gzip.c | 4 4 + 0 - 0 !
1 file changed, 4 insertions(+)

---

doc/gzip.texi | 2 1 + 1 - 0 !
1 file changed, 1 insertion(+), 1 deletion(-)

---

zgrep.in | 2 1 + 1 - 0 !
1 file changed, 1 insertion(+), 1 deletion(-)

---

gzip.c | 7 5 + 2 - 0 !
1 file changed, 5 insertions(+), 2 deletions(-)

 [patch] gzip: port better to mingw

Problem reported by Bdale Garbee for Debian
* gzip.c (do_chown): Don't assume uid_t and gid_t.

gzip.c | 2 1 + 1 - 0 !
1 file changed, 1 insertion(+), 1 deletion(-)

 [patch] gzip: port better to mingw again

Problem reported by Bdale Garbee (Bug#32305#8).
* gzip.c (do_chown): Use HAVE_FCHOWN || HAVE_CHOWN,
which is configured, instead of DO_CHOWN, which is not.

lib/fflush.c | 6 3 + 3 - 0 !
lib/fpurge.c | 2 1 + 1 - 0 !
lib/freading.c | 2 1 + 1 - 0 !
lib/fseeko.c | 4 2 + 2 - 0 !
lib/fseterr.c | 2 1 + 1 - 0 !
lib/stdio-impl.h | 6 6 + 0 - 0 !
6 files changed, 14 insertions(+), 8 deletions(-)

 fflush: adjust to glibc 2.28 libio.h removal
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Problem reported by Daniel P. Berrang in:
https://lists.gnu.org/r/bug-gnulib/2018-03/msg00000.html
* lib/fbufmode.c (fbufmode):
* lib/fflush.c (clear_ungetc_buffer_preserving_position)
(disable_seek_optimization, rpl_fflush):
* lib/fpending.c (__fpending):
* lib/fpurge.c (fpurge):
* lib/freadable.c (freadable):
* lib/freadahead.c (freadahead):
* lib/freading.c (freading):
* lib/freadptr.c (freadptr):
* lib/freadseek.c (freadptrinc):
* lib/fseeko.c (fseeko):
* lib/fseterr.c (fseterr):
* lib/fwritable.c (fwritable):
* lib/fwriting.c (fwriting):
Check _IO_EOF_SEEN instead of _IO_ftrylockfile.
* lib/stdio-impl.h (_IO_IN_BACKUP) [_IO_EOF_SEEN]:
Define if not already defined.

m4/manywarnings.m4 | 1 0 + 1 - 0 !
1 file changed, 1 deletion(-)

---

configure.ac | 2 1 + 1 - 0 !
1 file changed, 1 insertion(+), 1 deletion(-)

---

gzexe.in | 9 5 + 4 - 0 !
sample/zfile | 3 3 + 0 - 0 !
tests/Makefile.am | 2 2 + 0 - 0 !
tests/zgrep-abuse | 41 41 + 0 - 0 !
tests/zgrep-binary | 30 30 + 0 - 0 !
zdiff.in | 4 2 + 2 - 0 !
zgrep.in | 59 34 + 25 - 0 !
znew.in | 3 3 + 0 - 0 !
8 files changed, 120 insertions(+), 31 deletions(-)

 fix arbitrary-file-write vulnerability (cve-2022-1271)
 Backported from gzip version 1.12:
 .
 * zgrep.in: The issue with the old code is that with multiple
 newlines, the N-command will read the second line of input,
 then the s-commands will be skipped because it's not the end
 of the file yet, then a new sed cycle starts and the pattern
 space is printed and emptied. So only the last line or two get
 escaped. This patch makes sed read all lines into the pattern
 space and then do the escaping.
 .
 This vulnerability was discovered by:
 cleemy desu wayo working with Trend Micro Zero Day Initiative
 .
 * zgrep.in (res): When escaping the file name do not rely on GNU
 seds extension to POSIX with respect to s/.../\n/.  Instead, use
 features that should also work with AIX and/or Solaris sed.  This is
 simpler anyway, and would have prevented the recently-fixed bug.
 .
 * gzexe.in: Avoid an unnecessary invocation of grep,
 by using sed instead.  Also, look only for at-most-3-digit numbers,
 for consistency with the rest of the script.
 .