Skip to content

Commit

Permalink
Update 1 package
Browse files Browse the repository at this point in the history
mingw-w64-i686-xz (5.6.2-2 -> 5.6.3-1)

Signed-off-by: Git for Windows Build Agent <[email protected]>
  • Loading branch information
Git for Windows Build Agent committed Oct 4, 2024
1 parent ab1ca64 commit aefc5ef
Show file tree
Hide file tree
Showing 80 changed files with 661 additions and 214 deletions.
Binary file modified mingw32/bin/liblzma-5.dll
Binary file not shown.
Binary file modified mingw32/bin/lzmadec.exe
Binary file not shown.
Binary file modified mingw32/bin/lzmainfo.exe
Binary file not shown.
Binary file modified mingw32/bin/unxz.exe
Binary file not shown.
Binary file modified mingw32/bin/xz.exe
Binary file not shown.
Binary file modified mingw32/bin/xzcat.exe
Binary file not shown.
2 changes: 1 addition & 1 deletion mingw32/bin/xzcmp
Original file line number Diff line number Diff line change
Expand Up @@ -31,7 +31,7 @@ case ${0##*/} in
*) prog=xzdiff; cmp=${DIFF:-diff};;
esac

version="$prog (XZ Utils) 5.6.2"
version="$prog (XZ Utils) 5.6.3"

usage="Usage: ${0##*/} [OPTION]... FILE1 [FILE2]
Compare FILE1 to FILE2, using their uncompressed contents if they are
Expand Down
Binary file modified mingw32/bin/xzdec.exe
Binary file not shown.
2 changes: 1 addition & 1 deletion mingw32/bin/xzdiff
Original file line number Diff line number Diff line change
Expand Up @@ -31,7 +31,7 @@ case ${0##*/} in
*) prog=xzdiff; cmp=${DIFF:-diff};;
esac

version="$prog (XZ Utils) 5.6.2"
version="$prog (XZ Utils) 5.6.3"

usage="Usage: ${0##*/} [OPTION]... FILE1 [FILE2]
Compare FILE1 to FILE2, using their uncompressed contents if they are
Expand Down
2 changes: 1 addition & 1 deletion mingw32/bin/xzegrep
Original file line number Diff line number Diff line change
Expand Up @@ -35,7 +35,7 @@ case ${0##*/} in
*) prog=xzgrep; grep=${GREP:-grep};;
esac

version="$prog (XZ Utils) 5.6.2"
version="$prog (XZ Utils) 5.6.3"

usage="Usage: ${0##*/} [OPTION]... [-e] PATTERN [FILE]...
Look for instances of PATTERN in the input FILEs, using their
Expand Down
2 changes: 1 addition & 1 deletion mingw32/bin/xzfgrep
Original file line number Diff line number Diff line change
Expand Up @@ -35,7 +35,7 @@ case ${0##*/} in
*) prog=xzgrep; grep=${GREP:-grep};;
esac

version="$prog (XZ Utils) 5.6.2"
version="$prog (XZ Utils) 5.6.3"

usage="Usage: ${0##*/} [OPTION]... [-e] PATTERN [FILE]...
Look for instances of PATTERN in the input FILEs, using their
Expand Down
2 changes: 1 addition & 1 deletion mingw32/bin/xzgrep
Original file line number Diff line number Diff line change
Expand Up @@ -35,7 +35,7 @@ case ${0##*/} in
*) prog=xzgrep; grep=${GREP:-grep};;
esac

version="$prog (XZ Utils) 5.6.2"
version="$prog (XZ Utils) 5.6.3"

usage="Usage: ${0##*/} [OPTION]... [-e] PATTERN [FILE]...
Look for instances of PATTERN in the input FILEs, using their
Expand Down
2 changes: 1 addition & 1 deletion mingw32/bin/xzless
Original file line number Diff line number Diff line change
Expand Up @@ -24,7 +24,7 @@
# specified via XZ_OPT.
xz='xz --format=auto'

version='xzless (XZ Utils) 5.6.2'
version='xzless (XZ Utils) 5.6.3'

usage="Usage: ${0##*/} [OPTION]... [FILE]...
Like 'less', but operate on the uncompressed contents of xz compressed FILEs.
Expand Down
2 changes: 1 addition & 1 deletion mingw32/bin/xzmore
Original file line number Diff line number Diff line change
Expand Up @@ -24,7 +24,7 @@
# specified via XZ_OPT.
xz='xz --format=auto'

version='xzmore (XZ Utils) 5.6.2'
version='xzmore (XZ Utils) 5.6.3'

usage="Usage: ${0##*/} [OPTION]... [FILE]...
Like 'more', but operate on the uncompressed contents of xz compressed FILEs.
Expand Down
2 changes: 1 addition & 1 deletion mingw32/include/lzma/container.h
Original file line number Diff line number Diff line change
Expand Up @@ -306,7 +306,7 @@ extern LZMA_API(uint64_t) lzma_easy_decoder_memusage(uint32_t preset)
* number and zero or more flags. Usually flags aren't
* used, so preset is simply a number [0, 9] which match
* the options -0 ... -9 of the xz command line tool.
* Additional flags can be be set using bitwise-or with
* Additional flags can be set using bitwise-or with
* the preset level number, e.g. 6 | LZMA_PRESET_EXTREME.
* \param check Integrity check type to use. See check.h for available
* checks. The xz command line tool defaults to
Expand Down
2 changes: 1 addition & 1 deletion mingw32/include/lzma/version.h
Original file line number Diff line number Diff line change
Expand Up @@ -22,7 +22,7 @@
#define LZMA_VERSION_MINOR 6

/** \brief Patch version number of the liblzma release. */
#define LZMA_VERSION_PATCH 2
#define LZMA_VERSION_PATCH 3

/**
* \brief Version stability marker
Expand Down
Binary file modified mingw32/lib/liblzma.a
Binary file not shown.
Binary file modified mingw32/lib/liblzma.dll.a
Binary file not shown.
2 changes: 1 addition & 1 deletion mingw32/lib/pkgconfig/liblzma.pc
Original file line number Diff line number Diff line change
Expand Up @@ -9,7 +9,7 @@ includedir=/mingw32/include
Name: liblzma
Description: General purpose data compression library
URL: https://tukaani.org/xz/
Version: 5.6.2
Version: 5.6.3
Cflags: -I${includedir}
Cflags.private: -DLZMA_API_STATIC
Libs: -L${libdir} -llzma
Expand Down
125 changes: 125 additions & 0 deletions mingw32/share/doc/xz/NEWS
Original file line number Diff line number Diff line change
Expand Up @@ -2,6 +2,131 @@
XZ Utils Release Notes
======================

5.6.3 (2024-10-01)

IMPORTANT: This includes a Windows-specific security fix to
the command line tools. liblzma isn't affected by this issue.

* liblzma:

- Fix x86-64 inline assembly compatibility with GNU Binutils
older than 2.27.

- Fix the build with GCC 4.2 on OpenBSD/sparc64.

* xzdec: Display an error instead of failing silently if the
unsupported option -M is specified.

* lzmainfo: Fix integer overflows when rounding the dictionary and
uncompressed sizes to the nearest mebibyte.

* Windows (except Cygwin and MSYS2): Add an application manifest to
xz, xzdec, lzmadec, and lzmainfo executables:

- Declare them compatible with Vista/7/8/8.1/10/11. This way
the programs won't needlessly use Operating System Context
of Vista when running on later Windows versions. This setting
doesn't mean that the executables cannot run on even older
versions if otherwise built that way.

- Declare them as UAC-compliant. MSVC added this by default
already but it wasn't done with MinGW-w64, at least not
with all toolchain variants.

- Declare them long path aware. This makes long path names
work on Windows 10 and 11 if the feature has been enabled
in the Windows registry.

- Use the UTF-8 code page on Windows 10 version 1903 and later.

* Now command line tools can access files whose names
contain characters that don't exist in the current
legacy code page.

* The options --files and --files0 now expect file lists
to be in UTF-8 instead of the legacy code page.

* This fixes a security issue: If a command line contains
Unicode characters (for example, filenames) that don't
exist in the current legacy code page, the characters are
converted to similar-looking characters with best-fit
mapping. Some best-fit mappings result in ASCII
characters that change the meaning of the command line,
which can be exploited with malicious filenames to do
argument injection or directory traversal attacks.
UTF-8 avoids best-fit mappings and thus fixes the issue.

Forcing the process code page to UTF-8 is possible only
on Windows 10 version 1903 and later. The command line
tools remain vulnerable if used on an old older
version of Windows.

This issue was discovered by Orange Tsai and splitline
from DEVCORE Research Team.

A related smaller issue remains: Windows filenames may
contain unpaired surrogates (invalid UTF-16). These are
converted to the replacement character U+FFFD in the
UTF-8 code page. Thus, filenames with different unpaired
surrogates appear identical and aren't distinguishable
from filenames that contain the actual replacement
character U+FFFD.

* When building with MinGW-w64, it is recommended to use
UCRT version instead of the old MSVCRT. For example,
non-ASCII characters from filenames won't print
correctly in messages to console with MSVCRT with
the UTF-8 code page (a cosmetic issue). liblzma-only
builds are still fine with MSVCRT.

- Cygwin and MSYS2 process command line options differently and
the above issues don't exist. There is no need to replace the
default application manifest on Cygwin and MSYS2.

* Autotools-based build:

- Fix feature checks with link-time optimization (-flto).

- Solaris: Fix a compatibility issue in version.sh. It matters
if one wants to regenerate configure by running autoconf.

* CMake:

- Use paths relative to ${prefix} in liblzma.pc when possible.
This is done only with CMake >= 3.20.

- MSVC: Install liblzma.pc as it can be useful with MSVC too.

- Windows: Fix liblzma filename prefix, for example:

* Cygwin: The DLL was incorrectly named liblzma-5.dll.
Now it is cyglzma-5.dll.

* MSVC: Rename import library from liblzma.lib to lzma.lib
while keeping liblzma.dll name as is. This helps with
"pkgconf --msvc-syntax --libs liblzma" because it mungles
"-llzma" in liblzma.pc to "lzma.lib".

* MinGW-w64: No changes.

- Windows: Use the correct resource file for lzmadec.exe.
Previously the resource file for xzdec.exe was used for both.
Autotools-based build isn't affected.

- Prefer a C11 compiler over a C99 compiler but accept both.

- Link Threads::Threads against liblzma using PRIVATE so that
-pthread and such flags won't unnecessarily get included in
the usage requirements of shared liblzma. That is,
target_link_libraries(foo PRIVATE liblzma::liblzma) no
longer adds -pthread if using POSIX threads and linking
against shared liblzma. The threading flags are still added
if linking against static liblzma.

* Updated translations: Catalan, Chinese (simplified), and
Brazilian Portuguese.


5.6.2 (2024-05-29)

* Remove the backdoor (CVE-2024-3094).
Expand Down
19 changes: 19 additions & 0 deletions mingw32/share/doc/xz/THANKS
Original file line number Diff line number Diff line change
Expand Up @@ -33,6 +33,7 @@ has been important. :-) In alphabetical order:
- Tomer Chachamu
- Vitaly Chikunov
- Antoine Cœur
- Felix Collin
- Gabi Davar
- İhsan Doğan
- Chris Donawa
Expand Down Expand Up @@ -69,9 +70,11 @@ has been important. :-) In alphabetical order:
- Hans Jansen
- Jouk Jansen
- Jun I Jin
- Christoph Junghans
- Kiyoshi Kanazawa
- Joona Kannisto
- Per Øyvind Karlsen
- Firas Khalil Khana
- Iouri Kharon
- Thomas Klausner
- Richard Koch
Expand All @@ -92,6 +95,7 @@ has been important. :-) In alphabetical order:
- Cary Lewis
- Wim Lewis
- Xin Li
- Yifeng Li
- Eric Lindblad
- Lorenzo De Liso
- H.J. Lu
Expand All @@ -107,9 +111,11 @@ has been important. :-) In alphabetical order:
- Nathan Moinvaziri
- Étienne Mollier
- Conley Moorhous
- Andrew Murray
- Rafał Mużyło
- Adrien Nader
- Evan Nemerson
- Alexander Neumann
- Hongbo Ni
- Jonathan Nieder
- Andre Noll
Expand All @@ -118,11 +124,13 @@ has been important. :-) In alphabetical order:
- Daniel Packard
- Filip Palian
- Peter Pallinger
- Kai Pastor
- Rui Paulo
- Igor Pavlov
- Diego Elio Pettenò
- Elbert Pol
- Mikko Pouru
- Frank Prochnow
- Rich Prohaska
- Trần Ngọc Quân
- Pavel Raiskup
Expand All @@ -138,9 +146,12 @@ has been important. :-) In alphabetical order:
- Stephen Sachs
- Jukka Salmi
- Agostino Sarubbo
- Vijay Sarvepalli
- Alexandre Sauvé
- Benno Schulenberg
- Andreas Schwab
- Eli Schwartz
- Peter Seiderer
- Bhargava Shastry
- Dan Shechter
- Stuart Shelton
Expand All @@ -149,14 +160,18 @@ has been important. :-) In alphabetical order:
- Brad Smith
- Bruce Stark
- Pippijn van Steenhoven
- Tobias Stoeckmann
- Martin Storsjö
- Jonathan Stott
- Dan Stromberg
- Douglas Thor
- Vincent Torri
- Alexey Tourbin
- Paul Townsend
- Mohammed Adnène Trojette
- Orange Tsai
- Taiki Tsunekawa
- Mathieu Vachon
- Maksym Vatsyk
- Loganaden Velvindron
- Patrick J. Volkerding
Expand All @@ -176,6 +191,10 @@ has been important. :-) In alphabetical order:
- Ryan Young
- Andreas Zieringer

Companies:
- Google
- Sandfly Security

Also thanks to all the people who have participated in the Tukaani project.

I have probably forgot to add some names to the above list. Sorry about
Expand Down
8 changes: 4 additions & 4 deletions mingw32/share/doc/xz/api/annotated.html
Original file line number Diff line number Diff line change
Expand Up @@ -3,7 +3,7 @@
<head>
<meta http-equiv="Content-Type" content="text/xhtml;charset=UTF-8"/>
<meta http-equiv="X-UA-Compatible" content="IE=11"/>
<meta name="generator" content="Doxygen 1.11.0"/>
<meta name="generator" content="Doxygen 1.12.0"/>
<meta name="viewport" content="width=device-width, initial-scale=1"/>
<title>liblzma (XZ Utils): Data Structures</title>
<link href="tabs.css" rel="stylesheet" type="text/css"/>
Expand All @@ -21,15 +21,15 @@
<tbody>
<tr id="projectrow">
<td id="projectalign">
<div id="projectname">liblzma (XZ Utils)<span id="projectnumber">&#160;5.6.2</span>
<div id="projectname">liblzma (XZ Utils)<span id="projectnumber">&#160;5.6.3</span>
</div>
</td>
</tr>
</tbody>
</table>
</div>
<!-- end header part -->
<!-- Generated by Doxygen 1.11.0 -->
<!-- Generated by Doxygen 1.12.0 -->
<script type="text/javascript">
/* @license magnet:?xt=urn:btih:d3d9a9a6595521f9666a5e94cc830dab83b65699&amp;dn=expat.txt MIT */
$(function() { codefold.init(0); });
Expand Down Expand Up @@ -76,7 +76,7 @@
</div><!-- contents -->
<!-- start footer part -->
<hr class="footer"/><address class="footer"><small>
Generated by&#160;<a href="https://www.doxygen.org/index.html"><img class="footer" src="doxygen.svg" width="104" height="31" alt="doxygen"/></a> 1.11.0
Generated by&#160;<a href="https://www.doxygen.org/index.html"><img class="footer" src="doxygen.svg" width="104" height="31" alt="doxygen"/></a> 1.12.0
</small></address>
</div><!-- doc-content -->
</body>
Expand Down
10 changes: 5 additions & 5 deletions mingw32/share/doc/xz/api/base_8h.html
Original file line number Diff line number Diff line change
Expand Up @@ -3,7 +3,7 @@
<head>
<meta http-equiv="Content-Type" content="text/xhtml;charset=UTF-8"/>
<meta http-equiv="X-UA-Compatible" content="IE=11"/>
<meta name="generator" content="Doxygen 1.11.0"/>
<meta name="generator" content="Doxygen 1.12.0"/>
<meta name="viewport" content="width=device-width, initial-scale=1"/>
<title>liblzma (XZ Utils): lzma/base.h File Reference</title>
<link href="tabs.css" rel="stylesheet" type="text/css"/>
Expand All @@ -21,15 +21,15 @@
<tbody>
<tr id="projectrow">
<td id="projectalign">
<div id="projectname">liblzma (XZ Utils)<span id="projectnumber">&#160;5.6.2</span>
<div id="projectname">liblzma (XZ Utils)<span id="projectnumber">&#160;5.6.3</span>
</div>
</td>
</tr>
</tbody>
</table>
</div>
<!-- end header part -->
<!-- Generated by Doxygen 1.11.0 -->
<!-- Generated by Doxygen 1.12.0 -->
<script type="text/javascript">
/* @license magnet:?xt=urn:btih:d3d9a9a6595521f9666a5e94cc830dab83b65699&amp;dn=expat.txt MIT */
$(function() { codefold.init(0); });
Expand Down Expand Up @@ -188,7 +188,7 @@ <h2 class="memtitle"><span class="permalink"><a href="#af31f0c8b6f14359cd082b955
</div><!-- fragment -->
<p>Initialization for <a class="el" href="structlzma__stream.html" title="Passing data to and from liblzma.">lzma_stream</a>. </p>
<p>When you declare an instance of <a class="el" href="structlzma__stream.html" title="Passing data to and from liblzma.">lzma_stream</a>, you can immediately initialize it so that initialization functions know that no memory has been allocated yet: </p><pre class="fragment">lzma_stream strm = LZMA_STREAM_INIT;
</pre><p> If you need to initialize a dynamically allocated <a class="el" href="structlzma__stream.html" title="Passing data to and from liblzma.">lzma_stream</a>, you can use memset(strm_pointer, 0, sizeof(lzma_stream)). Strictly speaking, this violates the C standard since NULL may have different internal representation than zero, but it should be portable enough in practice. Anyway, for maximum portability, you can use something like this: </p><pre class="fragment">lzma_stream tmp = LZMA_STREAM_INIT;
</pre><p>If you need to initialize a dynamically allocated <a class="el" href="structlzma__stream.html" title="Passing data to and from liblzma.">lzma_stream</a>, you can use memset(strm_pointer, 0, sizeof(lzma_stream)). Strictly speaking, this violates the C standard since NULL may have different internal representation than zero, but it should be portable enough in practice. Anyway, for maximum portability, you can use something like this: </p><pre class="fragment">lzma_stream tmp = LZMA_STREAM_INIT;
*strm = tmp;
</pre>
</div>
Expand Down Expand Up @@ -610,7 +610,7 @@ <h2 class="memtitle"><span class="permalink"><a href="#afc49d4cf75b73128a167df34
</div><!-- contents -->
<!-- start footer part -->
<hr class="footer"/><address class="footer"><small>
Generated by&#160;<a href="https://www.doxygen.org/index.html"><img class="footer" src="doxygen.svg" width="104" height="31" alt="doxygen"/></a> 1.11.0
Generated by&#160;<a href="https://www.doxygen.org/index.html"><img class="footer" src="doxygen.svg" width="104" height="31" alt="doxygen"/></a> 1.12.0
</small></address>
</div><!-- doc-content -->
</body>
Expand Down
Loading

0 comments on commit aefc5ef

Please sign in to comment.