Commit Graph

37 Commits

Author SHA1 Message Date
Lasse Collin 1107712e37 Remove the backdoor found in 5.6.0 and 5.6.1 (CVE-2024-3094).
While the backdoor was inactive (and thus harmless) without inserting
a small trigger code into the build system when the source package was
created, it's good to remove this anyway:

  - The executable payloads were embedded as binary blobs in
    the test files. This was a blatant violation of the
    Debian Free Software Guidelines.

  - On machines that see lots bots poking at the SSH port, the backdoor
    noticeably increased CPU load, resulting in degraded user experience
    and thus overwhelmingly negative user feedback.

  - The maintainer who added the backdoor has disappeared.

  - Backdoors are bad for security.

This reverts the following without making any other changes:

6e636819 Tests: Update two test files.
a3a29bbd Tests: Test --single-stream can decompress bad-3-corrupt_lzma2.xz.
0b4ccc91 Tests: Update RISC-V test files.
8c9b8b20 liblzma: Fix typos in crc32_fast.c and crc64_fast.c.
82ecc538 liblzma: Fix false Valgrind error report with GCC.
cf44e4b7 Tests: Add a few test files.
3060e107 Tests: Use smaller dictionary size in RISC-V test files.
e2870db5 Tests: Add two RISC-V Filter test files.

The RISC-V test files also have real content that tests the filter
but the real content would fit into much smaller files. A generator
program would need to be available as well.

Thanks to Andres Freund for finding and reporting it and making
it public quickly so others could act without a delay.
See: https://www.openwall.com/lists/oss-security/2024/03/29/4
2024-04-09 18:38:37 +03:00
Jia Tan cf44e4b7f5 Tests: Add a few test files. 2024-02-23 23:09:59 +08:00
Lasse Collin 689e0228ba Change most public domain parts to 0BSD.
Translations and doc/xz-file-format.txt and doc/lzma-file-format.txt
were not touched.

COPYING.0BSD was added.
2024-02-14 18:31:12 +02:00
Jia Tan e2870db5be Tests: Add two RISC-V Filter test files.
These test files achieve 100% code coverage in
src/liblzma/simple/riscv.c. They contain all of the instructions that
should be filtered and a few cases that should not.
2024-01-23 23:05:47 +08:00
Lasse Collin 177ece1c8e Tests: Fix a typo in tests/files/README. 2022-12-13 12:30:45 +02:00
Lasse Collin 60f45bdbaa Tests: Add two ARM64 test files. 2022-12-13 12:30:09 +02:00
Lasse Collin c8f70ebb46 Tests: Add .lz (lzip) test files. 2022-11-09 14:31:21 +02:00
Lasse Collin c3592d0a55 Tests: Add a test file for lzma_index_append() integer overflow bug.
This test fails before commit 18d7facd38.

test_files.sh now runs xz -l for bad-3-index-uncomp-overflow.xz
because only then the previously-buggy code path gets tested.
Normal decompression doesn't use lzma_index_append() at all.
Instead, lzma_index_hash functions are used and those already
did the overflow check.
2022-09-16 17:08:53 +03:00
Lasse Collin ce5549a591 Tests: Add .lzma test files. 2022-07-14 19:37:42 +03:00
Lasse Collin f9e8176ea7 Tests: Add test file good-1-empty-bcj-lzma2.xz.
This is from test_bcj_exact_size.c.
It's good to have it as a standalone file.
2022-06-14 17:20:49 +03:00
Lasse Collin 555de11873 Tests: Add bad-1-lzma2-11.xz. 2022-02-20 19:38:55 +02:00
Lasse Collin bb1d5c1fdd Tests: Add bad-1-lzma2-10.xz and also modify -9.xz. 2021-01-24 22:32:41 +02:00
Lasse Collin 939fc5ed65 Tests: Add bad-1-lzma2-9.xz. 2021-01-24 18:51:51 +02:00
Lasse Collin fdd30032f8 Tests: Add bad-1-check-crc32-2.xz. 2021-01-24 17:04:51 +02:00
Lasse Collin 79bef85e05 Tests: Add a test file for the bug in the previous commit. 2011-05-28 08:46:04 +03:00
Lasse Collin c3f4995586 Tests: Add a new file to test empty LZMA2 streams. 2011-03-31 12:22:55 +03:00
Lasse Collin 31decdce04 Minor fixes to test files' README. 2009-04-14 11:48:46 +03:00
Lasse Collin f9f2d1e743 Added two new test files. 2008-12-15 11:20:22 +02:00
Lasse Collin e114502b2b Oh well, big messy commit again. Some highlights:
- Updated to the latest, probably final file format version.
  - Command line tool reworked to not use threads anymore.
    Threading will probably go into liblzma anyway.
  - Memory usage limit is now about 30 % for uncompression
    and about 90 % for compression.
  - Progress indicator with --verbose
  - Simplified --help and full --long-help
  - Upgraded to the last LGPLv2.1+ getopt_long from gnulib.
  - Some bug fixes
2008-11-19 20:46:52 +02:00
Lasse Collin 4c321a41c4 Renamed the test files from .lzma suffix to .xz suffix. 2008-09-30 17:43:55 +03:00
Lasse Collin 3bdbc12c05 Added one more test file. 2008-09-30 13:56:57 +03:00
Lasse Collin ed3709000a Added two test files. 2008-09-30 13:27:28 +03:00
Lasse Collin 3b34851de1 Sort of garbage collection commit. :-| Many things are still
broken. API has changed a lot and it will still change a
little more here and there. The command line tool doesn't
have all the required changes to reflect the API changes, so
it's easy to get "internal error" or trigger assertions.
2008-08-28 22:53:15 +03:00
Lasse Collin 11de5d5267 Bunch of grammar fixes from meyering. 2008-05-06 15:15:07 +03:00
Lasse Collin 288b232f54 Added more test files. 2008-01-26 11:09:17 +02:00
Lasse Collin c467b0defc Added more test files. 2008-01-26 10:47:55 +02:00
Lasse Collin e988ea1d1a Added more Multi-Block test files. Improved some
descriptions in the test files' README.
2008-01-25 23:50:35 +02:00
Lasse Collin 1fd76d4881 Added more Multi-Block Stream test files. 2008-01-24 14:49:34 +02:00
Lasse Collin 6e27b1098a Added bunch of test files containing Multi-Block Streams. 2008-01-24 00:46:05 +02:00
Lasse Collin 0e80ded13d Added bad-single-none-footer_filter_flags.lzma and
bad-single-none-too_long_vli.lzma.
2008-01-23 20:05:01 +02:00
Lasse Collin 0ae3208db9 Added test files to test usage of flush marker in LZMA. 2008-01-18 20:13:00 +02:00
Lasse Collin 0e70fbe403 Added good-single-none-empty_3.lzma and
bad-single-none-empty.lzma.
2008-01-09 12:06:46 +02:00
Lasse Collin 97d5fa8207 Updated tests/files/README. 2008-01-08 23:10:57 +02:00
Lasse Collin 3bb9bb3109 Added test files with empty Compressed Data. 2008-01-08 23:05:40 +02:00
Lasse Collin 753e4d95cd Added good-single-subblock_implicit.lzma. 2008-01-08 22:27:46 +02:00
Lasse Collin 9080267603 Added a few test files. 2008-01-08 13:35:36 +02:00
Lasse Collin 9a71d57310 Added tests/files/README. 2008-01-07 18:09:44 +02:00