gzip.c | 4 4 + 0 - 0 !
1 file changed, 4 insertions(+)

---

doc/gzip.texi | 2 1 + 1 - 0 !
1 file changed, 1 insertion(+), 1 deletion(-)

---

zgrep.in | 2 1 + 1 - 0 !
1 file changed, 1 insertion(+), 1 deletion(-)

---

configure.ac | 2 1 + 1 - 0 !
1 file changed, 1 insertion(+), 1 deletion(-)

---

gzexe.in | 2 1 + 1 - 0 !
1 file changed, 1 insertion(+), 1 deletion(-)

 [patch] gzexe: fix count of lines to skip

Problem reported by Jakub Martisko (Bug#35002).
* gzexe.in (skip): Bump from 44 to 49.

tests/timestamp | 2 2 + 0 - 0 !
1 file changed, 2 insertions(+)

---

gzexe.in | 9 5 + 4 - 0 !
sample/zfile | 3 3 + 0 - 0 !
tests/Makefile.am | 2 2 + 0 - 0 !
tests/zgrep-abuse | 41 41 + 0 - 0 !
tests/zgrep-binary | 30 30 + 0 - 0 !
zdiff.in | 4 2 + 2 - 0 !
zgrep.in | 59 34 + 25 - 0 !
znew.in | 3 3 + 0 - 0 !
8 files changed, 120 insertions(+), 31 deletions(-)

 fix arbitrary-file-write vulnerability (cve-2022-1271)
 Backported from gzip version 1.12:
 .
 * zgrep.in: The issue with the old code is that with multiple
 newlines, the N-command will read the second line of input,
 then the s-commands will be skipped because it's not the end
 of the file yet, then a new sed cycle starts and the pattern
 space is printed and emptied. So only the last line or two get
 escaped. This patch makes sed read all lines into the pattern
 space and then do the escaping.
 .
 This vulnerability was discovered by:
 cleemy desu wayo working with Trend Micro Zero Day Initiative
 .
 * zgrep.in (res): When escaping the file name do not rely on GNU
 seds extension to POSIX with respect to s/.../\n/.  Instead, use
 features that should also work with AIX and/or Solaris sed.  This is
 simpler anyway, and would have prevented the recently-fixed bug.
 .
 * gzexe.in: Avoid an unnecessary invocation of grep,
 by using sed instead.  Also, look only for at-most-3-digit numbers,
 for consistency with the rest of the script.
 .