Skip to content
Jump to bottom

Update Gzip from 1.10 to 1.12 #2616

Merged
merged 1 commit into from
Apr 8, 2022
Merged

Update Gzip from 1.10 to 1.12 #2616

merged 1 commit into from
Apr 8, 2022

Conversation

pmenzel
Copy link
Collaborator

@pmenzel pmenzel commented Apr 8, 2022

Tested on invidia.

@pmenzel
gzip: Update version from 1.10 to 1.12
9e2b17d 
1.  [Gzip 1.11 summary][1]
2.  Gzip 1.12 fixes [zgrep, xzgrep: arbitrary-file-write vulnerability][2].

        $ gzip --version | head -1
        gzip 1.12
        $ echo foo | gzip > "$(printf '|\n;e banner pwned\n#.gz')"
        $ zgrep -H foo *gz
        |
        ;e banner pwned
        #.gz:foo

[1]: https://www.phoronix.com/scan.php?page=news_item&px=Gzip-1.11-Released
[2]: https://www.openwall.com/lists/oss-security/2022/04/07/8
@donald
Copy link
Collaborator

donald commented Apr 8, 2022

LGTM

buczek@theinternet:~/test$ zgrep -H foo *

                                   
#####  #    # #    # ###### #####  
#    # #    # ##   # #      #    # 
#    # #    # # #  # #####  #    # 
#####  # ## # #  # # #      #    # 
#      ##  ## #   ## #      #    # 
#      #    # #    # ###### #####  
                                   
foo
buczek@theinternet:~/test$ sudo bee update gzip
Password (for buczek) : 
installing /src/mariux/beeroot/packages/gzip-1.12-0.x86_64.bee.tar.bz2 ..
adding gzip.info to /usr/share/info/dir
removing gzip-1.10-0.x86_64 ..
removing gzip.info from /usr/share/info/dir
buczek@theinternet:~/test$ zgrep -H foo *
|
;e banner pwned
#.gz:foo

@pmenzel pmenzel merged commit f619ce7 into master Apr 8, 2022
Sign in to join this conversation on GitHub.
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
2 participants
@pmenzel @donald