libtar0 - C library for manipulating tar archives

Distribution: Debian 8 (Jessie)
Repository: Debian Main amd64
Package name: libtar0
Package version: 1.2.20
Package release: 4+b1
Package architecture: amd64
Package type: deb
Installed size: 49 B
Download size: 22.81 KB
Official Mirror:
libtar allows programs to create, extract and test tar archives. It supports both the strict POSIX tar format and many of the commonly-used GNU extensions.




  • libtar


  • libtar


    Source package: libtar

    Install Howto

    1. Update the package index:
      # sudo apt-get update
    2. Install libtar0 deb package:
      # sudo apt-get install libtar0


    • /usr/lib/
    • /usr/lib/
    • /usr/share/doc/libtar0/changelog.Debian.amd64.gz
    • /usr/share/doc/libtar0/changelog.Debian.gz
    • /usr/share/doc/libtar0/changelog.gz
    • /usr/share/doc/libtar0/copyright


    2014-05-03 - Magnus Holmgren <> libtar (1.2.20-4) unstable; urgency=high * no_maxpathlen.patch: Half of the part of the patch modifying compat/dirname.c was missing, causing libtar's dirname to always return NULL (except in special circumstances). Actually make it work (Closes: #745352). (The reason that libtar doesn't use libc's dirname() and basename() on some or most platforms is that the code doesn't work with destructive versions of these functions).

    2014-02-15 - Magnus Holmgren <> libtar (1.2.20-3) unstable; urgency=low * no_maxpathlen.patch: Fix two grave bugs in the patch. First, th_get_pathname would only allocate as much memory as was needed for the first filename encountered, causing heap corruption when/if encountering longer filenames later. Second, two variables were mixed up in tar_append_tree(). Also, fix a potential memory leak and trim the patch a bit. * [SECURITY] CVE-2013-4420.patch: When the prefix field is in use, the safer_name_suffix() function should certainly be applied to the combination of it and the name field, not just on the name field. * th_get_size-unsigned-int.patch: Make the th_get_size() macro cast the result from oct_to_int() to unsigned int. This is the right fix for bug #725938 on 64-bit systems, where a specially crafted tar file would not cause an integer overflow, but a memory allocation of almost 16 exbibytes, which would certainly fail outright without harm.

    2014-02-15 - Magnus Holmgren <> libtar (1.2.20-2) unstable; urgency=low * no_static_buffers.patch: avoid using a static buffer in th_get_pathname(). Taken from upstream. Needed for no_maxpathlen.patch. * no_maxpathlen.patch: Fix FTBFS on Hurd by dynamically allocating path names (Closes: #657116). Thanks to Svante Signell and Petter Reinholdtsen. * [SECURITY] CVE-2013-4420.patch: Strip out leading slashes and any pathname prefix containing ".." components (Closes: #731860). This is done in th_get_pathname() (as well as to symlink targets when extracting symlinks), not merely when extracting files, which means applications calling that function will not see the stored filename. There is no way to disable this behaviour, but it can be expected that one will be provided when the issue is solved upstream. * Bump Standards-Version to 3.9.5.

    2013-10-10 - Magnus Holmgren <> libtar (1.2.20-1) unstable; urgency=high * [SECURITY] New upstream release. Fixes CVE-2013-4397: Integer overflow (Closes: #725938). * Bump Standards-Version to 3.9.4.

    2013-05-05 - Magnus Holmgren <> libtar (1.2.19-1) unstable; urgency=low * New upstream release.

    2012-06-23 - Magnus Holmgren <> libtar (1.2.16-1) unstable; urgency=low * New upstream: Chris Frey has stepped up with the consent of the original author, Mark Roth, and published an "official unofficial" git repo at, which I will use for the time being. * Updated debian/watch to look for tags and corresponding snapshot tarballs at above URL. * All patches have been incorporated or (in the case of autoreconf.patch) made obsolete upstream. * debian/rules: Add build-indep and build-arch targets. * Updated debian/copyright. * Use dpkg-buildflags to set CFLAGS et al. * debian/control: Add VCS fields; bump Standards-Version to 3.9.3.

    2011-04-24 - Magnus Holmgren <> libtar (1.2.11-8) unstable; urgency=low * libtool.patch: Set SHELL to the configured shell in those where libtool is used; otherwise libtool fails when /bin/sh is dash but bash is expected (Closes: #621935). * man_hyphen_minus.patch (new): Escape hyphens that should be minus signs in man pages. * Rename libtar as libtar0 to follow policy.