Ubuntu
tar package

Change logs for tar source package in Gutsy

  1. Gutsy (7.10)
  2. Change log 
  • tar (1.18-2ubuntu1.1) gutsy-security; urgency=low

  * SECURITY UPDATE: stack-based buffer overflow with malicious tar files
    - lib/paxnames.c: updated src/names.c to rewrite hash_string_prefix as
      hash_string_insert_prefix and adjust safer_name_suffix to use
      hash_string_insert_prefix to avoid stack allocation
    - patch from upstream paxlib commits:
      http://git.savannah.gnu.org/gitweb/?p=paxutils.git;a=commitdiff;h=b9199bbdefd32382953dd8c01ec881e5463c5a88
      http://git.savannah.gnu.org/gitweb/?p=paxutils.git;a=commitdiff;h=64379227940699a92113e3fd7c583e705a1f849b
    - CVE-2007-4476
    - LP: #180299

 -- Jamie Strandboge <email address hidden>   Wed, 14 Jan 2009 11:06:24 -0600
  • tar (1.18-2ubuntu1) gutsy; urgency=low

  * Build with -fgnu89-inline, fixes build failure with gcc-4.3. LP: 138674.
  * Set Ubuntu maintainer address.

 -- Matthias Klose <email address hidden>   Wed, 12 Sep 2007 19:58:51 +0000
  • tar (1.18-2build1) gutsy; urgency=low

  * Fake-sync because of a different orig.tar.gz.

tar (1.18-2) unstable; urgency=high

  * patch from Neil Moore improving the man page, closes: #439916
  * patch from Justin Pryzby improving the man page, closes: #433553
  * patch from upstream to fix directory traversal concern on extraction
    documented in (CVE-2007-4131), closes: #439335
  * urgency to high since preceding bug has having security implications

 -- Michael Bienia <email address hidden>   Thu, 06 Sep 2007 00:57:45 +0200
  • tar (1.18-1build1) gutsy; urgency=low

  * Pseudo sync, not matching .orig.tar.gz.

 -- Matthias Klose <email address hidden>   Mon, 13 Aug 2007 13:15:44 +0200
  • tar (1.18-0ubuntu1) gutsy; urgency=low

  * New upstream version.
    - Fixes build failure with glibc-2.6. Closes: #434015.

 -- Matthias Klose <email address hidden>   Wed, 01 Aug 2007 15:30:14 +0200
  • tar (1.16.1-1ubuntu1) gutsy; urgency=low

  * Globally rename futimens to tar_futimens, so it doesn't clash with
    the new glibc-2.6 symbol of the same name, causing build failures.

 -- Adam Conrad <email address hidden>   Mon, 30 Jul 2007 18:12:57 +1000
  • tar (1.16.1-1) unstable; urgency=low

  * new upstream version, closes: #402179
  * updated Russian translation from Yuriy Talakan, closes: #411613

 -- Ubuntu Archive Auto-Sync <email address hidden>   Fri,  27 Apr 2007 13:18:48 +0100
  • tar (1.16-2) unstable; urgency=high

  * patch from Kees Cook via upstream to disable handling of GNUTYPE_NAMES 
    by default and add a new command-line switch --allow-name-mangling to 
    re-enable it, as a fix for directory traversal bug (CVE-2006-6097), 
    closes: #399845

 -- Kees Cook <email address hidden>   Mon,  18 Dec 2006 12:17:30 +0000