xz/tests
Lasse Collin 1107712e37 Remove the backdoor found in 5.6.0 and 5.6.1 (CVE-2024-3094).
While the backdoor was inactive (and thus harmless) without inserting
a small trigger code into the build system when the source package was
created, it's good to remove this anyway:

  - The executable payloads were embedded as binary blobs in
    the test files. This was a blatant violation of the
    Debian Free Software Guidelines.

  - On machines that see lots bots poking at the SSH port, the backdoor
    noticeably increased CPU load, resulting in degraded user experience
    and thus overwhelmingly negative user feedback.

  - The maintainer who added the backdoor has disappeared.

  - Backdoors are bad for security.

This reverts the following without making any other changes:

6e636819 Tests: Update two test files.
a3a29bbd Tests: Test --single-stream can decompress bad-3-corrupt_lzma2.xz.
0b4ccc91 Tests: Update RISC-V test files.
8c9b8b20 liblzma: Fix typos in crc32_fast.c and crc64_fast.c.
82ecc538 liblzma: Fix false Valgrind error report with GCC.
cf44e4b7 Tests: Add a few test files.
3060e107 Tests: Use smaller dictionary size in RISC-V test files.
e2870db5 Tests: Add two RISC-V Filter test files.

The RISC-V test files also have real content that tests the filter
but the real content would fit into much smaller files. A generator
program would need to be available as well.

Thanks to Andres Freund for finding and reporting it and making
it public quickly so others could act without a delay.
See: https://www.openwall.com/lists/oss-security/2024/03/29/4
2024-04-09 18:38:37 +03:00
..
files Remove the backdoor found in 5.6.0 and 5.6.1 (CVE-2024-3094). 2024-04-09 18:38:37 +03:00
ossfuzz Add SPDX license identifier into 0BSD source code files. 2024-02-14 18:31:16 +02:00
Makefile.am Tests: Replace HAVE_MICROLZMA usage in CMake and Autotools builds. 2024-03-09 09:49:55 +08:00
bcj_test.c Add SPDX license identifier into 0BSD source code files. 2024-02-14 18:31:16 +02:00
code_coverage.sh Add SPDX license identifier into 0BSD source code files. 2024-02-14 18:31:16 +02:00
compress_prepared_bcj_sparc Recreated the BCJ test files for x86 and SPARC. The old files 2009-02-06 09:13:15 +02:00
compress_prepared_bcj_x86 Recreated the BCJ test files for x86 and SPARC. The old files 2009-02-06 09:13:15 +02:00
create_compress_files.c Add SPDX license identifier into 0BSD source code files. 2024-02-14 18:31:16 +02:00
test_bcj_exact_size.c Add SPDX license identifier into 0BSD source code files. 2024-02-14 18:31:16 +02:00
test_block_header.c Add SPDX license identifier into 0BSD source code files. 2024-02-14 18:31:16 +02:00
test_check.c Add SPDX license identifier into 0BSD source code files. 2024-02-14 18:31:16 +02:00
test_compress.sh Add SPDX license identifier into 0BSD source code files. 2024-02-14 18:31:16 +02:00
test_compress_generated_abc Add SPDX license identifier into 0BSD source code files. 2024-02-14 18:31:16 +02:00
test_compress_generated_random Add SPDX license identifier into 0BSD source code files. 2024-02-14 18:31:16 +02:00
test_compress_generated_text Add SPDX license identifier into 0BSD source code files. 2024-02-14 18:31:16 +02:00
test_compress_prepared_bcj_sparc Add SPDX license identifier into 0BSD source code files. 2024-02-14 18:31:16 +02:00
test_compress_prepared_bcj_x86 Add SPDX license identifier into 0BSD source code files. 2024-02-14 18:31:16 +02:00
test_files.sh Remove the backdoor found in 5.6.0 and 5.6.1 (CVE-2024-3094). 2024-04-09 18:38:37 +03:00
test_filter_flags.c Add SPDX license identifier into 0BSD source code files. 2024-02-14 18:31:16 +02:00
test_filter_str.c Add SPDX license identifier into 0BSD source code files. 2024-02-14 18:31:16 +02:00
test_hardware.c Add SPDX license identifier into 0BSD source code files. 2024-02-14 18:31:16 +02:00
test_index.c Add SPDX license identifier into 0BSD source code files. 2024-02-14 18:31:16 +02:00
test_index_hash.c Add SPDX license identifier into 0BSD source code files. 2024-02-14 18:31:16 +02:00
test_lzip_decoder.c Add SPDX license identifier into 0BSD source code files. 2024-02-14 18:31:16 +02:00
test_memlimit.c Add SPDX license identifier into 0BSD source code files. 2024-02-14 18:31:16 +02:00
test_microlzma.c Tests: Replace HAVE_MICROLZMA usage in CMake and Autotools builds. 2024-03-09 09:49:55 +08:00
test_scripts.sh CMake: Add test_scripts.sh to the tests. 2024-02-19 12:21:37 +02:00
test_stream_flags.c Add SPDX license identifier into 0BSD source code files. 2024-02-14 18:31:16 +02:00
test_suffix.sh Add SPDX license identifier into 0BSD source code files. 2024-02-14 18:31:16 +02:00
test_vli.c Add SPDX license identifier into 0BSD source code files. 2024-02-14 18:31:16 +02:00
tests.h Add SPDX license identifier into 0BSD source code files. 2024-02-14 18:31:16 +02:00
tuktest.h Tests: tuktest.h: Treat Clang separately from GCC. 2024-02-14 21:12:58 +02:00
xzgrep_expected_output xzgrep: Improve the test script. 2014-06-13 18:58:22 +03:00