Security update for zstd (moderate)

An update that solves one vulnerability and has two fixes
is now available.

Description:

This update for zstd fixes the following issues:

• Update to version 1.4.2:

  • bug: Fix bug in zstd-0.5 decoder by @terrelln (#1696)
  • bug: Fix seekable decompression in-memory API by @iburinoc (#1695)
  • bug: Close minor memory leak in CLI by @LeeYoung624 (#1701)
  • misc: Validate blocks are smaller than size limit by @vivekmig (#1685)
  • misc: Restructure source files by @ephiepark (#1679)

• Update to version 1.4.1:

  • bug: Fix data corruption in niche use cases by @terrelln (#1659)
  • bug: Fuzz legacy modes, fix uncovered bugs by @terrelln (#1593, #1594,
    #1595)
  • bug: Fix out of bounds read by @terrelln (#1590)
  • perf: Improve decode speed by ~7% @mgrice (#1668)
  • perf: Slightly improved compression ratio of level 3 and 4
    (ZSTD_dfast) by @cyan4973 (#1681)
  • perf: Slightly faster compression speed when re-using a context by
    @cyan4973 (#1658)
  • perf: Improve compression ratio for small windowLog by @cyan4973
    (#1624)
  • perf: Faster compression speed in high compression mode for repetitive
    data by @terrelln (#1635)
  • api: Add parameter to generate smaller dictionaries by @tyler-tran
    (#1656)
  • cli: Recognize symlinks when built in C99 mode by @felixhandte (#1640)
  • cli: Expose cpu load indicator for each file on -vv mode by @ephiepark
    (#1631)
  • cli: Restrict read permissions on destination files by @chungy (#1644)
  • cli: zstdgrep: handle -f flag by @felixhandte (#1618)
  • cli: zstdcat: follow symlinks by @vejnar (#1604)
  • doc: Remove extra size limit on compressed blocks by @felixhandte
    (#1689)
  • doc: Fix typo by @yk-tanigawa (#1633)
  • doc: Improve documentation on streaming buffer sizes by @cyan4973
    (#1629)
  • build: CMake: support building with LZ4 @leeyoung624 (#1626)
  • build: CMake: install zstdless and zstdgrep by @leeyoung624 (#1647)
  • build: CMake: respect existing uninstall target by @j301scott (#1619)
  • build: Make: skip multithread tests when built without support by
    @michaelforney (#1620)
  • build: Make: Fix examples/ test target by @sjnam (#1603)
  • build: Meson: rename options out of deprecated namespace by @lzutao
    (#1665)
  • build: Meson: fix build by @lzutao (#1602)
  • build: Visual Studio: don’t export symbols in static lib by @scharan
    (#1650)
  • build: Visual Studio: fix linking by @absotively (#1639)
  • build: Fix MinGW-W64 build by @myzhang1029 (#1600)
  • misc: Expand decodecorpus coverage by @ephiepark (#1664)

• Add baselibs.conf: libarchive gained zstd support and provides
  -32bit libraries. This means, zstd also needs to provide -32bit libs.

• Update to new upstream release 1.4.0

  • perf: level 1 compression speed was improved
  • cli: added --[no-]compress-literals flag to enable or disable literal
    compression

• Reword “real-time” in description by some actual statistics, because
  603MB/s (lowest zstd level) is not “real-time” for quite some
  applications.

• zstd 1.3.8:

  • better decompression speed on large files (+7%) and cold dictionaries
    (+15%)
  • slightly better compression ratio at high compression modes
  • new --rsyncable mode
  • support decompression of empty frames into NULL (used to be an error)
  • support ZSTD_CLEVEL environment variable
  • –no-progress flag, preserving final summary
  • various CLI fixes
  • fix race condition in one-pass compression functions that could allow
    out of bounds write (CVE-2019-11922, boo#1142941)

• zstd 1.3.7:

  • fix ratio for dictionary compression at levels 9 and 10
  • add man pages for zstdless and zstdgrep

• includes changes from zstd 1.3.6:

  • faster dictionary builder, also the new default for --train
  • previous (slower, slightly higher quality) dictionary builder to be
    selected via --train-cover
  • Faster dictionary decompression and compression under memory limits
    with many dictionaries used simultaneously
  • New command --adapt for compressed network piping of data adjusted to
    the perceived network conditions

• update to 1.3.5:

  • much faster dictionary compression
  • small quality improvement for dictionary generation
  • slightly improved performance at high compression levels
  • automatic memory release for long duration contexts
  • fix overlapLog can be manually set
  • fix decoding invalid lz4 frames
  • fix performance degradation for dictionary compression when using
    advanced API

• fix pzstd tests

• enable pzstd (parallel zstd)

• Use %license instead of %doc [boo#1082318]

• Add disk _constraints to fix ppc64le build

• Use FAT LTO objects in order to provide proper static library
  (boo#1133297).

This update was imported from the openSUSE:Leap:15.0:Update update project.

Patch Instructions:

To install this openSUSE Security Update use the SUSE recommended installation methods
like YaST online_update or “zypper patch”.

Alternatively you can run the command listed for your product:

• openSUSE Backports SLE-15-SP1:

  zypper in -t patch openSUSE-2019-2008=1

• openSUSE Backports SLE-15:

  zypper in -t patch openSUSE-2019-2008=1