Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package lrzip for openSUSE:Factory checked in at 2026-06-22 17:35:13 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/lrzip (Old) and /work/SRC/openSUSE:Factory/.lrzip.new.1956 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "lrzip" Mon Jun 22 17:35:13 2026 rev:3 rq:1360870 version:0.660 Changes: -------- --- /work/SRC/openSUSE:Factory/lrzip/lrzip.changes 2023-05-02 16:24:10.507642325 +0200 +++ /work/SRC/openSUSE:Factory/.lrzip.new.1956/lrzip.changes 2026-06-22 17:35:21.782200662 +0200 @@ -1,0 +2,18 @@ +Sun Jun 21 16:57:22 UTC 2026 - Martin Pluskal <[email protected]> + +- Update to version 0.660: + * Do not clean up thread structures in decompression failure + conditions, fixing a use-after-free in lzma_decompress_buf() and a + NULL pointer dereference in ucompthread() on corrupt/malicious + archives (CVE-2025-15570, boo#1258016; CVE-2025-15571, boo#1258023) + * Handle -L given without a parameter, fixing a NULL pointer + dereference (CVE-2025-9396, boo#1248598) + * Add write bounds checking in libzpaq and sanity checks for + maliciously encoded headers and oversized allocations + * Various STDIO, portability and build fixes (OpenBSD support, + non-x86 zpaq, autoconf warnings); drop Doxygen doc build +- Switch Source to the upstream GitHub release tarball (0.660 is not + published on ck.kolivas.org) and run autoreconf at build time +- Drop fixasmstack.patch (merged upstream) + +------------------------------------------------------------------- Old: ---- fixasmstack.patch lrzip-0.651.tar.xz New: ---- lrzip-0.660.tar.gz ----------(Old B)---------- Old: published on ck.kolivas.org) and run autoreconf at build time - Drop fixasmstack.patch (merged upstream) ----------(Old E)---------- ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ lrzip.spec ++++++ --- /var/tmp/diff_new_pack.naiLCq/_old 2026-06-22 17:35:22.754234869 +0200 +++ /var/tmp/diff_new_pack.naiLCq/_new 2026-06-22 17:35:22.758235009 +0200 @@ -1,7 +1,7 @@ # # spec file for package lrzip # -# Copyright (c) 2023 SUSE LLC +# Copyright (c) 2026 SUSE LLC and contributors # Copyright (c) 2012 Pascal Bleser <[email protected]> # # All modifications and additions to the file contributed by third parties @@ -18,21 +18,21 @@ Name: lrzip -Version: 0.651 +Version: 0.660 Release: 0 Summary: Very High Ratio and Speed Compression Designed for Large Files License: GPL-2.0-only URL: http://ck.kolivas.org/apps/lrzip/ -Source: http://ck.kolivas.org/apps/lrzip/lrzip-%{version}.tar.xz -# PATCH-FIX-UPSTREAM https://github.com/ckolivas/lrzip/pull/243 -Patch0: fixasmstack.patch -BuildRequires: doxygen +Source: https://github.com/ckolivas/lrzip/archive/refs/tags/v%{version}.tar.gz#/lrzip-%{version}.tar.gz +BuildRequires: autoconf +BuildRequires: automake BuildRequires: gcc-c++ -BuildRequires: lzo-devel +BuildRequires: libtool BuildRequires: nasm BuildRequires: pkgconfig BuildRequires: pkgconfig(bzip2) BuildRequires: pkgconfig(liblz4) +BuildRequires: pkgconfig(lzo2) BuildRequires: pkgconfig(zlib) Conflicts: rzsz @@ -49,6 +49,7 @@ %autosetup -p1 %build +autoreconf -fiv %configure \ %ifnarch %{ix86} x86_64 --disable-asm \
