From 170b39e86b281d53cfb941c03008a484850d3d7deb6b06ad7f3045763f5683c7 Mon Sep 17 00:00:00 2001
From: OBS User unknown <null@suse.de>
Date: Sun, 3 Jun 2007 20:04:05 +0000
Subject: [PATCH] OBS-URL:
 https://build.opensuse.org/package/show/openSUSE:Factory/findutils?expand=0&rev=4

---
 findutils-4.2.30.tar.gz                       |  3 --
 ...utils-4.2.30.diff => findutils-4.2.31.diff |  0
 findutils-4.2.31.tar.gz                       |  3 ++
 findutils.changes                             | 31 ++++++++++++++++++
 findutils.spec                                | 32 +++++++++++++++++--
 5 files changed, 64 insertions(+), 5 deletions(-)
 delete mode 100644 findutils-4.2.30.tar.gz
 rename findutils-4.2.30.diff => findutils-4.2.31.diff (100%)
 create mode 100644 findutils-4.2.31.tar.gz

diff --git a/findutils-4.2.30.tar.gz b/findutils-4.2.30.tar.gz
deleted file mode 100644
index 1f53540..0000000
--- a/findutils-4.2.30.tar.gz
+++ /dev/null
@@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:344b9cbb4034907f80398c6a6d3724507ff4b519036f13bb811d12f702043af4
-size 1188123
diff --git a/findutils-4.2.30.diff b/findutils-4.2.31.diff
similarity index 100%
rename from findutils-4.2.30.diff
rename to findutils-4.2.31.diff
diff --git a/findutils-4.2.31.tar.gz b/findutils-4.2.31.tar.gz
new file mode 100644
index 0000000..317f1b7
--- /dev/null
+++ b/findutils-4.2.31.tar.gz
@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:e0d34b8faca0b3cca0703f6c6b498afbe72f0ba16c35980c10ec9ef7724d6204
+size 1326294
diff --git a/findutils.changes b/findutils.changes
index 0076a1d..a98a919 100644
--- a/findutils.changes
+++ b/findutils.changes
@@ -1,3 +1,34 @@
+-------------------------------------------------------------------
+Sun Jun  3 19:48:01 CEST 2007 - schwab@suse.de
+
+- Update to findutils 4.2.31.
+  ** Security Fixes
+  #20014: Findutils-4.2.31 includes a patch for a potential security
+  problem in locate.  When locate read an old-format database, it read
+  file names into a fixed-length buffer allocated on the heap without
+  checking for overflow.  Although overflowing a heap buffer if often
+  somewhat safer than overflowing a buffer on the stack, this bug still
+  has potential security implications.
+  All previous releases of findutils are affected by this bug.  It has
+  been assigned CVE number CVE-2007-2452.
+  ** Documentation Fixes
+  #19596: Corrected the documentation for "find -printf %b".
+  #19483: updatedb manpage has inconsistent highlighting for --help
+  option.
+  #19155: Fixed typo in the output of "locate --help".
+  ** Other Bug Fixes
+  #19658: When cross-compiling, "make clean" no longer deletes the
+  generated file doc/regexprops.texi, because there is no way to
+  regenerate it.
+  #19484: Decompressed data is wrong in locate if the first filename
+  indexed by updatedb starts with a space (instead of a slash).
+  ** Other Changes
+  Findutils has switched to a new way of building the code from gnulib.
+  There should be no functional difference; the change should not be
+  visible to those using the findutils binaries, except for changes to
+  the output of "find --version", which should now show the version of
+  Gnulib which was used.
+
 -------------------------------------------------------------------
 Wed Feb 28 19:58:59 CET 2007 - schwab@suse.de
 
diff --git a/findutils.spec b/findutils.spec
index 0bc0b68..01eaac8 100644
--- a/findutils.spec
+++ b/findutils.spec
@@ -1,5 +1,5 @@
 #
-# spec file for package findutils (Version 4.2.30)
+# spec file for package findutils (Version 4.2.31)
 #
 # Copyright (c) 2007 SUSE LINUX Products GmbH, Nuernberg, Germany.
 # This file and all modifications and additions to the pristine
@@ -18,7 +18,7 @@ Provides:       find
 Obsoletes:      find 
 Autoreqprov:    on
 PreReq:         %{install_info_prereq}
-Version:        4.2.30
+Version:        4.2.31
 Release:        1
 Summary:        GNU find--Finding Files
 Source:         findutils-%{version}.tar.gz
@@ -133,6 +133,34 @@ rm -rf $RPM_BUILD_ROOT
 /var/adm/fillup-templates/*
 
 %changelog
+* Sun Jun 03 2007 - schwab@suse.de
+- Update to findutils 4.2.31.
+  ** Security Fixes
+  [#20014]: Findutils-4.2.31 includes a patch for a potential security
+  problem in locate.  When locate read an old-format database, it read
+  file names into a fixed-length buffer allocated on the heap without
+  checking for overflow.  Although overflowing a heap buffer if often
+  somewhat safer than overflowing a buffer on the stack, this bug still
+  has potential security implications.
+  All previous releases of findutils are affected by this bug.  It has
+  been assigned CVE number CVE-2007-2452.
+  ** Documentation Fixes
+  [#19596]: Corrected the documentation for "find -printf %%b".
+  [#19483]: updatedb manpage has inconsistent highlighting for --help
+  option.
+  [#19155]: Fixed typo in the output of "locate --help".
+  ** Other Bug Fixes
+  [#19658]: When cross-compiling, "make clean" no longer deletes the
+  generated file doc/regexprops.texi, because there is no way to
+  regenerate it.
+  [#19484]: Decompressed data is wrong in locate if the first filename
+  indexed by updatedb starts with a space (instead of a slash).
+  ** Other Changes
+  Findutils has switched to a new way of building the code from gnulib.
+  There should be no functional difference; the change should not be
+  visible to those using the findutils binaries, except for changes to
+  the output of "find --version", which should now show the version of
+  Gnulib which was used.
 * Wed Feb 28 2007 - schwab@suse.de
 - Update to findutils 4.2.30.
   ** Bug Fixes