Commit Graph

1286 Commits

Author SHA1 Message Date
Lasse Collin 7413383e42 xz: Fix white space error.
Thanks to xx on #tukaani.

(cherry picked from commit eeca8f7c5b)
2024-05-22 14:32:36 +03:00
Sam James eed2f26c0e xz: add missing noreturn for message_filters_help
Fixes: a165d7df19
(cherry picked from commit 462ca94099)
2024-05-22 14:32:36 +03:00
Sam James 2633d8df61 xz: signals: suppress -Wsign-conversion on macOS
On macOS, we get:
```
signals.c: In function 'signals_init':
signals.c:76:17: error: conversion to 'sigset_t' {aka 'unsigned int'} from 'int' may change the sign of the result [-Werror=sign-conversion]
   76 |                 sigaddset(&hooked_signals, sigs[i]);
      |                 ^~~~~~~~~
signals.c:81:17: error: conversion to 'sigset_t' {aka 'unsigned int'} from 'int' may change the sign of the result [-Werror=sign-conversion]
   81 |                 sigaddset(&hooked_signals, message_progress_sigs[i]);
      |                 ^~~~~~~~~
signals.c:86:9: error: conversion to 'sigset_t' {aka 'unsigned int'} from 'int' may change the sign of the result [-Werror=sign-conversion]
   86 |         sigaddset(&hooked_signals, SIGTSTP);
      |         ^~~~~~~~~
```

We use `int` for `hooked_signals` but we can't just cast to whatever
`sigset_t` is because `sigset_t` is an opaque type. It's an unsigned int
on macOS. On macOS, `sigaddset` is implemented as a macro.

Just suppress -Wsign-conversion for `signals_init` for macOS given
there's no real nice way of fixing this.

(cherry picked from commit 863f13d282)
2024-05-22 14:32:36 +03:00
Lasse Collin 5d20a61205 liblzma: CRC: Simplify table omission macros
A macro is useful to prevent a single #if directive from
getting too ugly but only one macro is needed for all archs.

(cherry picked from commit 6286c1900c)
2024-05-22 14:26:03 +03:00
Lasse Collin 2a80827e23 liblzma: ARM64 CRC: Fix omission of CRC32 table
The macro name had an odd typo so the table wasn't omitted
when it should have.

Fixes: 1940f0ec28
(cherry picked from commit 45da936c87)
2024-05-22 14:26:03 +03:00
Lasse Collin 9223ad6e78 liblzma: ARM64 CRC32: Change style of the macOS code to match FreeBSD
I didn't test this but it shouldn't change any functionality.

Fixes: 761f5b69a4
(cherry picked from commit fc43cecd32)
2024-05-22 14:26:03 +03:00
Lasse Collin 32ceb2c36a liblzma: ARM64 CRC32: Add error checking to FreeBSD-specific code
Also add parenthesis to the return statement.

I didn't test this.

Fixes: 761f5b69a4
(cherry picked from commit 1024cd4cd9)
2024-05-22 14:26:03 +03:00
Lasse Collin 42915101e9 liblzma: ARM64 CRC32: Use negation instead of subtracting from 8
Subtracting from 0 is negation, this just keeps warnings away.

Fixes: 761f5b69a4
(cherry picked from commit 2337f7021c)
2024-05-22 14:26:03 +03:00
Lasse Collin 42a9482b48 liblzma: ARM64 CRC32: Tweak coding style and comments
(cherry picked from commit d8fffd01aa)
2024-05-22 14:26:03 +03:00
Lasse Collin 34d1252f09 liblzma: Remove ifunc support.
This is *NOT* done for security reasons even though the backdoor
relied on the ifunc code. Instead, the reason is that in this
project ifunc provides little benefits but it's quite a bit of
extra code to support it. The only case where ifunc *might* matter
for performance is if the CRC functions are used directly by an
application. In normal compression use it's completely irrelevant.

(cherry picked from commit 689ae24273)
2024-05-22 14:12:43 +03:00
Lasse Collin 1a1f3d0323 xz man page: Use .ft CR instead of CW to silence warnings from groff.
(cherry picked from commit 31ef676567)
2024-05-22 14:12:43 +03:00
Lasse Collin 879295d91f Update maintainer and author info.
The other maintainer suddenly disappeared.

(cherry picked from commit 77a294d98a)
2024-05-22 14:12:43 +03:00
Lasse Collin eeb74fba1f Update website URLs back to tukaani.org.
The XZ projects were moved back to their original URLs.

(cherry picked from commit 17aa2e1a79)
2024-05-22 14:12:39 +03:00
Lasse Collin a7b9cd7000 xzdec: Tweak coding style and comments.
(cherry picked from commit 2739db9810)
2024-05-22 14:12:13 +03:00
Lasse Collin b3a7561880 liblzma: memcmplen.h: Add a comment why subtraction is used.
(cherry picked from commit 0b99783d63)
2024-05-22 14:07:37 +03:00
Lasse Collin 760f622f0d liblzma: Minor comment edits.
(cherry picked from commit 3217b82b3e)
2024-05-22 14:07:37 +03:00
Sergey Kosukhin 403b4c78b8 liblzma: Fix building with NVHPC (NVIDIA HPC SDK).
NVHPC compiler has several issues that make it impossible to
build liblzma:
  - the compiler cannot handle unions that contain pointers that
    are not the first members;
  - the compiler cannot handle the assembler code in range_decoder.h
    (LZMA_RANGE_DECODER_CONFIG has to be set to zero);
  - the compiler fails to produce valid code for delta_decode if the
    vectorization is enabled, which results in failed tests.

This introduces NVHPC-specific workarounds that address the issues.

(cherry picked from commit 096bc0e3f8)
2024-05-22 14:07:37 +03:00
Lasse Collin 1107712e37 Remove the backdoor found in 5.6.0 and 5.6.1 (CVE-2024-3094).
While the backdoor was inactive (and thus harmless) without inserting
a small trigger code into the build system when the source package was
created, it's good to remove this anyway:

  - The executable payloads were embedded as binary blobs in
    the test files. This was a blatant violation of the
    Debian Free Software Guidelines.

  - On machines that see lots bots poking at the SSH port, the backdoor
    noticeably increased CPU load, resulting in degraded user experience
    and thus overwhelmingly negative user feedback.

  - The maintainer who added the backdoor has disappeared.

  - Backdoors are bad for security.

This reverts the following without making any other changes:

6e636819 Tests: Update two test files.
a3a29bbd Tests: Test --single-stream can decompress bad-3-corrupt_lzma2.xz.
0b4ccc91 Tests: Update RISC-V test files.
8c9b8b20 liblzma: Fix typos in crc32_fast.c and crc64_fast.c.
82ecc538 liblzma: Fix false Valgrind error report with GCC.
cf44e4b7 Tests: Add a few test files.
3060e107 Tests: Use smaller dictionary size in RISC-V test files.
e2870db5 Tests: Add two RISC-V Filter test files.

The RISC-V test files also have real content that tests the filter
but the real content would fit into much smaller files. A generator
program would need to be available as well.

Thanks to Andres Freund for finding and reporting it and making
it public quickly so others could act without a delay.
See: https://www.openwall.com/lists/oss-security/2024/03/29/4
2024-04-09 18:38:37 +03:00
Jia Tan fd1b975b78 Bump version and soname for 5.6.1. 2024-03-09 11:42:50 +08:00
Jia Tan 058337b0f1 liblzma: Fix typos in crc32_fast.c and crc64_fast.c. 2024-03-09 09:52:32 +08:00
Jia Tan 651a1545c8 liblzma: Fix false Valgrind error report with GCC.
With GCC and a certain combination of flags, Valgrind will falsely
trigger an invalid write. This appears to be due to the omission of
instructions to properly save, set up, and restore the frame pointer.

The IFUNC resolver is a leaf function since it only calls a function
that is inlined. So sometimes GCC omits the frame pointer instructions
in the resolver unless this optimization is explictly disabled.

This fixes https://bugzilla.redhat.com/show_bug.cgi?id=2267598.
2024-03-09 09:20:57 +08:00
Lasse Collin 6e97b299f1 liblzma: Fix a typo in a comment in the RISC-V filter. 2024-03-05 23:21:26 +02:00
Jia Tan 4e1c97052b liblzma: Use attribute no_profile_instrument_function with ifunc.
Thanks to Sam James for determining this was the attribute needed to
workaround the GCC bug and for his version of the patch in Gentoo.
2024-03-05 00:34:46 +08:00
Lasse Collin e98ddaf85a liblzma: Fix a comment in the RISC-V filter. 2024-03-04 19:23:18 +02:00
Lasse Collin 86bec8334b xz: Add comments. 2024-02-28 18:33:34 +02:00
Jia Tan 5c91b454c2 xz: Change logging level for thread reduction to highest verbosity only.
Now that multi threaded encoding is the default, users do not need to
see a warning message everytime the number of threads is reduced. On
some machines, this could happen very often. It is not unreasonable for
users to need to set double verbose mode to see this kind of
information.

To see these warning messages -vv or --verbose --verbose must be passed
to set xz into the highest possible verbosity mode.

These warnings had caused automated testing frameworks to fail when they
expected no output to stderr.

Thanks to Sebastian Andrzej Siewior for reporting this and for the
initial version of the patch.
2024-02-28 18:31:04 +02:00
Chien Wong f06b33edd2 xz: Add missing RISC-V on the filter list in the man page
Signed-off-by: Chien Wong <m@xv97.com>
2024-02-28 18:31:04 +02:00
Jia Tan a100f9111c Build: Fix Linux Landlock feature test in Autotools and CMake builds.
The previous Linux Landlock feature test assumed that having the
linux/landlock.h header file was enough. The new feature tests also
requires that prctl() and the required Landlock system calls are
supported.
2024-02-28 18:31:04 +02:00
Jia Tan 2d7d862e3f Bump version and soname for 5.6.0. 2024-02-24 15:55:08 +08:00
Jia Tan 898aad9fc7 xzmore: Fix typo in xzmore.1.
Thanks to Yuri Chornoivan.
2024-02-21 00:30:43 +08:00
Jia Tan eea78216d2 xz: Fix Capsicum sandbox compile error.
user_abort_pipe[] was still being used instead of the parameters.
2024-02-23 20:27:15 +08:00
Lasse Collin de4337fd89 xz: Landlock: Fix error message if input file is a directory.
If xz is given a directory, it should look like this:

    $ xz /usr/bin
    xz: /usr/bin: Is a directory, skipping

The Landlock rules didn't allow opening directories for reading:

    $ xz /usr/bin
    xz: /usr/bin: Permission denied

The simplest fix was to allow opening directories for reading.
While it's a bit silly to allow it solely for the error message,
it shouldn't make the sandbox significantly weaker.

The single-file use case (like when called from GNU tar) is
still as strict as possible: all Landlock restrictions are
enabled before (de)compression starts.
2024-02-22 15:18:25 +02:00
Lasse Collin 120da10ae1 liblzma: Disable branchless C version in range decoder.
Thanks to Sebastian Andrzej Siewior and Sam James for
benchmarking on various systems.
2024-02-22 14:41:29 +02:00
Lasse Collin 3462362ebd Scripts: Use @PACKAGE_VERSION@ instead of @VERSION@.
PACKAGE_VERSION was already used in liblzma.pc.in.
This way only one version @foo@ is used.
2024-02-19 12:21:37 +02:00
Lasse Collin 746c471643 liblzma: Remove commented-out code. 2024-02-19 11:58:33 +02:00
Lasse Collin 4ce300ce08 xz: Delete old commented-out code. 2024-02-17 23:07:35 +02:00
Lasse Collin cae9a5e0bf xz: Use stricter pledge(2) and Landlock sandbox.
This makes these sandboxing methods stricter when no files are
created or deleted. That is, it's a middle ground between the
initial sandbox and the strictest single-file-to-stdout sandbox:
this allows opening files for reading but output has to go to stdout.
2024-02-17 23:07:35 +02:00
Lasse Collin 02e3505991 xz: Support Landlock ABI version 4.
Linux 6.7 added support for ABI version 4 which restricts
TCP connections which xz won't need and thus those can be
forbidden now. Since the ABI version is handled at runtime,
supporting version 4 won't cause any compatibility issues.

Note that new enough kernel headers are required to get
version 4 support enabled at build time.
2024-02-17 23:07:35 +02:00
Lasse Collin 374868d81d xz: Move sandboxing code to sandbox.c and improve Landlock sandbox.
Landlock is now always used just like pledge(2) is: first in more
permissive mode and later (under certain common conditions) in
a strict mode that doesn't allow opening more files.

I put pledge(2) first in sandbox.c because it's the simplest API
to use and still somewhat fine-grained for basic applications.
So it's the simplest thing to understand for anyone reading sandbox.c.
2024-02-17 23:07:35 +02:00
Lasse Collin 7312dfbb02 xz: Tweak comments. 2024-02-17 23:07:35 +02:00
Lasse Collin c701a5909a xz: Fix message_init() description.
Also explicitly initialize progress_automatic to make it clear
that it can be read before message_init() sets it. Static variable
was initialized to false by default already so this is only for
clarity.
2024-02-17 23:07:35 +02:00
Lasse Collin 56246607df Build: Install translated lzmainfo man pages.
All other translated man pages were being installed but
lzmainfo had been forgotten.
2024-02-17 16:23:14 +02:00
Lasse Collin f1d6b88aef liblzma: Avoid implementation-defined behavior in the RISC-V filter.
GCC docs promise that it works and a few other compilers do
too. Clang/LLVM is documented source code only but unsurprisingly
it behaves the same as others on x86-64 at least. But the
certainly-portable way is good enough here so use that.
2024-02-17 16:01:32 +02:00
Lasse Collin 843ddc5f61 liblzma: Wrap a line exceeding 80 chars. 2024-02-17 15:50:21 +02:00
Sebastian Andrzej Siewior e9053c9072 liblzma/rangecoder: Exclude x32 from the x86-64 optimisation.
The x32 port has a x86-64 ABI in term of all registers but uses only
32bit pointer like x86-32. The assembly optimisation fails to compile on
x32. Given the state of x32 I suggest to exclude it from the
optimisation rather than trying to fix it.

Signed-off-by: Sebastian Andrzej Siewior <sebastian@breakpoint.cc>
2024-02-17 15:50:21 +02:00
Jia Tan fb5f6aaf18 Fix typos discovered by codespell. 2024-02-16 22:54:59 +08:00
Jia Tan 6f1790254a Bump version for 5.5.2beta. 2024-02-15 01:53:40 +08:00
Lasse Collin 924fdeedf4 liblzma: Fix validate_map.sh.
Adding the SPDX license identifier changed the line numbers.
2024-02-14 19:46:11 +02:00
Lasse Collin a4557bad96 liblzma: Silence warnings in --enable-small build. 2024-02-14 19:21:45 +02:00
Lasse Collin 160b686264 liblzma: Silence a warning. 2024-02-14 19:05:58 +02:00