- update to 5.2.6 (CVE-2022-1271, bsc#1198062):
* xz:
- The --keep option now accepts symlinks, hardlinks, and
setuid, setgid, and sticky files.
- When copying metadata from the source file to the destination
file, don't try to set the group (GID) if it is already set
correctly. This avoids a failure on OpenBSD (and possibly on
a few other OSes) where files may get created so that their
group doesn't belong to the user, and fchown(2) can fail even
if it needs to do nothing.
- Cap --memlimit-compress to 2000 MiB instead of 4020 MiB on
MIPS32 because on MIPS32 userspace processes are limited
to 2 GiB of address space.
* liblzma:
- Fixed a missing error-check in the threaded encoder. If a
small memory allocation fails, a .xz file with an invalid
Index field would be created. Decompressing such a file would
produce the correct output but result in an error at the end.
Thus this is a "mild" data corruption bug. Note that while
a failed memory allocation can trigger the bug, it cannot
cause invalid memory access.
- The decoder for .lzma files now supports files that have
uncompressed size stored in the header and still use the
end of payload marker (end of stream marker) at the end
of the LZMA stream. Such files are rare but, according to
the documentation in LZMA SDK, they are valid.
doc/lzma-file-format.txt was updated too.
- Improved 32-bit x86 assembly files:
* Support Intel Control-flow Enforcement Technology (CET)
* Use non-executable stack on FreeBSD.
OBS-URL: https://build.opensuse.org/request/show/994818
OBS-URL: https://build.opensuse.org/package/show/Base:System/xz?expand=0&rev=111
- Update to 5.2.5:
* liblzma:
- Fixed several C99/C11 conformance bugs. Now the code is clean
under gcc/clang -fsanitize=undefined. Some of these changes
might have a negative effect on performance with old GCC
versions or compilers other than GCC and Clang. The configure
option --enable-unsafe-type-punning can be used to (mostly)
restore the old behavior but it shouldn't normally be used.
- Improved API documentation of lzma_properties_decode().
- Added a very minor encoder speed optimization.
* xz:
- Fixed a crash in "xz -dcfv not_an_xz_file". All four options
were required to trigger it. The crash occurred in the
progress indicator code when xz was in passthru mode where
xz works like "cat".
- Fixed an integer overflow with 32-bit off_t. It could happen
when decompressing a file that has a long run of zero bytes
which xz would try to write as a sparse file. Since the build
system enables large file support by default, off_t is
normally 64-bit even on 32-bit systems.
- Fixes for --flush-timeout:
* Fix semi-busy-waiting.
* Avoid unneeded flushes when no new input has arrived
since the previous flush was completed.
- Added a special case for 32-bit xz: If --memlimit-compress is
used to specify a limit that exceeds 4020 MiB, the limit will
be set to 4020 MiB. The values "0" and "max" aren't affected
by this and neither is decompression. This hack can be
helpful when a 32-bit xz has access to 4 GiB address space
but the specified memlimit exceeds 4 GiB. This can happen
e.g. with some scripts.
- Capsicum sandbox is now enabled by default where available
(FreeBSD >= 10). The sandbox debug messages (xz -vv) were
removed since they seemed to be more annoying than useful.
OBS-URL: https://build.opensuse.org/request/show/786367
OBS-URL: https://build.opensuse.org/package/show/Base:System/xz?expand=0&rev=105
Hi Andreas,
thanks for catching the missed parts.
To be honest, I don't get the meaning of of the 2nd sentence of the
description in the man page, but I'm probably too simple minded for
a couple of GNU tools (code and description). ;)
Cheers,
Pete
- fix conversion: spell the missed parts correctly
- add xznew{,.1}, converted from bznew
OBS-URL: https://build.opensuse.org/request/show/343469
OBS-URL: https://build.opensuse.org/package/show/Base:System/xz?expand=0&rev=78
* http://lists.opensuse.org/opensuse-buildservice/2013-10/msg00079.html
- Add a signature and keyring file for source verification
* not enable in spec due bootstrapping issues
- Update to version 5.0.5
* lzmadec and liblzma's lzma_alone_decoder(): Support decompressing
.lzma files that have less common settings in the headers
(dictionary size other than 2^n or 2^n + 2^(n-1), or uncompressed
size greater than 256 GiB).
* xz:
- Fixes and improvements to error handling.
- Various fixes to the man page.
* xzless: Fixed to work with "less" versions 448 and later
* xzgrep: Made -h an alias for --no-filename.
- Disable profiling for aarch64 arch
- Update to version 5.0.4
* liblzma:
- Fix lzma_index_init(). It could crash if memory allocation
failed.
- Fix the possibility of an incorrect LZMA_BUF_ERROR when a BCJ
filter is used and the application only provides exactly as
much output space as is the uncompressed size of the file.
- Fix a bug in doc/examples_old/xz_pipe_decompress.c. It didn't
check if the last call to lzma_code() really returned
LZMA_STREAM_END, which made the program think that truncated
files are valid.
- New example programs in doc/examples (old programs are now in
OBS-URL: https://build.opensuse.org/package/show/Base:System/xz?expand=0&rev=59
- Update to version 5.0.5
* lzmadec and liblzma's lzma_alone_decoder(): Support decompressing
.lzma files that have less common settings in the headers
(dictionary size other than 2^n or 2^n + 2^(n-1), or uncompressed
size greater than 256 GiB).
* xz:
- Fixes and improvements to error handling.
- Various fixes to the man page.
* xzless: Fixed to work with "less" versions 448 and later
* xzgrep: Made -h an alias for --no-filename.
OBS-URL: https://build.opensuse.org/request/show/183430
OBS-URL: https://build.opensuse.org/package/show/Base:System/xz?expand=0&rev=54
- Update to version 5.0.4
* liblzma:
- Fix lzma_index_init(). It could crash if memory allocation
failed.
- Fix the possibility of an incorrect LZMA_BUF_ERROR when a BCJ
filter is used and the application only provides exactly as
much output space as is the uncompressed size of the file.
- Fix a bug in doc/examples_old/xz_pipe_decompress.c. It didn't
check if the last call to lzma_code() really returned
LZMA_STREAM_END, which made the program think that truncated
files are valid.
- New example programs in doc/examples (old programs are now in
doc/examples_old). These have more comments and more detailed
error handling.
* Fix "xz -lvv foo.xz". It could crash on some corrupted files.
* Fix output of "xz --robot -lv" and "xz --robot -lvv" which
incorrectly printed the filename also in the "foo (x/x)" format.
* Fix exit status of "xzdiff foo.xz bar.xz".
* Fix exit status of "xzgrep foo binary_file".
* Fix portability to EBCDIC systems.
* Fix a configure issue on AIX with the XL C compiler. See INSTALL
for details.
* Update French, German, Italian, and Polish translations
OBS-URL: https://build.opensuse.org/request/show/143030
OBS-URL: https://build.opensuse.org/package/show/Base:System/xz?expand=0&rev=50
* liblzma fixes:
- A memory leak was fixed.
- lzma_stream_buffer_encode() no longer creates an empty .xz
Block if encoding an empty buffer. Such an empty Block with
LZMA2 data would trigger a bug in 5.0.1 and older (see the
first bullet point in 5.0.2 notes). When releasing 5.0.2,
I thought that no encoder creates this kind of files but
I was wrong.
- Validate function arguments better in a few functions. Most
importantly, specifying an unsupported integrity check to
lzma_stream_buffer_encode() no longer creates a corrupt .xz
file. Probably no application tries to do that, so this
shouldn't be a big problem in practice.
- Document that lzma_block_buffer_encode(),
lzma_easy_buffer_encode(), lzma_stream_encoder(), and
lzma_stream_buffer_encode() may return LZMA_UNSUPPORTED_CHECK.
- The return values of the _memusage() functions are now
documented better.
* Fix command name detection in xzgrep. xzegrep and xzfgrep now
correctly use egrep and fgrep instead of grep.
* French translation was added.
OBS-URL: https://build.opensuse.org/package/show/Base:System/xz?expand=0&rev=26