diff --git a/xz-5.2.6.tar.gz b/xz-5.2.6.tar.gz deleted file mode 100644 index 75d2edc..0000000 --- a/xz-5.2.6.tar.gz +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:a2105abee17bcd2ebd15ced31b4f5eda6e17efd6b10f921a01cda4a44c91b3a0 -size 2069602 diff --git a/xz-5.2.6.tar.gz.sig b/xz-5.2.6.tar.gz.sig deleted file mode 100644 index e0945d5..0000000 Binary files a/xz-5.2.6.tar.gz.sig and /dev/null differ diff --git a/xz-5.2.7.tar.gz b/xz-5.2.7.tar.gz new file mode 100644 index 0000000..b699809 --- /dev/null +++ b/xz-5.2.7.tar.gz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:06327c2ddc81e126a6d9a78b0be5014b976a2c0832f492dcfc4755d7facf6d33 +size 2105803 diff --git a/xz-5.2.7.tar.gz.sig b/xz-5.2.7.tar.gz.sig new file mode 100644 index 0000000..6605d7e Binary files /dev/null and b/xz-5.2.7.tar.gz.sig differ diff --git a/xz.changes b/xz.changes index a02e51d..fc3d0a0 100644 --- a/xz.changes +++ b/xz.changes @@ -1,3 +1,68 @@ +------------------------------------------------------------------- +Fri Sep 30 21:20:14 UTC 2022 - C J + +- update to 5.2.7: + * liblzma: + - Add API doc note about the .xz decoder LZMA_MEMLIMIT_ERROR bug. + - Add dest and src NULL checks to lzma_index_cat. + The documentation states LZMA_PROG_ERROR can be returned from + lzma_index_cat. Previously, lzma_index_cat could not return + LZMA_PROG_ERROR. Now, the validation is similar to + lzma_index_append, which does a NULL check on the index + parameter. + - Fix copying of check type statistics in lzma_index_cat(). + The check type of the last Stream in dest was never copied to + dest->checks (the code tried to copy it but it was done too late). + This meant that the value returned by lzma_index_checks() would + only include the check type of the last Stream when multiple + lzma_indexes had been concatenated. + In xz --list this meant that the summary would only list the + check type of the last Stream, so in this sense this was only + a visual bug. However, it's possible that some applications + use this information for purposes other than merely showing + it to the users in an informational message. I'm not aware of + such applications though and it's quite possible that such + applications don't exist. + Regular streamed decompression in xz or any other application + doesn't use lzma_index_cat() and so this bug cannot affect them. + - Stream decoder: Fix restarting after LZMA_MEMLIMIT_ERROR. + If lzma_code() returns LZMA_MEMLIMIT_ERROR it is now possible + to use lzma_memlimit_set() to increase the limit and continue + decoding. This was supposed to work from the beginning but + there was a bug. With other decoders (.lzma or threaded .xz) + this already worked correctly. + - lzma_filters_copy: Keep dest[] unmodified if an error occurs. + lzma_stream_encoder() and lzma_stream_encoder_mt() always assumed + this. Before this patch, failing lzma_filters_copy() could result + in free(invalid_pointer) or invalid memory reads in stream_encoder.c + or stream_encoder_mt.c. + To trigger this, allocating memory for a filter options structure + has to fail. These are tiny allocations so in practice they very + rarely fail. + Certain badness in the filter chain array could also make + lzma_filters_copy() fail but both stream_encoder.c and + stream_encoder_mt.c validate the filter chain before + trying to copy it, so the crash cannot occur this way. + - lzma_index_append: Add missing integer overflow check. + The documentation in src/liblzma/api/lzma/index.h suggests that + both the unpadded (compressed) size and the uncompressed size + are checked for overflow, but only the unpadded size was checked. + The uncompressed check is done first since that is more likely to + occur than the unpadded or index field size overflows. + - Vaccinate against an ill patch from RHEL/CentOS 7. + + * xzgrep: + - Fix compatibility with old shells. + Turns out that some old shells don't like apostrophes (') inside + command substitutions. The problem was introduced by commits + 69d1b3fc29677af8ade8dc15dba83f0589cb63d6 (2022-03-29), + bd7b290f3fe4faeceb7d3497ed9bf2e6ed5e7dc5 (2022-07-18), and + a648978b20495b7aa4a8b029c5a810b5ad9d08ff (2022-07-19). + 5.2.6 is the only stable release that included + this problem. + + * Translations: Add Turkish translation. + ------------------------------------------------------------------- Fri Aug 12 20:50:23 UTC 2022 - Dirk Müller diff --git a/xz.spec b/xz.spec index 1e47362..84cb0df 100644 --- a/xz.spec +++ b/xz.spec @@ -19,7 +19,7 @@ # avoid bootstrapping problem %define _binary_payload w9.bzdio Name: xz -Version: 5.2.6 +Version: 5.2.7 Release: 0 Summary: A Program for Compressing Files with the Lempel–Ziv–Markov algorithm License: GPL-2.0-or-later AND LGPL-2.1-or-later AND SUSE-Public-Domain