-$Id: CHANGES,v 1.10 1999/10/31 19:48:25 tiniou Exp $
+$Id: CHANGES,v 1.13 1999/11/05 22:02:11 tiniou Exp $
-Changes between versions 0.4b7 and 0.4b8 (released ???????????????)
-===================================================================
+Changes between versions 0.4b8 and 0.4b9 (released November 5, 1999)
+====================================================================
+
+1. Use lchown instead of chown, fixing a possible security problem
+ when restoring symlinks (a malicious user could use this
+ to deliberately corrupt the ownership of important system files).
+ Thanks to Chris Siebenmann <cks@utcc.utoronto.ca> for detecting
+ this and providing the patch.
+
+Changes between versions 0.4b7 and 0.4b8 (released November 3, 1999)
+====================================================================
1. Put dump sources under CVS, added Id tags in all files so
one can use 'ident' on binary files.
contain them :(. Thanks to Eric Maisonobe <virnet@nat.fr>
for submitting the bug report.
-5. Added the RSH environment variable in order to be able to
+5. Use ext2fs_llseek instead of llseek. With recent e2fsprogs
+ this should enable dumping big (huge) filesystems.
+
+6. Added the RSH environment variable in order to be able to
use a rsh replacement like ssh when doing remote backups (and
bypass the security limitations of rcmd). Now you can do remote
backups without being root (or making dump setuid root).
-6. Modified again the way dumpdates works. For incremental dumps,
+7. Modified again the way dumpdates works. For incremental dumps,
we need to read dumpdates even if we are not using 'u' option.
Thanks to Bdale Garbee <bdale@gag.com> for his ideas on how
this should work.