- Update to 5.6.2:
* Remove the backdoor (CVE-2024-3094).
* Not changed: Memory sanitizer (MSAN) has a false positive
in the CRC CLMUL code which also makes OSS Fuzz unhappy.
Valgrind is smarter and doesn't complain.
A revision to the CLMUL code is coming anyway and this issue
will be cleaned up as part of it. It won't be backported to
5.6.x or 5.4.x because the old code isn't wrong. There is
no reason to risk introducing regressions in old branches
just to silence a false positive.
* liblzma:
- lzma_index_decoder() and lzma_index_buffer_decode(): Fix
a missing output pointer initialization (*i = NULL) if the
functions are called with invalid arguments. The API docs
say that such an initialization is always done. In practice
this matters very little because the problem can only occur
if the calling application has a bug and these functions
return LZMA_PROG_ERROR.
- lzma_str_to_filters(): Fix a missing output pointer
initialization (*error_pos = 0). This is very similar
to the fix above.
- Fix C standard conformance with function pointer types.
- Remove GNU indirect function (IFUNC) support. This is *NOT*
done for security reasons even though the backdoor relied on
this code. The performance benefits of IFUNC are too tiny in
this project to make the extra complexity worth it.
- FreeBSD on ARM64: Add error checking to CRC32 instruction
support detection.
- Fix building with NVIDIA HPC SDK.
* xz:
OBS-URL: https://build.opensuse.org/request/show/1177678
OBS-URL: https://build.opensuse.org/package/show/Base:System/xz?expand=0&rev=165
- revert the switch to tar_scm which dropped the signature
validation
- switch back to tarballs because the upstream tarballs are not
gone
- reinstanciate keyring from Lasse
- go back to the last release signed by Lasse (5.4.2)
- revert multibuild, drop service and rpmlintrc
- use real_ver for the Source, move everything else back to
%version like before the hectic XZ downgrade
- remove payload setting, we are using zstd now
- Switch to using tar_scm for fetching the sources as the upstream
tarballs on github are gone
- introduce _multibuild to allow building the translations outside
of Ring0 and everything else in Ring0
- add rpmlintrc to silence harmless warnings
OBS-URL: https://build.opensuse.org/request/show/1167536
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/xz?expand=0&rev=90
- update to 5.6.0:
* This bumps the minor version of liblzma because new
features were added. The API and ABI are still backward
compatible with liblzma 5.4.x and 5.2.x and 5.0.x.
* liblzma:
- Disabled the branchless C variant in the LZMA
decoder based on the benchmark results from the community.
- Disabled x86-64 inline assembly on x32 to fix the
build.
* Sandboxing support in xz:
- Landlock is now used even when xz needs to create
files.
- Landlock and pledge(2) are now stricter when
reading from more than one input file and only writing to
standard output.
- Added support for Landlock ABI version 4.
- Now builds lzmainfo and lzmadec.
- xzdiff, xzgrep, xzless, xzmore, and their symlinks
are now installed. The scripts are also tested during "make
test".
- Added translation support for xz, lzmainfo, and the
man pages.
- Minimum required CMake version is now 3.14.
* liblzma:
- LZMA decoder: Speed optimizations to the C code and
added GCC & Clang compatible inline assembly for
x86-64.
- Added lzma_mt_block_size() to recommend a Block
size for multithreaded encoding.
- Added CLMUL-based CRC32 on x86-64 and E2K with
OBS-URL: https://build.opensuse.org/request/show/1155110
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/xz?expand=0&rev=85
* This bumps the minor version of liblzma because new
features were added. The API and ABI are still backward
compatible with liblzma 5.4.x and 5.2.x and 5.0.x.
* liblzma:
- Disabled the branchless C variant in the LZMA
decoder based on the benchmark results from the community.
- Disabled x86-64 inline assembly on x32 to fix the
build.
* Sandboxing support in xz:
- Landlock is now used even when xz needs to create
files.
- Landlock and pledge(2) are now stricter when
reading from more than one input file and only writing to
standard output.
- Added support for Landlock ABI version 4.
- Now builds lzmainfo and lzmadec.
- xzdiff, xzgrep, xzless, xzmore, and their symlinks
are now installed. The scripts are also tested during "make
test".
- Added translation support for xz, lzmainfo, and the
man pages.
- Minimum required CMake version is now 3.14.
* liblzma:
- LZMA decoder: Speed optimizations to the C code and
added GCC & Clang compatible inline assembly for
x86-64.
- Added lzma_mt_block_size() to recommend a Block
size for multithreaded encoding.
- Added CLMUL-based CRC32 on x86-64 and E2K with
OBS-URL: https://build.opensuse.org/package/show/Base:System/xz?expand=0&rev=145
* Fixed a bug involving internal function pointers in liblzma
not being initialized to NULL. The bug can only be
triggered if lzma_filters_update() is called on a LZMA1
encoder, so it does not affect xz or any application known
to us that uses liblzma.
* Fixed a regression introduced in 5.4.2 that caused
encoding in the raw format to unnecessarily fail if --suffix
was not used. For instance, the following command no longer
reports that --suffix must be used:
echo foo | xz --format=raw --lzma2 | wc -c
* Fixed an issue on MinGW-w64 builds that prevented
reading from or writing to non-terminal character devices
like NUL.
* Added a new test.
- Build XZ with full RELRO.
- Put libraries back in %{_libdir}, /usr merge project.
- Fix build in armv5el doesnt like profiling
* Polish translation was added.
* Support for "xz --list" was added
- remove static libraries, see bnc#509945 for details
- added baselibs.conf (for rpm-32bit)
OBS-URL: https://build.opensuse.org/package/show/Base:System/xz?expand=0&rev=142
- Update to version 5.4.5:
* liblzma:
- Fixed an assertion failure that could be triggered by a large
unpadded_size argument. It was verified that there was no
other bug than the assertion failure.
- Fixed a bug that prevented building with Windows Vista
threading when __attribute__((__constructor__)) is not
supported.
* xz now properly handles special files such as "con" or "nul" on
Windows. Before this fix, the following wrote "foo" to the
console and deleted the input file "con_xz":
echo foo | xz > con_xz
xz --suffix=_xz --decompress con_xz
* Small fixes and improvements to the tests.
* Updated translations: Chinese (simplified) and Esperanto.
OBS-URL: https://build.opensuse.org/request/show/1124051
OBS-URL: https://build.opensuse.org/package/show/Base:System/xz?expand=0&rev=140
- Update to version 5.4.2:
* All fixes from 5.2.11 that were not included in 5.4.1.
* If xz is built with support for the Capsicum sandbox but running
in an environment that doesn't support Capsicum, xz now runs
normally without sandboxing instead of exiting with an error.
* liblzma:
- Documentation was updated to improve the style, consistency,
and completeness of the liblzma API headers.
- The Doxygen-generated HTML documentation for the liblzma API
header files is now included in the source release and is
installed as part of "make install". All JavaScript is
removed to simplify license compliance and to reduce the
install size.
- Fixed a minor bug in lzma_str_from_filters() that produced
too many filters in the output string instead of reporting
an error if the input array had more than four filters. This
bug did not affect xz.
* Build systems:
- autogen.sh now invokes the doxygen tool via the new wrapper
script doxygen/update-doxygen, unless the command line option
--no-doxygen is used.
- Added microlzma_encoder.c and microlzma_decoder.c to the
VS project files for Windows and to the CMake build. These
should have been included in 5.3.2alpha.
* Tests:
- Added a test to the CMake build that was forgotten in the
previous release.
- Added and refactored a few tests.
* Translations:
- Updated the Brazilian Portuguese translation.
OBS-URL: https://build.opensuse.org/request/show/1073266
OBS-URL: https://build.opensuse.org/package/show/Base:System/xz?expand=0&rev=129
- update to 5.4.1:
* liblzma:
- Fixed the return value of lzma_microlzma_encoder() if the
LZMA options lc/lp/pb are invalid. Invalid lc/lp/pb options
made the function return LZMA_STREAM_END without encoding
anything instead of returning LZMA_OPTIONS_ERROR.
* Tests:
- Fixed test script compatibility with ancient /bin/sh
versions. Now the five test_compress_* tests should
no longer fail on Solaris 10.
- Added and refactored a few tests.
* Translations:
- Updated the Catalan and Esperanto translations.
- Added Korean and Ukrainian man page translations.
OBS-URL: https://build.opensuse.org/request/show/1060588
OBS-URL: https://build.opensuse.org/package/show/Base:System/xz?expand=0&rev=125
- update to 5.4.0:
This bumps the minor version of liblzma because new features were
added. The API and ABI are still backward compatible with liblzma
5.2.x and 5.0.x.
Summary of new features added in the 5.3.x development releases:
* liblzma:
- Added threaded .xz decompressor lzma_stream_decoder_mt().
It can use multiple threads with .xz files that have multiple
Blocks with size information in Block Headers. The threaded
encoder in xz has always created such files.
Single-threaded encoder cannot store the size information in
Block Headers even if one used LZMA_FULL_FLUSH to create
multiple Blocks, so this threaded decoder cannot use multiple
threads with such files.
If there are multiple Streams (concatenated .xz files), one
Stream will be decompressed completely before starting the
next Stream.
- A new decoder flag LZMA_FAIL_FAST was added. It makes the
threaded decompressor report errors soon instead of first
flushing all pending data before the error location.
- New Filter IDs:
* LZMA_FILTER_ARM64 is for ARM64 binaries.
* LZMA_FILTER_LZMA1EXT is for raw LZMA1 streams that don't
necessarily use the end marker.
- Added lzma_str_to_filters(), lzma_str_from_filters(), and
lzma_str_list_filters() to convert a preset or a filter chain
string to a lzma_filter[] and vice versa. These should make
it easier to write applications that allow users to specify
custom compression options.
- Added lzma_filters_free() which can be convenient for freeing
OBS-URL: https://build.opensuse.org/request/show/1045839
OBS-URL: https://build.opensuse.org/package/show/Base:System/xz?expand=0&rev=123
- update to 5.2.10:
* xz: Don't modify argv[] when parsing the --memlimit* and
--block-list command line options. This fixes confusing
arguments in process listing (like "ps auxf").
* GNU/Linux only: Use __has_attribute(__symver__) to detect if
that attribute is supported. This fixes build on Mandriva where
Clang is patched to define __GNUC__ to 11 by default (instead
of 4 as used by Clang upstream).
* liblzma:
- Fixed an infinite loop in LZMA encoder initialization
if dict_size >= 2 GiB.
- Fixed two cases of invalid free() that can happen if
a tiny allocation fails in encoder re-initialization
or in lzma_filters_update(). These bugs had some
similarities with the bug fixed in 5.2.7.
- Fixed lzma_block_encoder() not allowing the use of
LZMA_SYNC_FLUSH with lzma_code() even though it was
documented to be supported. The sync-flush code in
the Block encoder was already used internally via
lzma_stream_encoder(), so this was just a missing flag
in the lzma_block_encoder() API function.
- GNU/Linux only: Don't put symbol versions into static
liblzma as it breaks things in some cases (and even if
it didn't break anything, symbol versions in static
libraries are useless anyway). The downside of the fix
is that if the configure options --with-pic or --without-pic
are used then it's not possible to build both shared and
static liblzma at the same time on GNU/Linux anymore;
with those options --disable-static or --disable-shared
must be used too.
OBS-URL: https://build.opensuse.org/request/show/1043472
OBS-URL: https://build.opensuse.org/package/show/Base:System/xz?expand=0&rev=121
