mirror of https://git.tukaani.org/xz.git
Add NEWS for 5.6.2
This commit is contained in:
parent
526d3f7f2c
commit
3cc0aa702e
130
NEWS
130
NEWS
|
@ -2,6 +2,136 @@
|
|||
XZ Utils Release Notes
|
||||
======================
|
||||
|
||||
5.6.2 (2024-05-29)
|
||||
|
||||
* Remove the backdoor (CVE-2024-3094).
|
||||
|
||||
* Not changed: Memory sanitizer (MSAN) has a false positive
|
||||
in the CRC CLMUL code which also makes OSS Fuzz unhappy.
|
||||
Valgrind is smarter and doesn't complain.
|
||||
|
||||
A revision to the CLMUL code is coming anyway and this issue
|
||||
will be cleaned up as part of it. It won't be backported to
|
||||
5.6.x or 5.4.x because the old code isn't wrong. There is
|
||||
no reason to risk introducing regressions in old branches
|
||||
just to silence a false positive.
|
||||
|
||||
* liblzma:
|
||||
|
||||
- lzma_index_decoder() and lzma_index_buffer_decode(): Fix
|
||||
a missing output pointer initialization (*i = NULL) if the
|
||||
functions are called with invalid arguments. The API docs
|
||||
say that such an initialization is always done. In practice
|
||||
this matters very little because the problem can only occur
|
||||
if the calling application has a bug and these functions
|
||||
return LZMA_PROG_ERROR.
|
||||
|
||||
- lzma_str_to_filters(): Fix a missing output pointer
|
||||
initialization (*error_pos = 0). This is very similar
|
||||
to the fix above.
|
||||
|
||||
- Fix C standard conformance with function pointer types.
|
||||
|
||||
- Remove GNU indirect function (IFUNC) support. This is *NOT*
|
||||
done for security reasons even though the backdoor relied on
|
||||
this code. The performance benefits of IFUNC are too tiny in
|
||||
this project to make the extra complexity worth it.
|
||||
|
||||
- FreeBSD on ARM64: Add error checking to CRC32 instruction
|
||||
support detection.
|
||||
|
||||
- Fix building with NVIDIA HPC SDK.
|
||||
|
||||
* xz:
|
||||
|
||||
- Fix a C standard conformance issue in --block-list parsing
|
||||
(arithmetic on a null pointer).
|
||||
|
||||
- Fix a warning from GNU groff when processing the man page:
|
||||
"warning: cannot select font 'CW'"
|
||||
|
||||
* xzdec: Add support for Linux Landlock ABI version 4. xz already
|
||||
had the v3-to-v4 change but it had been forgotten from xzdec.
|
||||
|
||||
* Autotools-based build system (configure):
|
||||
|
||||
- Symbol versioning variant can now be overridden with
|
||||
--enable-symbol-versions. Documentation in INSTALL was
|
||||
updated to match.
|
||||
|
||||
- Add new configure option --enable-doxygen to enable
|
||||
generation and installation of the liblzma API documentation
|
||||
using Doxygen. Documentation in INSTALL and PACKAGERS was
|
||||
updated to match.
|
||||
|
||||
CMake:
|
||||
|
||||
- Fix detection of Linux Landlock support. The detection code
|
||||
in CMakeLists.txt had been sabotaged.
|
||||
|
||||
- Disable symbol versioning on non-glibc Linux to match what
|
||||
the Autotools build does. For example, symbol versioning
|
||||
isn't enabled with musl.
|
||||
|
||||
- Symbol versioning variant can now be overridden by setting
|
||||
SYMBOL_VERSIONING to "OFF", "generic", or "linux".
|
||||
|
||||
- Add support for all tests in typical build configurations.
|
||||
Now the only difference to the tests coverage to Autotools
|
||||
is that CMake-based build will skip more tests if features
|
||||
are disabled. Such builds are only for special cases like
|
||||
embedded systems.
|
||||
|
||||
- Separate the CMake code for the tests into tests/tests.cmake.
|
||||
It is used conditionally, thus it is possible to
|
||||
|
||||
rm -rf tests
|
||||
|
||||
and the CMake-based build will still work normally except
|
||||
that no tests are then available.
|
||||
|
||||
- Add a option ENABLE_DOXYGEN to enable generation and
|
||||
installation of the liblzma API documentation using Doxygen.
|
||||
|
||||
* Documentation:
|
||||
|
||||
- Omit the Doxygen-generated liblzma API documentation from the
|
||||
package. Instead, the generation and installation of the API
|
||||
docs can be enabled with a configure or CMake option if
|
||||
Doxygen is available.
|
||||
|
||||
- Remove the XZ logo which was used in the API documentation.
|
||||
The logo has been retired and isn't used by the project
|
||||
anymore. However, it's OK to use it in contexts that refer
|
||||
to the backdoor incident.
|
||||
|
||||
- Remove the PDF versions of the man pages from the source
|
||||
package. These existed primarily for users of operating
|
||||
systems which don't come with tools to render man page
|
||||
source files. The plain text versions are still included
|
||||
in doc/man/txt. PDF files can still be generated to doc/man,
|
||||
if the required tools are available, using "make pdf" after
|
||||
running "configure".
|
||||
|
||||
- Update home page URLs back to their old locations on
|
||||
tukaani.org.
|
||||
|
||||
- Update maintainer info.
|
||||
|
||||
* Tests:
|
||||
|
||||
- In tests/files/README, explain how to recreate the ARM64
|
||||
test files.
|
||||
|
||||
- Remove two tests that used tiny x86 and SPARC object files
|
||||
as the input files. The matching .c file was included but
|
||||
the object files aren't easy to reproduce. The test cases
|
||||
weren't great anyway; they were from the early days (2009)
|
||||
of the project when the test suite had very few tests.
|
||||
|
||||
- Improve a few tests.
|
||||
|
||||
|
||||
5.6.1 (2024-03-09)
|
||||
|
||||
IMPORTANT: This fixed bugs in the backdoor (CVE-2024-3094) (someone
|
||||
|
|
Loading…
Reference in New Issue