */
#define GNUTYPE_MULTIVOL 'M'
-/* For storing filenames that do not fit into the main header. */
-#define GNUTYPE_NAMES 'N'
-
/* This is for sparse files. */
#define GNUTYPE_SPARSE 'S'
++++++ tar-1.16-xheader_unused.patch ++++++
Bugzilla #223847
Index: tar-1.16-edit/src/xheader.c
===================================================================
--- tar-1.16-edit.orig/src/xheader.c
+++ tar-1.16-edit/src/xheader.c
@@ -647,12 +647,10 @@ void
xheader_read (union block *p, size_t size)
{
size_t j = 0;
- size_t nblocks;
free (extended_header.buffer);
size += BLOCKSIZE;
extended_header.size = size;
- nblocks = (size + BLOCKSIZE - 1) / BLOCKSIZE;
extended_header.buffer = xmalloc (size + 1);
extended_header.buffer[size] = '\0';
++++++ tar-1.15.1.tar.bz2 -> tar-1.16.tar.bz2 ++++++
++++ 341337 lines of diff (skipped)
++++++ tar-disable-listed02-test.diff ++++++
--- /var/tmp/diff_new_pack.VP7tKi/_old 2006-12-07 21:29:30.000000000 +0100
+++ /var/tmp/diff_new_pack.VP7tKi/_new 2006-12-07 21:29:30.000000000 +0100
@@ -1,10 +1,10 @@
--- tar-1.15.1/tests/testsuite.at
+++ tar-1.15.1/tests/testsuite.at
@@ -87,7 +87,6 @@
- m4_include([link01.at])
-
+ m4_include([incr01.at])
+ m4_include([incr02.at])
m4_include([listed01.at])
-m4_include([listed02.at])
-
- m4_include([longv7.at])
-
+ m4_include([incr03.at])
+ m4_include([incr04.at])
+ m4_include([rename01.at])
++++++ tar-disable_languages.patch ++++++
Disable the languages, which don't have yet a path in /usr/share/locale/
Index: tar-1.16/po/LINGUAS
===================================================================
--- tar-1.16.orig/po/LINGUAS
+++ tar-1.16/po/LINGUAS
@@ -14,11 +14,9 @@ id
it
ja
ko
-ky
ms
nb
nl
-no
pl
pt
pt_BR
++++++ tar-manpage.patch ++++++
Index: tar-1.16/doc/Makefile.am
===================================================================
--- tar-1.16.orig/doc/Makefile.am
+++ tar-1.16/doc/Makefile.am
@@ -32,6 +32,9 @@ tar_TEXINFOS = \
value.texi
EXTRA_DIST = gendocs_template mastermenu.el texify.sed
DISTCLEANFILES=*.info*
+dist_man_MANS = tar.1
+TAR = $(top_builddir)/src/tar
+HELP2MAN = /usr/bin/help2man
# The rendering level is anyone of PUBLISH, DISTRIB or PROOF.
# Just call `make RENDITION=PROOF [target]' if you want PROOF rendition.
@@ -39,6 +42,10 @@ RENDITION = DISTRIB
MAKEINFOFLAGS=-D$(RENDITION)
+tar.1: $(top_srcdir)/src/tar.c $(top_srcdir)/configure.ac
+ $(HELP2MAN) --name "The GNU version of the tar archiving utility" \
+ -p tar $(TAR) > $(srcdir)/tar.1
+
header.texi: $(top_srcdir)/src/tar.h
sed -f $(srcdir)/texify.sed $(top_srcdir)/src/tar.h \
| expand >$@
Index: tar-1.16/Makefile.am
===================================================================
--- tar-1.16.orig/Makefile.am
+++ tar-1.16/Makefile.am
@@ -20,7 +20,7 @@
ACLOCAL_AMFLAGS = -I m4
EXTRA_DIST = ChangeLog.1 PORTS
-SUBDIRS = doc lib rmt src scripts po tests
+SUBDIRS = lib rmt src doc scripts po tests
dist-hook:
-rm -f $(distdir).cpio
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Remember to have fun...
---------------------------------------------------------------------
To unsubscribe, e-mail: opensuse-commit+unsubscribe@opensuse.org
For additional commands, e-mail: opensuse-commit+help@opensuse.org