Rebase to version 5.2.6 (#2117931)

2022-08-31 10:59:12 +02:00 · 2022-08-31 10:59:12 +02:00 · 69aef98696
commit 69aef98696
parent be49692558
4 changed files with 10 additions and 177 deletions
--- a/5
+++ b/5
@ -1,3 +1,2 @@
-SHA512 (xz-5.2.5.tar.xz) = 59266068a51cb616eb31b67cd8f07ffeb2288d1391c61665ae2ec6814465afac80fec69248f6a2f2db45b44475af001296a99af6a32287226a9c41419173ccbb
+SHA512 (xz-5.2.6.tar.xz) = 5c69a492227c0ff72836d7a87e6372dc2e62bedfffb33f057263e28a6341825cef67834a863ed6ac02c5368c86da89f8affbe767f8bb914064cfa478f653e935
-SHA512 (xz-5.2.5.tar.xz.sig) = ea0218ac25843c8b44686871fba573809618f074465ec52f5966a082aeeb5e01bd646d462a56a6af7a786e1c69a05b135a6735ad1f3be27daecf3a2f9be865a5
+SHA512 (xz-5.2.6.tar.xz.sig) = 89a5f1e9d857c98bb808d195ca5f61d610c53b139bf0131bb1c4e43a5ce93bacb18593ffe17ef88e6c55b91b34ea13845a13cb13b223ee09d4a2425a0f06026b
 SHA512 (xzgrep-ZDI-CAN-16587.patch.sig) = 527c2702cf3ff3ddee6e49feb6d2305e4e9cd786f856b25f0cb5776df1341c5a960ba54c179cb27c507011e1223baf4a10de8a546199806ff96f531f62b9f136
--- a/xz-5.2.5-enable_CET.patch
+++ b/xz-5.2.5-enable_CET.patch
@ -1,70 +0,0 @@
 From: H.J. Lu <hjl.tools@gmail.com>
 Date: Wed, 23 Dec 2020 15:49:04 +0100 (06:49 -0800)
 Subject: [PATCH] liblzma: Enable Intel CET in x86 CRC assembly codes
 When Intel CET is enabled, we need to include <cet.h> in assembly codes
 to mark Intel CET support and add _CET_ENDBR to indirect jump targets.
 Tested on Intel Tiger Lake under CET enabled Linux.
 ---
 src/liblzma/check/crc32_x86.S | 9 +++++++++
 src/liblzma/check/crc64_x86.S | 9 +++++++++
 2 files changed, 18 insertions(+)
 diff --git a/src/liblzma/check/crc32_x86.S b/src/liblzma/check/crc32_x86.S
 index 67f68a4..e3745e6 100644
 --- a/src/liblzma/check/crc32_x86.S
 +++ b/src/liblzma/check/crc32_x86.S
@@ -51,6 +51,14 @@ init_table(void)
  * extern uint32_t lzma_crc32(const uint8_t *buf, size_t size, uint32_t crc);
  */
 +/* When Intel CET is enabled, include <cet.h> in assembly code to mark
 +   Intel CET support.  */
 +#ifdef __CET__
 +# include <cet.h>
 +#else
 +# define _CET_ENDBR
 +#endif
 +
 /*
  * On some systems, the functions need to be prefixed. The prefix is
  * usually an underscore.
@@ -83,6 +91,7 @@ init_table(void)
 	ALIGN(4, 16)
 LZMA_CRC32:
 +	_CET_ENDBR
 	/*
 	 * Register usage:
 	 * %eax crc
 diff --git a/src/liblzma/check/crc64_x86.S b/src/liblzma/check/crc64_x86.S
 index f5bb84b..7ee08f6 100644
 --- a/src/liblzma/check/crc64_x86.S
 +++ b/src/liblzma/check/crc64_x86.S
@@ -41,6 +41,14 @@ init_table(void)
  * extern uint64_t lzma_crc64(const uint8_t *buf, size_t size, uint64_t crc);
  */
 +/* When Intel CET is enabled, include <cet.h> in assembly code to mark
 +   Intel CET support.  */
 +#ifdef __CET__
 +# include <cet.h>
 +#else
 +# define _CET_ENDBR
 +#endif
 +
 /*
  * On some systems, the functions need to be prefixed. The prefix is
  * usually an underscore.
@@ -73,6 +81,7 @@ init_table(void)
 	ALIGN(4, 16)
 LZMA_CRC64:
 +	_CET_ENDBR
 	/*
 	 * Register usage:
 	 * %eax crc LSB
 -- 
 2.26.0
--- a/xz.spec
+++ b/xz.spec
@ -3,8 +3,8 @@
 Summary:	LZMA compression utilities
 Name:		xz
-Version:	5.2.5
+Version:	5.2.6
-Release:	10%{?dist}
+Release:	1%{?dist}
 # Scripts xz{grep,diff,less,more} and symlinks (copied from gzip) are
 # GPLv2+, binaries are Public Domain (linked against LGPL getopt_long but its
@ -15,17 +15,10 @@ Source0:	https://tukaani.org/%{name}/%{name}-%{version}.tar.xz
 Source1:	https://tukaani.org/%{name}/%{name}-%{version}.tar.xz.sig
 # https://tukaani.org/misc/lasse_collin_pubkey.txt
 Source2:        gpgkey-3690C240CE51B4670D30AD1C38EE757D69184620.asc
 # Signature for Patch2
 Source3:        https://tukaani.org/%{name}/xzgrep-ZDI-CAN-16587.patch.sig
 Source100:	colorxzgrep.sh
 Source101:	colorxzgrep.csh
 Patch1:		xz-5.2.5-enable_CET.patch
 # xzgrep: arbitrary-file-write vulnerability (CVE-2022-1271)
 # NOTE: Source3 contains the upstream signature for this patch
 Patch2:		https://tukaani.org/%{name}/xzgrep-ZDI-CAN-16587.patch
 URL:		https://tukaani.org/%{name}/
 Requires:	%{name}-libs%{?_isa} = %{version}-%{release}
@ -93,7 +86,6 @@ commands that deal with the older LZMA format.
 %prep
 %{gpgverify} --keyring='%{SOURCE2}' --signature='%{SOURCE1}' --data='%{SOURCE0}'
 %{gpgverify} --keyring='%{SOURCE2}' --signature='%{SOURCE3}' --data='%{PATCH2}'
 %autosetup -p1
@ -138,6 +130,7 @@ LD_LIBRARY_PATH=$PWD/src/liblzma/.libs make check
 %{_bindir}/*xz*
 %{_mandir}/man1/*xz*
 %{_mandir}/de/man1/*xz*
 %{_mandir}/fr_FR/man1/*xz*
 %{profiledir}/*
@ -164,9 +157,13 @@ LD_LIBRARY_PATH=$PWD/src/liblzma/.libs make check
 %{_bindir}/*lz*
 %{_mandir}/man1/*lz*
 %{_mandir}/de/man1/*lz*
 %{_mandir}/fr_FR/man1/*lz*
 %changelog
 * Tue Aug 30 2022 Matej Mužila <mmuzila@redhat.com> - 5.2.6-1
 - Rebase to version 5.2.6 (#2117931)
 * Sat Jul 23 2022 Fedora Release Engineering <releng@fedoraproject.org> - 5.2.5-10
 - Rebuilt for https://fedoraproject.org/wiki/Fedora_37_Mass_Rebuild
@ -237,6 +234,7 @@ LD_LIBRARY_PATH=$PWD/src/liblzma/.libs make check
 - Cleanup spec
 * Thu Aug 03 2017 Fedora Release Engineering <releng@fedoraproject.org> - 5.2.3-4
 - Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Binutils_Mass_Rebuild
 * Thu Jul 27 2017 Fedora Release Engineering <releng@fedoraproject.org> - 5.2.3-3
--- a/xzgrep-ZDI-CAN-16587.patch
+++ b/xzgrep-ZDI-CAN-16587.patch
@ -1,94 +0,0 @@
 From 69d1b3fc29677af8ade8dc15dba83f0589cb63d6 Mon Sep 17 00:00:00 2001
 From: Lasse Collin <lasse.collin@tukaani.org>
 Date: Tue, 29 Mar 2022 19:19:12 +0300
 Subject: [PATCH] xzgrep: Fix escaping of malicious filenames (ZDI-CAN-16587).
 Malicious filenames can make xzgrep to write to arbitrary files
 or (with a GNU sed extension) lead to arbitrary code execution.
 xzgrep from XZ Utils versions up to and including 5.2.5 are
 affected. 5.3.1alpha and 5.3.2alpha are affected as well.
 This patch works for all of them.
 This bug was inherited from gzip's zgrep. gzip 1.12 includes
 a fix for zgrep.
 The issue with the old sed script is that with multiple newlines,
 the N-command will read the second line of input, then the
 s-commands will be skipped because it's not the end of the
 file yet, then a new sed cycle starts and the pattern space
 is printed and emptied. So only the last line or two get escaped.
 One way to fix this would be to read all lines into the pattern
 space first. However, the included fix is even simpler: All lines
 except the last line get a backslash appended at the end. To ensure
 that shell command substitution doesn't eat a possible trailing
 newline, a colon is appended to the filename before escaping.
 The colon is later used to separate the filename from the grep
 output so it is fine to add it here instead of a few lines later.
 The old code also wasn't POSIX compliant as it used \n in the
 replacement section of the s-command. Using \<newline> is the
 POSIX compatible method.
 LC_ALL=C was added to the two critical sed commands. POSIX sed
 manual recommends it when using sed to manipulate pathnames
 because in other locales invalid multibyte sequences might
 cause issues with some sed implementations. In case of GNU sed,
 these particular sed scripts wouldn't have such problems but some
 other scripts could have, see:
    info '(sed)Locale Considerations'
 This vulnerability was discovered by:
 cleemy desu wayo working with Trend Micro Zero Day Initiative
 Thanks to Jim Meyering and Paul Eggert discussing the different
 ways to fix this and for coordinating the patch release schedule
 with gzip.
 ---
 src/scripts/xzgrep.in | 20 ++++++++++++--------
 1 file changed, 12 insertions(+), 8 deletions(-)
 diff --git a/src/scripts/xzgrep.in b/src/scripts/xzgrep.in
 index b180936..e5186ba 100644
 --- a/src/scripts/xzgrep.in
 +++ b/src/scripts/xzgrep.in
@@ -180,22 +180,26 @@ for i; do
          { test $# -eq 1 || test $no_filename -eq 1; }; then
       eval "$grep"
     else
 +      # Append a colon so that the last character will never be a newline
 +      # which would otherwise get lost in shell command substitution.
 +      i="$i:"
 +
 +      # Escape & \ | and newlines only if such characters are present
 +      # (speed optimization).
       case $i in
       (*'
 '* | *'&'* | *'\'* | *'|'*)
 -        i=$(printf '%s\n' "$i" |
 -            sed '
 -              $!N
 -              $s/[&\|]/\\&/g
 -              $s/\n/\\n/g
 -            ');;
 +        i=$(printf '%s\n' "$i" | LC_ALL=C sed 's/[&\|]/\\&/g; $!s/$/\\/');;
       esac
 -      sed_script="s|^|$i:|"
 +
 +      # $i already ends with a colon so don't add it here.
 +      sed_script="s|^|$i|"
       # Fail if grep or sed fails.
       r=$(
         exec 4>&1
 -        (eval "$grep" 4>&-; echo $? >&4) 3>&- | sed "$sed_script" >&3 4>&-
 +        (eval "$grep" 4>&-; echo $? >&4) 3>&- |
 +            LC_ALL=C sed "$sed_script" >&3 4>&-
       ) || r=2
       exit $r
     fi >&3 5>&-
 -- 
 2.35.1