---
- branch: MAIN
  date: Thu Oct 24 16:53:34 UTC 2019
  files:
  - new: '1.41'
    old: '1.40'
    path: pkgsrc/archivers/star/Makefile
    pathrev: pkgsrc/archivers/star/Makefile@1.41
    type: modified
  - new: '1.17'
    old: '1.16'
    path: pkgsrc/archivers/star/distinfo
    pathrev: pkgsrc/archivers/star/distinfo@1.17
    type: modified
  id: 20191024T165334Z.d200cccfad62b6e0f77bf174353a43f6fdfbc3f9
  log: |
    archivers/star: Update to 1.6.1nb2

    Based on Release 2019-10-07.

    Changelog
    =========
    - configure: Some shells report a syntax error with "< file (cmd)"
      and need the redirection statement to be *after* the command. Our
      changes to support the V7 shell by adding round braces caused ash
      variants like "dash" to fail.

      Thanks to Harald van Dijk for reporting

    - cont/cc-config.sh: canged some :>some-file statements into
      (:)>some-file. they have meen missed when introducing work arounds
      for the V7 Shell on Ultrix that does not support I/O redirection
      for builtin commands.

      Thanks to Robert Clausecker for reporting

    - libschily/resolvepath.c: resolving a symlink that points to another
      symlink that points to itself, caused a coredump as a result from an
      endless recursion.

      We now detect this situation and abort the check before the endless
      recursion causes a stack overflow. A symlink that directly loops
      is immediately stopped. A longer symlink loop chain over more than one
      symlink can only be detected by the recursion nesting level and is
      aborted after a nesting level of 1024 has been reached. This works
      under the assumption that the minimum stack size is more than
      1024 * PATH_MAX and that there is no useful directory path with more
      than 1024 symlinks in the path.

      ----> This problem affected star and SCCS.

      Thanks to Philipp Wellner for reporting

    - star: Added a hint to the man page that helps to find pkglist= as a.
      similar option to list=

    - star: The new method to avoid extracting symlinks that point outside
      the star working directory that has been introduced in October 2018
      could cause a core dump if a symlink is checked that points to
      another aready existing symlink that points to itself. This was caused
      by a problem in libschily/resolvepath.c, see above.

      Thanks to Philipp Wellner for reporting

    - star: The option -no-secure-links now may be configured as a global
      default via the tag STAR_SECURE_LINKS= in the file /etc/default/star
      and as a private default via an environment of the same name.

      If the value for this tag is 'n' or 'N', -no-secure-links is made the
      default, any other value sets the option -secure-links as the default.

      This may be useful for sysadmins that frequently use star to copy
      installation specific files, but it is risky in case that alien TAR
      archives are imported. The good news is that this permits users to
      switch to the old star behavior where no checks for risky links
      existed.

      Thanks to Dennis Clarke for reporting

    -  star: A new enviroment STAR_NOHINT has been introduced to supress
      hint messages that are otherwise seen in case STAR_SECURE_LINKS or
      STAR_FSYNC is in the environment or in /etc/default/star

    - star: New version date
  module: pkgsrc
  subject: 'CVS commit: pkgsrc/archivers/star'
  unixtime: '1571936014'
  user: micha