[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Findutils 4.2.23 is now available on

From: James Youngman
Subject: Findutils 4.2.23 is now available on
Date: Sun, 19 Jun 2005 12:57:15 +0100
User-agent: Mutt/1.3.28i

I am pleased to announce the release of version 4.2.23 of GNU
findutils.  This release includes a fix for a potential security
problem; the list of bugs fixed appears below.

GNU findutils is a set of software tools for finding files that match
certain criteria and for performing various operations on them.
Findutils includes the programs "find", "xargs" and "locate".  More
information about findutils is available at

This is a "stable" release of findutils.  It replaces findutils
version 4.2.20, which was the previous stable release.  It can be
downloaded from  The
site is very busy, so you may find it more convenient to download
findutils from one of the mirror sites listed at

This release includes a range of changes, including both bugfixes and
small functional changes.  All the changes since the previous stable
release are summarised below.

Bugs in GNU findutils should be reported to the findutils bug tracker
at  Reporting bugs via
the web interface will ensure that you are automatically informed when
the bug has been fixed.  General discussion of findutils takes place
on the bug-findutils mailing list.  To join the 'bug-findutils'
mailing list, send email to <address@hidden>.

To verify the GPG signature of the release, you will need the public
key of the findutils maintainer, James Youngman.  You can download
this from  Alternatively, you
could query a PGP keyserver, but you will need to use one that can
cope with subkeys containing photos.  Many older key servers cannot do
this.  I use  I think that one works.  See also the
"Downloading" section of

* Major changes in release 4.2.23

** Documentation Changes

The -L and -I options of xargs are currently incompatible (but should
not be).

Improved the documentation for -execdir and -okdir.

** Functional Changes to updatedb

File names ending in "/" which are specified as an argument to
--prunepaths (or in $PRUNEPATHS) don't work, so we now issue an error
message if the user tries to do that.  The obvious exception of course
is "/" which does work and is not rejected.

* Major changes in release 4.2.22

** Security Fixes

If a directory entry searched with "find -L" is a symbolic link to
".", we no longer loop indefinitely.  This problem affected find
versions 4.2.19, 4.2.20 and 4.2.21.  This problem allows users to make
"find" loop indefinitely.  This is in effect a denial of service and
could be used to prevent updates to the locate database or to defeat
file security checks based on find.  However, it should be noted that
in any case you should not use "find -L" in security-sensitive

** Other Bug Fixes

None in this release.

** Functional Changes to locate

A locate database can now be supplied on stdin, using '-' as a element
of the database-path. If more than one database-path element is '-',
later instances are ignored.

A new option to locate, '--all' ('-A') causes matches to be limited to
entries which match all given patterns, not entries which match
one or more patterns.

** Documentation Changes

Some typos in the manual pages have been fixed.  Various parts of the
manual now point out that it is good practice to quote the argument of
"-name".  The manpage now has a "NON-BUGS" section which explains some
symptoms that look like bugs but aren't.  The explanations of the "%k"
and "%b" directives to "find -printf" have been imrpoved.

* Major changes in release 4.2.21
** Functional Changes to find

The GNU extension "find ... -perm +MODE" has been withdrawn because it
is incompatible with POSIX in obscure cases like "find ... -perm ++r".
Use the new syntax "find ... -perm /MODE" instead.  Old usages will
still continue to work, so long as they don't conflict with POSIX.

If the output is going to a terminal, the -print, -fprint, -printf and
-fprintf actions now quote "unusual" characters to prevent unwanted
effects on the terminal.  See "Unusual Characters in File Names" for
further details.  There is no change to the behaviour when the output
is not going to a terminal.   The locate program does the same thing,
unless the -0 option is in effect (in which case the filenames are 
printed as-is).

** Functional Changes to locate

The locate command will now read each locate database at most once.
This means that if you are using multiple databases and are searching
for more than one name, the results will now be printed in a different
order (and if you specified a small limit with --limit, you may get a
different set of results).

A new option '--print' for locate causes it to print the matching
results even if the '--count' or '--statistics' option is in effect.

** Bug Fixes
find /blah/blah/blah -depth -empty now works once again.

The -regex and -iregex tests of find now correctly accept POSIX Basic
Regular Expressions.  (Savannah bug #12999)

The updatedb program now works on systems where "su" does not support
the "-s" option, for example Solaris.

James Youngman <address@hidden>
GNU findutils maintainer

reply via email to

[Prev in Thread] Current Thread [Next in Thread]