Bug#678624: pu: package xz-utils/5.0.0-3
Package: release.debian.org
User: release.debian.org@packages.debian.org
Usertags: pu
Tags: squeeze
Hi,
A few bugs have accumulated in xz-utils since squeeze was released.
First, a packaging bug:
- All compression functions are missing from the static library.
(bug#673001)
Upstream bugfixes (taken from the upstream 5.0 branch):
- The decompression example in liblzma-dev/doc/examples/ does not
check that the last call to lzma_code() returns LZMA_STREAM_END
and therefore mistakes a proper prefix of a valid XZ file for a
valid XZ file.
Hopefully others are not copying this bug.
- API misuse (invalid integrity check type parameter) can produce
invalid XZ files.
- The single-call APIs "lzma_easy_buffer_encode" and
"lzma_stream_buffer_encode" produce a compressed file when asked to
compress a zero-length file that XZ Utils 5.0.1 and older cannot
read.
(Most callers use the multiple-call stateful API and are not
affected, but for example python-lzma's lzma.compress uses the
single-call API.)
- liblzma, xz, and xzdec are unable to decompress the result of
compressing a zero-length file with the single-call APIs from
liblzma 5.0.2 and older.
- If you are unlucky (buffer sizes lining up just right) during
compression or decompression with BCJ filters, lzma_code() can
return LZMA_BUF_ERROR even though it was possible to make progress.
As a result, when BCJ filters are involved, the xz tool could produce
"Compressed data is corrupt" or "Unexpected end of input" at
inappropriate times.
- lzma_stream_encoder() leaks about 100 bytes per call when the same
stream object is used more than once.
- lzma_index_init() segfaults for some malloc failures.
- xz reads past the end of an on-stack array when using "-v -v
--list" with certain malformed compressed files. The value read is
a pointer which is then free()ed.
- Due to a small shell scripting typo, xzegrep and xzfgrep act like
xzgrep.
- "xzdiff foo.xz bar.xz" clobbers the diff exit status and almost
always returns status 0 whether the files differ or not. By
contrast, "xzdiff foo.xz bar" and some other related commands work
fine. (bug#635501)
- "xzgrep -q needle haystack.xz" returns 2 ("an error occured")
instead of 0 when the needle is found early enough for the
decompression process to be killed by SIGPIPE. Likewise for
"xzgrep needle haystack.xz" when the uncompressed file is binary
so grep exits early with "Binary file %s matches".
- The Czech translation refers to sparse files as backup files.
(bug#605762)
- The Italian translation refers to an unknown file format as a
"tipo di formato del file sconosciutoN".
The bugs mentioned above are already fixed in 5.0.4 and in sid.
I hope to fix them in squeeze, too.
Diffstat excluding debian/patches:
debian/changelog | 50 +++++++++++++
debian/rules | 4 +-
debian/source/include-binaries | 2 +
debian/symbols | 8 +--
doc/examples/xz_pipe_decomp.c | 10 ++-
po/cs.po | 6 +-
po/it.po | 9 +--
src/liblzma/common/block_buffer_encoder.c | 18 +++--
src/liblzma/common/block_encoder.c | 5 ++
src/liblzma/common/index.c | 7 +-
src/liblzma/common/stream_buffer_encoder.c | 23 ++++--
src/liblzma/common/stream_encoder.c | 2 +-
src/liblzma/lzma/lzma2_decoder.c | 8 +--
src/liblzma/simple/simple_coder.c | 2 +-
src/scripts/xzdiff.in | 2 +
src/scripts/xzgrep.in | 7 +-
src/xz/list.c | 21 ++----
tests/Makefile.am | 8 ++-
tests/files/README | 8 +++
tests/files/bad-1-block_header-6.xz | Bin 0 -> 72 bytes
tests/files/good-1-lzma2-5.xz | Bin 0 -> 52 bytes
tests/test_bcj_exact_size.c | 112 +++++++++++++++++++++++++++++
22 files changed, 258 insertions(+), 54 deletions(-)
Diffstat of debian/patches:
debian/patches/bcj-flush-to-empty-buffer | 190 +++++++++++++++++++++++++++++
debian/patches/cs-sparse-file | 43 +++++++
debian/patches/decode-empty-blocks | 41 +++++++
debian/patches/decode-empty-blocks-test | 28 +++++
debian/patches/encoder-api-checks | 91 ++++++++++++++
debian/patches/encoder-skip-empty-blocks | 61 +++++++++
debian/patches/index_init-NULL-dereference | 32 +++++
debian/patches/it-stray-N | 48 ++++++++
debian/patches/series | 14 +++
debian/patches/stream_encoder-init-leak | 34 ++++++
debian/patches/xz-lvv-invalid-free | 60 +++++++++
debian/patches/xz-lvv-invalid-free-test | 30 +++++
debian/patches/xzdiff-save-diff-status | 123 +++++++++++++++++++
debian/patches/xzgrep-argv0-parsing | 36 ++++++
debian/patches/xzgrep-ignore-SIGPIPE | 36 ++++++
15 files changed, 867 insertions(+)
Debdiff attached. What do you think?
Thanks,
Jonathan
diff -Nru xz-utils-5.0.0/debian/changelog xz-utils-5.0.0/debian/changelog
--- xz-utils-5.0.0/debian/changelog 2010-11-11 13:45:21.000000000 -0600
+++ xz-utils-5.0.0/debian/changelog 2012-06-23 04:47:22.000000000 -0500
@@ -1,3 +1,53 @@
+xz-utils (5.0.0-3) stable; urgency=low
+
+ * Fixes from upstream:
+ * liblzma:
+ - lzma_easy_buffer_encode() and lzma_stream_buffer_encode()
+ avoid writing Blocks with empty compressed data that xz and
+ liblzma versions before 5.0.2 cannot read.
+ - The LZMA2 decoder skips Blocks with empty compressed data
+ instead of rejecting them.
+ - Validates encoder arguments better. It is harder to segfault
+ or create a corrupt XZ file instead of receiving an error
+ when calling these functions:
+ - lzma_stream_buffer_encode() and lzma_block_buffer_encode()
+ reject unsupported integrity checks;
+ - lzma_block_encoder() checks for block == NULL.
+ - bcj: Fix possibility of incorrect LZMA_BUF_ERROR (reported in
+ XZ Embedded as Fedora bug 735408).
+ - Plugs a memory leak in lzma_stream_encoder().
+ - lzma_index_init() returns NULL instead of segfaulting on
+ allocation failure.
+ * docs/examples/xz_pipe_decompress.c checks that the last
+ lzma_code() call returned LZMA_STREAM_END to avoid mistaking a
+ file without a proper footer for a valid XZ file.
+ * "xz -v -v --list" does not free() filter options unless the
+ filter options array has been initialized. This prevents
+ reading and free()ing pointers from past the end of an on-stack
+ array when one of the listed files has an unmeaningful Block
+ header size.
+ * xzegrep and xzfgrep perform extended regex and fixed-string
+ matches, respectively. (The previous behavior was to always
+ use basic regexes.)
+ * The exit status from “xzdiff foo.xz bar.xz” reflects whether
+ files differ. Thanks to Peter Pallinger. Closes: #635501.
+ * xzgrep does not fail just because the decompressor has died
+ with SIGPIPE due to some unconsumed output. This makes the
+ exit status from commands such as "xzgrep -q" more predictable.
+ * The Czech “xz --help” output uses a more correct term for files
+ with holes. Thanks to Petr Hubený. Closes: #605762.
+ * The Italian diagnostic for an invalid --format argument lost an
+ extra 'N'.
+ * debian/rules: "chmod +x tests/test_scripts.sh" for new xzdiff
+ tests.
+ * debian/symbols: Bump the minimal versions for LZMA2 encoder
+ functions that reject more bad arguments and skip empty blocks.
+ * liblzma-dev: Install an appropriate library for static linking
+ instead of the decompression-only version used to build xzdec.
+ Thanks to Anton Tolchanov. Closes: #673001.
+
+ -- Jonathan Nieder <jrnieder@gmail.com> Sat, 23 Jun 2012 04:47:21 -0500
+
xz-utils (5.0.0-2) unstable; urgency=low
* Upload to unstable.
diff -Nru xz-utils-5.0.0/debian/examples/xz_pipe_decomp.c xz-utils-5.0.0/debian/examples/xz_pipe_decomp.c
--- xz-utils-5.0.0/debian/examples/xz_pipe_decomp.c 2010-11-11 13:48:59.000000000 -0600
+++ xz-utils-5.0.0/debian/examples/xz_pipe_decomp.c 2012-06-23 03:24:34.000000000 -0500
@@ -1,7 +1,7 @@
/*
* xz_pipe_decomp.c
* A simple example of pipe-only xz decompressor implementation.
- * version: 2010-07-12 - by Daniel Mealha Cabrita
+ * version: 2012-06-14 - by Daniel Mealha Cabrita
* Not copyrighted -- provided to the public domain.
*
* Compiling:
@@ -101,6 +101,14 @@
} while (strm.avail_out == 0);
}
+ /* Bug fix (2012-06-14): If no errors were detected, check
+ that the last lzma_code() call returned LZMA_STREAM_END.
+ If not, the file is probably truncated. */
+ if ((ret == RET_OK) && (ret_xz != LZMA_STREAM_END)) {
+ fprintf (stderr, "Input truncated or corrupt\n");
+ ret = RET_ERROR_DECOMPRESSION;
+ }
+
lzma_end (&strm);
return ret;
}
diff -Nru xz-utils-5.0.0/debian/patches/bcj-flush-to-empty-buffer xz-utils-5.0.0/debian/patches/bcj-flush-to-empty-buffer
--- xz-utils-5.0.0/debian/patches/bcj-flush-to-empty-buffer 1969-12-31 18:00:00.000000000 -0600
+++ xz-utils-5.0.0/debian/patches/bcj-flush-to-empty-buffer 2012-06-23 02:48:47.000000000 -0500
@@ -0,0 +1,190 @@
+From: Lasse Collin <lasse.collin@tukaani.org>
+Date: Mon, 28 May 2012 20:42:11 +0300
+Subject: liblzma: Fix possibility of incorrect LZMA_BUF_ERROR.
+
+lzma_code() could incorrectly return LZMA_BUF_ERROR if
+all of the following was true:
+
+ - The caller knows how many bytes of output to expect
+ and only provides that much output space.
+
+ - When the last output bytes are decoded, the
+ caller-provided input buffer ends right before
+ the LZMA2 end of payload marker. So LZMA2 won't
+ provide more output anymore, but it won't know it
+ yet and thus won't return LZMA_STREAM_END yet.
+
+ - A BCJ filter is in use and it hasn't left any
+ unfiltered bytes in the temp buffer. This can happen
+ with any BCJ filter, but in practice it's more likely
+ with filters other than the x86 BCJ.
+
+Another situation where the bug can be triggered happens
+if the uncompressed size is zero bytes and no output space
+is provided. In this case the decompression can fail even
+if the whole input file is given to lzma_code().
+
+A similar bug was fixed in XZ Embedded on 2011-09-19.
+---
+ src/liblzma/simple/simple_coder.c | 2 +-
+ tests/Makefile.am | 4 +-
+ tests/test_bcj_exact_size.c | 112 ++++++++++++++++++++++++++++++++++++++
+ 3 files changed, 116 insertions(+), 2 deletions(-)
+ create mode 100644 tests/test_bcj_exact_size.c
+
+diff --git a/src/liblzma/simple/simple_coder.c b/src/liblzma/simple/simple_coder.c
+index 06db86ec..47183fe1 100644
+--- a/src/liblzma/simple/simple_coder.c
++++ b/src/liblzma/simple/simple_coder.c
+@@ -110,7 +110,7 @@ simple_code(lzma_coder *coder, lzma_allocator *allocator,
+ // filtered if the buffer sizes used by the application are reasonable.
+ const size_t out_avail = out_size - *out_pos;
+ const size_t buf_avail = coder->size - coder->pos;
+- if (out_avail > buf_avail) {
++ if (out_avail > buf_avail || buf_avail == 0) {
+ // Store the old position so that we know from which byte
+ // to start filtering.
+ const size_t out_start = *out_pos;
+diff --git a/tests/Makefile.am b/tests/Makefile.am
+index 0469264a..6d3e4481 100644
+--- a/tests/Makefile.am
++++ b/tests/Makefile.am
+@@ -34,7 +34,8 @@ check_PROGRAMS = \
+ test_stream_flags \
+ test_filter_flags \
+ test_block_header \
+- test_index
++ test_index \
++ test_bcj_exact_size
+
+ TESTS = \
+ test_check \
+@@ -42,6 +43,7 @@ TESTS = \
+ test_filter_flags \
+ test_block_header \
+ test_index \
++ test_bcj_exact_size \
+ test_files.sh \
+ test_compress.sh \
+ test_scripts.sh
+diff --git a/tests/test_bcj_exact_size.c b/tests/test_bcj_exact_size.c
+new file mode 100644
+index 00000000..cbd93405
+--- /dev/null
++++ b/tests/test_bcj_exact_size.c
+@@ -0,0 +1,112 @@
++///////////////////////////////////////////////////////////////////////////////
++//
++/// \file test_bcj_exact_size.c
++/// \brief Tests BCJ decoding when the output size is known
++///
++/// These tests fail with XZ Utils 5.0.3 and earlier.
++//
++// Author: Lasse Collin
++//
++// This file has been put into the public domain.
++// You can do whatever you want with this file.
++//
++///////////////////////////////////////////////////////////////////////////////
++
++#include "tests.h"
++
++
++/// Something to be compressed
++static const uint8_t in[16] = "0123456789ABCDEF";
++
++/// in[] after compression
++static uint8_t compressed[1024];
++static size_t compressed_size = 0;
++
++/// Output buffer for decompressing compressed[]
++static uint8_t out[sizeof(in)];
++
++
++static void
++compress(void)
++{
++ // Compress with PowerPC BCJ and LZMA2. PowerPC BCJ is used because
++ // it has fixed 4-byte alignment which makes triggering the potential
++ // bug easy.
++ lzma_options_lzma opt_lzma2;
++ succeed(lzma_lzma_preset(&opt_lzma2, 0));
++
++ lzma_filter filters[3] = {
++ { .id = LZMA_FILTER_POWERPC, .options = NULL },
++ { .id = LZMA_FILTER_LZMA2, .options = &opt_lzma2 },
++ { .id = LZMA_VLI_UNKNOWN, .options = NULL },
++ };
++
++ expect(lzma_stream_buffer_encode(filters, LZMA_CHECK_CRC32, NULL,
++ in, sizeof(in),
++ compressed, &compressed_size, sizeof(compressed))
++ == LZMA_OK);
++}
++
++
++static void
++decompress(void)
++{
++ lzma_stream strm = LZMA_STREAM_INIT;
++ expect(lzma_stream_decoder(&strm, 10 << 20, 0) == LZMA_OK);
++
++ strm.next_in = compressed;
++ strm.next_out = out;
++
++ while (true) {
++ if (strm.total_in < compressed_size)
++ strm.avail_in = 1;
++
++ const lzma_ret ret = lzma_code(&strm, LZMA_RUN);
++ if (ret == LZMA_STREAM_END) {
++ expect(strm.total_in == compressed_size);
++ expect(strm.total_out == sizeof(in));
++ return;
++ }
++
++ expect(ret == LZMA_OK);
++
++ if (strm.total_out < sizeof(in))
++ strm.avail_out = 1;
++ }
++}
++
++
++static void
++decompress_empty(void)
++{
++ // An empty file with one Block using PowerPC BCJ and LZMA2.
++ static const uint8_t empty_bcj_lzma2[] = {
++ 0xFD, 0x37, 0x7A, 0x58, 0x5A, 0x00, 0x00, 0x01,
++ 0x69, 0x22, 0xDE, 0x36, 0x02, 0x01, 0x05, 0x00,
++ 0x21, 0x01, 0x00, 0x00, 0x7F, 0xE0, 0xF1, 0xC8,
++ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
++ 0x00, 0x01, 0x11, 0x00, 0x3B, 0x96, 0x5F, 0x73,
++ 0x90, 0x42, 0x99, 0x0D, 0x01, 0x00, 0x00, 0x00,
++ 0x00, 0x01, 0x59, 0x5A
++ };
++
++ // Decompress without giving any output space.
++ uint64_t memlimit = 1 << 20;
++ size_t in_pos = 0;
++ size_t out_pos = 0;
++ expect(lzma_stream_buffer_decode(&memlimit, 0, NULL,
++ empty_bcj_lzma2, &in_pos, sizeof(empty_bcj_lzma2),
++ out, &out_pos, 0) == LZMA_OK);
++ expect(in_pos == sizeof(empty_bcj_lzma2));
++ expect(out_pos == 0);
++}
++
++
++extern int
++main(void)
++{
++ compress();
++ decompress();
++ decompress_empty();
++ return 0;
++}
+--
+1.7.11.rc3
+
diff -Nru xz-utils-5.0.0/debian/patches/cs-sparse-file xz-utils-5.0.0/debian/patches/cs-sparse-file
--- xz-utils-5.0.0/debian/patches/cs-sparse-file 1969-12-31 18:00:00.000000000 -0600
+++ xz-utils-5.0.0/debian/patches/cs-sparse-file 2012-06-23 02:47:31.000000000 -0500
@@ -0,0 +1,43 @@
+From: Lasse Collin <lasse.collin@tukaani.org>
+Date: Tue, 7 Dec 2010 18:52:04 +0200
+Subject: Translations: Fix Czech translation of "sparse file".
+
+Thanks to Petr Hubený and Marek Černocký.
+---
+ po/cs.po | 6 +++---
+ 1 file changed, 3 insertions(+), 3 deletions(-)
+
+diff --git a/po/cs.po b/po/cs.po
+index 5bebf6e4..3ef3fcc9 100644
+--- a/po/cs.po
++++ b/po/cs.po
+@@ -7,7 +7,7 @@ msgstr ""
+ "Project-Id-Version: xz-utils\n"
+ "Report-Msgid-Bugs-To: lasse.collin@tukaani.org\n"
+ "POT-Creation-Date: 2010-10-23 17:48+0300\n"
+-"PO-Revision-Date: 2010-09-17 18:54+0200\n"
++"PO-Revision-Date: 2010-12-03 11:32+0100\n"
+ "Last-Translator: Marek Černocký <marek@manet.cz>\n"
+ "Language-Team: Czech <diskuze@lists.l10n.cz>\n"
+ "Language: cs\n"
+@@ -153,7 +153,7 @@ msgstr "%s: Selhalo zavření souboru: %s"
+ #: src/xz/file_io.c:762 src/xz/file_io.c:946
+ #, c-format
+ msgid "%s: Seeking failed when trying to create a sparse file: %s"
+-msgstr "%s: Selhalo nastavení pozice při pokusu o vytvoření záložního souboru: %s"
++msgstr "%s: Selhalo nastavení pozice při pokusu o vytvoření souboru řídké matice: %s"
+
+ #: src/xz/file_io.c:821
+ #, c-format
+@@ -517,7 +517,7 @@ msgid ""
+ " filenames must be terminated with the newline character\n"
+ " --files0[=FILE] like --files but use the null character as terminator"
+ msgstr ""
+-" --no-sparse nevytvářet při dekomprimaci záložní soubory\n"
++" --no-sparse nevytvářet při dekomprimaci soubory řídkých matic\n"
+ " -S, --suffix=.PRIP použít u komprimovaných souborů příponu „.PRIP“\n"
+ " --files[=SOUBOR] číst názvy souborů, které se mají zpracovat, ze SOUBORu;\n"
+ " pokud není SOUBOR zadán, čte se ze standardního vstupu;\n"
+--
+1.7.10.2
+
diff -Nru xz-utils-5.0.0/debian/patches/decode-empty-blocks xz-utils-5.0.0/debian/patches/decode-empty-blocks
--- xz-utils-5.0.0/debian/patches/decode-empty-blocks 1969-12-31 18:00:00.000000000 -0600
+++ xz-utils-5.0.0/debian/patches/decode-empty-blocks 2012-06-23 02:47:31.000000000 -0500
@@ -0,0 +1,41 @@
+From: Lasse Collin <lasse.collin@tukaani.org>
+Date: Thu, 31 Mar 2011 11:54:48 +0300
+Subject: liblzma: Fix decoding of LZMA2 streams having no uncompressed data.
+
+The decoder considered empty LZMA2 streams to be corrupt.
+This shouldn't matter much with .xz files, because no encoder
+creates empty LZMA2 streams in .xz. This bug is more likely
+to cause problems in applications that use raw LZMA2 streams.
+---
+ src/liblzma/lzma/lzma2_decoder.c | 8 ++++----
+ 1 file changed, 4 insertions(+), 4 deletions(-)
+
+diff --git a/src/liblzma/lzma/lzma2_decoder.c b/src/liblzma/lzma/lzma2_decoder.c
+index f38879ce..3e42575d 100644
+--- a/src/liblzma/lzma/lzma2_decoder.c
++++ b/src/liblzma/lzma/lzma2_decoder.c
+@@ -67,6 +67,10 @@ lzma2_decode(lzma_coder *restrict coder, lzma_dict *restrict dict,
+ const uint32_t control = in[*in_pos];
+ ++*in_pos;
+
++ // End marker
++ if (control == 0x00)
++ return LZMA_STREAM_END;
++
+ if (control >= 0xE0 || control == 1) {
+ // Dictionary reset implies that next LZMA chunk has
+ // to set new properties.
+@@ -104,10 +108,6 @@ lzma2_decode(lzma_coder *restrict coder, lzma_dict *restrict dict,
+ &coder->options);
+ }
+ } else {
+- // End marker
+- if (control == 0x00)
+- return LZMA_STREAM_END;
+-
+ // Invalid control values
+ if (control > 2)
+ return LZMA_DATA_ERROR;
+--
+1.7.11.rc3
+
diff -Nru xz-utils-5.0.0/debian/patches/decode-empty-blocks-test xz-utils-5.0.0/debian/patches/decode-empty-blocks-test
--- xz-utils-5.0.0/debian/patches/decode-empty-blocks-test 1969-12-31 18:00:00.000000000 -0600
+++ xz-utils-5.0.0/debian/patches/decode-empty-blocks-test 2012-06-23 02:47:31.000000000 -0500
@@ -0,0 +1,28 @@
+From: Lasse Collin <lasse.collin@tukaani.org>
+Date: Thu, 31 Mar 2011 12:22:55 +0300
+Subject: Tests: Add a new file to test empty LZMA2 streams.
+
+---
+ tests/files/README | 4 ++++
+ tests/files/good-1-lzma2-5.xz | Bin 0 -> 52 bytes
+ 2 files changed, 4 insertions(+)
+ create mode 100644 tests/files/good-1-lzma2-5.xz
+
+diff --git a/tests/files/README b/tests/files/README
+index 108ce8fb..53950edb 100644
+--- a/tests/files/README
++++ b/tests/files/README
+@@ -87,6 +87,10 @@
+ uncompressed with dictionary reset, and third is LZMA with new
+ properties but without dictionary reset.
+
++ good-1-lzma2-5.xz has an empty LZMA2 stream with only the end of
++ payload marker. XZ Utils 5.0.1 and older incorrectly see this file
++ as corrupt.
++
+ good-1-3delta-lzma2.xz has three Delta filters and LZMA2.
+
+
+--
+1.7.11.rc3
+
diff -Nru xz-utils-5.0.0/debian/patches/encoder-api-checks xz-utils-5.0.0/debian/patches/encoder-api-checks
--- xz-utils-5.0.0/debian/patches/encoder-api-checks 1969-12-31 18:00:00.000000000 -0600
+++ xz-utils-5.0.0/debian/patches/encoder-api-checks 2012-06-23 02:47:31.000000000 -0500
@@ -0,0 +1,91 @@
+From: Lasse Collin <lasse.collin@tukaani.org>
+Date: Mon, 11 Apr 2011 13:21:28 +0300
+Subject: liblzma: Validate encoder arguments better.
+
+The biggest problem was that the integrity check type
+wasn't validated, and e.g. lzma_easy_buffer_encode()
+would create a corrupt .xz Stream if given an unsupported
+Check ID. Luckily applications don't usually try to use
+an unsupport Check ID, so this bug is unlikely to cause
+many real-world problems.
+---
+ src/liblzma/common/block_buffer_encoder.c | 18 ++++++++++++------
+ src/liblzma/common/block_encoder.c | 5 +++++
+ src/liblzma/common/stream_buffer_encoder.c | 3 +++
+ 3 files changed, 20 insertions(+), 6 deletions(-)
+
+diff --git a/src/liblzma/common/block_buffer_encoder.c b/src/liblzma/common/block_buffer_encoder.c
+index a8f71c21..519c6a68 100644
+--- a/src/liblzma/common/block_buffer_encoder.c
++++ b/src/liblzma/common/block_buffer_encoder.c
+@@ -226,16 +226,23 @@ lzma_block_buffer_encode(lzma_block *block, lzma_allocator *allocator,
+ const uint8_t *in, size_t in_size,
+ uint8_t *out, size_t *out_pos, size_t out_size)
+ {
+- // Sanity checks
+- if (block == NULL || block->filters == NULL
+- || (in == NULL && in_size != 0) || out == NULL
++ // Validate the arguments.
++ if (block == NULL || (in == NULL && in_size != 0) || out == NULL
+ || out_pos == NULL || *out_pos > out_size)
+ return LZMA_PROG_ERROR;
+
+- // Check the version field.
++ // The contents of the structure may depend on the version so
++ // check the version before validating the contents of *block.
+ if (block->version != 0)
+ return LZMA_OPTIONS_ERROR;
+
++ if ((unsigned int)(block->check) > LZMA_CHECK_ID_MAX
++ || block->filters == NULL)
++ return LZMA_PROG_ERROR;
++
++ if (!lzma_check_is_supported(block->check))
++ return LZMA_UNSUPPORTED_CHECK;
++
+ // Size of a Block has to be a multiple of four, so limit the size
+ // here already. This way we don't need to check it again when adding
+ // Block Padding.
+@@ -243,8 +250,7 @@ lzma_block_buffer_encode(lzma_block *block, lzma_allocator *allocator,
+
+ // Get the size of the Check field.
+ const size_t check_size = lzma_check_size(block->check);
+- if (check_size == UINT32_MAX)
+- return LZMA_PROG_ERROR;
++ assert(check_size != UINT32_MAX);
+
+ // Reserve space for the Check field.
+ if (out_size - *out_pos <= check_size)
+diff --git a/src/liblzma/common/block_encoder.c b/src/liblzma/common/block_encoder.c
+index ca515235..b34c5013 100644
+--- a/src/liblzma/common/block_encoder.c
++++ b/src/liblzma/common/block_encoder.c
+@@ -161,6 +161,11 @@ lzma_block_encoder_init(lzma_next_coder *next, lzma_allocator *allocator,
+ {
+ lzma_next_coder_init(&lzma_block_encoder_init, next, allocator);
+
++ if (block == NULL)
++ return LZMA_PROG_ERROR;
++
++ // The contents of the structure may depend on the version so
++ // check the version first.
+ if (block->version != 0)
+ return LZMA_OPTIONS_ERROR;
+
+diff --git a/src/liblzma/common/stream_buffer_encoder.c b/src/liblzma/common/stream_buffer_encoder.c
+index 0542c30a..2450ee2e 100644
+--- a/src/liblzma/common/stream_buffer_encoder.c
++++ b/src/liblzma/common/stream_buffer_encoder.c
+@@ -51,6 +51,9 @@ lzma_stream_buffer_encode(lzma_filter *filters, lzma_check check,
+ || out_pos_ptr == NULL || *out_pos_ptr > out_size)
+ return LZMA_PROG_ERROR;
+
++ if (!lzma_check_is_supported(check))
++ return LZMA_UNSUPPORTED_CHECK;
++
+ // Note for the paranoids: Index encoder prevents the Stream from
+ // getting too big and still being accepted with LZMA_OK, and Block
+ // encoder catches if the input is too big. So we don't need to
+--
+1.7.11.rc3
+
diff -Nru xz-utils-5.0.0/debian/patches/encoder-skip-empty-blocks xz-utils-5.0.0/debian/patches/encoder-skip-empty-blocks
--- xz-utils-5.0.0/debian/patches/encoder-skip-empty-blocks 1969-12-31 18:00:00.000000000 -0600
+++ xz-utils-5.0.0/debian/patches/encoder-skip-empty-blocks 2012-06-23 02:47:31.000000000 -0500
@@ -0,0 +1,61 @@
+From: Lasse Collin <lasse.collin@tukaani.org>
+Date: Mon, 11 Apr 2011 13:59:50 +0300
+Subject: liblzma: Don't create an empty Block in lzma_stream_buffer_encode().
+
+Empty Block was created if the input buffer was empty.
+Empty Block wastes a few bytes of space, but more importantly
+it triggers a bug in XZ Utils 5.0.1 and older when trying
+to decompress such a file. 5.0.1 and older consider such
+files to be corrupt. I thought that no encoder creates empty
+Blocks when releasing 5.0.2 but I was wrong.
+---
+ src/liblzma/common/stream_buffer_encoder.c | 20 +++++++++++++-------
+ 1 file changed, 13 insertions(+), 7 deletions(-)
+
+diff --git a/src/liblzma/common/stream_buffer_encoder.c b/src/liblzma/common/stream_buffer_encoder.c
+index f727d854..0542c30a 100644
+--- a/src/liblzma/common/stream_buffer_encoder.c
++++ b/src/liblzma/common/stream_buffer_encoder.c
+@@ -81,26 +81,32 @@ lzma_stream_buffer_encode(lzma_filter *filters, lzma_check check,
+
+ out_pos += LZMA_STREAM_HEADER_SIZE;
+
+- // Block
++ // Encode a Block but only if there is at least one byte of input.
+ lzma_block block = {
+ .version = 0,
+ .check = check,
+ .filters = filters,
+ };
+
+- return_if_error(lzma_block_buffer_encode(&block, allocator,
+- in, in_size, out, &out_pos, out_size));
++ if (in_size > 0)
++ return_if_error(lzma_block_buffer_encode(&block, allocator,
++ in, in_size, out, &out_pos, out_size));
+
+ // Index
+ {
+- // Create an Index with one Record.
++ // Create an Index. It will have one Record if there was
++ // at least one byte of input to encode. Otherwise the
++ // Index will be empty.
+ lzma_index *i = lzma_index_init(allocator);
+ if (i == NULL)
+ return LZMA_MEM_ERROR;
+
+- lzma_ret ret = lzma_index_append(i, allocator,
+- lzma_block_unpadded_size(&block),
+- block.uncompressed_size);
++ lzma_ret ret = LZMA_OK;
++
++ if (in_size > 0)
++ ret = lzma_index_append(i, allocator,
++ lzma_block_unpadded_size(&block),
++ block.uncompressed_size);
+
+ // If adding the Record was successful, encode the Index
+ // and get its size which will be stored into Stream Footer.
+--
+1.7.10.2
+
diff -Nru xz-utils-5.0.0/debian/patches/index_init-NULL-dereference xz-utils-5.0.0/debian/patches/index_init-NULL-dereference
--- xz-utils-5.0.0/debian/patches/index_init-NULL-dereference 1969-12-31 18:00:00.000000000 -0600
+++ xz-utils-5.0.0/debian/patches/index_init-NULL-dereference 2012-06-23 02:47:31.000000000 -0500
@@ -0,0 +1,32 @@
+From: Lasse Collin <lasse.collin@tukaani.org>
+Date: Fri, 27 May 2011 22:09:49 +0300
+Subject: liblzma: Handle allocation failures correctly in lzma_index_init().
+
+Thanks to Jim Meyering.
+---
+ src/liblzma/common/index.c | 7 +++++--
+ 1 file changed, 5 insertions(+), 2 deletions(-)
+
+diff --git a/src/liblzma/common/index.c b/src/liblzma/common/index.c
+index ddb9d364..9af4bc19 100644
+--- a/src/liblzma/common/index.c
++++ b/src/liblzma/common/index.c
+@@ -398,10 +398,13 @@ extern LZMA_API(lzma_index *)
+ lzma_index_init(lzma_allocator *allocator)
+ {
+ lzma_index *i = index_init_plain(allocator);
++ if (i == NULL)
++ return NULL;
++
+ index_stream *s = index_stream_init(0, 0, 1, 0, allocator);
+- if (i == NULL || s == NULL) {
+- index_stream_end(s, allocator);
++ if (s == NULL) {
+ lzma_free(i, allocator);
++ return NULL;
+ }
+
+ index_tree_append(&i->streams, &s->node);
+--
+1.7.10.2
+
diff -Nru xz-utils-5.0.0/debian/patches/it-stray-N xz-utils-5.0.0/debian/patches/it-stray-N
--- xz-utils-5.0.0/debian/patches/it-stray-N 1969-12-31 18:00:00.000000000 -0600
+++ xz-utils-5.0.0/debian/patches/it-stray-N 2012-06-23 02:47:31.000000000 -0500
@@ -0,0 +1,48 @@
+From: Lasse Collin <lasse.collin@tukaani.org>
+Date: Sat, 28 May 2011 09:47:56 +0300
+Subject: Translations: Update Italian translation.
+
+Thanks to Milo Casagrande.
+---
+ po/it.po | 9 +++++----
+ 1 file changed, 5 insertions(+), 4 deletions(-)
+
+diff --git a/po/it.po b/po/it.po
+index 4f9ef0dd..4bffbe3c 100644
+--- a/po/it.po
++++ b/po/it.po
+@@ -2,13 +2,14 @@
+ # This file is in the public domain
+ # Gruppo traduzione italiano di Ubuntu-it <gruppo-traduzione@ubuntu-it.org>, 2009, 2010
+ # Lorenzo De Liso <blackz@ubuntu.com>, 2010.
+-# Milo Casagrande <milo@ubuntu.com>, 2009, 2010.
++# Milo Casagrande <milo@ubuntu.com>, 2009, 2010, 2011.
++#
+ msgid ""
+ msgstr ""
+ "Project-Id-Version: xz-utils\n"
+ "Report-Msgid-Bugs-To: lasse.collin@tukaani.org\n"
+ "POT-Creation-Date: 2010-10-23 17:48+0300\n"
+-"PO-Revision-Date: 2010-09-16 21:32+0200\n"
++"PO-Revision-Date: 2011-05-27 11:43+0200\n"
+ "Last-Translator: Milo Casagrande <milo@ubuntu.com>\n"
+ "Language-Team: Italian <tp@lists.linux.it>\n"
+ "Language: it\n"
+@@ -17,12 +18,12 @@ msgstr ""
+ "Content-Transfer-Encoding: 8bit\n"
+ "X-Launchpad-Export-Date: 2010-08-16 19:16+0000\n"
+ "X-Generator: Launchpad (build Unknown)\n"
+-"Plural-Forms: nplurals=2; plural=(n != 1);\n"
++"Plural-Forms: nplurals=2; plural=(n != 1)\n"
+
+ #: src/xz/args.c:333
+ #, c-format
+ msgid "%s: Unknown file format type"
+-msgstr "%s: tipo di formato del file sconosciutoN"
++msgstr "%s: tipo di formato del file sconosciuto"
+
+ #: src/xz/args.c:356 src/xz/args.c:364
+ #, c-format
+--
+1.7.10.2
+
diff -Nru xz-utils-5.0.0/debian/patches/series xz-utils-5.0.0/debian/patches/series
--- xz-utils-5.0.0/debian/patches/series 2010-11-11 13:40:29.000000000 -0600
+++ xz-utils-5.0.0/debian/patches/series 2012-06-23 03:08:44.000000000 -0500
@@ -1,3 +1,17 @@
abi-reserved-fields
abi-chunk-size-func
abi-debian-soname
+cs-sparse-file
+encoder-api-checks
+decode-empty-blocks
+decode-empty-blocks-test
+stream_encoder-init-leak
+encoder-skip-empty-blocks
+xzgrep-argv0-parsing
+index_init-NULL-dereference
+xz-lvv-invalid-free
+xz-lvv-invalid-free-test
+it-stray-N
+xzdiff-save-diff-status
+xzgrep-ignore-SIGPIPE
+bcj-flush-to-empty-buffer
diff -Nru xz-utils-5.0.0/debian/patches/stream_encoder-init-leak xz-utils-5.0.0/debian/patches/stream_encoder-init-leak
--- xz-utils-5.0.0/debian/patches/stream_encoder-init-leak 1969-12-31 18:00:00.000000000 -0600
+++ xz-utils-5.0.0/debian/patches/stream_encoder-init-leak 2012-06-23 02:47:31.000000000 -0500
@@ -0,0 +1,34 @@
+From: Lasse Collin <lasse.collin@tukaani.org>
+Date: Sat, 2 Apr 2011 14:49:56 +0300
+Subject: liblzma: Fix a memory leak in stream_encoder.c.
+
+It leaks old filter options structures (hundred bytes or so)
+every time the lzma_stream is reinitialized. With the xz tool,
+this happens when compressing multiple files.
+---
+ src/liblzma/common/stream_encoder.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/src/liblzma/common/stream_encoder.c b/src/liblzma/common/stream_encoder.c
+index 48d91da7..97a7a23a 100644
+--- a/src/liblzma/common/stream_encoder.c
++++ b/src/liblzma/common/stream_encoder.c
+@@ -280,6 +280,7 @@ lzma_stream_encoder_init(lzma_next_coder *next, lzma_allocator *allocator,
+ next->end = &stream_encoder_end;
+ next->update = &stream_encoder_update;
+
++ next->coder->filters[0].id = LZMA_VLI_UNKNOWN;
+ next->coder->block_encoder = LZMA_NEXT_CODER_INIT;
+ next->coder->index_encoder = LZMA_NEXT_CODER_INIT;
+ next->coder->index = NULL;
+@@ -289,7 +290,6 @@ lzma_stream_encoder_init(lzma_next_coder *next, lzma_allocator *allocator,
+ next->coder->sequence = SEQ_STREAM_HEADER;
+ next->coder->block_options.version = 0;
+ next->coder->block_options.check = check;
+- next->coder->filters[0].id = LZMA_VLI_UNKNOWN;
+
+ // Initialize the Index
+ lzma_index_end(next->coder->index, allocator);
+--
+1.7.10.2
+
diff -Nru xz-utils-5.0.0/debian/patches/xzdiff-save-diff-status xz-utils-5.0.0/debian/patches/xzdiff-save-diff-status
--- xz-utils-5.0.0/debian/patches/xzdiff-save-diff-status 1969-12-31 18:00:00.000000000 -0600
+++ xz-utils-5.0.0/debian/patches/xzdiff-save-diff-status 2012-06-23 02:47:31.000000000 -0500
@@ -0,0 +1,123 @@
+From: Lasse Collin <lasse.collin@tukaani.org>
+Date: Sun, 31 Jul 2011 11:01:47 +0300
+Subject: Fix exit status of "xzdiff foo.xz bar.xz".
+
+xzdiff was clobbering the exit status from diff in a case
+statement used to analyze the exit statuses from "xz" when
+its operands were two compressed files. Save and restore
+diff's exit status to fix this.
+
+The bug is inherited from zdiff in GNU gzip and was fixed
+there on 2009-10-09.
+
+Thanks to Jonathan Nieder for the patch and
+to Peter Pallinger for reporting the bug.
+---
+ src/scripts/xzdiff.in | 2 ++
+ tests/Makefile.am | 4 +++-
+ tests/test_scripts.sh | 54 +++++++++++++++++++++++++++++++++++++++++++++++++
+ 3 files changed, 59 insertions(+), 1 deletion(-)
+ create mode 100755 tests/test_scripts.sh
+
+diff --git a/src/scripts/xzdiff.in b/src/scripts/xzdiff.in
+index 2d6e5da4..03428d1a 100644
+--- a/src/scripts/xzdiff.in
++++ b/src/scripts/xzdiff.in
+@@ -120,10 +120,12 @@ elif test $# -eq 2; then
+ ( ($xz2 -cdfq -- "$2" 4>&-; echo $? >&4) 3>&- 5<&- </dev/null |
+ eval "$cmp" /dev/fd/5 - >&3) 5<&0
+ )
++ cmp_status=$?
+ case $xz_status in
+ *[1-9]*) xz_status=1;;
+ *) xz_status=0;;
+ esac
++ (exit $cmp_status)
+ else
+ F=`expr "/$2" : '.*/\(.*\)[-.][ablmtxz2]*$'` || F=$prog
+ tmp=
+diff --git a/tests/Makefile.am b/tests/Makefile.am
+index d0807ae4..0469264a 100644
+--- a/tests/Makefile.am
++++ b/tests/Makefile.am
+@@ -10,6 +10,7 @@ EXTRA_DIST = \
+ tests.h \
+ test_files.sh \
+ test_compress.sh \
++ test_scripts.sh \
+ bcj_test.c \
+ compress_prepared_bcj_sparc \
+ compress_prepared_bcj_x86
+@@ -42,7 +43,8 @@ TESTS = \
+ test_block_header \
+ test_index \
+ test_files.sh \
+- test_compress.sh
++ test_compress.sh \
++ test_scripts.sh
+
+ clean-local:
+ -rm -f compress_generated_*
+diff --git a/tests/test_scripts.sh b/tests/test_scripts.sh
+new file mode 100755
+index 00000000..891fc76a
+--- /dev/null
++++ b/tests/test_scripts.sh
+@@ -0,0 +1,54 @@
++#!/bin/sh
++
++###############################################################################
++#
++# Author: Jonathan Nieder
++#
++# This file has been put into the public domain.
++# You can do whatever you want with this file.
++#
++###############################################################################
++
++# If scripts weren't built, this test is skipped.
++XZ=../src/xz/xz
++XZDIFF=../src/scripts/xzdiff
++test -x "$XZ" || XZ=
++test -r "$XZDIFF" || XZDIFF=
++if test -z "$XZ" || test -z "$XZDIFF"; then
++ (exit 77)
++ exit 77
++fi
++
++PATH=`pwd`/../src/xz:$PATH
++export PATH
++
++preimage=$srcdir/files/good-1-check-crc32.xz
++samepostimage=$srcdir/files/good-1-check-crc64.xz
++otherpostimage=$srcdir/files/good-1-lzma2-1.xz
++
++sh "$XZDIFF" "$preimage" "$samepostimage" >/dev/null
++status=$?
++if test "$status" != 0 ; then
++ echo "xzdiff with no changes exited with status $status != 0"
++ (exit 1)
++ exit 1
++fi
++
++sh "$XZDIFF" "$preimage" "$otherpostimage" >/dev/null
++status=$?
++if test "$status" != 1 ; then
++ echo "xzdiff with changes exited with status $status != 1"
++ (exit 1)
++ exit 1
++fi
++
++sh "$XZDIFF" "$preimage" "$srcdir/files/missing.xz" >/dev/null 2>&1
++status=$?
++if test "$status" != 2 ; then
++ echo "xzdiff with missing operand exited with status $status != 2"
++ (exit 1)
++ exit 1
++fi
++
++(exit 0)
++exit 0
+--
+1.7.10.2
+
diff -Nru xz-utils-5.0.0/debian/patches/xzgrep-argv0-parsing xz-utils-5.0.0/debian/patches/xzgrep-argv0-parsing
--- xz-utils-5.0.0/debian/patches/xzgrep-argv0-parsing 1969-12-31 18:00:00.000000000 -0600
+++ xz-utils-5.0.0/debian/patches/xzgrep-argv0-parsing 2012-06-23 02:47:31.000000000 -0500
@@ -0,0 +1,36 @@
+From: Martin Väth <vaeth@mathematik.uni-wuerzburg.de>
+Date: Fri, 15 Apr 2011 04:54:49 -0400
+Subject: xzgrep: fix typo in $0 parsing
+
+Reported-by: Diego Elio Pettenò <flameeyes@gentoo.org>
+Signed-off-by: Martin Väth <vaeth@mathematik.uni-wuerzburg.de>
+Signed-off-by: Mike Frysinger <vapier@gentoo.org>
+---
+ src/scripts/xzgrep.in | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/src/scripts/xzgrep.in b/src/scripts/xzgrep.in
+index cbc6b238..dd945137 100644
+--- a/src/scripts/xzgrep.in
++++ b/src/scripts/xzgrep.in
+@@ -27,7 +27,7 @@
+ xz='@xz@ --format=auto'
+ unset GZIP BZIP BZIP2
+
+-case ${0##/*} in
++case ${0##*/} in
+ *egrep*) prog=xzegrep; grep=${GREP:-egrep};;
+ *fgrep*) prog=xzfgrep; grep=${GREP:-fgrep};;
+ *) prog=xzgrep; grep=${GREP:-grep};;
+@@ -35,7 +35,7 @@ esac
+
+ version="$prog (@PACKAGE_NAME@) @VERSION@"
+
+-usage="Usage: ${0##/*} [OPTION]... [-e] PATTERN [FILE]...
++usage="Usage: ${0##*/} [OPTION]... [-e] PATTERN [FILE]...
+ Look for instances of PATTERN in the input FILEs, using their
+ uncompressed contents if they are compressed.
+
+--
+1.7.11.rc3
+
diff -Nru xz-utils-5.0.0/debian/patches/xzgrep-ignore-SIGPIPE xz-utils-5.0.0/debian/patches/xzgrep-ignore-SIGPIPE
--- xz-utils-5.0.0/debian/patches/xzgrep-ignore-SIGPIPE 1969-12-31 18:00:00.000000000 -0600
+++ xz-utils-5.0.0/debian/patches/xzgrep-ignore-SIGPIPE 2012-06-23 02:47:31.000000000 -0500
@@ -0,0 +1,36 @@
+From: Lasse Collin <lasse.collin@tukaani.org>
+Date: Wed, 22 Feb 2012 14:02:34 +0200
+Subject: Fix exit status of xzgrep when grepping binary files.
+
+When grepping binary files, grep may exit before it has
+read all the input. In this case, gzip -q returns 2 (eating
+SIGPIPE), but xz and bzip2 show SIGPIPE as the exit status
+(e.g. 141). This causes wrong exit status when grepping
+xz- or bzip2-compressed binary files.
+
+The fix checks for the special exit status that indicates SIGPIPE.
+It uses kill -l which should be supported everywhere since it
+is in both SUSv2 (1997) and POSIX.1-2008.
+
+Thanks to James Buren for the bug report.
+---
+ src/scripts/xzgrep.in | 3 ++-
+ 1 file changed, 2 insertions(+), 1 deletion(-)
+
+diff --git a/src/scripts/xzgrep.in b/src/scripts/xzgrep.in
+index bfa9fb53..cbc6b238 100644
+--- a/src/scripts/xzgrep.in
++++ b/src/scripts/xzgrep.in
+@@ -190,7 +190,8 @@ for i; do
+ fi >&3 5>&-
+ )
+ r=$?
+- test "$xz_status" -eq 0 || test "$xz_status" -eq 2 || r=2
++ test "$xz_status" -eq 0 || test "$xz_status" -eq 2 \
++ || test "$(kill -l "$xz_status" 2> /dev/null)" = "PIPE" || r=2
+ test $res -lt $r && res=$r
+ done
+ exit $res
+--
+1.7.10.2
+
diff -Nru xz-utils-5.0.0/debian/patches/xz-lvv-invalid-free xz-utils-5.0.0/debian/patches/xz-lvv-invalid-free
--- xz-utils-5.0.0/debian/patches/xz-lvv-invalid-free 1969-12-31 18:00:00.000000000 -0600
+++ xz-utils-5.0.0/debian/patches/xz-lvv-invalid-free 2012-06-23 02:47:31.000000000 -0500
@@ -0,0 +1,60 @@
+From: Lasse Collin <lasse.collin@tukaani.org>
+Date: Fri, 27 May 2011 22:25:44 +0300
+Subject: xz: Fix error handling in xz -lvv.
+
+It could do an invalid free() and read past the end
+of the uninitialized filters array.
+---
+ src/xz/list.c | 21 ++++++---------------
+ 1 file changed, 6 insertions(+), 15 deletions(-)
+
+diff --git a/src/xz/list.c b/src/xz/list.c
+index 1c93718b..98307eb2 100644
+--- a/src/xz/list.c
++++ b/src/xz/list.c
+@@ -382,14 +382,9 @@ parse_block_header(file_pair *pair, const lzma_index_iter *iter,
+ if (buf.u8[0] == 0)
+ goto data_error;
+
+- lzma_block block;
+- lzma_filter filters[LZMA_FILTERS_MAX + 1];
+-
+- // Initialize the pointers so that they can be passed to free().
+- for (size_t i = 0; i < ARRAY_SIZE(filters); ++i)
+- filters[i].options = NULL;
+-
+ // Initialize the block structure and decode Block Header Size.
++ lzma_filter filters[LZMA_FILTERS_MAX + 1];
++ lzma_block block;
+ block.version = 0;
+ block.check = iter->stream.flags->check;
+ block.filters = filters;
+@@ -437,6 +432,10 @@ parse_block_header(file_pair *pair, const lzma_index_iter *iter,
+ break;
+
+ case LZMA_DATA_ERROR:
++ // Free the memory allocated by lzma_block_header_decode().
++ for (size_t i = 0; filters[i].id != LZMA_VLI_UNKNOWN; ++i)
++ free(filters[i].options);
++
+ goto data_error;
+
+ default:
+@@ -466,14 +465,6 @@ data_error:
+ // Show the error message.
+ message_error("%s: %s", pair->src_name,
+ message_strm(LZMA_DATA_ERROR));
+-
+- // Free the memory allocated by lzma_block_header_decode().
+- // This is truly needed only if we get here after a succcessful
+- // call to lzma_block_header_decode() but it doesn't hurt to
+- // always do it.
+- for (size_t i = 0; filters[i].id != LZMA_VLI_UNKNOWN; ++i)
+- free(filters[i].options);
+-
+ return true;
+ }
+
+--
+1.7.10.2
+
diff -Nru xz-utils-5.0.0/debian/patches/xz-lvv-invalid-free-test xz-utils-5.0.0/debian/patches/xz-lvv-invalid-free-test
--- xz-utils-5.0.0/debian/patches/xz-lvv-invalid-free-test 1969-12-31 18:00:00.000000000 -0600
+++ xz-utils-5.0.0/debian/patches/xz-lvv-invalid-free-test 2012-06-23 02:47:31.000000000 -0500
@@ -0,0 +1,30 @@
+From: Lasse Collin <lasse.collin@tukaani.org>
+Date: Sat, 28 May 2011 08:46:04 +0300
+Subject: Tests: Add a test file for the bug in the previous commit.
+
+[jrnieder@gmail.com: leaving out bad-1-block_header-6.xz because
+ source format 3.0 (quilt) does not permit binary patches]
+---
+ tests/files/README | 4 ++++
+ tests/files/bad-1-block_header-6.xz | Bin 0 -> 72 bytes
+ 2 files changed, 4 insertions(+)
+ create mode 100644 tests/files/bad-1-block_header-6.xz
+
+diff --git a/tests/files/README b/tests/files/README
+index 392ff768..108ce8fb 100644
+--- a/tests/files/README
++++ b/tests/files/README
+@@ -184,6 +184,10 @@
+
+ bad-1-block_header-5.xz has zero as Compressed Size in Block Header.
+
++ bad-1-block_header-6.xz has corrupt Block Header which may crash
++ xz -lvv in XZ Utils 5.0.3 and earlier. It was fixed in the commit
++ c0297445064951807803457dca1611b3c47e7f0f.
++
+ bad-2-index-1.xz has wrong Unpadded Sizes in Index.
+
+ bad-2-index-2.xz has wrong Uncompressed Sizes in Index.
+--
+1.7.10.2
+
diff -Nru xz-utils-5.0.0/debian/rules xz-utils-5.0.0/debian/rules
--- xz-utils-5.0.0/debian/rules 2010-11-11 13:40:29.000000000 -0600
+++ xz-utils-5.0.0/debian/rules 2012-06-23 02:47:31.000000000 -0500
@@ -6,6 +6,7 @@
override_dh_auto_clean:
dh_auto_clean --builddirectory debian/xzdec-build
dh_auto_clean --builddirectory debian/normal-build
+ chmod -x tests/test_scripts.sh
sh debian/clean.sh
override_dh_auto_configure:
@@ -31,6 +32,7 @@
fi
override_dh_auto_test:
+ chmod +x tests/test_scripts.sh
$(MAKE) -C debian/normal-build check
$(MAKE) -C debian/xzdec-build/tests create_compress_files
$(MAKE) -C debian/xzdec-build/tests \
@@ -38,8 +40,8 @@
check-TESTS
override_dh_auto_install:
- dh_auto_install --builddirectory debian/normal-build
dh_auto_install --builddirectory debian/xzdec-build
+ dh_auto_install --builddirectory debian/normal-build
override_dh_installchangelogs:
dh_installchangelogs debian/changelog.upstream
diff -Nru xz-utils-5.0.0/debian/source/include-binaries xz-utils-5.0.0/debian/source/include-binaries
--- xz-utils-5.0.0/debian/source/include-binaries 1969-12-31 18:00:00.000000000 -0600
+++ xz-utils-5.0.0/debian/source/include-binaries 2012-06-23 02:47:31.000000000 -0500
@@ -0,0 +1,2 @@
+tests/files/bad-1-block_header-6.xz
+tests/files/good-1-lzma2-5.xz
diff -Nru xz-utils-5.0.0/debian/symbols xz-utils-5.0.0/debian/symbols
--- xz-utils-5.0.0/debian/symbols 2010-11-11 13:40:29.000000000 -0600
+++ xz-utils-5.0.0/debian/symbols 2012-06-23 03:19:24.000000000 -0500
@@ -5,10 +5,10 @@
lzma_auto_decoder@Base 4.999.9beta
lzma_block_buffer_bound@Base 4.999.9beta
lzma_block_buffer_decode@Base 4.999.9beta
- lzma_block_buffer_encode@Base 4.999.9beta
+ lzma_block_buffer_encode@Base 5.0.0-3~
lzma_block_compressed_size@Base 4.999.9beta+20100602
lzma_block_decoder@Base 4.999.9beta
- lzma_block_encoder@Base 4.999.9beta
+ lzma_block_encoder@Base 5.0.0-3~
lzma_block_header_decode@Base 4.999.9beta
lzma_block_header_encode@Base 4.999.9beta
lzma_block_header_size@Base 4.999.9beta
@@ -20,7 +20,7 @@
lzma_code@Base 4.999.9beta
lzma_crc32@Base 4.999.9beta
lzma_crc64@Base 4.999.9beta
- lzma_easy_buffer_encode@Base 4.999.9beta
+ lzma_easy_buffer_encode@Base 5.0.0-3~
lzma_easy_decoder_memusage@Base 4.999.9beta
lzma_easy_encoder@Base 4.999.9beta
lzma_easy_encoder_memusage@Base 4.999.9beta
@@ -81,7 +81,7 @@
lzma_raw_encoder_memusage@Base 4.999.9beta
lzma_stream_buffer_bound@Base 4.999.9beta
lzma_stream_buffer_decode@Base 4.999.9beta
- lzma_stream_buffer_encode@Base 4.999.9beta
+ lzma_stream_buffer_encode@Base 5.0.0-3~
lzma_stream_decoder@Base 4.999.9beta
lzma_stream_encoder@Base 4.999.9beta
lzma_stream_flags_compare@Base 4.999.9beta
Binary files /tmp/Yf3FQY2s8l/xz-utils-5.0.0/tests/files/bad-1-block_header-6.xz and /tmp/fRR4HVSjjH/xz-utils-5.0.0/tests/files/bad-1-block_header-6.xz differ
Binary files /tmp/Yf3FQY2s8l/xz-utils-5.0.0/tests/files/good-1-lzma2-5.xz and /tmp/fRR4HVSjjH/xz-utils-5.0.0/tests/files/good-1-lzma2-5.xz differ
Reply to: