[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Announcing the release of version 4.2.31 of GNU findutils

From: James Youngman
Subject: Announcing the release of version 4.2.31 of GNU findutils
Date: Wed, 30 May 2007 21:57:31 +0100

                              I announce the release of version
4.2.31 of GNU findutils.

GNU findutils is a set of software tools for finding files that match
certain criteria and for performing various operations on them.
Findutils includes the programs "find", "xargs" and "locate".  More
information about findutils is available at

This is a "stable" release of findutils.  It can be downloaded from (it's 1.3M).
The site is very busy, so you may find it more convenient
to download findutils from one of the mirror sites listed at

This release includes a security fix for a problem affecting all
previous releases of findutils.  It also includes other bugfixes and
documentation improvements.  All the changes since the previous stable
release are summarised below.

Bugs in GNU findutils should be reported to the findutils bug tracker
at  Reporting bugs via
the web interface will ensure that you are automatically informed when
the bug has been fixed.  General discussion of findutils takes place
on the bug-findutils mailing list.  To join the 'bug-findutils'
mailing list, send email to <address@hidden>.

To verify the GPG signature of the release, you will need the public
key of the findutils maintainer, James Youngman.  You can download
this from  Alternatively, you
could query a PGP keyserver, but you will need to use one that can
cope with subkeys containing photos.  Many older key servers cannot do
this.  I use  I think that one works.  See also the
"Downloading" section of

I would like to thank Rob Holland <address@hidden> and Tavis
Ormandy for their help in the preparation of this release.

* Major changes in release 4.2.31

** Security Fixes

#20014: Findutils-4.2.31 includes a patch for a potential security
problem in locate.  When locate read an old-format database, it read
file names into a fixed-length buffer allocated on the heap without
checking for overflow.  Although overflowing a heap buffer is often
somewhat safer than overflowing a buffer on the stack, this bug still
has potential security implications.

All previous releases of findutils are affected by this bug.  It has
been assigned CVE number CVE-2007-2452.

** Documentation Fixes

#19596: Corrected the documentation for "find -printf %b".

#19483: updatedb manpage has inconsistent highlighting for --help

#19155: Fixed typo in the output of "locate --help".

** Other Bug Fixes

#19658: When cross-compiling, "make clean" no longer deletes the
generated file doc/regexprops.texi, because there is no way to
regenerate it.

#19484: Decompressed data is wrong in locate if the first filename
indexed by updatedb starts with a space (instead of a slash).

** Other Changes

Findutils has switched to a new way of building the code from gnulib.
There should be no functional difference; the change should not be
visible to those using the findutils binaries, except for changes to
the output of "find --version", which should now show the version of
Gnulib which was used.

James Youngman <address@hidden>
GNU findutils maintainer

reply via email to

[Prev in Thread] Current Thread [Next in Thread]