[Sorry for breaking the thread, I answer from work, based on the Web
archive, which does not presen Message-IDs]

At 11/12/2002 08:09:50 Hauke Fath  wrote :

> At 23:48 Uhr +0100 11.11.2002, Manuel Bouyer wrote:
>>is there anybody working on an update of the gtar package ?
>>audit-packages
>>complains about it ...
>
> If you do, please make sure the update does not break Amanda. It is
>(or, at
> least, used to be) picky about the gnutar version.

Alas, it probably does.

Today, I found weekly backup failed at the very same point than does pax
(modified files), as I noted in 'bin/18959'. It is a FreeBSD box, where
tar (gnutar) has been upgraded to the "secure" version last week, when I
upgraded to STABLE.

At 04:17 +0100 09/11/2002, backup-agent@gandalf.injep.fr wrote:
> /usr/bin/tar: ./var/dnews/work/dbi.idx: file changed as we read it
> /usr/bin/tar: ./var/run/log: socket ignored
> Total bytes written: 41492480 (40MB, 2.1MB/s)
> /usr/bin/tar: Error exit delayed from previous errors
> Error 2 while archiving /var/tmp/backup/2002-11-09-var.tar

In the same time, backups on NetBSD, with gtar 1.12 ran fine

So I urge you NOT TO upgrade gnutar, unless there is a fix for this new
breaking behavior.

And, BTW, this "security fix" seems useless to me : the same way you
do not launch EXE files without checking them, you do not install
unknown tarballs without listing them first, don't you ?

First security breech is *always* the user. Forgetting this leads to the
problem we are facing today.

Xavier

-- 
Xavier HUMBERT  -  Systemes et Reseaux     |     labo-info@injep.fr
INJEP                                      |     humbert@injep.fr