| Age | Commit message (Collapse) | Author | Files | Lines |
|---|
|
All checksums have been double-checked against existing RMD160 and SHA512
hashes.
|
|
|
|
Update archivers/ruby-minitar to 0.9.
## 0.9 / 2019-09-04
* jtappa added the ability to skip fsync with a new option to Minitar.unpack
and Minitar::Input#extract_entry. Provide `:fsync => false` as the last
parameter to enable. Merged from a modified version of PR [#37][].
## 0.8 / 2019-01-05
* inkstak resolved an issue introduced in the fix for [#31][] by allowing
spaces to be considered valid characters in strict octal handling. Octal
conversion ignores leading spaces. Merged from a slightly modified version
of PR [#35][].
* dearblue contributed PR [#32][] providing an explicit call to #bytesize for
strings that include multibyte characters. The PR has been modified to be
compatible with older versions of Ruby and extend tests.
* Akinori MUSHA (knu) contributed PR [#36][] that treats certain badly
encoded regular files (with names ending in `/`) as if they were
directories on decode.
## 0.7 / 2018-02-19
* Fixed issue [#28][] with a modified version of PR [#29][] covering the
security policy and position for Minitar. Thanks so much to ooooooo\_q for
the report and an initial patch. Additional information was added as
[#30][].
* dearblue contributed PR [#33][] providing a fix for Minitar::Reader when
the IO-like object does not have a `#pos` method.
* Kevin McDermott contributed PR [#34][] so that an InvalidTarStream is
raised if the tar header is not valid, preventing incorrect streaming of
files from a non-tarfile. This is a minor breaking change, so the version
has been bumped accordingly.
* Kazuyoshi Kato contributed PR [#26][] providing support for the GNU tar
long filename extension.
* Addressed a potential DOS with negative size fields in tar headers
([#31][]). This has been handled in two ways: the size field in a tar
header is interpreted as a strict octal value and the Minitar reader will
raise an InvalidTarStream if the size ends up being negative anyway.
|
|
The minitar library is a pure-Ruby library that provides the ability to deal
with POSIX tar(1) archive files.
This is release 0.6, providing a number of bug fixes including a directory
traversal vulnerability, CVE-2016-10173. This release starts the migration and
modernization of the code:
* the licence has been changed to match the modern Ruby licensing scheme
(Ruby and Simplified BSD instead of Ruby and GNU GPL);
* the +minitar+ command-line program has been separated into the
+minitar-cli+ gem; and
* the +archive-tar-minitar+ gem now points to the +minitar+ and +minitar-cli+
gems and discourages its installation.
Some of these changes may break existing programs that depend on the internal
structure of the minitar library, but every effort has been made to ensure
compatibility; inasmuch as is possible, this compatibility will be maintained
through the release of minitar 1.0 (which will have strong breaking changes).
minitar (previously called Archive::Tar::Minitar) is based heavily on code
originally written by Mauricio Julio Fern\u{e1}ndez Pradier for the rpa-base
project.
|
