Hello community, here is the log from the commit of package gzip checked in at Thu Dec 7 20:24:17 CET 2006. -------- --- gzip/gzip.changes 2006-12-04 13:09:22.000000000 +0100 +++ /mounts/work_src_done/STABLE/gzip/gzip.changes 2006-12-07 11:19:59.000000000 +0100 @@ -1,0 +2,24 @@ +Thu Dec 7 11:19:36 CET 2006 - schwab@suse.de + +- Update to gzip 1.3.7. + * Fix some gzip problems: + - Refuse to compress setuid or setgid files, or files with the sticky bit. + - Fix more race conditions in setting file permissions and owner, + removing output files, following symbolic links, and dealing with + special files. + - Remove most of the code working around ENAMETOOLONG deficiencies. + Systems with those deficiencies are long-dead, and the workarounds + had race conditions on modern hosts. + - Catch CPU time and file size limit signals, too. + - Check for read errors when closing files. + - Fix a core dump caused by a stray abort mistakenly introduced in 1.3.6. + * Fix some gzexe problems: + - Improve resistance to denial-of-service attacks. + - Fix some quoting and escaping bugs. + - Do not assume /tmp is sticky (though it should be!). + - Do not assume the working directory can be written. + - Rely on PATH in the generated executable, as the man page says. + - Don't assume IFS is sane. + - Exit with signal's status, if signaled. + +------------------------------------------------------------------- Old: ---- gzip-1.3.6.tar.gz New: ---- gzip-1.3.7.tar.gz ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ gzip.spec ++++++ --- /var/tmp/diff_new_pack.K6CN4j/_old 2006-12-07 20:23:51.000000000 +0100 +++ /var/tmp/diff_new_pack.K6CN4j/_new 2006-12-07 20:23:51.000000000 +0100 @@ -1,5 +1,5 @@ # -# spec file for package gzip (Version 1.3.6) +# spec file for package gzip (Version 1.3.7) # # Copyright (c) 2006 SUSE LINUX Products GmbH, Nuernberg, Germany. # This file and all modifications and additions to the pristine @@ -17,7 +17,7 @@ Group: Productivity/Archiving/Compression Autoreqprov: on PreReq: %{install_info_prereq} -Version: 1.3.6 +Version: 1.3.7 Release: 1 Summary: GNU Zip Compression Utilities Source: %{name}-%{version}.tar.gz @@ -111,6 +111,27 @@ %install_info_delete --info-dir=%{_infodir} %{_infodir}/%{name}.info.gz %changelog -n gzip +* Thu Dec 07 2006 - schwab@suse.de +- Update to gzip 1.3.7. + * Fix some gzip problems: + - Refuse to compress setuid or setgid files, or files with the sticky bit. + - Fix more race conditions in setting file permissions and owner, + removing output files, following symbolic links, and dealing with + special files. + - Remove most of the code working around ENAMETOOLONG deficiencies. + Systems with those deficiencies are long-dead, and the workarounds + had race conditions on modern hosts. + - Catch CPU time and file size limit signals, too. + - Check for read errors when closing files. + - Fix a core dump caused by a stray abort mistakenly introduced in 1.3.6. + * Fix some gzexe problems: + - Improve resistance to denial-of-service attacks. + - Fix some quoting and escaping bugs. + - Do not assume /tmp is sticky (though it should be!). + - Do not assume the working directory can be written. + - Rely on PATH in the generated executable, as the man page says. + - Don't assume IFS is sane. + - Exit with signal's status, if signaled. * Mon Dec 04 2006 - schwab@suse.de - Update to gzip 1.3.6. * Fix some race conditions in setting file time stamps, permissions, and owner. ++++++ gzip-1.3.6.tar.gz -> gzip-1.3.7.tar.gz ++++++ ++++ 18814 lines of diff (skipped) ++++++ tempfile.diff ++++++ --- /var/tmp/diff_new_pack.K6CN4j/_old 2006-12-07 20:23:51.000000000 +0100 +++ /var/tmp/diff_new_pack.K6CN4j/_new 2006-12-07 20:23:51.000000000 +0100 @@ -1,26 +1,3 @@ ---- gzexe.in -+++ gzexe.in -@@ -67,7 +67,10 @@ - esac - done - --tmp=gz$$ -+tmp=`mktemp /tmp/gz.XXXXXX` || { -+ echo 'cannot create temporary file' >&2 -+ exit 1 -+} - trap "rm -f $tmp; exit 1" 1 2 3 5 10 13 15 - - set -C -@@ -137,6 +140,8 @@ - umask 77 - if (tempfile --version) >/dev/null 2>&1 - then gztmp=`tempfile -p gztmp` || exit -+elif (mktemp -V) >/dev/null 2>&1 -+then gztmp=`mktemp -t gztmp.XXXXXXXX` || exit - else gztmp=/tmp/gztmp$$ - fi - if tail +$skip "$0" | "BINDIR"/gzip -cd > "$gztmp"; then --- zdiff.in +++ zdiff.in @@ -59,12 +59,12 @@ ++++++ zgrep.diff ++++++ --- /var/tmp/diff_new_pack.K6CN4j/_old 2006-12-07 20:23:51.000000000 +0100 +++ /var/tmp/diff_new_pack.K6CN4j/_new 2006-12-07 20:23:51.000000000 +0100 @@ -40,11 +40,3 @@ if test $files_with_matches -eq 1; then $grep $opt "$pat" > /dev/null && printf '%s\n' "$i" elif test $files_without_matches -eq 1; then -@@ -116,6 +139,7 @@ - elif test $with_filename -eq 0 && { test $# -eq 1 || test $no_filename -eq 1; }; then - $grep $opt "$pat" - else -+ i=`printf '%s\n' "$i" | sed 's/[|&]/\\&/g'` - if test $with_filename -eq 1; then - sed_script="s|^[^:]*:|${i}:|" - else ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Remember to have fun... --------------------------------------------------------------------- To unsubscribe, e-mail: opensuse-commit+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-commit+help@opensuse.org