Commit Graph

1310 Commits

Author SHA1 Message Date
Chien Wong eee579fff5 xz: Add missing RISC-V on the filter list in the man page
Signed-off-by: Chien Wong <m@xv97.com>
2024-02-26 23:36:04 +08:00
Jia Tan 328c52da8a Build: Fix Linux Landlock feature test in Autotools and CMake builds.
The previous Linux Landlock feature test assumed that having the
linux/landlock.h header file was enough. The new feature tests also
requires that prctl() and the required Landlock system calls are
supported.
2024-02-26 23:27:44 +08:00
Jia Tan 5d8d915ebe Bump version and soname for 5.7.0alpha.
Like 5.5.0alpha, 5.7.0alpha won't be released, it's just to mark that
the branch is not stable.

Once again there is no API/ABI stability for new features in devel
versions. The major soname won't be bumped even if API/ABI of new
features breaks between devel releases.
2024-02-24 16:30:06 +08:00
Jia Tan 898aad9fc7 xzmore: Fix typo in xzmore.1.
Thanks to Yuri Chornoivan.
2024-02-21 00:30:43 +08:00
Jia Tan eea78216d2 xz: Fix Capsicum sandbox compile error.
user_abort_pipe[] was still being used instead of the parameters.
2024-02-23 20:27:15 +08:00
Lasse Collin de4337fd89 xz: Landlock: Fix error message if input file is a directory.
If xz is given a directory, it should look like this:

    $ xz /usr/bin
    xz: /usr/bin: Is a directory, skipping

The Landlock rules didn't allow opening directories for reading:

    $ xz /usr/bin
    xz: /usr/bin: Permission denied

The simplest fix was to allow opening directories for reading.
While it's a bit silly to allow it solely for the error message,
it shouldn't make the sandbox significantly weaker.

The single-file use case (like when called from GNU tar) is
still as strict as possible: all Landlock restrictions are
enabled before (de)compression starts.
2024-02-22 15:18:25 +02:00
Lasse Collin 120da10ae1 liblzma: Disable branchless C version in range decoder.
Thanks to Sebastian Andrzej Siewior and Sam James for
benchmarking on various systems.
2024-02-22 14:41:29 +02:00
Lasse Collin 3462362ebd Scripts: Use @PACKAGE_VERSION@ instead of @VERSION@.
PACKAGE_VERSION was already used in liblzma.pc.in.
This way only one version @foo@ is used.
2024-02-19 12:21:37 +02:00
Lasse Collin 746c471643 liblzma: Remove commented-out code. 2024-02-19 11:58:33 +02:00
Lasse Collin 4ce300ce08 xz: Delete old commented-out code. 2024-02-17 23:07:35 +02:00
Lasse Collin cae9a5e0bf xz: Use stricter pledge(2) and Landlock sandbox.
This makes these sandboxing methods stricter when no files are
created or deleted. That is, it's a middle ground between the
initial sandbox and the strictest single-file-to-stdout sandbox:
this allows opening files for reading but output has to go to stdout.
2024-02-17 23:07:35 +02:00
Lasse Collin 02e3505991 xz: Support Landlock ABI version 4.
Linux 6.7 added support for ABI version 4 which restricts
TCP connections which xz won't need and thus those can be
forbidden now. Since the ABI version is handled at runtime,
supporting version 4 won't cause any compatibility issues.

Note that new enough kernel headers are required to get
version 4 support enabled at build time.
2024-02-17 23:07:35 +02:00
Lasse Collin 374868d81d xz: Move sandboxing code to sandbox.c and improve Landlock sandbox.
Landlock is now always used just like pledge(2) is: first in more
permissive mode and later (under certain common conditions) in
a strict mode that doesn't allow opening more files.

I put pledge(2) first in sandbox.c because it's the simplest API
to use and still somewhat fine-grained for basic applications.
So it's the simplest thing to understand for anyone reading sandbox.c.
2024-02-17 23:07:35 +02:00
Lasse Collin 7312dfbb02 xz: Tweak comments. 2024-02-17 23:07:35 +02:00
Lasse Collin c701a5909a xz: Fix message_init() description.
Also explicitly initialize progress_automatic to make it clear
that it can be read before message_init() sets it. Static variable
was initialized to false by default already so this is only for
clarity.
2024-02-17 23:07:35 +02:00
Lasse Collin 56246607df Build: Install translated lzmainfo man pages.
All other translated man pages were being installed but
lzmainfo had been forgotten.
2024-02-17 16:23:14 +02:00
Lasse Collin f1d6b88aef liblzma: Avoid implementation-defined behavior in the RISC-V filter.
GCC docs promise that it works and a few other compilers do
too. Clang/LLVM is documented source code only but unsurprisingly
it behaves the same as others on x86-64 at least. But the
certainly-portable way is good enough here so use that.
2024-02-17 16:01:32 +02:00
Lasse Collin 843ddc5f61 liblzma: Wrap a line exceeding 80 chars. 2024-02-17 15:50:21 +02:00
Sebastian Andrzej Siewior e9053c9072 liblzma/rangecoder: Exclude x32 from the x86-64 optimisation.
The x32 port has a x86-64 ABI in term of all registers but uses only
32bit pointer like x86-32. The assembly optimisation fails to compile on
x32. Given the state of x32 I suggest to exclude it from the
optimisation rather than trying to fix it.

Signed-off-by: Sebastian Andrzej Siewior <sebastian@breakpoint.cc>
2024-02-17 15:50:21 +02:00
Jia Tan fb5f6aaf18 Fix typos discovered by codespell. 2024-02-16 22:54:59 +08:00
Jia Tan 6f1790254a Bump version for 5.5.2beta. 2024-02-15 01:53:40 +08:00
Lasse Collin 924fdeedf4 liblzma: Fix validate_map.sh.
Adding the SPDX license identifier changed the line numbers.
2024-02-14 19:46:11 +02:00
Lasse Collin a4557bad96 liblzma: Silence warnings in --enable-small build. 2024-02-14 19:21:45 +02:00
Lasse Collin 160b686264 liblzma: Silence a warning. 2024-02-14 19:05:58 +02:00
Lasse Collin 8af7db854f xz: Mention lzmainfo if trying to use 'lzma --list'.
This kind of fixes the problem reported here:
https://bugs.launchpad.net/ubuntu/+source/xz-utils/+bug/1291020
2024-02-14 18:31:16 +02:00
Lasse Collin 0668907ff7 liblzma: Add comments. 2024-02-14 18:31:16 +02:00
Lasse Collin 109f1913d4 Scripts: Add lz4 support to xzgrep and xzdiff. 2024-02-14 18:31:16 +02:00
Lasse Collin de55485cb2 liblzma: Choose the range decoder variants using a bitmask macro. 2024-02-14 18:31:16 +02:00
Lasse Collin 0709c2b2d7 xz: Fix outdated threading related info on the man page. 2024-02-14 18:31:16 +02:00
Lasse Collin 3182a330c1 liblzma: Range decoder: Add x86-64 inline assembly.
It's compatible with GCC and Clang.
2024-02-14 18:31:16 +02:00
Lasse Collin cba2edc991 liblzma: Range decoder: Add branchless C code.
It's used only for basic bittrees and fixed-size reverse bittree
because those showed a clear benefit on x86-64 with GCC and Clang.
The other methods were more mixed and thus are commented out but
they should be tested on other archs.
2024-02-14 18:31:16 +02:00
Lasse Collin e290a72d6d liblzma: Clarify a comment. 2024-02-14 18:31:16 +02:00
Lasse Collin 5e04706b91 liblzma: LZMA decoder: Optimize loop comparison.
But now it needs one more local variable.
2024-02-14 18:31:16 +02:00
Lasse Collin 88276f9f2c liblzma: Optimize literal_subcoder() macro slightly. 2024-02-14 18:31:16 +02:00
Lasse Collin 5938f6de4d liblzma: LZ decoder: Add unlikely(). 2024-02-14 18:31:16 +02:00
Lasse Collin 9c252e3ed0 liblzma: LZ decoder: Remove a useless unlikely(). 2024-02-14 18:31:16 +02:00
Lasse Collin f3872a5947 liblzma: Optimize LZ decoder slightly.
Now extra buffer space is reserved so that repeating bytes for
any single match will never need to copy from two places (both
the beginning and the end of the buffer). This simplifies
dict_repeat() and helps a little with speed.

This seems to reduce .lzma decompression time about 2 %, so
with .xz and CRC it could be slightly less. The small things
add up still.
2024-02-14 18:31:16 +02:00
Lasse Collin eb518446e5 liblzma: LZMA decoder: Get rid of next_state[].
It's not completely obvious if this is better in the decoder.
It should be good if compiler can avoid creating a branch
(like using CMOV on x86).

This also makes lzma_encoder.c use the new macros.
2024-02-14 18:31:16 +02:00
Lasse Collin e0c0ee475c liblzma: LZMA decoder improvements.
This adds macros for bittree decoding which prepares the code
for alternative C versions and inline assembly.
2024-02-14 18:31:16 +02:00
Jia Tan de5c5e4176 liblzma: Creates Non-resumable and Resumable modes for lzma_decoder.
The new decoder resumes the first decoder loop in the Resumable mode.
Then, the code executes in Non-resumable mode until it detects that it
cannot guarantee to have enough input/output to decode another symbol.

The Resumable mode is how the decoder has always worked. Before decoding
every input bit, it checks if there is enough space and will save its
location to be resumed later. When the decoder has more input/output,
it jumps back to the correct sequence in the Resumable mode code.

When the input/output buffers are large, the Resumable mode is much
slower than the Non-resumable because it has more branches and is harder
for the compiler to optimize since it is in a large switch block.

Early benchmarking shows significant time improvement (8-10% on gcc and
clang x86) by using the Non-resumable code as much as possible.
2024-02-14 18:31:16 +02:00
Jia Tan e446ab7a18 liblzma: Creates separate "safe" range decoder mode.
The new "safe" range decoder mode is the same as old range decoder, but
now the default behavior of the range decoder will not check if there is
enough input or output to complete the operation. When the buffers are
close to fully consumed, the "safe" operations must be used instead. This
will improve speed because it will reduce the number of branches needed
for most of the range decoder operations.
2024-02-14 18:31:16 +02:00
Lasse Collin e48287bf51 xzdiff, xzgrep, and xzmore: Rewrite the man pages.
The main reason is a kind of silly one:

xz-man.pot contains strings from all man pages in XZ Utils.
The man pages of xzdiff, xzgrep, and xzmore were under GPLv2
and the rest under 0BSD. Thus xz-man.pot contained strings
under two licences. po4a creates the translated man pages
from the combined 0BSD+GPLv2 xz-man.pot.

I haven't liked this mixing in xz-man.pot but the
Translation Project requires that all man pages must be
in the same .pot file. So a separate xz-man-gpl.pot
wasn't an option.

Since these man pages are short, rewriting them was quick enough.
Now xz-man.pot is entirely under 0BSD and marking the per-file
licenses is simpler.

As a bonus, some wording hopefully is now slightly better
although it's perhaps a matter of taste.

NOTE: In xzgrep.1, the EXIT STATUS section was written by me
in the commit d796b6d7fd so that's
why that section could be taken as is from the old xzgrep.1.
2024-02-14 18:31:16 +02:00
Lasse Collin 3e551b111b xzless: Update man page slightly.
The xz tool can decompress three file formats and xzless
has always supported uncompressed files too.
2024-02-14 18:31:16 +02:00
Lasse Collin b941549573 liblzma: Include the SPDX license identifier 0BSD to generated files.
Perhaps the generated files aren't even copyrightable but
using the same license for them as for the rest of the liblzma
keeps things more consistent for tools that look for license info.
2024-02-14 18:31:16 +02:00
Lasse Collin 8e4ec79483 liblzma: Fix compilation of price_tablegen.c.
It is built and run only manually so this didn't matter
unless one wanted to regenerate the price_table.c.
2024-02-14 18:31:16 +02:00
Lasse Collin e99bff3ffb Add SPDX license identifiers to GPL, LGPL, and FSFULLR files. 2024-02-14 18:31:16 +02:00
Lasse Collin 22af94128b Add SPDX license identifier into 0BSD source code files. 2024-02-14 18:31:16 +02:00
Lasse Collin 23de53421e liblzma: Sync the AUTHORS fix about SHA-256 to lzma.h. 2024-02-14 18:31:16 +02:00
Lasse Collin 689e0228ba Change most public domain parts to 0BSD.
Translations and doc/xz-file-format.txt and doc/lzma-file-format.txt
were not touched.

COPYING.0BSD was added.
2024-02-14 18:31:12 +02:00
Lasse Collin 76946dc433 Fix SHA-256 authors.
The initial commit 5d018dc035
in 2007 had a comment in sha256.c that the code is based on
Crypto++ Library 5.5.1. In 2009 the Authors list in sha256.c
and the AUTHORS file was updated with information that the
code had come from Crypto++ but via 7-Zip. I know I had viewed
7-Zip's SHA-256 code but back then the C code has been identical
enough with Crypto++, so I don't why I thought the author info
would need that extra step via 7-Zip for this single file.

Another error is that I had mixed sha.* and shacal2.* files
when checking for author info in Crypto++. The shacal2.* files
aren't related to liblzma's sha256.c and thus Kevin Springle's
code in Crypto++ isn't either.
2024-02-14 15:23:00 +02:00
Jia Tan 45663443eb liblzma: Fix build error if only RISC-V BCJ filter is enabled.
If any other BCJ filter was enabled for encoding or decoding, then this
was not a problem.
2024-02-13 23:33:21 +08:00
Lasse Collin 9860d418d2 xzless: Use ||- in LESSOPEN with with "less" 451 and newer. 2024-02-09 23:21:01 +02:00
Lasse Collin fd0692b052 xzless: Use --show-preproc-errors with "less" 632 and newer.
This makes "less" show a warning if a decompression error occurred.
2024-02-09 23:00:05 +02:00
Jia Tan adb073da76 liblzma: Fix typo discovered by codespell. 2024-02-09 23:59:54 +08:00
Jia Tan 7f68a68c19 liblzma: Update Authors list in crc32_arm64.h. 2024-02-02 01:38:51 +08:00
Jia Tan 97f9ba50b8 liblzma: Check HAVE_USABLE_CLMUL before omitting CRC32 table.
This was split from the prior commit so it could be easily applied to
the 5.4 branch.

Closes: https://github.com/tukaani-project/xz/pull/77
2024-02-01 20:09:11 +08:00
Jia Tan ca9015f4de liblzma: Check HAVE_USABLE_CLMUL before omitting CRC64 table.
If liblzma is configured with --disable-clmul-crc
CFLAGS="-msse4.1 -mpclmul", then it will fail to compile because the
generic version must be used but the CRC tables were not included.
2024-02-01 20:09:11 +08:00
Jia Tan 2f1552a91c liblzma: Only use ifunc in crcXX_fast.c if its needed.
The code was using HAVE_FUNC_ATTRIBUTE_IFUNC instead of CRC_USE_IFUNC.
With ARM64, ifunc is incompatible because it requires non-inline
function calls for runtime detection.
2024-02-01 20:09:11 +08:00
Jia Tan 1940f0ec28 liblzma: Omit CRC tables when not needed with ARM64 optimizations.
This is similar to the existing x86-64 CLMUL conditions to omit the
tables. They were slightly refactored to improve readability.
2024-02-01 20:09:11 +08:00
Jia Tan 761f5b69a4 liblzma: Rename crc32_aarch64.h to crc32_arm64.h.
Even though the proper name for the architecture is aarch64, this
project uses ARM64 throughout. So the rename is for consistency.

Additionally, crc32_arm64.h was slightly refactored for the following
changes:

   * Added MSVC, FreeBSD, and macOS support in
     is_arch_extension_supported().

   * crc32_arch_optimized() now checks the size when aligning the
     buffer.

   * crc32_arch_optimized() loop conditions were slightly modified to
     avoid both decrementing the size and incrementing the buffer
     pointer.

   * Use the intrinsic wrappers defined in <arm_acle.h> because GCC and
     Clang name them differently.

   * Minor spacing and comment changes.
2024-02-01 20:09:11 +08:00
Jia Tan 455a08609c liblzma: Refactor crc_common.h.
The CRC_GENERIC is now split into CRC32_GENERIC and CRC64_GENERIC, since
the ARM64 optimizations will be different between CRC32 and CRC64.

For the same reason, CRC_ARCH_OPTIMIZED is split into
CRC32_ARCH_OPTIMIZED and CRC64_ARCH_OPTIMIZED.

ifunc will only be used with x86-64 CLMUL because the runtime detection
methods needed with ARM64 are not compatible with ifunc.
2024-02-01 20:09:11 +08:00
Chenxi Mao 849d0f282a Speed up CRC32 calculation on ARM64
The CRC32 instructions in ARM64 can calculate the CRC32 result
for 8 bytes in a single operation, making the use of ARM64
instructions much faster compared to the general CRC32 algorithm.

Optimized CRC32 will be enabled if ARM64 has CRC extension
running on Linux.

Signed-off-by: Chenxi Mao <chenxi.mao2013@gmail.com>
2024-01-27 21:49:26 +08:00
Jia Tan b43c3e48bf Bump version number for 5.5.1alpha. 2024-01-26 19:05:51 +08:00
Lasse Collin 6daa4d0ea4 xz: Use threaded mode by defaut (as if --threads=0 was used).
This hopefully does more good than bad:

  + It's faster by default.

  + Only the threaded compressor creates files that
    can be decompressed in threaded mode.

  - Compression ratio is worse, usually not too much though.
    When it matters, -T1 must be used.

  - Memory usage increases.

  - Scripts that assume single-threaded mode but don't use -T1 will
    possibly use too much resources, for example, if they run
    multiple xz processes in parallel to compress multiple files.

  - Output from single-threaded and multi-threaded compressors
    differ but such changes could happen for other reasons too
    (they just haven't happened since 5.0.0).
2024-01-23 18:29:28 +02:00
Lasse Collin 6133a3f300 xz: Man page: Add more examples of LZMA2 options with BCJ filters. 2024-01-23 23:05:47 +08:00
Lasse Collin 50255feeaa liblzma: RISC-V filter: Use byte-by-byte access.
Not all RISC-V processors support fast unaligned access so
it's better to read only one byte in the main loop. This can
be faster even on x86-64 when compared to reading 32 bits at
a time as half the time the address is only 16-bit aligned.

The downside is larger code size on archs that do support
fast unaligned access.
2024-01-23 23:05:47 +08:00
Jia Tan db5eb5f563 xz: Update xz -lvv for RISC-V filter.
Version 5.6.0 will be shown, even though upcoming alphas and betas
will be able to support this filter. 5.6.0 looks nicer in the output and
people shouldn't be encouraged to use an unstable version in production
in any way.
2024-01-23 23:05:47 +08:00
Jia Tan b26a898693 xz: Update message in --long-help for RISC-V Filter. 2024-01-23 23:05:47 +08:00
Jia Tan 283f778908 xz: Update the man page for the RISC-V Filter.
A special note was added to suggest using four-byte alignment when the
compressed instruction extension is not present in a RISC-V binary.
2024-01-23 23:05:47 +08:00
Jia Tan 2959dbc735 liblzma: Update string_conversion.c to support RISC-V Filter. 2024-01-23 23:05:47 +08:00
Jia Tan 440a2eccb0 liblzma: Add RISC-V BCJ filter.
The new Filter ID is 0x0B.

Thanks to Chien Wong <m@xv97.com> for the initial version of the Filter,
the xz CLI updates, and the Autotools build system modifications.

Thanks to Igor Pavlov for his many contributions to the design of
the filter.
2024-01-23 23:05:41 +08:00
Jia Tan 22d86192f8 xz: Update website URLs in the man pages. 2024-01-19 23:08:14 +08:00
Jia Tan 6b63c4c613 liblzma: Update website URL. 2024-01-19 23:08:14 +08:00
Lasse Collin fbb3ce541e liblzma: CRC: Add a comment to crc_x86_clmul.h about BUILDING_ macros. 2024-01-11 15:25:00 +02:00
Lasse Collin 4f518c1b6b liblzma: CRC: Remove crc_always_inline, use lzma_always_inline instead.
Now crc_simd_body() in crc_x86_clmul.h is only called once
in a translation unit, we no longer need to be so cautious
about ensuring the always-inline behavior.
2024-01-11 15:24:35 +02:00
Lasse Collin 35c03ec6bf liblzma: CRC: Update CLMUL comments to more generic wording. 2024-01-11 14:39:46 +02:00
Lasse Collin 66f080e801 liblzma: Rename arch-specific CRC functions and macros.
CRC_CLMUL was split to CRC_ARCH_OPTIMIZED and CRC_X86_CLMUL.
CRC_ARCH_OPTIMIZED is defined when an arch-optimized version is used.
Currently the x86 CLMUL implementations are the only arch-optimized
versions, and these also use the CRC_x86_CLMUL macro to tell when
crc_x86_clmul.h needs to be included.

is_clmul_supported() was renamed to is_arch_extension_supported().
crc32_clmul() and crc64_clmul() were renamed to
crc32_arch_optimized() and crc64_arch_optimized().
This way the names make sense with arch-specific non-CLMUL
implementations as well.
2024-01-11 14:29:42 +02:00
Lasse Collin 3dbed75b0b liblzma: Fix a comment in crc_common.h. 2024-01-11 14:29:42 +02:00
Lasse Collin 419f55f9df liblzma: Avoid extern lzma_crc32_clmul() and lzma_crc64_clmul().
A CLMUL-only build will have the crcxx_clmul() inlined into
lzma_crcxx(). Previously a jump to the extern lzma_crcxx_clmul()
was needed. Notes about shared liblzma on ELF platforms:

  - On platforms that support ifunc and -fvisibility=hidden, this
    was silly because CLMUL-only build would have that single extra
    jump instruction of extra overhead.

  - On platforms that support neither -fvisibility=hidden nor linker
    version script (liblzma*.map), jumping to lzma_crcxx_clmul()
    would go via PLT so a few more instructions of overhead (still
    not a big issue but silly nevertheless).

There was a downside with static liblzma too: if an application only
needs lzma_crc64(), static linking would make the linker include the
CLMUL code for both CRC32 and CRC64 from crc_x86_clmul.o even though
the CRC32 code wouldn't be needed, thus increasing code size of the
executable (assuming that -ffunction-sections isn't used).

Also, now compilers are likely to inline crc_simd_body()
even if they don't support the always_inline attribute
(or MSVC's __forceinline). Quite possibly all compilers
that build the code do support such an attribute. But now
it likely isn't a problem even if the attribute wasn't supported.

Now all x86-specific stuff is in crc_x86_clmul.h. If other archs
The other archs can then have their own headers with their own
is_clmul_supported() and crcxx_clmul().

Another bonus is that the build system doesn't need to care if
crc_clmul.c is needed.

is_clmul_supported() stays as inline function as it's not needed
when doing a CLMUL-only build (avoids a warning about unused function).
2024-01-11 14:29:42 +02:00
Lasse Collin e3833e297d liblzma: crc_clmul.c: Add crc_attr_target macro.
This reduces the number of the complex #if directives.
2024-01-11 14:29:42 +02:00
Lasse Collin d164ac0e62 liblzma: Simplify existing cases with lzma_attr_no_sanitize_address. 2024-01-11 14:29:42 +02:00
Lasse Collin 9523c1300d liblzma: #define crc_attr_no_sanitize_address in crc_common.h. 2024-01-11 14:29:38 +02:00
Lasse Collin 93d144f093 liblzma: CRC: Add empty lines.
And remove one too.
2024-01-10 17:19:03 +02:00
Lasse Collin 0c7e854ffd liblzma: crc_clmul.c: Tidy up the location of MSVC pragma.
It makes no difference in practice.
2024-01-10 17:19:03 +02:00
Lasse Collin cd64dd70d5 liblzma: Use 8-byte method in memcmplen.h on ARM64.
It requires fast unaligned access to 64-bit integers
and a fast instruction to count leading zeros in
a 64-bit integer (__builtin_ctzll()). This perhaps
should be enabled on some other archs too.

Thanks to Chenxi Mao for the original patch:
https://github.com/tukaani-project/xz/pull/75 (the first commit)
According to the numbers there, this may improve encoding
speed by about 3-5 %.

This enables the 8-byte method on MSVC ARM64 too which
should work but wasn't tested.
2023-12-28 17:17:39 +02:00
Lasse Collin 12c90c00f0 liblzma: Check also for __clang__ in memcmplen.h.
This change hopefully makes no practical difference as Clang
likely was detected via __GNUC__ or _MSC_VER already.
2023-12-28 17:17:39 +02:00
Jia Tan 710cbc186c xz: Add a comment to Capsicum sandbox setup.
This comment is repeated in xzdec.c to help remind us why all the
capabilities are removed from stdin in certain situations.
2023-12-21 20:53:27 +08:00
Jia Tan d74fb5f060 xzdec: Add sandbox support for Pledge, Capsicum, and Landlock.
A very strict sandbox is used when the last file is decompressed. The
likely most common use case of xzdec is to decompress a single file.
The Pledge sandbox is applied to the entire process with slightly more
relaxed promises, until the last file is processed.

Thanks to Christian Weisgerber for the initial patch adding Pledge
sandboxing.
2023-12-19 21:18:28 +08:00
Jia Tan b34b6a9912 liblzma: Initialize lzma_lz_encoder pointers with NULL.
This fixes the recent change to lzma_lz_encoder that used memzero
instead of the NULL constant. On some compilers the NULL constant
(always 0) may not equal the NULL pointer (this only needs to guarentee
to not point to valid memory address).

Later code compares the pointers to the NULL pointer so we must
initialize them with the NULL pointer instead of 0 to guarentee
code correctness.
2023-12-20 21:38:39 +08:00
Jia Tan 183a62f0b5 liblzma: Set all values in lzma_lz_encoder to NULL after allocation.
The first member of lzma_lz_encoder doesn't necessarily need to be set
to NULL since it will always be set before anything tries to use it.
However the function pointer members must be set to NULL since other
functions rely on this NULL value to determine if this behavior is
supported or not.

This fixes a somewhat serious bug, where the options_update() and
set_out_limit() function pointers are not set to NULL. This seems to
have been forgotten since these function pointers were added many years
after the original two (code() and end()).

The problem is that by not setting this to NULL we are relying on the
memory allocation to zero things out if lzma_filters_update() is called
on a LZMA1 encoder. The function pointer for set_out_limit() is less
serious because there is not an API function that could call this in an
incorrect way. set_out_limit() is only called by the MicroLZMA encoder,
which must use LZMA1 where set_out_limit() is always set. Its currently
not possible to call set_out_limit() on an LZMA2 encoder at this time.

So calling lzma_filters_update() on an LZMA1 encoder had undefined
behavior since its possible that memory could be manipulated so the
options_update member pointed to a different instruction sequence.

This is unlikely to be a bug in an existing application since it relies
on calling lzma_filters_update() on an LZMA1 encoder in the first place.
For instance, it does not affect xz because lzma_filters_update() can
only be used when encoding to the .xz format.

This is fixed by using memzero() to set all members of lzma_lz_encoder
to NULL after it is allocated. This ensures this mistake will not occur
here in the future if any additional function pointers are added.
2023-12-16 20:51:38 +08:00
Jia Tan 1a1bb381db liblzma: Tweak a comment. 2023-12-16 20:30:55 +08:00
Jia Tan 55810780e0 liblzma: Make parameter names in function definition match declaration.
lzma_raw_encoder() and lzma_raw_encoder_init() used "options" as the
parameter name instead of "filters" (used by the declaration). "filters"
is more clear since the parameter represents the list of filters passed
to the raw encoder, each of which contains filter options.
2023-12-16 20:28:21 +08:00
Jia Tan 5dad6f628a liblzma: Improve lzma encoder init function consistency.
lzma_encoder_init() did not check for NULL options, but
lzma2_encoder_init() did. This is more of a code style improvement than
anything else to help make lzma_encoder_init() and lzma2_encoder_init()
more similar.
2023-12-16 20:18:47 +08:00
Kian-Meng Ang 424d46ead8 xz: Fix typo 2023-11-30 23:08:05 +08:00
Lasse Collin 12b89bcc99 xz: Tweak a comment. 2023-11-23 17:39:10 +02:00
Jia Tan 2ab2e4b5a5 xz: Use is_tty() in message.c. 2023-11-23 22:40:27 +08:00
Jia Tan 584e3a258f xz: Create separate is_tty() function.
The new is_tty() will report if a file descriptor is a terminal or not.
On POSIX systems, it is a wrapper around isatty(). However, the native
Windows implementation of isatty() will return true for all character
devices, not just terminals. So is_tty() has a special case for Windows
so it can use alternative Windows API functions to determine if a file
descriptor is a terminal.

This fixes a bug with MSVC and MinGW-w64 builds that refused to read from
or write to non-terminal character devices because xz thought it was a
terminal. For instance:

    xz foo -c > /dev/null

would fail because /dev/null was assumed to be a terminal.
2023-11-23 22:40:20 +08:00
Jia Tan 6b05f827f5 tuklib_integer: Fix typo discovered by codespell.
Based on internet dictionary searches, 'choise' is an outdated spelling
of 'choice'.
2023-11-22 20:39:41 +08:00
Lasse Collin 659aca0d69 xz: Move the check for --suffix with --format=raw a few lines earlier.
Now it reads from argv[] instead of args->arg_names.
2023-11-18 01:56:09 +08:00
Jia Tan 2a732aba22 xz: Fix a bug with --files and --files0 in raw mode without a suffix.
The following command caused a segmentation fault:

    xz -Fraw --lzma1 --files=foo

when foo was a valid file. The usage of --files or --files0 was not
being checked when compressing or decompressing in raw mode without a
suffix. The suffix checking code was meant to validate that all files
to be processed are "-" (if not writing to standard out), meaning the
data is only coming from standard in. In this case, there were no file
names to check since --files and --files0 store their file name in a
different place.

Later code assumed the suffix was set and caused a segmentation fault.
Now, the above command results in an error.
2023-11-17 23:16:55 +08:00