Description of the patch:
This update for tar fixes the following issues:
Upgrade tar to version 1.34 (jsc#PED-16073).
Security issues fixed:
- CVE-2025-45582: file overwrite via directory traversal in crafted TAR archives (bsc#1246399).
Other updates and bugfixes:
- Changes from 1.28:
- New --one-top-level option: extract all files into a subdirectory named after the archive base name
- New --sort option: sort directory entries by name or inode when creating archives
- New exclusion options: --exclude-ignore, --exclude-ignore-recursive, and --exclude-vcs-ignores
- New checkpoint action: totals; extended checkpoint format specifiers
- Official tar(1) and rmt(8) manpages now provided upstream
- Refuse to read from or write archives to a tty device
- Changes from 1.29:
- New --verbatim-files-from option: treat each line in a file list as a literal file name regardless of leading
dashes
- Changes from 1.30:
- Member names containing '..' components are now skipped on extraction (security hardening)
- Erroneous use of position-sensitive options is now reported
- --numeric-owner now applies to private (pax) headers too
- Fixed --delay-directory-restore in several edge cases
- New --warnings=failed-read option to suppress unreadable-file warnings when combined with --ignore-failed-read
- Changes from 1.32:
- POSIX extended format headers no longer include PID by default
- Wildcards in --exclude-vcs-ignore mode no longer match slashes
- Fixed --no-overwrite-dir option
- Fixed handling of chained renames in incremental backups
- Link counting works for file names supplied via -T
- Changes from 1.33:
- Fix extraction over pipe
- Fix memory leak in read_header
- Fix extraction when . and .. are unreadable
- Gracefully handle duplicate symlinks when extracting
- Re-initialise supplementary groups when switching to user privileges