Path to this page:
Subject: CVS commit: pkgsrc/archivers/star
From: Michael Baeuerle
Date: 2019-10-24 18:53:34
Message id: 20191024165334.9C04BFA84@cvs.NetBSD.org
Log Message:
archivers/star: Update to 1.6.1nb2
Based on Release 2019-10-07.
Changelog
=========
- configure: Some shells report a syntax error with "< file (cmd)"
and need the redirection statement to be *after* the command. Our
changes to support the V7 shell by adding round braces caused ash
variants like "dash" to fail.
Thanks to Harald van Dijk for reporting
- cont/cc-config.sh: canged some :>some-file statements into
(:)>some-file. they have meen missed when introducing work arounds
for the V7 Shell on Ultrix that does not support I/O redirection
for builtin commands.
Thanks to Robert Clausecker for reporting
- libschily/resolvepath.c: resolving a symlink that points to another
symlink that points to itself, caused a coredump as a result from an
endless recursion.
We now detect this situation and abort the check before the endless
recursion causes a stack overflow. A symlink that directly loops
is immediately stopped. A longer symlink loop chain over more than one
symlink can only be detected by the recursion nesting level and is
aborted after a nesting level of 1024 has been reached. This works
under the assumption that the minimum stack size is more than
1024 * PATH_MAX and that there is no useful directory path with more
than 1024 symlinks in the path.
----> This problem affected star and SCCS.
Thanks to Philipp Wellner for reporting
- star: Added a hint to the man page that helps to find pkglist= as a.
similar option to list=
- star: The new method to avoid extracting symlinks that point outside
the star working directory that has been introduced in October 2018
could cause a core dump if a symlink is checked that points to
another aready existing symlink that points to itself. This was caused
by a problem in libschily/resolvepath.c, see above.
Thanks to Philipp Wellner for reporting
- star: The option -no-secure-links now may be configured as a global
default via the tag STAR_SECURE_LINKS= in the file /etc/default/star
and as a private default via an environment of the same name.
If the value for this tag is 'n' or 'N', -no-secure-links is made the
default, any other value sets the option -secure-links as the default.
This may be useful for sysadmins that frequently use star to copy
installation specific files, but it is risky in case that alien TAR
archives are imported. The good news is that this permits users to
switch to the old star behavior where no checks for risky links
existed.
Thanks to Dennis Clarke for reporting
- star: A new enviroment STAR_NOHINT has been introduced to supress
hint messages that are otherwise seen in case STAR_SECURE_LINKS or
STAR_FSYNC is in the environment or in /etc/default/star
- star: New version date
Files: