Imported Debian patch 1.3.5-10sarge2

[gzip] / debian / changelog

gzip (1.3.5-10sarge2) stable-security; urgency=high

  * Non-maintainer upload by the Security Team:
  * Fix several security problems discovered by Tavis Ormandy of Google:
    - DoS through null pointer deference in the Huffman code (CVE-2006-4334)
    - Out-of-bands stack write in LZH decompression code (CVE-2006-4335)
    - Buffer overflow in pack code (CVE-2006-4336)
    - Buffer overflow in LZH code (CVE-2006-4337)
    - DoS through an infinite loop in LZH code (CVE-2006-4337)
    (Patch by Thomas Biege of SuSe)

 -- Moritz Muehlenhoff <jmm@debian.org>  Sun, 10 Sep 2006 21:01:47 +0000

gzip (1.3.5-10sarge1) stable; urgency=low

  * merge patch from Matt Zimmerman for futex hang due to improper signal
    handling, closes: #310053, #315612
  * backport to stable since this problem affects several debian.org servers

 -- Bdale Garbee <bdale@gag.com>  Tue,  8 Nov 2005 22:25:19 -0700

gzip (1.3.5-10) unstable; urgency=medium

  * remove PAGER reference from zmore.1, closes: #263792
  * patch to improve zgrep argument sanitizing (CAN-2005-0758),
    closes: #308379
  * patch isolated by Petter Reinholdtsen for CAN-2005-0988, closes: #303927
  * patch for dir traversal bug (CAN-2005-1228), closes: #305255
  * up the priority a click because of the security fixes
  * patch to support cross building, closes: #283730

 -- Bdale Garbee <bdale@gag.com>  Fri, 20 May 2005 22:34:49 -0600

gzip (1.3.5-9) unstable; urgency=low

  * eliminate the autoconf and automake build dependencies, since they are
    no longer needed, closes: #250766
  * improve temp file usage in gzexe, closes: #257314, #259043
  * have zmore use 'more' instead of honoring $PAGER, to avoid violating 
    the principle of least astonishment, closes: #234212
  * fix zgrep choke on filenames including a pipe character, closes: #216211
  * incorporate watch file, closes: #248722
  * suggest less, since we provide zless, closes: #217925
  * use signames instead of signumbers for trap calls, closes: #259284

 -- Bdale Garbee <bdale@gag.com>  Sat, 24 Jul 2004 01:23:03 -0600

gzip (1.3.5-8) unstable; urgency=low

  * run autoreconf -i to address problem reported with dir.old.gz being
    included on rebuilds, closes: #249519
  * change automake build dependency from automake1.7 to automaken
  * add lintian overrides to squelch the hardlink warnings
  * fix typo in inflate.c comments, closes: #201881

 -- Bdale Garbee <bdale@gag.com>  Sun, 23 May 2004 01:07:03 -0600

gzip (1.3.5-7) unstable; urgency=low

  * patch from David Mosberger to incorporate work done by Sverre Jarp on
    an ia64 version of match.c content.

 -- Bdale Garbee <bdale@gag.com>  Thu, 10 Jul 2003 08:45:27 -0600

gzip (1.3.5-6) unstable; urgency=medium

  * patch for insecure temp file usage in znew, closes: #193375

 -- Bdale Garbee <bdale@gag.com>  Sat,  7 Jun 2003 09:05:11 -0600

gzip (1.3.5-5) unstable; urgency=low

  * apply patch from Anthony Towns that fixes seg faults on alpha during
    build of Xfree86 at the expense of slightly decreasing the effectiveness
    of the deflate implementation.  closes: #184057, #187417

 -- Bdale Garbee <bdale@gag.com>  Wed, 16 Apr 2003 11:24:23 -0600

gzip (1.3.5-4) unstable; urgency=low

  * merge patch from Rusty Russell that adds --rsyncable option to gzip.  
    This modifies the output stream to allow rsync to transfer updated .gz 
    files much more effectively.  The resulting .gz files should be compatible
    with the existing gunzip.  The plan is that if this works out well for 
    Debian, the functionality will be included in a future upstream gzip 
    release.  Closes: #116183, #118118, #134741

 -- Bdale Garbee <bdale@gag.com>  Thu, 13 Feb 2003 23:50:23 -0700

gzip (1.3.5-3) unstable; urgency=low

  * upload a fresh version so m68k, et al, will rebuild, closes: #167790

 -- Bdale Garbee <bdale@gag.com>  Wed,  6 Nov 2002 16:13:42 -0700

gzip (1.3.5-2) unstable; urgency=low

  * fix gzexe.in again as per what I did for 1.3.2-3 that accidentally got
    lost when I merged 1.3.5 from upstream... sigh.  Closes: #167150
  * hack on gzip.texi a little harder to squelch warning at install time from
    Debian's install-info, closes: #164106

 -- Bdale Garbee <bdale@gag.com>  Wed, 30 Oct 2002 20:21:42 -0700

gzip (1.3.5-1) unstable; urgency=low

  * new upstream version
  * fixes a bug in the incorrect-suffix diagnostic, which can lead to a 
    core dump, closes: #152579
  * removes dangling output symlinks properly, closes: #144759
  * zless no longer thinks it is zmore in usage message, closes: #121810
  * zless replaced with a much simpler script, closes: #124097
  * uses shell pattern matching instead of 'expr', closes: #123295
  * man page suggests how to use gunzip on zip files, closes: #146019
  * uses "trap -" to avoid bashism, closes: #140972, #157111
  * accepts __i386 and __i386__ as synonyms for i386, closes: #152694
  * fixes printing values greater than 10 * 2**32 bytes, closes: #141189
  * includes fix for zforce needing -v, closes: #123294
  * hack gzip.texi so that the Debian install-info doesn't choke on it (grrr),
    and add texinfo as a build dependency
  * eliminate things hard-coded in postinst and prerm now handled by debhelper

 -- Bdale Garbee <bdale@gag.com>  Wed,  9 Oct 2002 09:05:27 -0600

gzip (1.3.2-3) unstable; urgency=low

  * modify gzexe.in to hard-code /bin/gzip instead of trying to use BINDIR
    which yields /usr/bin/gzip.  Don't use PATH since we have no idea what it
    might be when the gzexe'd executable gets run.  Closes: #119641

 -- Bdale Garbee <bdale@gag.com>  Wed, 14 Nov 2001 23:00:59 -0700

gzip (1.3.2-2) unstable; urgency=low

  * fix silly mistake made when moving man pages from hard to soft links, so
    man pages for zegrep, zfgrep, and uncompress work again, closes: #118325

 -- Bdale Garbee <bdale@gag.com>  Mon,  5 Nov 2001 00:53:40 -0700

gzip (1.3.2-1) unstable; urgency=low

  * new upstream release, incorporating my diffs to 1.3.1

 -- Bdale Garbee <bdale@gag.com>  Sun,  4 Nov 2001 09:47:40 -0700

gzip (1.3.1-2) unstable; urgency=low

  * add build dependencies on autoconf and automake
  * fix infodir spec so we install in the build tree, not the system directory

 -- Bdale Garbee <bdale@gag.com>  Sat,  3 Nov 2001 02:18:06 -0700

gzip (1.3.1-1) unstable; urgency=low

  * new upstream version!  From alpha.gnu.org, on the explicit advice of the 
    current upstream maintainers, who are working with Debian to prepare a new
    stable release that addresses many of the open issues in our BTS.  
    .
    large file support handled in configure, closes: #108612, #83061, #113000
    it appears the subtle problem with concatenation is fixed, closes: #114591
    various segfault problems appear fixed, closes: #46312
    gzip -r issues fixed, closes: #53645, #106186
    problem with --no-filename option fixed, closes: #59067
    zgrep -r disallowed - "I did not use the patch as it was not a complete 
    . fix for the problem and I thought it would cause more problems than
    . it would cure.  Instead, I simply disallowed zgrep -r", closes: #81288
    error message reworded, closes: #76238
    compression factor output fixed, closes: #80362
    zgrep -H fixed, closes: #84371
    permission issue when forced to compress linked file fixed, closes: #88918
    manpage hardlinks fixed, closes: #94733
    gzip --help now goes to stdout, closes: #97020
    zless no longer runs less if file doesn't exist, closes: #109097
    problem with -best fixed, closes: #17650
    zgrep now understands --, closes: #28475
    file size output by gzip fixed for large files, closes: #40721
  * fix location referenced for GPL on Debian systems, closes: #112095
  * move install-info remove call from from postrm to prerm

 -- Bdale Garbee <bdale@gag.com>  Sat,  3 Nov 2001 01:01:02 -0700

gzip (1.2.4-33) unstable; urgency=low

  * update to current policy

 -- Bdale Garbee <bdale@gag.com>  Thu,  2 Dec 1999 01:10:58 -0700

gzip (1.2.4-32) unstable; urgency=low

  * update prototype for and definition of basename function for compatibility
    with glibc2.0, still in use on m68k.  Closes: #45058

 -- Bdale Garbee <bdale@gag.com>  Wed, 15 Sep 1999 02:01:47 -0600

gzip (1.2.4-31) unstable; urgency=medium

  * fix problems I induced while merging the upstream patch in the last upload,
    most notably omitting zless from the package. 
    Closes: #44883, #44885, #44890, #44882, #44887, #44895, #44896
 
 -- Bdale Garbee <bdale@gag.com>  Sun, 12 Sep 1999 12:06:00 -0600

gzip (1.2.4-30) unstable; urgency=low

  * upstream patch, closes: #28872
      1998-11-18  Paul Eggert  <eggert@twinsun.com>
      gzip.c (get_method): Don't complain about trailing zeros at
      the end of a gzipped file, as they're commonly appended to fill
      out a block (e.g. by GNU tar).
  * update to FHS compliance

 -- Bdale Garbee <bdale@gag.com>  Fri, 10 Sep 1999 21:34:07 -0600

gzip (1.2.4-29) unstable; urgency=low

  * apply patch from Vincent Renardias that improves behavior when trying to
    decompress a corrupted .gz file.  Closes 7472, 16385

 -- Bdale Garbee <bdale@gag.com>  Wed, 27 Jan 1999 20:50:12 -0700

gzip (1.2.4-28) frozen unstable; urgency=medium

  * patch zforce to make it work at all, closes 22760
  * patch to fix decompression of concatenated gzip files, closes 30537

 -- Bdale Garbee <bdale@gag.com>  Fri, 22 Jan 1999 10:43:09 -0700

gzip (1.2.4-27) frozen unstable; urgency=low

  * patch from Jean-loup (upstream maintainer) for zgrep.in to fix the
    problems with -A and -B successfully passing to grep.  Closes 21209.

 -- Bdale Garbee <bdale@gag.com>  Sat, 25 Apr 1998 22:47:15 -0600

gzip (1.2.4-26) frozen unstable; urgency=low

  * fix FSF address in copyright file, lintian now reports no errors
  * minor tweak to Makefile to fix warnings during dh_installmanpages run

 -- Bdale Garbee <bdale@gag.com>  Tue, 24 Mar 1998 00:40:48 -0700

gzip (1.2.4-25) frozen unstable; urgency=low

  * update znew.in and zdiff.in to do save tempfile handling, closes 19794

 -- Bdale Garbee <bdale@gag.com>  Sat, 21 Mar 1998 23:48:26 -0700

gzip (1.2.4-24) unstable; urgency=low

  * minor fix for complaints about short files, closes 19159

 -- Bdale Garbee <bdale@gag.com>  Wed, 11 Mar 1998 02:21:50 -0700

gzip (1.2.4-23) unstable; urgency=high

  * respond to security advisory from Alan Cox via Christian Hudon, fixes
    an obscure possibility to get gzip to execute code

 -- Bdale Garbee <bdale@gag.com>  Wed, 11 Mar 1998 02:16:59 -0700

gzip (1.2.4-22) unstable; urgency=high

  * gzexe modified to use tempfile in response to security advisory

 -- Bdale Garbee <bdale@gag.com>  Sat, 31 Jan 1998 14:30:20 -0700

gzip (1.2.4-21) unstable; urgency=low

  * fix from the upstream maintainer for voluminous "Broken Pipe" messages
    when using 'zgrep -l' or equivalent.  Closes bug 15178.

 -- Bdale Garbee <bdale@gag.com>  Sun,  4 Jan 1998 00:56:21 -0700

gzip (1.2.4-20) unstable; urgency=low

  * freshen rules file to match current debhelper
  * improve handling of undocumented executables.  Closes bug 13578.

 -- Bdale Garbee <bdale@gag.com>  Sun,  4 Jan 1998 00:56:21 -0700

gzip (1.2.4-19) unstable; urgency=low

  * change dependency to Pre-Depends, to keep dpkg from getting hosed during
    libc6 upgrades.  Closes 15091.
  * switch from debmake to debhelper.  In the process, closes 15412.

 -- Bdale Garbee <bdale@gag.com>  Mon,  8 Dec 1997 23:42:49 -0700

gzip (1.2.4-18) unstable; urgency=low

  * don't install INSTALL in the doc directory, closes bug 13224.

 -- Bdale Garbee <bdale@gag.com>  Fri,  5 Sep 1997 15:06:35 -0600

gzip (1.2.4-17) unstable; urgency=low

  * fix distribution problem in changelog file

 -- Bdale Garbee <bdale@gag.com>  Fri,  5 Sep 1997 15:06:35 -0600

gzip (1.2.4-16) stable frozen unstable; urgency=low

  * libc6
  * tweaks to rules file to install Changelog, closes bug 12488

 -- Bdale Garbee <bdale@gag.com>  Thu,  4 Sep 1997 22:46:28 -0600

gzip (1.2.4-15) stable frozen unstable; urgency=low

  * fix minor security issue - race condition reported on bugtraq list
  * rework debian/rules to build with debugging then strip

 -- Bdale Garbee <bdale@gag.com>  Fri, 14 Mar 1997 21:14:44 -0700

gzip (1.2.4-14) stable frozen unstable; urgency=medium

  * The -13 upload was built against a libc5 too new for 'stable'.  

 -- Bdale Garbee <bdale@gag.com>  Thu, 28 Nov 1996 11:37:31 -0700

gzip (1.2.4-13) stable frozen unstable; urgency=medium

  * Fix missing "essential" flag on package, lost during standards update.
  * Push this version back into stable to solve the 'compress' link problem.

 -- Bdale Garbee <bdale@gag.com>  Tue, 19 Nov 1996 09:14:14 -0700

gzip (1.2.4-12) unstable; urgency=low

  * New packag format.

 -- Bdale Garbee <bdale@gag.com>  Sat, 02 Nov 1996 14:47:42 -0800


Thu Jul 18 01:30:22 MDT 1996    Bdale Garbee    <bdale@gag.com>

        * add zegrep and zfgrep links in /usr/bin (Bug#3326)
        * add an extended description (Bug#3591)
        * tweak control files to use dpkg-name, etc.

Fri May 24 07:37:54 MDT 1996    Bdale Garbee    <bdale@gag.com>

        * don't provide a 'compress' link since it breaks things, but provide
          an 'uncompress' link since it's useful.
        * fix some administrivia

Sun Apr 14 20:39:19 MDT 1996    Bdale Garbee    <bdale@gag.com>

        * change gzexe.in to not use BINDIR, but assume gzip is in PATH
        * add Architecture field in the control file

Wed Jan 17 00:07:00 MST 1996    Bdale Garbee    <bdale@gag.com>

        * switch targets in the Makefile to also install the links called
          'compress' and 'uncompress' since some utilities care about these,
          and we're unlikely to ever have a 'compress' package because of the
          intellectual property issues.

Sat Dec  2 23:45:40 MST 1995    Bdale Garbee    <bdale@gag.com>

        * building for ELF
        * add 'zless' as a near-clone of 'zmore', closes bug 1776
        * unable to duplicate bug 1090, something has improved since then?
        * add libc5 dependency
        * new maintainer