Package: release.debian.org
User: release.debian....@packages.debian.org
Usertags: unblock
Severity: normal
Please unblock package xz-utils.
I NMUed xz-utils to 5.2.5-1.0 fixing a few bugs including #844770 and
#975981. Both bugs were fixed by upstream differently / more complete.
I prepared an NMU 5.2.5-1.1, #983067 by replacing my patches with
upstream patches:
- #844770 "xzcmp: SIGPIPE is raised because CMP does exit while the XZ
commands are still writing to the pipe"
https://git.tukaani.org/?p=xz.git;a=commitdiff;h=194029ffaf74282a81f0c299c07f73caca3232ca
- #975981 "xz-utils: "unxz -k" should not refuse to decompress a file
because it has more than one hard link"
https://git.tukaani.org/?p=xz.git;a=commitdiff;h=074259f4f3966aeac6edb205fecbc1a8d2b58bb2
I would like to avoid having different changes to the package (and
possibly creating new bugs) and therefore keep what upstream applied
here. The patches were reviewed at least by the maintainer of the
upstream package.
During that review a similar SIGPIPE problem was found and fixed in
xzgrep:
Scripts: Fix exit status of xzgrep.
https://git.tukaani.org/?p=xz.git;a=commitdiff;h=73c555b3077c19dda29b6f4592ced2af876f8333
This bug was never reported and fixed within the Debian package. If it
is okay with the release then I would backport the patch and NMU it as
part of the 5.2.5-1.1 upload.
Otherwise I would stick with the replacement of the two patches as can
been seen in the attached debdiff.
The package was not yet uploaded, I plan to upload it to delayed/5 once
the release team agrees.
unblock xz-utils/5.2.5-1.1
Sebastian
diff -Nru xz-utils-5.2.5/debian/changelog xz-utils-5.2.5/debian/changelog
--- xz-utils-5.2.5/debian/changelog 2020-12-28 11:25:06.000000000 +0100
+++ xz-utils-5.2.5/debian/changelog 2021-02-18 23:12:30.000000000 +0100
@@ -1,3 +1,10 @@
+xz-utils (5.2.5-1.1) unstable; urgency=medium
+
+ * Non-maintainer upload.
+ * Update the patches for #844770 and #975981 to what upstream applied.
+
+ -- Sebastian Andrzej Siewior <sebast...@breakpoint.cc> Thu, 18 Feb 2021
23:12:30 +0100
+
xz-utils (5.2.5-1.0) unstable; urgency=medium
* Non-maintainer upload.
diff -Nru
xz-utils-5.2.5/debian/patches/0001-Scripts-Fix-exit-status-of-xzdiff-xzcmp.patch
xz-utils-5.2.5/debian/patches/0001-Scripts-Fix-exit-status-of-xzdiff-xzcmp.patch
---
xz-utils-5.2.5/debian/patches/0001-Scripts-Fix-exit-status-of-xzdiff-xzcmp.patch
1970-01-01 01:00:00.000000000 +0100
+++
xz-utils-5.2.5/debian/patches/0001-Scripts-Fix-exit-status-of-xzdiff-xzcmp.patch
2021-02-17 23:52:05.000000000 +0100
@@ -0,0 +1,118 @@
+From: Lasse Collin <lasse.col...@tukaani.org>
+Date: Mon, 11 Jan 2021 22:01:51 +0200
+Subject: Scripts: Fix exit status of xzdiff/xzcmp.
+MIME-Version: 1.0
+Content-Type: text/plain; charset="utf-8"
+Content-Transfer-Encoding: 8bit
+
+This is a minor fix since this affects only the situation when
+the files differ and the exit status is something else than 0.
+In such case there could be SIGPIPE from a decompression tool
+and that would result in exit status of 2 from xzdiff/xzcmp
+while the correct behavior would be to return 1 or whatever
+else diff or cmp may have returned.
+
+This commit omits the -q option from xz/gzip/bzip2/lzop arguments.
+I'm not sure why the -q was used in the first place, perhaps it
+hides warnings in some situation that I cannot see at the moment.
+Hopefully the removal won't introduce a new bug.
+
+With gzip the -q option was harmful because it made gzip return 2
+instead of >= 128 with SIGPIPE. Ignoring exit status 2 (warning
+from gzip) isn't practical because bzip2 uses exit status 2 to
+indicate corrupt input file. It's better if SIGPIPE results in
+exit status >= 128.
+
+With bzip2 the removal of -q seems to be good because with -q
+it prints nothing if input is corrupt. The other tools aren't
+silent in this situation even with -q. On the other hand, if
+zstd support is added, it will need -q since otherwise it's
+noisy in normal situations.
+
+Thanks to Étienne Mollier and Sebastian Andrzej Siewior.
+---
+ src/scripts/xzdiff.in | 35 +++++++++++++++++++++--------------
+ 1 file changed, 21 insertions(+), 14 deletions(-)
+
+diff --git a/src/scripts/xzdiff.in b/src/scripts/xzdiff.in
+index eb7825c..98ac0e5 100644
+--- a/src/scripts/xzdiff.in
++++ b/src/scripts/xzdiff.in
+@@ -116,23 +116,18 @@ elif test $# -eq 2; then
+ if test "$1$2" = --; then
+ xz_status=$(
+ exec 4>&1
+- ($xz1 -cdfq - 4>&-; echo $? >&4) 3>&- |
++ ($xz1 -cdf - 4>&-; echo $? >&4) 3>&- |
+ eval "$cmp" - - >&3
+ )
+ elif # Reject Solaris 8's buggy /bin/bash 2.03.
+ echo X | (echo X | eval "$cmp" /dev/fd/5 - >/dev/null 2>&1)
5<&0; then
++ # NOTE: xz_status will contain two numbers.
+ xz_status=$(
+ exec 4>&1
+- ($xz1 -cdfq -- "$1" 4>&-; echo $? >&4) 3>&- |
+- ( ($xz2 -cdfq -- "$2" 4>&-; echo $? >&4) 3>&- 5<&- </dev/null
|
++ ($xz1 -cdf -- "$1" 4>&-; echo $? >&4) 3>&- |
++ ( ($xz2 -cdf -- "$2" 4>&-; echo $? >&4) 3>&- 5<&- </dev/null |
+ eval "$cmp" /dev/fd/5 - >&3) 5<&0
+ )
+- cmp_status=$?
+- case $xz_status in
+- *[1-9]*) xz_status=1;;
+- *) xz_status=0;;
+- esac
+- (exit $cmp_status)
+ else
+ F=`expr "/$2" : '.*/\(.*\)[-.][ablmotxz2]*$'` || F=$prog
+ tmp=
+@@ -161,10 +156,10 @@ elif test $# -eq 2; then
+ mkdir -- "${TMPDIR-/tmp}/$prog.$$" || exit 2
+ tmp="${TMPDIR-/tmp}/$prog.$$"
+ fi
+- $xz2 -cdfq -- "$2" > "$tmp/$F" || exit 2
++ $xz2 -cdf -- "$2" > "$tmp/$F" || exit 2
+ xz_status=$(
+ exec 4>&1
+- ($xz1 -cdfq -- "$1" 4>&-; echo $? >&4) 3>&- |
++ ($xz1 -cdf -- "$1" 4>&-; echo $? >&4) 3>&- |
+ eval "$cmp" - '"$tmp/$F"' >&3
+ )
+ cmp_status=$?
+@@ -175,7 +170,7 @@ elif test $# -eq 2; then
+ *)
+ xz_status=$(
+ exec 4>&1
+- ($xz1 -cdfq -- "$1" 4>&-; echo $? >&4) 3>&- |
++ ($xz1 -cdf -- "$1" 4>&-; echo $? >&4) 3>&- |
+ eval "$cmp" - '"$2"' >&3
+ );;
+ esac;;
+@@ -184,7 +179,7 @@ elif test $# -eq 2; then
+ *[-.][zZ] | *_z | *[-.][gx]z | *[-.]bz2 | *[-.]lzma | *.t[abglx]z |
*.tbz2 | *[-.]lzo | *.tzo | -)
+ xz_status=$(
+ exec 4>&1
+- ($xz2 -cdfq -- "$2" 4>&-; echo $? >&4) 3>&- |
++ ($xz2 -cdf -- "$2" 4>&-; echo $? >&4) 3>&- |
+ eval "$cmp" '"$1"' - >&3
+ );;
+ *)
+@@ -197,5 +192,17 @@ else
+ fi
+
+ cmp_status=$?
+-test "$xz_status" -eq 0 || exit 2
++for num in $xz_status ; do
++ # 0 from decompressor means successful decompression. SIGPIPE from
++ # decompressor is possible when diff or cmp exits before the whole file
++ # has been decompressed. In that case we want to retain the exit status
++ # from diff or cmp. Note that using "trap '' PIPE" is not possible
++ # because gzip changes its behavior (including exit status) if SIGPIPE
++ # is ignored.
++ test "$num" -eq 0 && continue
++ test "$num" -ge 128 \
++ && test "$(kill -l "$num" 2> /dev/null)" = "PIPE" \
++ && continue
++ exit 2
++done
+ exit $cmp_status
diff -Nru xz-utils-5.2.5/debian/patches/0001-xzdiff-Trap-SIGPIPE.patch
xz-utils-5.2.5/debian/patches/0001-xzdiff-Trap-SIGPIPE.patch
--- xz-utils-5.2.5/debian/patches/0001-xzdiff-Trap-SIGPIPE.patch
2020-12-28 11:20:29.000000000 +0100
+++ xz-utils-5.2.5/debian/patches/0001-xzdiff-Trap-SIGPIPE.patch
1970-01-01 01:00:00.000000000 +0100
@@ -1,33 +0,0 @@
-From: Sebastian Andrzej Siewior <sebast...@breakpoint.cc>
-Date: Thu, 24 Dec 2020 20:56:15 +0100
-Subject: xzdiff: Trap SIGPIPE
-MIME-Version: 1.0
-Content-Type: text/plain; charset="utf-8"
-Content-Transfer-Encoding: 8bit
-
-The `cmp' command will return early if a difference is found while the
-shell script is still invoking the decompressor which writes into the
-closed FD. This results in SIGPIPE / exit code 141.
-By ignoring SIGPIPE the real return code from `cmp' is observed which is
-`1' and xzdiff exits with `1'. Without ignoring SIGPIPE the exitcode 141
-is observed and xzdiff returns with `2'.
-
-Reported to Debian BTS as #844770. Change suggested by Étienne Mollierö.
-
-BTS: https://bugs.debian.org/844770
-
-Signed-off-by: Sebastian Andrzej Siewior <sebast...@breakpoint.cc>
----
- src/scripts/xzdiff.in | 1 +
- 1 file changed, 1 insertion(+)
-
-diff --git a/src/scripts/xzdiff.in b/src/scripts/xzdiff.in
-index eb7825c..d343a88 100644
---- a/src/scripts/xzdiff.in
-+++ b/src/scripts/xzdiff.in
-@@ -1,4 +1,5 @@
- #!@POSIX_SHELL@
-+trap '' PIPE
-
- # Copyright (C) 1998, 2002, 2006, 2007 Free Software Foundation
- # Copyright (C) 1993 Jean-loup Gailly
diff -Nru
xz-utils-5.2.5/debian/patches/0008-xz-Ignore-hard-link-count-if-not-deleting.patch
xz-utils-5.2.5/debian/patches/0008-xz-Ignore-hard-link-count-if-not-deleting.patch
---
xz-utils-5.2.5/debian/patches/0008-xz-Ignore-hard-link-count-if-not-deleting.patch
2020-12-28 11:20:29.000000000 +0100
+++
xz-utils-5.2.5/debian/patches/0008-xz-Ignore-hard-link-count-if-not-deleting.patch
1970-01-01 01:00:00.000000000 +0100
@@ -1,42 +0,0 @@
-From: Sebastian Andrzej Siewior <sebast...@breakpoint.cc>
-Date: Sun, 27 Dec 2020 15:27:31 +0100
-Subject: xz: Ignore hard link count if not deleting.
-
-xz refuses to decompress a file which has more than one hard link. It
-can be reproduced by (as per Vincent):
-|$ echo foo > file1
-|$ xz file1
-|$ ln file1.xz file2.xz
-|$ xz -dk file1.xz
-|xz: file1.xz: Input file has more than one hard link, skipping
-
-This behaviour is consistent with `gzip' and `bzip2' but it is not
-documented. The `--force' option would ignore this restriction.
-
-I traced it back in `gzip' to the 90s but the change was not documented
-as why it was needed. It was moved, altered but not documented. At some
-point the error was restricted to <= 2 which might be related to disk
-quota.
-
-Ignore hard link count on input.
-
-Debian BTS: https://bugs.debian.org/975981
-Reported-by: Vincent Lefevre <vinc...@vinc17.net>
-Signed-off-by: Sebastian Andrzej Siewior <sebast...@breakpoint.cc>
----
- src/xz/file_io.c | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/src/xz/file_io.c b/src/xz/file_io.c
-index 0ba8db8..7703e08 100644
---- a/src/xz/file_io.c
-+++ b/src/xz/file_io.c
-@@ -698,7 +698,7 @@ io_open_src_real(file_pair *pair)
- goto error;
- }
-
-- if (pair->src_st.st_nlink > 1) {
-+ if (pair->src_st.st_nlink > 1 && !opt_keep_original) {
- message_warning(_("%s: Input file has more "
- "than one hard link, "
- "skipping"), pair->src_name);
diff -Nru
xz-utils-5.2.5/debian/patches/0008-xz-Make-keep-accept-symlinks-hardlinks-and-setuid-se.patch
xz-utils-5.2.5/debian/patches/0008-xz-Make-keep-accept-symlinks-hardlinks-and-setuid-se.patch
---
xz-utils-5.2.5/debian/patches/0008-xz-Make-keep-accept-symlinks-hardlinks-and-setuid-se.patch
1970-01-01 01:00:00.000000000 +0100
+++
xz-utils-5.2.5/debian/patches/0008-xz-Make-keep-accept-symlinks-hardlinks-and-setuid-se.patch
2021-02-17 23:52:05.000000000 +0100
@@ -0,0 +1,79 @@
+From: Lasse Collin <lasse.col...@tukaani.org>
+Date: Mon, 11 Jan 2021 23:41:16 +0200
+Subject: xz: Make --keep accept symlinks, hardlinks,
+ and setuid/setgid/sticky.
+
+Previously this required using --force but that has other
+effects too which might be undesirable. Changing the behavior
+of --keep has a small risk of breaking existing scripts but
+since this is a fairly special corner case I expect the
+likehood of breakage to be low enough.
+
+I think the new behavior is more logical. The only reason for
+the old behavior was to be consistent with gzip and bzip2.
+
+Thanks to Vincent Lefevre and Sebastian Andrzej Siewior.
+---
+ src/xz/file_io.c | 9 +++++----
+ src/xz/xz.1 | 14 ++++++++++++++
+ 2 files changed, 19 insertions(+), 4 deletions(-)
+
+diff --git a/src/xz/file_io.c b/src/xz/file_io.c
+index 0ba8db8..51554f4 100644
+--- a/src/xz/file_io.c
++++ b/src/xz/file_io.c
+@@ -536,8 +536,9 @@ io_open_src_real(file_pair *pair)
+ }
+
+ // Symlinks are not followed unless writing to stdout or --force
+- // was used.
+- const bool follow_symlinks = opt_stdout || opt_force;
++ // or --keep was used.
++ const bool follow_symlinks
++ = opt_stdout || opt_force || opt_keep_original;
+
+ // We accept only regular files if we are writing the output
+ // to disk too. bzip2 allows overriding this with --force but
+@@ -674,7 +675,7 @@ io_open_src_real(file_pair *pair)
+ }
+
+ #ifndef TUKLIB_DOSLIKE
+- if (reg_files_only && !opt_force) {
++ if (reg_files_only && !opt_force && !opt_keep_original) {
+ if (pair->src_st.st_mode & (S_ISUID | S_ISGID)) {
+ // gzip rejects setuid and setgid files even
+ // when --force was used. bzip2 doesn't check
+@@ -683,7 +684,7 @@ io_open_src_real(file_pair *pair)
+ // and setgid bits there.
+ //
+ // We accept setuid and setgid files if
+- // --force was used. We drop these bits
++ // --force or --keep was used. We drop these bits
+ // explicitly in io_copy_attr().
+ message_warning(_("%s: File has setuid or "
+ "setgid bit set, skipping"),
+diff --git a/src/xz/xz.1 b/src/xz/xz.1
+index 4c14425..497940a 100644
+--- a/src/xz/xz.1
++++ b/src/xz/xz.1
+@@ -392,6 +392,20 @@ should be used.
+ .TP
+ .BR \-k ", " \-\-keep
+ Don't delete the input files.
++.IP ""
++Since
++.B xz
++5.4.0,
++this option also makes
++.B xz
++compress or decompress even if the input is
++a symbolic link to a regular file,
++has more than one hard link,
++or has the setuid, setgid, or sticky bit set.
++The setuid, setgid, and sticky bits are not copied
++to the target file.
++In earlier versions this was only done with
++.BR \-\-force .
+ .TP
+ .BR \-f ", " \-\-force
+ This option has several effects:
diff -Nru xz-utils-5.2.5/debian/patches/series
xz-utils-5.2.5/debian/patches/series
--- xz-utils-5.2.5/debian/patches/series 2020-12-28 11:20:29.000000000
+0100
+++ xz-utils-5.2.5/debian/patches/series 2021-02-17 23:52:05.000000000
+0100
@@ -1,8 +1,8 @@
-0001-xzdiff-Trap-SIGPIPE.patch
+0001-Scripts-Fix-exit-status-of-xzdiff-xzcmp.patch
0002-Scripts-Add-zstd-support-to-xzgrep.patch
0003-src-xz-xz.1-Correct-misused-two-fonts-macros.patch
0004-xz-Avoid-the-abbreviation-e.g.-on-the-man-page.patch
0005-xz-Protect-the-ellipsis-.-on-the-man-page-with.patch
0006-xz-Use-non-breaking-spaces-when-intentionally-using-.patch
0007-xz-Avoid-unneeded-f-escapes-on-the-man-page.patch
-0008-xz-Ignore-hard-link-count-if-not-deleting.patch
+0008-xz-Make-keep-accept-symlinks-hardlinks-and-setuid-se.patch
