tardiff (0.1-2+deb8u2build0.15.10.1) wily-security; urgency=medium

  * fake sync from Debian

 -- Marc Deslauriers <marc.deslauriers@ubuntu.com>  Tue, 24 May 2016 09:25:07 -0400

tardiff (0.1-2+deb8u2) jessie-security; urgency=high

  * Non-maintainer upload by the Security Team.
  * Add fix for shell command injection via tar filename itself.
    This fix is as well part of the CVE-2015-0857 assignment but was
    previously missed.

 -- Salvatore Bonaccorso <carnil@debian.org>  Sun, 01 May 2016 10:46:40 +0200

tardiff (0.1-2+deb8u1) jessie-security; urgency=high

  * Add patch to fix miscalculated statistics. (Closes: #802098)
  * Add patches to fix two security issues:
    + CVE-2015-0857: shell command injection through file names
    + CVE-2015-0858: /tmp race condition in handling temporary directory
    Issues found and reported by Rainer Müller and Florian Weimer.
    Additional necessary changes:
    + Add new run-time dependency on libtext-diff-perl.

 -- Axel Beckert <abe@debian.org>  Tue, 20 Oct 2015 01:02:12 +0200

tardiff (0.1-2) unstable; urgency=low

  * Patch -a vs -s mixup. (Due to a typo, the short option -a is not
    queried while the short option -s works as if would have been -a. The
    according long options worked as advertised.)
  * Bump debhelper compatibility to 9
    + Update versioned debhelper build-dependency
    + Remove manual clean up of *-stamp files
  * Revamp debian/rules:
    + Move dh_installman parameter to debian/manpages
    + Switch to a dh7 style debian/rules file
  * Remove recommends on essential package
  * Bump Standards-Version to 3.9.4 (no changes)
  * Fix lintian warning vcs-field-not-canonical
  * Remove stray debian/debian/patches/series
  * Apply wrap-and-sort

 -- Axel Beckert <abe@debian.org>  Mon, 03 Jun 2013 12:57:19 +0200

tardiff (0.1-1) unstable; urgency=low

  * Initial release (Closes: #650668)
  * Add patch to fix comparison of tar balls with the same base
    directory.

 -- Axel Beckert <abe@debian.org>  Mon, 07 May 2012 01:02:25 +0200
