This update for zstd fixes the following issues :

  - Update to version 1.4.2 :

  - bug: Fix bug in zstd-0.5 decoder by @terrelln (#1696)

  - bug: Fix seekable decompression in-memory API by     @iburinoc (#1695)

  - bug: Close minor memory leak in CLI by @LeeYoung624     (#1701)

  - misc: Validate blocks are smaller than size limit by     @vivekmig (#1685)

  - misc: Restructure source files by @ephiepark (#1679)

  - Update to version 1.4.1 :

  - bug: Fix data corruption in niche use cases by @terrelln     (#1659)

  - bug: Fuzz legacy modes, fix uncovered bugs by @terrelln     (#1593, #1594, #1595)

  - bug: Fix out of bounds read by @terrelln (#1590)

  - perf: Improve decode speed by ~7% @mgrice (#1668)

  - perf: Slightly improved compression ratio of level 3 and     4 (ZSTD_dfast) by @cyan4973 (#1681)

  - perf: Slightly faster compression speed when re-using a     context by @cyan4973 (#1658)

  - perf: Improve compression ratio for small windowLog by     @cyan4973 (#1624)

  - perf: Faster compression speed in high compression mode     for repetitive data by @terrelln (#1635)

  - api: Add parameter to generate smaller dictionaries by     @tyler-tran (#1656)

  - cli: Recognize symlinks when built in C99 mode by     @felixhandte (#1640)

  - cli: Expose cpu load indicator for each file on -vv mode     by @ephiepark (#1631)

  - cli: Restrict read permissions on destination files by     @chungy (#1644)

  - cli: zstdgrep: handle -f flag by @felixhandte (#1618)

  - cli: zstdcat: follow symlinks by @vejnar (#1604)

  - doc: Remove extra size limit on compressed blocks by     @felixhandte (#1689)

  - doc: Fix typo by @yk-tanigawa (#1633)

  - doc: Improve documentation on streaming buffer sizes by     @cyan4973 (#1629)

  - build: CMake: support building with LZ4 @leeyoung624     (#1626)

  - build: CMake: install zstdless and zstdgrep by     @leeyoung624 (#1647)

  - build: CMake: respect existing uninstall target by     @j301scott (#1619)

  - build: Make: skip multithread tests when built without     support by @michaelforney (#1620)

  - build: Make: Fix examples/ test target by @sjnam (#1603)

  - build: Meson: rename options out of deprecated namespace     by @lzutao (#1665)

  - build: Meson: fix build by @lzutao (#1602)

  - build: Visual Studio: don't export symbols in static lib     by @scharan (#1650)

  - build: Visual Studio: fix linking by @absotively (#1639)

  - build: Fix MinGW-W64 build by @myzhang1029 (#1600)

  - misc: Expand decodecorpus coverage by @ephiepark (#1664)

  - Add baselibs.conf: libarchive gained zstd support and     provides

    -32bit libraries. This means, zstd also needs to provide
    -32bit libs.

  - Update to new upstream release 1.4.0

  - perf: level 1 compression speed was improved

  - cli: added --[no-]compress-literals flag to enable or     disable literal compression

  - Reword 'real-time' in description by some actual     statistics, because 603MB/s (lowest zstd level) is not     'real-time' for quite some applications.

  - zstd 1.3.8 :

  - better decompression speed on large files (+7%) and cold     dictionaries (+15%)

  - slightly better compression ratio at high compression     modes

  - new --rsyncable mode

  - support decompression of empty frames into NULL (used to     be an error)

  - support ZSTD_CLEVEL environment variable

  - --no-progress flag, preserving final summary

  - various CLI fixes

  - fix race condition in one-pass compression functions     that could allow out of bounds write (CVE-2019-11922,     boo#1142941)

  - zstd 1.3.7 :

  - fix ratio for dictionary compression at levels 9 and 10

  - add man pages for zstdless and zstdgrep

  - includes changes from zstd 1.3.6 :

  - faster dictionary builder, also the new default for
    --train

  - previous (slower, slightly higher quality) dictionary     builder to be selected via --train-cover

  - Faster dictionary decompression and compression under     memory limits with many dictionaries used simultaneously

  - New command --adapt for compressed network piping of     data adjusted to the perceived network conditions

  - update to 1.3.5 :

  - much faster dictionary compression

  - small quality improvement for dictionary generation

  - slightly improved performance at high compression levels

  - automatic memory release for long duration contexts

  - fix overlapLog can be manually set

  - fix decoding invalid lz4 frames

  - fix performance degradation for dictionary compression     when using advanced API

  - fix pzstd tests

  - enable pzstd (parallel zstd)

  - Use %license instead of %doc [boo#1082318]

  - Add disk _constraints to fix ppc64le build

  - Use FAT LTO objects in order to provide proper static     library (boo#1133297).

Detections

Analytics

openSUSE Security Update : zstd (openSUSE-2019-1952)

critical Nessus Plugin ID 128015

Version 1.6

Version 1.5

Version 1.6 Feb 18, 2025, 11:54 PM Plugin metadata (CVSS 3 Change AC:H --> AC:L where needed) Plugin Feed: 202502182354
Version 1.5 May 2, 2024, 9:04 AM CVSSv2 score source (set to "CVE-2019-11922") Exploit attributes ("Exploit available" set to "False") Plugin Feed: 202405020904