git: 06e4364bd6 - main - Add EN-22:20 and SA-22:13.
- Go to: [ bottom of page ] [ top of archives ] [ this month ]
Date: Tue, 30 Aug 2022 23:46:52 UTC
The branch main has been updated by gordon (src committer):
URL: https://cgit.FreeBSD.org/doc/commit/?id=06e4364bd6f4d9fbcb1a124c78f326c9ad63885e
commit 06e4364bd6f4d9fbcb1a124c78f326c9ad63885e
Author: Gordon Tetlow <gordon@FreeBSD.org>
AuthorDate: 2022-08-30 23:46:11 +0000
Commit: Gordon Tetlow <gordon@FreeBSD.org>
CommitDate: 2022-08-30 23:46:11 +0000
Add EN-22:20 and SA-22:13.
Approved by: so
---
website/data/security/advisories.toml | 4 +
website/data/security/errata.toml | 4 +
.../advisories/FreeBSD-EN-22:20.tzdata.asc | 175 +
.../security/advisories/FreeBSD-SA-22:13.zlib.asc | 148 +
.../security/patches/EN-22:20/tzdata-2022c.patch | 4100 ++++++++++++++++++++
.../patches/EN-22:20/tzdata-2022c.patch.asc | 16 +
.../static/security/patches/SA-22:13/zlib.patch | 14 +
.../security/patches/SA-22:13/zlib.patch.asc | 16 +
8 files changed, 4477 insertions(+)
diff --git a/website/data/security/advisories.toml b/website/data/security/advisories.toml
index 49a8244da2..a5aadbdf0d 100644
--- a/website/data/security/advisories.toml
+++ b/website/data/security/advisories.toml
@@ -1,6 +1,10 @@
# Sort advisories by year, month and day
# $FreeBSD$
+[[advisories]]
+name = "FreeBSD-SA-22:13.zlib"
+date = "2022-08-30"
+
[[advisories]]
name = "FreeBSD-SA-22:12.lib9p"
date = "2022-08-09"
diff --git a/website/data/security/errata.toml b/website/data/security/errata.toml
index d8b7dd74be..657fa4133e 100644
--- a/website/data/security/errata.toml
+++ b/website/data/security/errata.toml
@@ -1,6 +1,10 @@
# Sort errata notices by year, month and day
# $FreeBSD$
+[[notices]]
+name = "FreeBSD-EN-22:20.tzdata"
+date = "2022-08-30"
+
[[notices]]
name = "FreeBSD-EN-22:19.pam_exec"
date = "2022-08-09"
diff --git a/website/static/security/advisories/FreeBSD-EN-22:20.tzdata.asc b/website/static/security/advisories/FreeBSD-EN-22:20.tzdata.asc
new file mode 100644
index 0000000000..25bc1eabab
--- /dev/null
+++ b/website/static/security/advisories/FreeBSD-EN-22:20.tzdata.asc
@@ -0,0 +1,175 @@
+-----BEGIN PGP SIGNED MESSAGE-----
+Hash: SHA512
+
+=============================================================================
+FreeBSD-EN-22:20.tzdata Errata Notice
+ The FreeBSD Project
+
+Topic: Timezone database information update
+
+Category: contrib
+Module: zoneinfo
+Announced: 2022-08-30
+Affects: All supported versions of FreeBSD.
+Corrected: 2022-08-17 01:48:01 UTC (stable/13, 13.1-STABLE)
+ 2022-08-30 23:02:48 UTC (releng/13.1, 13.1-RELEASE-p2)
+ 2022-08-30 23:01:22 UTC (releng/13.0, 13.0-RELEASE-p13)
+ 2022-08-17 01:56:52 UTC (stable/12, 12.3-STABLE)
+ 2022-08-30 23:16:54 UTC (releng/12.3, 12.3-RELEASE-p7)
+
+For general information regarding FreeBSD Errata Notices and Security
+Advisories, including descriptions of the fields above, security
+branches, and the following sections, please visit
+<URL:https://security.FreeBSD.org/>.
+
+I. Background
+
+The IANA Time Zone Database (often called tz or zoneinfo) contains code and
+data that represent the history of local time for many representative
+locations around the globe. It is updated periodically to reflect changes
+made by political bodies to time zone boundaries, UTC offsets, and
+daylight-saving rules.
+
+FreeBSD releases install the IANA Time Zone Database in /usr/share/zoneinfo.
+The tzsetup(8) utility allows the user to specify the default local time
+zone. Based on the selected time zone, tzsetup(8) copies one of the files
+from /usr/share/zoneinfo to /etc/localtime. A time zone may also be selected
+for an individual process by setting its TZ environment variable to a desired
+time zone name.
+
+II. Problem Description
+
+Several changes to future and past timestamps have been recorded in the IANA
+Time Zone Database after previous FreeBSD releases were released. This
+affects many users in different parts of the world. Because of these
+changes, the data in the zoneinfo files need to be updated. If the local
+timezone on the running system is affected, tzsetup(8) needs to be run to
+update /etc/localtime.
+
+III. Impact
+
+An incorrect time will be displayed on a system configured to use one of the
+affected time zones if the /usr/share/zoneinfo and /etc/localtime files are
+not updated, and all applications on the system that rely on the system time,
+such as cron(8) and syslog(8), will be affected.
+
+IV. Workaround
+
+The system administrator can install an updated version of the IANA Time Zone
+Database from the misc/zoneinfo port and run tzsetup(8).
+
+Applications that store and display times in Coordinated Universal Time (UTC)
+are not affected.
+
+V. Solution
+
+Upgrade your system to a supported FreeBSD stable or release / security
+branch (releng) dated after the correction date.
+
+Please note that some third party software, for instance PHP, Ruby, Java,
+Perl and Python, may be using different zoneinfo data sources, in such cases
+this software must be updated separately. Software packages that are
+installed via binary packages can be upgraded by executing 'pkg upgrade'.
+
+Following the instructions in this Errata Notice will only update the IANA
+Time Zone Database installed in /usr/share/zoneinfo.
+
+Perform one of the following:
+
+1) To update your system via a binary patch:
+
+Systems running a RELEASE version of FreeBSD on the amd64, i386, or
+(on FreeBSD 13 and later) arm64 platforms can be updated via the
+freebsd-update(8) utility:
+
+# freebsd-update fetch
+# freebsd-update install
+
+Restart all the affected applications and daemons, or reboot the system.
+
+2) To update your system via a source code patch:
+
+The following patches have been verified to apply to the applicable
+FreeBSD release branches.
+
+a) Download the relevant patch from the location below, and verify the
+detached PGP signature using your PGP utility.
+
+# fetch https://security.FreeBSD.org/patches/EN-22:20/tzdata-2022c.patch
+# fetch https://security.FreeBSD.org/patches/EN-22:20/tzdata-2022c.patch.asc
+# gpg --verify tzdata-2022c.patch.asc
+
+b) Apply the patch. Execute the following commands as root:
+
+# cd /usr/src
+# patch < /path/to/patch
+
+c) Recompile the operating system using buildworld and installworld as
+described in <URL:https://www.FreeBSD.org/handbook/makeworld.html>.
+
+Restart all the affected applications and daemons, or reboot the system.
+
+VI. Correction details
+
+This issue is corrected by the corresponding Git commit hash or Subversion
+revision number in the following stable and release branches:
+
+Branch/path Hash Revision
+- -------------------------------------------------------------------------
+stable/13/ f7cb47731675 stable/13-n252124
+releng/13.1/ e86b610b8744 releng/13.1-n250157
+releng/13.0/ 707cecae4e34 releng/13.0-n244809
+stable/12/ r372409
+releng/12.3/ r372461
+- -------------------------------------------------------------------------
+
+For FreeBSD 13 and later:
+
+Run the following command to see which files were modified by a
+particular commit:
+
+# git show --stat <commit hash>
+
+Or visit the following URL, replacing NNNNNN with the hash:
+
+<URL:https://cgit.freebsd.org/src/commit/?id=NNNNNN>
+
+To determine the commit count in a working tree (for comparison against
+nNNNNNN in the table above), run:
+
+# git rev-list --count --first-parent HEAD
+
+For FreeBSD 12 and earlier:
+
+Run the following command to see which files were modified by a particular
+revision, replacing NNNNNN with the revision number:
+
+# svn diff -cNNNNNN --summarize svn://svn.freebsd.org/base
+
+Or visit the following URL, replacing NNNNNN with the revision number:
+
+<URL:https://svnweb.freebsd.org/base?view=revision&revision=NNNNNN>
+
+VII. References
+
+<URL:https://github.com/eggert/tz/blob/2022b/NEWS>
+<URL:https://github.com/eggert/tz/blob/2022c/NEWS>
+
+The latest revision of this advisory is available at
+<URL:https://security.FreeBSD.org/advisories/FreeBSD-EN-22:20.tzdata.asc>
+-----BEGIN PGP SIGNATURE-----
+
+iQIzBAEBCgAdFiEE/A6HiuWv54gCjWNV05eS9J6n5cIFAmMOoGgACgkQ05eS9J6n
+5cKipg/6Axbh9KTIXF/Z/KZtna+2/Fvs4zIvV1PnT/6VJge9JrPShRtKuTOHE7at
+8tFFFLplDV3uGF3PxJ0vB66sd5A7VchS8UDJoyrr8Q1kfOGlMge5W3UQbHp4u4II
+DCRlvocXIv7SygmfWlrQg5Ia6c2CmIa13BcMcxNv8tu/TShsJZD8AUtu/sF01xZh
+RaPQE5Y0dMErQx1FpGrxcxqw5DVNz6utpxeGgz8SU/bMRUs17u9HbktiPdDpJVzh
+gw26DfMJS9CflrTBF1RKmCj6934ghz6fbHqnw7IrcnLjaitVsVqgktFjgmUje9OH
+JyCvY5ysAYEQD74HxncvgiJ3OjkQ/EYTwdL2lfTZRiWqQjncfFHchZ2ioIslR84e
+3NQlJYxosvWa/NIFxclR69I8d9outXRkClAEQo5tgjOPF7Q1F4TzH38IN7YMrwK7
+G9N2qXO6+GQo0E2yVmqQbam9KIRsyy9rf5Yp14Lc0P9GFiD0bMok0/C1zfE+Qi9U
+Y0lM7vtNFg7QM2Gi9OOhaCWJscDDf4OfuxaCWhh8Mq3cNrdaCY56t0SzPKmgF7qY
+sZPRpI6YXv9+m9c8V+sklPituTMXa2maGzSYJNTOWhDNmf4Ah1YvxbMWhoxI0hsF
+nSgCr/LQh0c+dTXthIW1fYv4mt5uXXNg5uMs0mIfncLin3syJ7s=
+=DcSW
+-----END PGP SIGNATURE-----
diff --git a/website/static/security/advisories/FreeBSD-SA-22:13.zlib.asc b/website/static/security/advisories/FreeBSD-SA-22:13.zlib.asc
new file mode 100644
index 0000000000..546b8282bc
--- /dev/null
+++ b/website/static/security/advisories/FreeBSD-SA-22:13.zlib.asc
@@ -0,0 +1,148 @@
+-----BEGIN PGP SIGNED MESSAGE-----
+Hash: SHA512
+
+=============================================================================
+FreeBSD-SA-22:13.zlib Security Advisory
+ The FreeBSD Project
+
+Topic: zlib heap buffer overflow
+
+Category: contrib
+Module: zlib
+Announced: 2022-08-30
+Credits: Evgeny Legerov of @intevydis
+Affects: All supported versions of FreeBSD.
+Corrected: 2022-08-09 14:40:35 UTC (stable/13, 13.1-STABLE)
+ 2022-08-30 23:02:48 UTC (releng/13.1, 13.1-RELEASE-p2)
+ 2022-08-30 22:57:49 UTC (releng/13.0, 13.0-RELEASE-p13)
+ 2022-08-09 14:45:04 UTC (stable/12, 12.3-STABLE)
+ 2022-08-30 23:16:45 UTC (releng/12.3, 12.3-RELEASE-p7)
+CVE Name: CVE-2022-37434
+
+For general information regarding FreeBSD Security Advisories,
+including descriptions of the fields above, security branches, and the
+following sections, please visit <URL:https://security.FreeBSD.org/>.
+
+I. Background
+
+zlib is a software library implementing compression and decompression.
+It is used in various places in the FreeBSD kernel and userland.
+
+II. Problem Description
+
+zlib through 1.2.12 has a heap-based buffer over-read or buffer overflow
+in inflate in inflate.c via a large gzip header extra field.
+
+III. Impact
+
+Applications that call inflateGetHeader may be vulnerable to a buffer
+overflow. Note that inflateGetHeader is not used by anything in the
+FreeBSD base system, but may be used by third party software.
+
+IV. Workaround
+
+No workaround is available, but applications that do not call
+inflateGetHeader are not vulnerable.
+
+V. Solution
+
+Upgrade your vulnerable system to a supported FreeBSD stable or
+release / security branch (releng) dated after the correction date, and
+restart daemons if necessary.
+
+Perform one of the following:
+
+1) To update your vulnerable system via a binary patch:
+
+Systems running a RELEASE version of FreeBSD on the amd64, i386, or
+(on FreeBSD 13 and later) arm64 platforms can be updated via the
+freebsd-update(8) utility:
+
+# freebsd-update fetch
+# freebsd-update install
+
+2) To update your vulnerable system via a source code patch:
+
+The following patches have been verified to apply to the applicable
+FreeBSD release branches.
+
+a) Download the relevant patch from the location below, and verify the
+detached PGP signature using your PGP utility.
+
+# fetch https://security.FreeBSD.org/patches/SA-22:13/zlib.patch
+# fetch https://security.FreeBSD.org/patches/SA-22:13/zlib.patch.asc
+# gpg --verify zlib.patch.asc
+
+b) Apply the patch. Execute the following commands as root:
+
+# cd /usr/src
+# patch < /path/to/patch
+
+c) Recompile the operating system using buildworld and installworld as
+described in <URL:https://www.FreeBSD.org/handbook/makeworld.html>.
+
+Restart all daemons that use the library, or reboot the system.
+
+VI. Correction details
+
+This issue is corrected by the corresponding Git commit hash or Subversion
+revision number in the following stable and release branches:
+
+Branch/path Hash Revision
+- -------------------------------------------------------------------------
+stable/13/ 10cc2bf5f7a5 stable/13-n252073
+releng/13.1/ 289231c9634a releng/13.1-n250156
+releng/13.0/ 77cd23716ffb releng/13.0-n244808
+stable/12/ r372370
+releng/12.3/ r372460
+- -------------------------------------------------------------------------
+
+For FreeBSD 13 and later:
+
+Run the following command to see which files were modified by a
+particular commit:
+
+# git show --stat <commit hash>
+
+Or visit the following URL, replacing NNNNNN with the hash:
+
+<URL:https://cgit.freebsd.org/src/commit/?id=NNNNNN>
+
+To determine the commit count in a working tree (for comparison against
+nNNNNNN in the table above), run:
+
+# git rev-list --count --first-parent HEAD
+
+For FreeBSD 12 and earlier:
+
+Run the following command to see which files were modified by a particular
+revision, replacing NNNNNN with the revision number:
+
+# svn diff -cNNNNNN --summarize svn://svn.freebsd.org/base
+
+Or visit the following URL, replacing NNNNNN with the revision number:
+
+<URL:https://svnweb.freebsd.org/base?view=revision&revision=NNNNNN>
+
+VII. References
+
+<URL:https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-37434>
+
+The latest revision of this advisory is available at
+<URL:https://security.FreeBSD.org/advisories/FreeBSD-SA-22:13.zlib.asc>
+-----BEGIN PGP SIGNATURE-----
+
+iQIzBAEBCgAdFiEE/A6HiuWv54gCjWNV05eS9J6n5cIFAmMOoG4ACgkQ05eS9J6n
+5cIITA//WMND8i3L8agw4QBMZTmL8M6bbbKK+eua7bhH4MNxguruULwcWNoHvhuO
++ebgomd4cWlPfY2TJcpd9OCXCjuMGMLvwE6XmPlGzW5DuMdD893wWPdsYJtDK+6p
+yMSihFyZP+ELWFbLeO3SFedRRKBQiDEmO3X2oOR1Ukj5wjsUOFPv0/dLphyBiq3t
+3tn/0O9NfAmyONvHSozoVs34MIFC9Qc/8oxlp5wKjomFn6OifPRwNu4yeWDfVL/c
+11IwotsKNTR6QNckdNBwbFC2NwdWfl8Tqv7gbJ3PhXDlzCDC5hOQoIeOol3Nf8et
+9+FjCr9y/jTH0tzEHCgevO3U711UZYIu2s+STHTlJRNly/n+2CMG+YOn1XkKtu6A
+4x4Pw+YRHl5VesQCNcJOkwVwRiyrirp5yOaaUPhSKo0teykypgV/WS9Z1U0VVfGP
+xgxJ7ElcT2HoNiz06QUSG374dPyEBKqoZTo/g2tJ0mL17JLW7IAtlUpIHzU475YR
+1itARL0z7O3bbUa/h35LxRTCxT2Ojt0qZO9WsS4dIraz2gb8QbHkgUXETnLAx9Ih
+UwaPrLGkzqpMjkQFASDS+LeacFOZARdxT/tUFwTRCQI27Aujl1OJzy7t0drL5I9f
+pO529OH4plSsT0x4j89tAUZxIHB2RQet94777vP4T0J5UcBegxc=
+=y87U
+-----END PGP SIGNATURE-----
diff --git a/website/static/security/patches/EN-22:20/tzdata-2022c.patch b/website/static/security/patches/EN-22:20/tzdata-2022c.patch
new file mode 100644
index 0000000000..c140bddcd5
--- /dev/null
+++ b/website/static/security/patches/EN-22:20/tzdata-2022c.patch
@@ -0,0 +1,4100 @@
+--- ObsoleteFiles.inc.orig
++++ ObsoleteFiles.inc
+@@ -8579,8 +8579,6 @@
+ OLD_FILES+=usr/share/examples/etc/rc.firewall6
+ # 20091117: removal of rc.early(8) link
+ OLD_FILES+=usr/share/man/man8/rc.early.8.gz
+-# 20091117: usr/share/zoneinfo/GMT link removed
+-OLD_FILES+=usr/share/zoneinfo/GMT
+ # 20091027: pselect.3 implemented as syscall
+ OLD_FILES+=usr/share/man/man3/pselect.3.gz
+ # 20091005: fusword.9 and susword.9 removed
+--- contrib/tzdata/Makefile.orig
++++ contrib/tzdata/Makefile
+@@ -33,7 +33,7 @@
+ # make zonenames
+ # to get a list of the values you can use for LOCALTIME.
+
+-LOCALTIME= GMT
++LOCALTIME= Factory
+
+ # The POSIXRULES macro controls interpretation of nonstandard and obsolete
+ # POSIX-like TZ settings like TZ='EET-2EEST' that lack DST transition rules.
+@@ -176,12 +176,19 @@
+
+ BACKWARD= backward
+
+-# If you want out-of-scope and often-wrong data from the file 'backzone', use
++# If you want out-of-scope and often-wrong data from the file 'backzone',
++# but only for entries listed in the backward-compatibility file zone.tab, use
+ # PACKRATDATA= backzone
++# PACKRATLIST= zone.tab
++# If you want all the 'backzone' data, use
++# PACKRATDATA= backzone
++# PACKRATLIST=
+ # To omit this data, use
+ # PACKRATDATA=
++# PACKRATLIST=
+
+ PACKRATDATA=
++PACKRATLIST=
+
+ # The name of a locale using the UTF-8 encoding, used during self-tests.
+ # The tests are skipped if the name does not appear to work on this system.
+@@ -264,7 +271,7 @@
+ $(GCC_INSTRUMENT) \
+ -Wall -Wextra \
+ -Walloc-size-larger-than=100000 -Warray-bounds=2 \
+- -Wbad-function-cast -Wcast-align=strict -Wdate-time \
++ -Wbad-function-cast -Wbidi-chars=any,ucn -Wcast-align=strict -Wdate-time \
+ -Wdeclaration-after-statement -Wdouble-promotion \
+ -Wduplicated-branches -Wduplicated-cond \
+ -Wformat=2 -Wformat-overflow=2 -Wformat-signedness -Wformat-truncation \
+@@ -278,7 +285,7 @@
+ -Wsuggest-attribute=const -Wsuggest-attribute=format \
+ -Wsuggest-attribute=malloc \
+ -Wsuggest-attribute=noreturn -Wsuggest-attribute=pure \
+- -Wtrampolines -Wundef -Wuninitialized -Wunused-macros \
++ -Wtrampolines -Wundef -Wuninitialized -Wunused-macros -Wuse-after-free=3 \
+ -Wvariadic-macros -Wvla -Wwrite-strings \
+ -Wno-address -Wno-format-nonliteral -Wno-sign-compare \
+ -Wno-type-limits -Wno-unused-parameter
+@@ -291,8 +298,9 @@
+ # guess TM_GMTOFF from other macros; define NO_TM_GMTOFF to suppress this.
+ # Similarly, if your system has a "zone abbreviation" field, define
+ # -DTM_ZONE=tm_zone
+-# and define NO_TM_ZONE to suppress any guessing. These two fields are not
+-# required by POSIX, but are widely available on GNU/Linux and BSD systems.
++# and define NO_TM_ZONE to suppress any guessing. Although these two fields
++# not required by POSIX, a future version of POSIX is planned to require them
++# and they are widely available on GNU/Linux and BSD systems.
+ #
+ # The next batch of options control support for external variables
+ # exported by tzcode. In practice these variables are less useful
+@@ -448,6 +456,9 @@
+ # useful in commentary.
+ UNUSUAL_OK_CHARSET= $(UNUSUAL_OK_LATIN_1)$(UNUSUAL_OK_IPA)
+
++# Put this in a bracket expression to match spaces.
++s = [:space:]
++
+ # OK_CHAR matches any character allowed in the distributed files.
+ # This is the same as SAFE_CHAR, except that UNUSUAL_OK_CHARSET and
+ # multibyte letters are also allowed so that commentary can contain a
+@@ -521,21 +532,23 @@
+ ZONETABLES= zone1970.tab zone.tab
+ TABDATA= iso3166.tab $(TZDATA_TEXT) $(ZONETABLES)
+ LEAP_DEPS= leapseconds.awk leap-seconds.list
+-TZDATA_ZI_DEPS= ziguard.awk zishrink.awk version $(TDATA) $(PACKRATDATA)
+-DSTDATA_ZI_DEPS= ziguard.awk $(TDATA) $(PACKRATDATA)
++TZDATA_ZI_DEPS= ziguard.awk zishrink.awk version $(TDATA) \
++ $(PACKRATDATA) $(PACKRATLIST)
++DSTDATA_ZI_DEPS= ziguard.awk $(TDATA) $(PACKRATDATA) $(PACKRATLIST)
+ DATA= $(TDATA_TO_CHECK) backzone iso3166.tab leap-seconds.list \
+ leapseconds $(ZONETABLES)
+ AWK_SCRIPTS= checklinks.awk checktab.awk leapseconds.awk \
+ ziguard.awk zishrink.awk
+-MISC= $(AWK_SCRIPTS) zoneinfo2tdf.pl
++MISC= $(AWK_SCRIPTS)
+ TZS_YEAR= 2050
+ TZS_CUTOFF_FLAG= -c $(TZS_YEAR)
+ TZS= to$(TZS_YEAR).tzs
+ TZS_NEW= to$(TZS_YEAR)new.tzs
+ TZS_DEPS= $(YDATA) asctime.c localtime.c \
+ private.h tzfile.h zdump.c zic.c
++TZDATA_DIST = $(COMMON) $(DATA) $(MISC)
+ # EIGHT_YARDS is just a yard short of the whole ENCHILADA.
+-EIGHT_YARDS = $(COMMON) $(DOCS) $(SOURCES) $(DATA) $(MISC) tzdata.zi
++EIGHT_YARDS = $(TZDATA_DIST) $(DOCS) $(SOURCES) tzdata.zi
+ ENCHILADA = $(EIGHT_YARDS) $(TZS)
+
+ # Consult these files when deciding whether to rebuild the 'version' file.
+@@ -555,7 +568,7 @@
+ tzfile.5 tzfile.h tzselect.8 tzselect.ksh \
+ workman.sh zdump.8 zdump.c zic.8 zic.c \
+ ziguard.awk zishrink.awk \
+- zone.tab zone1970.tab zoneinfo2tdf.pl
++ zone.tab zone1970.tab
+
+ # And for the benefit of csh users on systems that assume the user
+ # shell should be used to handle commands in Makefiles. . .
+@@ -608,13 +621,17 @@
+ printf '%s\n' "$$V" >$@.out
+ mv $@.out $@
+
+-# These files can be tailored by setting BACKWARD and PACKRATDATA.
++# These files can be tailored by setting BACKWARD, PACKRATDATA, PACKRATLIST.
+ vanguard.zi main.zi rearguard.zi: $(DSTDATA_ZI_DEPS)
+- $(AWK) -v DATAFORM=`expr $@ : '\(.*\).zi'` -f ziguard.awk \
++ $(AWK) \
++ -v DATAFORM=`expr $@ : '\(.*\).zi'` \
++ -v PACKRATDATA='$(PACKRATDATA)' \
++ -v PACKRATLIST='$(PACKRATLIST)' \
++ -f ziguard.awk \
+ $(TDATA) $(PACKRATDATA) >$@.out
+ mv $@.out $@
+ # This file has a version comment that attempts to capture any tailoring
+-# via BACKWARD, DATAFORM, PACKRATDATA, and REDO.
++# via BACKWARD, DATAFORM, PACKRATDATA, PACKRATLIST, and REDO.
+ tzdata.zi: $(DATAFORM).zi version zishrink.awk
+ version=`sed 1q version` && \
+ LC_ALL=C $(AWK) \
+@@ -652,6 +669,7 @@
+ DESTDIR='$(DESTDIR)' \
+ LEAPSECONDS='$(LEAPSECONDS)' \
+ PACKRATDATA='$(PACKRATDATA)' \
++ PACKRATLIST='$(PACKRATLIST)' \
+ TZDEFAULT='$(TZDEFAULT)' \
+ TZDIR='$(TZDIR)' \
+ ZIC='$(ZIC)'
+@@ -690,11 +708,6 @@
+ $(MAKE) $(INSTALLARGS) TZDIR='$(TZDIR)-posix' posix_only
+ $(MAKE) $(INSTALLARGS) TZDIR='$(TZDIR)-leaps' right_only
+
+-# This obsolescent rule is present for backwards compatibility with
+-# tz releases 2014g through 2015g. It should go away eventually.
+-posix_packrat: $(INSTALL_DATA_DEPS)
+- $(MAKE) $(INSTALLARGS) PACKRATDATA=backzone posix_only
+-
+ zones: $(REDO)
+
+ # dummy.zd is not a real file; it is mentioned here only so that the
+@@ -755,8 +768,8 @@
+ mv $@.out $@
+
+ check: check_character_set check_white_space check_links \
+- check_name_lengths check_sorted \
+- check_tables check_web check_zishrink check_tzs
++ check_name_lengths check_slashed_abbrs check_sorted \
++ check_tables check_web check_ziguard check_zishrink check_tzs
+
+ check_character_set: $(ENCHILADA)
+ test ! '$(UTF8_LOCALE)' || \
+@@ -780,19 +793,28 @@
+ patfmt=' \t|[\f\r\v]' && pat=`printf "$$patfmt\\n"` && \
+ ! grep -En "$$pat" \
+ $$(ls $(ENCHILADA) | grep -Fvx leap-seconds.list)
+- ! grep -n '[[:space:]]$$' \
++ ! grep -n '[$s]$$' \
+ $$(ls $(ENCHILADA) | grep -Fvx leap-seconds.list)
+ touch $@
+
+-PRECEDES_FILE_NAME = ^(Zone|Link[[:space:]]+[^[:space:]]+)[[:space:]]+
+-FILE_NAME_COMPONENT_TOO_LONG = \
+- $(PRECEDES_FILE_NAME)[^[:space:]]*[^/[:space:]]{15}
++PRECEDES_FILE_NAME = ^(Zone|Link[$s]+[^$s]+)[$s]+
++FILE_NAME_COMPONENT_TOO_LONG = $(PRECEDES_FILE_NAME)[^$s]*[^/$s]{15}
+
+ check_name_lengths: $(TDATA_TO_CHECK) backzone
+ ! grep -En '$(FILE_NAME_COMPONENT_TOO_LONG)' \
+ $(TDATA_TO_CHECK) backzone
+ touch $@
+
++PRECEDES_STDOFF = ^(Zone[$s]+[^$s]+)?[$s]+
++STDOFF = [-+]?[0-9:.]+
++RULELESS_SAVE = (-|$(STDOFF)[sd]?)
++RULELESS_SLASHED_ABBRS = \
++ $(PRECEDES_STDOFF)$(STDOFF)[$s]+$(RULELESS_SAVE)[$s]+[^$s]*/
++
++check_slashed_abbrs: $(TDATA_TO_CHECK)
++ ! grep -En '$(RULELESS_SLASHED_ABBRS)' $(TDATA_TO_CHECK)
++ touch $@
++
+ CHECK_CC_LIST = { n = split($$1,a,/,/); for (i=2; i<=n; i++) print a[1], a[i]; }
+
+ check_sorted: backward backzone iso3166.tab zone.tab zone1970.tab
+@@ -832,11 +854,19 @@
+ test ! -s $@.out || { cat $@.out; exit 1; }
+ mv $@.out $@
+
++check_ziguard: rearguard.zi vanguard.zi ziguard.awk
++ $(AWK) -v DATAFORM=rearguard -f ziguard.awk vanguard.zi | \
++ diff -u rearguard.zi -
++ $(AWK) -v DATAFORM=vanguard -f ziguard.awk rearguard.zi | \
++ diff -u vanguard.zi -
++ touch $@
++
+ # Check that zishrink.awk does not alter the data, and that ziguard.awk
+ # preserves main-format data.
+ check_zishrink: check_zishrink_posix check_zishrink_right
+ check_zishrink_posix check_zishrink_right: \
+- zic leapseconds $(PACKRATDATA) $(TDATA) $(DATAFORM).zi tzdata.zi
++ zic leapseconds $(PACKRATDATA) $(PACKRATLIST) \
++ $(TDATA) $(DATAFORM).zi tzdata.zi
+ rm -fr $@.dir $@-t.dir $@-shrunk.dir
+ mkdir $@.dir $@-t.dir $@-shrunk.dir
+ case $@ in \
+@@ -845,8 +875,8 @@
+ esac && \
+ $(ZIC) $$leap -d $@.dir $(DATAFORM).zi && \
+ $(ZIC) $$leap -d $@-shrunk.dir tzdata.zi && \
+- case $(DATAFORM) in \
+- main) \
++ case $(DATAFORM),$(PACKRATLIST) in \
++ main,) \
+ $(ZIC) $$leap -d $@-t.dir $(TDATA) && \
+ $(AWK) '/^Rule/' $(TDATA) | \
+ $(ZIC) $$leap -d $@-t.dir - $(PACKRATDATA) && \
+@@ -967,6 +997,10 @@
+ rm public.dir/main.zi
+ cd public.dir && $(MAKE) PACKRATDATA=backzone main.zi
+ public.dir/zic -d public.dir/zoneinfo main.zi
++ rm public.dir/main.zi
++ cd public.dir && \
++ $(MAKE) PACKRATDATA=backzone PACKRATLIST=zone.tab main.zi
++ public.dir/zic -d public.dir/zoneinfo main.zi
+ :
+ rm -fr public.dir
+ touch $@
+@@ -1027,9 +1061,9 @@
+ ALL_ASC = $(TRADITIONAL_ASC) $(REARGUARD_ASC) \
+ tzdb-$(VERSION).tar.lz.asc
+
+-tarballs rearguard_tarballs traditional_tarballs \
++tarballs rearguard_tarballs tailored_tarballs traditional_tarballs \
+ signatures rearguard_signatures traditional_signatures: \
+- version set-timestamps.out rearguard.zi
++ version set-timestamps.out rearguard.zi vanguard.zi
+ VERSION=`cat version` && \
+ $(MAKE) AWK='$(AWK)' VERSION="$$VERSION" $@_version
+
+@@ -1042,6 +1076,8 @@
+ tzdata$(VERSION)-rearguard.tar.gz
+ traditional_tarballs_version: \
+ tzcode$(VERSION).tar.gz tzdata$(VERSION).tar.gz
++tailored_tarballs_version: \
++ tzdata$(VERSION)-tailored.tar.gz
+ signatures_version: $(ALL_ASC)
+ rearguard_signatures_version: $(REARGUARD_ASC)
+ traditional_signatures_version: $(TRADITIONAL_ASC)
+@@ -1055,34 +1091,76 @@
+
+ tzdata$(VERSION).tar.gz: set-timestamps.out
+ LC_ALL=C && export LC_ALL && \
+- tar $(TARFLAGS) -cf - $(COMMON) $(DATA) $(MISC) | \
++ tar $(TARFLAGS) -cf - $(TZDATA_DIST) | \
+ gzip $(GZIPFLAGS) >$@.out
+ mv $@.out $@
+
++# Create empty files with a reproducible timestamp.
++CREATE_EMPTY = TZ=UTC0 touch -mt 202010122253.00
++
++# The obsolescent *rearguard* targets and related macros are present
++# for backwards compatibility with tz releases 2018e through 2022a.
++# They should go away eventually. To build rearguard tarballs you
++# can instead use 'make DATAFORM=rearguard tailored_tarballs'.
+ tzdata$(VERSION)-rearguard.tar.gz: rearguard.zi set-timestamps.out
+- rm -fr tzdata$(VERSION)-rearguard.dir
+- mkdir tzdata$(VERSION)-rearguard.dir
+- ln $(COMMON) $(DATA) $(MISC) tzdata$(VERSION)-rearguard.dir
+- cd tzdata$(VERSION)-rearguard.dir && \
+- rm -f $(TDATA) $(PACKRATDATA) version
++ rm -fr $@.dir
++ mkdir $@.dir
++ ln $(TZDATA_DIST) $@.dir
++ cd $@.dir && rm -f $(TDATA) $(PACKRATDATA) version
+ for f in $(TDATA) $(PACKRATDATA); do \
+- rearf=tzdata$(VERSION)-rearguard.dir/$$f; \
++ rearf=$@.dir/$$f; \
+ $(AWK) -v DATAFORM=rearguard -f ziguard.awk $$f >$$rearf && \
+ $(SET_TIMESTAMP_DEP) $$rearf ziguard.awk $$f || exit; \
+ done
+- sed '1s/$$/-rearguard/' \
+- <version >tzdata$(VERSION)-rearguard.dir/version
++ sed '1s/$$/-rearguard/' <version >$@.dir/version
+ : The dummy pacificnew pacifies TZUpdater 2.3.1 and earlier.
+- TZ=UTC0 touch -mt 202010122253.00 \
+- tzdata$(VERSION)-rearguard.dir/pacificnew
+- touch -cmr version tzdata$(VERSION)-rearguard.dir/version
++ $(CREATE_EMPTY) $@.dir/pacificnew
++ touch -cmr version $@.dir/version
+ LC_ALL=C && export LC_ALL && \
+- (cd tzdata$(VERSION)-rearguard.dir && \
++ (cd $@.dir && \
+ tar $(TARFLAGS) -cf - \
+- $(COMMON) $(DATA) $(MISC) pacificnew | \
++ $(TZDATA_DIST) pacificnew | \
+ gzip $(GZIPFLAGS)) >$@.out
+ mv $@.out $@
+
++# Create a tailored tarball suitable for TZUpdater and compatible tools.
++# For example, 'make DATAFORM=vanguard tailored_tarballs' makes a tarball
++# useful for testing whether TZUpdater supports vanguard form.
++# The generated tarball is not byte-for-byte equivalent to a hand-tailored
++# traditional tarball, as data entries are put into 'etcetera' even if they
++# came from some other source file. However, the effect should be the same
++# for ordinary use, which reads all the source files.
++tzdata$(VERSION)-tailored.tar.gz: set-timestamps.out
++ rm -fr $@.dir
++ mkdir $@.dir
++ : The dummy pacificnew pacifies TZUpdater 2.3.1 and earlier.
++ cd $@.dir && \
++ $(CREATE_EMPTY) $(PRIMARY_YDATA) $(NDATA) backward \
++ `test $(DATAFORM) = vanguard || echo pacificnew`
++ (grep '^#' tzdata.zi && echo && cat $(DATAFORM).zi) \
++ >$@.dir/etcetera
++ touch -cmr tzdata.zi $@.dir/etcetera
++ sed -n \
++ -e '/^# *version *\(.*\)/h' \
++ -e '/^# *ddeps */H' \
++ -e '$$!d' \
++ -e 'g' \
++ -e 's/^# *version *//' \
++ -e 's/\n# *ddeps */-/' \
++ -e 's/ /-/g' \
++ -e 'p' \
++ <tzdata.zi >$@.dir/version
++ touch -cmr version $@.dir/version
++ links= && \
++ for file in $(TZDATA_DIST); do \
++ test -f $@.dir/$$file || links="$$links $$file"; \
++ done && \
++ ln $$links $@.dir
++ LC_ALL=C && export LC_ALL && \
++ (cd $@.dir && \
++ tar $(TARFLAGS) -cf - * | gzip $(GZIPFLAGS)) >$@.out
++ mv $@.out $@
++
+ tzdb-$(VERSION).tar.lz: set-timestamps.out set-tzs-timestamp.out
+ rm -fr tzdb-$(VERSION)
+ mkdir tzdb-$(VERSION)
+@@ -1134,13 +1212,14 @@
+ .PHONY: check_web check_zishrink
+ .PHONY: clean clean_misc dummy.zd force_tzs
+ .PHONY: install install_data maintainer-clean names
+-.PHONY: posix_only posix_packrat posix_right public
++.PHONY: posix_only posix_right public
+ .PHONY: rearguard_signatures rearguard_signatures_version
+ .PHONY: rearguard_tarballs rearguard_tarballs_version
+ .PHONY: right_only right_posix signatures signatures_version
+ .PHONY: tarballs tarballs_version
+ .PHONY: traditional_signatures traditional_signatures_version
+ .PHONY: traditional_tarballs traditional_tarballs_version
++.PHONY: tailored_tarballs tailored_tarballs_version
+ .PHONY: typecheck
+ .PHONY: zonenames zones
+ .PHONY: $(ZDS)
+--- contrib/tzdata/NEWS.orig
++++ contrib/tzdata/NEWS
+@@ -1,5 +1,140 @@
+ News for the tz database
+
++Release 2022c - 2022-08-15 17:47:18 -0700
++
++ Briefly:
++ Work around awk bug in FreeBSD, macOS, etc.
++ Improve tzselect on intercontinental Zones.
++
++ Changes to code
++
++ Work around a bug in onetrueawk that broke commands like
++ 'make traditional_tarballs' on FreeBSD, macOS, etc.
++ (Problem reported by Deborah Goldsmith.)
++
++ Add code to tzselect that uses experimental structured comments in
++ zone1970.tab to clarify whether Zones like Africa/Abidjan and
++ Europe/Istanbul cross continent or ocean boundaries.
++ (Inspired by a problem reported by Peter Krefting.)
++
++ Fix bug with 'zic -d /a/b/c' when /a is unwritable but the
++ directory /a/b already exists.
++
++ Remove zoneinfo2tdf.pl, as it was unused and triggered false
++ malware alarms on some email servers.
++
++
++Release 2022b - 2022-08-10 15:38:32 -0700
++
++ Briefly:
++ Chile's DST is delayed by a week in September 2022.
++ Iran no longer observes DST after 2022.
++ Rename Europe/Kiev to Europe/Kyiv.
++ New zic -R option
++ Vanguard form now uses %z.
++ Finish moving duplicate-since-1970 zones to 'backzone'.
++ New build option PACKRATLIST
++ New tailored_tarballs target, replacing rearguard_tarballs
++
++ Changes to future timestamps
++
++ Chile's 2022 DST start is delayed from September 4 to September 11.
++ (Thanks to Juan Correa.)
++
++ Iran plans to stop observing DST permanently, after it falls back
++ on 2022-09-21. (Thanks to Ali Mirjamali.)
++
++ Changes to past timestamps
++
++ Finish moving to 'backzone' the location-based zones whose
++ timestamps since 1970 are duplicates; adjust links accordingly.
++ This change ordinarily affects only pre-1970 timestamps, and with
++ the new PACKRATLIST option it does not affect any timestamps.
++ In this round the affected zones are Antarctica/Vostok,
++ Asia/Brunei, Asia/Kuala_Lumpur, Atlantic/Reykjavik,
++ Europe/Amsterdam, Europe/Copenhagen, Europe/Luxembourg,
++ Europe/Monaco, Europe/Oslo, Europe/Stockholm, Indian/Christmas,
++ Indian/Cocos, Indian/Kerguelen, Indian/Mahe, Indian/Reunion,
++ Pacific/Chuuk, Pacific/Funafuti, Pacific/Majuro, Pacific/Pohnpei,
++ Pacific/Wake and Pacific/Wallis, and the affected links are
++ Arctic/Longyearbyen, Atlantic/Jan_Mayen, Iceland, Pacific/Ponape,
++ Pacific/Truk, and Pacific/Yap.
++
++ From fall 1994 through fall 1995, Shanks wrote that Crimea's
++ DST transitions were at 02:00 standard time, not at 00:00.
++ (Thanks to Michael Deckers.)
++
++ Iran adopted standard time in 1935, not 1946. In 1977 it observed
++ DST from 03-21 23:00 to 10-20 24:00; its 1978 transitions were on
++ 03-24 and 08-05, not 03-20 and 10-20; and its spring 1979
++ transition was on 05-27, not 03-21.
++ (Thanks to Roozbeh Pournader and Francis Santoni.)
++
++ Chile's observance of -04 from 1946-08-29 through 1947-03-31 was
++ considered DST, not standard time. Santiago and environs had moved
++ their clocks back to rejoin the rest of mainland Chile; put this
++ change at the end of 1946-08-28. (Thanks to Michael Deckers.)
++
++ Some old, small clock transitions have been removed, as people at
++ the time did not change their clocks. This affects Asia/Hong_Kong
++ in 1904, Asia/Ho_Chi_Minh in 1906, and Europe/Dublin in 1880.
++
++ Changes to zone name
++
++ Rename Europe/Kiev to Europe/Kyiv, as "Kyiv" is more common in
++ English now. Spelling of other names in Ukraine has not yet
++ demonstrably changed in common English practice so for now these
++ names retain old spellings, as in other countries (e.g.,
++ Europe/Prague not "Praha", and Europe/Sofia not "Sofiya").
++
++ Changes to code
++
++ zic has a new option '-R @N' to output explicit transitions < N.
++ (Need suggested by Almaz Mingaleev.)
++
++ 'zic -r @N' no longer outputs bad data when N < first transition.
++ (Problem introduced in 2021d and reported by Peter Krefting.)
++
++ zic now checks its input for NUL bytes and unterminated lines, and
++ now supports input line lengths up to 2048 (not 512) bytes.
++
++ gmtime and related code now use the abbreviation "UTC" not "GMT".
++ POSIX is being revised to require this.
++
++ When tzset and related functions set vestigial static variables
++ like tzname, they now prefer specified timestamps to unspecified ones.
++ (Problem reported by Almaz Mingaleev.)
++
++ zic no longer complains "can't determine time zone abbreviation to
++ use just after until time" when a transition to a new standard
++ time occurs simultaneously with the first DST fallback transition.
++
++ Changes to build procedure
++
++ Source data in vanguard form now uses the %z notation, introduced
++ in release 2015f. For example, for America/Sao_Paulo vanguard
++ form contains the zone continuation line "-3:00 Brazil %z", which
++ is simpler and more reliable than the line "-3:00 Brazil -03/-02"
++ used in main and rearguard forms. The plan is for the main form
++ to use %z eventually; in the meantime maintainers of zi parsers
++ are encouraged to test the parsers on vanguard.zi.
++
++ The Makefile has a new PACKRATLIST option to select a subset of
++ 'backzone'. For example, 'make PACKRATDATA=backzone
++ PACKRATLIST=zone.tab' now generates TZif files identical to those
++ of the global-tz project.
++
++ The Makefile has a new tailored_tarballs target for generating
++ special-purpose tarballs. It generalizes and replaces the
++ rearguard_tarballs target and related targets and macros, which
++ are now obsolescent.
++
++ 'make install' now defaults LOCALTIME to Factory not GMT,
++ which means the default abbreviation is now "-00" not "GMT".
++
++ Remove the posix_packrat target, marked obsolescent in 2016a.
++
++
+ Release 2022a - 2022-03-15 23:02:01 -0700
+
+ Briefly:
+@@ -161,7 +296,7 @@
+ Rename Pacific/Enderbury to Pacific/Kanton. When we added
+ Enderbury in 1993, we did not know that it is uninhabited and that
+ Kanton (population two dozen) is the only inhabited location in
+- that timezone. The old name is now a backward-compatility link.
++ that timezone. The old name is now a backward-compatibility link.
+
+ Changes to past timestamps
+
+@@ -1315,7 +1450,7 @@
+ Changes to build procedure
+
+ The distribution now contains the file 'pacificnew' again.
+- This file was inadvertantly omitted in the 2018a distribution.
++ This file was inadvertently omitted in the 2018a distribution.
+ (Problem reported by Matias Fonzo.)
+
+
+@@ -4387,7 +4522,7 @@
+
+ changes by Paul Eggert
+
+- Derick Rethan's Asmara change
++ Derick Rethans's Asmara change
+
+ Oscar van Vlijmen's Easter Island local mean time change
+
+--- contrib/tzdata/africa.orig
++++ contrib/tzdata/africa
+@@ -159,6 +159,7 @@
+ Link Africa/Abidjan Africa/Lome # Togo
+ Link Africa/Abidjan Africa/Nouakchott # Mauritania
+ Link Africa/Abidjan Africa/Ouagadougou # Burkina Faso
++Link Africa/Abidjan Atlantic/Reykjavik # Iceland
+ Link Africa/Abidjan Atlantic/St_Helena # St Helena
+
+ # Djibouti
+@@ -169,7 +170,7 @@
+ # Egypt
+
+ # Milne says Cairo used 2:05:08.9, the local mean time of the Abbasizeh
+-# observatory; round to nearest. Milne also says that the official time for
++# observatory. Milne also says that the official time for
+ # Egypt was mean noon at the Great Pyramid, 2:04:30.5, but apparently this
+ # did not apply to Cairo, Alexandria, or Port Said.
+
+@@ -354,6 +355,7 @@
+ Rule Egypt 2014 only - Sep lastThu 24:00 0 -
+
+ # Zone NAME STDOFF RULES FORMAT [UNTIL]
++ #STDOFF 2:05:08.9
+ Zone Africa/Cairo 2:05:09 - LMT 1900 Oct
+ 2:00 Egypt EE%sT
+
+@@ -407,7 +409,7 @@
+ # At midnight on 30 June 1928 the clocks throughout Kenya was put forward
+ # half an hour by the Alteration of Time Ordinance, 1928.
+ # https://gazettes.africa/archive/ke/1928/ke-government-gazette-dated-1928-05-11-no-28.pdf
+-# [Ordinance No. 11 of 1928, The Offical Gazette, 1928-06-26, p 813]
++# [Ordinance No. 11 of 1928, The Official Gazette, 1928-06-26, p 813]
+ # https://books.google.com/books?id=2S0S6os32ZUC&pg=PA813
+ #
+ # The 1928 ordinance was repealed by the Alteration of Time (repeal) Ordinance,
+@@ -1310,21 +1312,9 @@
+ Link Africa/Lagos Africa/Porto-Novo # Benin
+
+ # Réunion
+-# Zone NAME STDOFF RULES FORMAT [UNTIL]
+-Zone Indian/Reunion 3:41:52 - LMT 1911 Jun # Saint-Denis
+- 4:00 - +04
+-#
+-# Scattered Islands (Îles Éparses) administered from Réunion are as follows.
+-# The following information about them is taken from
*** 3572 LINES SKIPPED ***