packages/xz
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

!59 [sync] PR-58: Update to version 5.4.7

Browse Source 
From: @openeuler-sync-bot 
Reviewed-by: @dillon_chen 
Signed-off-by: @dillon_chen
This commit is contained in:
openeuler-ci-bot 2024-08-09 09:44:56 +00:00 committed by Gitee
commit d2cb17b556
No known key found for this signature in database
GPG Key ID: 173E9B9CA92EEF8F
5 changed files with 57 additions and 83 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

60
backport-liblzma-Add-overflow-check-for-Unpadded-size-in-lzma.patch
View File

@ -1,60 +0,0 @@
From 68bda971bb8b666a009331455fcedb4e18d837a4 Mon Sep 17 00:00:00 2001
From: Jia Tan <jiat0218@gmail.com>
Date: Mon, 28 Aug 2023 21:31:25 +0800
Subject: [PATCH] liblzma: Add overflow check for Unpadded size in
lzma_index_append().
This was not a security bug since there was no path to overflow
UINT64_MAX in lzma_index_append() or when it calls index_file_size().
The bug was discovered by a failing assert() in vli_ceil4() when called
from index_file_size() when unpadded_sum (the sum of the compressed size
of current Stream and the unpadded_size parameter) exceeds LZMA_VLI_MAX.
Previously, the unpadded_size parameter was checked to be not greater
than UNPADDED_SIZE_MAX, but no check was done once compressed_base was
added.
This could not have caused an integer overflow in index_file_size() when
called by lzma_index_append(). The calculation for file_size breaks down
into the sum of:
- Compressed base from all previous Streams
- 2 * LZMA_STREAM_HEADER_SIZE (size of the current Streams header and
footer)
- stream_padding (can be set by lzma_index_stream_padding())
- Compressed base from the current Stream
- Unpadded size (parameter to lzma_index_append())
The sum of everything except for Unpadded size must be less than
LZMA_VLI_MAX. This is guarenteed by overflow checks in the functions
that can set these values including lzma_index_stream_padding(),
lzma_index_append(), and lzma_index_cat(). The maximum value for
Unpadded size is enforced by lzma_index_append() to be less than or
equal UNPADDED_SIZE_MAX. Thus, the sum cannot exceed UINT64_MAX since
LZMA_VLI_MAX is half of UINT64_MAX.
Thanks to Joona Kannisto for reporting this.
---
src/liblzma/common/index.c | 6 ++++++
1 file changed, 6 insertions(+)
diff --git a/src/liblzma/common/index.c b/src/liblzma/common/index.c
index 97cc9f95..8a35f439 100644
--- a/src/liblzma/common/index.c
+++ b/src/liblzma/common/index.c
@@ -661,6 +661,12 @@ lzma_index_append(lzma_index *i, const lzma_allocator *allocator,
if (uncompressed_base + uncompressed_size > LZMA_VLI_MAX)
return LZMA_DATA_ERROR;
+ // Check that the new unpadded sum will not overflow. This is
+ // checked again in index_file_size(), but the unpadded sum is
+ // passed to vli_ceil4() which expects a valid lzma_vli value.
+ if (compressed_base + unpadded_size > UNPADDED_SIZE_MAX)
+ return LZMA_DATA_ERROR;
+
// Check that the file size will stay within limits.
if (index_file_size(s->node.compressed_base,
compressed_base + unpadded_size, s->record_count + 1,
--
2.23.0

BIN
xz-5.4.4.tar.xz
View File

Binary file not shown.

BIN
xz-5.4.7.tar.xz Normal file
View File

Binary file not shown.

37
xz-5213-547-562-libtool.patch Normal file
View File

@ -0,0 +1,37 @@
# Fix shared library building in XZ Utils 5.2.13, 5.4.7, and 5.6.2
#
# The releases were made with a development version of GNU Libtool
# (2.5.0+1+g38c166c8). The benefit is that there tend to be fixes that
# aren't in a stable release yet. At the same time there is a higher
# risk of new bugs. Unfortunately there was a bug that breaks building
# of shared libraries on some systems like mips64.
#
# This patch was made by taking the upstream commit to m4/libtool.m4
# and then running "autoconf" to update the generated "configure".
# This patch only modifies "configure" so that the changed timestamps
# won't cause the build system to regenerate more files, which would
# only work if one has all Autotools packages installed.
#
# https://git.savannah.gnu.org/cgit/libtool.git/commit/?id=9a4a02615c9e7cbcfd690ed31874822a7d6aaea2
# https://lore.kernel.org/distributions/3299713.44csPzL39Z@pinacolada/
diff -rup xz-5.6.2.orig/configure xz-5.6.2/configure
--- xz-5.6.2.orig/configure
+++ xz-5.6.2/configure
@@ -9475,7 +9475,7 @@ do
esac
for ac_exec_ext in '' $ac_executable_extensions; do
if as_fn_executable_p "$as_dir$ac_word$ac_exec_ext"; then
- ac_cv_prog_FILECMD=":"
+ ac_cv_prog_FILECMD="file"
printf "%s\n" "$as_me:${as_lineno-$LINENO}: found $as_dir$ac_word$ac_exec_ext" >&5
break 2
fi
@@ -9483,6 +9483,7 @@ done
done
IFS=$as_save_IFS
+ test -z "$ac_cv_prog_FILECMD" && ac_cv_prog_FILECMD=":"
fi ;;
esac
fi

43
xz.spec
View File

@ -1,13 +1,16 @@
Name: xz Name: xz
Version: 5.4.4 Version: 5.4.7
Release: 2 Release: 1
Summary: A free general-purpose data compreession software with LZMA2 algorithm Summary: A free general-purpose data compreession software with LZMA2 algorithm
License: GPL-3.0-only License: GPL-3.0-only
URL: http://tukaani.org/xz URL: http://tukaani.org/xz
Source0: http://tukaani.org/%{name}/%{name}-%{version}.tar.xz Source0: http://tukaani.org/%{name}/%{name}-%{version}.tar.xz
Source1: colorxzgrep.sh Source1: colorxzgrep.sh
Source2: colorxzgrep.csh Source2: colorxzgrep.csh
Patch0: backport-liblzma-Add-overflow-check-for-Unpadded-size-in-lzma.patch
# https://github.com/tukaani-project/xz/releases/tag/v5.4.7
# https://github.com/tukaani-project/xz/releases/download/v5.4.7/xz-5213-547-562-libtool.patch
Patch0: xz-5213-547-562-libtool.patch
BuildRequires: perl-interpreter gcc BuildRequires: perl-interpreter gcc
@ -47,12 +50,7 @@ Obsoletes: %{name}-compat-libs < %{version}-%{release}
%description libs %description libs
Libraries for decoding files compressed with LZMA or XZ utils. Libraries for decoding files compressed with LZMA or XZ utils.
%package help %package_help
Summary: Help documentation related to xz
BuildArch: noarch
%description help
This package includes help documentation and manuals related to xz.
%prep %prep
%autosetup -n %{name}-%{version} -p1 %autosetup -n %{name}-%{version} -p1
@ -65,6 +63,7 @@ sed -i 's|^runpath_var=LD_RUN_PATH|runpath_var=DIE_RPATH_DIE|g' libtool
%install %install
%make_install %make_install
%delete_la
# config color alias for xz*grep # config color alias for xz*grep
%global profiledir %{_sysconfdir}/profile.d %global profiledir %{_sysconfdir}/profile.d
@ -75,17 +74,14 @@ install -p -m 644 %{SOURCE2} %{buildroot}%{profiledir}
%find_lang %name %find_lang %name
%check %check
LD_LIBRARY_PATH=$PWD/src/liblzma/.libs make check LD_LIBRARY_PATH=$PWD/src/liblzma/.libs %make_build check
%files -f %{name}.lang %files -f %{name}.lang
%defattr(-,root,root)
%doc %{_pkgdocdir} %doc %{_pkgdocdir}
%license %{_pkgdocdir}/COPYING* %license COPYING*
%{_bindir}/*xz* %{_bindir}/*xz*
%{profiledir}/* %{profiledir}/*
%exclude %_pkgdocdir/examples* %exclude %_pkgdocdir/examples*
%exclude %{_libdir}/*.la
%files libs %files libs
%{_libdir}/lib*.so.5* %{_libdir}/lib*.so.5*
@ -104,17 +100,18 @@ LD_LIBRARY_PATH=$PWD/src/liblzma/.libs make check
%{_libdir}/*.so %{_libdir}/*.so
%files help %files help
%{_mandir}/man1/*lz* %{_mandir}/man1/*
%{_mandir}/man1/*xz* %lang(de) %{_mandir}/de/man1/*
%{_mandir}/de/man1/*lz* %lang(fr) %{_mandir}/fr/man1/*
%{_mandir}/de/man1/*xz* %lang(ko) %{_mandir}/ko/man1/*
%{_mandir}/fr/man1/* %lang(ro) %{_mandir}/ro/man1/*
%{_mandir}/ko/man1/* %lang(uk) %{_mandir}/uk/man1/*
%{_mandir}/ro/man1/* %lang(pt_BR) %{_mandir}/pt_BR/man1/*
%{_mandir}/uk/man1/*
%{_mandir}/pt_BR/man1/*
%changelog %changelog
* Thu Aug 01 2024 Funda Wang <fundawang@yeah.net> - 5.4.7-1
- Update to 5.4.7
* Tue Apr 30 2024 kouwenqi <kouwenqi@kylinos.cn> - 5.4.4-2 * Tue Apr 30 2024 kouwenqi <kouwenqi@kylinos.cn> - 5.4.4-2
- liblzma: Add overflow check for Unpadded size in lzma_index_append - liblzma: Add overflow check for Unpadded size in lzma_index_append