pkgsrc-Changes archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
CVS commit: [pkgsrc-2026Q1] pkgsrc/archivers/xz
Module Name: pkgsrc
Committed By: bsiegert
Date: Sun Apr 12 10:07:27 UTC 2026
Modified Files:
pkgsrc/archivers/xz [pkgsrc-2026Q1]: Makefile PLIST distinfo
Log Message:
Pullup ticket #7076 - requested by taca
archivers/xz: security fix
Revisions pulled up:
- archivers/xz/Makefile 1.57
- archivers/xz/PLIST 1.23
- archivers/xz/distinfo 1.43
---
Module Name: pkgsrc
Committed By: wiz
Date: Tue Mar 31 19:16:09 UTC 2026
Modified Files:
pkgsrc/archivers/xz: Makefile PLIST distinfo
Log Message:
xz: update to 5.8.3.
5.8.3 (2026-03-31)
IMPORTANT: This includes a fix for CVE-2026-34743 which affects all
XZ Utils versions since 5.0.0. No new 5.2.x, 5.4.x, or 5.6.x
releases will be made, but the fix is in the v5.2, v5.4, and v5.6
branches in the xz Git repository.
* liblzma:
- Fix a buffer overflow in lzma_index_append(): If
lzma_index_decoder() was used to decode an Index that
contained no Records, the resulting lzma_index was left in
a state where where a subsequent lzma_index_append() would
allocate too little memory, and a buffer overflow would occur.
The lzma_index functions are rarely used by applications
directly. In the few applications that do use these functions,
the combination of function calls required to trigger this bug
are unlikely to exist, because there typically is no reason to
append Records to a decoded lzma_index. Thus, it's likely that
this bug cannot be triggered in any real-world application.
The bug was reported and discovered by Cantina using their
AppSec agent, Apex.
- Fix the build on Windows ARM64EC.
- Add "License: 0BSD" to liblzma.pc.
* xz:
- Fix invalid memory access in --files and --files0. All of
the following must be true to trigger it:
1. A string being read (which supposedly is a filename) is
at least SIZE_MAX / 2 bytes long. This size is plausible
on 32-bit platforms (2 GiB - 1 B).
2. realloc(ptr, SIZE_MAX / 2 + 1) must succeed.
On glibc >= 2.30 it shouldn't because the value
exceeds PTRDIFF_MAX.
3. An integer overflow results in a realloc(ptr, 0) call.
If it doesn't return NULL, then invalid memory access
will occur.
- On QNX, don't use fsync() on directories because it fails.
* Autotools: Enable 32-bit x86 assembler on Hurd by default.
It was already enabled in the CMake-based build.
* Translations: Add Arabic man page translations.
To generate a diff of this commit:
cvs rdiff -u -r1.56 -r1.56.2.1 pkgsrc/archivers/xz/Makefile
cvs rdiff -u -r1.22 -r1.22.2.1 pkgsrc/archivers/xz/PLIST
cvs rdiff -u -r1.42 -r1.42.2.1 pkgsrc/archivers/xz/distinfo
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: pkgsrc/archivers/xz/Makefile
diff -u pkgsrc/archivers/xz/Makefile:1.56 pkgsrc/archivers/xz/Makefile:1.56.2.1
--- pkgsrc/archivers/xz/Makefile:1.56 Sun Dec 21 13:06:01 2025
+++ pkgsrc/archivers/xz/Makefile Sun Apr 12 10:07:27 2026
@@ -1,6 +1,6 @@
-# $NetBSD: Makefile,v 1.56 2025/12/21 13:06:01 adam Exp $
+# $NetBSD: Makefile,v 1.56.2.1 2026/04/12 10:07:27 bsiegert Exp $
-DISTNAME= xz-5.8.2
+DISTNAME= xz-5.8.3
CATEGORIES= archivers
MASTER_SITES= ${MASTER_SITE_GITHUB:=tukaani-project/}
GITHUB_RELEASE= v${PKGVERSION_NOREV}
@@ -28,7 +28,7 @@ CONFIGURE_ENV.SunOS+= ac_cv_have_decl_op
CONFIGURE_ENV.SunOS+= gl_cv_cc_visibility=no
PRINT_PLIST_AWK+= /\.mo/ { $$0 = "$${PLIST.nls}" $$0 }
-.for lang in de fr it ko pt_BR ro sr uk
+.for lang in ar de fr it ko pt_BR ro sr sv uk
PRINT_PLIST_AWK+= /^man\/${lang}\// { $$0 = "$${PLIST.nls}" $$0 }
.endfor
Index: pkgsrc/archivers/xz/PLIST
diff -u pkgsrc/archivers/xz/PLIST:1.22 pkgsrc/archivers/xz/PLIST:1.22.2.1
--- pkgsrc/archivers/xz/PLIST:1.22 Sun Dec 21 13:06:01 2025
+++ pkgsrc/archivers/xz/PLIST Sun Apr 12 10:07:27 2026
@@ -1,4 +1,4 @@
-@comment $NetBSD: PLIST,v 1.22 2025/12/21 13:06:01 adam Exp $
+@comment $NetBSD: PLIST,v 1.22.2.1 2026/04/12 10:07:27 bsiegert Exp $
bin/lzcat
bin/lzcmp
bin/lzdiff
@@ -39,6 +39,29 @@ include/lzma/version.h
include/lzma/vli.h
lib/liblzma.la
lib/pkgconfig/liblzma.pc
+${PLIST.nls}man/ar/man1/lzcat.1
+${PLIST.nls}man/ar/man1/lzcmp.1
+${PLIST.nls}man/ar/man1/lzdiff.1
+${PLIST.nls}man/ar/man1/lzegrep.1
+${PLIST.nls}man/ar/man1/lzfgrep.1
+${PLIST.nls}man/ar/man1/lzgrep.1
+${PLIST.nls}man/ar/man1/lzless.1
+${PLIST.nls}man/ar/man1/lzma.1
+${PLIST.nls}man/ar/man1/lzmadec.1
+${PLIST.nls}man/ar/man1/lzmainfo.1
+${PLIST.nls}man/ar/man1/lzmore.1
+${PLIST.nls}man/ar/man1/unlzma.1
+${PLIST.nls}man/ar/man1/unxz.1
+${PLIST.nls}man/ar/man1/xz.1
+${PLIST.nls}man/ar/man1/xzcat.1
+${PLIST.nls}man/ar/man1/xzcmp.1
+${PLIST.nls}man/ar/man1/xzdec.1
+${PLIST.nls}man/ar/man1/xzdiff.1
+${PLIST.nls}man/ar/man1/xzegrep.1
+${PLIST.nls}man/ar/man1/xzfgrep.1
+${PLIST.nls}man/ar/man1/xzgrep.1
+${PLIST.nls}man/ar/man1/xzless.1
+${PLIST.nls}man/ar/man1/xzmore.1
${PLIST.nls}man/de/man1/lzcat.1
${PLIST.nls}man/de/man1/lzcmp.1
${PLIST.nls}man/de/man1/lzdiff.1
Index: pkgsrc/archivers/xz/distinfo
diff -u pkgsrc/archivers/xz/distinfo:1.42 pkgsrc/archivers/xz/distinfo:1.42.2.1
--- pkgsrc/archivers/xz/distinfo:1.42 Sun Dec 21 13:06:01 2025
+++ pkgsrc/archivers/xz/distinfo Sun Apr 12 10:07:27 2026
@@ -1,6 +1,6 @@
-$NetBSD: distinfo,v 1.42 2025/12/21 13:06:01 adam Exp $
+$NetBSD: distinfo,v 1.42.2.1 2026/04/12 10:07:27 bsiegert Exp $
-BLAKE2s (xz-5.8.2.tar.bz2) = 561fb29f9ae2ad1c850e87502395aa9addf095cc73f0962ffdad2a0b7c947589
-SHA512 (xz-5.8.2.tar.bz2) = f159ec23f2b206f50d10156ee9e2cf7f99fde5d3ec1f86aca6c3ce9f69b5e6560c7e6c807cc465afd832b8851e9d03e558169af841948f4d6b34cecf88a81b4f
-Size (xz-5.8.2.tar.bz2) = 1999287 bytes
+BLAKE2s (xz-5.8.3.tar.bz2) = c7a28b97929d5f617b1ff283338295e424e83738f6c980f28b0d2b511079adcc
+SHA512 (xz-5.8.3.tar.bz2) = 4111da87631b8d3bd49d19ef6fc7afa0d71ec7194b34b372c123a45d1308324ddbfbf6c9d64d0cb8bb1334cd1ec54ca4108822cef0a9205b0221793f773e15c5
+Size (xz-5.8.3.tar.bz2) = 2028831 bytes
SHA1 (patch-src_xz_Makefile.in) = b9360c7b2b34159028fb8b84339aa2faf3922287
Home |
Main Index |
Thread Index |
Old Index