SHA256
1
0
forked from pool/xz
xz/xz.changes

1233 lines
53 KiB
Plaintext
Raw Permalink Normal View History

Accepting request 1177678 from home:polslinux:branches:Base:System - Update to 5.6.2: * Remove the backdoor (CVE-2024-3094). * Not changed: Memory sanitizer (MSAN) has a false positive in the CRC CLMUL code which also makes OSS Fuzz unhappy. Valgrind is smarter and doesn't complain. A revision to the CLMUL code is coming anyway and this issue will be cleaned up as part of it. It won't be backported to 5.6.x or 5.4.x because the old code isn't wrong. There is no reason to risk introducing regressions in old branches just to silence a false positive. * liblzma: - lzma_index_decoder() and lzma_index_buffer_decode(): Fix a missing output pointer initialization (*i = NULL) if the functions are called with invalid arguments. The API docs say that such an initialization is always done. In practice this matters very little because the problem can only occur if the calling application has a bug and these functions return LZMA_PROG_ERROR. - lzma_str_to_filters(): Fix a missing output pointer initialization (*error_pos = 0). This is very similar to the fix above. - Fix C standard conformance with function pointer types. - Remove GNU indirect function (IFUNC) support. This is *NOT* done for security reasons even though the backdoor relied on this code. The performance benefits of IFUNC are too tiny in this project to make the extra complexity worth it. - FreeBSD on ARM64: Add error checking to CRC32 instruction support detection. - Fix building with NVIDIA HPC SDK. * xz: OBS-URL: https://build.opensuse.org/request/show/1177678 OBS-URL: https://build.opensuse.org/package/show/Base:System/xz?expand=0&rev=165
2024-05-31 14:27:32 +02:00
-------------------------------------------------------------------
Thu May 30 06:08:18 UTC 2024 - Paolo Stivanin <info@paolostivanin.com>
- Update to 5.6.2:
* Remove the backdoor (CVE-2024-3094).
* Not changed: Memory sanitizer (MSAN) has a false positive
in the CRC CLMUL code which also makes OSS Fuzz unhappy.
Valgrind is smarter and doesn't complain.
A revision to the CLMUL code is coming anyway and this issue
will be cleaned up as part of it. It won't be backported to
5.6.x or 5.4.x because the old code isn't wrong. There is
no reason to risk introducing regressions in old branches
just to silence a false positive.
* liblzma:
- lzma_index_decoder() and lzma_index_buffer_decode(): Fix
a missing output pointer initialization (*i = NULL) if the
functions are called with invalid arguments. The API docs
say that such an initialization is always done. In practice
this matters very little because the problem can only occur
if the calling application has a bug and these functions
return LZMA_PROG_ERROR.
- lzma_str_to_filters(): Fix a missing output pointer
initialization (*error_pos = 0). This is very similar
to the fix above.
- Fix C standard conformance with function pointer types.
- Remove GNU indirect function (IFUNC) support. This is *NOT*
done for security reasons even though the backdoor relied on
this code. The performance benefits of IFUNC are too tiny in
this project to make the extra complexity worth it.
- FreeBSD on ARM64: Add error checking to CRC32 instruction
support detection.
- Fix building with NVIDIA HPC SDK.
* xz:
- Fix a C standard conformance issue in --block-list parsing
(arithmetic on a null pointer).
- Fix a warning from GNU groff when processing the man page:
"warning: cannot select font 'CW'"
* xzdec: Add support for Linux Landlock ABI version 4. xz already
had the v3-to-v4 change but it had been forgotten from xzdec.
-------------------------------------------------------------------
Fri Apr 12 16:22:12 UTC 2024 - Dirk Müller <dmueller@suse.com>
- revert the switch to tar_scm which dropped the signature
validation
- switch back to tarballs because the upstream tarballs are not
gone
- reinstanciate keyring from Lasse
- go back to the last release signed by Lasse (5.4.2)
- revert multibuild, drop service and rpmlintrc
- use real_ver for the Source, move everything else back to
%version like before the hectic XZ downgrade
- remove payload setting, we are using zstd now
-------------------------------------------------------------------
Thu Apr 4 07:16:46 UTC 2024 - Dan Čermák <dcermak@suse.com>
- Switch to using tar_scm for fetching the sources as the upstream
tarballs on github are gone
- introduce _multibuild to allow building the translations outside
of Ring0 and everything else in Ring0
- add rpmlintrc to silence harmless warnings
-------------------------------------------------------------------
Thu Mar 28 13:51:05 UTC 2024 - Dirk Müller <dmueller@suse.com>
- restore a bigger version number so that update works
-------------------------------------------------------------------
Mon Jan 29 21:36:02 UTC 2024 - Danilo Spinella <danilo.spinella@suse.com>
- Build static library on SLE
-------------------------------------------------------------------
Sun Jan 28 10:10:07 UTC 2024 - Dirk Müller <dmueller@suse.com>
- update to 5.4.6:
* Fixed a bug involving internal function pointers in liblzma
not being initialized to NULL. The bug can only be
triggered if lzma_filters_update() is called on a LZMA1
encoder, so it does not affect xz or any application known
to us that uses liblzma.
* Fixed a regression introduced in 5.4.2 that caused
encoding in the raw format to unnecessarily fail if --suffix
was not used. For instance, the following command no longer
reports that --suffix must be used:
echo foo | xz --format=raw --lzma2 | wc -c
* Fixed an issue on MinGW-w64 builds that prevented
reading from or writing to non-terminal character devices
like NUL.
* Added a new test.
-------------------------------------------------------------------
Tue Nov 7 16:10:26 UTC 2023 - Andrea Manzini <andrea.manzini@suse.com>
- Update to version 5.4.5:
* liblzma:
- Fixed an assertion failure that could be triggered by a large
unpadded_size argument. It was verified that there was no
other bug than the assertion failure.
- Fixed a bug that prevented building with Windows Vista
threading when __attribute__((__constructor__)) is not
supported.
* xz now properly handles special files such as "con" or "nul" on
Windows. Before this fix, the following wrote "foo" to the
console and deleted the input file "con_xz":
echo foo | xz > con_xz
xz --suffix=_xz --decompress con_xz
* Small fixes and improvements to the tests.
* Updated translations: Chinese (simplified) and Esperanto.
-------------------------------------------------------------------
Wed Aug 16 13:58:09 UTC 2023 - Dominique Leuenberger <dimstar@opensuse.org>
- xznew: Remove bashsism.
- build: pass CONFIG_SHELL=/bin/sh to configure: the posix tools
are setting the current SHELL as the shebang, which is overkill:
any posix compliant shell, aka /bin/sh, is sufficient.
-------------------------------------------------------------------
Thu Aug 3 07:01:39 UTC 2023 - Paolo Stivanin <info@paolostivanin.com>
- Update to version 5.4.4:
* liblzma and xzdec can now build against WASI SDK when threading
support is disabled. xz and tests don't build yet.
* documentation update
* translations update
-------------------------------------------------------------------
Fri May 5 05:47:01 UTC 2023 - Andreas Stieger <andreas.stieger@gmx.de>
- Update to version 5.4.3:
* Build system fixes
* Translation updates: Croatian
- update signing key
-------------------------------------------------------------------
Thu Apr 6 11:01:33 UTC 2023 - Frederic Crozat <fcrozat@suse.com>
- Update license tag, there is GPL-3.0-or-later code too.
Accepting request 1073266 from home:pluskalm:branches:Base:System - Update to version 5.4.2: * All fixes from 5.2.11 that were not included in 5.4.1. * If xz is built with support for the Capsicum sandbox but running in an environment that doesn't support Capsicum, xz now runs normally without sandboxing instead of exiting with an error. * liblzma: - Documentation was updated to improve the style, consistency, and completeness of the liblzma API headers. - The Doxygen-generated HTML documentation for the liblzma API header files is now included in the source release and is installed as part of "make install". All JavaScript is removed to simplify license compliance and to reduce the install size. - Fixed a minor bug in lzma_str_from_filters() that produced too many filters in the output string instead of reporting an error if the input array had more than four filters. This bug did not affect xz. * Build systems: - autogen.sh now invokes the doxygen tool via the new wrapper script doxygen/update-doxygen, unless the command line option --no-doxygen is used. - Added microlzma_encoder.c and microlzma_decoder.c to the VS project files for Windows and to the CMake build. These should have been included in 5.3.2alpha. * Tests: - Added a test to the CMake build that was forgotten in the previous release. - Added and refactored a few tests. * Translations: - Updated the Brazilian Portuguese translation. OBS-URL: https://build.opensuse.org/request/show/1073266 OBS-URL: https://build.opensuse.org/package/show/Base:System/xz?expand=0&rev=129
2023-03-20 16:53:14 +01:00
-------------------------------------------------------------------
Mon Mar 20 13:44:24 UTC 2023 - Martin Pluskal <mpluskal@suse.com>
- Update to version 5.4.2:
* All fixes from 5.2.11 that were not included in 5.4.1.
* If xz is built with support for the Capsicum sandbox but running
in an environment that doesn't support Capsicum, xz now runs
normally without sandboxing instead of exiting with an error.
* liblzma:
- Documentation was updated to improve the style, consistency,
and completeness of the liblzma API headers.
- The Doxygen-generated HTML documentation for the liblzma API
header files is now included in the source release and is
installed as part of "make install". All JavaScript is
removed to simplify license compliance and to reduce the
install size.
- Fixed a minor bug in lzma_str_from_filters() that produced
too many filters in the output string instead of reporting
an error if the input array had more than four filters. This
bug did not affect xz.
* Build systems:
- autogen.sh now invokes the doxygen tool via the new wrapper
script doxygen/update-doxygen, unless the command line option
--no-doxygen is used.
- Added microlzma_encoder.c and microlzma_decoder.c to the
VS project files for Windows and to the CMake build. These
should have been included in 5.3.2alpha.
* Tests:
- Added a test to the CMake build that was forgotten in the
previous release.
- Added and refactored a few tests.
* Translations:
- Updated the Brazilian Portuguese translation.
- Added Brazilian Portuguese man page translation.
-------------------------------------------------------------------
Wed Mar 8 11:19:12 UTC 2023 - Martin Pluskal <mpluskal@suse.com>
- Build AVX2 enabled hwcaps library for x86_64-v3
-------------------------------------------------------------------
Sat Jan 21 09:56:39 UTC 2023 - Dirk Müller <dmueller@suse.com>
- update to 5.4.1:
* liblzma:
- Fixed the return value of lzma_microlzma_encoder() if the
LZMA options lc/lp/pb are invalid. Invalid lc/lp/pb options
made the function return LZMA_STREAM_END without encoding
anything instead of returning LZMA_OPTIONS_ERROR.
* Tests:
- Fixed test script compatibility with ancient /bin/sh
versions. Now the five test_compress_* tests should
no longer fail on Solaris 10.
- Added and refactored a few tests.
* Translations:
- Updated the Catalan and Esperanto translations.
- Added Korean and Ukrainian man page translations.
Accepting request 1045839 from home:dirkmueller:Factory - update to 5.4.0: This bumps the minor version of liblzma because new features were added. The API and ABI are still backward compatible with liblzma 5.2.x and 5.0.x. Summary of new features added in the 5.3.x development releases: * liblzma: - Added threaded .xz decompressor lzma_stream_decoder_mt(). It can use multiple threads with .xz files that have multiple Blocks with size information in Block Headers. The threaded encoder in xz has always created such files. Single-threaded encoder cannot store the size information in Block Headers even if one used LZMA_FULL_FLUSH to create multiple Blocks, so this threaded decoder cannot use multiple threads with such files. If there are multiple Streams (concatenated .xz files), one Stream will be decompressed completely before starting the next Stream. - A new decoder flag LZMA_FAIL_FAST was added. It makes the threaded decompressor report errors soon instead of first flushing all pending data before the error location. - New Filter IDs: * LZMA_FILTER_ARM64 is for ARM64 binaries. * LZMA_FILTER_LZMA1EXT is for raw LZMA1 streams that don't necessarily use the end marker. - Added lzma_str_to_filters(), lzma_str_from_filters(), and lzma_str_list_filters() to convert a preset or a filter chain string to a lzma_filter[] and vice versa. These should make it easier to write applications that allow users to specify custom compression options. - Added lzma_filters_free() which can be convenient for freeing OBS-URL: https://build.opensuse.org/request/show/1045839 OBS-URL: https://build.opensuse.org/package/show/Base:System/xz?expand=0&rev=123
2023-01-02 10:11:26 +01:00
-------------------------------------------------------------------
Fri Dec 30 16:04:16 UTC 2022 - Dirk Müller <dmueller@suse.com>
- update to 5.4.0:
This bumps the minor version of liblzma because new features were
added. The API and ABI are still backward compatible with liblzma
5.2.x and 5.0.x.
Summary of new features added in the 5.3.x development releases:
* liblzma:
- Added threaded .xz decompressor lzma_stream_decoder_mt().
It can use multiple threads with .xz files that have multiple
Blocks with size information in Block Headers. The threaded
encoder in xz has always created such files.
Single-threaded encoder cannot store the size information in
Block Headers even if one used LZMA_FULL_FLUSH to create
multiple Blocks, so this threaded decoder cannot use multiple
threads with such files.
If there are multiple Streams (concatenated .xz files), one
Stream will be decompressed completely before starting the
next Stream.
- A new decoder flag LZMA_FAIL_FAST was added. It makes the
threaded decompressor report errors soon instead of first
flushing all pending data before the error location.
- New Filter IDs:
* LZMA_FILTER_ARM64 is for ARM64 binaries.
* LZMA_FILTER_LZMA1EXT is for raw LZMA1 streams that don't
necessarily use the end marker.
- Added lzma_str_to_filters(), lzma_str_from_filters(), and
lzma_str_list_filters() to convert a preset or a filter chain
string to a lzma_filter[] and vice versa. These should make
it easier to write applications that allow users to specify
custom compression options.
- Added lzma_filters_free() which can be convenient for freeing
the filter options in a filter chain (an array of lzma_filter
structures).
- lzma_file_info_decoder() to makes it a little easier to get
the Index field from .xz files. This helps in getting the
uncompressed file size but an easy-to-use random access
API is still missing which has existed in XZ for Java for
a long time.
- Added lzma_microlzma_encoder() and lzma_microlzma_decoder().
It is used by erofs-utils and may be used by others too.
The MicroLZMA format is a raw LZMA stream (without end marker)
whose first byte (always 0x00) has been replaced with
bitwise-negation of the LZMA properties (lc/lp/pb). It was
created for use in EROFS but may be used in other contexts
as well where it is important to avoid wasting bytes for
stream headers or footers. The format is also supported by
XZ Embedded (the XZ Embedded version in Linux got MicroLZMA
support in Linux 5.16).
The MicroLZMA encoder API in liblzma can compress into a
fixed-sized output buffer so that as much data is compressed
as can be fit into the buffer while still creating a valid
MicroLZMA stream. This is needed for EROFS.
- Added lzma_lzip_decoder() to decompress the .lz (lzip) file
format version 0 and the original unextended version 1 files.
Also lzma_auto_decoder() supports .lz files.
- lzma_filters_update() can now be used with the multi-threaded
encoder (lzma_stream_encoder_mt()) to change the filter chain
after LZMA_FULL_BARRIER or LZMA_FULL_FLUSH.
- In lzma_options_lzma, allow nice_len = 2 and 3 with the match
finders that require at least 3 or 4. Now it is internally
rounded up if needed.
- CLMUL-based CRC64 on x86-64 and E2K with runtime processor
detection. On 32-bit x86 it currently isn't available unless
--disable-assembler is used which can make the non-CLMUL
CRC64 slower; this might be fixed in the future.
- Building with --disable-threads --enable-small
is now thread-safe if the compiler supports
__attribute__((__constructor__)).
* xz:
- Using -T0 (--threads=0) will now use multi-threaded encoder
even on a single-core system. This is to ensure that output
from the same xz binary is identical on both single-core and
multi-core systems.
- --threads=+1 or -T+1 is now a way to put xz into
multi-threaded mode while using only one worker thread.
The + is ignored if the number is not 1.
- A default soft memory usage limit is now used for compression
when -T0 is used and no explicit limit has been specified.
This soft limit is used to restrict the number of threads
but if the limit is exceeded with even one thread then xz
will continue with one thread using the multi-threaded
encoder and this limit is ignored. If the number of threads
is specified manually then no default limit will be used;
this affects only -T0.
This change helps on systems that have very many cores and
using all of them for xz makes no sense. Previously xz -T0
could run out of memory on such systems because it attempted
to reserve memory for too many threads.
This also helps with 32-bit builds which don't have a large
amount of address space that would be required for many
threads. The default soft limit for -T0 is at most 1400 MiB
on all 32-bit platforms.
- Previously a low value in --memlimit-compress wouldn't cause
xz to switch from multi-threaded mode to single-threaded mode
if the limit cannot otherwise be met; xz failed instead. Now
xz can switch to single-threaded mode and then, if needed,
scale down the LZMA2 dictionary size too just like it already
did when it was started in single-threaded mode.
- The option --no-adjust no longer prevents xz from scaling down
the number of threads as that doesn't affect the compressed
output (only performance). Now --no-adjust only prevents
adjustments that affect compressed output, that is, with
--no-adjust xz won't switch from multi-threaded mode to
single-threaded mode and won't scale down the LZMA2
dictionary size.
- Added a new option --memlimit-mt-decompress=LIMIT. This is
used to limit the number of decompressor threads (possibly
falling back to single-threaded mode) but it will never make
xz refuse to decompress a file. This has a system-specific
default value because without any limit xz could end up
allocating memory for the whole compressed input file, the
whole uncompressed output file, multiple thread-specific
decompressor instances and so on. Basically xz could
attempt to use an insane amount of memory even with fairly
common files. The system-specific default value is currently
the same as the one used for compression with -T0.
The new option works together with the existing option
--memlimit-decompress=LIMIT. The old option sets a hard limit
that must not be exceeded (xz will refuse to decompress)
while the new option only restricts the number of threads.
If the limit set with --memlimit-mt-decompress is greater
than the limit set with --memlimit-compress, then the latter
value is used also for --memlimit-mt-decompress.
- Added new information to the output of xz --info-memory and
new fields to the output of xz --robot --info-memory.
- In --lzma2=nice=NUMBER allow 2 and 3 with all match finders
now that liblzma handles it.
- Don't mention endianness for ARM and ARM-Thumb filters in
--long-help. The filters only work for little endian
instruction encoding but modern ARM processors using
big endian data access still use little endian
instruction encoding. So the help text was misleading.
In contrast, the PowerPC filter is only for big endian
32/64-bit PowerPC code. Little endian PowerPC would need
a separate filter.
- Added decompression support for the .lz (lzip) file format
version 0 and the original unextended version 1. It is
autodetected by default. See also the option --format on
the xz man page.
- Sandboxing enabled by default:
* Capsicum (FreeBSD)
* pledge(2) (OpenBSD)
* Scripts now support the .lz format using xz.
* A few new tests were added.
* The liblzma-specific tests are now supported in CMake-based
builds too ("make test").
Accepting request 1043472 from home:dirkmueller:Factory - update to 5.2.10: * xz: Don't modify argv[] when parsing the --memlimit* and --block-list command line options. This fixes confusing arguments in process listing (like "ps auxf"). * GNU/Linux only: Use __has_attribute(__symver__) to detect if that attribute is supported. This fixes build on Mandriva where Clang is patched to define __GNUC__ to 11 by default (instead of 4 as used by Clang upstream). * liblzma: - Fixed an infinite loop in LZMA encoder initialization if dict_size >= 2 GiB. - Fixed two cases of invalid free() that can happen if a tiny allocation fails in encoder re-initialization or in lzma_filters_update(). These bugs had some similarities with the bug fixed in 5.2.7. - Fixed lzma_block_encoder() not allowing the use of LZMA_SYNC_FLUSH with lzma_code() even though it was documented to be supported. The sync-flush code in the Block encoder was already used internally via lzma_stream_encoder(), so this was just a missing flag in the lzma_block_encoder() API function. - GNU/Linux only: Don't put symbol versions into static liblzma as it breaks things in some cases (and even if it didn't break anything, symbol versions in static libraries are useless anyway). The downside of the fix is that if the configure options --with-pic or --without-pic are used then it's not possible to build both shared and static liblzma at the same time on GNU/Linux anymore; with those options --disable-static or --disable-shared must be used too. OBS-URL: https://build.opensuse.org/request/show/1043472 OBS-URL: https://build.opensuse.org/package/show/Base:System/xz?expand=0&rev=121
2022-12-19 15:42:33 +01:00
-------------------------------------------------------------------
Sat Dec 17 17:23:35 UTC 2022 - Dirk Müller <dmueller@suse.com>
- update to 5.2.10:
* xz: Don't modify argv[] when parsing the --memlimit* and
--block-list command line options. This fixes confusing
arguments in process listing (like "ps auxf").
* GNU/Linux only: Use __has_attribute(__symver__) to detect if
that attribute is supported. This fixes build on Mandriva where
Clang is patched to define __GNUC__ to 11 by default (instead
of 4 as used by Clang upstream).
* liblzma:
- Fixed an infinite loop in LZMA encoder initialization
if dict_size >= 2 GiB.
- Fixed two cases of invalid free() that can happen if
a tiny allocation fails in encoder re-initialization
or in lzma_filters_update(). These bugs had some
similarities with the bug fixed in 5.2.7.
- Fixed lzma_block_encoder() not allowing the use of
LZMA_SYNC_FLUSH with lzma_code() even though it was
documented to be supported. The sync-flush code in
the Block encoder was already used internally via
lzma_stream_encoder(), so this was just a missing flag
in the lzma_block_encoder() API function.
- GNU/Linux only: Don't put symbol versions into static
liblzma as it breaks things in some cases (and even if
it didn't break anything, symbol versions in static
libraries are useless anyway). The downside of the fix
is that if the configure options --with-pic or --without-pic
are used then it's not possible to build both shared and
static liblzma at the same time on GNU/Linux anymore;
with those options --disable-static or --disable-shared
must be used too.
- drop unused xz-devel-static which is no longer supported when using
--with-pic (which is needed for shared libs)
-------------------------------------------------------------------
Thu Dec 1 09:33:47 UTC 2022 - Jan Engelhardt <jengelh@inai.de>
- Rename xz-static-devel -> xz-devel-static to follow the general
naming used in openSUSE.
Accepting request 1036633 from home:dspinella:branches:Base:System - Update to 5.2.8: * xz: - If xz cannot remove an input file when it should, this is now treated as a warning (exit status 2) instead of an error (exit status 1). This matches GNU gzip and it is more logical as at that point the output file has already been successfully closed. - Fix handling of .xz files with an unsupported check type. Previously such printed a warning message but then xz behaved as if an error had occurred (didn't decompress, exit status 1). Now a warning is printed, decompression is done anyway, and exit status is 2. This used to work slightly before 5.0.0. In practice this bug matters only if xz has been built with some check types disabled. As instructed in PACKAGERS, such builds should be done in special situations only. - Fix "xz -dc --single-stream tests/files/good-0-empty.xz" which failed with "Internal error (bug)". That is, --single-stream was broken if the first .xz stream in the input file didn't contain any uncompressed data. - Fix displaying file sizes in the progress indicator when working in passthru mode and there are multiple input files. Just like "gzip -cdf", "xz -cdf" works like "cat" when the input file isn't a supported compressed file format. In this case the file size counters weren't reset between files so with multiple input files the progress indicator displayed an incorrect (too large) value. * liblzma: - API docs in lzma/container.h: * Update the list of decoder flags in the decoder OBS-URL: https://build.opensuse.org/request/show/1036633 OBS-URL: https://build.opensuse.org/package/show/Base:System/xz?expand=0&rev=117
2022-11-18 14:36:45 +01:00
-------------------------------------------------------------------
Fri Nov 18 10:56:35 UTC 2022 - Danilo Spinella <danilo.spinella@suse.com>
- Update to 5.2.8:
* xz:
- If xz cannot remove an input file when it should, this
is now treated as a warning (exit status 2) instead of
an error (exit status 1). This matches GNU gzip and it
is more logical as at that point the output file has
already been successfully closed.
- Fix handling of .xz files with an unsupported check type.
Previously such printed a warning message but then xz
behaved as if an error had occurred (didn't decompress,
exit status 1). Now a warning is printed, decompression
is done anyway, and exit status is 2. This used to work
slightly before 5.0.0. In practice this bug matters only
if xz has been built with some check types disabled. As
instructed in PACKAGERS, such builds should be done in
special situations only.
- Fix "xz -dc --single-stream tests/files/good-0-empty.xz"
which failed with "Internal error (bug)". That is,
--single-stream was broken if the first .xz stream in
the input file didn't contain any uncompressed data.
- Fix displaying file sizes in the progress indicator when
working in passthru mode and there are multiple input files.
Just like "gzip -cdf", "xz -cdf" works like "cat" when the
input file isn't a supported compressed file format. In
this case the file size counters weren't reset between
files so with multiple input files the progress indicator
displayed an incorrect (too large) value.
* liblzma:
- API docs in lzma/container.h:
* Update the list of decoder flags in the decoder
function docs.
* Explain LZMA_CONCATENATED behavior with .lzma files
in lzma_auto_decoder() docs.
- OpenBSD: Use HW_NCPUONLINE to detect the number of
available hardware threads in lzma_physmem().
- Fix use of wrong macro to detect x86 SSE2 support.
__SSE2_MATH__ was used with GCC/Clang but the correct
one is __SSE2__. The first one means that SSE2 is used
for floating point math which is irrelevant here.
The affected SSE2 code isn't used on x86-64 so this affects
only 32-bit x86 builds that use -msse2 without -mfpmath=sse
(there is no runtime detection for SSE2). It improves LZMA
compression speed (not decompression).
- Fix the build with Intel C compiler 2021 (ICC, not ICX)
on Linux. It defines __GNUC__ to 10 but doesn't support
the __symver__ attribute introduced in GCC 10.
* Scripts: Ignore warnings from xz by using --quiet --no-warn.
This is needed if the input .xz files use an unsupported
check type.
* Translations:
- Updated Croatian and Turkish translations.
- One new translations wasn't included because it needed
technical fixes. It will be in upcoming 5.4.0. No new
translations will be added to the 5.2.x branch anymore.
- Renamed the French man page translation file from
fr_FR.po to fr.po and thus also its install directory
(like /usr/share/man/fr_FR -> .../fr).
- Man page translations for upcoming 5.4.0 are now handled
in the Translation Project.
* Update doc/faq.txt a little so it's less out-of-date.
-------------------------------------------------------------------
Tue Oct 4 20:36:09 UTC 2022 - Callum Farmer <gmbr3@opensuse.org>
- Move localised man pages to lang subpackage
Accepting request 1007351 from home:CJ:branches:Base:System - update to 5.2.7: * liblzma: - Add API doc note about the .xz decoder LZMA_MEMLIMIT_ERROR bug. - Add dest and src NULL checks to lzma_index_cat. The documentation states LZMA_PROG_ERROR can be returned from lzma_index_cat. Previously, lzma_index_cat could not return LZMA_PROG_ERROR. Now, the validation is similar to lzma_index_append, which does a NULL check on the index parameter. - Fix copying of check type statistics in lzma_index_cat(). The check type of the last Stream in dest was never copied to dest->checks (the code tried to copy it but it was done too late). This meant that the value returned by lzma_index_checks() would only include the check type of the last Stream when multiple lzma_indexes had been concatenated. In xz --list this meant that the summary would only list the check type of the last Stream, so in this sense this was only a visual bug. However, it's possible that some applications use this information for purposes other than merely showing it to the users in an informational message. I'm not aware of such applications though and it's quite possible that such applications don't exist. Regular streamed decompression in xz or any other application doesn't use lzma_index_cat() and so this bug cannot affect them. - Stream decoder: Fix restarting after LZMA_MEMLIMIT_ERROR. If lzma_code() returns LZMA_MEMLIMIT_ERROR it is now possible to use lzma_memlimit_set() to increase the limit and continue decoding. This was supposed to work from the beginning but there was a bug. With other decoders (.lzma or threaded .xz) this already worked correctly. - lzma_filters_copy: Keep dest[] unmodified if an error occurs. lzma_stream_encoder() and lzma_stream_encoder_mt() always assumed this. Before this patch, failing lzma_filters_copy() could result in free(invalid_pointer) or invalid memory reads in stream_encoder.c or stream_encoder_mt.c. To trigger this, allocating memory for a filter options structure has to fail. These are tiny allocations so in practice they very rarely fail. Certain badness in the filter chain array could also make lzma_filters_copy() fail but both stream_encoder.c and stream_encoder_mt.c validate the filter chain before trying to copy it, so the crash cannot occur this way. - lzma_index_append: Add missing integer overflow check. The documentation in src/liblzma/api/lzma/index.h suggests that both the unpadded (compressed) size and the uncompressed size are checked for overflow, but only the unpadded size was checked. The uncompressed check is done first since that is more likely to occur than the unpadded or index field size overflows. - Vaccinate against an ill patch from RHEL/CentOS 7. * xzgrep: - Fix compatibility with old shells. Turns out that some old shells don't like apostrophes (') inside command substitutions. The problem was introduced by commits 69d1b3fc29677af8ade8dc15dba83f0589cb63d6 (2022-03-29), bd7b290f3fe4faeceb7d3497ed9bf2e6ed5e7dc5 (2022-07-18), and a648978b20495b7aa4a8b029c5a810b5ad9d08ff (2022-07-19). 5.2.6 is the only stable release that included this problem. * Translations: Add Turkish translation. OBS-URL: https://build.opensuse.org/request/show/1007351 OBS-URL: https://build.opensuse.org/package/show/Base:System/xz?expand=0&rev=113
2022-10-05 10:45:20 +02:00
-------------------------------------------------------------------
Fri Sep 30 21:20:14 UTC 2022 - C J <c.j@tuta.io>
- update to 5.2.7:
* liblzma:
- Add API doc note about the .xz decoder LZMA_MEMLIMIT_ERROR bug.
- Add dest and src NULL checks to lzma_index_cat.
The documentation states LZMA_PROG_ERROR can be returned from
lzma_index_cat. Previously, lzma_index_cat could not return
LZMA_PROG_ERROR. Now, the validation is similar to
lzma_index_append, which does a NULL check on the index
parameter.
- Fix copying of check type statistics in lzma_index_cat().
The check type of the last Stream in dest was never copied to
dest->checks (the code tried to copy it but it was done too late).
This meant that the value returned by lzma_index_checks() would
only include the check type of the last Stream when multiple
lzma_indexes had been concatenated.
In xz --list this meant that the summary would only list the
check type of the last Stream, so in this sense this was only
a visual bug. However, it's possible that some applications
use this information for purposes other than merely showing
it to the users in an informational message. I'm not aware of
such applications though and it's quite possible that such
applications don't exist.
Regular streamed decompression in xz or any other application
doesn't use lzma_index_cat() and so this bug cannot affect them.
- Stream decoder: Fix restarting after LZMA_MEMLIMIT_ERROR.
If lzma_code() returns LZMA_MEMLIMIT_ERROR it is now possible
to use lzma_memlimit_set() to increase the limit and continue
decoding. This was supposed to work from the beginning but
there was a bug. With other decoders (.lzma or threaded .xz)
this already worked correctly.
- lzma_filters_copy: Keep dest[] unmodified if an error occurs.
lzma_stream_encoder() and lzma_stream_encoder_mt() always assumed
this. Before this patch, failing lzma_filters_copy() could result
in free(invalid_pointer) or invalid memory reads in stream_encoder.c
or stream_encoder_mt.c.
To trigger this, allocating memory for a filter options structure
has to fail. These are tiny allocations so in practice they very
rarely fail.
Certain badness in the filter chain array could also make
lzma_filters_copy() fail but both stream_encoder.c and
stream_encoder_mt.c validate the filter chain before
trying to copy it, so the crash cannot occur this way.
- lzma_index_append: Add missing integer overflow check.
The documentation in src/liblzma/api/lzma/index.h suggests that
both the unpadded (compressed) size and the uncompressed size
are checked for overflow, but only the unpadded size was checked.
The uncompressed check is done first since that is more likely to
occur than the unpadded or index field size overflows.
- Vaccinate against an ill patch from RHEL/CentOS 7.
Accepting request 1007351 from home:CJ:branches:Base:System - update to 5.2.7: * liblzma: - Add API doc note about the .xz decoder LZMA_MEMLIMIT_ERROR bug. - Add dest and src NULL checks to lzma_index_cat. The documentation states LZMA_PROG_ERROR can be returned from lzma_index_cat. Previously, lzma_index_cat could not return LZMA_PROG_ERROR. Now, the validation is similar to lzma_index_append, which does a NULL check on the index parameter. - Fix copying of check type statistics in lzma_index_cat(). The check type of the last Stream in dest was never copied to dest->checks (the code tried to copy it but it was done too late). This meant that the value returned by lzma_index_checks() would only include the check type of the last Stream when multiple lzma_indexes had been concatenated. In xz --list this meant that the summary would only list the check type of the last Stream, so in this sense this was only a visual bug. However, it's possible that some applications use this information for purposes other than merely showing it to the users in an informational message. I'm not aware of such applications though and it's quite possible that such applications don't exist. Regular streamed decompression in xz or any other application doesn't use lzma_index_cat() and so this bug cannot affect them. - Stream decoder: Fix restarting after LZMA_MEMLIMIT_ERROR. If lzma_code() returns LZMA_MEMLIMIT_ERROR it is now possible to use lzma_memlimit_set() to increase the limit and continue decoding. This was supposed to work from the beginning but there was a bug. With other decoders (.lzma or threaded .xz) this already worked correctly. - lzma_filters_copy: Keep dest[] unmodified if an error occurs. lzma_stream_encoder() and lzma_stream_encoder_mt() always assumed this. Before this patch, failing lzma_filters_copy() could result in free(invalid_pointer) or invalid memory reads in stream_encoder.c or stream_encoder_mt.c. To trigger this, allocating memory for a filter options structure has to fail. These are tiny allocations so in practice they very rarely fail. Certain badness in the filter chain array could also make lzma_filters_copy() fail but both stream_encoder.c and stream_encoder_mt.c validate the filter chain before trying to copy it, so the crash cannot occur this way. - lzma_index_append: Add missing integer overflow check. The documentation in src/liblzma/api/lzma/index.h suggests that both the unpadded (compressed) size and the uncompressed size are checked for overflow, but only the unpadded size was checked. The uncompressed check is done first since that is more likely to occur than the unpadded or index field size overflows. - Vaccinate against an ill patch from RHEL/CentOS 7. * xzgrep: - Fix compatibility with old shells. Turns out that some old shells don't like apostrophes (') inside command substitutions. The problem was introduced by commits 69d1b3fc29677af8ade8dc15dba83f0589cb63d6 (2022-03-29), bd7b290f3fe4faeceb7d3497ed9bf2e6ed5e7dc5 (2022-07-18), and a648978b20495b7aa4a8b029c5a810b5ad9d08ff (2022-07-19). 5.2.6 is the only stable release that included this problem. * Translations: Add Turkish translation. OBS-URL: https://build.opensuse.org/request/show/1007351 OBS-URL: https://build.opensuse.org/package/show/Base:System/xz?expand=0&rev=113
2022-10-05 10:45:20 +02:00
* xzgrep:
- Fix compatibility with old shells.
Turns out that some old shells don't like apostrophes (') inside
command substitutions. The problem was introduced by commits
69d1b3fc29677af8ade8dc15dba83f0589cb63d6 (2022-03-29),
bd7b290f3fe4faeceb7d3497ed9bf2e6ed5e7dc5 (2022-07-18), and
a648978b20495b7aa4a8b029c5a810b5ad9d08ff (2022-07-19).
5.2.6 is the only stable release that included
this problem.
Accepting request 1007351 from home:CJ:branches:Base:System - update to 5.2.7: * liblzma: - Add API doc note about the .xz decoder LZMA_MEMLIMIT_ERROR bug. - Add dest and src NULL checks to lzma_index_cat. The documentation states LZMA_PROG_ERROR can be returned from lzma_index_cat. Previously, lzma_index_cat could not return LZMA_PROG_ERROR. Now, the validation is similar to lzma_index_append, which does a NULL check on the index parameter. - Fix copying of check type statistics in lzma_index_cat(). The check type of the last Stream in dest was never copied to dest->checks (the code tried to copy it but it was done too late). This meant that the value returned by lzma_index_checks() would only include the check type of the last Stream when multiple lzma_indexes had been concatenated. In xz --list this meant that the summary would only list the check type of the last Stream, so in this sense this was only a visual bug. However, it's possible that some applications use this information for purposes other than merely showing it to the users in an informational message. I'm not aware of such applications though and it's quite possible that such applications don't exist. Regular streamed decompression in xz or any other application doesn't use lzma_index_cat() and so this bug cannot affect them. - Stream decoder: Fix restarting after LZMA_MEMLIMIT_ERROR. If lzma_code() returns LZMA_MEMLIMIT_ERROR it is now possible to use lzma_memlimit_set() to increase the limit and continue decoding. This was supposed to work from the beginning but there was a bug. With other decoders (.lzma or threaded .xz) this already worked correctly. - lzma_filters_copy: Keep dest[] unmodified if an error occurs. lzma_stream_encoder() and lzma_stream_encoder_mt() always assumed this. Before this patch, failing lzma_filters_copy() could result in free(invalid_pointer) or invalid memory reads in stream_encoder.c or stream_encoder_mt.c. To trigger this, allocating memory for a filter options structure has to fail. These are tiny allocations so in practice they very rarely fail. Certain badness in the filter chain array could also make lzma_filters_copy() fail but both stream_encoder.c and stream_encoder_mt.c validate the filter chain before trying to copy it, so the crash cannot occur this way. - lzma_index_append: Add missing integer overflow check. The documentation in src/liblzma/api/lzma/index.h suggests that both the unpadded (compressed) size and the uncompressed size are checked for overflow, but only the unpadded size was checked. The uncompressed check is done first since that is more likely to occur than the unpadded or index field size overflows. - Vaccinate against an ill patch from RHEL/CentOS 7. * xzgrep: - Fix compatibility with old shells. Turns out that some old shells don't like apostrophes (') inside command substitutions. The problem was introduced by commits 69d1b3fc29677af8ade8dc15dba83f0589cb63d6 (2022-03-29), bd7b290f3fe4faeceb7d3497ed9bf2e6ed5e7dc5 (2022-07-18), and a648978b20495b7aa4a8b029c5a810b5ad9d08ff (2022-07-19). 5.2.6 is the only stable release that included this problem. * Translations: Add Turkish translation. OBS-URL: https://build.opensuse.org/request/show/1007351 OBS-URL: https://build.opensuse.org/package/show/Base:System/xz?expand=0&rev=113
2022-10-05 10:45:20 +02:00
* Translations: Add Turkish translation.
Accepting request 994818 from home:dirkmueller:Factory - update to 5.2.6 (CVE-2022-1271, bsc#1198062): * xz: - The --keep option now accepts symlinks, hardlinks, and setuid, setgid, and sticky files. - When copying metadata from the source file to the destination file, don't try to set the group (GID) if it is already set correctly. This avoids a failure on OpenBSD (and possibly on a few other OSes) where files may get created so that their group doesn't belong to the user, and fchown(2) can fail even if it needs to do nothing. - Cap --memlimit-compress to 2000 MiB instead of 4020 MiB on MIPS32 because on MIPS32 userspace processes are limited to 2 GiB of address space. * liblzma: - Fixed a missing error-check in the threaded encoder. If a small memory allocation fails, a .xz file with an invalid Index field would be created. Decompressing such a file would produce the correct output but result in an error at the end. Thus this is a "mild" data corruption bug. Note that while a failed memory allocation can trigger the bug, it cannot cause invalid memory access. - The decoder for .lzma files now supports files that have uncompressed size stored in the header and still use the end of payload marker (end of stream marker) at the end of the LZMA stream. Such files are rare but, according to the documentation in LZMA SDK, they are valid. doc/lzma-file-format.txt was updated too. - Improved 32-bit x86 assembly files: * Support Intel Control-flow Enforcement Technology (CET) * Use non-executable stack on FreeBSD. OBS-URL: https://build.opensuse.org/request/show/994818 OBS-URL: https://build.opensuse.org/package/show/Base:System/xz?expand=0&rev=111
2022-08-16 08:45:42 +02:00
-------------------------------------------------------------------
Fri Aug 12 20:50:23 UTC 2022 - Dirk Müller <dmueller@suse.com>
- update to 5.2.6 (CVE-2022-1271, bsc#1198062):
* xz:
- The --keep option now accepts symlinks, hardlinks, and
setuid, setgid, and sticky files.
- When copying metadata from the source file to the destination
file, don't try to set the group (GID) if it is already set
correctly. This avoids a failure on OpenBSD (and possibly on
a few other OSes) where files may get created so that their
group doesn't belong to the user, and fchown(2) can fail even
if it needs to do nothing.
- Cap --memlimit-compress to 2000 MiB instead of 4020 MiB on
MIPS32 because on MIPS32 userspace processes are limited
to 2 GiB of address space.
* liblzma:
- Fixed a missing error-check in the threaded encoder. If a
small memory allocation fails, a .xz file with an invalid
Index field would be created. Decompressing such a file would
produce the correct output but result in an error at the end.
Thus this is a "mild" data corruption bug. Note that while
a failed memory allocation can trigger the bug, it cannot
cause invalid memory access.
- The decoder for .lzma files now supports files that have
uncompressed size stored in the header and still use the
end of payload marker (end of stream marker) at the end
of the LZMA stream. Such files are rare but, according to
the documentation in LZMA SDK, they are valid.
doc/lzma-file-format.txt was updated too.
- Improved 32-bit x86 assembly files:
* Support Intel Control-flow Enforcement Technology (CET)
* Use non-executable stack on FreeBSD.
* xzgrep:
- Fixed arbitrary command injection via a malicious filename
(CVE-2022-1271, ZDI-CAN-16587). A standalone patch for
this was released to the public on 2022-04-07. A slight
robustness improvement has been made since then and, if
using GNU or *BSD grep, a new faster method is now used
that doesn't use the old sed-based construct at all. This
also fixes bad output with GNU grep >= 3.5 (2020-09-27)
when xzgrepping binary files.
- Fixed detection of corrupt .bz2 files.
- Improved error handling to fix exit status in some situations
and to fix handling of signals: in some situations a signal
didn't make xzgrep exit when it clearly should have. It's
possible that the signal handling still isn't quite perfect
but hopefully it's good enough.
- Documented exit statuses on the man page.
- xzegrep and xzfgrep now use "grep -E" and "grep -F" instead
of the deprecated egrep and fgrep commands.
- Fixed parsing of the options -E, -F, -G, -P, and -X. The
problem occurred when multiple options were specied in
a single argument, for example,
echo foo | xzgrep -Fe foo
treated foo as a filename because -Fe wasn't correctly
split into -F -e.
- Added zstd support.
* xzdiff/xzcmp:
- Fixed wrong exit status. Exit status could be 2 when the
correct value is 1.
- Documented on the man page that exit status of 2 is used
for decompression errors.
- Added zstd support.
* xzless:
- Fix less(1) version detection. It failed if the version number
from "less -V" contained a dot.
-------------------------------------------------------------------
Tue Apr 12 15:35:19 UTC 2022 - Marcus Meissner <meissner@suse.com>
- use https urls.
-------------------------------------------------------------------
Mon Jun 7 11:45:15 UTC 2021 - Jan Engelhardt <jengelh@inai.de>
- Upgrade old rpm constructs.
Accepting request 786367 from home:polslinux:branches:Base:System - Update to 5.2.5: * liblzma: - Fixed several C99/C11 conformance bugs. Now the code is clean under gcc/clang -fsanitize=undefined. Some of these changes might have a negative effect on performance with old GCC versions or compilers other than GCC and Clang. The configure option --enable-unsafe-type-punning can be used to (mostly) restore the old behavior but it shouldn't normally be used. - Improved API documentation of lzma_properties_decode(). - Added a very minor encoder speed optimization. * xz: - Fixed a crash in "xz -dcfv not_an_xz_file". All four options were required to trigger it. The crash occurred in the progress indicator code when xz was in passthru mode where xz works like "cat". - Fixed an integer overflow with 32-bit off_t. It could happen when decompressing a file that has a long run of zero bytes which xz would try to write as a sparse file. Since the build system enables large file support by default, off_t is normally 64-bit even on 32-bit systems. - Fixes for --flush-timeout: * Fix semi-busy-waiting. * Avoid unneeded flushes when no new input has arrived since the previous flush was completed. - Added a special case for 32-bit xz: If --memlimit-compress is used to specify a limit that exceeds 4020 MiB, the limit will be set to 4020 MiB. The values "0" and "max" aren't affected by this and neither is decompression. This hack can be helpful when a 32-bit xz has access to 4 GiB address space but the specified memlimit exceeds 4 GiB. This can happen e.g. with some scripts. - Capsicum sandbox is now enabled by default where available (FreeBSD >= 10). The sandbox debug messages (xz -vv) were removed since they seemed to be more annoying than useful. OBS-URL: https://build.opensuse.org/request/show/786367 OBS-URL: https://build.opensuse.org/package/show/Base:System/xz?expand=0&rev=105
2020-03-25 09:21:28 +01:00
-------------------------------------------------------------------
Wed Mar 18 11:11:48 UTC 2020 - Paolo Stivanin <info@paolostivanin.com>
- Update to 5.2.5:
* liblzma:
- Fixed several C99/C11 conformance bugs. Now the code is clean
under gcc/clang -fsanitize=undefined. Some of these changes
might have a negative effect on performance with old GCC
versions or compilers other than GCC and Clang. The configure
option --enable-unsafe-type-punning can be used to (mostly)
restore the old behavior but it shouldn't normally be used.
- Improved API documentation of lzma_properties_decode().
- Added a very minor encoder speed optimization.
* xz:
- Fixed a crash in "xz -dcfv not_an_xz_file". All four options
were required to trigger it. The crash occurred in the
progress indicator code when xz was in passthru mode where
xz works like "cat".
- Fixed an integer overflow with 32-bit off_t. It could happen
when decompressing a file that has a long run of zero bytes
which xz would try to write as a sparse file. Since the build
system enables large file support by default, off_t is
normally 64-bit even on 32-bit systems.
- Fixes for --flush-timeout:
* Fix semi-busy-waiting.
* Avoid unneeded flushes when no new input has arrived
since the previous flush was completed.
- Added a special case for 32-bit xz: If --memlimit-compress is
used to specify a limit that exceeds 4020 MiB, the limit will
be set to 4020 MiB. The values "0" and "max" aren't affected
by this and neither is decompression. This hack can be
helpful when a 32-bit xz has access to 4 GiB address space
but the specified memlimit exceeds 4 GiB. This can happen
e.g. with some scripts.
- Capsicum sandbox is now enabled by default where available
(FreeBSD >= 10). The sandbox debug messages (xz -vv) were
removed since they seemed to be more annoying than useful.
-------------------------------------------------------------------
Thu Sep 19 07:49:19 UTC 2019 - Ludwig Nussel <lnussel@suse.de>
- Do not recommend lang package. The lang package already has a supplements.
-------------------------------------------------------------------
Fri Aug 2 08:22:51 UTC 2019 - Martin Liška <mliska@suse.cz>
- Use FAT LTO objects in order to provide proper static library.
-------------------------------------------------------------------
Tue May 21 13:05:05 UTC 2019 - Kristýna Streitová <kstreitova@suse.com>
- add SUSE-Public-Domain licence as some parts of xz utils (liblzma,
xz, xzdec, lzmadec, documentation, translated messages, tests,
debug, extra directory) are in public domain licence [bsc#1135709]
-------------------------------------------------------------------
Fri Jun 15 11:11:38 UTC 2018 - astieger@suse.com
- xz 5.2.4:
* liblzma:
- Allow 0 as memory usage limit instead of returning
LZMA_PROG_ERROR. Now 0 is treated as if 1 byte was specified,
which effectively is the same as 0.
- Use "noexcept" keyword instead of "throw()" in the public
headers when a C++11 (or newer standard) compiler is used.
- Added a portability fix for recent Intel C Compilers.
* xz:
- Fix "xz --list --robot missing_or_bad_file.xz" which would
try to print an unitialized string and thus produce garbage
output. Since the exit status is non-zero, most uses of such
a command won't try to interpret the garbage output.
- "xz --list foo.xz" could print "Internal error (bug)" in a
corner case where a specific memory usage limit had been set.
-------------------------------------------------------------------
Mon Mar 19 15:41:58 CET 2018 - kukuk@suse.de
- Use %license instead of %doc [bsc#1082318]
-------------------------------------------------------------------
Mon Jul 10 10:50:01 UTC 2017 - jengelh@inai.de
- % needs to be encoded in description; adjust weird indent there
as well. Expand LZMA in summaries.
-------------------------------------------------------------------
Fri Jun 30 18:25:33 UTC 2017 - olaf@aepfle.de
- Really use the selfdefined CFLAGS during build to fix build
-------------------------------------------------------------------
Sun Jun 25 11:37:03 UTC 2017 - astieger@suse.com
- fix CentOS/RHEL builds after clean-up
-------------------------------------------------------------------
Wed Jun 21 14:11:44 UTC 2017 - mpluskal@suse.com
- Simplify spec file conditions
- Clenup profiled building
- Use full lists of files
-------------------------------------------------------------------
Tue Feb 21 09:03:18 UTC 2017 - adrian@suse.de
- enable static package by default.
Needed for AppImageKit
-------------------------------------------------------------------
Sat Dec 31 22:17:33 UTC 2016 - astieger@suse.com
- xz 5.2.3:
* xz: always close a file before trying to delete it to avoid
problems on some operating system and file system combinations.
* C99/C11 conformance fixes to liblzma. The issues affected at
least some builds using link-time optimizations.
* Fixed bugs in the rarely-used function lzma_index_dup().
* Use of external SHA-256 code is now disabled by default.
It can still be enabled by passing --enable-external-sha256
* Changed CPU core count detection to use sched_getaffinity() on
GNU/Linux and GNU/kFreeBSD.
* Fixes to the build-system
-------------------------------------------------------------------
Sun Mar 13 09:40:51 UTC 2016 - mpluskal@suse.com
- Install xznew with correct permissions (boo#970842)
-------------------------------------------------------------------
Sun Feb 14 09:21:33 UTC 2016 - tchvatal@suse.com
- Do not split out lang_package conditional, used in sle10 out of support
-------------------------------------------------------------------
Tue Nov 10 14:34:14 UTC 2015 - hpj@urpla.net
- fix conversion: spell the missed parts correctly
-------------------------------------------------------------------
Sun Nov 8 13:09:53 UTC 2015 - hpj@urpla.net
- add xznew{,.1}, converted from bznew
-------------------------------------------------------------------
Tue Sep 29 21:28:21 UTC 2015 - astieger@suse.com
- xz 5.2.2:
* Omitted the use of pipe2() even if it is available to avoid
portability issues with some old Linux and glibc combinations
* Updated German translation
* Documented that threaded decompression is not implemented yet
-------------------------------------------------------------------
Fri Feb 27 18:48:48 UTC 2015 - astieger@suse.com
- xz 5.2.1:
* Fixed a compression-ratio regression in fast mode of LZMA1 and
LZMA2.
-------------------------------------------------------------------
Wed Jan 21 11:21:32 UTC 2015 - rguenther@suse.com
- Avoid running configure twice and using -fprofile-generate or
-fprofile-use for compiling configure tests when profiling.
-----------------------------------------------------------------
Thu Dec 25 20:23:28 UTC 2014 - andreas.stieger@gmx.de
- xz 5.2.0:
* liblzma:
- Added support for multi-threaded compression
- Made the uses of lzma_allocator const correct.
- Added lzma_block_uncomp_encode() to create uncompressed
.xz Blocks using LZMA2 uncompressed chunks.
- Added support for LZMA_IGNORE_CHECK.
- A few speed optimizations were made.
- Added support for symbol versioning. It is enabled by default
on GNU/Linux, other GNU-based systems, and FreeBSD.
* xz:
- Fixed a race condition in the signal handling
- Multi-threaded decompression can be enabled with the
--threads (-T) option.
- New command line options in xz: --single-stream,
--block-size=SIZE, --block-list=SIZES,
--flush-timeout=TIMEOUT, and --ignore-check.
- xz -lvv now shows the minimum xz version that is required to
decompress the file. Currently it is 5.0.0 for all supported
.xz files except files with empty LZMA2 streams require 5.0.2.
* xzdiff and xzgrep now support .lzo files if lzop is installed.
The .tzo suffix is also recognized as a shorthand for .tar.lzo.
-------------------------------------------------------------------
Thu Dec 25 20:17:06 UTC 2014 - andreas.stieger@gmx.de
- xz 5.0.8:
* Fixed an old bug in xzgrep that affected OpenBSD and probably
a few other operating systems too.
* Updated French and German translations.
* Minor build system update
-------------------------------------------------------------------
Fri Dec 19 09:43:36 UTC 2014 - meissner@suse.com
- build with PIE support.
-------------------------------------------------------------------
Thu Dec 18 19:37:09 UTC 2014 - crrodriguez@opensuse.org
- Build XZ with full RELRO.
-------------------------------------------------------------------
Tue Sep 23 00:11:27 UTC 2014 - andreas.stieger@gmx.de
- xz 5.0.7:
* Fix regressions introduced in 5.0.6:
- Fix building with non-GNU make.
- Fix invalid Libs.private value in liblzma.pc which broke
static linking against liblzma if the linker flags were
taken from pkg-config.
- include changes from 5.0.6:
* xzgrep now exits with status 0 if at least one file matched.
* A few minor portability and build system fixes
-------------------------------------------------------------------
Sun Nov 24 16:25:53 UTC 2013 - andreas.stieger@gmx.de
- add optional -static-devel library package, intended to publish pixz for
CentOS / RHEL, default off
-------------------------------------------------------------------
Wed Oct 16 08:53:16 UTC 2013 - mvyskocil@suse.com
- Use gzipped archive to prevent a build cycle on older targets
* http://lists.opensuse.org/opensuse-buildservice/2013-10/msg00079.html
- Add a signature and keyring file for source verification
* not enable in spec due bootstrapping issues
-------------------------------------------------------------------
Tue Jul 16 13:52:16 UTC 2013 - idonmez@suse.com
- Update to version 5.0.5
* lzmadec and liblzma's lzma_alone_decoder(): Support decompressing
.lzma files that have less common settings in the headers
(dictionary size other than 2^n or 2^n + 2^(n-1), or uncompressed
size greater than 256 GiB).
* xz:
- Fixes and improvements to error handling.
- Various fixes to the man page.
* xzless: Fixed to work with "less" versions 448 and later
* xzgrep: Made -h an alias for --no-filename.
-------------------------------------------------------------------
Tue Jan 29 17:28:51 UTC 2013 - guillaume@opensuse.org
- Disable profiling for aarch64 arch
-------------------------------------------------------------------
Tue Nov 27 11:10:13 UTC 2012 - sweet_f_a@gmx.de
- Update to version 5.0.4
* liblzma:
- Fix lzma_index_init(). It could crash if memory allocation
failed.
- Fix the possibility of an incorrect LZMA_BUF_ERROR when a BCJ
filter is used and the application only provides exactly as
much output space as is the uncompressed size of the file.
- Fix a bug in doc/examples_old/xz_pipe_decompress.c. It didn't
check if the last call to lzma_code() really returned
LZMA_STREAM_END, which made the program think that truncated
files are valid.
- New example programs in doc/examples (old programs are now in
doc/examples_old). These have more comments and more detailed
error handling.
* Fix "xz -lvv foo.xz". It could crash on some corrupted files.
* Fix output of "xz --robot -lv" and "xz --robot -lvv" which
incorrectly printed the filename also in the "foo (x/x)" format.
* Fix exit status of "xzdiff foo.xz bar.xz".
* Fix exit status of "xzgrep foo binary_file".
* Fix portability to EBCDIC systems.
* Fix a configure issue on AIX with the XL C compiler. See INSTALL
for details.
* Update French, German, Italian, and Polish translations
-------------------------------------------------------------------
Sun Jul 29 17:52:57 UTC 2012 - jengelh@inai.de
- Disable profiling on SPARC due to compiler bug [gcc #54121]
-------------------------------------------------------------------
Fri Jul 6 10:18:06 UTC 2012 - sweet_f_a@gmx.de
- correct license "LGPL-2.1+ and GPL-2.0+" (bnc#770195)
-------------------------------------------------------------------
Sun Feb 12 23:37:44 UTC 2012 - crrodriguez@opensuse.org
- Put libraries back in %{_libdir}, /usr merge project.
-------------------------------------------------------------------
Sun Oct 9 15:25:02 UTC 2011 - sweet_f_a@gmx.de
- rewrite last broken arm portability changes
-------------------------------------------------------------------
Fri Sep 30 20:31:59 UTC 2011 - crrodriguez@opensuse.org
- Fix build in armv5el doesnt like profiling
-------------------------------------------------------------------
Tue Sep 27 13:05:34 UTC 2011 - sweet_f_a@gmx.de
- minor fixes of last portability changes:
* decouple do_profiling and lang_package again
* don't define do_factory, just use lang_package instead
* simplify files section
* do_profiling for some more systems
-------------------------------------------------------------------
Mon Sep 26 15:59:51 UTC 2011 - coolo@suse.com
- build on SLE_10
-------------------------------------------------------------------
Sat Sep 17 15:19:50 UTC 2011 - coolo@suse.com
- remove _service, too fragile
-------------------------------------------------------------------
Fri Sep 16 16:37:32 UTC 2011 - jengelh@medozas.de
- Add xz-devel to baselibs
- Remove redundant sections
-------------------------------------------------------------------
Tue Jun 14 18:04:53 CEST 2011 - dmueller@suse.de
- add recommends xz-lang
-------------------------------------------------------------------
Wed Jun 8 19:25:51 UTC 2011 - coolo@novell.com
- Update to version 5.0.3
* liblzma fixes:
- A memory leak was fixed.
- lzma_stream_buffer_encode() no longer creates an empty .xz
Block if encoding an empty buffer. Such an empty Block with
LZMA2 data would trigger a bug in 5.0.1 and older (see the
first bullet point in 5.0.2 notes). When releasing 5.0.2,
I thought that no encoder creates this kind of files but
I was wrong.
- Validate function arguments better in a few functions. Most
importantly, specifying an unsupported integrity check to
lzma_stream_buffer_encode() no longer creates a corrupt .xz
file. Probably no application tries to do that, so this
shouldn't be a big problem in practice.
- Document that lzma_block_buffer_encode(),
lzma_easy_buffer_encode(), lzma_stream_encoder(), and
lzma_stream_buffer_encode() may return LZMA_UNSUPPORTED_CHECK.
- The return values of the _memusage() functions are now
documented better.
* Fix command name detection in xzgrep. xzegrep and xzfgrep now
correctly use egrep and fgrep instead of grep.
* French translation was added.
-------------------------------------------------------------------
Thu Apr 7 20:43:05 UTC 2011 - crrodriguez@opensuse.org
- Update to version 5.0.2
* LZMA2 decompressor now correctly accepts LZMA2 streams with no
uncompressed data. Previously it considered them corrupt. The
bug can affect applications that use raw LZMA2 streams. It is
very unlikely to affect .xz files because no compressor creates
.xz files with empty LZMA2 streams. (Empty .xz files are a
different thing than empty LZMA2 streams.)
* "xz --suffix=.foo filename.foo" now refuses to compress the
file due to it already having the suffix .foo. It was already
documented on the man page, but the code lacked the test.
* "xzgrep -l foo bar.xz" works now.
* Polish translation was added.
-------------------------------------------------------------------
Fri Mar 4 17:54:21 UTC 2011 - crrodriguez@opensuse.org
- Update to version 5.0.1
* Fix --force on setuid/setgid/sticky and multi-hardlink files.
* Add alloc_size and malloc attributes to a few functions.
* Fix gzip and bzip2 support in xzdiff
-------------------------------------------------------------------
Tue Dec 7 18:47:04 UTC 2010 - cristian.rodriguez@opensuse.org
- Use compiler profile information, makes xz marginally faster
(around 1-2 secs)
-------------------------------------------------------------------
Sat Oct 30 20:17:49 UTC 2010 - jengelh@medozas.de
- Use %_smp_mflags
-------------------------------------------------------------------
Thu Oct 28 09:18:47 UTC 2010 - coolo@novell.com
- adapt baselibs.conf
-------------------------------------------------------------------
Wed Oct 27 00:28:26 UTC 2010 - cristian.rodriguez@opensuse.org
- Update to 5.0.0 final
* The major soname has been bumped to 5.0.0. liblzma API and ABI
are now stable.
* The memory usage limit is now disabled by default
* Added support for XZ_DEFAULTS environment variable
* The compression settings associated with the preset levels
have been changed,they are now less likely to make compression worse.
* Support for "xz --list" was added
-------------------------------------------------------------------
Sat Apr 24 11:38:25 UTC 2010 - coolo@novell.com
- buildrequire pkg-config to fix provides
-------------------------------------------------------------------
Sat Dec 12 18:40:53 CET 2009 - jengelh@medozas.de
- add baselibs.conf as a source
-------------------------------------------------------------------
Fri Sep 4 11:53:41 CEST 2009 - coolo@novell.com
- update to 4.999.9beta
* only some polishment above the git snapshot I took
-------------------------------------------------------------------
Sun Aug 23 14:50:09 CEST 2009 - coolo@novell.com
- borrow %check section from fedora spec
-------------------------------------------------------------------
Thu Aug 20 15:51:47 CEST 2009 - coolo@novell.com
- update to latest git (5.0 still not released)
* a xz man page (bnc#505969)
* fix data corruption in LZ/LZMA2 encoder.
* major documentation update
* install lzdiff, lzgrep, and lzmore as symlinks
* make the default memory usage limit 40 % of RAM for both
compressing and decompressing.
* fixed a crash in liblzma
See git://ctrl.tukaani.org/xz.git for more
-------------------------------------------------------------------
Sun Jun 7 19:39:45 CEST 2009 - crrodriguez@suse.de
- remove static libraries, see bnc#509945 for details
-------------------------------------------------------------------
Sun Feb 22 18:37:26 CET 2009 - ro@suse.de
- added baselibs.conf (for rpm-32bit)
-------------------------------------------------------------------
Mon Feb 16 10:59:51 CET 2009 - coolo@suse.de
- use bzip payload, so users are able to install new rpm on old systems
-------------------------------------------------------------------
Wed Feb 11 12:44:41 CET 2009 - coolo@suse.de
- fix devel symlink
-------------------------------------------------------------------
Fri Feb 6 13:50:53 CET 2009 - schwab@suse.de
- Update to xz-4.999.8beta.
See git://ctrl.tukaani.org/lzma-utils.git.
-------------------------------------------------------------------
Wed Jan 7 10:26:30 CET 2009 - schwab@suse.de
- Update to xz-4.999.7beta.
See git://ctrl.tukaani.org/lzma-utils.git.
- Rename to xz.
-------------------------------------------------------------------
Wed Jul 30 13:53:18 CEST 2008 - schwab@suse.de
- Update to lzma-4.32.7.
* If "lzma -t" is run on a corrupt file or interrupted by a signal,
don't unlink /dev/null.
* Partial fix to race conditions where a signal could make lzma to
unlink both the source and destination files. Now it cannot lose
data anymore, but with bad luck an incomplete file may be left
on the disk.
-------------------------------------------------------------------
Wed May 14 22:04:25 CEST 2008 - schwab@suse.de
- Update to lzma-4.32.6.
* Always use 32-bit integer to hold probability variables. Earlier,
these were 64-bit on 64-bit architectures, which hurt cache
efficiency in the CPU, and thus performance of LZMA. 32-bit
architectures are not affected by this change.
* Fix a theoretical data corruption bug in the LZMA encoder. It is
about overflowing a 32-bit integer, whose typical value stays below
five. I don't know if it is actually possible to construct to a file
that could make it overflow. Even if it were possible, it would "only"
make the output file corrupt so that it is 4 GiB too small; there
are no other security risks. Now the integer is 64-bit to be sure
it won't overflow.
* Add support for copying timestamps on operating systems that support
setting timestamps only by filename, not by file descriptor.
* Several portability fixes were made.
-------------------------------------------------------------------
Fri May 9 11:51:42 CEST 2008 - schwab@suse.de
- Revert last changes.
-------------------------------------------------------------------
Tue May 6 22:36:09 CEST 2008 - bk@suse.de
- ci removed #neededforbuild while mbuild converts to BuildRequires
- bzip2 source to save space (not lzma, so it can be built in <11.0)
-------------------------------------------------------------------
Tue May 6 14:24:02 CEST 2008 - bk@suse.de
- run the package-provided self-test by adding a call to 'make check'
- use %configure instead of equivalent configure call with options
- improved to allow building in SLES and non-SUSE repositories, eg:
- replace obsolete nostatic patch with check for static objects
- use more generic wildcards in the file list for manual pages
-------------------------------------------------------------------
Mon Feb 4 19:20:31 CET 2008 - schwab@suse.de
- Fix installation.
-------------------------------------------------------------------
Mon Feb 4 13:32:06 CET 2008 - schwab@suse.de
- Update to lzma-4.32.5.
* The percentage shown when --verbose is used, works again. Also some
typos were fixed from the messages printed by --verbose.
* Several small portability fixes were made.
-------------------------------------------------------------------
Fri Jan 4 07:12:26 CET 2008 - crrodriguez@suse.de
- Version 4.32.4
* Ignore command line switch --format=alone. This way current scripts
can be written so that they will produce LZMA_Alone format files
even with the new command line tool once it is finishes along with
liblzma.
* The command line tool now tells if the user tries to decode files
in the new .lzma format. The message recommends upgrading to newer
LZMA Utils.
* Added some internal consistency checks to liblzmadec, so that it
doesn't crash if given lzmadec_stream whose initialization failed.
Some applications using zlib and libbzip2 don't check if
initialization was successful, and expect that error gets caught
safely later.
- disable static libraries
- remove liblzmadec.la that has empty dependency_libs
- do not link utils statically
-------------------------------------------------------------------
Mon Dec 3 14:12:12 CET 2007 - dmueller@suse.de
- update to 4.32.3:
* rare file content loss bugs fixed (did not check for error upon close())
* permissions copying fixed
- testsuited switched partially to GPLv3
- fix library package name
-------------------------------------------------------------------
Thu Oct 11 14:52:41 CEST 2007 - schwab@suse.de
- Fix missing include.
-------------------------------------------------------------------
Wed Oct 10 14:56:31 CEST 2007 - schwab@suse.de
- Initial version 4.32.0beta5.