dgit.raspbian.org Git - libzstd.git/log

W. Felix Handte [Mon, 1 Mar 2021 17:23:52 +0000 (17:23 +0000)]

fix race condition allowing attackers to access destination file

Origin: upstream
Bug: https://github.com/facebook/zstd/issues/2491
Bug-Debian: https://github.com/facebook/zstd/issues/2491
Applied-Upstream: commit:a774c5797399040af62db21d8a9b9769e005430e
Reviewed-by: Étienne Mollier <etienne.mollier@mailoo.org>
Last-Update: 2021-02-18

This commit addresses https://github.com/facebook/zstd/issues/2491.

Note that a downside of this solution is that it is global: `umask()` affects
all file creation calls in the process. I believe this is safe since
`fileio.c` functions should only ever be used in the zstd binary, and these
are (almost) the only files ever created by zstd, and AIUI they're only
created in a single thread. So we can get away with messing with global state.

Note that this doesn't change the permissions of files created by `dibio.c`.
I'm not sure what those should be...
Last-Update: 2021-02-18
Gbp-Pq: Name 0018-fix-file-permissions-on-compression.patch

commit | commitdiff | tree

Helmut Grohne [Mon, 1 Mar 2021 17:23:52 +0000 (17:23 +0000)]

Fix ftbfs on alpha, see #962676

Gbp-Pq: Name 0017-alpha-fbfs-st_mtime.patch

commit | commitdiff | tree

Alex Mestiashvili [Mon, 1 Mar 2021 17:23:52 +0000 (17:23 +0000)]

Skip test failing on GNU/Hurd when writing on /dev/zero or

/dev/random. On different GNU/Hurd installations writing to either one or
another would fail. Currently writing to /dev/random results in the message
"Computer bought the farm" and exit status 1
See also: https://github.com/facebook/zstd/issues/1116

Gbp-Pq: Name 0015-Skip-dev-random-tests-on-hurd.patch

commit | commitdiff | tree

Chris Lamb [Mon, 1 Mar 2021 17:23:52 +0000 (17:23 +0000)]

Make the build reproducible

Last-Update: 2018-05-04
Applied-Upstream: https://github.com/facebook/zstd/commit/ef1abd3c071ce42a457404ee2bca6d5bebb87f62

Gbp-Pq: Name 0014-Reproducible-build.patch

commit | commitdiff | tree

Alex Mestiashvili [Mon, 1 Mar 2021 17:23:52 +0000 (17:23 +0000)]

Skip memory heavy tests causing FTBFS on mips(el) and hurd buildds

Gbp-Pq: Name 0013-skip-memory-greedy-tests.patch

commit | commitdiff | tree

Sascha Steinbiss [Mon, 1 Mar 2021 17:23:52 +0000 (17:23 +0000)]

Do not build zlibWrapper examples against embedded code copies.

Gbp-Pq: Name 0008-Address-embedded-zlib.patch

commit | commitdiff | tree

Kevin Murray [Mon, 14 Nov 2016 00:54:32 +0000 (11:54 +1100)]

Use bash for test script portablitity

Gbp-Pq: Name 0006-Use-bash-for-test-script-portablitity.patch

commit | commitdiff | tree

Stephen Kitt [Mon, 1 Mar 2021 17:23:52 +0000 (17:23 +0000)]

libzstd (1.4.8+dfsg-2.1) unstable; urgency=medium

  * Non-maintainer upload.
  * Drop the symbols file: the symbols in the library aren’t all intended
    for public consumption, but they can’t be hidden (yet) either, see
    https://github.com/facebook/zstd/pull/2501 for the discussion. We’ll
    rely on the shlibs file for now, with a relaxed version (1.4.0, as
    discussed with upstream). Closes: #969597.

[dgit import unpatched libzstd 1.4.8+dfsg-2.1]

commit | commitdiff | tree

Stephen Kitt [Mon, 1 Mar 2021 17:23:52 +0000 (17:23 +0000)]

Import libzstd_1.4.8+dfsg-2.1.debian.tar.xz

[dgit import tarball libzstd 1.4.8+dfsg-2.1 libzstd_1.4.8+dfsg-2.1.debian.tar.xz]

commit | commitdiff | tree

Alexandre Mestiashvili [Fri, 25 Dec 2020 18:28:35 +0000 (18:28 +0000)]

Import libzstd_1.4.8+dfsg.orig.tar.xz

[dgit import orig libzstd_1.4.8+dfsg.orig.tar.xz]

Unnamed repository; edit this file 'description' to name the repository.

RSS Atom