Commit Graph

2544 Commits

Author SHA1 Message Date
Lasse Collin 5f178c364c Delete SECURITY.md from v5.6
It's too easily out of date in the stable branches.
It's not included in the release packages anyway.
2024-05-22 14:08:33 +03:00
Lasse Collin b3a7561880 liblzma: memcmplen.h: Add a comment why subtraction is used.
(cherry picked from commit 0b99783d63)
2024-05-22 14:07:37 +03:00
Lasse Collin 94939a145f INSTALL: Document arguments of --enable-symbol-versions.
(cherry picked from commit 8a25ba024d)
2024-05-22 14:07:37 +03:00
Lasse Collin fa14c8aaf0 Build: Use only the generic symbol versioning with NVIDIA HPC Compiler.
This does the previous commit with CMake.

AC_EGREP_CPP uses AC_REQUIRE so the outermost if-commands must
be changed to AS_IF to ensure that things wont break some day.
See 5a5bd7f871.

(cherry picked from commit 49324b711f)
2024-05-22 14:07:37 +03:00
Lasse Collin 73baa8d99b CMake: Use only the generic symbol versioning with NVIDIA HPC Compiler.
It doesn't support the __symver__ attribute or __asm__(".symver ...").
The generic symbol versioning can still be used since it only needs
linker support.

(cherry picked from commit c273123ed0)
2024-05-22 14:07:37 +03:00
Lasse Collin 886633f423 Update THANKS.
(cherry picked from commit df7f487648)
2024-05-22 14:07:37 +03:00
Lasse Collin 760f622f0d liblzma: Minor comment edits.
(cherry picked from commit 3217b82b3e)
2024-05-22 14:07:37 +03:00
Sergey Kosukhin 403b4c78b8 liblzma: Fix building with NVHPC (NVIDIA HPC SDK).
NVHPC compiler has several issues that make it impossible to
build liblzma:
  - the compiler cannot handle unions that contain pointers that
    are not the first members;
  - the compiler cannot handle the assembler code in range_decoder.h
    (LZMA_RANGE_DECODER_CONFIG has to be set to zero);
  - the compiler fails to produce valid code for delta_decode if the
    vectorization is enabled, which results in failed tests.

This introduces NVHPC-specific workarounds that address the issues.

(cherry picked from commit 096bc0e3f8)
2024-05-22 14:07:37 +03:00
Lasse Collin 1888fb49f6 CMake: Disable symbol versioning on non-glibc Linux.
This better matches what configure.ac does. For example, musl has
only basic symbol versioning support:

https://wiki.musl-libc.org/functional-differences-from-glibc.html#Symbol_versioning

configure.ac tries to enable symbol versioning only with glibc
so now CMake does the same.

(cherry picked from commit 2ad7fad670)
2024-05-22 14:07:37 +03:00
Lasse Collin 4b3c84e8ee CMake: Make symbol versioning configurable.
(cherry picked from commit 82f0c0d39e)
2024-05-22 14:07:37 +03:00
Lasse Collin 69d1e20208 Build: Style tweaks to configure.ac.
The AC_MSG_ERROR line is overlong anyway as are a few other
AC_MSG_ERROR lines already.

(cherry picked from commit 45d33bfc45)
2024-05-22 14:07:37 +03:00
Sergey Kosukhin 051d6b5c85 Build: Let the users override the symbol versioning variant.
There are cases when the users want to decide themselves whether
they want to have the generic (even on GNU/Linux) or the linux
(even if we do not recommend that) symbol versioning variant.
The former might be needed to circumvent compiler issues (i.e.
the compiler does not support all features that are required
for the linux versioning), the latter might help in overriding
the assumptions made in the configure script.

(cherry picked from commit f56ed6fac6)
2024-05-22 14:07:37 +03:00
Lasse Collin 95dcea4b5d Update THANKS. 2024-04-09 18:38:37 +03:00
Lasse Collin 1107712e37 Remove the backdoor found in 5.6.0 and 5.6.1 (CVE-2024-3094).
While the backdoor was inactive (and thus harmless) without inserting
a small trigger code into the build system when the source package was
created, it's good to remove this anyway:

  - The executable payloads were embedded as binary blobs in
    the test files. This was a blatant violation of the
    Debian Free Software Guidelines.

  - On machines that see lots bots poking at the SSH port, the backdoor
    noticeably increased CPU load, resulting in degraded user experience
    and thus overwhelmingly negative user feedback.

  - The maintainer who added the backdoor has disappeared.

  - Backdoors are bad for security.

This reverts the following without making any other changes:

6e636819 Tests: Update two test files.
a3a29bbd Tests: Test --single-stream can decompress bad-3-corrupt_lzma2.xz.
0b4ccc91 Tests: Update RISC-V test files.
8c9b8b20 liblzma: Fix typos in crc32_fast.c and crc64_fast.c.
82ecc538 liblzma: Fix false Valgrind error report with GCC.
cf44e4b7 Tests: Add a few test files.
3060e107 Tests: Use smaller dictionary size in RISC-V test files.
e2870db5 Tests: Add two RISC-V Filter test files.

The RISC-V test files also have real content that tests the filter
but the real content would fit into much smaller files. A generator
program would need to be available as well.

Thanks to Andres Freund for finding and reporting it and making
it public quickly so others could act without a delay.
See: https://www.openwall.com/lists/oss-security/2024/03/29/4
2024-04-09 18:38:37 +03:00
Jia Tan fd1b975b78 Bump version and soname for 5.6.1. 2024-03-09 11:42:50 +08:00
Jia Tan a2cda57249 Add NEWS for 5.6.1 2024-03-09 11:27:27 +08:00
Jia Tan 8583c60211 Translations: Add missing --riscv option to man page translations. 2024-03-09 10:43:20 +08:00
Jia Tan 74b138d2a6 Tests: Update two test files.
The original files were generated with random local to my machine.
To better reproduce these files in the future, a constant seed was used
to recreate these files.
2024-03-09 10:18:29 +08:00
Jia Tan 3ec6dfd656 Tests: Test --single-stream can decompress bad-3-corrupt_lzma2.xz.
The first stream in this file is valid, so this tests that xz properly
stops after decompressing it.
2024-03-09 10:08:32 +08:00
Jia Tan a67dcce610 Tests: Update RISC-V test files.
This increases code coverage and tests for possible shifting bugs.
2024-03-09 10:05:32 +08:00
Jia Tan 058337b0f1 liblzma: Fix typos in crc32_fast.c and crc64_fast.c. 2024-03-09 09:52:32 +08:00
Jia Tan cd5de9c1bb Tests: Replace HAVE_MICROLZMA usage in CMake and Autotools builds.
This reverts commit adaacafde6.
2024-03-09 09:49:55 +08:00
Jia Tan 651a1545c8 liblzma: Fix false Valgrind error report with GCC.
With GCC and a certain combination of flags, Valgrind will falsely
trigger an invalid write. This appears to be due to the omission of
instructions to properly save, set up, and restore the frame pointer.

The IFUNC resolver is a leaf function since it only calls a function
that is inlined. So sometimes GCC omits the frame pointer instructions
in the resolver unless this optimization is explictly disabled.

This fixes https://bugzilla.redhat.com/show_bug.cgi?id=2267598.
2024-03-09 09:20:57 +08:00
Lasse Collin 6e97b299f1 liblzma: Fix a typo in a comment in the RISC-V filter. 2024-03-05 23:21:26 +02:00
Jia Tan 4e1c97052b liblzma: Use attribute no_profile_instrument_function with ifunc.
Thanks to Sam James for determining this was the attribute needed to
workaround the GCC bug and for his version of the patch in Gentoo.
2024-03-05 00:34:46 +08:00
Jia Tan ed957d3942 Build: Require attribute no_profile_instrument_function for ifunc usage.
Using __attribute__((__no_profile_instrument_function__)) on the ifunc
resolver works around a bug in GCC -fprofile-generate:
it adds profiling code even to ifunc resolvers which can make
the ifunc resolver crash at program startup. This attribute
was not introduced until GCC 7 and Clang 13, so ifunc won't
be used with prior versions of these compilers.

This bug was brought to our attention by:

    https://bugs.gentoo.org/925415

And was reported to upstream GCC by:

    https://gcc.gnu.org/bugzilla/show_bug.cgi?id=11411
2024-03-05 00:27:31 +08:00
Lasse Collin e98ddaf85a liblzma: Fix a comment in the RISC-V filter. 2024-03-04 19:23:18 +02:00
Lasse Collin 319cec142f CMake: Warn if translated man pages are missing. 2024-02-29 16:35:52 +02:00
Lasse Collin 46c3e113d8 CMake: Warn if gettext tools and pre-created .gmo files are missing.
It's only done with CMake >= 3.20 and if library support
for translation was already found.

Sort of fixes: https://github.com/tukaani-project/xz/issues/82
2024-02-29 16:35:52 +02:00
Lasse Collin 86bec8334b xz: Add comments. 2024-02-28 18:33:34 +02:00
Jia Tan 5c91b454c2 xz: Change logging level for thread reduction to highest verbosity only.
Now that multi threaded encoding is the default, users do not need to
see a warning message everytime the number of threads is reduced. On
some machines, this could happen very often. It is not unreasonable for
users to need to set double verbose mode to see this kind of
information.

To see these warning messages -vv or --verbose --verbose must be passed
to set xz into the highest possible verbosity mode.

These warnings had caused automated testing frameworks to fail when they
expected no output to stderr.

Thanks to Sebastian Andrzej Siewior for reporting this and for the
initial version of the patch.
2024-02-28 18:31:04 +02:00
Lasse Collin d0e57b2f15 Fix sorting in THANKS. 2024-02-28 18:31:04 +02:00
Jia Tan d416be55ac Update THANKS. 2024-02-28 18:31:04 +02:00
Chien Wong f06b33edd2 xz: Add missing RISC-V on the filter list in the man page
Signed-off-by: Chien Wong <m@xv97.com>
2024-02-28 18:31:04 +02:00
Jia Tan a100f9111c Build: Fix Linux Landlock feature test in Autotools and CMake builds.
The previous Linux Landlock feature test assumed that having the
linux/landlock.h header file was enough. The new feature tests also
requires that prctl() and the required Landlock system calls are
supported.
2024-02-28 18:31:04 +02:00
Jia Tan d85efdc891 Tests: Add test_microlzma to .gitignore and CMakeLists.txt. 2024-02-28 18:31:04 +02:00
Jia Tan 42ee425673 Tests: Correct license header in test_microlzma.c. 2024-02-28 18:31:04 +02:00
Jia Tan c83349dfd9 Fix typos in NEWS and CMakeLists. 2024-02-28 18:31:04 +02:00
Jia Tan 2d7d862e3f Bump version and soname for 5.6.0. 2024-02-24 15:55:08 +08:00
Jia Tan a18fb1edef Add NEWS for 5.6.0. 2024-02-24 15:50:36 +08:00
Jia Tan 24355c5280 Translations: Remove obsolete and fuzzy matches from some translations.
The French and Brazilian Portuguese man page translations have not been
updated since the switch from public domain to 0BSD. The old GPLv2
strings have now been removed from these files.
2024-02-22 22:27:01 +08:00
Jia Tan 02ca4a7d7b Translations: Patch man pages to avoid fuzzy matches.
This will be fixed in the next round of translations, but this avoids
having a fuzzy match or not fixing the English version.
2024-02-21 00:31:54 +08:00
Jia Tan 898aad9fc7 xzmore: Fix typo in xzmore.1.
Thanks to Yuri Chornoivan.
2024-02-21 00:30:43 +08:00
Jia Tan 5631aa206c Translations: Update the Vietnamese translation. 2024-02-24 12:12:16 +08:00
Jia Tan a65fd7ce9d Translations: Update the Esperanto translation. 2024-02-24 12:06:40 +08:00
Jia Tan cf44e4b7f5 Tests: Add a few test files. 2024-02-23 23:09:59 +08:00
Jia Tan 39f4a1a86a Tests: Add MicroLZMA test. 2024-02-23 20:58:36 +08:00
Jia Tan adaacafde6 Build: Define HAVE_MICROLZMA when it is configured. 2024-02-23 20:57:59 +08:00
Jia Tan eea78216d2 xz: Fix Capsicum sandbox compile error.
user_abort_pipe[] was still being used instead of the parameters.
2024-02-23 20:27:15 +08:00
Jia Tan 32b0a3ce19 Build: Fix ARM64 CRC32 instruction feature test.
Old versions of Clang reported the unsupported function attribute and
__crc32d() function as warnings instead of errors, so the feature test
passed when it shouldn't have, causing a compile error at build time.
-Werror was added to this feature test to fix this. The change is not
needed for CMake because check_c_source_compiles() also performs
linking and the error is caught then.

Thanks to Sebastian Andrzej Siewior for reporting this.
2024-02-23 16:12:32 +08:00