Commit Graph

2538 Commits

Author SHA1 Message Date
Lasse Collin 70d12dd069 liblzma: lzma_str_to_filters: Set *error_pos on all errors
The API docs clearly say that if error_pos isn't NULL then *error
is always set on any error. However, it wasn't touched if str == NULL
or filters == NULL or unsupported flags were specified.

Fixes: cedeeca2ea
2024-04-22 22:03:04 +03:00
Lasse Collin ed8e552395 liblzma: Clean up white space 2024-04-22 20:31:25 +03:00
Lasse Collin 2f06920f20 Tests: test_filter_flags: Edit comments and style 2024-04-22 18:35:19 +03:00
Lasse Collin b101e1d1db Tests: Fix C99/C11 compatibility when features are disabled
The array could become empty and then the initializer would be
simply {} which is allowed only in GNU-C and C23.
2024-04-22 16:39:44 +03:00
Lasse Collin f8f3a220ac DOS: Omit useless defines from config.h 2024-04-21 20:32:16 +03:00
Lasse Collin fc1921b04b Build: Omit useless checks for fcntl.h, limits.h, and sys/time.h 2024-04-21 20:27:50 +03:00
Lasse Collin 6aa2a6deeb liblzma: Silence a warning from Coverity static analysis
It is logical why it cannot know for sure that the value has
to be at most 4 if it is less than 16.

The x86 filter is based on a very old LZMA SDK version. Newer
ones have quite a different implementation for the same filter.

Thanks to Sam James.
2024-04-20 12:09:37 +03:00
Lasse Collin e89d3e83b4 Update .gitignore 2024-04-19 23:18:19 +03:00
Lasse Collin 86fc4ee859 Tests: test_lzip_decoder: Tweak coding style and comments 2024-04-19 20:53:24 +03:00
Lasse Collin 38be573a27 Tests: test_lzip_decoder: Remove redundant initializations 2024-04-19 20:51:36 +03:00
Lasse Collin d7e4bc53ea Tests: test_lzip_decoder: Remove unneeded tuktest_malloc() calls 2024-04-19 20:47:24 +03:00
Lasse Collin eeca8f7c5b xz: Fix white space error.
Thanks to xx on #tukaani.
2024-04-15 20:35:07 +03:00
Sam James 462ca94099 xz: add missing noreturn for message_filters_help
Fixes: a165d7df19
2024-04-14 17:26:54 +03:00
Sam James 863f13d282 xz: signals: suppress -Wsign-conversion on macOS
On macOS, we get:
```
signals.c: In function 'signals_init':
signals.c:76:17: error: conversion to 'sigset_t' {aka 'unsigned int'} from 'int' may change the sign of the result [-Werror=sign-conversion]
   76 |                 sigaddset(&hooked_signals, sigs[i]);
      |                 ^~~~~~~~~
signals.c:81:17: error: conversion to 'sigset_t' {aka 'unsigned int'} from 'int' may change the sign of the result [-Werror=sign-conversion]
   81 |                 sigaddset(&hooked_signals, message_progress_sigs[i]);
      |                 ^~~~~~~~~
signals.c:86:9: error: conversion to 'sigset_t' {aka 'unsigned int'} from 'int' may change the sign of the result [-Werror=sign-conversion]
   86 |         sigaddset(&hooked_signals, SIGTSTP);
      |         ^~~~~~~~~
```

We use `int` for `hooked_signals` but we can't just cast to whatever
`sigset_t` is because `sigset_t` is an opaque type. It's an unsigned int
on macOS. On macOS, `sigaddset` is implemented as a macro.

Just suppress -Wsign-conversion for `signals_init` for macOS given
there's no real nice way of fixing this.
2024-04-14 17:26:43 +03:00
Lasse Collin fcbd0d1999 Tests: test_microlzma: Add a "FIXME?" about LZMA_FINISH handling 2024-04-13 22:39:10 +03:00
Lasse Collin 0fe2dfa683 Tests: test_microlzma: Tweak comments, coding style, and minor details
A few lines were reordered, a few ARRAY_SIZE were changed to sizeof,
and a few uint32_t were changed to size_t. No real functional changes
were intended.
2024-04-13 21:01:10 +03:00
Ryan Carsten Schmidt 97f0ee0f1f
CI: Use only the active CPUs on macOS
hw.ncpu counts all CPUs including inactive ones. hw.activecpu counts
only the active CPUs.
2024-04-12 19:31:13 -05:00
Sam James 73f629e321 ci: rename ci_build.sh -> ci_build.bash
We discussed the name and it's less cognitive load to just call it '.bash'
so you don't have an immediate question about if bashisms are OK.
2024-04-11 00:15:35 +03:00
Sam James 8709407a9e ci: build in parallel by default 2024-04-11 00:15:35 +03:00
Sam James 65bf7e0a1c ci: default to -O2
We need this for when we're passing sanitizer flags or -gdwarf-4 for Clang
with Valgrind. Just always start with -O2 if CFLAGS isn't set in the
environment and append what was passed on the command line.
2024-04-11 00:15:35 +03:00
Sam James bc899f9e07 ci: make automake's test runner verbose on failures
This is a lot easier to work with than the save-logs thing the action
tries to do...
2024-04-11 00:15:35 +03:00
Sam James b5e3470442 ci: make UBSAN abort on errors
Unfortunately, UBSAN doesn't do this by default. See also the change
I made in Meson for this in October [0].

[0] 7b7d2e060b
2024-04-11 00:15:35 +03:00
Sam James 6c095a98fb ci: test Valgrind
Using `--trace-children=yes` has a trade-off here, as it makes
`test_scripts.sh` pretty slow when calling various non-xz utilities.

But I also feel like it's not useless to have Valgrind used there and it's
not easy to exclude Valgrind just for that one test...

I did consider using AX_VALGRIND_CHECK [0][1] but I couldn't get it working
immediately with some conditionally-built tests and I wondered if it was
worth spending time on at least while we're debating xz's future build
system situation.

[0] https://www.gnu.org/software/autoconf-archive/ax_valgrind_check.html
[1] https://tecnocode.co.uk/2014/12/23/automatically-valgrinding-code-with-ax_valgrind_check/
2024-04-11 00:15:35 +03:00
Lasse Collin 6286c1900c liblzma: CRC: Simplify table omission macros
A macro is useful to prevent a single #if directive from
getting too ugly but only one macro is needed for all archs.
2024-04-10 23:33:17 +03:00
Lasse Collin 45da936c87 liblzma: ARM64 CRC: Fix omission of CRC32 table
The macro name had an odd typo so the table wasn't omitted
when it should have.

Fixes: 1940f0ec28
2024-04-10 23:12:23 +03:00
Lasse Collin 308a9af854 Build: If ARM64 feature detection func is found, stop looking for others
This can speed up configure a tiny bit.

Fixes: c5f6d79cc9
2024-04-10 23:12:23 +03:00
Lasse Collin fc43cecd32 liblzma: ARM64 CRC32: Change style of the macOS code to match FreeBSD
I didn't test this but it shouldn't change any functionality.

Fixes: 761f5b69a4
2024-04-10 23:12:23 +03:00
Lasse Collin 1024cd4cd9 liblzma: ARM64 CRC32: Add error checking to FreeBSD-specific code
Also add parenthesis to the return statement.

I didn't test this.

Fixes: 761f5b69a4
2024-04-10 23:12:23 +03:00
Lasse Collin 2337f7021c liblzma: ARM64 CRC32: Use negation instead of subtracting from 8
Subtracting from 0 is negation, this just keeps warnings away.

Fixes: 761f5b69a4
2024-04-10 23:12:11 +03:00
Lasse Collin d8fffd01aa liblzma: ARM64 CRC32: Tweak coding style and comments 2024-04-10 22:53:53 +03:00
Lasse Collin 780d2c236d Update SECURITY.md. 2024-04-09 21:55:01 +03:00
Lasse Collin 986865ea2f CI: Remove ifunc support. 2024-04-09 18:22:27 +03:00
Lasse Collin 689ae24273 liblzma: Remove ifunc support.
This is *NOT* done for security reasons even though the backdoor
relied on the ifunc code. Instead, the reason is that in this
project ifunc provides little benefits but it's quite a bit of
extra code to support it. The only case where ifunc *might* matter
for performance is if the CRC functions are used directly by an
application. In normal compression use it's completely irrelevant.
2024-04-09 18:22:27 +03:00
Lasse Collin 6b4c859059 tests/files/README: Update the main heading. 2024-04-09 18:22:27 +03:00
Lasse Collin 2a851e06b8 tests/files/README: Explain how to recreate the ARM64 test files. 2024-04-09 18:22:27 +03:00
Lasse Collin 3d09b721b9 debug: Add generator for the ARM64 test file data. 2024-04-09 18:22:27 +03:00
Lasse Collin 31ef676567 xz man page: Use .ft CR instead of CW to silence warnings from groff. 2024-04-09 18:22:27 +03:00
Lasse Collin 780cbf29d5 Fix NEWS for 5.6.0 and 5.6.1. 2024-04-09 18:22:27 +03:00
Lasse Collin bfd0c7c478 Remove the XZ logo. 2024-04-09 18:22:27 +03:00
Lasse Collin 77a294d98a Update maintainer and author info.
The other maintainer suddenly disappeared.
2024-04-09 18:22:27 +03:00
Lasse Collin 8dd03d4484 Docs: Update .xz file format specification to 1.2.1.
This only reverts the XZ URL changes.
2024-04-09 18:22:27 +03:00
Lasse Collin 17aa2e1a79 Update website URLs back to tukaani.org.
The XZ projects were moved back to their original URLs.
2024-04-09 18:22:27 +03:00
Lasse Collin 2739db9810 xzdec: Tweak coding style and comments. 2024-04-09 18:22:27 +03:00
Lasse Collin 408b6adb2a tests/ossfuzz: Tiny fix to a comment. 2024-04-09 18:22:27 +03:00
Lasse Collin db4dd74a34 Update THANKS. 2024-04-09 18:22:27 +03:00
Lasse Collin e93e13c8b3 Remove the backdoor found in 5.6.0 and 5.6.1 (CVE-2024-3094).
While the backdoor was inactive (and thus harmless) without inserting
a small trigger code into the build system when the source package was
created, it's good to remove this anyway:

  - The executable payloads were embedded as binary blobs in
    the test files. This was a blatant violation of the
    Debian Free Software Guidelines.

  - On machines that see lots bots poking at the SSH port, the backdoor
    noticeably increased CPU load, resulting in degraded user experience
    and thus overwhelmingly negative user feedback.

  - The maintainer who added the backdoor has disappeared.

  - Backdoors are bad for security.

This reverts the following without making any other changes:

6e636819 Tests: Update two test files.
a3a29bbd Tests: Test --single-stream can decompress bad-3-corrupt_lzma2.xz.
0b4ccc91 Tests: Update RISC-V test files.
8c9b8b20 liblzma: Fix typos in crc32_fast.c and crc64_fast.c.
82ecc538 liblzma: Fix false Valgrind error report with GCC.
cf44e4b7 Tests: Add a few test files.
3060e107 Tests: Use smaller dictionary size in RISC-V test files.
e2870db5 Tests: Add two RISC-V Filter test files.

The RISC-V test files also have real content that tests the filter
but the real content would fit into much smaller files. A generator
program would need to be available as well.

Thanks to Andres Freund for finding and reporting it and making
it public quickly so others could act without a delay.
See: https://www.openwall.com/lists/oss-security/2024/03/29/4
2024-04-09 17:57:39 +03:00
Lasse Collin f9cf4c05ed CMake: Fix sabotaged Landlock sandbox check.
It never enabled it.
2024-03-30 14:36:28 +02:00
Jia Tan af071ef770 Docs: Simplify SECURITY.md. 2024-03-26 03:38:12 +08:00
Lasse Collin 0b99783d63 liblzma: memcmplen.h: Add a comment why subtraction is used. 2024-03-22 17:46:30 +02:00
Lasse Collin 8a25ba024d INSTALL: Document arguments of --enable-symbol-versions. 2024-03-15 18:04:10 +02:00