commit 98c8d60c4f3ea7781c525a48e5971dcda25aaa9e Author: zyppe <210hcl@gmail.com> Date: Wed Feb 28 21:08:54 2024 +0800 Initialize for xz diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..34258a9 --- /dev/null +++ b/.gitignore @@ -0,0 +1 @@ +xz-5.2.3.tar.gz diff --git a/.xz.metadata b/.xz.metadata new file mode 100644 index 0000000..8550190 --- /dev/null +++ b/.xz.metadata @@ -0,0 +1 @@ +09d4ea86b3849a3ca76d736725e88676736bdacc649849655de49e8b359390fc xz-5.2.3.tar.gz diff --git a/baselibs.conf b/baselibs.conf new file mode 100644 index 0000000..1cab236 --- /dev/null +++ b/baselibs.conf @@ -0,0 +1,4 @@ +liblzma5 +xz-devel + requires -xz- + requires "liblzma5- = " diff --git a/bsc1198062.patch b/bsc1198062.patch new file mode 100644 index 0000000..ebde6c3 --- /dev/null +++ b/bsc1198062.patch @@ -0,0 +1,93 @@ +From 69d1b3fc29677af8ade8dc15dba83f0589cb63d6 Mon Sep 17 00:00:00 2001 +From: Lasse Collin +Date: Tue, 29 Mar 2022 19:19:12 +0300 +Subject: [PATCH] xzgrep: Fix escaping of malicious filenames (ZDI-CAN-16587). + +Malicious filenames can make xzgrep to write to arbitrary files +or (with a GNU sed extension) lead to arbitrary code execution. + +xzgrep from XZ Utils versions up to and including 5.2.5 are +affected. 5.3.1alpha and 5.3.2alpha are affected as well. +This patch works for all of them. + +This bug was inherited from gzip's zgrep. gzip 1.12 includes +a fix for zgrep. + +The issue with the old sed script is that with multiple newlines, +the N-command will read the second line of input, then the +s-commands will be skipped because it's not the end of the +file yet, then a new sed cycle starts and the pattern space +is printed and emptied. So only the last line or two get escaped. + +One way to fix this would be to read all lines into the pattern +space first. However, the included fix is even simpler: All lines +except the last line get a backslash appended at the end. To ensure +that shell command substitution doesn't eat a possible trailing +newline, a colon is appended to the filename before escaping. +The colon is later used to separate the filename from the grep +output so it is fine to add it here instead of a few lines later. + +The old code also wasn't POSIX compliant as it used \n in the +replacement section of the s-command. Using \ is the +POSIX compatible method. + +LC_ALL=C was added to the two critical sed commands. POSIX sed +manual recommends it when using sed to manipulate pathnames +because in other locales invalid multibyte sequences might +cause issues with some sed implementations. In case of GNU sed, +these particular sed scripts wouldn't have such problems but some +other scripts could have, see: + + info '(sed)Locale Considerations' + +This vulnerability was discovered by: +cleemy desu wayo working with Trend Micro Zero Day Initiative + +Thanks to Jim Meyering and Paul Eggert discussing the different +ways to fix this and for coordinating the patch release schedule +with gzip. +--- + src/scripts/xzgrep.in | 20 ++++++++++++-------- + 1 file changed, 12 insertions(+), 8 deletions(-) + +diff --git a/src/scripts/xzgrep.in b/src/scripts/xzgrep.in +index b180936..e5186ba 100644 +--- a/src/scripts/xzgrep.in ++++ b/src/scripts/xzgrep.in +@@ -180,22 +180,26 @@ for i; do + { test $# -eq 1 || test $no_filename -eq 1; }; then + eval "$grep" + else ++ # Append a colon so that the last character will never be a newline ++ # which would otherwise get lost in shell command substitution. ++ i="$i:" ++ ++ # Escape & \ | and newlines only if such characters are present ++ # (speed optimization). + case $i in + (*' + '* | *'&'* | *'\'* | *'|'*) +- i=$(printf '%s\n' "$i" | +- sed ' +- $!N +- $s/[&\|]/\\&/g +- $s/\n/\\n/g +- ');; ++ i=$(printf '%s\n' "$i" | LC_ALL=C sed 's/[&\|]/\\&/g; $!s/$/\\/');; + esac +- sed_script="s|^|$i:|" ++ ++ # $i already ends with a colon so don't add it here. ++ sed_script="s|^|$i|" + + # Fail if grep or sed fails. + r=$( + exec 4>&1 +- (eval "$grep" 4>&-; echo $? >&4) 3>&- | sed "$sed_script" >&3 4>&- ++ (eval "$grep" 4>&-; echo $? >&4) 3>&- | ++ LC_ALL=C sed "$sed_script" >&3 4>&- + ) || r=2 + exit $r + fi >&3 5>&- +-- +2.35.1 \ No newline at end of file diff --git a/xz-5.2.3.tar.gz.sig b/xz-5.2.3.tar.gz.sig new file mode 100644 index 0000000..42325cd Binary files /dev/null and b/xz-5.2.3.tar.gz.sig differ diff --git a/xz.changes b/xz.changes new file mode 100644 index 0000000..63cf971 --- /dev/null +++ b/xz.changes @@ -0,0 +1,330 @@ +* Thu Apr 7 2022 danilo.spinella@suse.com +- Fix ZDI-CAN-16587 Fix escaping of malicious filenames + (ZDI-CAN-16587 bsc#1198062 CVE-2022-1271) + * bsc1198062.patch +* Tue May 21 2019 kstreitova@suse.com +- add SUSE-Public-Domain licence as some parts of xz utils (liblzma, + xz, xzdec, lzmadec, documentation, translated messages, tests, + debug, extra directory) are in public domain licence [bsc#1135709] +* Mon Mar 19 2018 kukuk@suse.de +- Use %%license instead of %%doc [bsc#1082318] +* Mon Jul 10 2017 jengelh@inai.de +- %% needs to be encoded in description; adjust weird indent there + as well. Expand LZMA in summaries. +* Fri Jun 30 2017 olaf@aepfle.de +- Really use the selfdefined CFLAGS during build to fix build +* Sun Jun 25 2017 astieger@suse.com +- fix CentOS/RHEL builds after clean-up +* Wed Jun 21 2017 mpluskal@suse.com +- Simplify spec file conditions +- Clenup profiled building +- Use full lists of files +* Tue Feb 21 2017 adrian@suse.de +- enable static package by default. + Needed for AppImageKit +* Sat Dec 31 2016 astieger@suse.com +- xz 5.2.3: + * xz: always close a file before trying to delete it to avoid + problems on some operating system and file system combinations. + * C99/C11 conformance fixes to liblzma. The issues affected at + least some builds using link-time optimizations. + * Fixed bugs in the rarely-used function lzma_index_dup(). + * Use of external SHA-256 code is now disabled by default. + It can still be enabled by passing --enable-external-sha256 + * Changed CPU core count detection to use sched_getaffinity() on + GNU/Linux and GNU/kFreeBSD. + * Fixes to the build-system +* Sun Mar 13 2016 mpluskal@suse.com +- Install xznew with correct permissions (boo#970842) +* Sun Feb 14 2016 tchvatal@suse.com +- Do not split out lang_package conditional, used in sle10 out of support +* Tue Nov 10 2015 hpj@urpla.net +- fix conversion: spell the missed parts correctly +* Sun Nov 8 2015 hpj@urpla.net +- add xznew{,.1}, converted from bznew +* Tue Sep 29 2015 astieger@suse.com +- xz 5.2.2: + * Omitted the use of pipe2() even if it is available to avoid + portability issues with some old Linux and glibc combinations + * Updated German translation + * Documented that threaded decompression is not implemented yet +* Fri Feb 27 2015 astieger@suse.com +- xz 5.2.1: + * Fixed a compression-ratio regression in fast mode of LZMA1 and + LZMA2. +* Wed Jan 21 2015 rguenther@suse.com +- Avoid running configure twice and using -fprofile-generate or + - fprofile-use for compiling configure tests when profiling. +* Thu Dec 25 2014 andreas.stieger@gmx.de +- xz 5.2.0: + * liblzma: + - Added support for multi-threaded compression + - Made the uses of lzma_allocator const correct. + - Added lzma_block_uncomp_encode() to create uncompressed + .xz Blocks using LZMA2 uncompressed chunks. + - Added support for LZMA_IGNORE_CHECK. + - A few speed optimizations were made. + - Added support for symbol versioning. It is enabled by default + on GNU/Linux, other GNU-based systems, and FreeBSD. + * xz: + - Fixed a race condition in the signal handling + - Multi-threaded decompression can be enabled with the + - -threads (-T) option. + - New command line options in xz: --single-stream, + - -block-size=SIZE, --block-list=SIZES, + - -flush-timeout=TIMEOUT, and --ignore-check. + - xz -lvv now shows the minimum xz version that is required to + decompress the file. Currently it is 5.0.0 for all supported + .xz files except files with empty LZMA2 streams require 5.0.2. + * xzdiff and xzgrep now support .lzo files if lzop is installed. + The .tzo suffix is also recognized as a shorthand for .tar.lzo. +* Thu Dec 25 2014 andreas.stieger@gmx.de +- xz 5.0.8: + * Fixed an old bug in xzgrep that affected OpenBSD and probably + a few other operating systems too. + * Updated French and German translations. + * Minor build system update +* Fri Dec 19 2014 meissner@suse.com +- build with PIE support. +* Thu Dec 18 2014 crrodriguez@opensuse.org +- Build XZ with full RELRO. +* Tue Sep 23 2014 andreas.stieger@gmx.de +- xz 5.0.7: + * Fix regressions introduced in 5.0.6: + - Fix building with non-GNU make. + - Fix invalid Libs.private value in liblzma.pc which broke + static linking against liblzma if the linker flags were + taken from pkg-config. +- include changes from 5.0.6: + * xzgrep now exits with status 0 if at least one file matched. + * A few minor portability and build system fixes +* Sun Nov 24 2013 andreas.stieger@gmx.de +- add optional -static-devel library package, intended to publish pixz for + CentOS / RHEL, default off +* Wed Oct 16 2013 mvyskocil@suse.com +- Use gzipped archive to prevent a build cycle on older targets + * http://lists.opensuse.org/opensuse-buildservice/2013-10/msg00079.html +- Add a signature and keyring file for source verification + * not enable in spec due bootstrapping issues +* Tue Jul 16 2013 idonmez@suse.com +- Update to version 5.0.5 + * lzmadec and liblzma's lzma_alone_decoder(): Support decompressing + .lzma files that have less common settings in the headers + (dictionary size other than 2^n or 2^n + 2^(n-1), or uncompressed + size greater than 256 GiB). + * xz: + - Fixes and improvements to error handling. + - Various fixes to the man page. + * xzless: Fixed to work with "less" versions 448 and later + * xzgrep: Made -h an alias for --no-filename. +* Tue Jan 29 2013 guillaume@opensuse.org +- Disable profiling for aarch64 arch +* Tue Nov 27 2012 sweet_f_a@gmx.de +- Update to version 5.0.4 + * liblzma: + - Fix lzma_index_init(). It could crash if memory allocation + failed. + - Fix the possibility of an incorrect LZMA_BUF_ERROR when a BCJ + filter is used and the application only provides exactly as + much output space as is the uncompressed size of the file. + - Fix a bug in doc/examples_old/xz_pipe_decompress.c. It didn't + check if the last call to lzma_code() really returned + LZMA_STREAM_END, which made the program think that truncated + files are valid. + - New example programs in doc/examples (old programs are now in + doc/examples_old). These have more comments and more detailed + error handling. + * Fix "xz -lvv foo.xz". It could crash on some corrupted files. + * Fix output of "xz --robot -lv" and "xz --robot -lvv" which + incorrectly printed the filename also in the "foo (x/x)" format. + * Fix exit status of "xzdiff foo.xz bar.xz". + * Fix exit status of "xzgrep foo binary_file". + * Fix portability to EBCDIC systems. + * Fix a configure issue on AIX with the XL C compiler. See INSTALL + for details. + * Update French, German, Italian, and Polish translations +* Sun Jul 29 2012 jengelh@inai.de +- Disable profiling on SPARC due to compiler bug [gcc #54121] +* Fri Jul 6 2012 sweet_f_a@gmx.de +- correct license "LGPL-2.1+ and GPL-2.0+" (bnc#770195) +* Sun Feb 12 2012 crrodriguez@opensuse.org +- Put libraries back in %%{_libdir}, /usr merge project. +* Sun Oct 9 2011 sweet_f_a@gmx.de +- rewrite last broken arm portability changes +* Fri Sep 30 2011 crrodriguez@opensuse.org +- Fix build in armv5el doesnt like profiling +* Tue Sep 27 2011 sweet_f_a@gmx.de +- minor fixes of last portability changes: + * decouple do_profiling and lang_package again + * don't define do_factory, just use lang_package instead + * simplify files section + * do_profiling for some more systems +* Mon Sep 26 2011 coolo@suse.com +- build on SLE_10 +* Sat Sep 17 2011 coolo@suse.com +- remove _service, too fragile +* Fri Sep 16 2011 jengelh@medozas.de +- Add xz-devel to baselibs +- Remove redundant sections +* Tue Jun 14 2011 dmueller@suse.de +- add recommends xz-lang +* Wed Jun 8 2011 coolo@novell.com +- Update to version 5.0.3 + * liblzma fixes: + - A memory leak was fixed. + - lzma_stream_buffer_encode() no longer creates an empty .xz + Block if encoding an empty buffer. Such an empty Block with + LZMA2 data would trigger a bug in 5.0.1 and older (see the + first bullet point in 5.0.2 notes). When releasing 5.0.2, + I thought that no encoder creates this kind of files but + I was wrong. + - Validate function arguments better in a few functions. Most + importantly, specifying an unsupported integrity check to + lzma_stream_buffer_encode() no longer creates a corrupt .xz + file. Probably no application tries to do that, so this + shouldn't be a big problem in practice. + - Document that lzma_block_buffer_encode(), + lzma_easy_buffer_encode(), lzma_stream_encoder(), and + lzma_stream_buffer_encode() may return LZMA_UNSUPPORTED_CHECK. + - The return values of the _memusage() functions are now + documented better. + * Fix command name detection in xzgrep. xzegrep and xzfgrep now + correctly use egrep and fgrep instead of grep. + * French translation was added. +* Thu Apr 7 2011 crrodriguez@opensuse.org +- Update to version 5.0.2 + * LZMA2 decompressor now correctly accepts LZMA2 streams with no + uncompressed data. Previously it considered them corrupt. The + bug can affect applications that use raw LZMA2 streams. It is + very unlikely to affect .xz files because no compressor creates + .xz files with empty LZMA2 streams. (Empty .xz files are a + different thing than empty LZMA2 streams.) + * "xz --suffix=.foo filename.foo" now refuses to compress the + file due to it already having the suffix .foo. It was already + documented on the man page, but the code lacked the test. + * "xzgrep -l foo bar.xz" works now. + * Polish translation was added. +* Fri Mar 4 2011 crrodriguez@opensuse.org +- Update to version 5.0.1 + * Fix --force on setuid/setgid/sticky and multi-hardlink files. + * Add alloc_size and malloc attributes to a few functions. + * Fix gzip and bzip2 support in xzdiff +* Tue Dec 7 2010 cristian.rodriguez@opensuse.org +- Use compiler profile information, makes xz marginally faster + (around 1-2 secs) +* Sat Oct 30 2010 jengelh@medozas.de +- Use %%_smp_mflags +* Thu Oct 28 2010 coolo@novell.com +- adapt baselibs.conf +* Wed Oct 27 2010 cristian.rodriguez@opensuse.org +- Update to 5.0.0 final + * The major soname has been bumped to 5.0.0. liblzma API and ABI + are now stable. + * The memory usage limit is now disabled by default + * Added support for XZ_DEFAULTS environment variable + * The compression settings associated with the preset levels + have been changed,they are now less likely to make compression worse. + * Support for "xz --list" was added +* Sat Apr 24 2010 coolo@novell.com +- buildrequire pkg-config to fix provides +* Sat Dec 12 2009 jengelh@medozas.de +- add baselibs.conf as a source +* Fri Sep 4 2009 coolo@novell.com +- update to 4.999.9beta + * only some polishment above the git snapshot I took +* Sun Aug 23 2009 coolo@novell.com +- borrow %%check section from fedora spec +* Thu Aug 20 2009 coolo@novell.com +- update to latest git (5.0 still not released) + * a xz man page (bnc#505969) + * fix data corruption in LZ/LZMA2 encoder. + * major documentation update + * install lzdiff, lzgrep, and lzmore as symlinks + * make the default memory usage limit 40 %% of RAM for both + compressing and decompressing. + * fixed a crash in liblzma + See git://ctrl.tukaani.org/xz.git for more +* Sun Jun 7 2009 crrodriguez@suse.de +- remove static libraries, see bnc#509945 for details +* Sun Feb 22 2009 ro@suse.de +- added baselibs.conf (for rpm-32bit) +* Mon Feb 16 2009 coolo@suse.de +- use bzip payload, so users are able to install new rpm on old systems +* Wed Feb 11 2009 coolo@suse.de +- fix devel symlink +* Fri Feb 6 2009 schwab@suse.de +- Update to xz-4.999.8beta. + See git://ctrl.tukaani.org/lzma-utils.git. +* Wed Jan 7 2009 schwab@suse.de +- Update to xz-4.999.7beta. + See git://ctrl.tukaani.org/lzma-utils.git. +- Rename to xz. +* Wed Jul 30 2008 schwab@suse.de +- Update to lzma-4.32.7. + * If "lzma -t" is run on a corrupt file or interrupted by a signal, + don't unlink /dev/null. + * Partial fix to race conditions where a signal could make lzma to + unlink both the source and destination files. Now it cannot lose + data anymore, but with bad luck an incomplete file may be left + on the disk. +* Wed May 14 2008 schwab@suse.de +- Update to lzma-4.32.6. + * Always use 32-bit integer to hold probability variables. Earlier, + these were 64-bit on 64-bit architectures, which hurt cache + efficiency in the CPU, and thus performance of LZMA. 32-bit + architectures are not affected by this change. + * Fix a theoretical data corruption bug in the LZMA encoder. It is + about overflowing a 32-bit integer, whose typical value stays below + five. I don't know if it is actually possible to construct to a file + that could make it overflow. Even if it were possible, it would "only" + make the output file corrupt so that it is 4 GiB too small; there + are no other security risks. Now the integer is 64-bit to be sure + it won't overflow. + * Add support for copying timestamps on operating systems that support + setting timestamps only by filename, not by file descriptor. + * Several portability fixes were made. +* Fri May 9 2008 schwab@suse.de +- Revert last changes. +* Tue May 6 2008 bk@suse.de +- ci removed #neededforbuild while mbuild converts to BuildRequires +- bzip2 source to save space (not lzma, so it can be built in <11.0) +* Tue May 6 2008 bk@suse.de +- run the package-provided self-test by adding a call to 'make check' +- use %%configure instead of equivalent configure call with options +- improved to allow building in SLES and non-SUSE repositories, eg: + - replace obsolete nostatic patch with check for static objects + - use more generic wildcards in the file list for manual pages +* Mon Feb 4 2008 schwab@suse.de +- Fix installation. +* Mon Feb 4 2008 schwab@suse.de +- Update to lzma-4.32.5. + * The percentage shown when --verbose is used, works again. Also some + typos were fixed from the messages printed by --verbose. + * Several small portability fixes were made. +* Fri Jan 4 2008 crrodriguez@suse.de +- Version 4.32.4 + * Ignore command line switch --format=alone. This way current scripts + can be written so that they will produce LZMA_Alone format files + even with the new command line tool once it is finishes along with + liblzma. + * The command line tool now tells if the user tries to decode files + in the new .lzma format. The message recommends upgrading to newer + LZMA Utils. + * Added some internal consistency checks to liblzmadec, so that it + doesn't crash if given lzmadec_stream whose initialization failed. + Some applications using zlib and libbzip2 don't check if + initialization was successful, and expect that error gets caught + safely later. +- disable static libraries +- remove liblzmadec.la that has empty dependency_libs +- do not link utils statically +* Mon Dec 3 2007 dmueller@suse.de +- update to 4.32.3: + * rare file content loss bugs fixed (did not check for error upon close()) + * permissions copying fixed +- testsuited switched partially to GPLv3 +- fix library package name +* Thu Oct 11 2007 schwab@suse.de +- Fix missing include. +* Wed Oct 10 2007 schwab@suse.de +- Initial version 4.32.0beta5. diff --git a/xz.keyring b/xz.keyring new file mode 100644 index 0000000..0fdbc77 --- /dev/null +++ b/xz.keyring @@ -0,0 +1,56 @@ +pub 4096R/69184620 2010-10-24 +uid Lasse Collin +sub 4096R/58ADF744 2010-10-24 + +-----BEGIN PGP PUBLIC KEY BLOCK----- +Version: GnuPG v2.0.22 (GNU/Linux) + +mQINBEzEOZIBEACxg/IuXERlDB48JBWmF4NxNUuuup1IhJAJyFGFSKh3OGAO2Ard +sNuRLjANsFXA7m7P5eTFcG+BoHHuAVYmKnI3PPZtHVLnUt4pGItPczQZ2BE1WpcI +ayjGTBJeKItX3Npqg9D/odO9WWS1i3FQPVdrLn0YH37/BA66jeMQCRo7g7GLpaNf +IrvYGsqTbxCwsmA37rpE7oyU4Yrf74HT091WBsRIoq/MelhbxTDMR8eu/dUGZQVc +Kj3lN55RepwWwUUKyqarY0zMt4HkFJ7v7yRL+Cvzy92Ouv4Wf2FlhNtEs5LE4Tax +W0PO5AEmUoKjX87SezQK0f652018b4u6Ex52cY7p+n5TII/UyoowH6+tY8UHo9yb +fStrqgNE/mY2bhA6+AwCaOUGsFzVVPTbjtxL3HacUP/jlA1h78V8VTvTs5d55iG7 +jSqR9o05wje8rwNiXXK0xtiJahyNzL97Kn/DgPSqPIi45G+8nxWSPFM5eunBKRl9 +vAnsvwrdPRsR6YR3uMHTuVhQX9/CY891MHkaZJ6wydWtKt3yQwJLYqwo5d4DwnUX +CduUwSKv+6RmtWI5ZmTQYOcBRcZyGKml9X9Q8iSbm6cnpFXmLrNQwCJN+D3SiYGc +MtbltZo0ysPMa6Xj5xFaYqWk/BI4iLb2Gs+ByGo/+a0Eq4XYBMOpitNniQARAQAB +tCdMYXNzZSBDb2xsaW4gPGxhc3NlLmNvbGxpbkB0dWthYW5pLm9yZz6JAjgEEwEC +ACIFAkzEOZICGwMGCwkIBwMCBhUIAgkKCwQWAgMBAh4BAheAAAoJEDjudX1pGEYg +IOAP+wVysKEWl6zGzDzlu77lRe3NiCgdmKs59bywQsLhB5KmNt+5Q3F2OP+S0ftY +HGdw7sNZ/wUUptBQXb8l/yU1oljUg1JCgDv9JU9k4OOGC6w09288LvHW1PcULepB +/kgjh77+TnuJO/ZeZq6Onxdx9TNGzet8f2KBWKI8tPQ+/yabWPNqEeH/1XSp32Sy +XAlYgm9MKfEg9jZAwLnSoPivuzw/B5U1pJUEIE2XUV8VWSiCXlONmiQ6p0WwISXe +uGB8gpYarrfReS1Joj+any3zYZCg4TTsJNgZawRgSZEne8D8s3F+DLp/y+mLKR42 +3lTLfUw+x0JaPjjndjowBwseqasJF583izxGhHD3UNUh4KwVYgMV9wzT7myz9Cp8 +PF8BbvehLoR2YHsRNVu2weCxbCclwHOZNT6jwwi7AGrsZryNjnyO6KRv/MMsQ7zY +KD4xvH2TQIGNERKjwtCZ01woR99SMVJoTaLR/LQ9ww02Th8NOZ+TMMFKxBPcYhE1 +Q3xUHDC38WfSi8/gQtoNbeS2Lm5UYJwjDScxYLDVDDNNgqYQAc5fywi57pq9HskE +P8HleLcBIS8Eg5qi2By9BHWFtGNwp51Pb5mMUHFym7LUu9bBCSWAQZkgW3/RsZDm +PAUTbcFcGNJD4Mb9VqnVQYgBb3wfqcgLK2sfQd1Hge2UsEQ+uQINBEzEOZIBEAC/ +xcCnY8YD8bUqYKtUjM4GbU08i6oYBg9zWX2nR1h2ESC9/DQ1dyXkwO/WNs49nY+y +kDw0/tGqnos01dhN4z94gkOd1Tk+HKJ7AWkAICnsaabZ0vk9Q6G7SAhSdBhs39B0 +Y+ijts0jrjorVj1pVMG71+zNCyyNvoapcdI0z6myRWf2Wuik7W0usXQj1VKVKmGU +KaJBGXMEJlKfEPpRqCQ9rDWAmcmqet1/2gDoAhq9kV2HXTh+XvLxsxlvpsLQr/lk +PQMt+ZhqiOTKpG2XdUG7r9m9euOxP0BBLnH0R1WyVShhj6RTFCbXCLcsiLeY6Pq/ +Qgi+ArOO3Rf/f0TcLjb6bx11MqjAUHVjWUTMeJPzRg/1r4j4vZupiDLouqzkLEjm +qmHXFF+Datjq69zms9iT0HVH3iNt4qLdbyvIcb1AkE1dx3yYIYszerKVZdMkDigY +hPJoiUYK4x4pR94U28aKONsQ5DQKvgkKN0AJtYmw8Sgg6tEXFj43AkQDf0OTJqXK +HaXSpM1dMhiEuIO7OX61a4Ff5KMdq+P2MbK/CvdPfuB/NgI0yhl/wZrEBQkwKgZO +qeyNM8YyKif8N902QUND5+K91iJVD2n82OmvfywLzdXx0cX/UqQgcibLMw9N0LuX ++UwfILYbHZ1Zk6O444qK3RCjLcNmhDC83Vlk0P0zVQARAQABiQIfBBgBAgAJBQJM +xDmSAhsMAAoJEDjudX1pGEYgJosP/A6V89zcX1AHqp5dtKXRa9mCTvtvA+wU6M4b +y/gS7EUos6GH22qe6Y1iEjqTeBgHkmD22TFPjHyfU9nDQOs3s3U+KZE1srjIzvHV +or1anIhl82IQPRxz775If1TT68rdmUadjc9Y6Xe2h8fvIhrkkXpQz/PTLW+gqJjf +xstOT4WUgGpNrYRf2T3A3RhRWLBVakXfzlQg1ZnXp/bQfaMQbrgeuZD5bXF88joo +UY3u1VLaaWwr8TzANBDZGbH3+uzjsuSY/IDspzdo+K0uNAoXSHowAYnlBg8aGubT +PBvJdZ5YE6gdo1++Sk5kJz1S0JNYnzV/Cwh+ne9vba/RHcXPSqEggm9Bv1k43eDD +aSO44Yy7nUhd+X77LOZmsWwRCwUxq05gHCxaUTqPBp8pKysn2/JVI5ik2aDpoLLB +U5gyB5wwreuCXm7qoHGaC2hgBipLgHuBDLHZSOn95TUyi1ZA6/+p1VWHStJXkLHx +ZqIbz46DKa8Uvy81Hn13cqdbTWTSYjjEq4Jd0AMSnewX2nMZ/4dN3xgb3ds361cQ +yVaF7JzyAzUOiyRknw5rGhv5kYGSRLp1SxkBXtp7FajZkMabS2k87ctWb9nQjhJu +Vv6UnpCwiz3gyuipl/GVUWiz4+HXUQgBmTGovm5tJ/9LIwPdw2wbUtF9MJPpCLqT +wOSlnSuT +=u8YC +-----END PGP PUBLIC KEY BLOCK----- diff --git a/xz.spec b/xz.spec new file mode 100644 index 0000000..f2b54b8 --- /dev/null +++ b/xz.spec @@ -0,0 +1,195 @@ +# +# spec file for package xz +# +# Copyright (c) 2022-2023 ZhuningOS +# + + +# avoid bootstrapping problem +%define _binary_payload w9.bzdio +Name: xz +Version: 5.2.3 +Release: 150000.4.7.1 +Summary: A Program for Compressing Files with the Lempel–Ziv–Markov algorithm +License: LGPL-2.1-or-later AND GPL-2.0-or-later AND SUSE-Public-Domain +Group: Productivity/Archiving/Compression +Url: http://tukaani.org/xz/ +Source0: http://tukaani.org/xz/%{name}-%{version}.tar.gz +Source1: http://tukaani.org/xz/%{name}-%{version}.tar.gz.sig +Source2: baselibs.conf +# from http://tukaani.org/misc/lasse_collin_pubkey.txt#/xz.keyring +Source3: xz.keyring +Source4: xznew +Source5: xznew.1 +# PATCH-FIX-SECURITY ZDI-CAN-16587 bsc#1198062 danilo.spinella@suse.com +Patch1: bsc1198062.patch +BuildRequires: pkgconfig +Provides: lzma = %{version} +Obsoletes: lzma < %{version} +BuildRoot: %{_tmppath}/%{name}-%{version}-build +%if 0%{?lang_package:1} +Recommends: %{name}-lang +%endif + +%description +The xz command is a program for compressing files. +* Average compression ratio of LZMA is about 30%% better than that of + gzip, and 15%% better than that of bzip2. +* Decompression speed is only little slower than that of gzip, being + two to five times faster than bzip2. +* In fast mode, compresses faster than bzip2 with a comparable + compression ratio. +* Achieving the best compression ratios takes four to even twelve + times longer than with bzip2. However, this does not affect + decompressing speed. +* Very similar command line interface to what gzip and bzip2 have. + +%lang_package + +%package -n liblzma5 +Summary: Lempel–Ziv–Markov chain algorithm compression library +License: SUSE-Public-Domain +Group: System/Libraries + +%description -n liblzma5 +Library for encoding/decoding LZMA files. + +%package devel +Summary: Development package for the LZMA library +License: SUSE-Public-Domain +Group: Development/Libraries/C and C++ +Requires: liblzma5 = %{version} +Provides: lzma-devel = %{version} +Obsoletes: lzma-devel < %{version} +Provides: lzma-alpha-devel = %{version} +Obsoletes: lzma-alpha-devel < %{version} + +%description devel +This package contains the header files and libraries needed for +compiling programs using the LZMA library. + +%package static-devel +Summary: Static version of LZMA library +License: SUSE-Public-Domain +Group: Development/Libraries/C and C++ +Requires: lzma-devel = %{version} + +%description static-devel +Static library for the LZMA library + +%prep +%setup -q +%patch1 -p1 + +%build +export CFLAGS="%{optflags} -D_REENTRANT -pipe -fPIE" +export LDFLAGS="-Wl,-z,relro,-z,now -pie" +%configure \ + --with-pic \ + --docdir=%{_docdir}/%{name} +%if 0%{?do_profiling} + make %{?_smp_mflags} CFLAGS="${CFLAGS} %{cflags_profile_generate}" + make check %{?_smp_mflags} + make clean + make %{?_smp_mflags} CFLAGS="${CFLAGS} %{cflags_profile_feedback}" +%else + make %{?_smp_mflags} +%endif + +%check +make %{?_smp_mflags} check + +%install +%if 0%{?make_install:1} +%make_install +%else +# Retain this line, with trailing #, to work around an overly eager spec-cleaner +make DESTDIR=%{buildroot} install %{?_smp_mflags} # +%endif +find %{buildroot} -type f -name "*.la" -delete -print +%find_lang %{name} +install -Dpm 0755 %{SOURCE4} %{buildroot}%{_bindir}/xznew +install -Dpm 0644 %{SOURCE5} %{buildroot}%{_mandir}/man1/xznew.1 +rm -vf %{buildroot}%{_docdir}/%{name}/{COPYING,COPYING.GPLv2} + +%post -n liblzma5 -p /sbin/ldconfig +%postun -n liblzma5 -p /sbin/ldconfig + +%if 0%{?lang_package:1} +%files lang -f %{name}.lang +%defattr(-, root, root) +%endif + +%files +%defattr(-, root, root) +%license COPYING COPYING.GPLv2 +%{_docdir}/%{name} +%{_bindir}/lzcat +%{_bindir}/lzcmp +%{_bindir}/lzdiff +%{_bindir}/lzegrep +%{_bindir}/lzfgrep +%{_bindir}/lzgrep +%{_bindir}/lzless +%{_bindir}/lzma +%{_bindir}/lzmadec +%{_bindir}/lzmainfo +%{_bindir}/lzmore +%{_bindir}/unlzma +%{_bindir}/unxz +%{_bindir}/xz +%{_bindir}/xzcat +%{_bindir}/xzcmp +%{_bindir}/xzdec +%{_bindir}/xzdiff +%{_bindir}/xzegrep +%{_bindir}/xzfgrep +%{_bindir}/xzgrep +%{_bindir}/xzless +%{_bindir}/xzmore +%{_bindir}/xznew +%{_mandir}/man1/lzcat.1%{ext_man} +%{_mandir}/man1/lzcmp.1%{ext_man} +%{_mandir}/man1/lzdiff.1%{ext_man} +%{_mandir}/man1/lzegrep.1%{ext_man} +%{_mandir}/man1/lzfgrep.1%{ext_man} +%{_mandir}/man1/lzgrep.1%{ext_man} +%{_mandir}/man1/lzless.1%{ext_man} +%{_mandir}/man1/lzma.1%{ext_man} +%{_mandir}/man1/lzmadec.1%{ext_man} +%{_mandir}/man1/lzmainfo.1%{ext_man} +%{_mandir}/man1/lzmore.1%{ext_man} +%{_mandir}/man1/unlzma.1%{ext_man} +%{_mandir}/man1/unxz.1%{ext_man} +%{_mandir}/man1/xz.1%{ext_man} +%{_mandir}/man1/xzcat.1%{ext_man} +%{_mandir}/man1/xzcmp.1%{ext_man} +%{_mandir}/man1/xzdec.1%{ext_man} +%{_mandir}/man1/xzdiff.1%{ext_man} +%{_mandir}/man1/xzegrep.1%{ext_man} +%{_mandir}/man1/xzfgrep.1%{ext_man} +%{_mandir}/man1/xzgrep.1%{ext_man} +%{_mandir}/man1/xzless.1%{ext_man} +%{_mandir}/man1/xzmore.1%{ext_man} +%{_mandir}/man1/xznew.1%{ext_man} +%if 0%{!?lang_package:1} +%{_datadir}/locale/*/LC_MESSAGES/xz.mo +%endif + +%files -n liblzma5 +%defattr(-, root, root) +%{_libdir}/liblzma.so.5* + +%files devel +%defattr(-, root, root) +%{_includedir}/lzma.h +%dir %{_includedir}/lzma/ +%{_includedir}/lzma/* +%{_libdir}/liblzma.so +%{_libdir}/pkgconfig/liblzma.pc + +%files static-devel +%defattr(-, root, root) +%{_libdir}/liblzma.a + +%changelog diff --git a/xznew b/xznew new file mode 100644 index 0000000..7421e1a --- /dev/null +++ b/xznew @@ -0,0 +1,177 @@ +#!/bin/sh + +# Copyright (C) 2015 Hans-Peter Jansen +# Copyright (C) 1998, 2002, 2004 Free Software Foundation +# Copyright (C) 1993 Jean-loup Gailly + +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation; either version 2 of the License, or +# (at your option) any later version. + +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. + +# You should have received a copy of the GNU General Public License along +# with this program; if not, write to the Free Software Foundation, Inc., +# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. + + +PATH="/usr/bin:$PATH"; export PATH +check=0 +pipe=0 +opt= +files= +keep=0 +res=0 +old=0 +new=0 +block=1024 +# block is the disk block size (best guess, need not be exact) + +warn="(does not preserve modes and timestamp)" +tmp=`mktemp -d ${TMPDIR-/tmp}/zfoo.XXXXXX` || { + echo 'cannot create temporary directory' >&2 + exit 1 +} +trap "rm -rf $tmp/" 0 1 2 3 6 13 15 +set -C +echo hi > $tmp/1 +echo hi > $tmp/2 +if test -z "`(${CPMOD-cpmod} $tmp/1 $tmp/2) 2>&1`"; then + cpmod=${CPMOD-cpmod} + warn="" +fi + +if test -z "$cpmod" && ${TOUCH-touch} -r $tmp/1 $tmp/2 2>/dev/null; then + cpmod="${TOUCH-touch}" + cpmodarg="-r" + warn="(does not preserve file modes)" +fi + +# check about xz extension +xz $tmp/1 &> /dev/null +ext=`echo $tmp/1* | sed "s|$tmp/1||"` +rm -rf $tmp/ +trap - 0 1 2 3 6 13 15 +if test -z "$ext"; then + echo xznew: error determining xz extension + exit 1 +fi +if test "$ext" = ".gz"; then + echo xznew: cannot use .gz as xz extension. + exit 1 +fi + +for arg +do + case "$arg" in + -*) opt="$opt $arg"; shift;; + *) break;; + esac +done + +if test $# -eq 0; then + echo "recompress .gz or .tgz files into $ext (xz) files" + echo usage: `echo $0 | sed 's,^.*/,,'` "[-tv9KP]" file.gz... + echo " -t tests the new files before deleting originals" + echo " -v be verbose" + echo " -9 use the slowest compression method (optimal compression)" + echo " -K keep a .gz file when it is smaller than the $ext file" + echo " -P use pipes for the conversion $warn" + exit 1 +fi + +opt=`echo "$opt" | sed -e 's/ //g' -e 's/-//g'` +case "$opt" in + *t*) check=1; opt=`echo "$opt" | sed 's/t//g'` +esac +case "$opt" in + *K*) keep=1; opt=`echo "$opt" | sed 's/K//g'` +esac +case "$opt" in + *P*) pipe=1; opt=`echo "$opt" | sed 's/P//g'` +esac +if test -n "$opt"; then + opt="-$opt" +fi + +for i do + m=`echo $i | sed 's/\.tgz$//'` + if test -f "$m.tgz" ; then + echo "Renaming file *.tgz to *.tar.gz" + mv "$i" "$m.tar.gz" + n=`echo $i | sed 's/\.tgz$/\.tar/'` + else + n=`echo $i | sed 's/\.gz$//'` + fi + if test ! -f "$n.gz" ; then + echo $n.gz not found + res=1; continue + fi + test $keep -eq 1 && old=`wc -c < "$n.gz"` + if test $pipe -eq 1; then + if gzip -d < "$n.gz" | xz $opt > "$n$ext"; then + # Copy file attributes from old file to new one, if possible. + test -n "$cpmod" && $cpmod $cpmodarg "$n.gz" "$n$ext" 2> /dev/null + else + echo error while recompressing $n.gz + res=1; continue + fi + else + if test $check -eq 1; then + if cp -p "$n.gz" "$n.$$" 2> /dev/null || cp "$n.gz" "$n.$$"; then + : + else + echo cannot backup "$n.gz" + res=1; continue + fi + fi + if gzip -d "$n.gz"; then + : + else + test $check -eq 1 && mv "$n.$$" "$n.gz" + echo error while uncompressing $n.gz + res=1; continue + fi + if xz $opt "$n"; then + : + else + if test $check -eq 1; then + mv "$n.$$" "$n.gz" && rm -f "$n" + echo error while recompressing $n + else + # gzip $n (might be dangerous if disk full) + echo error while recompressing $n, left uncompressed + fi + res=1; continue + fi + fi + test $keep -eq 1 && new=`wc -c < "$n$ext"` + if test $keep -eq 1 && test `expr \( $old + $block - 1 \) / $block` -lt \ + `expr \( $new + $block - 1 \) / $block`; then + if test $pipe -eq 1; then + rm -f "$n$ext" + elif test $check -eq 1; then + mv "$n.$$" "$n.gz" && rm -f "$n$ext" + else + xz -d "$n$ext" && gzip "$n" && rm -f "$n$ext" + fi + echo "$n.gz smaller than $n$ext -- unchanged" + + elif test $check -eq 1; then + if xz -t "$n$ext" ; then + rm -f "$n.$$" "$n.gz" + else + test $pipe -eq 0 && mv "$n.$$" "$n.gz" + rm -f "$n$ext" + echo error while testing $n$ext, $n.gz unchanged + res=1; continue + fi + elif test $pipe -eq 1; then + rm -f "$n.gz" + fi +done +exit $res diff --git a/xznew.1 b/xznew.1 new file mode 100644 index 0000000..a341f55 --- /dev/null +++ b/xznew.1 @@ -0,0 +1,39 @@ +.TH XZNEW 1 +.SH NAME +xznew \- recompress .gz or .tgz files to .xz files +.SH SYNOPSIS +.B xznew +[ -ftv9PK] [ name.gz ... ] +.SH DESCRIPTION +.I xznew +recompresses files from .gz (gzip) format to .xz (xz) format. +If you want to recompress a file already in xz format, rename the file +to force a .xz extension then apply xznew. +.SH OPTIONS +.TP +.B \-f +Force recompression from .gz to .xz format even if a .xz file already exists. +.TP +.B \-t +Tests the new files before deleting originals. +.TP +.B \-v +Verbose. Display the name and percentage reduction for each file compressed. +.TP +.B \-9 +Use the slowest compression method (optimal compression). +.TP +.B \-P +Use pipes for the conversion to reduce disk space usage. +.TP +.B \-K +Keep a .gz file when it is smaller than the .xz file +.SH "SEE ALSO" +xz(1), gzip(1) +.SH BUGS +.I xznew +does not maintain the time stamp with the -P option if +.I cpmod(1) +is not available and +.I touch(1) +does not support the -r option.