Add NEWS for 5.2.6.
This commit is contained in:
parent
692de534fa
commit
09b4af4e04
226
NEWS
226
NEWS
|
@ -2,6 +2,232 @@
|
||||||
XZ Utils Release Notes
|
XZ Utils Release Notes
|
||||||
======================
|
======================
|
||||||
|
|
||||||
|
5.2.6 (2022-08-12)
|
||||||
|
|
||||||
|
* xz:
|
||||||
|
|
||||||
|
- The --keep option now accepts symlinks, hardlinks, and
|
||||||
|
setuid, setgid, and sticky files. Previously this required
|
||||||
|
using --force.
|
||||||
|
|
||||||
|
- When copying metadata from the source file to the destination
|
||||||
|
file, don't try to set the group (GID) if it is already set
|
||||||
|
correctly. This avoids a failure on OpenBSD (and possibly on
|
||||||
|
a few other OSes) where files may get created so that their
|
||||||
|
group doesn't belong to the user, and fchown(2) can fail even
|
||||||
|
if it needs to do nothing.
|
||||||
|
|
||||||
|
- Cap --memlimit-compress to 2000 MiB instead of 4020 MiB on
|
||||||
|
MIPS32 because on MIPS32 userspace processes are limited
|
||||||
|
to 2 GiB of address space.
|
||||||
|
|
||||||
|
* liblzma:
|
||||||
|
|
||||||
|
- Fixed a missing error-check in the threaded encoder. If a
|
||||||
|
small memory allocation fails, a .xz file with an invalid
|
||||||
|
Index field would be created. Decompressing such a file would
|
||||||
|
produce the correct output but result in an error at the end.
|
||||||
|
Thus this is a "mild" data corruption bug. Note that while
|
||||||
|
a failed memory allocation can trigger the bug, it cannot
|
||||||
|
cause invalid memory access.
|
||||||
|
|
||||||
|
- The decoder for .lzma files now supports files that have
|
||||||
|
uncompressed size stored in the header and still use the
|
||||||
|
end of payload marker (end of stream marker) at the end
|
||||||
|
of the LZMA stream. Such files are rare but, according to
|
||||||
|
the documentation in LZMA SDK, they are valid.
|
||||||
|
doc/lzma-file-format.txt was updated too.
|
||||||
|
|
||||||
|
- Improved 32-bit x86 assembly files:
|
||||||
|
* Support Intel Control-flow Enforcement Technology (CET)
|
||||||
|
* Use non-executable stack on FreeBSD.
|
||||||
|
|
||||||
|
- Visual Studio: Use non-standard _MSVC_LANG to detect C++
|
||||||
|
standard version in the lzma.h API header. It's used to
|
||||||
|
detect when "noexcept" can be used.
|
||||||
|
|
||||||
|
* xzgrep:
|
||||||
|
|
||||||
|
- Fixed arbitrary command injection via a malicious filename
|
||||||
|
(CVE-2022-1271, ZDI-CAN-16587). A standalone patch for
|
||||||
|
this was released to the public on 2022-04-07. A slight
|
||||||
|
robustness improvement has been made since then and, if
|
||||||
|
using GNU or *BSD grep, a new faster method is now used
|
||||||
|
that doesn't use the old sed-based construct at all. This
|
||||||
|
also fixes bad output with GNU grep >= 3.5 (2020-09-27)
|
||||||
|
when xzgrepping binary files.
|
||||||
|
|
||||||
|
This vulnerability was discovered by:
|
||||||
|
cleemy desu wayo working with Trend Micro Zero Day Initiative
|
||||||
|
|
||||||
|
- Fixed detection of corrupt .bz2 files.
|
||||||
|
|
||||||
|
- Improved error handling to fix exit status in some situations
|
||||||
|
and to fix handling of signals: in some situations a signal
|
||||||
|
didn't make xzgrep exit when it clearly should have. It's
|
||||||
|
possible that the signal handling still isn't quite perfect
|
||||||
|
but hopefully it's good enough.
|
||||||
|
|
||||||
|
- Documented exit statuses on the man page.
|
||||||
|
|
||||||
|
- xzegrep and xzfgrep now use "grep -E" and "grep -F" instead
|
||||||
|
of the deprecated egrep and fgrep commands.
|
||||||
|
|
||||||
|
- Fixed parsing of the options -E, -F, -G, -P, and -X. The
|
||||||
|
problem occurred when multiple options were specied in
|
||||||
|
a single argument, for example,
|
||||||
|
|
||||||
|
echo foo | xzgrep -Fe foo
|
||||||
|
|
||||||
|
treated foo as a filename because -Fe wasn't correctly
|
||||||
|
split into -F -e.
|
||||||
|
|
||||||
|
- Added zstd support.
|
||||||
|
|
||||||
|
* xzdiff/xzcmp:
|
||||||
|
|
||||||
|
- Fixed wrong exit status. Exit status could be 2 when the
|
||||||
|
correct value is 1.
|
||||||
|
|
||||||
|
- Documented on the man page that exit status of 2 is used
|
||||||
|
for decompression errors.
|
||||||
|
|
||||||
|
- Added zstd support.
|
||||||
|
|
||||||
|
* xzless:
|
||||||
|
|
||||||
|
- Fix less(1) version detection. It failed if the version number
|
||||||
|
from "less -V" contained a dot.
|
||||||
|
|
||||||
|
* Translations:
|
||||||
|
|
||||||
|
- Added new translations: Catalan, Croatian, Esperanto,
|
||||||
|
Korean, Portuguese, Romanian, Serbian, Spanish, Swedish,
|
||||||
|
and Ukrainian
|
||||||
|
|
||||||
|
- Updated the Brazilian Portuguese translation.
|
||||||
|
|
||||||
|
- Added French man page translation. This and the existing
|
||||||
|
German translation aren't complete anymore because the
|
||||||
|
English man pages got a few updates and the translators
|
||||||
|
weren't reached so that they could update their work.
|
||||||
|
|
||||||
|
* Build systems:
|
||||||
|
|
||||||
|
- Windows: Fix building of resource files when config.h isn't
|
||||||
|
used. CMake + Visual Studio can now build liblzma.dll.
|
||||||
|
|
||||||
|
- Various fixes to the CMake support. Building static or shared
|
||||||
|
liblzma should work fine in most cases. In contrast, building
|
||||||
|
the command line tools with CMake is still clearly incomplete
|
||||||
|
and experimental and should be used for testing only.
|
||||||
|
|
||||||
|
|
||||||
|
5.2.5 (2020-03-17)
|
||||||
|
|
||||||
|
* liblzma:
|
||||||
|
|
||||||
|
- Fixed several C99/C11 conformance bugs. Now the code is clean
|
||||||
|
under gcc/clang -fsanitize=undefined. Some of these changes
|
||||||
|
might have a negative effect on performance with old GCC
|
||||||
|
versions or compilers other than GCC and Clang. The configure
|
||||||
|
option --enable-unsafe-type-punning can be used to (mostly)
|
||||||
|
restore the old behavior but it shouldn't normally be used.
|
||||||
|
|
||||||
|
- Improved API documentation of lzma_properties_decode().
|
||||||
|
|
||||||
|
- Added a very minor encoder speed optimization.
|
||||||
|
|
||||||
|
* xz:
|
||||||
|
|
||||||
|
- Fixed a crash in "xz -dcfv not_an_xz_file". All four options
|
||||||
|
were required to trigger it. The crash occurred in the
|
||||||
|
progress indicator code when xz was in passthru mode where
|
||||||
|
xz works like "cat".
|
||||||
|
|
||||||
|
- Fixed an integer overflow with 32-bit off_t. It could happen
|
||||||
|
when decompressing a file that has a long run of zero bytes
|
||||||
|
which xz would try to write as a sparse file. Since the build
|
||||||
|
system enables large file support by default, off_t is
|
||||||
|
normally 64-bit even on 32-bit systems.
|
||||||
|
|
||||||
|
- Fixes for --flush-timeout:
|
||||||
|
* Fix semi-busy-waiting.
|
||||||
|
* Avoid unneeded flushes when no new input has arrived
|
||||||
|
since the previous flush was completed.
|
||||||
|
|
||||||
|
- Added a special case for 32-bit xz: If --memlimit-compress is
|
||||||
|
used to specify a limit that exceeds 4020 MiB, the limit will
|
||||||
|
be set to 4020 MiB. The values "0" and "max" aren't affected
|
||||||
|
by this and neither is decompression. This hack can be
|
||||||
|
helpful when a 32-bit xz has access to 4 GiB address space
|
||||||
|
but the specified memlimit exceeds 4 GiB. This can happen
|
||||||
|
e.g. with some scripts.
|
||||||
|
|
||||||
|
- Capsicum sandbox is now enabled by default where available
|
||||||
|
(FreeBSD >= 10). The sandbox debug messages (xz -vv) were
|
||||||
|
removed since they seemed to be more annoying than useful.
|
||||||
|
|
||||||
|
- DOS build now requires DJGPP 2.05 instead of 2.04beta.
|
||||||
|
A workaround for a locale problem with DJGPP 2.05 was added.
|
||||||
|
|
||||||
|
* xzgrep and other scripts:
|
||||||
|
|
||||||
|
- Added a configure option --enable-path-for-scripts=PREFIX.
|
||||||
|
It is disabled by default except on Solaris where the default
|
||||||
|
is /usr/xpg4/bin. See INSTALL for details.
|
||||||
|
|
||||||
|
- Added a workaround for a POSIX shell detection problem on
|
||||||
|
Solaris.
|
||||||
|
|
||||||
|
* Build systems:
|
||||||
|
|
||||||
|
- Added preliminary build instructions for z/OS. See INSTALL
|
||||||
|
section 1.2.9.
|
||||||
|
|
||||||
|
- Experimental CMake support was added. It should work to build
|
||||||
|
static liblzma on a few operating systems. It may or may not
|
||||||
|
work to build shared liblzma. On some platforms it can build
|
||||||
|
xz and xzdec too but those are only for testing. See the
|
||||||
|
comment in the beginning of CMakeLists.txt for details.
|
||||||
|
|
||||||
|
- Visual Studio project files were updated.
|
||||||
|
WindowsTargetPlatformVersion was removed from VS2017 files
|
||||||
|
and set to "10.0" in the added VS2019 files. In the future
|
||||||
|
the VS project files will be removed when CMake support is
|
||||||
|
good enough.
|
||||||
|
|
||||||
|
- New #defines in config.h: HAVE___BUILTIN_ASSUME_ALIGNED,
|
||||||
|
HAVE___BUILTIN_BSWAPXX, and TUKLIB_USE_UNSAFE_TYPE_PUNNING.
|
||||||
|
|
||||||
|
- autogen.sh has a new optional dependency on po4a and a new
|
||||||
|
option --no-po4a to skip that step. This matters only if one
|
||||||
|
wants to remake the build files. po4a is used to update the
|
||||||
|
translated man pages but as long as the man pages haven't
|
||||||
|
been modified, there's nothing to update and one can use
|
||||||
|
--no-po4a to avoid the dependency on po4a.
|
||||||
|
|
||||||
|
* Translations:
|
||||||
|
|
||||||
|
- XZ Utils translations are now handled by the Translation
|
||||||
|
Project: https://translationproject.org/domain/xz.html
|
||||||
|
|
||||||
|
- All man pages are now included in German too.
|
||||||
|
|
||||||
|
- New xz translations: Brazilian Portuguese, Finnish,
|
||||||
|
Hungarian, Chinese (simplified), Chinese (traditional),
|
||||||
|
and Danish (partial translation)
|
||||||
|
|
||||||
|
- Updated xz translations: French, German, Italian, and Polish
|
||||||
|
|
||||||
|
- Unfortunately a few new xz translations weren't included due
|
||||||
|
to technical problems like too long lines in --help output or
|
||||||
|
misaligned column headings in tables. In the future, many of
|
||||||
|
these strings will be split and e.g. the table column
|
||||||
|
alignment will be handled in software. This should make the
|
||||||
|
strings easier to translate.
|
||||||
|
|
||||||
|
|
||||||
5.2.5 (2020-03-17)
|
5.2.5 (2020-03-17)
|
||||||
|
|
||||||
* liblzma:
|
* liblzma:
|
||||||
|
|
Loading…
Reference in New Issue