On Tue, Nov 12, 2002 at 10:39:38AM +0100, Xavier HUMBERT wrote:
> [Sorry for breaking the thread, I answer from work, based on the Web
> archive, which does not presen Message-IDs]
> 
> At 11/12/2002 08:09:50 Hauke Fath  wrote :
> 
> > At 23:48 Uhr +0100 11.11.2002, Manuel Bouyer wrote:
> >>is there anybody working on an update of the gtar package ?
> >>audit-packages
> >>complains about it ...
> >
> > If you do, please make sure the update does not break Amanda. It is
> >(or, at
> > least, used to be) picky about the gnutar version.
> 
> Alas, it probably does.
> 
> Today, I found weekly backup failed at the very same point than does pax
> (modified files), as I noted in 'bin/18959'. It is a FreeBSD box, where
> tar (gnutar) has been upgraded to the "secure" version last week, when I
> upgraded to STABLE.

What version of gtar is it ?

> 
> At 04:17 +0100 09/11/2002, backup-agent@gandalf.injep.fr wrote:
> > /usr/bin/tar: ./var/dnews/work/dbi.idx: file changed as we read it
> > /usr/bin/tar: ./var/run/log: socket ignored
> > Total bytes written: 41492480 (40MB, 2.1MB/s)
> > /usr/bin/tar: Error exit delayed from previous errors
> > Error 2 while archiving /var/tmp/backup/2002-11-09-var.tar

This doesn't looks related to the '..' fix. Maybe there was other changes
as well.

> 
> In the same time, backups on NetBSD, with gtar 1.12 ran fine
> 
> So I urge you NOT TO upgrade gnutar, unless there is a fix for this new
> breaking behavior.
> 
> And, BTW, this "security fix" seems useless to me : the same way you
> do not launch EXE files without checking them, you do not install
> unknown tarballs without listing them first, don't you ?

It's not because of the security fix; it's preliminary because amanda
is broken now, because gtar 1.12 was added to vulnerabilities.

-- 
Manuel Bouyer <bouyer@antioche.eu.org>
     NetBSD: 23 ans d'experience feront toujours la difference
--