Script 'mail_helper' called by obssrc
Hello community,
here is the log from the commit of package xz for openSUSE:Factory checked in
at 2022-08-18 16:48:53
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/xz (Old)
and /work/SRC/openSUSE:Factory/.xz.new.2083 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "xz"
Thu Aug 18 16:48:53 2022 rev:69 rq:995864 version:5.2.6
Changes:
--------
--- /work/SRC/openSUSE:Factory/xz/xz.changes 2022-04-17 23:49:33.454283809
+0200
+++ /work/SRC/openSUSE:Factory/.xz.new.2083/xz.changes 2022-08-18
16:49:06.197436974 +0200
@@ -1,0 +2,68 @@
+Fri Aug 12 20:50:23 UTC 2022 - Dirk M??ller <dmuel...@suse.com>
+
+- update to 5.2.6 (CVE-2022-1271, bsc#1198062):
+ * xz:
+ - The --keep option now accepts symlinks, hardlinks, and
+ setuid, setgid, and sticky files.
+ - When copying metadata from the source file to the destination
+ file, don't try to set the group (GID) if it is already set
+ correctly. This avoids a failure on OpenBSD (and possibly on
+ a few other OSes) where files may get created so that their
+ group doesn't belong to the user, and fchown(2) can fail even
+ if it needs to do nothing.
+ - Cap --memlimit-compress to 2000 MiB instead of 4020 MiB on
+ MIPS32 because on MIPS32 userspace processes are limited
+ to 2 GiB of address space.
+ * liblzma:
+ - Fixed a missing error-check in the threaded encoder. If a
+ small memory allocation fails, a .xz file with an invalid
+ Index field would be created. Decompressing such a file would
+ produce the correct output but result in an error at the end.
+ Thus this is a "mild" data corruption bug. Note that while
+ a failed memory allocation can trigger the bug, it cannot
+ cause invalid memory access.
+ - The decoder for .lzma files now supports files that have
+ uncompressed size stored in the header and still use the
+ end of payload marker (end of stream marker) at the end
+ of the LZMA stream. Such files are rare but, according to
+ the documentation in LZMA SDK, they are valid.
+ doc/lzma-file-format.txt was updated too.
+ - Improved 32-bit x86 assembly files:
+ * Support Intel Control-flow Enforcement Technology (CET)
+ * Use non-executable stack on FreeBSD.
+ * xzgrep:
+ - Fixed arbitrary command injection via a malicious filename
+ (CVE-2022-1271, ZDI-CAN-16587). A standalone patch for
+ this was released to the public on 2022-04-07. A slight
+ robustness improvement has been made since then and, if
+ using GNU or *BSD grep, a new faster method is now used
+ that doesn't use the old sed-based construct at all. This
+ also fixes bad output with GNU grep >= 3.5 (2020-09-27)
+ when xzgrepping binary files.
+ - Fixed detection of corrupt .bz2 files.
+ - Improved error handling to fix exit status in some situations
+ and to fix handling of signals: in some situations a signal
+ didn't make xzgrep exit when it clearly should have. It's
+ possible that the signal handling still isn't quite perfect
+ but hopefully it's good enough.
+ - Documented exit statuses on the man page.
+ - xzegrep and xzfgrep now use "grep -E" and "grep -F" instead
+ of the deprecated egrep and fgrep commands.
+ - Fixed parsing of the options -E, -F, -G, -P, and -X. The
+ problem occurred when multiple options were specied in
+ a single argument, for example,
+ echo foo | xzgrep -Fe foo
+ treated foo as a filename because -Fe wasn't correctly
+ split into -F -e.
+ - Added zstd support.
+ * xzdiff/xzcmp:
+ - Fixed wrong exit status. Exit status could be 2 when the
+ correct value is 1.
+ - Documented on the man page that exit status of 2 is used
+ for decompression errors.
+ - Added zstd support.
+ * xzless:
+ - Fix less(1) version detection. It failed if the version number
+ from "less -V" contained a dot.
+
+-------------------------------------------------------------------
Old:
----
xz-5.2.5.tar.gz
xz-5.2.5.tar.gz.sig
New:
----
xz-5.2.6.tar.gz
xz-5.2.6.tar.gz.sig
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ xz.spec ++++++
--- /var/tmp/diff_new_pack.NpEDEm/_old 2022-08-18 16:49:06.705438157 +0200
+++ /var/tmp/diff_new_pack.NpEDEm/_new 2022-08-18 16:49:06.713438175 +0200
@@ -19,7 +19,7 @@
# avoid bootstrapping problem
%define _binary_payload w9.bzdio
Name: xz
-Version: 5.2.5
+Version: 5.2.6
Release: 0
Summary: A Program for Compressing Files with the Lempel???Ziv???Markov
algorithm
License: GPL-2.0-or-later AND LGPL-2.1-or-later AND SUSE-Public-Domain
@@ -172,6 +172,24 @@
%{_mandir}/man1/xzless.1%{ext_man}
%{_mandir}/man1/xzmore.1%{ext_man}
%{_mandir}/man1/xznew.1%{ext_man}
+%dir %{_mandir}/fr_FR
+%dir %{_mandir}/fr_FR/man1
+%{_mandir}/fr_FR/man1/lzcat.1%{ext_man}
+%{_mandir}/fr_FR/man1/lzcmp.1%{ext_man}
+%{_mandir}/fr_FR/man1/lzdiff.1%{ext_man}
+%{_mandir}/fr_FR/man1/lzless.1%{ext_man}
+%{_mandir}/fr_FR/man1/lzma.1%{ext_man}
+%{_mandir}/fr_FR/man1/lzmadec.1%{ext_man}
+%{_mandir}/fr_FR/man1/lzmore.1%{ext_man}
+%{_mandir}/fr_FR/man1/unlzma.1%{ext_man}
+%{_mandir}/fr_FR/man1/unxz.1%{ext_man}
+%{_mandir}/fr_FR/man1/xz.1%{ext_man}
+%{_mandir}/fr_FR/man1/xzcat.1%{ext_man}
+%{_mandir}/fr_FR/man1/xzcmp.1%{ext_man}
+%{_mandir}/fr_FR/man1/xzdec.1%{ext_man}
+%{_mandir}/fr_FR/man1/xzdiff.1%{ext_man}
+%{_mandir}/fr_FR/man1/xzless.1%{ext_man}
+%{_mandir}/fr_FR/man1/xzmore.1%{ext_man}
%if 0%{!?lang_package:1}
%{_datadir}/locale/*/LC_MESSAGES/xz.mo
%endif
++++++ xz-5.2.5.tar.gz -> xz-5.2.6.tar.gz ++++++
++++ 59666 lines of diff (skipped)
