gzip 1.3.7 released

bug-gnu-utils

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

gzip 1.3.7 released

From:	Paul Eggert
Subject:	gzip 1.3.7 released
Date:	Thu, 07 Dec 2006 00:12:34 -0800
User-agent:	Gnus/5.1008 (Gnus v5.10.8) Emacs/21.4 (gnu/linux)

I'm happy to announce the release of gzip 1.3.7.

gzip (GNU zip) is a popular data compression program written by
Jean-Loup Gailly for the GNU project; Mark Adler wrote the
decompression part.

This gzip release follows up on last month's 1.3.6 test
release, and attempts to fix correctness bugs and porting
bugs discovered and reported since then. With these bugs
shaken out, 1.3.7 has a greater chance of becoming an
official release. However, the number of fixes makes it
advisable to issue it as a test release first.

Please report any problems to <address@hidden>.

The compressed sources are here:
ftp://alpha.gnu.org/gnu/gzip/gzip-1.3.7.tar.gz (544 KB)

The GPG detached signature is here:
ftp://alpha.gnu.org/gnu/gzip/gzip-1.3.7.tar.gz.sig

Here are the MD5 and SHA512 digests:

d6c7f79bc445fbd12136662623de7edf gzip-1.3.7.tar.gz
52da92d01b13380aa5ffe92d2683a1181e98e31bececae88d4ffbc400dc9879d9873b067948230258bf8f34ddad41d74149a7e2dcda19ac8e5d2588abb4984fd
gzip-1.3.7.tar.gz

Here are URLs to the ChangeLog entries since the most recent
test version (1.3.6) and stable version (1.2.4),
respectively:

http://cvs.sv.gnu.org/viewcvs/gzip/gzip/ChangeLog?r1=1.4&r2=1.17
http://cvs.sv.gnu.org/viewcvs/gzip/gzip/ChangeLog?r1=1.2&r2=1.17

Here are the major changes since 1.3.6, reported in the NEWS file:

* Fix some gzip problems:
- Refuse to compress setuid or setgid files, or files with the sticky bit.
- Fix more race conditions in setting file permissions and owner,
removing output files, following symbolic links, and dealing with
special files.
- Remove most of the code working around ENAMETOOLONG deficiencies.
Systems with those deficiencies are long-dead, and the workarounds
had race conditions on modern hosts.
- Catch CPU time and file size limit signals, too.
- Check for read errors when closing files.
- Fix a core dump caused by a stray abort mistakenly introduced in 1.3.6.
* Fix some gzexe problems:
- Improve resistance to denial-of-service attacks.
- Fix some quoting and escaping bugs.
- Do not assume /tmp is sticky (though it should be!).
- Do not assume the working directory can be written.
- Rely on PATH in the generated executable, as the man page says.
- Don't assume IFS is sane.
- Exit with signal's status, if signaled.

[Prev in Thread]

Current Thread

[Next in Thread]

gzip 1.3.7 released, Paul Eggert <=

Prev by Date: Re: Bug (?): The LC_NUMERIC variable
Next by Date: Re: Bug (?): The LC_NUMERIC variable
Previous by thread: Bug (?): The LC_NUMERIC variable
Next by thread: gawk: invalid read and write
Index(es):
- Date
- Thread