An update that solves one vulnerability and has two fixes
is now available.
Description:
This update for zstd fixes the following issues:
-
Update to version 1.4.2:
- bug: Fix bug in zstd-0.5 decoder by @terrelln (#1696)
- bug: Fix seekable decompression in-memory API by @iburinoc (#1695)
- bug: Close minor memory leak in CLI by @LeeYoung624 (#1701)
- misc: Validate blocks are smaller than size limit by @vivekmig (#1685)
- misc: Restructure source files by @ephiepark (#1679)
-
Update to version 1.4.1:
- bug: Fix data corruption in niche use cases by @terrelln (#1659)
- bug: Fuzz legacy modes, fix uncovered bugs by @terrelln (#1593, #1594,
#1595)
- bug: Fix out of bounds read by @terrelln (#1590)
- perf: Improve decode speed by ~7% @mgrice (#1668)
- perf: Slightly improved compression ratio of level 3 and 4
(ZSTD_dfast) by @cyan4973 (#1681)
- perf: Slightly faster compression speed when re-using a context by
@cyan4973 (#1658)
- perf: Improve compression ratio for small windowLog by @cyan4973
(#1624)
- perf: Faster compression speed in high compression mode for repetitive
data by @terrelln (#1635)
- api: Add parameter to generate smaller dictionaries by @tyler-tran
(#1656)
- cli: Recognize symlinks when built in C99 mode by @felixhandte (#1640)
- cli: Expose cpu load indicator for each file on -vv mode by @ephiepark
(#1631)
- cli: Restrict read permissions on destination files by @chungy (#1644)
- cli: zstdgrep: handle -f flag by @felixhandte (#1618)
- cli: zstdcat: follow symlinks by @vejnar (#1604)
- doc: Remove extra size limit on compressed blocks by @felixhandte
(#1689)
- doc: Fix typo by @yk-tanigawa (#1633)
- doc: Improve documentation on streaming buffer sizes by @cyan4973
(#1629)
- build: CMake: support building with LZ4 @leeyoung624 (#1626)
- build: CMake: install zstdless and zstdgrep by @leeyoung624 (#1647)
- build: CMake: respect existing uninstall target by @j301scott (#1619)
- build: Make: skip multithread tests when built without support by
@michaelforney (#1620)
- build: Make: Fix examples/ test target by @sjnam (#1603)
- build: Meson: rename options out of deprecated namespace by @lzutao
(#1665)
- build: Meson: fix build by @lzutao (#1602)
- build: Visual Studio: don’t export symbols in static lib by @scharan
(#1650)
- build: Visual Studio: fix linking by @absotively (#1639)
- build: Fix MinGW-W64 build by @myzhang1029 (#1600)
- misc: Expand decodecorpus coverage by @ephiepark (#1664)
-
Add baselibs.conf: libarchive gained zstd support and provides
-32bit libraries. This means, zstd also needs to provide -32bit libs.
-
Update to new upstream release 1.4.0
- perf: level 1 compression speed was improved
- cli: added --[no-]compress-literals flag to enable or disable literal
compression
-
Reword “real-time” in description by some actual statistics, because
603MB/s (lowest zstd level) is not “real-time” for quite some
applications.
-
zstd 1.3.8:
- better decompression speed on large files (+7%) and cold dictionaries
(+15%)
- slightly better compression ratio at high compression modes
- new --rsyncable mode
- support decompression of empty frames into NULL (used to be an error)
- support ZSTD_CLEVEL environment variable
- –no-progress flag, preserving final summary
- various CLI fixes
- fix race condition in one-pass compression functions that could allow
out of bounds write (CVE-2019-11922, boo#1142941)
-
zstd 1.3.7:
- fix ratio for dictionary compression at levels 9 and 10
- add man pages for zstdless and zstdgrep
-
includes changes from zstd 1.3.6:
- faster dictionary builder, also the new default for --train
- previous (slower, slightly higher quality) dictionary builder to be
selected via --train-cover
- Faster dictionary decompression and compression under memory limits
with many dictionaries used simultaneously
- New command --adapt for compressed network piping of data adjusted to
the perceived network conditions
-
update to 1.3.5:
- much faster dictionary compression
- small quality improvement for dictionary generation
- slightly improved performance at high compression levels
- automatic memory release for long duration contexts
- fix overlapLog can be manually set
- fix decoding invalid lz4 frames
- fix performance degradation for dictionary compression when using
advanced API
-
fix pzstd tests
-
enable pzstd (parallel zstd)
-
Use %license instead of %doc [boo#1082318]
-
Add disk _constraints to fix ppc64le build
-
Use FAT LTO objects in order to provide proper static library
(boo#1133297).
This update was imported from the openSUSE:Leap:15.0:Update update project.
Patch Instructions:
To install this openSUSE Security Update use the SUSE recommended installation methods
like YaST online_update or “zypper patch”.
Alternatively you can run the command listed for your product:
-
openSUSE Backports SLE-15-SP1:
zypper in -t patch openSUSE-2019-2008=1
-
openSUSE Backports SLE-15:
zypper in -t patch openSUSE-2019-2008=1