OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/tar?expand=0&rev=2

tar-1.16-CVE-2006-6097.patch

@@ -1,182 +0,0 @@
-CVE-2006-6097
-
-2006-11-29  Paul Eggert <eggert@cs.ucla.edu>
-
-        * NEWS: Remove support for mangled names.
-        * doc/tar.texi (verbose tutorial): Likewise.
-        * src/Makefile.am (tar_SOURCES): Remove mangle.c.
-        * src/common.h (extract_mangle): Remove decl.
-        * src/extract.c (extract_mangle_wrapper): Remove.
-        (prepare_to_extract): Remove support for mangled names.
-        * src/list.c (read_and, print_header): Likewise.
-        * src/mangle.c: Remove.
-        * src/tar.c (GNUTYPE_NAMES): Remove.
-
-Index: NEWS
-===================================================================
-RCS file: /cvsroot/tar/tar/NEWS,v
-retrieving revision 1.126
-diff -p -u -r1.126 NEWS
---- NEWS        29 Nov 2006 18:16:27 -0000      1.126
-+++ NEWS        30 Nov 2006 06:37:07 -0000
-@@ -1,6 +1,14 @@
- GNU tar NEWS - User visible changes.
- Please send GNU tar bug reports to <bug-tar@gnu.org>
- 
-+* Support for reading ustar type 'N' header logical records has been removed.
-+  This GNU extension was generated only by very old versions of GNU 'tar'.
-+  Unfortunately its implementation had security holes; see
-+  <http://archives.neohapsis.com/archives/fulldisclosure/2006-11/0344.html>.
-+  We don't expect that any tar archives in practical use have type 'N'
-+  records, but if you have one and you trust its contents, you can
-+  decode it with GNU tar 1.16 or earlier.
-+
- version 1.16 - Sergey Poznyakoff, 2006-10-21
- 
- * After creating an archive, tar exits with code 1 if some files were
-Index: doc/tar.texi
-===================================================================
-RCS file: /cvsroot/tar/tar/doc/tar.texi,v
-retrieving revision 1.123
-diff -p -u -r1.123 tar.texi
---- doc/tar.texi        29 Nov 2006 18:11:34 -0000      1.123
-+++ doc/tar.texi        30 Nov 2006 06:37:07 -0000
-@@ -1000,12 +1000,7 @@ Encountered only at the beginning of a m
- from the previous volume. The number @var{n} gives the offset where
- the original file was split.
- 
- @item --Mangled file names--
--This archive member contains @dfn{mangled file names} declarations,
--a special member type that was used by early versions of @GNUTAR{}.
--You probably will never encounter this, unless you are reading a very
--old archive.
--
- @item  unknown file type @var{c}
- An archive member of unknown type. @var{c} is the type character from
- the archive header.  If you encounter such a message, it means that
-Index: src/Makefile.am
-===================================================================
-RCS file: /cvsroot/tar/tar/src/Makefile.am,v
-retrieving revision 1.24
-diff -p -u -r1.24 Makefile.am
---- src/Makefile.am     30 Nov 2006 00:14:11 -0000      1.24
-+++ src/Makefile.am     30 Nov 2006 06:37:07 -0000
-@@ -30,7 +30,6 @@ tar_SOURCES = \
-  xheader.c\
-  incremen.c\
-  list.c\
-- mangle.c\
-  misc.c\
-  names.c\
-  sparse.c\
-Index: src/common.h
-===================================================================
-RCS file: /cvsroot/tar/tar/src/common.h,v
-retrieving revision 1.91
-diff -p -u -r1.91 common.h
---- src/common.h        29 Nov 2006 18:16:27 -0000      1.91
-+++ src/common.h        30 Nov 2006 06:37:07 -0000
-@@ -546,10 +546,6 @@ enum read_header tar_checksum (union blo
- void skip_file (off_t size);
- void skip_member (void);
- 
--/* Module mangle.c.  */
--
--void extract_mangle (void);
--
- /* Module misc.c.  */
- 
- void assign_string (char **dest, const char *src);
-Index: src/extract.c
-===================================================================
-RCS file: /cvsroot/tar/tar/src/extract.c,v
-retrieving revision 1.97
-diff -p -u -r1.97 extract.c
---- src/extract.c       29 Nov 2006 18:16:27 -0000      1.97
-+++ src/extract.c       30 Nov 2006 06:37:07 -0000
-@@ -1024,13 +1024,6 @@ extract_fifo (char *file_name, int typef
- #endif
- 
- static int
--extract_mangle_wrapper (char *file_name, int typeflag)
--{
--  extract_mangle ();
--  return 0;
--}
--
--static int
- extract_volhdr (char *file_name, int typeflag)
- {
-   if (verbose_option)
-@@ -1121,10 +1114,6 @@ prepare_to_extract (char const *file_nam
-       *fun = extract_volhdr;
-       break;
- 
--    case GNUTYPE_NAMES:
--      *fun = extract_mangle_wrapper;
--      break;
--
-     case GNUTYPE_MULTIVOL:
-       ERROR ((0, 0,
-              _("%s: Cannot extract -- file is continued from another volume"),
-Index: src/list.c
-===================================================================
-RCS file: /cvsroot/tar/tar/src/list.c,v
-retrieving revision 1.101
-diff -p -u -r1.101 list.c
---- src/list.c  2 Jun 2006 08:05:04 -0000       1.101
-+++ src/list.c  30 Nov 2006 06:37:07 -0000
-@@ -107,7 +107,6 @@ read_and (void (*do_something) (void))
- 		{
- 		case GNUTYPE_VOLHDR:
- 		case GNUTYPE_MULTIVOL:
--		case GNUTYPE_NAMES:
- 		  break;
- 
- 		case DIRTYPE:
-@@ -1047,10 +1046,6 @@ print_header (struct tar_stat_info *st, 
- 	  modes[0] = 'M';
- 	  break;
- 
--	case GNUTYPE_NAMES:
--	  modes[0] = 'N';
--	  break;
--
- 	case GNUTYPE_LONGNAME:
- 	case GNUTYPE_LONGLINK:
- 	  modes[0] = 'L';
-@@ -1234,10 +1229,6 @@ print_header (struct tar_stat_info *st, 
- 		   uintbuf));
- 	  fprintf (stdlis, _("--Continued at byte %s--\n"), size);
- 	  break;
--
--	case GNUTYPE_NAMES:
--	  fprintf (stdlis, _("--Mangled file names--\n"));
--	  break;
- 	}
-     }
-   fflush (stdlis);
-Index: src/tar.h
-===================================================================
-RCS file: /cvsroot/tar/tar/src/tar.h,v
-retrieving revision 1.37
-diff -p -u -r1.37 tar.h
---- src/tar.h   29 Nov 2006 18:28:45 -0000      1.37
-+++ src/tar.h   30 Nov 2006 06:37:07 -0000
-@@ -165,6 +165,7 @@ struct oldgnu_header
-    'A' Solaris Access Control List
-    'E' Solaris Extended Attribute File
-    'I' Inode only, as in 'star'
-+   'N' Obsolete GNU tar, for file names that do not fit into the main header.
-    'X' POSIX 1003.1-2001 eXtended (VU version)  */
- 
- /* This is a dir entry that contains the names of files that were in the
-@@ -180,8 +181,5 @@ struct oldgnu_header
- /* This is the continuation of a file that began on another volume.  */
- #define GNUTYPE_MULTIVOL 'M'
- 
--/* For storing filenames that do not fit into the main header.  */
--#define GNUTYPE_NAMES 'N'
--
- /* This is for sparse files.  */
- #define GNUTYPE_SPARSE 'S'

tar-1.16-xheader_unused.patch

@@ -1,19 +0,0 @@
-Bugzilla #223847
-
-Index: tar-1.16-edit/src/xheader.c
-===================================================================
---- tar-1.16-edit.orig/src/xheader.c
-+++ tar-1.16-edit/src/xheader.c
-@@ -647,12 +647,10 @@ void
- xheader_read (union block *p, size_t size)
- {
-   size_t j = 0;
--  size_t nblocks;
- 
-   free (extended_header.buffer);
-   size += BLOCKSIZE;
-   extended_header.size = size;
--  nblocks = (size + BLOCKSIZE - 1) / BLOCKSIZE;
-   extended_header.buffer = xmalloc (size + 1);
-   extended_header.buffer[size] = '\0';
- 

tar-1.16.1.tar.bz2

@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:5c843004934142cc85decf4ae0f5f8b8b568834d3e23f1568193b3836422d2bb
+size 1793624

tar-1.16.tar.bz2

@@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:5037dfa4bdd426e680345681070a484f7f4edfa0b3381f595ca6dbc6ca1f5361
-size 1785682

tar.changes

@@ -1,3 +1,16 @@
+-------------------------------------------------------------------
+Wed Jan 24 10:51:46 CET 2007 - mkoenig@suse.de
+
+- update to version 1.16.1:
+  * tar-1.16-CVE-2006-6097.patch merged upstream
+  * tar-1.16-xheader_unused.patch merged upstream
+  * New option --exclude-tag
+  * The --exclude-cache option excludes directories that 
+    contain the CACHEDIR.TAG file from being archived
+  * Race conditions have been fixed that in some cases briefly
+    allowed files extracted by 'tar -x --same-owner' to be 
+    accessed by users that they shouldn't have been.
+
 -------------------------------------------------------------------
 Tue Dec 05 16:07:51 CET 2006 - mkoenig@suse.de
 

tar.spec

@@ -1,7 +1,7 @@
 #
-# spec file for package tar (Version 1.16)
+# spec file for package tar (Version 1.16.1)
 #
-# Copyright (c) 2006 SUSE LINUX Products GmbH, Nuernberg, Germany.
+# Copyright (c) 2007 SUSE LINUX Products GmbH, Nuernberg, Germany.
 # This file and all modifications and additions to the pristine
 # package are under the same license as the package itself.
 #
@@ -18,16 +18,13 @@ Group:          System/Base
 Provides:       base:/bin/tar
 PreReq:         %install_info_prereq
 Autoreqprov:    on
-Version:        1.16
+Version:        1.16.1
 Release:        1
 Summary:        GNU implementation of tar ( (t)ape (ar)chiver )
 Source0:        %name-%version.tar.bz2
-#Source1:        tar.1
 Patch0:         tar-disable_languages.patch
 Patch1:         tar-disable-listed02-test.diff
 Patch2:         tar-manpage.patch
-Patch3:         tar-1.16-xheader_unused.patch
-Patch4:         tar-1.16-CVE-2006-6097.patch
 BuildRoot:      %{_tmppath}/%{name}-%{version}-build
 %define _bindir  /bin
 
@@ -66,8 +63,6 @@ Authors:
 %patch0 -p1
 %patch1 -p1
 %patch2 -p1
-%patch3 -p1
-%patch4
 
 %build
 rm -f po/no.* po/ky.*
@@ -87,10 +82,7 @@ make
 #%endif
 
 %install
-#mkdir -p $RPM_BUILD_ROOT%_mandir
-#mkdir $RPM_BUILD_ROOT%_mandir/man1
 make install DESTDIR=$RPM_BUILD_ROOT
-#install -m 0644 %SOURCE1  $RPM_BUILD_ROOT%_mandir/man1/
 rm -r %buildroot/usr/libexec
 
 %files
@@ -112,6 +104,16 @@ rm -r %buildroot/usr/libexec
 rm -rf $RPM_BUILD_ROOT
 
 %changelog -n tar
+* Wed Jan 24 2007 - mkoenig@suse.de
+- update to version 1.16.1:
+  * tar-1.16-CVE-2006-6097.patch merged upstream
+  * tar-1.16-xheader_unused.patch merged upstream
+  * New option --exclude-tag
+  * The --exclude-cache option excludes directories that
+  contain the CACHEDIR.TAG file from being archived
+  * Race conditions have been fixed that in some cases briefly
+  allowed files extracted by 'tar -x --same-owner' to be
+  accessed by users that they shouldn't have been.
 * Tue Dec 05 2006 - mkoenig@suse.de
 - update to version 1.16:
   Bugfixes: