Script 'mail_helper' called by obssrc
Hello community,
here is the log from the commit of package gzip for openSUSE:Factory checked in
at 2022-04-11 23:46:33
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/gzip (Old)
and /work/SRC/openSUSE:Factory/.gzip.new.1900 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "gzip"
Mon Apr 11 23:46:33 2022 rev:60 rq:968010 version:1.12
Changes:
--------
--- /work/SRC/openSUSE:Factory/gzip/gzip.changes 2022-02-15
23:56:58.388161630 +0100
+++ /work/SRC/openSUSE:Factory/.gzip.new.1900/gzip.changes 2022-04-11
23:46:33.944906905 +0200
@@ -1,0 +2,21 @@
+Sat Apr 9 11:45:49 UTC 2022 - Dirk M??ller <dmuel...@suse.com>
+
+- update to 1.12 (CVE-2022-1271,bsc#1198062):
+ * 'gzip -l' no longer misreports file lengths 4 GiB and larger.
+ Previously, 'gzip -l' output the 32-bit value stored in the gzip
+ header even though that is the uncompressed length modulo 2**32.
+ Now, 'gzip -l' calculates the uncompressed length by decompressing
+ the data and counting the resulting bytes. Although this can take
+ much more time, nowadays the correctness pros seem to outweigh the
+ performance cons.
+ * 'zless' is no longer installed on platforms lacking 'less'.
+ * zgrep applied to a crafted file name with two or more newlines
+ can no longer overwrite an arbitrary, attacker-selected file.
+ [bug introduced in gzip-1.3.10]
+ * zgrep now names input file on error instead of mislabeling it as
+ "(standard input)", if grep supports the GNU -H and --label options.
+ * 'zdiff -C 5' no longer misbehaves by treating '5' as a file name.
+ * Configure-time options like --program-prefix now work.
+- refresh zdiff.diff, zgrep.diff, zmore.diff
+
+-------------------------------------------------------------------
Old:
----
gzip-1.11.tar.xz
gzip-1.11.tar.xz.sig
New:
----
gzip-1.12.tar.xz
gzip-1.12.tar.xz.sig
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ gzip.spec ++++++
--- /var/tmp/diff_new_pack.m1OKQq/_old 2022-04-11 23:46:35.588888113 +0200
+++ /var/tmp/diff_new_pack.m1OKQq/_new 2022-04-11 23:46:35.592888067 +0200
@@ -18,7 +18,7 @@
%define _buildshell /bin/bash
Name: gzip
-Version: 1.11
+Version: 1.12
Release: 0
Summary: GNU Zip Compression Utilities
License: GPL-3.0-or-later
++++++ gzip-1.11.tar.xz -> gzip-1.12.tar.xz ++++++
++++ 23655 lines of diff (skipped)
++++++ manpage-no-date.patch ++++++
--- /var/tmp/diff_new_pack.m1OKQq/_old 2022-04-11 23:46:36.024883129 +0200
+++ /var/tmp/diff_new_pack.m1OKQq/_new 2022-04-11 23:46:36.028883083 +0200
@@ -1,7 +1,7 @@
-Index: gzip-1.9/doc/gzip.texi
+Index: gzip-1.12/doc/gzip.texi
===================================================================
---- gzip-1.9.orig/doc/gzip.texi
-+++ gzip-1.9/doc/gzip.texi
+--- gzip-1.12.orig/doc/gzip.texi
++++ gzip-1.12/doc/gzip.texi
@@ -9,7 +9,7 @@
@c %**end of header
@copying
@@ -10,7 +10,7 @@
+(version @value{VERSION}),
and documents commands for compressing and decompressing data.
- Copyright @copyright{} 1998--1999, 2001--2002, 2006--2007, 2009--2021 Free
+ Copyright @copyright{} 1998--1999, 2001--2002, 2006--2007, 2009--2022 Free
@@ -47,7 +47,6 @@ Free Documentation License''.
@title GNU gzip
@subtitle The data compression program
++++++ non-exec-stack.diff ++++++
--- /var/tmp/diff_new_pack.m1OKQq/_old 2022-04-11 23:46:36.040882946 +0200
+++ /var/tmp/diff_new_pack.m1OKQq/_new 2022-04-11 23:46:36.044882900 +0200
@@ -2,7 +2,7 @@
===================================================================
--- lib/match.c.orig
+++ lib/match.c
-@@ -770,3 +770,4 @@ match_init:
+@@ -772,3 +772,4 @@ match_init:
# endif /* __ia64__ */
#endif /* mc68000 || mc68020 */
#endif /* i386 || _I386 */
++++++ xz_lzma.patch ++++++
--- /var/tmp/diff_new_pack.m1OKQq/_old 2022-04-11 23:46:36.052882809 +0200
+++ /var/tmp/diff_new_pack.m1OKQq/_new 2022-04-11 23:46:36.056882763 +0200
@@ -1,8 +1,8 @@
-Index: gzip-1.5/zgrep.1
+Index: gzip-1.12/zgrep.1
===================================================================
---- gzip-1.5.orig/zgrep.1
-+++ gzip-1.5/zgrep.1
-@@ -10,7 +10,7 @@ zgrep \- search possibly compressed file
+--- gzip-1.12.orig/zgrep.1
++++ gzip-1.12/zgrep.1
+@@ -11,7 +11,7 @@ The
.B zgrep
command invokes
.B grep
@@ -11,11 +11,11 @@
All options specified are passed directly to
.BR grep .
If no file is specified, then the standard input is decompressed
-Index: gzip-1.5/zgrep.in
+Index: gzip-1.12/zgrep.in
===================================================================
---- gzip-1.5.orig/zgrep.in
-+++ gzip-1.5/zgrep.in
-@@ -178,6 +178,12 @@ do
+--- gzip-1.12.orig/zgrep.in
++++ gzip-1.12/zgrep.in
+@@ -215,6 +215,12 @@ do
*.bz2)
uncompress=bzip2
;;
++++++ zdiff.diff ++++++
--- /var/tmp/diff_new_pack.m1OKQq/_old 2022-04-11 23:46:36.064882672 +0200
+++ /var/tmp/diff_new_pack.m1OKQq/_new 2022-04-11 23:46:36.068882626 +0200
@@ -1,18 +1,18 @@
Index: zdiff.in
===================================================================
---- zdiff.in.orig 2012-01-01 09:53:58.000000000 +0100
-+++ zdiff.in 2012-10-16 13:40:46.854905141 +0200
-@@ -105,9 +105,9 @@ elif test $# -eq 2; then
+--- zdiff.in.orig
++++ zdiff.in
+@@ -133,9 +133,9 @@ case $file2 in
5<&0
then
gzip_status=$(
- exec 4>&1
-- (gzip -cdfq -- "$1" 4>&-; echo $? >&4) 3>&- |
-- ( (gzip -cdfq -- "$2" 4>&-; echo $? >&4) 3>&-
5<&- </dev/null |
-+ exec 4>&1 6<&0
-+ (gzip -cdfq -- "$1" 4>&-; echo $? >&4) 3>&- 6<&- |
-+ ( (gzip -cdfq -- "$2" 4>&- 0<&6 6<&-; echo $? >&4)
3>&- 5<&- </dev/null |
+- ('gzip' -cdfq -- "$file1" 4>&-; echo $? >&4) 3>&- |
+- (('gzip' -cdfq -- "$file2" 4>&-
++ exec 4>&1 6<&0
++ ('gzip' -cdfq -- "$file1" 4>&-; echo $? >&4) 3>&-
6<&- |
++ (('gzip' -cdfq -- "$file2" 4>&- 0<&6 6<&-
+ echo $? >&4) 3>&- 5<&- </dev/null |
eval "$cmp" /dev/fd/5 - >&3) 5<&0
)
- cmp_status=$?
++++++ zgrep.diff ++++++
--- /var/tmp/diff_new_pack.m1OKQq/_old 2022-04-11 23:46:36.080882489 +0200
+++ /var/tmp/diff_new_pack.m1OKQq/_new 2022-04-11 23:46:36.084882443 +0200
@@ -1,12 +1,12 @@
Index: zgrep.in
===================================================================
---- zgrep.in.orig 2012-01-01 09:53:58.000000000 +0100
-+++ zgrep.in 2012-10-16 13:22:26.304769138 +0200
-@@ -174,10 +174,18 @@ res=0
+--- zgrep.in.orig
++++ zgrep.in
+@@ -211,10 +211,18 @@ res=1
for i
do
-+ case $i in
++ case "$i" in
+ *.bz2)
+ uncompress=bzip2
+ ;;
@@ -17,9 +17,9 @@
# Fail if gzip or grep (or sed) fails.
gzip_status=$(
exec 5>&1
-- (gzip -cdfq -- "$i" 5>&-; echo $? >&5) 3>&- |
+- ('gzip' -cdfq -- "$i" 5>&-; echo $? >&5) 3>&- |
+ ($uncompress -cdfq -- "$i" 5>&-; echo $? >&5) 3>&- |
if test $files_with_matches -eq 1; then
- eval "$grep" >/dev/null && { printf '%s\n' "$i" || exit 2; }
+ eval "$grep$args" >/dev/null && { printf '%s\n' "$i" || exit 2; }
elif test $files_without_matches -eq 1; then
++++++ zmore.diff ++++++
--- /var/tmp/diff_new_pack.m1OKQq/_old 2022-04-11 23:46:36.096882306 +0200
+++ /var/tmp/diff_new_pack.m1OKQq/_new 2022-04-11 23:46:36.100882260 +0200
@@ -2,11 +2,11 @@
zmore.in | 25 ++++++++++++++++++++++++-
1 file changed, 24 insertions(+), 1 deletion(-)
-Index: gzip-1.6/zmore.in
+Index: gzip-1.12/zmore.in
===================================================================
---- gzip-1.6.orig/zmore.in
-+++ gzip-1.6/zmore.in
-@@ -44,6 +44,29 @@ case $1 in
+--- gzip-1.12.orig/zmore.in
++++ gzip-1.12/zmore.in
+@@ -38,6 +38,29 @@ case $1 in
exit 1;;
esac
@@ -36,10 +36,10 @@
if test $# = 0; then
if test -t 0; then
printf >&2 '%s\n' "$0: missing operands; try '$0 --help' for help"
-@@ -57,4 +80,4 @@ do
+@@ -51,4 +74,4 @@ do
test $# -lt 2 ||
printf '::::::::::::::\n%s\n::::::::::::::\n' "$FILE" || break
- gzip -cdfq -- "$FILE"
+ 'gzip' -cdfq -- "$FILE"
-done 2>&1 | eval ${PAGER-more}
+done 2>&1 | pager
