From 2889ea151419993458ed98ecd46bc977557cff20 Mon Sep 17 00:00:00 2001 From: Jindrich Novy Date: Tue, 27 Feb 2024 10:39:41 +0100 Subject: [PATCH 01/12] xz-5.6.0-1.fc40 - Rebase to version 5.6.0 Signed-off-by: Jindrich Novy --- sources | 4 ++-- xz.spec | 5 ++++- 2 files changed, 6 insertions(+), 3 deletions(-) diff --git a/sources b/sources index e857edd..217faae 100644 --- a/sources +++ b/sources @@ -1,2 +1,2 @@ -SHA512 (xz-5.4.6.tar.gz) = b08a61d8d478d3b4675cb1ddacdbbd98dc6941a55bcdd81a28679e54e9367d3a595fa123ac97874a17da571c1b712e2a3e901c2737099a9d268616a1ba3de497 -SHA512 (xz-5.4.6.tar.gz.sig) = d5e32b944e7492a32c40f675d918796e077f63490a23c6fce5c4d6d1eebc443f129d27a2e888913c5a36c3ffdac75b9c96c1749402283445e0ba9ff72b965741 +SHA512 (xz-5.6.0.tar.gz) = 1ef3cd3607818314e55b28c20263a9088d4b6e5362a45fbd37c17e799e26b4a7579928b99925ffe71e7804b0db2f65936f66a825bac9b23b7b0664f902925de8 +SHA512 (xz-5.6.0.tar.gz.sig) = 2800c3f440b6b17b61c418e12945f136535cc5a59069be2ee0de37e312e9ad16a29338152990eeb22ebe6cc3513679bdc40336cfa089a279d3b3476ac9d13ed0 diff --git a/xz.spec b/xz.spec index 2efadbc..f3512fc 100644 --- a/xz.spec +++ b/xz.spec @@ -5,7 +5,7 @@ Summary: LZMA compression utilities Name: xz # **PLEASE NOTE**: when bumping xz version, please rebuild # perl-Compress-Raw-Lzma, it has a strict xz version dep -Version: 5.4.6 +Version: 5.6.0 Release: 1%{?dist} # Scripts xz{grep,diff,less,more} and symlinks (copied from gzip) are @@ -170,6 +170,9 @@ LD_LIBRARY_PATH=$PWD/src/liblzma/.libs make check %changelog +* Tue Feb 27 2024 Jindrich Novy - 5.6.0-1 +- Rebase to version 5.6.0 + * Mon Jan 29 2024 Richard W.M. Jones - 5.4.6-1 - New version 5.4.6 (RHBZ#2260521) - Fix Source URLs. From 2efe9bc3d77af8f7989f32c75d5486abb2162d7a Mon Sep 17 00:00:00 2001 From: Adam Williamson Date: Thu, 29 Feb 2024 14:36:12 -0800 Subject: [PATCH 02/12] Bump with no changes so we can do a side tag build --- xz.spec | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/xz.spec b/xz.spec index f3512fc..a4e2082 100644 --- a/xz.spec +++ b/xz.spec @@ -5,8 +5,10 @@ Summary: LZMA compression utilities Name: xz # **PLEASE NOTE**: when bumping xz version, please rebuild # perl-Compress-Raw-Lzma, it has a strict xz version dep +# do this on a side tag, according to +# https://docs.fedoraproject.org/en-US/package-maintainers/Package_Update_Guide/#multiple_packages Version: 5.6.0 -Release: 1%{?dist} +Release: 2%{?dist} # Scripts xz{grep,diff,less,more} and symlinks (copied from gzip) are # GPLv2+, binaries are Public Domain (linked against LGPL getopt_long but its @@ -170,6 +172,9 @@ LD_LIBRARY_PATH=$PWD/src/liblzma/.libs make check %changelog +* Thu Feb 29 2024 Adam Williamson - 5.6.0-2 +- Rebuild on a side tag to create a coherent update + * Tue Feb 27 2024 Jindrich Novy - 5.6.0-1 - Rebase to version 5.6.0 From d2408dde878851ca6350297a738a72496a9558c4 Mon Sep 17 00:00:00 2001 From: "Richard W.M. Jones" Date: Mon, 4 Mar 2024 17:08:13 +0000 Subject: [PATCH 03/12] Rerun autoreconf unconditionally when building (cherry picked from commit e61eb7cedcc6e94bd493abfd52504fa37382be90) --- xz.spec | 2 ++ 1 file changed, 2 insertions(+) diff --git a/xz.spec b/xz.spec index a4e2082..f718ef1 100644 --- a/xz.spec +++ b/xz.spec @@ -34,6 +34,7 @@ BuildRequires: make BuildRequires: gcc BuildRequires: gnupg2 BuildRequires: perl-interpreter +BuildRequires: autoconf automake libtool gettext-devel %description @@ -90,6 +91,7 @@ commands that deal with the older LZMA format. %prep %{gpgverify} --keyring='%{SOURCE2}' --signature='%{SOURCE1}' --data='%{SOURCE0}' %autosetup -p1 +autoreconf -fi %build From c837ae96c716c6d63da2b4a016e9034ade2a01f7 Mon Sep 17 00:00:00 2001 From: "Richard W.M. Jones" Date: Mon, 4 Mar 2024 17:39:05 +0000 Subject: [PATCH 04/12] --disable-ifunc (workaround for 2267598) (cherry picked from commit 6db19f2231927b4d93e9c021d32cb7433708e26f) --- xz.spec | 10 ++++++++-- 1 file changed, 8 insertions(+), 2 deletions(-) diff --git a/xz.spec b/xz.spec index f718ef1..e0b8200 100644 --- a/xz.spec +++ b/xz.spec @@ -8,7 +8,7 @@ Name: xz # do this on a side tag, according to # https://docs.fedoraproject.org/en-US/package-maintainers/Package_Update_Guide/#multiple_packages Version: 5.6.0 -Release: 2%{?dist} +Release: 3%{?dist} # Scripts xz{grep,diff,less,more} and symlinks (copied from gzip) are # GPLv2+, binaries are Public Domain (linked against LGPL getopt_long but its @@ -103,7 +103,10 @@ export CFLAGS="%optflags" CFLAGS="$CFLAGS -Wa,--generate-missing-build-notes=yes" %endif -%configure +# --disable-ifunc is temporarily required to work around +# https://bugzilla.redhat.com/show_bug.cgi?id=2267598 +# Can be removed when we understand what is really causing that bug. +%configure --disable-ifunc sed -i 's|^hardcode_libdir_flag_spec=.*|hardcode_libdir_flag_spec=""|g' libtool sed -i 's|^runpath_var=LD_RUN_PATH|runpath_var=DIE_RPATH_DIE|g' libtool %make_build @@ -174,6 +177,9 @@ LD_LIBRARY_PATH=$PWD/src/liblzma/.libs make check %changelog +* Mon Mar 04 2024 Richard W.M. Jones - 5.6.0-3 +- --disable-ifunc (workaround for 2267598) + * Thu Feb 29 2024 Adam Williamson - 5.6.0-2 - Rebuild on a side tag to create a coherent update From 465acd265637d93cd56a8c15a2b7df823a2e99f9 Mon Sep 17 00:00:00 2001 From: "Richard W.M. Jones" Date: Sat, 9 Mar 2024 12:25:42 +0000 Subject: [PATCH 05/12] Revert "--disable-ifunc (workaround for 2267598)" This reverts commit 6db19f2231927b4d93e9c021d32cb7433708e26f. (cherry picked from commit 3d6d772a738dbd9a31bbdc5e55b8c9c6139740bc) --- xz.spec | 5 +---- 1 file changed, 1 insertion(+), 4 deletions(-) diff --git a/xz.spec b/xz.spec index e0b8200..304e518 100644 --- a/xz.spec +++ b/xz.spec @@ -103,10 +103,7 @@ export CFLAGS="%optflags" CFLAGS="$CFLAGS -Wa,--generate-missing-build-notes=yes" %endif -# --disable-ifunc is temporarily required to work around -# https://bugzilla.redhat.com/show_bug.cgi?id=2267598 -# Can be removed when we understand what is really causing that bug. -%configure --disable-ifunc +%configure sed -i 's|^hardcode_libdir_flag_spec=.*|hardcode_libdir_flag_spec=""|g' libtool sed -i 's|^runpath_var=LD_RUN_PATH|runpath_var=DIE_RPATH_DIE|g' libtool %make_build From f826bb8859dddfc67a54d4588b4930d0fae505fc Mon Sep 17 00:00:00 2001 From: "Richard W.M. Jones" Date: Thu, 28 Mar 2024 20:57:30 +0000 Subject: [PATCH 06/12] Revert to 5.4.6, bump epoch (cherry picked from commit b23eb66cb0536135bc0bb09db2298c6b41434a66) --- sources | 4 ++-- xz.spec | 8 ++++++-- 2 files changed, 8 insertions(+), 4 deletions(-) diff --git a/sources b/sources index 217faae..e857edd 100644 --- a/sources +++ b/sources @@ -1,2 +1,2 @@ -SHA512 (xz-5.6.0.tar.gz) = 1ef3cd3607818314e55b28c20263a9088d4b6e5362a45fbd37c17e799e26b4a7579928b99925ffe71e7804b0db2f65936f66a825bac9b23b7b0664f902925de8 -SHA512 (xz-5.6.0.tar.gz.sig) = 2800c3f440b6b17b61c418e12945f136535cc5a59069be2ee0de37e312e9ad16a29338152990eeb22ebe6cc3513679bdc40336cfa089a279d3b3476ac9d13ed0 +SHA512 (xz-5.4.6.tar.gz) = b08a61d8d478d3b4675cb1ddacdbbd98dc6941a55bcdd81a28679e54e9367d3a595fa123ac97874a17da571c1b712e2a3e901c2737099a9d268616a1ba3de497 +SHA512 (xz-5.4.6.tar.gz.sig) = d5e32b944e7492a32c40f675d918796e077f63490a23c6fce5c4d6d1eebc443f129d27a2e888913c5a36c3ffdac75b9c96c1749402283445e0ba9ff72b965741 diff --git a/xz.spec b/xz.spec index 304e518..605f097 100644 --- a/xz.spec +++ b/xz.spec @@ -7,8 +7,9 @@ Name: xz # perl-Compress-Raw-Lzma, it has a strict xz version dep # do this on a side tag, according to # https://docs.fedoraproject.org/en-US/package-maintainers/Package_Update_Guide/#multiple_packages -Version: 5.6.0 -Release: 3%{?dist} +Epoch: 1 +Version: 5.4.6 +Release: 1%{?dist} # Scripts xz{grep,diff,less,more} and symlinks (copied from gzip) are # GPLv2+, binaries are Public Domain (linked against LGPL getopt_long but its @@ -174,6 +175,9 @@ LD_LIBRARY_PATH=$PWD/src/liblzma/.libs make check %changelog +* Thu Mar 28 2024 Richard W.M. Jones - 1:5.4.6-1 +- Revert to 5.4.6, bump epoch + * Mon Mar 04 2024 Richard W.M. Jones - 5.6.0-3 - --disable-ifunc (workaround for 2267598) From 4723843aaf49366b6559d6dd5b4174206ee55fa5 Mon Sep 17 00:00:00 2001 From: "Richard W.M. Jones" Date: Thu, 28 Mar 2024 21:20:54 +0000 Subject: [PATCH 07/12] Release 2 (Koji bug with epochs) (cherry picked from commit 6837d4efbe41805efee9ea44c4a845e5e0c66d47) --- xz.spec | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/xz.spec b/xz.spec index 605f097..bd897c0 100644 --- a/xz.spec +++ b/xz.spec @@ -9,7 +9,7 @@ Name: xz # https://docs.fedoraproject.org/en-US/package-maintainers/Package_Update_Guide/#multiple_packages Epoch: 1 Version: 5.4.6 -Release: 1%{?dist} +Release: 2%{?dist} # Scripts xz{grep,diff,less,more} and symlinks (copied from gzip) are # GPLv2+, binaries are Public Domain (linked against LGPL getopt_long but its @@ -175,7 +175,7 @@ LD_LIBRARY_PATH=$PWD/src/liblzma/.libs make check %changelog -* Thu Mar 28 2024 Richard W.M. Jones - 1:5.4.6-1 +* Thu Mar 28 2024 Richard W.M. Jones - 1:5.4.6-2 - Revert to 5.4.6, bump epoch * Mon Mar 04 2024 Richard W.M. Jones - 5.6.0-3 From 2f4be0bc640b9d30ef241e5985970760b112f1ba Mon Sep 17 00:00:00 2001 From: "Richard W.M. Jones" Date: Thu, 28 Mar 2024 21:39:27 +0000 Subject: [PATCH 08/12] Use %{epoch} in runtime Requires (cherry picked from commit 91940317881fb3fd42e1cd9453e52a62b0a4deb1) --- xz.spec | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/xz.spec b/xz.spec index bd897c0..4d9b30f 100644 --- a/xz.spec +++ b/xz.spec @@ -9,7 +9,7 @@ Name: xz # https://docs.fedoraproject.org/en-US/package-maintainers/Package_Update_Guide/#multiple_packages Epoch: 1 Version: 5.4.6 -Release: 2%{?dist} +Release: 3%{?dist} # Scripts xz{grep,diff,less,more} and symlinks (copied from gzip) are # GPLv2+, binaries are Public Domain (linked against LGPL getopt_long but its @@ -24,7 +24,7 @@ Source100: colorxzgrep.sh Source101: colorxzgrep.csh URL: https://tukaani.org/%{name}/ -Requires: %{name}-libs%{?_isa} = %{version}-%{release} +Requires: %{name}-libs%{?_isa} = %{epoch}:%{version}-%{release} # For /usr/libexec/grepconf.sh (RHBZ#1189120). # Unfortunately F21 has a newer version of grep which doesn't @@ -70,7 +70,7 @@ XZ utils. Most users should *not* install this. %package devel Summary: Devel libraries & headers for liblzma License: Public Domain -Requires: %{name}-libs%{?_isa} = %{version}-%{release} +Requires: %{name}-libs%{?_isa} = %{epoch}:%{version}-%{release} %description devel Devel libraries and headers for liblzma. @@ -80,7 +80,7 @@ Devel libraries and headers for liblzma. Summary: Older LZMA format compatibility binaries # Just a set of symlinks to 'xz' + two Public Domain binaries. License: Public Domain -Requires: %{name}%{?_isa} = %{version}-%{release} +Requires: %{name}%{?_isa} = %{epoch}:%{version}-%{release} Obsoletes: lzma < %{version} Provides: lzma = %{version} @@ -175,7 +175,7 @@ LD_LIBRARY_PATH=$PWD/src/liblzma/.libs make check %changelog -* Thu Mar 28 2024 Richard W.M. Jones - 1:5.4.6-2 +* Thu Mar 28 2024 Richard W.M. Jones - 1:5.4.6-3 - Revert to 5.4.6, bump epoch * Mon Mar 04 2024 Richard W.M. Jones - 5.6.0-3 From 09ef8af0e60df0c921c51a18500b1291c4bdde09 Mon Sep 17 00:00:00 2001 From: "Richard W.M. Jones" Date: Thu, 3 Apr 2025 22:11:34 +0100 Subject: [PATCH 09/12] Rebuild with perl-Compress-Raw-Lzma --- xz.spec | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/xz.spec b/xz.spec index ea1edae..15862fc 100644 --- a/xz.spec +++ b/xz.spec @@ -5,7 +5,7 @@ Summary: LZMA compression utilities Name: xz Epoch: 1 Version: 5.8.1 -Release: 1%{?dist} +Release: 1.1%{?dist} # liblzma - 0BSD # xz{,dec}, lzma{dec,info} - 0BSD From 1e7c4721fe7c321eeac57576e421263f027d9a58 Mon Sep 17 00:00:00 2001 From: "Richard W.M. Jones" Date: Mon, 14 Apr 2025 10:56:26 +0100 Subject: [PATCH 10/12] Remove accidental ANSI escape sequence in comment Fixes: https://bugzilla.redhat.com/show_bug.cgi?id=2359454 (cherry picked from commit c19b7d7f71a18408ec77171f3ff89492fc3d5081) --- xz.spec | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/xz.spec b/xz.spec index 15862fc..4d76ad8 100644 --- a/xz.spec +++ b/xz.spec @@ -11,7 +11,7 @@ Release: 1.1%{?dist} # xz{,dec}, lzma{dec,info} - 0BSD # - getopt_long - LGPL-2.1-or-later - not built in Fedora # xz{grep,diff,less,more} - GPL-2.0-or-later -# docs - BSD0 AND LicenseRef-Fedora-Public-Domain +# docs - BSD0 AND LicenseRef-Fedora-Public-Domain # man pages and translations - 0BSD AND LicenseRef-Fedora-Public-Domain # See: https://gitlab.com/fedora/legal/fedora-license-data/-/issues/547 License: 0BSD AND GPL-2.0-or-later AND LicenseRef-Fedora-Public-Domain From a5de386e86396d214581e88c3d35e9a0848a124b Mon Sep 17 00:00:00 2001 From: Adam Williamson Date: Wed, 23 Apr 2025 23:32:23 -0700 Subject: [PATCH 11/12] drop gating.yaml the gate on rpmdeplint was added to guard against the strict version tie in perl-Compress-Raw-Lzma, but we were able to remove that recently, so it's no longer an issue. The gate causes a problem because rpmdeplint is only run on Rawhide, but the policy was written to apply the gate to all branches, so this prevents updates for non-Rawhide branches from going stable. For simplicity's sake, let's just get rid of it. --- gating.yaml | 7 ------- 1 file changed, 7 deletions(-) delete mode 100644 gating.yaml diff --git a/gating.yaml b/gating.yaml deleted file mode 100644 index 70ba11e..0000000 --- a/gating.yaml +++ /dev/null @@ -1,7 +0,0 @@ ---- !Policy -product_versions: - - fedora-* -decision_context: bodhi_update_push_stable -subject_type: koji_build -rules: - - !PassingTestCaseRule {test_case_name: fedora-ci.koji-build.rpmdeplint.functional} From 87625d97981131b8f77fa573f9d7653c20bd4c57 Mon Sep 17 00:00:00 2001 From: Adam Williamson Date: Thu, 24 Apr 2025 10:01:29 -0700 Subject: [PATCH 12/12] Rebuild without changes to fix gating problem --- xz.spec | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/xz.spec b/xz.spec index 4d76ad8..b967a50 100644 --- a/xz.spec +++ b/xz.spec @@ -5,7 +5,7 @@ Summary: LZMA compression utilities Name: xz Epoch: 1 Version: 5.8.1 -Release: 1.1%{?dist} +Release: 2%{?dist} # liblzma - 0BSD # xz{,dec}, lzma{dec,info} - 0BSD @@ -180,6 +180,9 @@ LD_LIBRARY_PATH=$PWD/src/liblzma/.libs make check %changelog +* Thu Apr 24 2025 Adam Williamson - 1:5.8.1-2 +- Rebuild without changes to fix gating problem + * Thu Apr 03 2025 Richard W.M. Jones - 1:5.8.1-1 - New upstream version 5.8.1 - Fixes CVE-2025-31115 heap-use-after-free bug in threaded .xz decoder