| Age | Commit message (Collapse) | Author | Files | Lines |
|---|
|
Update prompted: by http://secunia.com/advisories/30394/
... but the previous version in Pkgsrc (0.2.2) wasn't vulnerable, the advisory
only relates to new functionality added in SaraB 0.2.3.
Pkgsrc changes:
- Remove patch-aa, which has been applied upstream via bug 1184476:
http://sourceforge.net/tracker/index.php?func=detail&aid=1184476&group_id=91804&atid=598441
- Minor pkglinting
=====================================================
05/18/2008 - SaraB version 0.2.4
=====================================================
* Security fix: Encryption ciphers are no longer passed on the dar command line
=====================================================
04/21/2008 - SaraB version 0.2.3
=====================================================
* Fixes for bugs long mentioned
|
|
many packages used to use ${PAX}. Use the common way of directly calling
pax, it is created as tool after all.
|
|
|
|
|
|
- much improved mtree support
- fix a number of non-exploitable integer and buffer overflows
- bsdtar get -s and SIGINFO/SIGUSR1 support
- fix hardlink extraction bug where latter hardlinks would overwrite the
permissions of earlier entries even when they don't carry data
- fix bsdtar crashes on entries with empty filenames
|
|
|
|
|
|
Changes in 2.03 (30 Apr 2008)
* Updated the ELF assembler sources to mark the stack as non-executable.
* Fixed a HP-UX 11 build issue with Itanium in ILP32 mode.
* Updated the configure system.
|
|
|
|
All self-tests pass under NetBSD-current.
Changes: 3.5 years worth of development; too much to list here.
|
|
|
|
|
|
into ``normal form'': If the contained files are identical, the
produced zip archive will always be the same, byte-wise.
|
|
|
|
for PAX format more robust.
|
|
- Simplify character-translation logic.
pkgsrc:
Fix a bug in the linkresolver for tar format. When linkresolver is done,
the entry belongs to the caller, so don't keep a reference to it and use
the local copy for inode comparision.
|
|
|
|
|
|
|
|
New for release 0.5 (2006-08-29)
Including public domain contributions from Paul Wise
o Modify Makefile to append CFLAGS and LDFLAGS
o Modify error handling to suppress gcc warnings
o Include man page
o Minor typo/documentation changes
New for release 0.4 (2005-11-12)
o Discontinue tar patch (replaced by out of the box GNU cpio)
o Update instructions
New for release 0.3 (2005-03-13)
o Convert from mmap to traditional buffered file reads in gzrecover
o Convert gzrecover to GPL licensing
|
|
|
|
This switches to the gnome-2.22 release branch.
|
|
through PLIST_SUBST to the plist module.
|
|
|
|
|
|
|
|
|
|
directly into site_ruby.
|
|
archivers/ruby-archive-tar-minitar.
Archive::Tar::Minitar is a pure-Ruby library and command-line utility
that provides the ability to deal with POSIX tar(1) archive files.
|
|
before commit. This will unbrick archive/gtar-base.
Approved-by: tnn
|
|
(CVE-2007-4131, pkgsrc-sec ticket #15481)
Approved-by: joerg
|
|
- Improve hardlink handling of hardlinks in bsdcpio
- Extend linkify to handle all sane hardlink strategies
- Improve mtree support
- Make bsdtar and bsdcpio more like the NetBSD counterparts
- Drop uudecode dependency.
|
|
|
|
The only change is to address the vulnerability detailed in CERT/CC: VU#813451
OK'ed joerg@
|
|
|
|
from Debian. Bump package revision.
|
|
|
|
Fix mix-up of gname and uname on one place when writing pax archives.
Reported by tron@.
|
|
|
|
|
|
from archivers/pax and net/tnftp, respectively. In the past, the
pkgtools version of these packages installed into ${PKG_TOOLS_BIN},
but this was changed in:
pkgtools/pax/Makefile:1.15
pkgtools/tnftp/Makefile:1.3
+ Get rid of archivers/pax/Makefile.common and net/tnftp/Makefile.common
by merging them into their respective Makefiles. The Makefile.common
files existed solely for inclusion by the pkgtools versions of these
packages, but with the removal of those packages, these files are
now unnecessary.
+ Add full DESTDIR support to archivers/pax and net/tnftp.
+ Modify the bootstrap to build archivers/pax and net/tnftp instead of
the pkgtools versions of these packages.
|
|
them at will.
|
|
platforms.
Bump the PKGREVISION to 1.
|
|
their files via a custom do-install target.
|
|
+ Clean up the way that flags are passed to the compiler and linker
through the make process.
|
|
|
|
more ZIP archives and a more complete cpio frontend.
|
|
|
|
Teach set_ftime about symbolic links, because it has to know: on some
Linux systems, when we build as a tool we think we have lutimes but it
doesn't work on some filesystems at runtime. A bit ugly but effective
and without use of AC_TRY_RUN in the tool build. Tidier (than mine)
set_ftime reorganization from christos.
Bump version to 20080110.
|
|
- ok'ed by rillig
ChangeLog:
* important changes in vesrion 1.38 14/12/2007:
- Promote 1.37_01 to stable.
* important changes in version 1.37_01 11/11/2007:
_ Address #30380: directory traversal vulnerability in Archive-Tar
- Add $INSECURE_EXTRACT_MODE which defaults to 0, disallowing
archives to extract files outside of cwd(). This is a backwards
incompatible change from 1.36 and before.
- Add a -I option to ptar to enable insecure extraction if needed
|
