Next | Query returned 69 messages, browsing 21 to 30 | Previous

History of commit frequency

CVS Commit History:


   2022-08-24 08:58:14 by Adam Ciarcinski | Files touched by this commit (4) | Package updated
Log message:
xz: updated to 5.2.6

5.2.6 (2022-08-12)

* xz:

    - The --keep option now accepts symlinks, hardlinks, and
      setuid, setgid, and sticky files. Previously this required
      using --force.

    - When copying metadata from the source file to the destination
      file, don't try to set the group (GID) if it is already set
      correctly. This avoids a failure on OpenBSD (and possibly on
      a few other OSes) where files may get created so that their
      group doesn't belong to the user, and fchown(2) can fail even
      if it needs to do nothing.

    - Cap --memlimit-compress to 2000 MiB instead of 4020 MiB on
      MIPS32 because on MIPS32 userspace processes are limited
      to 2 GiB of address space.

* liblzma:

    - Fixed a missing error-check in the threaded encoder. If a
      small memory allocation fails, a .xz file with an invalid
      Index field would be created. Decompressing such a file would
      produce the correct output but result in an error at the end.
      Thus this is a "mild" data corruption bug. Note that while
      a failed memory allocation can trigger the bug, it cannot
      cause invalid memory access.

    - The decoder for .lzma files now supports files that have
      uncompressed size stored in the header and still use the
      end of payload marker (end of stream marker) at the end
      of the LZMA stream. Such files are rare but, according to
      the documentation in LZMA SDK, they are valid.
      doc/lzma-file-format.txt was updated too.

    - Improved 32-bit x86 assembly files:
        * Support Intel Control-flow Enforcement Technology (CET)
        * Use non-executable stack on FreeBSD.

    - Visual Studio: Use non-standard _MSVC_LANG to detect C++
      standard version in the lzma.h API header. It's used to
      detect when "noexcept" can be used.

* xzgrep:

    - Fixed arbitrary command injection via a malicious filename
      (CVE-2022-1271, ZDI-CAN-16587). A standalone patch for
      this was released to the public on 2022-04-07. A slight
      robustness improvement has been made since then and, if
      using GNU or *BSD grep, a new faster method is now used
      that doesn't use the old sed-based construct at all. This
      also fixes bad output with GNU grep >= 3.5 (2020-09-27)
      when xzgrepping binary files.

      This vulnerability was discovered by:
      cleemy desu wayo working with Trend Micro Zero Day Initiative

    - Fixed detection of corrupt .bz2 files.

    - Improved error handling to fix exit status in some situations
      and to fix handling of signals: in some situations a signal
      didn't make xzgrep exit when it clearly should have. It's
      possible that the signal handling still isn't quite perfect
      but hopefully it's good enough.

    - Documented exit statuses on the man page.

    - xzegrep and xzfgrep now use "grep -E" and "grep -F" instead
      of the deprecated egrep and fgrep commands.

    - Fixed parsing of the options -E, -F, -G, -P, and -X. The
      problem occurred when multiple options were specied in
      a single argument, for example,

          echo foo | xzgrep -Fe foo

      treated foo as a filename because -Fe wasn't correctly
      split into -F -e.

    - Added zstd support.

* xzdiff/xzcmp:

    - Fixed wrong exit status. Exit status could be 2 when the
      correct value is 1.

    - Documented on the man page that exit status of 2 is used
      for decompression errors.

    - Added zstd support.

* xzless:

    - Fix less(1) version detection. It failed if the version number
      from "less -V" contained a dot.

* Translations:

    - Added new translations: Catalan, Croatian, Esperanto,
      Korean, Portuguese, Romanian, Serbian, Spanish, Swedish,
      and Ukrainian

    - Updated the Brazilian Portuguese translation.

    - Added French man page translation. This and the existing
      German translation aren't complete anymore because the
      English man pages got a few updates and the translators
      weren't reached so that they could update their work.

* Build systems:

    - Windows: Fix building of resource files when config.h isn't
      used. CMake + Visual Studio can now build liblzma.dll.

    - Various fixes to the CMake support. Building static or shared
      liblzma should work fine in most cases. In contrast, building
      the command line tools with CMake is still clearly incomplete
      and experimental and should be used for testing only.
   2022-07-22 18:06:34 by Thomas Klausner | Files touched by this commit (1)
Log message:
xz: improve builtin logic
   2022-07-22 17:04:17 by Thomas Klausner | Files touched by this commit (1)
Log message:
xz: fix fake pkg-config file on NetBSD
   2022-04-08 08:29:56 by Thomas Klausner | Files touched by this commit (2)
Log message:
xz: add upstream patch to fix CVE-2022-1271

Bump PKGREVISION
   2021-10-26 11:57:20 by Nia Alarie | Files touched by this commit (140)
Log message:
archivers: Replace RMD160 checksums with BLAKE2s checksums

All checksums have been double-checked against existing RMD160 and SHA512
hashes.
   2021-10-07 15:06:15 by Nia Alarie | Files touched by this commit (140)
Log message:
archivers: Remove SHA1 distfiles hashes
   2020-05-03 12:10:44 by Adam Ciarcinski | Files touched by this commit (3) | Package updated
Log message:
xz: updated to 5.2.5

5.2.5:
* liblzma:

    - Fixed several C99/C11 conformance bugs. Now the code is clean
      under gcc/clang -fsanitize=undefined. Some of these changes
      might have a negative effect on performance with old GCC
      versions or compilers other than GCC and Clang. The configure
      option --enable-unsafe-type-punning can be used to (mostly)
      restore the old behavior but it shouldn't normally be used.

    - Improved API documentation of lzma_properties_decode().

    - Added a very minor encoder speed optimization.

* xz:

    - Fixed a crash in "xz -dcfv not_an_xz_file". All four options
      were required to trigger it. The crash occurred in the
      progress indicator code when xz was in passthru mode where
      xz works like "cat".

    - Fixed an integer overflow with 32-bit off_t. It could happen
      when decompressing a file that has a long run of zero bytes
      which xz would try to write as a sparse file. Since the build
      system enables large file support by default, off_t is
      normally 64-bit even on 32-bit systems.

    - Fixes for --flush-timeout:
        * Fix semi-busy-waiting.
        * Avoid unneeded flushes when no new input has arrived
          since the previous flush was completed.

    - Added a special case for 32-bit xz: If --memlimit-compress is
      used to specify a limit that exceeds 4020 MiB, the limit will
      be set to 4020 MiB. The values "0" and "max" aren't \ 
affected
      by this and neither is decompression. This hack can be
      helpful when a 32-bit xz has access to 4 GiB address space
      but the specified memlimit exceeds 4 GiB. This can happen
      e.g. with some scripts.

    - Capsicum sandbox is now enabled by default where available
      (FreeBSD >= 10). The sandbox debug messages (xz -vv) were
      removed since they seemed to be more annoying than useful.

    - DOS build now requires DJGPP 2.05 instead of 2.04beta.
      A workaround for a locale problem with DJGPP 2.05 was added.

* xzgrep and other scripts:

    - Added a configure option --enable-path-for-scripts=PREFIX.
      It is disabled by default except on Solaris where the default
      is /usr/xpg4/bin. See INSTALL for details.

    - Added a workaround for a POSIX shell detection problem on
      Solaris.

* Build systems:

    - Added preliminary build instructions for z/OS. See INSTALL
      section 1.2.9.

    - Experimental CMake support was added. It should work to build
      static liblzma on a few operating systems. It may or may not
      work to build shared liblzma. On some platforms it can build
      xz and xzdec too but those are only for testing. See the
      comment in the beginning of CMakeLists.txt for details.

    - Visual Studio project files were updated.
      WindowsTargetPlatformVersion was removed from VS2017 files
      and set to "10.0" in the added VS2019 files. In the future
      the VS project files will be removed when CMake support is
      good enough.

    - New #defines in config.h: HAVE___BUILTIN_ASSUME_ALIGNED,
      HAVE___BUILTIN_BSWAPXX, and TUKLIB_USE_UNSAFE_TYPE_PUNNING.

    - autogen.sh has a new optional dependency on po4a and a new
      option --no-po4a to skip that step. This matters only if one
      wants to remake the build files. po4a is used to update the
      translated man pages but as long as the man pages haven't
      been modified, there's nothing to update and one can use
      --no-po4a to avoid the dependency on po4a.

* Translations:

    - XZ Utils translations are now handled by the Translation
      Project: https://translationproject.org/domain/xz.html

    - All man pages are now included in German too.

    - New xz translations: Brazilian Portuguese, Finnish,
      Hungarian, Chinese (simplified), Chinese (traditional),
      and Danish (partial translation)

    - Updated xz translations: French, German, Italian, and Polish

    - Unfortunately a few new xz translations weren't included due
      to technical problems like too long lines in --help output or
      misaligned column headings in tables. In the future, many of
      these strings will be split and e.g. the table column
      alignment will be handled in software. This should make the
      strings easier to translate.
   2019-11-02 23:54:29 by Roland Illig | Files touched by this commit (27)
Log message:
archivers: align variable assignments

pkglint -Wall -F --only aligned --only indent -r

No manual corrections.
   2018-09-02 23:03:22 by Maya Rashish | Files touched by this commit (1)
Log message:
xz: add test target, omit old GCC_REQD.
   2018-06-06 00:28:39 by Adam Ciarcinski | Files touched by this commit (2) | Package updated
Log message:
xz: updated to 5.2.4

5.2.4:

* liblzma:
    - Allow 0 as memory usage limit instead of returning
      LZMA_PROG_ERROR. Now 0 is treated as if 1 byte was specified,
      which effectively is the same as 0.

    - Use "noexcept" keyword instead of "throw()" in the public
      headers when a C++11 (or newer standard) compiler is used.

    - Added a portability fix for recent Intel C Compilers.

    - Microsoft Visual Studio build files have been moved under
      windows/vs2013 and windows/vs2017.

* xz:
    - Fix "xz --list --robot missing_or_bad_file.xz" which would
      try to print an unitialized string and thus produce garbage
      output. Since the exit status is non-zero, most uses of such
      a command won't try to interpret the garbage output.

    - "xz --list foo.xz" could print "Internal error (bug)" in a
      corner case where a specific memory usage limit had been set.

Next | Query returned 69 messages, browsing 21 to 30 | Previous