Add NEWS for 5.2.7.

diff --git a/NEWS b/NEWS
index 4c79b18ff26a1c479a920b21f07d050599c04c9e..0205423e79ce8297102096b0fc8b030ddf5b2023 100644 (file)
--- a/NEWS
+++ b/NEWS
@@ -2,6 +2,80 @@
 XZ Utils Release Notes
 ======================
 
+5.2.7 (2022-09-30)
+
+    * liblzma:
+
+        - Made lzma_filters_copy() to never modify the destination
+          array if an error occurs. lzma_stream_encoder() and
+          lzma_stream_encoder_mt() already assumed this. Before this
+          change, if a tiny memory allocation in lzma_filters_copy()
+          failed it would lead to a crash (invalid free() or invalid
+          memory reads) in the cleanup paths of these two encoder
+          initialization functions.
+
+        - Added missing integer overflow check to lzma_index_append().
+          This affects xz --list and other applications that decode
+          the Index field from .xz files using lzma_index_decoder().
+          Normal decompression of .xz files doesn't call this code
+          and thus most applications using liblzma aren't affected
+          by this bug.
+
+        - Single-threaded .xz decoder (lzma_stream_decoder()): If
+          lzma_code() returns LZMA_MEMLIMIT_ERROR it is now possible
+          to use lzma_memlimit_set() to increase the limit and continue
+          decoding. This was supposed to work from the beginning
+          but there was a bug. With other decoders (.lzma or
+          threaded .xz decoder) this already worked correctly.
+
+        - Fixed accumulation of integrity check type statistics in
+          lzma_index_cat(). This bug made lzma_index_checks() return
+          only the type of the integrity check of the last Stream
+          when multiple lzma_indexes were concatenated. Most
+          applications don't use these APIs but in xz it made
+          xz --list not list all check types from concatenated .xz
+          files. In xz --list --verbose only the per-file "Check:"
+          lines were affected and in xz --robot --list only the "file"
+          line was affected.
+
+        - Added ABI compatibility with executables that were linked
+          against liblzma in RHEL/CentOS 7 or other liblzma builds
+          that had copied the problematic patch from RHEL/CentOS 7
+          (xz-5.2.2-compat-libs.patch). For the details, see the
+          comment at the top of src/liblzma/validate_map.sh.
+
+          WARNING: This uses __symver__ attribute with GCC >= 10.
+          In other cases the traditional __asm__(".symver ...")
+          is used. Using link-time optimization (LTO, -flto) with
+          GCC versions older than 10 can silently result in
+          broken liblzma.so.5 (incorrect symbol versions)! If you
+          want to use -flto with GCC, you must use GCC >= 10.
+          LTO with Clang seems to work even with the traditional
+          __asm__(".symver ...") method.
+
+    * xzgrep: Fixed compatibility with old shells that break if
+      comments inside command substitutions have apostrophes (').
+      This problem was introduced in 5.2.6.
+
+    * Build systems:
+
+        - New #define in config.h: HAVE_SYMBOL_VERSIONS_LINUX
+
+        - Windows: Fixed liblzma.dll build with Visual Studio project
+          files. It broke in 5.2.6 due to a change that was made to
+          improve CMake support.
+
+        - Windows: Building liblzma with UNICODE defined should now
+          work.
+
+        - CMake files are now actually included in the release tarball.
+          They should have been in 5.2.5 already.
+
+        - Minor CMake fixes and improvements.
+
+    * Added a new translation: Turkish
+
+
 5.2.6 (2022-08-12)
 
     * xz: