X-Git-Url: https://git.gag.com/?p=debian%2Fgzip;a=blobdiff_plain;f=NEWS;h=72b41099737e6789511da63052a28807c7568953;hp=6fff8ac4efffb7a5105e41e257ff4867c582af00;hb=659cae49714b93487242525dfa0e5737463d78d8;hpb=db00b4e39677b0dbf3ea6f7694e0eac7be4ef141 diff --git a/NEWS b/NEWS index 6fff8ac..72b4109 100644 --- a/NEWS +++ b/NEWS @@ -1,5 +1,280 @@ -Current Version: 1.3.5. -See the file ChangeLog for the details of all changes. +GNU gzip NEWS -*- outline -*- + +* Noteworthy changes in release 1.10 (2018-12-29) [stable] + +** Changes in behavior + + Compressed gzip output no longer contains the current time as a + timestamp when the input is not a regular file. Instead, the output + contains a null (zero) timestamp. This makes gzip's behavior more + reproducible when used as part of a pipeline. (As a reminder, even + regular files will use null timestamps after the year 2106, due to a + limitation in the gzip format.) + +** Bug fixes + + A use of uninitialized memory on some malformed inputs has been fixed. + [bug present since the beginning] + + A few theoretical race conditions in signal handers have been fixed. + These bugs most likely do not happen on practical platforms. + [bugs present since the beginning] + + +* Noteworthy changes in release 1.9 (2018-01-07) [stable] + +** Bug fixes + + gzip -d -S SUFFIX file.SUFFIX would fail for any upper-case byte in SUFFIX. + E.g., before, this command would fail: + $ :|gzip > kT && gzip -d -S T kT + gzip: kT: unknown suffix -- ignored + [bug present since the beginning] + + When decompressing data in 'pack' format, gzip no longer mishandles + leading zeros in the end-of-block code. [bug introduced in gzip-1.6] + + When converting from system-dependent time_t format to the 32-bit + unsigned MTIME format used in gzip files, if a timestamp does not + fit gzip now substitutes zero instead of the timestamp's low-order + 32 bits, as per Internet RFC 1952. When converting from MTIME to + time_t format, if a timestamp does not fit gzip now warns and + substitutes the nearest in-range value instead of crashing or + silently substituting an implementation-defined value (typically, + the timestamp's low-order bits). This affects timestamps before + 1970 and after 2106, and timestamps after 2038 on platforms with + 32-bit signed time_t. [bug present since the beginning] + + Commands implemented via shell scripts are now more consistent about + failure status. For example, 'gunzip --help >/dev/full' now + consistently exits with status 1 (error), instead of with status 2 + (warning) on some platforms. [bug present since the beginning] + + Support for VMS and Amiga has been removed. It was not working anyway, + and it reportedly caused file name glitches on MS-Windowsish platforms. + + +* Noteworthy changes in release 1.8 (2016-04-26) [stable] + +** Bug fixes + + gzip -l no longer falsely reports a write error when writing to a pipe. + [bug introduced in gzip-1.7] + + Port to Oracle Solaris Studio 12 on x86-64. + [bug present since at least gzip-1.2.4] + + When configuring gzip, ./configure DEFS='...-DNO_ASM...' now + suppresses assembler again. [bug introduced in gzip-1.3.5] + + +* Noteworthy changes in release 1.7 (2016-03-27) [stable] + +** Changes in behavior + + The GZIP environment variable is now obsolescent; gzip now warns if + it is used, and rejects attempts to use dangerous options or operands. + You can use an alias or script instead. + + Installed programs like 'zgrep' now use the PATH environment variable + as usual to find subsidiary programs like 'gzip' and 'grep'. + Previously they prepended the installation directory to the PATH, + which sometimes caused 'make check' to test the wrong gzip executable. + [bug introduced in gzip-1.3.13] + +** New features + + gzip now accepts the --synchronous option, which causes it to use + fsync and similar primitives to transfer output data to the output + file's storage device when the file system supports this. Although + this option makes gzip safer in the presence of system crashes, it + can make gzip considerably slower. + + gzip now accepts the --rsyncable option. This option is accepted in + all modes, but has effect only when compressing: it makes the resulting + output more amenable to efficient use of rsync. For example, when a + large input file gets a small change, a gzip --rsyncable image of + that file will remain largely unchanged, too. Without --rsyncable, + even a tiny change in the input could result in a totally different + gzip-compressed output file. + +** Bug fixes + + gzip -k -v no longer reports that files are replaced. + [bug present since the beginning] + + zgrep -f A B C no longer reads A more than once if A is not a regular file. + This better supports invocations like 'zgrep -f <(COMMAND) B C' in Bash. + [bug introduced in gzip-1.2] + + +* Noteworthy changes in release 1.6 (2013-06-09) [stable] + +** New features + + gzip now accepts the --keep (-k) option, for consistency with tools + like xz, lzip and bzip2. With this option, gzip no longer removes + named input files when compressing or decompressing. + +** Bug fixes + + gzip -d no longer malfunctions with certain invalid data in 'pack' format. + [bug introduced in gzip-0.8] + + When overwriting, gzip no longer acts as if you typed "y" when you type "n", + on some platforms when compiled with optimization. + [bug introduced in gzip-1.3.6] + + zgrep no longer malfunctions with a multi-digit context option like -15. + Now, it passes that option to grep (equivalent to -C15) just as it does + for single-digit options. [bug introduced in gzip-1.3.12] + + zmore now acts more like 'more', and is more portable to POSIXish hosts. + + +* Noteworthy changes in release 1.5 (2012-06-17) [stable] + +** Bug fixes + + gzip -d now decodes and checks header CRC16 checksums as specified by + the FHCRC section of Internet RFC 1952. + + "gzip -d -S '' precious.gz" is now rejected immediately. Before, + that command would emulate "rm -i precious.gz", but with an easily- + misunderstood prompt. I.e., gzip would ask if it's ok to remove the + existing file, "precious.gz". If you made the mistake of saying "yes", + it would remove that input file before attempting to uncompress it. + + gzip -cdf now properly handles input consisting of gzip'd data followed + by uncompressed data. Before it would output raw compressed input, too. + For example, now "(printf x|gzip; echo y)|gzip -dcf" prints "xy\n", + while before it would print "xy\n". + + gzip -rf no longer compresses files more than once (e.g., replacing + FOO with FOO.gz.gz) on file systems such as ZFS where a readdir + loop that unlinks and creates files can revisit output files. + + +* Noteworthy changes in release 1.4 (2010-01-20) [stable] + +** Bug fixes + + gzip -d could segfault and/or clobber the stack, possibly leading to + arbitrary code execution. This affects x86_64 but not 32-bit systems. + This fixes CVE-2010-0001. + For more details, see https://bugzilla.redhat.com/554418 + + gzip -d would fail with a CRC error for some valid inputs. + So far, the only valid input known to exhibit this failure was + compressed "from FAT filesystem (MS-DOS, OS/2, NT)". In addition, + to trigger the failure, your memcpy implementation must copy in + the "reverse" order. + + +* Noteworthy changes in release 1.3.14 (2009-10-30) [beta] + +** Bug fixes + + gzip no longer fails when there is exactly one trailing NUL byte + gzip has always accepted trailing NUL bytes. Note the plural. + + zdiff would exit with status 2 (indicating an error) rather than 1 to + indicate differences when both inputs were compressed and different. + + zdiff would fail to print differences in two compressed inputs + + zgrep -f - didn't work + + +* Noteworthy changes in release 1.3.13 (2009-09-30) [stable] + +** 'gzip -f foo.gz' now creates a file foo.gz.gz instead of complaining. + +** Bug fixes + + gzip -d no longer fails with "-" as 2nd or subsequent argument + + gzip no longer ignores a close-induced write failure, e.g., on NFS + + gzip -d no longer segfaults on certain invalid inputs + + +Major changes in Gzip 1.3.12 (2007-04-13) + +* znew now uses $TMPDIR (default /tmp) instead of always using /tmp. + +* It is now documented that gzip ignores case when examining file name + extensions; for example, 'gzip test.Gz' (without -f) fails because + the file name ends in '.Gz'. + +Major changes in Gzip 1.3.11 (2007-02-05) + +* As per the GNU coding standards, the behavior of gzip and its + companion executables no longer depend on the name used to invoke them. + For example, 'gzip' and 'gunzip' are no longer hard links; + instead, 'gunzip' is now a small program that invokes 'gzip -d'. + +* zdiff now checks for subsidiary gzip failures, and works around + bugs in IRIX 6 sh, Tru64 4.0F ksh, and Solaris 8 bash. + +Major changes in Gzip 1.3.10 (2006-12-30) + +* gzip -c and zcat now work on special files, files with special mode bits, + and files with multiple hard links. +* gzip -q now exits with status 2 (not 1) when SIGPIPE is received. +* zcmp and zdiff did not work in the usual case, due to a typo. +* zgrep has many bugs fixed with argument handling, special characters, + and exit status. +* zless no longer mishandles $%=~ in file names. + +Gzip 1.3.9 (2006-12-15) + +* No major changes; only porting fixes. + +Major changes in Gzip 1.3.8 (2006-12-08) + +* Fix some gzip problems: + - A security fix from Debian 1.3.5-5 was inadvertently omitted. + - The assembler is now invoked with --noexecstack if supported, + so that gzip can better resist stack-smashing attacks. + +Major changes in Gzip 1.3.7 (2006-12-06) + +* Fix some gzip problems: + - Refuse to compress setuid or setgid files, or files with the sticky bit. + - Fix more race conditions in setting file permissions and owner, + removing output files, following symbolic links, and dealing with + special files. + - Remove most of the code working around ENAMETOOLONG deficiencies. + Systems with those deficiencies are long-dead, and the workarounds + had race conditions on modern hosts. + - Catch CPU time and file size limit signals, too. + - Check for read errors when closing files. + - Fix a core dump caused by a stray abort mistakenly introduced in 1.3.6. +* Fix some gzexe problems: + - Improve resistance to denial-of-service attacks. + - Fix some quoting and escaping bugs. + - Do not assume /tmp is sticky (though it should be!). + - Do not assume the working directory can be written. + - Rely on PATH in the generated executable, as the man page says. + - Don't assume IFS is sane. + - Exit with signal's status, if signaled. + +Major changes in Gzip 1.3.6 (2006-11-20) + +* Fix some race conditions in setting file timestamps, permissions, and owner. +* Fix some race conditions in signal handling. +* When gzip exits due to a signal, it exits with the signal's status, not 1. +* gzip now restores file timestamps to the resolution supported by the + time-setting primitives of the operating system, typically 1 microsecond. + Formerly it restored them only to the nearest second. +* gzip -r no longer attempts to reset the last-access times of directories + it reads, as this messes up when other processes are reading the directories. +* The options --version and --help now work on all gzip-installed executables, + and now use a format similar to other GNU programs. +* The manual is now distributed under the terms of the GNU Free + Documentation License without invariant sections or cover texts. +* Port to current versions of Autoconf, Automake, and Gnulib. Major changes from 1.3.4 to 1.3.5 * gzip now removes any output symlink before writing output file. @@ -90,7 +365,7 @@ Major changes from 1.1.2 to 1.2 * With --force, let zcat pass non gzip'ed data unchanged (zcat == cat) * Added the zgrep shell script. * Made sub.c useful for 16 bit sound, 24 bit images, etc.. -* Supress warnings about suffix for gunzip -r, except with --verbose. +* Suppress warnings about suffix for gunzip -r, except with --verbose. * On MSDOS, use .gz extension when possible (files without extension) * Moved the sample programs to a subdirectory sample. * Added a "Special targets" section in INSTALL. @@ -123,7 +398,7 @@ Major changes from 1.0.7 to 1.1. * Added comparison of zip and gzip in the readme file. * Added small sample programs (ztouch, sub, add) * Use less memory when compiled with -DSMALL_MEM (for MSDOS). -* Remove the "off by more than one minute" time stamp kludge +* Remove the "off by more than one minute" timestamp kludge Major changes from 1.0.6 to 1.0.7. * Allow zmore to read from standard input (like more). @@ -170,7 +445,7 @@ Major changes from 1.0.4 to 1.0.5. Major changes from 1.0.3 to 1.0.4. * Added optimized asm version for 68020. * Add support for DJGPP. - + * Add support for the Atari ST. * Added zforce to rename gzip'ed files with truncated names. * Do not install with name uncompress (some systems rely on the @@ -202,7 +477,7 @@ Major changes from 1.0.1 to 1.0.2 on such systems. * Added gzexe to compress rarely used executables. * Reduce memory usage (required for MSDOS and useful on all systems). -* Preserve time stamp in znew -P (pipe option) if touch -r works. +* Preserve timestamp in znew -P (pipe option) if touch -r works. Major changes from 1.0 to 1.0.1 @@ -243,7 +518,7 @@ Major changes from 0.7 to 0.8: Major changes from 0.6 to 0.7: * Use "make check" instead of "make test". -* Keep time stamp and pass options to gzip in znew. +* Keep timestamp and pass options to gzip in znew. * Do not create .z.z files with gzip -r. * Allow again gunzip .zip files (was working in 0.5) * Allow again compilation with TurboC 2.0 (was working in 0.4) @@ -260,24 +535,16 @@ Major changes form 0.5 to 0.6: * Accept gzcat in addition to zcat for people having /usr/bin before /usr/local/bin in their path. - - -Copyright (C) 1999, 2001, 2002 Free Software Foundation, Inc. -Copyright (C) 1992, 1993 Jean-loup Gailly -This file is part of GNU tar. +======================================================================== -GNU tar is free software; you can redistribute it and/or modify -it under the terms of the GNU General Public License as published by -the Free Software Foundation; either version 2, or (at your option) -any later version. - -GNU tar is distributed in the hope that it will be useful, -but WITHOUT ANY WARRANTY; without even the implied warranty of -MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -GNU General Public License for more details. +Copyright (C) 1999, 2001-2002, 2006-2007, 2009-2018 Free Software Foundation, +Inc. +Copyright (C) 1992, 1993 Jean-loup Gailly -You should have received a copy of the GNU General Public License -along with tar; see the file COPYING. If not, write to -the Free Software Foundation, Inc., 59 Temple Place - Suite 330, -Boston, MA 02111-1307, USA. +Permission is granted to copy, distribute and/or modify this document +under the terms of the GNU Free Documentation License, Version 1.3 or +any later version published by the Free Software Foundation; with no +Invariant Sections, with no Front-Cover Texts, and with no Back-Cover +Texts. A copy of the license is included in the ``GNU Free +Documentation License'' file as part of this distribution.