.gitignore

@@ -1 +1,2 @@
-SOURCES/xz-5.2.5.tar.xz
+SOURCES/xz-5.6.2.tar.gz
+SOURCES/xz-5.6.2.tar.gz.sig

.xz.metadata

@@ -1 +1,2 @@
-0b9d1e06b59f7fe0796afe1d93851b9306b4a3b6 SOURCES/xz-5.2.5.tar.xz
+0d6b10e4628fe08e19293c65e8dbcaade084a083 SOURCES/xz-5.6.2.tar.gz
+64845817acfd2a9187f5c61a3f6fd2e8a11fcac3 SOURCES/xz-5.6.2.tar.gz.sig

SOURCES/lasse_collin_pubkey.txt

@@ -0,0 +1,52 @@
+-----BEGIN PGP PUBLIC KEY BLOCK-----
+
+mQINBEzEOZIBEACxg/IuXERlDB48JBWmF4NxNUuuup1IhJAJyFGFSKh3OGAO2Ard
+sNuRLjANsFXA7m7P5eTFcG+BoHHuAVYmKnI3PPZtHVLnUt4pGItPczQZ2BE1WpcI
+ayjGTBJeKItX3Npqg9D/odO9WWS1i3FQPVdrLn0YH37/BA66jeMQCRo7g7GLpaNf
+IrvYGsqTbxCwsmA37rpE7oyU4Yrf74HT091WBsRIoq/MelhbxTDMR8eu/dUGZQVc
+Kj3lN55RepwWwUUKyqarY0zMt4HkFJ7v7yRL+Cvzy92Ouv4Wf2FlhNtEs5LE4Tax
+W0PO5AEmUoKjX87SezQK0f652018b4u6Ex52cY7p+n5TII/UyoowH6+tY8UHo9yb
+fStrqgNE/mY2bhA6+AwCaOUGsFzVVPTbjtxL3HacUP/jlA1h78V8VTvTs5d55iG7
+jSqR9o05wje8rwNiXXK0xtiJahyNzL97Kn/DgPSqPIi45G+8nxWSPFM5eunBKRl9
+vAnsvwrdPRsR6YR3uMHTuVhQX9/CY891MHkaZJ6wydWtKt3yQwJLYqwo5d4DwnUX
+CduUwSKv+6RmtWI5ZmTQYOcBRcZyGKml9X9Q8iSbm6cnpFXmLrNQwCJN+D3SiYGc
+MtbltZo0ysPMa6Xj5xFaYqWk/BI4iLb2Gs+ByGo/+a0Eq4XYBMOpitNniQARAQAB
+tCdMYXNzZSBDb2xsaW4gPGxhc3NlLmNvbGxpbkB0dWthYW5pLm9yZz6JAlEEEwEK
+ADsCGwMCHgECF4AECwkIBwMVCggFFgIDAQAWIQQ2kMJAzlG0Zw0wrRw47nV9aRhG
+IAUCZZwJyQUJGuHiNwAKCRA47nV9aRhGIE4qD/4jdFTe3WPpLgvz/jdlbnSZxr7q
+OS6H/ZJFENHO4SbavXdoXLtj+t6/lqWq890Js8IpWaaiJLowzW1xJMEg99W6k0KD
+3pHUbwPxf0GCSAt/W4JYxdTj+1ggdHjx5yBAmOakjnOH+ZDKQNBnDOI6ghf3ew+H
+9z/b0mQX3rlQbtoqSPZtuDOdFcjCOSwEyqdV+9eNqnv2CoKZkiGoUB1WGCbqKUkY
+KiUJ3WldmPQ5RQYjEi7zZWVac1VuwBA0XOku+W4cCJ5DnPyK7CtMwC84VvaodlOX
+UAK3Y5BIZpZM2Rk6yMX5lFDA5nA8UuHJQRDjTVmh3BIdgRvp0ZV6ogtqNE7RifpW
+aBWDIsCkimcbCJJM+edOLiVZog+ia1Ts8zu33wj7Tnvp5znLc8NLZIqwu1HKLS97
+m+Yf5oC3ObTZtXbVF+OglWe/3ljLHdL2bJxNdtcVlChSNPUW3fgLHk9Fzrlnqdab
+tSGwI/0Ryt00cKjRiMOagTn5Nly6boCtgGYdQafQoSrs3eQjnWVgbNYDMgPyl4k+
+Q5RJLEY7AvtXo7FUEgOTfr9PWmjmc2JzGpxbtwl6sQi6yLrBZTRf1Xao2OjOje6G
+XdUbXNmgOv16sWxcI0s4lX1z28BgHQfwXhBFBRjw2Sy+6TfFXjX24thcpMwvyJ3c
+xhMtdY4N4jyfRjYe8LkCDQRMxDmSARAAv8XAp2PGA/G1KmCrVIzOBm1NPIuqGAYP
+c1l9p0dYdhEgvfw0NXcl5MDv1jbOPZ2PspA8NP7Rqp6LNNXYTeM/eIJDndU5Phyi
+ewFpACAp7Gmm2dL5PUOhu0gIUnQYbN/QdGPoo7bNI646K1Y9aVTBu9fszQssjb6G
+qXHSNM+pskVn9lropO1tLrF0I9VSlSphlCmiQRlzBCZSnxD6UagkPaw1gJnJqnrd
+f9oA6AIavZFdh104fl7y8bMZb6bC0K/5ZD0DLfmYaojkyqRtl3VBu6/ZvXrjsT9A
+QS5x9EdVslUoYY+kUxQm1wi3LIi3mOj6v0IIvgKzjt0X/39E3C42+m8ddTKowFB1
+Y1lEzHiT80YP9a+I+L2bqYgy6Lqs5CxI5qph1xRfg2rY6uvc5rPYk9B1R94jbeKi
+3W8ryHG9QJBNXcd8mCGLM3qylWXTJA4oGITyaIlGCuMeKUfeFNvGijjbEOQ0Cr4J
+CjdACbWJsPEoIOrRFxY+NwJEA39Dkyalyh2l0qTNXTIYhLiDuzl+tWuBX+SjHavj
+9jGyvwr3T37gfzYCNMoZf8GaxAUJMCoGTqnsjTPGMion/DfdNkFDQ+fivdYiVQ9p
+/Njpr38sC83V8dHF/1KkIHImyzMPTdC7l/lMHyC2Gx2dWZOjuOOKit0Qoy3DZoQw
+vN1ZZND9M1UAEQEAAYkCPAQYAQoAJgIbDBYhBDaQwkDOUbRnDTCtHDjudX1pGEYg
+BQJlnAmyBQka4eIgAAoJEDjudX1pGEYguyYQAJo+5SnMMdu+d70mWfUb9PZg7P5C
+GRepHnckx9Sis5oR5s7NNl5j5Yy4J1UwsmrP+mn52ujqewkkVsCq65NGQQx7+tkw
+uKGvnGBkHdrI+aJk86qLMf4DlnNJEmN8t5jTGQfRLbFVf2I8EY6qXAzCSmL9Zs++
+rDUz65GOTB1EP0XmBRsuVYRfDbFezrPQH0JDucbXFi/2BDnl2/Mk9NBoQ0CvB4oG
+tLDiQZ+jV7n1VXXJ1faD9s7i0hOTdcG6rlyIqi/LyAzdCnOYTkmv3U1kdmzkvrh1
+KEiejnM5fj27RE2v191vh3hgZ+X5+uwjNTP0QC4qP8XykQOAA8usOMVZ72lyXCAk
+wiUcRdrAXLN/XbIFNcQ3m4d3W6t60Gk09wFlUKaEltDMlPUsxiSG3qFwFGPBP6UV
+h3mjJMAl1jltLrR7ybez0SczfrcAtdCsKTvgzV9W2TzUfK2R9PBanmXTXK2M7yU3
+IquHt3Je4aSP7XYb5D+ajlbFNvnXOYcai8WryfC5nLAfV4MbPX+UlRaYCqqHVhut
+gK93re1L5mMI3zjG5Ri5jLpUA9toSJCIJIY5zwr/8LL/ZL4TixXlouA17yjkpY/e
+Bjs8cNj1O3aM4jY2FKCS8UbfxOiARk/5kBMRPEZ/mqpMQttzE8KVjOv6fRxy/eVE
+888/gToe5kb8qYwy
+=6rZC
+-----END PGP PUBLIC KEY BLOCK-----

SOURCES/xz-5.2.5-cve-2022-1271.patch

@@ -1,94 +0,0 @@
-From 69d1b3fc29677af8ade8dc15dba83f0589cb63d6 Mon Sep 17 00:00:00 2001
-From: Lasse Collin <lasse.collin@tukaani.org>
-Date: Tue, 29 Mar 2022 19:19:12 +0300
-Subject: [PATCH] xzgrep: Fix escaping of malicious filenames (ZDI-CAN-16587).
-
-Malicious filenames can make xzgrep to write to arbitrary files
-or (with a GNU sed extension) lead to arbitrary code execution.
-
-xzgrep from XZ Utils versions up to and including 5.2.5 are
-affected. 5.3.1alpha and 5.3.2alpha are affected as well.
-This patch works for all of them.
-
-This bug was inherited from gzip's zgrep. gzip 1.12 includes
-a fix for zgrep.
-
-The issue with the old sed script is that with multiple newlines,
-the N-command will read the second line of input, then the
-s-commands will be skipped because it's not the end of the
-file yet, then a new sed cycle starts and the pattern space
-is printed and emptied. So only the last line or two get escaped.
-
-One way to fix this would be to read all lines into the pattern
-space first. However, the included fix is even simpler: All lines
-except the last line get a backslash appended at the end. To ensure
-that shell command substitution doesn't eat a possible trailing
-newline, a colon is appended to the filename before escaping.
-The colon is later used to separate the filename from the grep
-output so it is fine to add it here instead of a few lines later.
-
-The old code also wasn't POSIX compliant as it used \n in the
-replacement section of the s-command. Using \<newline> is the
-POSIX compatible method.
-
-LC_ALL=C was added to the two critical sed commands. POSIX sed
-manual recommends it when using sed to manipulate pathnames
-because in other locales invalid multibyte sequences might
-cause issues with some sed implementations. In case of GNU sed,
-these particular sed scripts wouldn't have such problems but some
-other scripts could have, see:
-
-    info '(sed)Locale Considerations'
-
-This vulnerability was discovered by:
-cleemy desu wayo working with Trend Micro Zero Day Initiative
-
-Thanks to Jim Meyering and Paul Eggert discussing the different
-ways to fix this and for coordinating the patch release schedule
-with gzip.
----
- src/scripts/xzgrep.in | 20 ++++++++++++--------
- 1 file changed, 12 insertions(+), 8 deletions(-)
-
-diff --git a/src/scripts/xzgrep.in b/src/scripts/xzgrep.in
-index b180936..e5186ba 100644
---- a/src/scripts/xzgrep.in
-+++ b/src/scripts/xzgrep.in
-@@ -180,22 +180,26 @@ for i; do
-          { test $# -eq 1 || test $no_filename -eq 1; }; then
-       eval "$grep"
-     else
-+      # Append a colon so that the last character will never be a newline
-+      # which would otherwise get lost in shell command substitution.
-+      i="$i:"
-+
-+      # Escape & \ | and newlines only if such characters are present
-+      # (speed optimization).
-       case $i in
-       (*'
- '* | *'&'* | *'\'* | *'|'*)
--        i=$(printf '%s\n' "$i" |
--            sed '
--              $!N
--              $s/[&\|]/\\&/g
--              $s/\n/\\n/g
--            ');;
-+        i=$(printf '%s\n' "$i" | LC_ALL=C sed 's/[&\|]/\\&/g; $!s/$/\\/');;
-       esac
--      sed_script="s|^|$i:|"
-+
-+      # $i already ends with a colon so don't add it here.
-+      sed_script="s|^|$i|"
- 
-       # Fail if grep or sed fails.
-       r=$(
-         exec 4>&1
--        (eval "$grep" 4>&-; echo $? >&4) 3>&- | sed "$sed_script" >&3 4>&-
-+        (eval "$grep" 4>&-; echo $? >&4) 3>&- |
-+            LC_ALL=C sed "$sed_script" >&3 4>&-
-       ) || r=2
-       exit $r
-     fi >&3 5>&-
--- 
-2.35.1
-

SOURCES/xz-5.2.5-enable_CET.patch

@@ -1,70 +0,0 @@
-From: H.J. Lu <hjl.tools@gmail.com>
-Date: Wed, 23 Dec 2020 15:49:04 +0100 (06:49 -0800)
-Subject: [PATCH] liblzma: Enable Intel CET in x86 CRC assembly codes
-
-When Intel CET is enabled, we need to include <cet.h> in assembly codes
-to mark Intel CET support and add _CET_ENDBR to indirect jump targets.
-
-Tested on Intel Tiger Lake under CET enabled Linux.
----
- src/liblzma/check/crc32_x86.S | 9 +++++++++
- src/liblzma/check/crc64_x86.S | 9 +++++++++
- 2 files changed, 18 insertions(+)
-
-diff --git a/src/liblzma/check/crc32_x86.S b/src/liblzma/check/crc32_x86.S
-index 67f68a4..e3745e6 100644
---- a/src/liblzma/check/crc32_x86.S
-+++ b/src/liblzma/check/crc32_x86.S
-@@ -51,6 +51,14 @@ init_table(void)
-  * extern uint32_t lzma_crc32(const uint8_t *buf, size_t size, uint32_t crc);
-  */
- 
-+/* When Intel CET is enabled, include <cet.h> in assembly code to mark
-+   Intel CET support.  */
-+#ifdef __CET__
-+# include <cet.h>
-+#else
-+# define _CET_ENDBR
-+#endif
-+
- /*
-  * On some systems, the functions need to be prefixed. The prefix is
-  * usually an underscore.
-@@ -83,6 +91,7 @@ init_table(void)
- 
- 	ALIGN(4, 16)
- LZMA_CRC32:
-+	_CET_ENDBR
- 	/*
- 	 * Register usage:
- 	 * %eax crc
-diff --git a/src/liblzma/check/crc64_x86.S b/src/liblzma/check/crc64_x86.S
-index f5bb84b..7ee08f6 100644
---- a/src/liblzma/check/crc64_x86.S
-+++ b/src/liblzma/check/crc64_x86.S
-@@ -41,6 +41,14 @@ init_table(void)
-  * extern uint64_t lzma_crc64(const uint8_t *buf, size_t size, uint64_t crc);
-  */
- 
-+/* When Intel CET is enabled, include <cet.h> in assembly code to mark
-+   Intel CET support.  */
-+#ifdef __CET__
-+# include <cet.h>
-+#else
-+# define _CET_ENDBR
-+#endif
-+
- /*
-  * On some systems, the functions need to be prefixed. The prefix is
-  * usually an underscore.
-@@ -73,6 +81,7 @@ init_table(void)
- 
- 	ALIGN(4, 16)
- LZMA_CRC64:
-+	_CET_ENDBR
- 	/*
- 	 * Register usage:
- 	 * %eax crc LSB
--- 
-2.26.0
-

SPECS/xz.spec

@@ -3,34 +3,42 @@
 
 Summary:	LZMA compression utilities
 Name:		xz
-Version:	5.2.5
-Release:	8%{?dist}
+# **PLEASE NOTE**: when bumping xz version, please rebuild
+# perl-Compress-Raw-Lzma, it has a strict xz version dep
+Epoch:		1
+Version:	5.6.2
+Release:	3%{?dist}
+
+# liblzma - 0BSD
+# xz{,dec}, lzma{dec,info} - 0BSD
+#    - getopt_long - LGPL-2.1-or-later - not built in Fedora
+# xz{grep,diff,less,more} - GPL-2.0-or-later
+# docs - BSD0 AND LicenseRef-Fedora-Public-Domain
+# man pages and translations - 0BSD AND LicenseRef-Fedora-Public-Domain
+# See: https://gitlab.com/fedora/legal/fedora-license-data/-/issues/547
+License:	0BSD AND GPL-2.0-or-later AND LicenseRef-Fedora-Public-Domain
 
-# Scripts xz{grep,diff,less,more} and symlinks (copied from gzip) are
-# GPLv2+, binaries are Public Domain (linked against LGPL getopt_long but its
-# OK), documentation is Public Domain.
-License:	GPLv2+ and Public Domain
 # official upstream release
-Source0:	https://tukaani.org/%{name}/%{name}-%{version}.tar.xz
+Source0:	https://github.com/tukaani-project/%{name}/releases/download/v%{version}/%{name}-%{version}.tar.gz
+Source1:	https://github.com/tukaani-project/%{name}/releases/download/v%{version}/%{name}-%{version}.tar.gz.sig
+Source2:	https://tukaani.org/misc/lasse_collin_pubkey.txt
 
 Source100:	colorxzgrep.sh
 Source101:	colorxzgrep.csh
 
-Patch1:   xz-5.2.5-enable_CET.patch
-Patch2:   xz-5.2.5-cve-2022-1271.patch
-
 URL:		https://tukaani.org/%{name}/
-Requires:	%{name}-libs%{?_isa} = %{version}-%{release}
+Requires:	%{name}-libs%{?_isa} = %{epoch}:%{version}-%{release}
 
 # For /usr/libexec/grepconf.sh (RHBZ#1189120).
 # Unfortunately F21 has a newer version of grep which doesn't
 # have grepconf, but we're only concerned with F22 here.
 Requires:	grep >= 2.20-5
 
-BuildRequires:  make
+BuildRequires:	make
 BuildRequires:	gcc
+BuildRequires:	gnupg2
 BuildRequires:	perl-interpreter
-
+BuildRequires:	autoconf automake libtool gettext-devel
 
 %description
 XZ Utils are an attempt to make LZMA compression easy to use on free (as in
@@ -45,7 +53,7 @@ decompression speed fast.
 
 %package 	libs
 Summary:	Libraries for decoding LZMA compression
-License:	Public Domain
+License:	0BSD
 Obsoletes:	%{name}-compat-libs < %{version}-%{release}
 
 %description 	libs
@@ -54,7 +62,7 @@ Libraries for decoding files compressed with LZMA or XZ utils.
 
 %package 	static
 Summary:	Statically linked library for decoding LZMA compression
-License:	Public Domain
+License:	0BSD
 
 %description 	static
 Statically linked library for decoding files compressed with LZMA or
@@ -63,8 +71,8 @@ XZ utils.  Most users should *not* install this.
 
 %package 	devel
 Summary:	Devel libraries & headers for liblzma
-License:	Public Domain
-Requires:	%{name}-libs%{?_isa} = %{version}-%{release}
+License:	0BSD
+Requires:	%{name}-libs%{?_isa} = %{epoch}:%{version}-%{release}
 
 %description	devel
 Devel libraries and headers for liblzma.
@@ -72,9 +80,9 @@ Devel libraries and headers for liblzma.
 
 %package 	lzma-compat
 Summary:	Older LZMA format compatibility binaries
-# Just a set of symlinks to 'xz' + two Public Domain binaries.
-License:	Public Domain
-Requires:	%{name}%{?_isa} = %{version}-%{release}
+# Just a set of symlinks to some files in the 'xz' package.
+License:	0BSD AND GPL-2.0-or-later AND LicenseRef-Fedora-Public-Domain
+Requires:	%{name}%{?_isa} = %{epoch}:%{version}-%{release}
 Obsoletes:	lzma < %{version}
 Provides:	lzma = %{version}
 
@@ -84,16 +92,14 @@ commands that deal with the older LZMA format.
 
 
 %prep
+%{gpgverify} --keyring='%{SOURCE2}' --signature='%{SOURCE1}' --data='%{SOURCE0}'
 %autosetup -p1
+autoreconf -fi
 
 
 %build
 export CFLAGS="%optflags"
 
-%ifarch %{power64}
-  CFLAGS="$CFLAGS -O3"
-%endif
-
 %ifarch %ix86
   # rhbz#1630650, annocheck reports the following message because liblzma uses
   # crc*_x86.S asm code on i686:
@@ -131,7 +137,12 @@ LD_LIBRARY_PATH=$PWD/src/liblzma/.libs make check
 %exclude %_pkgdocdir/examples*
 %{_bindir}/*xz*
 %{_mandir}/man1/*xz*
-%{_mandir}/de/man1/*xz*
+%lang(de) %{_mandir}/de/man1/*xz*
+%lang(fr) %{_mandir}/fr/man1/*xz*
+%lang(ko) %{_mandir}/ko/man1/*xz*
+%lang(ro) %{_mandir}/ro/man1/*xz*
+%lang(uk) %{_mandir}/uk/man1/*xz*
+%lang(pt_BR) %{_mandir}/pt_BR/man1/*xz*
 %{profiledir}/*
 
 
@@ -157,20 +168,91 @@ LD_LIBRARY_PATH=$PWD/src/liblzma/.libs make check
 %files lzma-compat
 %{_bindir}/*lz*
 %{_mandir}/man1/*lz*
-%{_mandir}/de/man1/*lz*
+%lang(de) %{_mandir}/de/man1/*lz*
+%lang(fr) %{_mandir}/fr/man1/*lz*
+%lang(ko) %{_mandir}/ko/man1/*lz*
+%lang(ro) %{_mandir}/ro/man1/*lz*
+%lang(uk) %{_mandir}/uk/man1/*lz*
+%lang(pt_BR) %{_mandir}/pt_BR/man1/*lz*
 
 
 %changelog
-* Tue May 31 2022 Matej Mužila <mmuzila@redhat.com> - 5.2.5-8
-- Fix arbitrary file write vulnerability
-  Resolves: CVE-2022-1271
+* Tue Oct 29 2024 Troy Dawson <tdawson@redhat.com> - 1:5.6.2-3
+- Bump release for October 2024 mass rebuild:
+  Resolves: RHEL-64018
+
+* Thu Aug 01 2024 Lukáš Zaoral <lzaoral@redhat.com> - 1:5.6.2-2
+- finish SPDX license conversion (RHEL-46960)
+
+* Tue Jul 16 2024 Jindrich Novy <jnovy@redhat.com>
+- Update to https://github.com/tukaani-project/xz/releases/tag/v5.6.2
+- Resolves: RHEL-43733
+
+* Wed Jul 10 2024 Filip Janus <fjanus@redhat.com> - 5.4.6-3
+- Build package with correct SPDX licence
+
+* Mon Jun 24 2024 Troy Dawson <tdawson@redhat.com> - 5.4.6-2
+- Bump release for June 2024 mass rebuild
+
+* Mon Jan 29 2024 Richard W.M. Jones <rjones@redhat.com> - 5.4.6-1
+- New version 5.4.6 (RHBZ#2260521)
+- Fix Source URLs.
+
+* Sat Jan 27 2024 Fedora Release Engineering <releng@fedoraproject.org> - 5.4.5-2
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild
+
+* Wed Nov 01 2023 Richard W.M. Jones <rjones@redhat.com> - 5.4.5-1
+- New version 5.4.5 (RHBZ#2247487)
+
+* Thu Oct 19 2023 Debarshi Ray <rishi@fedoraproject.org> - 5.4.4-2
+- Mark translations of manuals with %%lang()
+
+* Wed Aug 02 2023 Richard W.M. Jones <rjones@redhat.com> - 5.4.4-1
+- New version 5.4.4 (RHBZ#2228542)
 
-* Tue Aug 10 2021 Mohan Boddu <mboddu@redhat.com> - 5.2.5-7
-- Rebuilt for IMA sigs, glibc 2.34, aarch64 flags
-  Related: rhbz#1991688
+* Sat Jul 22 2023 Fedora Release Engineering <releng@fedoraproject.org> - 5.4.3-2
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_39_Mass_Rebuild
 
-* Fri Apr 16 2021 Mohan Boddu <mboddu@redhat.com> - 5.2.5-6
-- Rebuilt for RHEL 9 BETA on Apr 15th 2021. Related: rhbz#1947937
+* Thu May 04 2023 Richard W.M. Jones <rjones@redhat.com> - 5.4.3-1
+- Rebase to version 5.4.3 (RHBZ#2179570)
+- Update the pubkey which appears to have changed.
+
+* Mon Apr 17 2023 Matej Mužila <mmuzila@redhat.com> - 5.4.2-1
+- Rebase to version 5.4.2 (#2179570)
+
+* Mon Jan 23 2023 Richard W.M. Jones <rjones@redhat.com> - 5.4.1-1
+- Rebase to version 5.4.1 (#2142405)
+
+* Sat Jan 21 2023 Fedora Release Engineering <releng@fedoraproject.org> - 5.2.9-2
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_38_Mass_Rebuild
+
+* Thu Dec 01 2022 Richard W.M. Jones <rjones@redhat.com> - 5.2.9-1
+- Rebase to version 5.2.9 (#2142405)
+
+* Tue Nov 22 2022 Matej Mužila <mmuzila@redhat.com> - 5.2.8-1
+- Rebase to version 5.2.8 (#2142405)
+
+* Tue Aug 30 2022 Matej Mužila <mmuzila@redhat.com> - 5.2.7-1
+- Rebase to version 5.2.7 (#2131313)
+
+* Tue Aug 30 2022 Matej Mužila <mmuzila@redhat.com> - 5.2.6-1
+- Rebase to version 5.2.6 (#2117931)
+
+* Sat Jul 23 2022 Fedora Release Engineering <releng@fedoraproject.org> - 5.2.5-10
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_37_Mass_Rebuild
+
+* Sat Apr 16 2022 Todd Zullinger <tmz@pobox.com> - 5.2.5-9
+- verify upstream GPG signature
+- xzgrep: arbitrary-file-write vulnerability (#2073310, CVE-2022-1271)
+
+* Sat Jan 22 2022 Fedora Release Engineering <releng@fedoraproject.org> - 5.2.5-8
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_36_Mass_Rebuild
+
+* Fri Jul 23 2021 Fedora Release Engineering <releng@fedoraproject.org> - 5.2.5-7
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_35_Mass_Rebuild
+
+* Fri Feb 12 2021 Michal Schorm <mschorm@redhat.com> - 5.2.5-6
+- Remove the ancient PPC64 hack
 
 * Thu Jan 28 2021 Fedora Release Engineering <releng@fedoraproject.org> - 5.2.5-5
 - Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild
@@ -226,6 +308,7 @@ LD_LIBRARY_PATH=$PWD/src/liblzma/.libs make check
 - Cleanup spec
 
 * Thu Aug 03 2017 Fedora Release Engineering <releng@fedoraproject.org> - 5.2.3-4
+
 - Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Binutils_Mass_Rebuild
 
 * Thu Jul 27 2017 Fedora Release Engineering <releng@fedoraproject.org> - 5.2.3-3