OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/findutils?expand=0&rev=4

findutils-4.2.30.tar.gz

@@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:344b9cbb4034907f80398c6a6d3724507ff4b519036f13bb811d12f702043af4
-size 1188123

findutils-4.2.31.tar.gz

@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:e0d34b8faca0b3cca0703f6c6b498afbe72f0ba16c35980c10ec9ef7724d6204
+size 1326294

findutils.changes

@@ -1,3 +1,34 @@
+-------------------------------------------------------------------
+Sun Jun  3 19:48:01 CEST 2007 - schwab@suse.de
+
+- Update to findutils 4.2.31.
+  ** Security Fixes
+  #20014: Findutils-4.2.31 includes a patch for a potential security
+  problem in locate.  When locate read an old-format database, it read
+  file names into a fixed-length buffer allocated on the heap without
+  checking for overflow.  Although overflowing a heap buffer if often
+  somewhat safer than overflowing a buffer on the stack, this bug still
+  has potential security implications.
+  All previous releases of findutils are affected by this bug.  It has
+  been assigned CVE number CVE-2007-2452.
+  ** Documentation Fixes
+  #19596: Corrected the documentation for "find -printf %b".
+  #19483: updatedb manpage has inconsistent highlighting for --help
+  option.
+  #19155: Fixed typo in the output of "locate --help".
+  ** Other Bug Fixes
+  #19658: When cross-compiling, "make clean" no longer deletes the
+  generated file doc/regexprops.texi, because there is no way to
+  regenerate it.
+  #19484: Decompressed data is wrong in locate if the first filename
+  indexed by updatedb starts with a space (instead of a slash).
+  ** Other Changes
+  Findutils has switched to a new way of building the code from gnulib.
+  There should be no functional difference; the change should not be
+  visible to those using the findutils binaries, except for changes to
+  the output of "find --version", which should now show the version of
+  Gnulib which was used.
+
 -------------------------------------------------------------------
 Wed Feb 28 19:58:59 CET 2007 - schwab@suse.de
 

findutils.spec

@@ -1,5 +1,5 @@
 #
-# spec file for package findutils (Version 4.2.30)
+# spec file for package findutils (Version 4.2.31)
 #
 # Copyright (c) 2007 SUSE LINUX Products GmbH, Nuernberg, Germany.
 # This file and all modifications and additions to the pristine
@@ -18,7 +18,7 @@ Provides:       find
 Obsoletes:      find 
 Autoreqprov:    on
 PreReq:         %{install_info_prereq}
-Version:        4.2.30
+Version:        4.2.31
 Release:        1
 Summary:        GNU find--Finding Files
 Source:         findutils-%{version}.tar.gz
@@ -133,6 +133,34 @@ rm -rf $RPM_BUILD_ROOT
 /var/adm/fillup-templates/*
 
 %changelog
+* Sun Jun 03 2007 - schwab@suse.de
+- Update to findutils 4.2.31.
+  ** Security Fixes
+  [#20014]: Findutils-4.2.31 includes a patch for a potential security
+  problem in locate.  When locate read an old-format database, it read
+  file names into a fixed-length buffer allocated on the heap without
+  checking for overflow.  Although overflowing a heap buffer if often
+  somewhat safer than overflowing a buffer on the stack, this bug still
+  has potential security implications.
+  All previous releases of findutils are affected by this bug.  It has
+  been assigned CVE number CVE-2007-2452.
+  ** Documentation Fixes
+  [#19596]: Corrected the documentation for "find -printf %%b".
+  [#19483]: updatedb manpage has inconsistent highlighting for --help
+  option.
+  [#19155]: Fixed typo in the output of "locate --help".
+  ** Other Bug Fixes
+  [#19658]: When cross-compiling, "make clean" no longer deletes the
+  generated file doc/regexprops.texi, because there is no way to
+  regenerate it.
+  [#19484]: Decompressed data is wrong in locate if the first filename
+  indexed by updatedb starts with a space (instead of a slash).
+  ** Other Changes
+  Findutils has switched to a new way of building the code from gnulib.
+  There should be no functional difference; the change should not be
+  visible to those using the findutils binaries, except for changes to
+  the output of "find --version", which should now show the version of
+  Gnulib which was used.
 * Wed Feb 28 2007 - schwab@suse.de
 - Update to findutils 4.2.30.
   ** Bug Fixes