I announce the release of version 4.3.7 of GNU findutils.
GNU findutils is a set of software tools for finding files that match certain criteria and for performing various operations on them. Findutils includes the programs "find", "xargs" and "locate". More information about findutils is available at http://www.gnu.org/software/findutils/. This is a "development" release of findutils. It can be downloaded from ftp://alpha.gnu.org/gnu/findutils. The 4.3.x release series is intended to allow people to try out, comment on or contribute to new features of findutils. During the 4.3.x release series some features may be introduced and then changed or removed as a result of feedback or experience. In short, please don't rely on backward compatibility later in the release series. While this is a development release, it is tested before being released, principally with the regression test suite (run "make check" to use it). The Savannah website (http://savannah.gnu.org/bugs/?group=findutils) contains a current list of known bugs in findutils (for both the stable and development branches). This release includes a range of changes, including bugfixes, documentation improvements and small functional changes. All the changes since the previous release are summarised below. Bugs in GNU findutils should be reported to the findutils bug tracker at http://savannah.gnu.org/bugs/?group=findutils. Reporting bugs via the web interface will ensure that you are automatically informed when the bug has been fixed. General discussion of findutils takes place on the bug-findutils mailing list. To join the 'bug-findutils' mailing list, send email to <[EMAIL PROTECTED]>. To verify the GPG signature of the release, you will need the public key of the findutils maintainer, James Youngman. You can download this from http://savannah.gnu.org/users/jay. Alternatively, you could query a PGP keyserver, but you will need to use one that can cope with subkeys containing photos. Many older key servers cannot do this. I use subkeys.pgp.net. I think that one works. See also the "Downloading" section of http://www.gnu.org/software/findutils/. I would like to thank Rob Holland of Inverse Path and the members of the bug-findutils mailing list for their help in preparing this release. * Major changes in release 4.3.7 ** Functional changes Locate can now read old-format locate databases generated on machines with a different byte order. It does this by guessing the byte order, so the result is not completely reliable. If you need to share databases between machines of different architectures, you should use the LOCATE02 format (which has other advantages, as explained in the documentation). ** Security Fixes #20014: Findutils-4.3.7 includes a patch for a potential security problem in locate. When locate read an old-format database, it read file names into a fixed-length buffer allocated on the heap without checking for overflow. Although overflowing a heap buffer is often somewhat safer than overflowing a buffer on the stack, this bug still has potential security implications. This bug also affected the following previous findutils releases: - All releases prior to 4.2.31 - Findutils 4.3.0 to 4.3.6. This bug has been assigned CVE number CVE-2007-2452. ** Bug Fixes #20128: Fix compilation error of find/tree.c on AIX with GCC. #20005: Tests -mtime -n and -mtime +n incorrectly treated like -mtime n. #19983: include_next causes compilation failure in findutils 4.3.6 on non-GCC compilers #19981: Don't call setgroups if the function isn't available. This fixes Savannah bug# 19981. #19980: Don't use the functions putw() or getw() since these are not in current POSIX. Use the gnulib version of wcwidth() where the system does not provide it. #19979: Compilation errors on BeOS #19970: Cannot cast from pointer to bool using gnulib's <stdbool.h> #19967: Use of __attribute((__noreturn__)) makes compilation fail with some non-GCC compilers #19966: find should link against -lm for modf() and fabs() #19965: Compilation failure on OSF/1 4.0; non-declaration of uintmax_t #19948: Assertion failure O_NOFOLLOW != 0 on IRIX 6.5 #19871: Typos in find.1 #19596: Fixed this bug again, this time in the Texinfo manual (the discussion should compare %b with %s/512, not %s/1024). #19416: _FORTIFY_SOURCE warn_unused_result warnings -- James Youngman <[EMAIL PROTECTED]> GNU findutils maintainer _______________________________________________ Bug-findutils mailing list [email protected] http://lists.gnu.org/mailman/listinfo/bug-findutils
