gzip (1.12-1ubuntu1) kinetic; urgency=low
* Merge from Debian unstable. Remaining changes:
- Enable DFLTCC optimisations on s390x by default.
* Dropped changes, included upstream:
- Cherrypick upstream patches for optimized s390x zlib compression
and enable it
- Applying patch from upstream to fix a segfault caused by passing
multiple files larger than 5kb to a gzip command while zlib
acceleration is enabled
- debian/patches/CVE-2022-1271-1.patch: avoid exploit via multi-newline
file names in zgrep.in.
- debian/patches/CVE-2022-1271-2.patch: add test in tests/Makefile.am,
tests/zgrep-abuse.
- debian/patches/CVE-2022-1271-3.patch: port to POSIX sed in zgrep.in.
- debian/patches/CVE-2022-1271-4.patch: optimize out a grep in
gzexe.in.
- debian/patches/CVE-2022-1271-5.patch: use C locale more often in
gzexe.in, sample/zfile, zdiff.in, zgrep.in, znew.in.
- debian/patches/CVE-2022-1271-6.patch: fix "binary file matches"
mislabeling in tests/Makefile.am, tests/zgrep-binary, zgrep.in.
* Dropped changes, superseded upstream:
- debian/rules: fix permissions on new test scripts.
gzip (1.12-1) sid; urgency=high
* new upstream release
- zgrep: fix arbitrary-file-write vulnerability
address CVE-2022-1271 (closes: #1009168)
- report correct length of 4 GiB and larger files (closes: #149775)
- zgrep: fix "binary file matches" mislabeling; remove
zgrep-syntax-error.diff patch
- gzip: port to SIGPIPE-less platforms; remove sigpipe.diff patch
- gzexe: fix count of lines to skip; remove corresponding patch
* set standards version to 4.6.0
* update copyright notice
-- Steve Langasek <email address hidden> Mon, 15 Aug 2022 17:36:42 -0700
