[ubuntu/kinetic-proposed] gzip 1.12-1ubuntu1 (Accepted)

Steve Langasek steve.langasek at ubuntu.com
Tue Aug 16 00:54:12 UTC 2022 

gzip (1.12-1ubuntu1) kinetic; urgency=low

  * Merge from Debian unstable. Remaining changes:
    - Enable DFLTCC optimisations on s390x by default.
  * Dropped changes, included upstream:
    - Cherrypick upstream patches for optimized s390x zlib compression
      and enable it
    - Applying patch from upstream to fix a segfault caused by passing
      multiple files larger than 5kb to a gzip command while zlib
      acceleration is enabled
    - debian/patches/CVE-2022-1271-1.patch: avoid exploit via multi-newline
      file names in zgrep.in.
    - debian/patches/CVE-2022-1271-2.patch: add test in tests/Makefile.am,
      tests/zgrep-abuse.
    - debian/patches/CVE-2022-1271-3.patch: port to POSIX sed in zgrep.in.
    - debian/patches/CVE-2022-1271-4.patch: optimize out a grep in
      gzexe.in.
    - debian/patches/CVE-2022-1271-5.patch: use C locale more often in
      gzexe.in, sample/zfile, zdiff.in, zgrep.in, znew.in.
    - debian/patches/CVE-2022-1271-6.patch: fix "binary file matches"
      mislabeling in tests/Makefile.am, tests/zgrep-binary, zgrep.in.
  * Dropped changes, superseded upstream:
    - debian/rules: fix permissions on new test scripts.

gzip (1.12-1) sid; urgency=high

  * new upstream release
    - zgrep: fix arbitrary-file-write vulnerability
      address CVE-2022-1271 (closes: #1009168)
    - report correct length of 4 GiB and larger files (closes: #149775)
    - zgrep: fix "binary file matches" mislabeling; remove
      zgrep-syntax-error.diff patch
    - gzip: port to SIGPIPE-less platforms; remove sigpipe.diff patch
    - gzexe: fix count of lines to skip; remove corresponding patch
  * set standards version to 4.6.0
  * update copyright notice

Date: Mon, 15 Aug 2022 17:36:42 -0700
Changed-By: Steve Langasek <steve.langasek at ubuntu.com>
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
https://launchpad.net/ubuntu/+source/gzip/1.12-1ubuntu1
-------------- next part --------------
Format: 1.8
Date: Mon, 15 Aug 2022 17:36:42 -0700
Source: gzip
Built-For-Profiles: noudeb
Architecture: source
Version: 1.12-1ubuntu1
Distribution: kinetic
Urgency: high
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
Changed-By: Steve Langasek <steve.langasek at ubuntu.com>
Closes: 149775 1009168
Changes:
 gzip (1.12-1ubuntu1) kinetic; urgency=low
 .
   * Merge from Debian unstable. Remaining changes:
     - Enable DFLTCC optimisations on s390x by default.
   * Dropped changes, included upstream:
     - Cherrypick upstream patches for optimized s390x zlib compression
       and enable it
     - Applying patch from upstream to fix a segfault caused by passing
       multiple files larger than 5kb to a gzip command while zlib
       acceleration is enabled
     - debian/patches/CVE-2022-1271-1.patch: avoid exploit via multi-newline
       file names in zgrep.in.
     - debian/patches/CVE-2022-1271-2.patch: add test in tests/Makefile.am,
       tests/zgrep-abuse.
     - debian/patches/CVE-2022-1271-3.patch: port to POSIX sed in zgrep.in.
     - debian/patches/CVE-2022-1271-4.patch: optimize out a grep in
       gzexe.in.
     - debian/patches/CVE-2022-1271-5.patch: use C locale more often in
       gzexe.in, sample/zfile, zdiff.in, zgrep.in, znew.in.
     - debian/patches/CVE-2022-1271-6.patch: fix "binary file matches"
       mislabeling in tests/Makefile.am, tests/zgrep-binary, zgrep.in.
   * Dropped changes, superseded upstream:
     - debian/rules: fix permissions on new test scripts.
 .
 gzip (1.12-1) sid; urgency=high
 .
   * new upstream release
     - zgrep: fix arbitrary-file-write vulnerability
       address CVE-2022-1271 (closes: #1009168)
     - report correct length of 4 GiB and larger files (closes: #149775)
     - zgrep: fix "binary file matches" mislabeling; remove
       zgrep-syntax-error.diff patch
     - gzip: port to SIGPIPE-less platforms; remove sigpipe.diff patch
     - gzexe: fix count of lines to skip; remove corresponding patch
   * set standards version to 4.6.0
   * update copyright notice
Checksums-Sha1:
 a8b1b30149520f560b5b9cea63bbd21bee55387e 2303 gzip_1.12-1ubuntu1.dsc
 318107297587818c8f1e1fbb55962f4b2897bc0b 825548 gzip_1.12.orig.tar.xz
 981d0a887e94223ceb31930395b34af5e8e21270 833 gzip_1.12.orig.tar.xz.asc
 cfebc4fb6c96414f27a886cad87f7b9835b85909 19796 gzip_1.12-1ubuntu1.debian.tar.xz
 91a09b5b4502b69f6d6f86c84156d184b36e257a 7108 gzip_1.12-1ubuntu1_source.buildinfo
Checksums-Sha256:
 ef6201af5e71299eaf0b37eaba9afe23e8d4db6c44aae63801a9fc979af5e312 2303 gzip_1.12-1ubuntu1.dsc
 ce5e03e519f637e1f814011ace35c4f87b33c0bbabeec35baf5fbd3479e91956 825548 gzip_1.12.orig.tar.xz
 3ed9ab54452576e0be0d477c772c9f47baa36415133fef7dd1fcf7b15480ba32 833 gzip_1.12.orig.tar.xz.asc
 8b61098b1aa5f37e3f67b30a90f341a3283e7efe3a32efea5a7eae6d75d49b42 19796 gzip_1.12-1ubuntu1.debian.tar.xz
 0326a50fc441d28e08e337a05e00666085805cb76ba2fa5d1b6b92c14b6e6781 7108 gzip_1.12-1ubuntu1_source.buildinfo
Files:
 d9630564167305ac94f21d5d0055f608 2303 utils required gzip_1.12-1ubuntu1.dsc
 9608e4ac5f061b2a6479dc44e917a5db 825548 utils required gzip_1.12.orig.tar.xz
 431c7f48daf19af368c0bdc483f830a5 833 utils required gzip_1.12.orig.tar.xz.asc
 31894a6f69e126bd27b3f525f5460556 19796 utils required gzip_1.12-1ubuntu1.debian.tar.xz
 46bbed1d84af4912ce203b972dfef0e9 7108 utils required gzip_1.12-1ubuntu1_source.buildinfo
Original-Maintainer: Milan Kupcevic <milan at debian.org>

More information about the kinetic-changes mailing list