This is the mail archive of the
mailing list for the Cygwin project.
[ANNOUNCEMENT] Updated: findutils-4.3.8-1
- From: Eric Blake <ebb9 at byu dot net>
- To: cygwin at cygwin dot com
- Date: Tue, 19 Jun 2007 21:52:01 -0600
- Subject: [ANNOUNCEMENT] Updated: findutils-4.3.8-1
- Reply-to: cygwin at cygwin dot com
- Reply-to: The Cygwin Mailing List <cygwin at cygwin dot com>
-----BEGIN PGP SIGNED MESSAGE-----
A new release of findutils, 4.3.8-1, is available for use, replacing
4.3.5-1. 4.2.27-1 remains the previous version.
This is a new upstream release, fixing several issues as documented below,
including a security fix. The release is marked beta upstream, but the
4.3 series has, in general, been enough of an improvement over the stable
4.2 series that I have focused on 4.3 releases as the primary cygwin release.
Although the news file mentions the partial addition of birthtime support,
it requires rebuilding from source against a cygwin snapshot to take
advantage of this feature, since birthtime will not be supported
officially until cygwin 1.7.0.
See also /usr/share/doc/findutils-4.3.8/.
The findutils package contains programs which will help you locate files
on your system. The find utility searches through a hierarchy of
directories looking for files which match a certain set of criteria (such
as a filename pattern). The xargs utility builds and executes command
lines from standard input arguments (usually lists of file names generated
by the find command). The locate utility scans a database of filenames
and displays matches. The updatedb utility builds the database for locate.
To update your installation, click on the "Install Cygwin now" link on the
http://cygwin.com/ web page. This downloads setup.exe to your system.
Save it and run setup, answer the questions and pick up 'findutils' from
the 'Base' category (it should already be selected).
Note that downloads from sources.redhat.com (aka cygwin.com) aren't
allowed due to bandwidth limitations. This means that you will need to
find a mirror which has this update, please choose the one nearest to you:
If you want to make a point or ask a question the Cygwin mailing list is
the appropriate place.
volunteer cygwin findutils maintainer
CYGWIN-ANNOUNCE UNSUBSCRIBE INFO:
To unsubscribe to the cygwin-announce mailing list, look at the
"List-Unsubscribe: " tag in the email header of this message. Send email
to the address specified there. It will be in the format:
If you need more information on unsubscribing, start reading here:
Please read *all* of the information on unsubscribing that is available
starting at this URL.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (Cygwin)
Comment: Public key at home.comcast.net/~ericblake/eblake.gpg
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
-----END PGP SIGNATURE-----
* Major changes in release 4.3.8
** Bug Fixes
#20157: Avoid segfault in locate when run as root. This is caused by
a buffer overrun, but at this time no explot mechanism is known.
* Major changes in release 4.3.7
** Functional changes
Locate can now read old-format locate databases generated on machines
with a different byte order. It does this by guessing the byte order,
so the result is not completely reliable. If you need to share
databases between machines of different architectures, you should use
the LOCATE02 format (which has other advantages, as explained in the
** Security Fixes
#20014: Findutils-4.3.7 includes a patch for a potential security
problem in locate. When locate read an old-format database, it read
file names into a fixed-length buffer allocated on the heap without
checking for overflow. Although overflowing a heap buffer is often
somewhat safer than overflowing a buffer on the stack, this bug still
has potential security implications.
This bug also affected the following previous findutils releases:
- All releases prior to 4.2.31
- Findutils 4.3.0 to 4.3.6.
This bug has been assigned CVE number CVE-2007-2452.
** Bug Fixes
#20128: Fix compilation error of find/tree.c on AIX with GCC.
#20005: Tests -mtime -n and -mtime +n incorrectly treated like -mtime n.
#19983: include_next causes compilation failure in findutils 4.3.6 on
#19981: Don't call setgroups if the function isn't available. This
fixes Savannah bug# 19981.
#19980: Don't use the functions putw() or getw() since these are not
in current POSIX. Use the gnulib version of wcwidth() where the
system does not provide it.
#19979: Compilation errors on BeOS
#19970: Cannot cast from pointer to bool using gnulib's <stdbool.h>
#19967: Use of __attribute((__noreturn__)) makes compilation fail with
some non-GCC compilers
#19966: find should link against -lm for modf() and fabs()
#19965: Compilation failure on OSF/1 4.0; non-declaration of uintmax_t
#19948: Assertion failure O_NOFOLLOW != 0 on IRIX 6.5
#19871: Typos in find.1
#19596: Fixed this bug again, this time in the Texinfo manual (the
discussion should compare %b with %s/512, not %s/1024).
#19416: _FORTIFY_SOURCE warn_unused_result warnings
* Major changes in release 4.3.6
** Bug Fixes
#19948: Fixed an assertion failure on IRIX 6.5 (O_NOFOLLOW is defined
to 0 there).
#19923: Fixed an array overrun in groups array of 'locate' when run by
or as root. This bug appears not to be exploitable. If locate is not
installed setuid, the bug is not exploitable. For setuid
installations, it is concievable that there could be an information
leak if the user uses the -d option or the -e option, though the
maintainer has been unable to provoke this on an x86 system.
#19871: Spurious .R directives in manpage produced error messages from
GNU troff. This is now fixed (they are corrected to .B).
#19416: The result of I/O operations in print-related actions is now
checked, and failures are reported. Any failure will cause find's
exit status to be nonzero. The predicate itself will continue to
** Compilation Fixes
A variety of changes were made to allow compilation to succeed on
#19983: Now compiles on DEC C V5.9-005 on Digital UNIX V4.0 (or at
#19970: Compile correctly on C89 systems where the "_Bool" type is not
provided, taking into account the limitations of the gnulib
replacement for stdbool.h.
#19967: Build successfully with C compilers that don't support the GCC
#19966: Findutils should now build on systems which have the modf()
and fabs() functions in the maths library, -lm. This includes some
versions of HP-UX and Solaris.
#19965: Fixed a compilation failure on OSF/1 4.0 (no definition of the
Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple
Problem reports: http://cygwin.com/problems.html