Commit Graph

28 Commits

Author SHA1 Message Date
Lasse Collin a7e9230af9 Tests: Make test_files.sh more flexible
Add a new optional argument to specify the directory of the xz and
xzdec executables.

If ../config.h doesn't exist, assume that all encoders and decoders
are available.
2024-05-20 16:55:00 +03:00
Lasse Collin e93e13c8b3 Remove the backdoor found in 5.6.0 and 5.6.1 (CVE-2024-3094).
While the backdoor was inactive (and thus harmless) without inserting
a small trigger code into the build system when the source package was
created, it's good to remove this anyway:

  - The executable payloads were embedded as binary blobs in
    the test files. This was a blatant violation of the
    Debian Free Software Guidelines.

  - On machines that see lots bots poking at the SSH port, the backdoor
    noticeably increased CPU load, resulting in degraded user experience
    and thus overwhelmingly negative user feedback.

  - The maintainer who added the backdoor has disappeared.

  - Backdoors are bad for security.

This reverts the following without making any other changes:

6e636819 Tests: Update two test files.
a3a29bbd Tests: Test --single-stream can decompress bad-3-corrupt_lzma2.xz.
0b4ccc91 Tests: Update RISC-V test files.
8c9b8b20 liblzma: Fix typos in crc32_fast.c and crc64_fast.c.
82ecc538 liblzma: Fix false Valgrind error report with GCC.
cf44e4b7 Tests: Add a few test files.
3060e107 Tests: Use smaller dictionary size in RISC-V test files.
e2870db5 Tests: Add two RISC-V Filter test files.

The RISC-V test files also have real content that tests the filter
but the real content would fit into much smaller files. A generator
program would need to be available as well.

Thanks to Andres Freund for finding and reporting it and making
it public quickly so others could act without a delay.
See: https://www.openwall.com/lists/oss-security/2024/03/29/4
2024-04-09 17:57:39 +03:00
Jia Tan a3a29bbd5d Tests: Test --single-stream can decompress bad-3-corrupt_lzma2.xz.
The first stream in this file is valid, so this tests that xz properly
stops after decompressing it.
2024-03-09 10:08:32 +08:00
Lasse Collin 22af94128b Add SPDX license identifier into 0BSD source code files. 2024-02-14 18:31:16 +02:00
Lasse Collin 689e0228ba Change most public domain parts to 0BSD.
Translations and doc/xz-file-format.txt and doc/lzma-file-format.txt
were not touched.

COPYING.0BSD was added.
2024-02-14 18:31:12 +02:00
Jia Tan 44ff2fa5c9 Tests: Skip RISC-V test files if decoder was not built. 2024-01-23 23:55:39 +08:00
Jia Tan 299920bab9 Tests: Fix typo in a comment. 2023-11-17 20:04:58 +08:00
Jia Tan 39a32d36fc Tests: Skip .lz files in test_files.sh if not configured.
Previously if the lzip decoder was not configured then test_files.sh
would pass the lzip tests instead of skipping them.
2023-07-21 18:05:44 +08:00
Jia Tan 2c189bb00a Tests: Improve feature testing for skipping.
Fixed a bug where test_compress_* would all fail if arm64 or armthumb
filters were enabled for compression but arm was disabled. Since the
grep tests only checked for "define HAVE_ENCODER_ARM", this would match
on HAVE_ENCODER_ARM64 or HAVE_ENCODER_ARMTHUMB.

Now the config.h feature test requires " 1" at the end to prevent the
prefix problem. have_feature() was also updated for this even though
there were known current bugs affecting it. This is just in case future
features have a similar prefix problem.
2023-07-14 21:30:25 +08:00
Lasse Collin 60f45bdbaa Tests: Add two ARM64 test files. 2022-12-13 12:30:09 +02:00
Lasse Collin c8ef089c14 Tests: Test the .lz files in test_files.sh. 2022-11-09 14:32:33 +02:00
Lasse Collin 05c72de06f Tests: test_files.sh: Make it not fail if features were disabled at build.
It now tries to test as many files as easily possible.
The exit status indicates skipping if any of the files were
skipped. This way it is easy to notice if something is being
skipped when it isn't expected.
2022-10-27 15:49:18 +03:00
Lasse Collin b3459327a5 Tests: test_files.sh: Suppress an expected warning from the log.
xz (but not xzdec) will normally warn about unsupported check
but since we are testing specifically such a file, it's better
to silence that warning so that it doesn't look suspicious in
test_files.sh.log.

The use of -q and -Q in xzdec is just for consistency and
doesn't affect the result at least for now.
2022-10-27 15:30:13 +03:00
Lasse Collin 798c86e423 Tests: test_files.sh: Print the reason for skipping if xz & xzdec missing. 2022-10-27 15:27:50 +03:00
Lasse Collin 89c5cfcaca Tests: Test also unsupported-*.xz. 2022-10-26 00:05:57 +03:00
Lasse Collin 424ac91c7e Tests: Skip tests in test_*.sh if encoders and/or decoders are disabled.
This isn't perfect as the scripts can still fail if only
certain filters are disabled. This is still an improvement
as now "make check" has better behavior when all encoders
or decoders are disabled.

Grepping ../config.h is simple and fairly clean but it only
works if config.h was created. CMake builds don't create
config.h but they don't use these test scripts either.

Thanks to Sebastian Andrzej Siewior for reporting the problem.
Thanks to Jia Tan for the original patch which grepped xz
error messages instead of config.h.
2022-10-19 19:39:35 +03:00
Lasse Collin ca8bf9d7c5 Test: Remove the (exit 1) lines.
I suspect that I used these in the original version because
Autoconf's manual describes that such a trick is needed in
some specific situations for portability reasons. None of those
situations listed on Autoconf 2.71 manual apply to these test
scripts though so this cleans them up.
2022-10-19 19:03:50 +03:00
Lasse Collin c3592d0a55 Tests: Add a test file for lzma_index_append() integer overflow bug.
This test fails before commit 18d7facd38.

test_files.sh now runs xz -l for bad-3-index-uncomp-overflow.xz
because only then the previously-buggy code path gets tested.
Normal decompression doesn't use lzma_index_append() at all.
Instead, lzma_index_hash functions are used and those already
did the overflow check.
2022-09-16 17:08:53 +03:00
Lasse Collin 2d2201bc63 Tests: Add the .lzma files to test_files.sh. 2022-07-14 20:33:05 +03:00
Lasse Collin d2d484647d Tests: Don't hide unexpected error messages in test_files.sh.
Hiding them makes no sense since normally there's no error
when testing the "good" files. With "bad" files errors are
expected and then it makes sense to keep the messages hidden.
2015-01-06 20:30:15 +02:00
Lasse Collin ae74d1bdeb test_files.sh: Fix the first line.
For some reason this prevented running the test only
on OS/2 and even on that it broke only recently.

Thanks to Elbert Pol.
2010-10-10 17:43:26 +03:00
Lasse Collin 11f51b6714 Make tests accommodate missing xz or xzdec. 2010-10-08 15:32:29 +03:00
Lasse Collin 02ddf09bc3 Put the interesting parts of XZ Utils into the public domain.
Some minor documentation cleanups were made at the same time.
2009-04-13 11:27:40 +03:00
Lasse Collin 1880a3927b Renamed lzma to xz and lzmadec to xzdec. We create symlinks
lzma, unlzma, and lzcat in "make install" for backwards
compatibility with LZMA Utils 4.32.x; I'm not sure if this
should be the default though.
2008-11-19 23:52:24 +02:00
Lasse Collin 4c321a41c4 Renamed the test files from .lzma suffix to .xz suffix. 2008-09-30 17:43:55 +03:00
Lasse Collin b4943ccf73 Avoid using ! in test_files.sh, because that doesn't work
with some ancient /bin/sh versions.
2008-01-08 12:29:58 +02:00
Lasse Collin 2fd2d18154 Cosmetic edit to test_files.sh. 2008-01-07 18:22:24 +02:00
Lasse Collin 908b2ac604 Added test_files.sh to test decoding of the files in
the tests/files directory. It doesn't test the malicious
files yet.
2008-01-07 13:49:19 +02:00