[pigz-announce] pigz version 2.2.5 released

Mark Adler madler at alumni.caltech.edu
Sat Jul 28 16:56:02 EDT 2012


pigz users,

pigz version 2.2.5 has been released and is now available at http://zlib.net/pigz/ .  The main changes since 2.2.4 are:

- Change suffix to .tar when decompressing or listing .tgz.
- Print name of executable in error messages.
- Show help properly when the name is unpigz or gunzip.
- Fix permissions security problem before output is closed.

The security hole in 2.2.4 was due to the output file temporarily having more liberal access permissions (group and other read) that possibly the input file (e.g. only user read).  Once the write was complete however, the output file was set to the correct permissions.  With 2.2.5, the output file is readable only by the user while being written.  You should upgrade immediately to 2.2.5 to avoid the potential security issue.

Mark




More information about the pigz-announce mailing list