Import Debian changes 1.29b-1.1
tar (1.29b-1.1) unstable; urgency=medium
* Non-maintainer upload.
* CVE-2016-6321: Bypassing the extract path name.
When extracting, member names containing '..' components are skipped.
(Closes: #842339)
tar (1.29b-1) unstable; urgency=medium
* re-constitute the 1.29 orig.tar with man pages as version 1.29b
* re-enable parallel builds and increase build verbosity, closes: #824631
* switch to man pages provided by upstream since 1.28, closes: #827017,
#391714, #473228, #524819, #711725, #720877, #766016, #779795.
tar (1.29-1) unstable; urgency=medium
* new upstream version, closes: #816072
tar (1.28-2) unstable; urgency=low
* patch from upstream to fix --files-from and recursive extract,
closes: #800380
tar (1.28-1) unstable; urgency=low
* new upstream version
* patch from Reiner Herrman that sets timestamp in generated manpage to
latest changelog date to make building the package reproducible,
closes: #774463
* patch from Lunar adding --clamp-mtime option for reproducible builds,
closes: #790415
tar (1.27.1-2) unstable; urgency=low
* patch from David Gilman adds watch file with signature verification,
closes: #742351
* patch from David Gilman fixes problem with multi-line descriptions,
closes: #593149
tar (1.27.1-1) unstable; urgency=low
* new upstream version
tar (1.27-4) unstable; urgency=low
* add ACL, XATTR, and SELinux support by augmenting build-deps so the
configure will find the right libraries, closes: #732071
tar (1.27-3) unstable; urgency=low
* patch from Joey Hess to allow tar to replicate 1.26 output on behalf
of pristine-tar, closes: #728025
* honor DEB_BUILD_OPTIONS parallel=<n>, honor dpkg-buildflags in build
target in addition to configure target, closes: #727196
* lower mime priority to 1 so interactive packages using the default
priority of 5 win, closes: #727303
tar (1.27-2) unstable; urgency=low
* claim support for mime type application/x-ustar too, and no longer
explicitly mention decompression, closes: #727159
tar (1.27-1) unstable; urgency=low
* new upstream version
* prefix backup and restore scripts with tar- to avoid conflicts with
other packages like openafs-client, closes: #724064, #724240
* move "libexec" content in tar-scripts to /usr/lib/tar, closes: #724238
tar (1.26+dfsg-10) unstable; urgency=low
* tar-scripts should be optional, not required
tar (1.26+dfsg-9) unstable; urgency=low
* add a tar-scripts package containing the --enable-backup-scripts content,
which conflicts with files in at least the dump package, closes: #293671
tar (1.26+dfsg-8) unstable; urgency=low
* cherry-pick upstream commit at Pino Toscano's suggestion to fix FTBFS
on hurd-i386, closes: #719863
tar (1.26+dfsg-7) unstable; urgency=low
* cherry-pick upstream commit at Marc Schaeffer's suggestion to fix
--compare failures, closes: #614085
tar (1.26+dfsg-6) unstable; urgency=low
* cherry-pick upstream commit at Paul Eggert's suggestion to address link
extraction issue, closes: #452365
tar (1.26+dfsg-5) unstable; urgency=low
[ Wookey ]
* Fix included gnulib so we don't get FTBFS with eglibc-2.16,
closes: #693352, #701419
[ Bdale Garbee ]
* update mailcap entries to use %s, closes: #681302
* include the http://www.gnu.org/software/tar/utils/tarcat script for use
with multi-volume archives, closes: #492036
tar (1.26+dfsg-0.1) unstable; urgency=low
* non-maintainer upload
* remove unused and non-DFSG compliant doc/*.texi and doc/*.info* files from
source, closes: #695803
tar (1.26-4) unstable; urgency=low
* mark "Mult-Arch: foreign" to ease crossgrading, closes: #649478
* hardened build flags patch from Moritz Huehlenhoff, closes: #653722
tar (1.26-3) unstable; urgency=low
* only run listed03.at on Linux systems synce upstream says it's known to
fail on BSD, apparently including our kfreebsd variants, closes: #639178
tar (1.26-2) unstable; urgency=low
* clean up various lintian warnings
tar (1.26-1) unstable; urgency=low
* new upstream version
* add a check to the rules file to ensure test suite is not attempted while
building as root, closes: #596268
tar (1.25-3) unstable; urgency=low
* cherry-pick some upstream commits that appear to address open bugs
* fix for --one-file-system and --listed-incremental together,
closes: #603371, #604394, #604698
* fix for FreeBSD symlink incompatibility with POSIX, closes: #602241
tar (1.25-2) unstable; urgency=low
* accept a "hack" from Joey Hess to work around an unfortunate side effect
of removing the patch to src/create.c regarding links of 100 chars in
1.23-4 that broke pristine-tar in some cases. The "fix" is to support
the old behavior if the environment variable TAR_LONGLINK_100 is set,
which pristine-tar knows about and will use when necessary but which
should never be used by anyone else! closes: #603231
tar (1.25-1) unstable; urgency=low
* new upstream version, closes: #602184, #602209, #602413, #575298
* Add Vcs-Git, Vcs-Browser fields to debian/control using patch from
Simon McVittie's 1.24-1.1 NMU, closes: #602639, #602709
* stop patching src/list.c since it now does more harm than good,
and add a Breaks against old dpkg versions, closes: #522858
tar (1.24-1) unstable; urgency=low
* new upstream version
tar (1.23-4) unstable; urgency=low
* revert patch to src/create.c introduced in 2004 to fix a dpkg bug long
since resolved, closes: #598345
tar (1.23-3) unstable; urgency=medium
* add xz-utils back to the Suggests list since it may not be 'required'
forever
* current debhelper includes trigger support, closes: #561598
* patch from upstream to fix ability of rmt to accept mixed file mode
representations, closes: #587702, #597672
tar (1.23-2.1) unstable; urgency=low
* Non-maintainer upload.
* src/extract.c: Apply upstream git commit
b60e56fd which fixes a dead loop
on extracting existing symlinks with the -k option, closes: #577978,
#576876.
tar (1.23-2) unstable; urgency=low
* use xz when lzma is called for, and stop suggesting both lzma since it's
no longer used, and xz-utils since it's now priority required,
closes: #582706, #523494
tar (1.23-1) unstable; urgency=low
* new upstream version, fixes security issue in rmt (CVE-2010-0624)
* add suggests for lzma and xz-utils, closes: #523499
tar (1.22-2) unstable; urgency=low
* Add Carl Worth as an uploader.
* Fix to allow parallel build (-j2), closes: #535319
* Don't close file stream before EOF, closes: #525818
* Preserve hard links with --remove-files, closes: #188663
Thanks to Ted T'so for the idea and Sergey Poznyakoff for
cleaning up my original implementation.
* Respect DEB_BUILD_OPTIONS=nocheck to conform with Policy 3.8.2
tar (1.22-1.1) unstable; urgency=low
* Non-maintainer upload.
* Set SIGPIPE to default action, patch from upstream. (closes: #532570)
tar (1.22-1) unstable; urgency=low
* new upstream version
* version the Replaces entry for cpio, closes: #483355
* move config.* update to configure target, yields a smaller diff that
doesn't clash with git-buildpackage... already had autotools-dev build dep!
* script debian/tarman contributed by Marcus Watts now used to create tar.1
by processing usage text in source code! Partial fix for #473328.
closes: #515578, #429776, #411707,
tar (1.20-1) unstable; urgency=low
* new upstream version
tar (1.19-3) unstable; urgency=low
* upstream patch to remove error message when updating a non-existing archive
* patch from Phil Hands for man page prevents URL splitting, closes: #463215
tar (1.19-2) unstable; urgency=low
* patch from Ubuntu to fix FTBFS with gcc-4.3, closes: #452096, #441606
* more descriptive short description in control, closes: #406301
tar (1.19-1) unstable; urgency=low
* new upstream version
* no need to deliver license text, as GPL-3 is in common-licenses now
tar (1.18-3) unstable; urgency=high
* fix build with gcc-4.3, closes: #441606
tar (1.18-2) unstable; urgency=high
* patch from Neil Moore improving the man page, closes: #439916
* patch from Justin Pryzby improving the man page, closes: #433553
* patch from upstream to fix directory traversal concern on extraction
documented in (CVE-2007-4131), closes: #439335
* urgency to high since preceding bug has having security implications
tar (1.18-1) unstable; urgency=low
* new upstream version, closes: #429417, #426808
* include COPYING file containing GPLv3 until base-file is updated
* fix filename of NEWS.Debian so that it actually gets delivered
* patch from Wim De Smet to document --strip in the man page, closes: #417810
* patch from upstream CVS to fix --verify on large files, closes: #422718
* add suggest of ncompress mirroring suggest of bzip2 to enable optional
functionality, closes: #122451
tar (1.16.1-1) unstable; urgency=low
* new upstream version, closes: #402179
* updated Russian translation from Yuriy Talakan, closes: #411613
tar (1.16-2) unstable; urgency=high
* patch from Kees Cook via upstream to disable handling of GNUTYPE_NAMES
by default and add a new command-line switch --allow-name-mangling to
re-enable it, as a fix for directory traversal bug (CVE-2006-6097),
closes: #399845
tar (1.16-1) unstable; urgency=medium
* new upstream version, closes: #376816, #363943, #377124, #377330
* fix for buffer overflow in test suite, closes: #377557
* force a clean in the tests directory before running the test suite, seems
to work around test suite repeatability problems, closes: #377330, #379393
* accept patch from Raphael Bossek to zero nanoseconds, closes: #329843
* update man page to reflect change in -l definition and other misc changes
to options since man page was last updated,
closes: #384508, #391718, 361932, #315506
* stop delivering upstream README, closes: #323232
tar (1.15.91-2) unstable; urgency=low
* add a NEWS.Debian file that communicates the change in wildcard processing
* re-institute the patch for filenames that are exactly 100 characters in
length originally reported in #230910, closes: #376909
tar (1.15.91-1) unstable; urgency=low
* new upstream version, retrieved from alpha.gnu.org
* update date in tar.1, closes: #367290
* support rollbacks in maintainer scripts, drop removal of info since this
package no longer delivers an info doc, closes: #374461
tar (1.15.1dfsg-3) unstable; urgency=low
* revert to upstream auto* products and take a different approach to eliding
doc/ contents, since I'm clearly just not smart enough to use auto* tools
without breaking more than I fix, closes: #362249
tar (1.15.1dfsg-2) unstable; urgency=low
* run aclocal and automake to get last reference to doc subdir out of
Makefile.in, closes: #361931
tar (1.15.1dfsg-1) unstable; urgency=low
* remove the documentation source from this package, since it is licensed
under the GFDL with invariant cover texts that upstream is unwilling or
unable to to remove, closes: #357259
* remove install-info call from postinst, since it is no longer relevant
* include URL for the online version of the tar documentation in the man page
* run make with same env vars set as configure to avoid situation where
make re-running configure causes rsh to not be found, etc, closes: #356657
* another patch from Goswin to fix test failures on amd64, closes: #354847
tar (1.15.1-6) unstable; urgency=low
* patch from upstream to fix incorrect listing of a non-existing section as
invariant in the GFDL license header, closes: #357259
tar (1.15.1-5) unstable; urgency=low
* patch from Goswin von Brederlow to sort tar output in test suite to
compensate for different file order when ext3 option dir_index is enabled
on build system, first seen on amd64 autobuilder, closes: #354847
tar (1.15.1-4) unstable; urgency=low
* change section from base to utils to resolve override disparity
* add build dependency on autoconf, closes: #354194
tar (1.15.1-3) unstable; urgency=high
* patch for src/xheader.c suggested by Martin Pitt, to fix exploitable
buffer overflow [CVE-2006-0300], closes: #354091, #314805
* change default path for rmt in lib/localedir.h to be correct for Debian
systems, closes: #319635
* updated Italian translation from Marco d'Itri, closes: #286978
* patch from Loic Minier fixing wrong matching of file names when special
characters are present, closes: #272888
* patch suggested by Stephen Frost to convert fatal error to warning when
an archive spanning multiple volumes contains a filename longer than
100 characters, closes: #330187
* patch from Peter Samuelson to fix hard link handling in the presence
of the --strip-components option, closes: #343062
* update debhelper compat level to 5
tar (1.15.1-2) unstable; urgency=low
* patch from LaMont to fix gcc-4.0 error in the test suite,
closes: #308815, #310830
* patch for de.po from Jens Seidel, closes: #313900
* fix amanda upstream URL in the info pages, closes: #310158
* patch from NIIBE Yutaka to support cross builds, closes: #283723
tar (1.15.1-1) unstable; urgency=low
* new upstream version, closes: #292255, #287251, #255067
* fetch tests/append.at from CVS since it was omitted from the 1.15.1
tarball, and update the regression test invocation in debian/rules
* tweaks to man page, closes: #265615
* add --libexecdir definition to configure call, closes: #307070, #291068
* stop trying to link /sbin/rmt, closes: #287217, #156550
* add --owner to man page, closes: #204848
* only mention --totals once in man page, closes: #288002
tar (1.14-2) unstable; urgency=low
* patch from Paul Eggert that does a better job of eliminating the
dependency on (buggy) valloc, closes: #234422, #248897
* patch for typo in upstream po/de.po, closes: #154511
* switch from dh_installmanpages to dh_installman
tar (1.14-1) unstable; urgency=low
* new upstream version, closes: #252491, #242231
* eliminate autoconf and automake build dependencies
* fix a bash-ism in the prerm for POSIX shell users
* change valloc to malloc when allocating record_start, closes: #234422
tar (1.13.93-4) unstable; urgency=high
* patch to stop issuing lone zero block warnings, closes: #235820
* patch to clean up hyphenation in man page, closes: #185670
* clean up manpage discussion of exclude and exclude-from, closes: #146196
* turn on regression tests in the build process
tar (1.13.93-3) unstable; urgency=high
* patch from upstream converts lone zero block errors to warnings,
closes: #235821
tar (1.13.93-2) unstable; urgency=high
* recover portion of patch from Ingo Saitz included in 1.13.92-4 that got
lost when merging 1.13.93 upstream (argh!), closes: 230910
tar (1.13.93-1) unstable; urgency=low
* new upstream version
tar (1.13.92-5) unstable; urgency=low
* patch from Paul Eggert to revert bogus behavior where POSIXLY_CORRECT
set in the environment forced 'pax' format archives, closes: #230872
* add a lintian override for rmt's man page, since delivering it as an
alternative makes the filename no longer match the script and symlink
delivered for the binary
tar (1.13.92-4) unstable; urgency=low
* patch from Ingo Saitz to avoid creating archives with shortnames of 100
characters, since it can cause dpkg problems, closes: #230910
* fix typo in info page, closes: #222569
tar (1.13.92-3) unstable; urgency=low
* freshen build dependencies to use automaken
* lose /usr/share/info/dir*gz, closes: #230418
* reinstate content for mime-support, closes: #111893
* implement alternatives for rmt, the version provided with dump will get
higher priority than the one in tar since it's better - see #183901
tar (1.13.92-2) unstable; urgency=low
* patches from CVS to stop stripping './' prefix from filenames, and to fix
--no-recursion, closes: #230431, #230434
tar (1.13.92-1) unstable; urgency=low
* new upstream version, closes: #229827
tar (1.13.25-6) unstable; urgency=low
* accept patch from Goswin Brederlow to hard-code RSH definition in rules
file, eliminating rsh-client from build deps, closes: #185594, #200042
* patch from Marc SCHAEFER <schaefer@alphanet.ch> to fix symlink extraction
as empty files, closes: #149532
tar (1.13.25-5) unstable; urgency=low
* include fresher config.sub/guess, update in debian/rules, closes: #165778
tar (1.13.25-4) unstable; urgency=high
* apply patch for path vulnerabilities documented in CVE CAN-2002-0399,
make urgency high since this is a security issue, closes: #163152
* include improved tar.1 man page from Andrew Moise <moise@nauticom.net>
tar (1.13.25-3) unstable; urgency=low
* apply patch to the Debian-originated tar manpage from Pedro Zorzenon Neto
<pzn@terra.com.br> to clarify the value of using --bzip2 in scripts instead
of -j to ensure compatibility with both old and new versions of tar.
closes: #142242, #83233
* fix capitalization concern in the control file, closes: #125629
tar (1.13.25-2) unstable; urgency=medium
* add a README.Debian that clarifies the situation with respect to 'compress'
in Debian and the impact on the -Z and related options, closes: #122336
* patch from Mark Eichin to fix archive corruption in special cases, which
has been accepted upstream for next release. closes: #126274
tar (1.13.25-1) unstable; urgency=medium
* new upstream version (bug fixes), closes: #113531
* start having tar provide rmt, which means conflicting with and replacing
cpio versions prior to the cutover, closes: #94257, #90794
* make medium urgency, since we really want this and the associated cpio
upload to both be in woody!
tar (1.13.22-1) unstable; urgency=medium
* new upstream version, released specifically to help close bugs in woody
upstream (Paul Eggert) says:
regarding 1.13.22
This fixes Debian bug 92106, in addition to the bug fixes I already
reported to you for GNU tar 1.13.20 and 1.13.21. It also fixes a
core-dump bug for tar 1.13.19 and later, reported to bug-tar.
regarding 1.13.21
This fixes Debian bug 95984, in addition to the bug fixes I already
reported to you for 1.13.20. It also upgrades tar to use gettext
0.10.39.
regarding 1.13.20
I haven't had time to fix all or even most of the bugs, but I suggest
closing out or modifying the following bug reports:
13312 I changed tar to avoid the problem (I hope; I can't test it).
52092 Fixed.
58890 Fixed, I think -- at least, I can't reproduce it now.
65719 Not a bug? last message in that bug report says it works for him.
77664 Not a bug. In that context FOO:BAR means 'file BAR on host FOO'.
78179 Sorry, I don't follow this report. Tar does strip leading '/'s
for me.
83458 Fixed.
83735 Fixed.
85400 Fixed for the info page only. The man page is not part of
tar-1.13.20.
90794 This partly seems to be a Debian packaging problem; see 94257.
94287 Fixed.
95344 Fixed.
95984 Not fixed in 1.13.20, but will be fixed in next version.
99655 Fixed.
100883 This bug report applies to the Debian distribution only.
100885 Not a bug; see its last message.
105744 Not a bug; see its last message.
closes: #92106, #95984, #13312, #52092, #58890, #65719, #77664, #78179
closes: #83458, #83735, #94287, #95344, #99655, #100885, #105744
* add documentation for --rsh-command to the Debian-provided man page,
closes: #85400
* fix Debian-provided man page's reference to --exclude, closes: #100883
tar (1.13.19-1) unstable; urgency=low
* new upstream version, -I no longer a valid option, closes: #81556
* freshen debian/copyright
tar (1.13.18-2) unstable; urgency=low
* update (Debian-only, not part of upstream release) man page for tar to
reflect change from -I to -j for bzip2 support, closes: #80331
tar (1.13.18-1) unstable; urgency=low
* new upstream version, closes: #57436, #51889
* add suggestion for bzip2, closes: #64279
* this package is pristine upstream source plus the debian/ directory, so
there should be no issues compiling on any platform, closes: #58171
tar (1.13.17-2) frozen unstable; urgency=low
* reconfigure, recompile to fix compile from source problem, closes: #60824
tar (1.13.17-1) unstable; urgency=low
* new upstream source from alpha.gnu.org recommended by uptream maintainer
Paul Eggert.
* this version should handle multibyte encoded filenames, closes: #25140
* upstream says the problem reported with -g is unreproducible in this
version, closes: #23511
* this version excludes sockets when building archives, closes: #51064
tar (1.13.15-1) unstable; urgency=low
* new upstream source from alpha.gnu.org recommended by uptream maintainer
Paul Eggert.
* update to current policy
* can't reproduce problem with remote host access reported in 1.13.11-2,
assuming it's fixed, closes: #45647
* upstream has not picked up our tar.1 manpage, so we'll try to keep it
up to date, closes: #50856
tar (1.13.14-5) unstable; urgency=low
* minor tweaks to clean up our diff, pointed out by the upstream maintainer
tar (1.13.14-4) unstable; urgency=low
* update upstream maintainer and copyright references, etc
tar (1.13.14-3) unstable; urgency=low
* fix default device in man page, closes: 50856
tar (1.13.14-2) unstable; urgency=low
* fold in Torsten's work that closes: #50553
* upstream folks indicate that $TAPE does not override -f in 1.13.14,
closes: #47664
* 1.13.14 has an updated man page that closes: #48603
* the -X stuff has supposedly been fixed since 1.13.12, closes: #43826
* rename upstream ChangeLog to changelog in the Debian package to satisfy
lintian/policy
tar (1.13.14-1.1) unstable; urgency=low
* Non maintainer upload.
* Moved the AC_LINK_FILES in configure.in inside the if (closes: #50553)
tar (1.13.14-1) unstable; urgency=low
* new upstream source from alpha.gnu.org recommended by uptream maintainer
Paul Eggert.
tar (1.13.11-2) unstable; urgency=low
* fix error in man page, closes: #44610
* patch from upstream that closes: #44827
tar (1.13.11-1) unstable; urgency=low
* new upstream source from alpha.gnu.org recommended by uptream maintainer
Paul Eggert.
* move to FHS compliance with new debhelper
tar (1.13.6-1) unstable; urgency=medium
* new upstream source from alpha.gnu.org recommended by uptream maintainer
Paul Eggert.
* bzip2 support is back, now with option '-y' instead of '-I'... rejoice!
Closes: #42428, #42562, #42572, #42661, #42772
* Paul claims that the -X option is fixed again, Closes: #42552
* add mime-support goo, Closes: #26706
* close bug reports I forgot to close last time, Closes: #33134, #37659
tar (1.13-3) unstable; urgency=low
* include more docs in /usr/doc/tar, closes 33134
* minor tweak to tar.1, closes 37659
tar (1.13-2) unstable; urgency=low
* back out hacks we had made to 1.12 that seem to be causing problems in
1.13, getting essentially to pristine 1.13 source plus debian control files
tar (1.13-1) unstable; urgency=low
* new upstream source
tar (1.12-9) unstable; urgency=low
* fix some issues with the contest of the po directory in my CVS repository
tar (1.12-8) unstable; urgency=low
* update to handle changes in automake
tar (1.12-7) frozen unstable; urgency=low
* merge new version of Italian translation, closes 30284
* merge README.debian with copyright, closes 22370
tar (1.12-6) frozen unstable; urgency=low
* update manpage to document -I, closes 21224
tar (1.12-5) frozen unstable; urgency=low
* fix for erroneous time reports from --totals from Rob Browning,
closes 18345
* add --numeric-owner to man page, closes 20801
* add some examples to the man page, closes 20290
tar (1.12-4) unstable; urgency=low
* move from debmake to debhelper
* address lintian error reports
* apply patch from amanda distribution to fix read errors on sparse files.
This should close 16694.
* updated dds2tar patch to restore proper operation of 'v' option. This was
causing corrupted archives when stdout was used. Closes 17857, 17916.
tar (1.12-3) unstable; urgency=low
* apply patch to support dds2tar-2.4.15, closes bug 10774
* apply patch to support use of bzip2, closes bugs 16280, 17221
tar (1.12-2) unstable; urgency=low
* libc6
* Folded in some of Michael Dorman's changes for alpha, which are really
libc6 changes. Closes bug 8823.
tar (1.12-1) unstable; urgency=low
* New upstream version.
tar (1.11.8-11) stable frozen unstable; urgency=low
* back out the change made for 1.11.8-8, since it isn't really effective,
and caused several folks grief. Closes bug 8040.
tar (1.11.8-10) stable frozen unstable; urgency=low
* rework debian/rules for CFLAGS as per policy. Closes bug 8065.
tar (1.11.8-9) unstable; urgency=medium
* debmake shoved a man page for a porting utility (ansi2knr) that
is in the tar source tree into the package. Fixes bug 7408.
tar (1.11.8-8) unstable; urgency=medium
* patch from the net for a quasi-security issue. changes the behavior
during extracts, so that tar won't create inappropriate setuid files
from nonexistent users.
tar (1.11.8-7) unstable; urgency=medium
* updated to current package standards
* patch from the net that fixes sporadic multi-vol seg faults
need the actual patch, too, of course...