2022-08-24 08:58:14 by Adam Ciarcinski | Files touched by this commit (4) | |
Log message:
xz: updated to 5.2.6
5.2.6 (2022-08-12)
* xz:
- The --keep option now accepts symlinks, hardlinks, and
setuid, setgid, and sticky files. Previously this required
using --force.
- When copying metadata from the source file to the destination
file, don't try to set the group (GID) if it is already set
correctly. This avoids a failure on OpenBSD (and possibly on
a few other OSes) where files may get created so that their
group doesn't belong to the user, and fchown(2) can fail even
if it needs to do nothing.
- Cap --memlimit-compress to 2000 MiB instead of 4020 MiB on
MIPS32 because on MIPS32 userspace processes are limited
to 2 GiB of address space.
* liblzma:
- Fixed a missing error-check in the threaded encoder. If a
small memory allocation fails, a .xz file with an invalid
Index field would be created. Decompressing such a file would
produce the correct output but result in an error at the end.
Thus this is a "mild" data corruption bug. Note that while
a failed memory allocation can trigger the bug, it cannot
cause invalid memory access.
- The decoder for .lzma files now supports files that have
uncompressed size stored in the header and still use the
end of payload marker (end of stream marker) at the end
of the LZMA stream. Such files are rare but, according to
the documentation in LZMA SDK, they are valid.
doc/lzma-file-format.txt was updated too.
- Improved 32-bit x86 assembly files:
* Support Intel Control-flow Enforcement Technology (CET)
* Use non-executable stack on FreeBSD.
- Visual Studio: Use non-standard _MSVC_LANG to detect C++
standard version in the lzma.h API header. It's used to
detect when "noexcept" can be used.
* xzgrep:
- Fixed arbitrary command injection via a malicious filename
(CVE-2022-1271, ZDI-CAN-16587). A standalone patch for
this was released to the public on 2022-04-07. A slight
robustness improvement has been made since then and, if
using GNU or *BSD grep, a new faster method is now used
that doesn't use the old sed-based construct at all. This
also fixes bad output with GNU grep >= 3.5 (2020-09-27)
when xzgrepping binary files.
This vulnerability was discovered by:
cleemy desu wayo working with Trend Micro Zero Day Initiative
- Fixed detection of corrupt .bz2 files.
- Improved error handling to fix exit status in some situations
and to fix handling of signals: in some situations a signal
didn't make xzgrep exit when it clearly should have. It's
possible that the signal handling still isn't quite perfect
but hopefully it's good enough.
- Documented exit statuses on the man page.
- xzegrep and xzfgrep now use "grep -E" and "grep -F" instead
of the deprecated egrep and fgrep commands.
- Fixed parsing of the options -E, -F, -G, -P, and -X. The
problem occurred when multiple options were specied in
a single argument, for example,
echo foo | xzgrep -Fe foo
treated foo as a filename because -Fe wasn't correctly
split into -F -e.
- Added zstd support.
* xzdiff/xzcmp:
- Fixed wrong exit status. Exit status could be 2 when the
correct value is 1.
- Documented on the man page that exit status of 2 is used
for decompression errors.
- Added zstd support.
* xzless:
- Fix less(1) version detection. It failed if the version number
from "less -V" contained a dot.
* Translations:
- Added new translations: Catalan, Croatian, Esperanto,
Korean, Portuguese, Romanian, Serbian, Spanish, Swedish,
and Ukrainian
- Updated the Brazilian Portuguese translation.
- Added French man page translation. This and the existing
German translation aren't complete anymore because the
English man pages got a few updates and the translators
weren't reached so that they could update their work.
* Build systems:
- Windows: Fix building of resource files when config.h isn't
used. CMake + Visual Studio can now build liblzma.dll.
- Various fixes to the CMake support. Building static or shared
liblzma should work fine in most cases. In contrast, building
the command line tools with CMake is still clearly incomplete
and experimental and should be used for testing only.
|
2022-07-22 18:06:34 by Thomas Klausner | Files touched by this commit (1) |
Log message:
xz: improve builtin logic
|
2022-07-22 17:04:17 by Thomas Klausner | Files touched by this commit (1) |
Log message:
xz: fix fake pkg-config file on NetBSD
|
2022-04-08 08:29:56 by Thomas Klausner | Files touched by this commit (2) |
Log message:
xz: add upstream patch to fix CVE-2022-1271
Bump PKGREVISION
|
2021-10-26 11:57:20 by Nia Alarie | Files touched by this commit (140) |
Log message:
archivers: Replace RMD160 checksums with BLAKE2s checksums
All checksums have been double-checked against existing RMD160 and SHA512
hashes.
|
2021-10-07 15:06:15 by Nia Alarie | Files touched by this commit (140) |
Log message:
archivers: Remove SHA1 distfiles hashes
|
2020-05-03 12:10:44 by Adam Ciarcinski | Files touched by this commit (3) | |
Log message:
xz: updated to 5.2.5
5.2.5:
* liblzma:
- Fixed several C99/C11 conformance bugs. Now the code is clean
under gcc/clang -fsanitize=undefined. Some of these changes
might have a negative effect on performance with old GCC
versions or compilers other than GCC and Clang. The configure
option --enable-unsafe-type-punning can be used to (mostly)
restore the old behavior but it shouldn't normally be used.
- Improved API documentation of lzma_properties_decode().
- Added a very minor encoder speed optimization.
* xz:
- Fixed a crash in "xz -dcfv not_an_xz_file". All four options
were required to trigger it. The crash occurred in the
progress indicator code when xz was in passthru mode where
xz works like "cat".
- Fixed an integer overflow with 32-bit off_t. It could happen
when decompressing a file that has a long run of zero bytes
which xz would try to write as a sparse file. Since the build
system enables large file support by default, off_t is
normally 64-bit even on 32-bit systems.
- Fixes for --flush-timeout:
* Fix semi-busy-waiting.
* Avoid unneeded flushes when no new input has arrived
since the previous flush was completed.
- Added a special case for 32-bit xz: If --memlimit-compress is
used to specify a limit that exceeds 4020 MiB, the limit will
be set to 4020 MiB. The values "0" and "max" aren't \
affected
by this and neither is decompression. This hack can be
helpful when a 32-bit xz has access to 4 GiB address space
but the specified memlimit exceeds 4 GiB. This can happen
e.g. with some scripts.
- Capsicum sandbox is now enabled by default where available
(FreeBSD >= 10). The sandbox debug messages (xz -vv) were
removed since they seemed to be more annoying than useful.
- DOS build now requires DJGPP 2.05 instead of 2.04beta.
A workaround for a locale problem with DJGPP 2.05 was added.
* xzgrep and other scripts:
- Added a configure option --enable-path-for-scripts=PREFIX.
It is disabled by default except on Solaris where the default
is /usr/xpg4/bin. See INSTALL for details.
- Added a workaround for a POSIX shell detection problem on
Solaris.
* Build systems:
- Added preliminary build instructions for z/OS. See INSTALL
section 1.2.9.
- Experimental CMake support was added. It should work to build
static liblzma on a few operating systems. It may or may not
work to build shared liblzma. On some platforms it can build
xz and xzdec too but those are only for testing. See the
comment in the beginning of CMakeLists.txt for details.
- Visual Studio project files were updated.
WindowsTargetPlatformVersion was removed from VS2017 files
and set to "10.0" in the added VS2019 files. In the future
the VS project files will be removed when CMake support is
good enough.
- New #defines in config.h: HAVE___BUILTIN_ASSUME_ALIGNED,
HAVE___BUILTIN_BSWAPXX, and TUKLIB_USE_UNSAFE_TYPE_PUNNING.
- autogen.sh has a new optional dependency on po4a and a new
option --no-po4a to skip that step. This matters only if one
wants to remake the build files. po4a is used to update the
translated man pages but as long as the man pages haven't
been modified, there's nothing to update and one can use
--no-po4a to avoid the dependency on po4a.
* Translations:
- XZ Utils translations are now handled by the Translation
Project: https://translationproject.org/domain/xz.html
- All man pages are now included in German too.
- New xz translations: Brazilian Portuguese, Finnish,
Hungarian, Chinese (simplified), Chinese (traditional),
and Danish (partial translation)
- Updated xz translations: French, German, Italian, and Polish
- Unfortunately a few new xz translations weren't included due
to technical problems like too long lines in --help output or
misaligned column headings in tables. In the future, many of
these strings will be split and e.g. the table column
alignment will be handled in software. This should make the
strings easier to translate.
|
2019-11-02 23:54:29 by Roland Illig | Files touched by this commit (27) |
Log message:
archivers: align variable assignments
pkglint -Wall -F --only aligned --only indent -r
No manual corrections.
|
2018-09-02 23:03:22 by Maya Rashish | Files touched by this commit (1) |
Log message:
xz: add test target, omit old GCC_REQD.
|
2018-06-06 00:28:39 by Adam Ciarcinski | Files touched by this commit (2) | |
Log message:
xz: updated to 5.2.4
5.2.4:
* liblzma:
- Allow 0 as memory usage limit instead of returning
LZMA_PROG_ERROR. Now 0 is treated as if 1 byte was specified,
which effectively is the same as 0.
- Use "noexcept" keyword instead of "throw()" in the public
headers when a C++11 (or newer standard) compiler is used.
- Added a portability fix for recent Intel C Compilers.
- Microsoft Visual Studio build files have been moved under
windows/vs2013 and windows/vs2017.
* xz:
- Fix "xz --list --robot missing_or_bad_file.xz" which would
try to print an unitialized string and thus produce garbage
output. Since the exit status is non-zero, most uses of such
a command won't try to interpret the garbage output.
- "xz --list foo.xz" could print "Internal error (bug)" in a
corner case where a specific memory usage limit had been set.
|