SEARCH
NEW RPMS
DIRECTORIES
ABOUT
FAQ
VARIOUS
BLOG

 
 
Changelog for liblzma5-5.2.7-2.2.i586.rpm :

* Fri Sep 30 2022 C J - update to 5.2.7:
* liblzma: - Add API doc note about the .xz decoder LZMA_MEMLIMIT_ERROR bug. - Add dest and src NULL checks to lzma_index_cat. The documentation states LZMA_PROG_ERROR can be returned from lzma_index_cat. Previously, lzma_index_cat could not return LZMA_PROG_ERROR. Now, the validation is similar to lzma_index_append, which does a NULL check on the index parameter. - Fix copying of check type statistics in lzma_index_cat(). The check type of the last Stream in dest was never copied to dest->checks (the code tried to copy it but it was done too late). This meant that the value returned by lzma_index_checks() would only include the check type of the last Stream when multiple lzma_indexes had been concatenated. In xz --list this meant that the summary would only list the check type of the last Stream, so in this sense this was only a visual bug. However, it\'s possible that some applications use this information for purposes other than merely showing it to the users in an informational message. I\'m not aware of such applications though and it\'s quite possible that such applications don\'t exist. Regular streamed decompression in xz or any other application doesn\'t use lzma_index_cat() and so this bug cannot affect them. - Stream decoder: Fix restarting after LZMA_MEMLIMIT_ERROR. If lzma_code() returns LZMA_MEMLIMIT_ERROR it is now possible to use lzma_memlimit_set() to increase the limit and continue decoding. This was supposed to work from the beginning but there was a bug. With other decoders (.lzma or threaded .xz) this already worked correctly. - lzma_filters_copy: Keep dest[] unmodified if an error occurs. lzma_stream_encoder() and lzma_stream_encoder_mt() always assumed this. Before this patch, failing lzma_filters_copy() could result in free(invalid_pointer) or invalid memory reads in stream_encoder.c or stream_encoder_mt.c. To trigger this, allocating memory for a filter options structure has to fail. These are tiny allocations so in practice they very rarely fail. Certain badness in the filter chain array could also make lzma_filters_copy() fail but both stream_encoder.c and stream_encoder_mt.c validate the filter chain before trying to copy it, so the crash cannot occur this way. - lzma_index_append: Add missing integer overflow check. The documentation in src/liblzma/api/lzma/index.h suggests that both the unpadded (compressed) size and the uncompressed size are checked for overflow, but only the unpadded size was checked. The uncompressed check is done first since that is more likely to occur than the unpadded or index field size overflows. - Vaccinate against an ill patch from RHEL/CentOS 7.
* xzgrep: - Fix compatibility with old shells. Turns out that some old shells don\'t like apostrophes (\') inside command substitutions. The problem was introduced by commits 69d1b3fc29677af8ade8dc15dba83f0589cb63d6 (2022-03-29), bd7b290f3fe4faeceb7d3497ed9bf2e6ed5e7dc5 (2022-07-18), and a648978b20495b7aa4a8b029c5a810b5ad9d08ff (2022-07-19). 5.2.6 is the only stable release that included this problem.
* Translations: Add Turkish translation.
* Fri Aug 12 2022 Dirk Müller - update to 5.2.6 (CVE-2022-1271, bsc#1198062):
* xz: - The --keep option now accepts symlinks, hardlinks, and setuid, setgid, and sticky files. - When copying metadata from the source file to the destination file, don\'t try to set the group (GID) if it is already set correctly. This avoids a failure on OpenBSD (and possibly on a few other OSes) where files may get created so that their group doesn\'t belong to the user, and fchown(2) can fail even if it needs to do nothing. - Cap --memlimit-compress to 2000 MiB instead of 4020 MiB on MIPS32 because on MIPS32 userspace processes are limited to 2 GiB of address space.
* liblzma: - Fixed a missing error-check in the threaded encoder. If a small memory allocation fails, a .xz file with an invalid Index field would be created. Decompressing such a file would produce the correct output but result in an error at the end. Thus this is a \"mild\" data corruption bug. Note that while a failed memory allocation can trigger the bug, it cannot cause invalid memory access. - The decoder for .lzma files now supports files that have uncompressed size stored in the header and still use the end of payload marker (end of stream marker) at the end of the LZMA stream. Such files are rare but, according to the documentation in LZMA SDK, they are valid. doc/lzma-file-format.txt was updated too. - Improved 32-bit x86 assembly files:
* Support Intel Control-flow Enforcement Technology (CET)
* Use non-executable stack on FreeBSD.
* xzgrep: - Fixed arbitrary command injection via a malicious filename (CVE-2022-1271, ZDI-CAN-16587). A standalone patch for this was released to the public on 2022-04-07. A slight robustness improvement has been made since then and, if using GNU or
*BSD grep, a new faster method is now used that doesn\'t use the old sed-based construct at all. This also fixes bad output with GNU grep >= 3.5 (2020-09-27) when xzgrepping binary files. - Fixed detection of corrupt .bz2 files. - Improved error handling to fix exit status in some situations and to fix handling of signals: in some situations a signal didn\'t make xzgrep exit when it clearly should have. It\'s possible that the signal handling still isn\'t quite perfect but hopefully it\'s good enough. - Documented exit statuses on the man page. - xzegrep and xzfgrep now use \"grep -E\" and \"grep -F\" instead of the deprecated egrep and fgrep commands. - Fixed parsing of the options -E, -F, -G, -P, and -X. The problem occurred when multiple options were specied in a single argument, for example, echo foo | xzgrep -Fe foo treated foo as a filename because -Fe wasn\'t correctly split into -F -e. - Added zstd support.
* xzdiff/xzcmp: - Fixed wrong exit status. Exit status could be 2 when the correct value is 1. - Documented on the man page that exit status of 2 is used for decompression errors. - Added zstd support.
* xzless: - Fix less(1) version detection. It failed if the version number from \"less -V\" contained a dot.
* Tue Apr 12 2022 Marcus Meissner - use https urls.
* Mon Jun 07 2021 Jan Engelhardt - Upgrade old rpm constructs.
* Wed Mar 18 2020 Paolo Stivanin - Update to 5.2.5:
* liblzma: - Fixed several C99/C11 conformance bugs. Now the code is clean under gcc/clang -fsanitize=undefined. Some of these changes might have a negative effect on performance with old GCC versions or compilers other than GCC and Clang. The configure option --enable-unsafe-type-punning can be used to (mostly) restore the old behavior but it shouldn\'t normally be used. - Improved API documentation of lzma_properties_decode(). - Added a very minor encoder speed optimization.
* xz: - Fixed a crash in \"xz -dcfv not_an_xz_file\". All four options were required to trigger it. The crash occurred in the progress indicator code when xz was in passthru mode where xz works like \"cat\". - Fixed an integer overflow with 32-bit off_t. It could happen when decompressing a file that has a long run of zero bytes which xz would try to write as a sparse file. Since the build system enables large file support by default, off_t is normally 64-bit even on 32-bit systems. - Fixes for --flush-timeout:
* Fix semi-busy-waiting.
* Avoid unneeded flushes when no new input has arrived since the previous flush was completed. - Added a special case for 32-bit xz: If --memlimit-compress is used to specify a limit that exceeds 4020 MiB, the limit will be set to 4020 MiB. The values \"0\" and \"max\" aren\'t affected by this and neither is decompression. This hack can be helpful when a 32-bit xz has access to 4 GiB address space but the specified memlimit exceeds 4 GiB. This can happen e.g. with some scripts. - Capsicum sandbox is now enabled by default where available (FreeBSD >= 10). The sandbox debug messages (xz -vv) were removed since they seemed to be more annoying than useful.
* Thu Sep 19 2019 Ludwig Nussel - Do not recommend lang package. The lang package already has a supplements.
* Fri Aug 02 2019 Martin Liška - Use FAT LTO objects in order to provide proper static library.
* Tue May 21 2019 Kristýna Streitová - add SUSE-Public-Domain licence as some parts of xz utils (liblzma, xz, xzdec, lzmadec, documentation, translated messages, tests, debug, extra directory) are in public domain licence [bsc#1135709]
* Fri Jun 15 2018 astiegerAATTsuse.com- xz 5.2.4:
* liblzma: - Allow 0 as memory usage limit instead of returning LZMA_PROG_ERROR. Now 0 is treated as if 1 byte was specified, which effectively is the same as 0. - Use \"noexcept\" keyword instead of \"throw()\" in the public headers when a C++11 (or newer standard) compiler is used. - Added a portability fix for recent Intel C Compilers.
* xz: - Fix \"xz --list --robot missing_or_bad_file.xz\" which would try to print an unitialized string and thus produce garbage output. Since the exit status is non-zero, most uses of such a command won\'t try to interpret the garbage output. - \"xz --list foo.xz\" could print \"Internal error (bug)\" in a corner case where a specific memory usage limit had been set.
* Mon Mar 19 2018 kukukAATTsuse.de- Use %license instead of %doc [bsc#1082318]
  
ICM