I announce the release of version
4.2.31 of GNU findutils.
GNU findutils is a set of software tools for finding files that match
certain criteria and for performing various operations on them.
Findutils includes the programs "find", "xargs" and "locate". More
information about findutils is available at
http://www.gnu.org/software/findutils/.
This is a "stable" release of findutils. It can be downloaded from
ftp://ftp.gnu.org/gnu/findutils/findutils-4.2.31.tar.gz (it's 1.3M).
The ftp.gnu.org site is very busy, so you may find it more convenient
to download findutils from one of the mirror sites listed at
http://www.gnu.org/order/ftp.html.
This release includes a security fix for a problem affecting all
previous releases of findutils. It also includes other bugfixes and
documentation improvements. All the changes since the previous stable
release are summarised below.
Bugs in GNU findutils should be reported to the findutils bug tracker
at http://savannah.gnu.org/bugs/?group=findutils. Reporting bugs via
the web interface will ensure that you are automatically informed when
the bug has been fixed. General discussion of findutils takes place
on the bug-findutils mailing list. To join the 'bug-findutils'
mailing list, send email to <[EMAIL PROTECTED]>.
To verify the GPG signature of the release, you will need the public
key of the findutils maintainer, James Youngman. You can download
this from http://savannah.gnu.org/users/jay. Alternatively, you
could query a PGP keyserver, but you will need to use one that can
cope with subkeys containing photos. Many older key servers cannot do
this. I use subkeys.pgp.net. I think that one works. See also the
"Downloading" section of http://www.gnu.org/software/findutils/.
I would like to thank Rob Holland <[EMAIL PROTECTED]> and Tavis
Ormandy for their help in the preparation of this release.
* Major changes in release 4.2.31
** Security Fixes
#20014: Findutils-4.2.31 includes a patch for a potential security
problem in locate. When locate read an old-format database, it read
file names into a fixed-length buffer allocated on the heap without
checking for overflow. Although overflowing a heap buffer is often
somewhat safer than overflowing a buffer on the stack, this bug still
has potential security implications.
All previous releases of findutils are affected by this bug. It has
been assigned CVE number CVE-2007-2452.
** Documentation Fixes
#19596: Corrected the documentation for "find -printf %b".
#19483: updatedb manpage has inconsistent highlighting for --help
option.
#19155: Fixed typo in the output of "locate --help".
** Other Bug Fixes
#19658: When cross-compiling, "make clean" no longer deletes the
generated file doc/regexprops.texi, because there is no way to
regenerate it.
#19484: Decompressed data is wrong in locate if the first filename
indexed by updatedb starts with a space (instead of a slash).
** Other Changes
Findutils has switched to a new way of building the code from gnulib.
There should be no functional difference; the change should not be
visible to those using the findutils binaries, except for changes to
the output of "find --version", which should now show the version of
Gnulib which was used.
--
James Youngman <[EMAIL PROTECTED]>
GNU findutils maintainer
_______________________________________________
GNU Announcement mailing list <info-gnu@gnu.org>
http://lists.gnu.org/mailman/listinfo/info-gnu
