./archivers/ruby-minitar, Pure-Ruby library to deal with POSIX tar(1) archive files

[ CVSweb ] [ Homepage ] [ RSS ] [ Required by ] [ Add to tracker ]


Branch: CURRENT, Version: 1.0.2, Package name: ruby32-minitar-1.0.2, Maintainer: pkgsrc-users

The minitar library is a pure-Ruby library that provides the ability to deal
with POSIX tar(1) archive files.

This is release 0.6, providing a number of bug fixes including a directory
traversal vulnerability, CVE-2016-10173. This release starts the migration and
modernization of the code:

* the licence has been changed to match the modern Ruby licensing scheme
(Ruby and Simplified BSD instead of Ruby and GNU GPL);
* the +minitar+ command-line program has been separated into the
+minitar-cli+ gem; and
* the +archive-tar-minitar+ gem now points to the +minitar+ and +minitar-cli+
gems and discourages its installation.

Some of these changes may break existing programs that depend on the internal
structure of the minitar library, but every effort has been made to ensure
compatibility; inasmuch as is possible, this compatibility will be maintained
through the release of minitar 1.0 (which will have strong breaking changes).

minitar (previously called Archive::Tar::Minitar) is based heavily on code
originally written by Mauricio Julio Fern\u{e1}ndez Pradier for the rpa-base
project.


Required to run:
[lang/ruby24-base]

Required to build:
[pkgtools/cwrappers]

Master sites:

Filesize: 33.5 KB

Version history: (Expand)


CVS history: (Expand)


   2021-10-26 11:57:20 by Nia Alarie | Files touched by this commit (140)
Log message:
archivers: Replace RMD160 checksums with BLAKE2s checksums

All checksums have been double-checked against existing RMD160 and SHA512
hashes.
   2021-10-07 15:06:15 by Nia Alarie | Files touched by this commit (140)
Log message:
archivers: Remove SHA1 distfiles hashes
   2019-10-22 09:29:24 by Takahiro Kambe | Files touched by this commit (2) | Package updated
Log message:
archivers/ruby-minitar: update to 0.9

Update archivers/ruby-minitar to 0.9.

## 0.9 / 2019-09-04

*   jtappa added the ability to skip fsync with a new option to Minitar.unpack
    and Minitar::Input#extract_entry. Provide `:fsync => false` as the last
    parameter to enable. Merged from a modified version of PR [#37][].

## 0.8 / 2019-01-05

*   inkstak resolved an issue introduced in the fix for [#31][] by allowing
    spaces to be considered valid characters in strict octal handling. Octal
    conversion ignores leading spaces. Merged from a slightly modified version
    of PR [#35][].

*   dearblue contributed PR [#32][] providing an explicit call to #bytesize for
    strings that include multibyte characters. The PR has been modified to be
    compatible with older versions of Ruby and extend tests.

*   Akinori MUSHA (knu) contributed PR [#36][] that treats certain badly
    encoded regular files (with names ending in `/`) as if they were
    directories on decode.

## 0.7 / 2018-02-19

*   Fixed issue [#28][] with a modified version of PR [#29][] covering the
    security policy and position for Minitar. Thanks so much to ooooooo\_q for
    the report and an initial patch. Additional information was added as
    [#30][].

*   dearblue contributed PR [#33][] providing a fix for Minitar::Reader when
    the IO-like object does not have a `#pos` method.

*   Kevin McDermott contributed PR [#34][] so that an InvalidTarStream is
    raised if the tar header is not valid, preventing incorrect streaming of
    files from a non-tarfile. This is a minor breaking change, so the version
    has been bumped accordingly.

*   Kazuyoshi Kato contributed PR [#26][] providing support for the GNU tar
    long filename extension.

*   Addressed a potential DOS with negative size fields in tar headers
    ([#31][]). This has been handled in two ways: the size field in a tar
    header is interpreted as a strict octal value and the Minitar reader will
    raise an InvalidTarStream if the size ends up being negative anyway.
   2017-03-13 17:05:01 by Takahiro Kambe | Files touched by this commit (4)
Log message:
Add ruby-minitar 0.6.1.

The minitar library is a pure-Ruby library that provides the ability to deal
with POSIX tar(1) archive files.

This is release 0.6, providing a number of bug fixes including a directory
traversal vulnerability, CVE-2016-10173. This release starts the migration and
modernization of the code:

*   the licence has been changed to match the modern Ruby licensing scheme
    (Ruby and Simplified BSD instead of Ruby and GNU GPL);
*   the +minitar+ command-line program has been separated into the
    +minitar-cli+ gem; and
*   the +archive-tar-minitar+ gem now points to the +minitar+ and +minitar-cli+
    gems and discourages its installation.

Some of these changes may break existing programs that depend on the internal
structure of the minitar library, but every effort has been made to ensure
compatibility; inasmuch as is possible, this compatibility will be maintained
through the release of minitar 1.0 (which will have strong breaking changes).

minitar (previously called Archive::Tar::Minitar) is based heavily on code
originally written by Mauricio Julio Fern\u{e1}ndez Pradier for the rpa-base
project.