This is the mail archive of the cygwin mailing list for the Cygwin project.


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]
Other format: [Raw text]

[ANNOUNCEMENT] Updated: findutils-4.3.8-1


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

A new release of findutils, 4.3.8-1, is available for use, replacing
4.3.5-1.  4.2.27-1 remains the previous version.

NEWS:
=====
This is a new upstream release, fixing several issues as documented below,
including a security fix.  The release is marked beta upstream, but the
4.3 series has, in general, been enough of an improvement over the stable
4.2 series that I have focused on 4.3 releases as the primary cygwin release.

Although the news file mentions the partial addition of birthtime support,
it requires rebuilding from source against a cygwin snapshot to take
advantage of this feature, since birthtime will not be supported
officially until cygwin 1.7.0.

See also /usr/share/doc/findutils-4.3.8/.

DESCRIPTION:
============
The findutils package contains programs which will help you locate files
on your system.  The find utility searches through a hierarchy of
directories looking for files which match a certain set of criteria (such
as a filename pattern).  The xargs utility builds and executes command
lines from standard input arguments (usually lists of file names generated
by the find command).  The locate utility scans a database of filenames
and displays matches.  The updatedb utility builds the database for locate.

UPDATE:
=======
To update your installation, click on the "Install Cygwin now" link on the
http://cygwin.com/ web page.  This downloads setup.exe to your system.
Save it and run setup, answer the questions and pick up 'findutils' from
the 'Base' category (it should already be selected).

DOWNLOAD:
=========
Note that downloads from sources.redhat.com (aka cygwin.com) aren't
allowed due to bandwidth limitations.  This means that you will need to
find a mirror which has this update, please choose the one nearest to you:
http://cygwin.com/mirrors.html

QUESTIONS:
==========
If you want to make a point or ask a question the Cygwin mailing list is
the appropriate place.

- --
Eric Blake
volunteer cygwin findutils maintainer

CYGWIN-ANNOUNCE UNSUBSCRIBE INFO:
=================================
To unsubscribe to the cygwin-announce mailing list, look at the
"List-Unsubscribe: " tag in the email header of this message.  Send email
to the address specified there.  It will be in the format:

cygwin-announce-unsubscribe-YOU=YOURDOMAIN.COM@cygwin.com

If you need more information on unsubscribing, start reading here:

http://sources.redhat.com/lists.html#unsubscribe-simple

Please read *all* of the information on unsubscribing that is available
starting at this URL.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (Cygwin)
Comment: Public key at home.comcast.net/~ericblake/eblake.gpg
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFGeKRh84KuGfSFAYARAlZkAKC1VEpO/guvRoeLv7HDiYplW1WRGQCdGu7w
3hCiBxNSC+rA66LcIuY7Grk=
=8xOI
-----END PGP SIGNATURE-----
* Major changes in release 4.3.8

** Bug Fixes

#20157: Avoid segfault in locate when run as root.  This is caused by
a buffer overrun, but at this time no explot mechanism is known.

* Major changes in release 4.3.7

** Functional changes

Locate can now read old-format locate databases generated on machines
with a different byte order.  It does this by guessing the byte order,
so the result is not completely reliable.  If you need to share
databases between machines of different architectures, you should use
the LOCATE02 format (which has other advantages, as explained in the
documentation).

** Security Fixes

#20014: Findutils-4.3.7 includes a patch for a potential security
problem in locate.  When locate read an old-format database, it read
file names into a fixed-length buffer allocated on the heap without
checking for overflow.  Although overflowing a heap buffer is often
somewhat safer than overflowing a buffer on the stack, this bug still
has potential security implications.

This bug also affected the following previous findutils releases:

 - All releases prior to 4.2.31
 - Findutils 4.3.0 to 4.3.6.

This bug has been assigned CVE number CVE-2007-2452.

** Bug Fixes

#20128: Fix compilation error of find/tree.c on AIX with GCC.

#20005: Tests -mtime -n and -mtime +n incorrectly treated like -mtime n.

#19983: include_next causes compilation failure in findutils 4.3.6 on
non-GCC compilers 

#19981: Don't call setgroups if the function isn't available.  This
fixes Savannah bug# 19981.

#19980: Don't use the functions putw() or getw() since these are not
in current POSIX.  Use the gnulib version of wcwidth() where the
system does not provide it.

#19979: Compilation errors on BeOS

#19970: Cannot cast from pointer to bool using gnulib's <stdbool.h> 

#19967: Use of __attribute((__noreturn__)) makes compilation fail with
some non-GCC compilers  

#19966: find should link against -lm for modf() and fabs()

#19965: Compilation failure on OSF/1 4.0; non-declaration of uintmax_t 

#19948: Assertion failure O_NOFOLLOW != 0 on IRIX 6.5

#19871: Typos in find.1 

#19596: Fixed this bug again, this time in the Texinfo manual (the
discussion should compare %b with %s/512, not %s/1024).

#19416: _FORTIFY_SOURCE warn_unused_result warnings

* Major changes in release 4.3.6

** Bug Fixes

#19948: Fixed an assertion failure on IRIX 6.5 (O_NOFOLLOW is defined
to 0 there).

#19923: Fixed an array overrun in groups[] array of 'locate' when run by
or as root.  This bug appears not to be exploitable.  If locate is not
installed setuid, the bug is not exploitable.  For setuid
installations, it is concievable that there could be an information
leak if the user uses the -d option or the -e option, though the
maintainer has been unable to provoke this on an x86 system.

#19871: Spurious .R directives in manpage produced error messages from
GNU troff.  This is now fixed (they are corrected to .B).

#19416: The result of I/O operations in print-related actions is now
checked, and failures are reported.  Any failure will cause find's
exit status to be nonzero.   The predicate itself will continue to
return true.

** Compilation Fixes

A variety of changes were made to allow compilation to succeed on
non-GNU systems.

#19983: Now compiles on DEC C V5.9-005 on Digital UNIX V4.0 (or at
least, should).

#19970: Compile correctly on C89 systems where the "_Bool" type is not
provided, taking into account the limitations of the gnulib
replacement for stdbool.h.

#19967: Build successfully with C compilers that don't support the GCC
 construct __attribute__((__noreturn__)).

#19966: Findutils should now build on systems which have the modf()
and fabs() functions in the maths library, -lm.  This includes some
versions of HP-UX and Solaris.  

#19965: Fixed a compilation failure on OSF/1 4.0 (no definition of the
type uintmax_t).

--
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple
Problem reports:       http://cygwin.com/problems.html
Documentation:         http://cygwin.com/docs.html
FAQ:                   http://cygwin.com/faq/

Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]