SHA256
3
0
forked from pool/xz
xz/xz-5.2.6.tar.gz.sig
Dirk Mueller 104f8dece2 Accepting request 994818 from home:dirkmueller:Factory
- update to 5.2.6 (CVE-2022-1271, bsc#1198062):
  * xz:
    - The --keep option now accepts symlinks, hardlinks, and
      setuid, setgid, and sticky files.
    - When copying metadata from the source file to the destination
      file, don't try to set the group (GID) if it is already set
      correctly. This avoids a failure on OpenBSD (and possibly on
      a few other OSes) where files may get created so that their
      group doesn't belong to the user, and fchown(2) can fail even
      if it needs to do nothing.
    - Cap --memlimit-compress to 2000 MiB instead of 4020 MiB on
      MIPS32 because on MIPS32 userspace processes are limited
      to 2 GiB of address space.
  * liblzma:
    - Fixed a missing error-check in the threaded encoder. If a
      small memory allocation fails, a .xz file with an invalid
      Index field would be created. Decompressing such a file would
      produce the correct output but result in an error at the end.
      Thus this is a "mild" data corruption bug. Note that while
      a failed memory allocation can trigger the bug, it cannot
      cause invalid memory access.
    - The decoder for .lzma files now supports files that have
      uncompressed size stored in the header and still use the
      end of payload marker (end of stream marker) at the end
      of the LZMA stream. Such files are rare but, according to
      the documentation in LZMA SDK, they are valid.
      doc/lzma-file-format.txt was updated too.
    - Improved 32-bit x86 assembly files:
        * Support Intel Control-flow Enforcement Technology (CET)
        * Use non-executable stack on FreeBSD.

OBS-URL: https://build.opensuse.org/request/show/994818
OBS-URL: https://build.opensuse.org/package/show/Base:System/xz?expand=0&rev=111
2022-08-16 06:45:42 +00:00

566 B