X-Git-Url: https://git.cworth.org/git?a=blobdiff_plain;f=debian%2Fchangelog;h=52d6a13cc7fa5870b0df1fa2e84d87ac2dd342ea;hb=8ba3484138b5d1e72fd4ef49d27159263cb6bea6;hp=5c60f4999fe406e14206a4d6b3821fb1003f3865;hpb=8f94ab178da95f87bd131b8faaec313a5d9d672f;p=gzip diff --git a/debian/changelog b/debian/changelog index 5c60f49..52d6a13 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,27 +1,126 @@ -gzip (1.3.2-3woody3) stable-security; urgency=high +gzip (1.3.5-10sarge2) stable-security; urgency=high - * Non-maintainer upload by the Security Team - * Revert patches for zdiff and znew since the use of 'set -C' should - indeed be sufficient. + * Non-maintainer upload by the Security Team: + * Fix several security problems discovered by Tavis Ormandy of Google: + - DoS through null pointer deference in the Huffman code (CVE-2006-4334) + - Out-of-bands stack write in LZH decompression code (CVE-2006-4335) + - Buffer overflow in pack code (CVE-2006-4336) + - Buffer overflow in LZH code (CVE-2006-4337) + - DoS through an infinite loop in LZH code (CVE-2006-4337) + (Patch by Thomas Biege of SuSe) - -- Martin Schulze Thu, 4 Nov 2004 12:55:03 +0100 + -- Moritz Muehlenhoff Sun, 10 Sep 2006 21:01:47 +0000 -gzip (1.3.2-3woody2) stable-security; urgency=high +gzip (1.3.5-10sarge1) stable; urgency=low - * Non-maintainer upload by the Security Team - * Applied Trustix patch to correct insecure temporary file use in zdiff - and znew [zdiff.in, znew.in, CAN-2004-0970, Bugtraq Id 11288] + * merge patch from Matt Zimmerman for futex hang due to improper signal + handling, closes: #310053, #315612 + * backport to stable since this problem affects several debian.org servers - -- Martin Schulze Sun, 31 Oct 2004 20:02:13 +0100 + -- Bdale Garbee Tue, 8 Nov 2005 22:25:19 -0700 -gzip (1.3.2-3woody1) stable-security; urgency=high +gzip (1.3.5-10) unstable; urgency=medium - * Non-maintainer upload by the Security Team - * Fix multiple instances of insecure temporary files - - gzexe.in (CVE-1999-1332), which became un-fixed sometime since potato - - znew (CAN-2003-0367) + * remove PAGER reference from zmore.1, closes: #263792 + * patch to improve zgrep argument sanitizing (CAN-2005-0758), + closes: #308379 + * patch isolated by Petter Reinholdtsen for CAN-2005-0988, closes: #303927 + * patch for dir traversal bug (CAN-2005-1228), closes: #305255 + * up the priority a click because of the security fixes + * patch to support cross building, closes: #283730 - -- Matt Zimmerman Sat, 31 May 2003 17:41:06 -0400 + -- Bdale Garbee Fri, 20 May 2005 22:34:49 -0600 + +gzip (1.3.5-9) unstable; urgency=low + + * eliminate the autoconf and automake build dependencies, since they are + no longer needed, closes: #250766 + * improve temp file usage in gzexe, closes: #257314, #259043 + * have zmore use 'more' instead of honoring $PAGER, to avoid violating + the principle of least astonishment, closes: #234212 + * fix zgrep choke on filenames including a pipe character, closes: #216211 + * incorporate watch file, closes: #248722 + * suggest less, since we provide zless, closes: #217925 + * use signames instead of signumbers for trap calls, closes: #259284 + + -- Bdale Garbee Sat, 24 Jul 2004 01:23:03 -0600 + +gzip (1.3.5-8) unstable; urgency=low + + * run autoreconf -i to address problem reported with dir.old.gz being + included on rebuilds, closes: #249519 + * change automake build dependency from automake1.7 to automaken + * add lintian overrides to squelch the hardlink warnings + * fix typo in inflate.c comments, closes: #201881 + + -- Bdale Garbee Sun, 23 May 2004 01:07:03 -0600 + +gzip (1.3.5-7) unstable; urgency=low + + * patch from David Mosberger to incorporate work done by Sverre Jarp on + an ia64 version of match.c content. + + -- Bdale Garbee Thu, 10 Jul 2003 08:45:27 -0600 + +gzip (1.3.5-6) unstable; urgency=medium + + * patch for insecure temp file usage in znew, closes: #193375 + + -- Bdale Garbee Sat, 7 Jun 2003 09:05:11 -0600 + +gzip (1.3.5-5) unstable; urgency=low + + * apply patch from Anthony Towns that fixes seg faults on alpha during + build of Xfree86 at the expense of slightly decreasing the effectiveness + of the deflate implementation. closes: #184057, #187417 + + -- Bdale Garbee Wed, 16 Apr 2003 11:24:23 -0600 + +gzip (1.3.5-4) unstable; urgency=low + + * merge patch from Rusty Russell that adds --rsyncable option to gzip. + This modifies the output stream to allow rsync to transfer updated .gz + files much more effectively. The resulting .gz files should be compatible + with the existing gunzip. The plan is that if this works out well for + Debian, the functionality will be included in a future upstream gzip + release. Closes: #116183, #118118, #134741 + + -- Bdale Garbee Thu, 13 Feb 2003 23:50:23 -0700 + +gzip (1.3.5-3) unstable; urgency=low + + * upload a fresh version so m68k, et al, will rebuild, closes: #167790 + + -- Bdale Garbee Wed, 6 Nov 2002 16:13:42 -0700 + +gzip (1.3.5-2) unstable; urgency=low + + * fix gzexe.in again as per what I did for 1.3.2-3 that accidentally got + lost when I merged 1.3.5 from upstream... sigh. Closes: #167150 + * hack on gzip.texi a little harder to squelch warning at install time from + Debian's install-info, closes: #164106 + + -- Bdale Garbee Wed, 30 Oct 2002 20:21:42 -0700 + +gzip (1.3.5-1) unstable; urgency=low + + * new upstream version + * fixes a bug in the incorrect-suffix diagnostic, which can lead to a + core dump, closes: #152579 + * removes dangling output symlinks properly, closes: #144759 + * zless no longer thinks it is zmore in usage message, closes: #121810 + * zless replaced with a much simpler script, closes: #124097 + * uses shell pattern matching instead of 'expr', closes: #123295 + * man page suggests how to use gunzip on zip files, closes: #146019 + * uses "trap -" to avoid bashism, closes: #140972, #157111 + * accepts __i386 and __i386__ as synonyms for i386, closes: #152694 + * fixes printing values greater than 10 * 2**32 bytes, closes: #141189 + * includes fix for zforce needing -v, closes: #123294 + * hack gzip.texi so that the Debian install-info doesn't choke on it (grrr), + and add texinfo as a build dependency + * eliminate things hard-coded in postinst and prerm now handled by debhelper + + -- Bdale Garbee Wed, 9 Oct 2002 09:05:27 -0600 gzip (1.3.2-3) unstable; urgency=low