X-Git-Url: https://git.gag.com/?a=blobdiff_plain;f=NEWS;h=08665006ca4d11e3b39313eed201a78700cfb960;hb=4962e55522a41562a00e8a881ce7b2427564a6dd;hp=ec39a4cb45710bae7c2e82ffdb6cb9e1be97ab83;hpb=c2ebedad623c8d44b1660a6827edbba06df503b7;p=debian%2Fgzip diff --git a/NEWS b/NEWS index ec39a4c..0866500 100644 --- a/NEWS +++ b/NEWS @@ -4,8 +4,51 @@ GNU gzip NEWS -*- outline -*- ** Bug fixes + gzip -d now decodes and checks header CRC16 checksums as specified by + the FHCRC section of Internet RFC 1952. + + "gzip -d -S '' precious.gz" is now rejected immediately. Before, + that command would emulate "rm -i precious.gz", but with an easily- + misunderstood prompt. I.e., gzip would ask if it's ok to remove the + existing file, "precious.gz". If you made the mistake of saying "yes", + it would remove that input file before attempting to uncompress it. + + gzip -cdf now properly handles input consisting of gzip'd data followed + by uncompressed data. Before it would output raw compressed input, too. + For example, now "(printf x|gzip; echo y)|gzip -dcf" prints "xy\n", + while before it would print "xy\n". + + +* Noteworthy changes in release 1.4 (2010-01-20) [stable] + +** Bug fixes + + gzip -d could segfault and/or clobber the stack, possibly leading to + arbitrary code execution. This affects x86_64 but not 32-bit systems. + This fixes CVE-2010-0001. + For more details, see http://bugzilla.redhat.com/554418 + + gzip -d would fail with a CRC error for some valid inputs. + So far, the only valid input known to exhibit this failure was + compressed "from FAT filesystem (MS-DOS, OS/2, NT)". In addition, + to trigger the failure, your memcpy implementation must copy in + the "reverse" order. + + +* Noteworthy changes in release 1.3.14 (2009-10-30) [beta] + +** Bug fixes + + gzip no longer fails when there is exactly one trailing NUL byte + gzip has always accepted trailing NUL bytes. Note the plural. + + zdiff would exit with status 2 (indicating an error) rather than 1 to + indicate differences when both inputs were compressed and different. + zdiff would fail to print differences in two compressed inputs + zgrep -f - didn't work + * Noteworthy changes in release 1.3.13 (2009-09-30) [stable] @@ -359,7 +402,8 @@ Major changes form 0.5 to 0.6: ======================================================================== -Copyright (C) 1999, 2001-2002, 2006-2007, 2009 Free Software Foundation, Inc. +Copyright (C) 1999, 2001-2002, 2006-2007, 2009-2010 Free Software Foundation, +Inc. Copyright (C) 1992, 1993 Jean-loup Gailly Permission is granted to copy, distribute and/or modify this document