Overview

Request 968010 accepted

- update to 1.12 (CVE-2022-1271,bsc#1198062):
* 'gzip -l' no longer misreports file lengths 4 GiB and larger.
Previously, 'gzip -l' output the 32-bit value stored in the gzip
header even though that is the uncompressed length modulo 2**32.
Now, 'gzip -l' calculates the uncompressed length by decompressing
the data and counting the resulting bytes. Although this can take
much more time, nowadays the correctness pros seem to outweigh the
performance cons.
* 'zless' is no longer installed on platforms lacking 'less'.
* zgrep applied to a crafted file name with two or more newlines
can no longer overwrite an arbitrary, attacker-selected file.
[bug introduced in gzip-1.3.10]
* zgrep now names input file on error instead of mislabeling it as
"(standard input)", if grep supports the GNU -H and --label options.
* 'zdiff -C 5' no longer misbehaves by treating '5' as a file name.
* Configure-time options like --program-prefix now work.
- refresh zdiff.diff, zgrep.diff, zmore.diff

Loading...
Request History
Marcus Meissner's avatar

msmeissn created request

- update to 1.12 (CVE-2022-1271,bsc#1198062):
* 'gzip -l' no longer misreports file lengths 4 GiB and larger.
Previously, 'gzip -l' output the 32-bit value stored in the gzip
header even though that is the uncompressed length modulo 2**32.
Now, 'gzip -l' calculates the uncompressed length by decompressing
the data and counting the resulting bytes. Although this can take
much more time, nowadays the correctness pros seem to outweigh the
performance cons.
* 'zless' is no longer installed on platforms lacking 'less'.
* zgrep applied to a crafted file name with two or more newlines
can no longer overwrite an arbitrary, attacker-selected file.
[bug introduced in gzip-1.3.10]
* zgrep now names input file on error instead of mislabeling it as
"(standard input)", if grep supports the GNU -H and --label options.
* 'zdiff -C 5' no longer misbehaves by treating '5' as a file name.
* Configure-time options like --program-prefix now work.
- refresh zdiff.diff, zgrep.diff, zmore.diff


Factory Auto's avatar

factory-auto added opensuse-review-team as a reviewer

Please review sources


Factory Auto's avatar

factory-auto accepted review

Check script succeeded


Saul Goodman's avatar

licensedigger accepted review

The legal review is accepted preliminary. The package may require actions later on.


Jan Engelhardt's avatar

jengelh accepted review


Dominique Leuenberger's avatar

dimstar_suse set openSUSE:Factory:Staging:A as a staging project

Being evaluated by staging project "openSUSE:Factory:Staging:A"


Dominique Leuenberger's avatar

dimstar_suse accepted review

Picked "openSUSE:Factory:Staging:A"


Dominique Leuenberger's avatar

dimstar_suse accepted review

Staging Project openSUSE:Factory:Staging:A got accepted.


Dominique Leuenberger's avatar

dimstar_suse approved review

Staging Project openSUSE:Factory:Staging:A got accepted.


Dominique Leuenberger's avatar

dimstar_suse accepted request

Staging Project openSUSE:Factory:Staging:A got accepted.

openSUSE Build Service is sponsored by