| Patch | Description | Author | Forwarded | Bugs | Origin | Last update |
|---|---|---|---|---|---|---|
| zgrep-syntax-error.diff | no | |||||
| disable-Werror.patch | diff --git a/configure.ac b/configure.ac index 1f05a7e..7b34c4b 100644 |
no | ||||
| gzip_reproducible_build.diff | no | |||||
| sigpipe.diff | no | |||||
| gzexe-fix-count-of-lines-to-skip.patch | [PATCH] gzexe: fix count of lines to skip Problem reported by Jakub Martisko (Bug#35002). * gzexe.in (skip): Bump from 44 to 49. |
Paul Eggert <eggert@cs.ucla.edu> | no | 2019-03-26 | ||
| skip-out-of-range-timestamp-test-mips64el.patch | no | |||||
| CVE-2022-1271.patch | fix arbitrary-file-write vulnerability (CVE-2022-1271) Backported from gzip version 1.12: . * zgrep.in: The issue with the old code is that with multiple newlines, the N-command will read the second line of input, then the s-commands will be skipped because it's not the end of the file yet, then a new sed cycle starts and the pattern space is printed and emptied. So only the last line or two get escaped. This patch makes sed read all lines into the pattern space and then do the escaping. . This vulnerability was discovered by: cleemy desu wayo working with Trend Micro Zero Day Initiative . * zgrep.in (res): When escaping the file name do not rely on GNU sed’s extension to POSIX with respect to s/.../\n/. Instead, use features that should also work with AIX and/or Solaris sed. This is simpler anyway, and would have prevented the recently-fixed bug. . * gzexe.in: Avoid an unnecessary invocation of ‘grep’, by using sed instead. Also, look only for at-most-3-digit numbers, for consistency with the rest of the script. . * gzexe.in, zdiff.in, zgrep.in: Run expr and sed in the C locale when it might help to avoid undefined behavior on non-GNU platforms. . * sample/zfile, znew.in: Run in the C locale, for simplicity and to avoid undefined behavior on non-GNU platforms. . Problem reported by Jim Avera (Bug#31280). This became more of an issue when GNU grep 3.5 (2020) started sending "binary file matches" diagnostics to stderr instead of to stdout. . * tests/Makefile.am (TESTS): Add zgrep-binary. . * tests/zgrep-binary: New test. . * zgrep.in (args): New var, to accumulate args separately from grep command, so we can prepend args if need be. Most uses of 'grep' changed to use 'args' instead, or also. (with_filename): Set to 1 if more than one file and -h not given; this simplifies later code. (gnuish_grep): New var; evaluates to true if grep supports -H and --label options, as is true for GNU and FreeBSD grep. Append -H to 'grep' if outputting file names with GNUish grep, and use --label with GNUish grep unless reading from stdin, as that’s safer and more efficient than relabeling with 'sed'. https://git.savannah.gnu.org/cgit/gzip.git/commit/?id=dc9740df61e575e8c3148b7bd3c147a81ea00c7c https://git.savannah.gnu.org/cgit/gzip.git/commit/?id=d74a30d45c6834c8e9f87115197370fe86656d81 https://git.savannah.gnu.org/cgit/gzip.git/commit/?id=c99f320d5c0fd98fe88d9cea5407eb7ad9d50e8a https://git.savannah.gnu.org/cgit/gzip.git/commit/?id=6543c09c6ecfb1630085d440b76511953bc5a2cb https://git.savannah.gnu.org/cgit/gzip.git/commit/?id=0e2d07fc2c4393cfb9dbab580d0bee4525b9c9b3 https://git.savannah.gnu.org/cgit/gzip.git/commit/?id=5e1fc8b92c1af9382365aef0f9130341ee1d2c76 https://git.savannah.gnu.org/cgit/gzip.git/commit/?id=9d3248751178939713a39115cf68ec8a11506cc9 |
no | backport, |