SHA256
3
0
forked from pool/xz

Accepting request 1007351 from home:CJ:branches:Base:System

- update to 5.2.7:
  * liblzma:
    - Add API doc note about the .xz decoder LZMA_MEMLIMIT_ERROR bug.
    - Add dest and src NULL checks to lzma_index_cat.
      The documentation states LZMA_PROG_ERROR can be returned from
      lzma_index_cat. Previously, lzma_index_cat could not return
      LZMA_PROG_ERROR. Now, the validation is similar to
      lzma_index_append, which does a NULL check on the index
      parameter.
    - Fix copying of check type statistics in lzma_index_cat().
      The check type of the last Stream in dest was never copied to
      dest->checks (the code tried to copy it but it was done too late).
      This meant that the value returned by lzma_index_checks() would
      only include the check type of the last Stream when multiple
      lzma_indexes had been concatenated.
      In xz --list this meant that the summary would only list the
      check type of the last Stream, so in this sense this was only
      a visual bug. However, it's possible that some applications
      use this information for purposes other than merely showing
      it to the users in an informational message. I'm not aware of
      such applications though and it's quite possible that such
      applications don't exist.
      Regular streamed decompression in xz or any other application
      doesn't use lzma_index_cat() and so this bug cannot affect them.
    - Stream decoder: Fix restarting after LZMA_MEMLIMIT_ERROR.
      If lzma_code() returns LZMA_MEMLIMIT_ERROR it is now possible
      to use lzma_memlimit_set() to increase the limit and continue
      decoding. This was supposed to work from the beginning but
      there was a bug. With other decoders (.lzma or threaded .xz)
      this already worked correctly.
    - lzma_filters_copy: Keep dest[] unmodified if an error occurs.
      lzma_stream_encoder() and lzma_stream_encoder_mt() always assumed
      this. Before this patch, failing lzma_filters_copy() could result
      in free(invalid_pointer) or invalid memory reads in stream_encoder.c
      or stream_encoder_mt.c.
      To trigger this, allocating memory for a filter options structure
      has to fail. These are tiny allocations so in practice they very
      rarely fail.
      Certain badness in the filter chain array could also make
      lzma_filters_copy() fail but both stream_encoder.c and
      stream_encoder_mt.c validate the filter chain before
      trying to copy it, so the crash cannot occur this way.
    - lzma_index_append: Add missing integer overflow check.
      The documentation in src/liblzma/api/lzma/index.h suggests that
      both the unpadded (compressed) size and the uncompressed size
      are checked for overflow, but only the unpadded size was checked.
      The uncompressed check is done first since that is more likely to
      occur than the unpadded or index field size overflows.
    - Vaccinate against an ill patch from RHEL/CentOS 7.
      
  * xzgrep:
    - Fix compatibility with old shells.
      Turns out that some old shells don't like apostrophes (') inside
      command substitutions. The problem was introduced by commits
      69d1b3fc29677af8ade8dc15dba83f0589cb63d6 (2022-03-29),
      bd7b290f3fe4faeceb7d3497ed9bf2e6ed5e7dc5 (2022-07-18), and
      a648978b20495b7aa4a8b029c5a810b5ad9d08ff (2022-07-19).
      5.2.6 is the only stable release that included
      this problem.
      
  * Translations: Add Turkish translation.

OBS-URL: https://build.opensuse.org/request/show/1007351
OBS-URL: https://build.opensuse.org/package/show/Base:System/xz?expand=0&rev=113
This commit is contained in:
Marcus Meissner 2022-10-05 08:45:20 +00:00 committed by Git OBS Bridge
parent 104f8dece2
commit a9acbf8874
6 changed files with 69 additions and 4 deletions

View File

@ -1,3 +0,0 @@
version https://git-lfs.github.com/spec/v1
oid sha256:a2105abee17bcd2ebd15ced31b4f5eda6e17efd6b10f921a01cda4a44c91b3a0
size 2069602

Binary file not shown.

3
xz-5.2.7.tar.gz Normal file
View File

@ -0,0 +1,3 @@
version https://git-lfs.github.com/spec/v1
oid sha256:06327c2ddc81e126a6d9a78b0be5014b976a2c0832f492dcfc4755d7facf6d33
size 2105803

BIN
xz-5.2.7.tar.gz.sig Normal file

Binary file not shown.

View File

@ -1,3 +1,68 @@
-------------------------------------------------------------------
Fri Sep 30 21:20:14 UTC 2022 - C J <c.j@tuta.io>
- update to 5.2.7:
* liblzma:
- Add API doc note about the .xz decoder LZMA_MEMLIMIT_ERROR bug.
- Add dest and src NULL checks to lzma_index_cat.
The documentation states LZMA_PROG_ERROR can be returned from
lzma_index_cat. Previously, lzma_index_cat could not return
LZMA_PROG_ERROR. Now, the validation is similar to
lzma_index_append, which does a NULL check on the index
parameter.
- Fix copying of check type statistics in lzma_index_cat().
The check type of the last Stream in dest was never copied to
dest->checks (the code tried to copy it but it was done too late).
This meant that the value returned by lzma_index_checks() would
only include the check type of the last Stream when multiple
lzma_indexes had been concatenated.
In xz --list this meant that the summary would only list the
check type of the last Stream, so in this sense this was only
a visual bug. However, it's possible that some applications
use this information for purposes other than merely showing
it to the users in an informational message. I'm not aware of
such applications though and it's quite possible that such
applications don't exist.
Regular streamed decompression in xz or any other application
doesn't use lzma_index_cat() and so this bug cannot affect them.
- Stream decoder: Fix restarting after LZMA_MEMLIMIT_ERROR.
If lzma_code() returns LZMA_MEMLIMIT_ERROR it is now possible
to use lzma_memlimit_set() to increase the limit and continue
decoding. This was supposed to work from the beginning but
there was a bug. With other decoders (.lzma or threaded .xz)
this already worked correctly.
- lzma_filters_copy: Keep dest[] unmodified if an error occurs.
lzma_stream_encoder() and lzma_stream_encoder_mt() always assumed
this. Before this patch, failing lzma_filters_copy() could result
in free(invalid_pointer) or invalid memory reads in stream_encoder.c
or stream_encoder_mt.c.
To trigger this, allocating memory for a filter options structure
has to fail. These are tiny allocations so in practice they very
rarely fail.
Certain badness in the filter chain array could also make
lzma_filters_copy() fail but both stream_encoder.c and
stream_encoder_mt.c validate the filter chain before
trying to copy it, so the crash cannot occur this way.
- lzma_index_append: Add missing integer overflow check.
The documentation in src/liblzma/api/lzma/index.h suggests that
both the unpadded (compressed) size and the uncompressed size
are checked for overflow, but only the unpadded size was checked.
The uncompressed check is done first since that is more likely to
occur than the unpadded or index field size overflows.
- Vaccinate against an ill patch from RHEL/CentOS 7.
* xzgrep:
- Fix compatibility with old shells.
Turns out that some old shells don't like apostrophes (') inside
command substitutions. The problem was introduced by commits
69d1b3fc29677af8ade8dc15dba83f0589cb63d6 (2022-03-29),
bd7b290f3fe4faeceb7d3497ed9bf2e6ed5e7dc5 (2022-07-18), and
a648978b20495b7aa4a8b029c5a810b5ad9d08ff (2022-07-19).
5.2.6 is the only stable release that included
this problem.
* Translations: Add Turkish translation.
-------------------------------------------------------------------
Fri Aug 12 20:50:23 UTC 2022 - Dirk Müller <dmueller@suse.com>

View File

@ -19,7 +19,7 @@
# avoid bootstrapping problem
%define _binary_payload w9.bzdio
Name: xz
Version: 5.2.6
Version: 5.2.7
Release: 0
Summary: A Program for Compressing Files with the LempelZivMarkov algorithm
License: GPL-2.0-or-later AND LGPL-2.1-or-later AND SUSE-Public-Domain