packages/xz
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Compare commits

base: packages:c68fec9244d34b763a9227e1f91a84a40605f93d
Branches Tags
packages:main
...
compare: packages:57ade1afcd44bd5035bb448bef0dcd37a37d0d67
Branches Tags
packages:main

11 Commits
c68fec9244 ... 57ade1afcd

Author SHA1 Message Date
openeuler-ci-bot
57ade1afcd
!79 [sync] PR-78: fix CVE-2025-31115 
From: @openeuler-sync-bot 
Reviewed-by: @hubin95 
Signed-off-by: @hubin95
 2025-04-14 01:43:32 +00:00
Funda Wang
398753b7fd fix CVE-2025-31115 
(cherry picked from commit 0e18866f0ecc21bfee3bcb3826eaf9e95c1af309)
 2025-04-10 09:58:16 +08:00
openeuler-ci-bot
413b386b4d
!74 [sync] PR-72: Add sw_64 support 
From: @openeuler-sync-bot 
Reviewed-by: @dillon_chen 
Signed-off-by: @dillon_chen
 2025-03-06 03:13:42 +00:00
openeuler-ci-bot
d5892ae556
!74 [sync] PR-72: Add sw_64 support 
From: @openeuler-sync-bot 
Reviewed-by: @dillon_chen 
Signed-off-by: @dillon_chen
 2025-03-06 03:13:42 +00:00
maqi
cbcce33755 Add sw_64 support 
(cherry picked from commit 293eae3476027c34868b47f71d0cd949e0c95653)
 2025-03-05 14:10:52 +08:00
openeuler-ci-bot
4f3f44f7c7
!68 Add BuildRequires for automake to fix build issue 
From: @kailiu42 
Reviewed-by: @dillon_chen 
Signed-off-by: @dillon_chen
 2024-11-06 08:47:10 +00:00
Kai Liu
ce62f25d94 Add BuildRequires for automake as patch1 modified Makefile.am 2024-11-05 16:05:32 +08:00
openeuler-ci-bot
b65b080fd2
!62 fix CVE-2024-47611 
From: @changtao615 
Reviewed-by: @zhoupengcheng11, @znzjugod 
Signed-off-by: @znzjugod
 2024-10-21 07:40:49 +00:00
changtao
2616a69af2 fix-CVE-2024-47611 2024-10-08 17:33:08 +08:00
openeuler-ci-bot
d2cb17b556
!59 [sync] PR-58: Update to version 5.4.7 
From: @openeuler-sync-bot 
Reviewed-by: @dillon_chen 
Signed-off-by: @dillon_chen
 2024-08-09 09:44:56 +00:00
Funda Wang
c4299b3f3e 5.4.7 
(cherry picked from commit 22f33aaf46c46f663f01c92309d2b6fd4263ceb9)
 2024-08-09 17:32:31 +08:00
8 changed files with 730 additions and 83 deletions
Show Stats Expand all files Collapse all files

294
0001-fix-CVE-2024-47611.patch Normal file
View File

@ -0,0 +1,294 @@
From bf518b9ba446327a062ddfe67e7e0a5baed2394f Mon Sep 17 00:00:00 2001
From: Lasse Collin <lasse.collin@tukaani.org>
Date: Tue, 8 Oct 2024 17:20:31 +0800
Subject: [PATCH] fix CVE-2024-47611
IMPORTANT: This includes a security fix to command line tool
argument handling.
---
CMakeLists.txt | 18 ++
src/Makefile.am | 4 +-
src/common/common_w32res.rc | 5 +
src/common/w32_application.manifest | 29 +++
.../w32_application.manifest.comments.txt | 178 ++++++++++++++++++
5 files changed, 233 insertions(+), 1 deletion(-)
create mode 100644 src/common/w32_application.manifest
create mode 100644 src/common/w32_application.manifest.comments.txt
diff --git a/CMakeLists.txt b/CMakeLists.txt
index ed52ff8..77fe152 100644
--- a/CMakeLists.txt
+++ b/CMakeLists.txt
@@ -122,6 +122,24 @@ else()
set(PACKAGE_NAME_DEFINITION "${PACKAGE_NAME}")
endif()
+# When used with MSVC, CMake can merge .manifest files with
+# linker-generated manifests and embed the result in an executable.
+# However, when paired with MinGW-w64, CMake (3.30) ignores .manifest
+# files. Embedding a manifest with a resource file works with both
+# toochains. It's also the way to do it with Autotools.
+#
+# With MSVC, we need to disable the default manifest; attempting to add
+# two manifest entries would break the build. The flag /MANIFEST:NO
+# goes to the linker and it also affects behavior of CMake itself: it
+# looks what flags are being passed to the linker and when CMake sees
+# the /MANIFEST:NO option, other manifest-related linker flags are
+# no longer added (see the file Source/cmcmd.cxx in CMake).
+#
+# See: https://gitlab.kitware.com/cmake/cmake/-/issues/23066
+if(MSVC)
+ set(CMAKE_EXE_LINKER_FLAGS "${CMAKE_EXE_LINKER_FLAGS} /MANIFEST:NO")
+endif()
+
# Definitions common to all targets:
add_compile_definitions(
# Package info:
diff --git a/src/Makefile.am b/src/Makefile.am
index d199e85..c28917b 100644
--- a/src/Makefile.am
+++ b/src/Makefile.am
@@ -39,4 +39,6 @@ EXTRA_DIST = \
common/tuklib_physmem.c \
common/tuklib_physmem.h \
common/tuklib_progname.c \
- common/tuklib_progname.h
+ common/tuklib_progname.h \
+ common/w32_application.manifest \
+ common/w32_application.manifest.comments.txt
diff --git a/src/common/common_w32res.rc b/src/common/common_w32res.rc
index d05d22e..1f82577 100644
--- a/src/common/common_w32res.rc
+++ b/src/common/common_w32res.rc
@@ -50,3 +50,8 @@ BEGIN
VALUE "Translation", 0x409, 1200
END
END
+
+/* Omit the manifest on Cygwin and MSYS2 (both define __CYGWIN__). */
+#if MY_TYPE == VFT_APP && !defined(__CYGWIN__)
+CREATEPROCESS_MANIFEST_RESOURCE_ID RT_MANIFEST "w32_application.manifest"
+#endif
diff --git a/src/common/w32_application.manifest b/src/common/w32_application.manifest
new file mode 100644
index 0000000..33f7f65
--- /dev/null
+++ b/src/common/w32_application.manifest
@@ -0,0 +1,29 @@
+<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
+
+<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">
+ <compatibility xmlns="urn:schemas-microsoft-com:compatibility.v1">
+ <application>
+ <supportedOS Id="{e2011457-1546-43c5-a5fe-008deee3d3f0}"/> <!-- Vista -->
+ <supportedOS Id="{35138b9a-5d96-4fbd-8e2d-a2440225f93a}"/> <!-- 7 -->
+ <supportedOS Id="{4a2f28e3-53b9-4441-ba9c-d69d4a4a6e38}"/> <!-- 8 -->
+ <supportedOS Id="{1f676c76-80e1-4239-95bb-83d0f6d0da78}"/> <!-- 8.1 -->
+ <supportedOS Id="{8e0f7a12-bfb3-4fe8-b9a5-48fd50a15a9a}"/> <!-- 10/11 -->
+ </application>
+ </compatibility>
+
+ <trustInfo xmlns="urn:schemas-microsoft-com:asm.v3">
+ <security>
+ <requestedPrivileges>
+ <requestedExecutionLevel level="asInvoker"/>
+ </requestedPrivileges>
+ </security>
+ </trustInfo>
+
+ <application xmlns="urn:schemas-microsoft-com:asm.v3">
+ <windowsSettings>
+ <longPathAware xmlns="http://schemas.microsoft.com/SMI/2016/WindowsSettings">true</longPathAware>
+ <activeCodePage xmlns="http://schemas.microsoft.com/SMI/2019/WindowsSettings">UTF-8</activeCodePage>
+ </windowsSettings>
+ </application>
+</assembly>
+
diff --git a/src/common/w32_application.manifest.comments.txt b/src/common/w32_application.manifest.comments.txt
new file mode 100644
index 0000000..ad0835c
--- /dev/null
+++ b/src/common/w32_application.manifest.comments.txt
@@ -0,0 +1,178 @@
+
+Windows application manifest for UTF-8 and long paths
+=====================================================
+
+The .manifest file is embedded as is in the executables, thus
+the comments are here in a separate file. These comments were
+written in context of XZ Utils but might be useful when porting
+other command line tools from POSIX environments to Windows.
+
+ NOTE: On Cygwin and MSYS2, command line arguments and file
+ system access aren't tied to a Windows code page. Cygwin
+ and MSYS2 include a default application manifest. Replacing
+ it doesn't seem useful and might even be harmful if Cygwin
+ and MSYS2 some day change their default manifest.
+
+
+UTF-8 code page
+---------------
+
+On Windows, command line applications can use main() or wmain().
+With the Windows-specific wmain(), argv contains UTF-16 code units
+which is the native encoding on Windows. With main(), argv uses the
+system active code page by default. It typically is a legacy code
+page like Windows-1252.
+
+ NOTE: On POSIX, argv for main() is constructed by the calling
+ process. On Windows, argv is constructed by a new process
+ itself: a program receives the command line as a single string,
+ and the startup code splits it into individual arguments,
+ including quote removal and wildcard expansion. Then main() or
+ wmain() is called.
+
+This application manifest forces the process code page to UTF-8
+when the application runs on Windows 10 version 1903 or later.
+This is useful for programs that use main():
+
+ * UTF-8 allows such programs to access files whose names contain
+ characters that don't exist in the current legacy code page.
+ However, filenames on Windows may contain unpaired surrogates
+ (invalid UTF-16). Such files cannot be accesses even with the
+ UTF-8 code page.
+
+ * UTF-8 avoids a security issue in command line argument handling:
+ If a command line contains Unicode characters (for example,
+ filenames) that don't exist in the current legacy code page,
+ the characters are converted to similar-looking characters
+ with best-fit mapping. Some best-fit mappings result in ASCII
+ characters that change the meaning of the command line, which
+ can be exploited with malicious filenames. For example:
+
+ - Double quote (") breaks quoting and makes argument
+ injection possible.
+
+ - Question mark (?) is a wildcard character which may
+ expand to one or more filenames.
+
+ - Forward slash (/) makes a directory traversal attack
+ possible. This character can appear in a dangerous way
+ even from a wildcard expansion; a look-alike character
+ doesn't need to be passed directly on the command line.
+
+ UTF-8 avoids best-fit mappings. However, it's still not
+ perfect. Unpaired surrogates (invalid UTF-16) on the command
+ line (including those from wildcard expansion) are converted
+ to the replacement character U+FFFD. Thus, filenames with
+ different unpaired surrogates appear identical when converted
+ to the UTF-8 code page and aren't distinguishable from
+ filenames that contain the actual replacement character U+FFFD.
+
+If different programs use different code pages, compatibility issues
+are possible. For example, if one program produces a list of
+filenames and another program reads it, both programs should use
+the same code page because the code page affects filenames in the
+char-based file system APIs.
+
+If building with a MinGW-w64 toolchain, it is strongly recommended
+to use UCRT instead of the old MSVCRT. For example, with the UTF-8
+code page, MSVCRT doesn't convert non-ASCII characters correctly
+when writing to console with printf(). With UCRT it works.
+
+
+Long path names
+---------------
+
+The manifest enables support for path names longer than 259
+characters if the feature has been enabled in the Windows registry.
+Omit the longPathAware element from the manifest if the application
+isn't compatible with it. For example, uses of MAX_PATH might be
+a sign of incompatibility.
+
+Documentation of the registry setting:
+https://learn.microsoft.com/en-us/windows/win32/fileio/maximum-file-path-limitation?tabs=registry#enable-long-paths-in-windows-10-version-1607-and-later
+
+
+Summary of the manifest contents
+--------------------------------
+
+See also Microsoft's documentation:
+https://learn.microsoft.com/en-us/windows/win32/sbscs/application-manifests
+
+assemblyIdentity (omitted)
+
+ This is documented as mandatory but not all apps in the real world
+ have it, and of those that do, not all put an up-to-date version
+ number there. Things seem to work correctly without
+ <assemblyIdentity> so let's keep this simpler and omit it.
+
+compatibility
+
+ Declare the application compatible with different Windows versions.
+ Without this, Windows versions newer than Vista will run the
+ application using Vista as the Operating System Context.
+
+trustInfo
+
+ Declare the application as UAC-compliant. This avoids file system
+ and registry virtualization that Windows otherwise does with 32-bit
+ executables to make some ancient applications work. UAC-compliancy
+ also stops Windows from using heuristics based on the filename
+ (like setup.exe) to guess when elevated privileges might be
+ needed which would then bring up the UAC prompt.
+
+longPathAware
+
+ Declare the application as long path aware. This way many file
+ system operations aren't limited by MAX_PATH (260 characters
+ including the terminating null character) if the feature has
+ also been enabled in the Windows registry.
+
+activeCodePage
+
+ Force the process code page to UTF-8 on Windows 10 version 1903
+ and later. For example:
+
+ - main() gets the command line arguments in UTF-8 instead of
+ in a legacy code page.
+
+ - File system APIs that take char-based strings use UTF-8
+ instead of a legacy code page.
+
+ - Text written to the console via stdio.h's stdout or stderr
+ (like calling printf()) are expected to be in UTF-8.
+
+
+CMake notes
+-----------
+
+As of CMake 3.30, one can add a .manifest file as a source file but
+it only works with MSVC; it's ignored with MinGW-w64 toolchains.
+Embedding the manifest with a resource file works with all
+toolchains. However, then the default manifest needs to be
+disabled with MSVC in CMakeLists.txt to avoid duplicate
+manifests which would break the build.
+
+w32_application.manifest.rc:
+
+ #include <winresrc.h>
+ CREATEPROCESS_MANIFEST_RESOURCE_ID RT_MANIFEST "w32_application.manifest"
+
+Or the same thing without the #include:
+
+ 1 24 "w32_application.manifest"
+
+CMakeLists.txt:
+
+ if(MSVC)
+ set(CMAKE_EXE_LINKER_FLAGS "${CMAKE_EXE_LINKER_FLAGS} /MANIFEST:NO")
+ endif()
+
+ add_executable(foo foo.c)
+
+ # WIN32 isn't set on Cygwin or MSYS2, thus if(WIN32) is correct here.
+ if(WIN32)
+ target_sources(foo PRIVATE w32_application.manifest.rc)
+ set_source_files_properties(w32_application.manifest.rc PROPERTIES
+ OBJECT_DEPENDS w32_application.manifest
+ )
+ endif()
--
2.43.0

28
add-sw_64-support.patch Normal file
View File

@ -0,0 +1,28 @@
From fdcfd8436a5030701cea06248563a25c44eea966 Mon Sep 17 00:00:00 2001
From: mahailiang <mahailiang@uniontech.com>
Date: Wed, 30 Oct 2024 21:02:03 +0800
Subject: [PATCH] add sw_64 support
---
src/liblzma/api/lzma/bcj.h | 5 +++++
1 file changed, 5 insertions(+)
diff --git a/src/liblzma/api/lzma/bcj.h b/src/liblzma/api/lzma/bcj.h
index 0c84e0c..95cb413 100644
--- a/src/liblzma/api/lzma/bcj.h
+++ b/src/liblzma/api/lzma/bcj.h
@@ -15,6 +15,11 @@
# error Never include this file directly. Use <lzma.h> instead.
#endif
+#define LZMA_FILTER_SW_64 LZMA_VLI_C(0x04)
+ /**<
+ * Filter for sw_64 binaries
+ */
+
/* Filter IDs for lzma_filter.id */
--
2.20.1

60
backport-liblzma-Add-overflow-check-for-Unpadded-size-in-lzma.patch
View File

@ -1,60 +0,0 @@
From 68bda971bb8b666a009331455fcedb4e18d837a4 Mon Sep 17 00:00:00 2001
From: Jia Tan <jiat0218@gmail.com>
Date: Mon, 28 Aug 2023 21:31:25 +0800
Subject: [PATCH] liblzma: Add overflow check for Unpadded size in
lzma_index_append().
This was not a security bug since there was no path to overflow
UINT64_MAX in lzma_index_append() or when it calls index_file_size().
The bug was discovered by a failing assert() in vli_ceil4() when called
from index_file_size() when unpadded_sum (the sum of the compressed size
of current Stream and the unpadded_size parameter) exceeds LZMA_VLI_MAX.
Previously, the unpadded_size parameter was checked to be not greater
than UNPADDED_SIZE_MAX, but no check was done once compressed_base was
added.
This could not have caused an integer overflow in index_file_size() when
called by lzma_index_append(). The calculation for file_size breaks down
into the sum of:
- Compressed base from all previous Streams
- 2 * LZMA_STREAM_HEADER_SIZE (size of the current Streams header and
footer)
- stream_padding (can be set by lzma_index_stream_padding())
- Compressed base from the current Stream
- Unpadded size (parameter to lzma_index_append())
The sum of everything except for Unpadded size must be less than
LZMA_VLI_MAX. This is guarenteed by overflow checks in the functions
that can set these values including lzma_index_stream_padding(),
lzma_index_append(), and lzma_index_cat(). The maximum value for
Unpadded size is enforced by lzma_index_append() to be less than or
equal UNPADDED_SIZE_MAX. Thus, the sum cannot exceed UINT64_MAX since
LZMA_VLI_MAX is half of UINT64_MAX.
Thanks to Joona Kannisto for reporting this.
---
src/liblzma/common/index.c | 6 ++++++
1 file changed, 6 insertions(+)
diff --git a/src/liblzma/common/index.c b/src/liblzma/common/index.c
index 97cc9f95..8a35f439 100644
--- a/src/liblzma/common/index.c
+++ b/src/liblzma/common/index.c
@@ -661,6 +661,12 @@ lzma_index_append(lzma_index *i, const lzma_allocator *allocator,
if (uncompressed_base + uncompressed_size > LZMA_VLI_MAX)
return LZMA_DATA_ERROR;
+ // Check that the new unpadded sum will not overflow. This is
+ // checked again in index_file_size(), but the unpadded sum is
+ // passed to vli_ceil4() which expects a valid lzma_vli value.
+ if (compressed_base + unpadded_size > UNPADDED_SIZE_MAX)
+ return LZMA_DATA_ERROR;
+
// Check that the file size will stay within limits.
if (index_file_size(s->node.compressed_base,
compressed_base + unpadded_size, s->record_count + 1,
--
2.23.0

BIN
xz-5.4.4.tar.xz
View File

Binary file not shown.

BIN
xz-5.4.7.tar.xz Normal file
View File

Binary file not shown.

37
xz-5213-547-562-libtool.patch Normal file
View File

@ -0,0 +1,37 @@
# Fix shared library building in XZ Utils 5.2.13, 5.4.7, and 5.6.2
#
# The releases were made with a development version of GNU Libtool
# (2.5.0+1+g38c166c8). The benefit is that there tend to be fixes that
# aren't in a stable release yet. At the same time there is a higher
# risk of new bugs. Unfortunately there was a bug that breaks building
# of shared libraries on some systems like mips64.
#
# This patch was made by taking the upstream commit to m4/libtool.m4
# and then running "autoconf" to update the generated "configure".
# This patch only modifies "configure" so that the changed timestamps
# won't cause the build system to regenerate more files, which would
# only work if one has all Autotools packages installed.
#
# https://git.savannah.gnu.org/cgit/libtool.git/commit/?id=9a4a02615c9e7cbcfd690ed31874822a7d6aaea2
# https://lore.kernel.org/distributions/3299713.44csPzL39Z@pinacolada/
diff -rup xz-5.6.2.orig/configure xz-5.6.2/configure
--- xz-5.6.2.orig/configure
+++ xz-5.6.2/configure
@@ -9475,7 +9475,7 @@ do
esac
for ac_exec_ext in '' $ac_executable_extensions; do
if as_fn_executable_p "$as_dir$ac_word$ac_exec_ext"; then
- ac_cv_prog_FILECMD=":"
+ ac_cv_prog_FILECMD="file"
printf "%s\n" "$as_me:${as_lineno-$LINENO}: found $as_dir$ac_word$ac_exec_ext" >&5
break 2
fi
@@ -9483,6 +9483,7 @@ done
done
IFS=$as_save_IFS
+ test -z "$ac_cv_prog_FILECMD" && ac_cv_prog_FILECMD=":"
fi ;;
esac
fi

334
xz-cve-2025-31115.patch Normal file
View File

@ -0,0 +1,334 @@
# Fix CVE-2025-31115 in XZ Utils 5.3.3alpha to 5.8.0
# This applies to all affected releases.
# https://tukaani.org/xz/threaded-decoder-early-free.html
From 831b55b971cf579ee16a854f177c36b20d3c6999 Mon Sep 17 00:00:00 2001
From: Lasse Collin <lasse.collin@tukaani.org>
Date: Thu, 3 Apr 2025 14:34:42 +0300
Subject: [PATCH 1/4] liblzma: mt dec: Fix a comment
Reviewed-by: Sebastian Andrzej Siewior <sebastian@breakpoint.cc>
Thanks-to: Sam James <sam@gentoo.org>
---
src/liblzma/common/stream_decoder_mt.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/src/liblzma/common/stream_decoder_mt.c b/src/liblzma/common/stream_decoder_mt.c
index 22c9375f..812b745d 100644
--- a/src/liblzma/common/stream_decoder_mt.c
+++ b/src/liblzma/common/stream_decoder_mt.c
@@ -347,7 +347,7 @@ worker_enable_partial_update(void *thr_ptr)
/// Things do to at THR_STOP or when finishing a Block.
-/// This is called with thr->mutex locked.
+/// This is called with thr->coder->mutex locked.
static void
worker_stop(struct worker_thread *thr)
{
--
2.49.0
From c0c835964dfaeb2513a3c0bdb642105152fe9f34 Mon Sep 17 00:00:00 2001
From: Lasse Collin <lasse.collin@tukaani.org>
Date: Thu, 3 Apr 2025 14:34:42 +0300
Subject: [PATCH 2/4] liblzma: mt dec: Simplify by removing the THR_STOP state
The main thread can directly set THR_IDLE in threads_stop() which is
called when errors are detected. threads_stop() won't return the stopped
threads to the pool or free the memory pointed by thr->in anymore, but
it doesn't matter because the existing workers won't be reused after
an error. The resources will be cleaned up when threads_end() is
called (reinitializing the decoder always calls threads_end()).
Reviewed-by: Sebastian Andrzej Siewior <sebastian@breakpoint.cc>
Thanks-to: Sam James <sam@gentoo.org>
---
src/liblzma/common/stream_decoder_mt.c | 75 ++++++++++----------------
1 file changed, 29 insertions(+), 46 deletions(-)
diff --git a/src/liblzma/common/stream_decoder_mt.c b/src/liblzma/common/stream_decoder_mt.c
index 812b745d..82962c64 100644
--- a/src/liblzma/common/stream_decoder_mt.c
+++ b/src/liblzma/common/stream_decoder_mt.c
@@ -23,15 +23,10 @@ typedef enum {
THR_IDLE,
/// Decoding is in progress.
- /// Main thread may change this to THR_STOP or THR_EXIT.
+ /// Main thread may change this to THR_IDLE or THR_EXIT.
/// The worker thread may change this to THR_IDLE.
THR_RUN,
- /// The main thread wants the thread to stop whatever it was doing
- /// but not exit. Main thread may change this to THR_EXIT.
- /// The worker thread may change this to THR_IDLE.
- THR_STOP,
-
/// The main thread wants the thread to exit.
THR_EXIT,
@@ -346,27 +341,6 @@ worker_enable_partial_update(void *thr_ptr)
}
-/// Things do to at THR_STOP or when finishing a Block.
-/// This is called with thr->coder->mutex locked.
-static void
-worker_stop(struct worker_thread *thr)
-{
- // Update memory usage counters.
- thr->coder->mem_in_use -= thr->in_size;
- thr->in_size = 0; // thr->in was freed above.
-
- thr->coder->mem_in_use -= thr->mem_filters;
- thr->coder->mem_cached += thr->mem_filters;
-
- // Put this thread to the stack of free threads.
- thr->next = thr->coder->threads_free;
- thr->coder->threads_free = thr;
-
- mythread_cond_signal(&thr->coder->cond);
- return;
-}
-
-
static MYTHREAD_RET_TYPE
worker_decoder(void *thr_ptr)
{
@@ -397,17 +371,6 @@ next_loop_unlocked:
return MYTHREAD_RET_VALUE;
}
- if (thr->state == THR_STOP) {
- thr->state = THR_IDLE;
- mythread_mutex_unlock(&thr->mutex);
-
- mythread_sync(thr->coder->mutex) {
- worker_stop(thr);
- }
-
- goto next_loop_lock;
- }
-
assert(thr->state == THR_RUN);
// Update progress info for get_progress().
@@ -510,7 +473,22 @@ next_loop_unlocked:
&& thr->coder->thread_error == LZMA_OK)
thr->coder->thread_error = ret;
- worker_stop(thr);
+ // Return the worker thread to the stack of available
+ // threads.
+ {
+ // Update memory usage counters.
+ thr->coder->mem_in_use -= thr->in_size;
+ thr->in_size = 0; // thr->in was freed above.
+
+ thr->coder->mem_in_use -= thr->mem_filters;
+ thr->coder->mem_cached += thr->mem_filters;
+
+ // Put this thread to the stack of free threads.
+ thr->next = thr->coder->threads_free;
+ thr->coder->threads_free = thr;
+ }
+
+ mythread_cond_signal(&thr->coder->cond);
}
goto next_loop_lock;
@@ -544,17 +522,22 @@ threads_end(struct lzma_stream_coder *coder, const lzma_allocator *allocator)
}
+/// Tell worker threads to stop without doing any cleaning up.
+/// The clean up will be done when threads_exit() is called;
+/// it's not possible to reuse the threads after threads_stop().
+///
+/// This is called before returning an unrecoverable error code
+/// to the application. It would be waste of processor time
+/// to keep the threads running in such a situation.
static void
threads_stop(struct lzma_stream_coder *coder)
{
for (uint32_t i = 0; i < coder->threads_initialized; ++i) {
+ // The threads that are in the THR_RUN state will stop
+ // when they check the state the next time. There's no
+ // need to signal coder->threads[i].cond.
mythread_sync(coder->threads[i].mutex) {
- // The state must be changed conditionally because
- // THR_IDLE -> THR_STOP is not a valid state change.
- if (coder->threads[i].state != THR_IDLE) {
- coder->threads[i].state = THR_STOP;
- mythread_cond_signal(&coder->threads[i].cond);
- }
+ coder->threads[i].state = THR_IDLE;
}
}
@@ -1941,7 +1924,7 @@ stream_decoder_mt_init(lzma_next_coder *next, const lzma_allocator *allocator,
// accounting from scratch, too. Changes in filter and block sizes may
// affect number of threads.
//
- // FIXME? Reusing should be easy but unlike the single-threaded
+ // Reusing threads doesn't seem worth it. Unlike the single-threaded
// decoder, with some types of input file combinations reusing
// could leave quite a lot of memory allocated but unused (first
// file could allocate a lot, the next files could use fewer
--
2.49.0
From d5a2ffe41bb77b918a8c96084885d4dbe4bf6480 Mon Sep 17 00:00:00 2001
From: Lasse Collin <lasse.collin@tukaani.org>
Date: Thu, 3 Apr 2025 14:34:42 +0300
Subject: [PATCH 3/4] liblzma: mt dec: Don't free the input buffer too early
(CVE-2025-31115)
The input buffer must be valid as long as the main thread is writing
to the worker-specific input buffer. Fix it by making the worker
thread not free the buffer on errors and not return the worker thread to
the pool. The input buffer will be freed when threads_end() is called.
With invalid input, the bug could at least result in a crash. The
effects include heap use after free and writing to an address based
on the null pointer plus an offset.
The bug has been there since the first committed version of the threaded
decoder and thus affects versions from 5.3.3alpha to 5.8.0.
As the commit message in 4cce3e27f529 says, I had made significant
changes on top of Sebastian's patch. This bug was indeed introduced
by my changes; it wasn't in Sebastian's version.
Thanks to Harri K. Koskinen for discovering and reporting this issue.
Fixes: 4cce3e27f529 ("liblzma: Add threaded .xz decompressor.")
Reported-by: Harri K. Koskinen <x64nop@nannu.org>
Reviewed-by: Sebastian Andrzej Siewior <sebastian@breakpoint.cc>
Thanks-to: Sam James <sam@gentoo.org>
---
src/liblzma/common/stream_decoder_mt.c | 31 ++++++++++++++++++--------
1 file changed, 22 insertions(+), 9 deletions(-)
diff --git a/src/liblzma/common/stream_decoder_mt.c b/src/liblzma/common/stream_decoder_mt.c
index 82962c64..98aabcff 100644
--- a/src/liblzma/common/stream_decoder_mt.c
+++ b/src/liblzma/common/stream_decoder_mt.c
@@ -435,8 +435,7 @@ next_loop_unlocked:
}
// Either we finished successfully (LZMA_STREAM_END) or an error
- // occurred. Both cases are handled almost identically. The error
- // case requires updating thr->coder->thread_error.
+ // occurred.
//
// The sizes are in the Block Header and the Block decoder
// checks that they match, thus we know these:
@@ -444,16 +443,30 @@ next_loop_unlocked:
assert(ret != LZMA_STREAM_END
|| thr->out_pos == thr->block_options.uncompressed_size);
- // Free the input buffer. Don't update in_size as we need
- // it later to update thr->coder->mem_in_use.
- lzma_free(thr->in, thr->allocator);
- thr->in = NULL;
-
mythread_sync(thr->mutex) {
+ // Block decoder ensures this, but do a sanity check anyway
+ // because thr->in_filled < thr->in_size means that the main
+ // thread is still writing to thr->in.
+ if (ret == LZMA_STREAM_END && thr->in_filled != thr->in_size) {
+ assert(0);
+ ret = LZMA_PROG_ERROR;
+ }
+
if (thr->state != THR_EXIT)
thr->state = THR_IDLE;
}
+ // Free the input buffer. Don't update in_size as we need
+ // it later to update thr->coder->mem_in_use.
+ //
+ // This step is skipped if an error occurred because the main thread
+ // might still be writing to thr->in. The memory will be freed after
+ // threads_end() sets thr->state = THR_EXIT.
+ if (ret == LZMA_STREAM_END) {
+ lzma_free(thr->in, thr->allocator);
+ thr->in = NULL;
+ }
+
mythread_sync(thr->coder->mutex) {
// Move our progress info to the main thread.
thr->coder->progress_in += thr->in_pos;
@@ -474,8 +487,8 @@ next_loop_unlocked:
thr->coder->thread_error = ret;
// Return the worker thread to the stack of available
- // threads.
- {
+ // threads only if no errors occurred.
+ if (ret == LZMA_STREAM_END) {
// Update memory usage counters.
thr->coder->mem_in_use -= thr->in_size;
thr->in_size = 0; // thr->in was freed above.
--
2.49.0
From 8188048854e8d11071b8a50d093c74f4c030acc9 Mon Sep 17 00:00:00 2001
From: Lasse Collin <lasse.collin@tukaani.org>
Date: Thu, 3 Apr 2025 14:34:42 +0300
Subject: [PATCH 4/4] liblzma: mt dec: Don't modify thr->in_size in the worker
thread
Don't set thr->in_size = 0 when returning the thread to the stack of
available threads. Not only is it useless, but the main thread may
read the value in SEQ_BLOCK_THR_RUN. With valid inputs, it made
no difference if the main thread saw the original value or 0. With
invalid inputs (when worker thread stops early), thr->in_size was
no longer modified after the previous commit with the security fix
("Don't free the input buffer too early").
So while the bug appears harmless now, it's important to fix it because
the variable was being modified without proper locking. It's trivial
to fix because there is no need to change the value. Only main thread
needs to set the value in (in SEQ_BLOCK_THR_INIT) when starting a new
Block before the worker thread is activated.
Fixes: 4cce3e27f529 ("liblzma: Add threaded .xz decompressor.")
Reviewed-by: Sebastian Andrzej Siewior <sebastian@breakpoint.cc>
Thanks-to: Sam James <sam@gentoo.org>
---
src/liblzma/common/stream_decoder_mt.c | 6 ++++--
1 file changed, 4 insertions(+), 2 deletions(-)
diff --git a/src/liblzma/common/stream_decoder_mt.c b/src/liblzma/common/stream_decoder_mt.c
index 98aabcff..1fa92220 100644
--- a/src/liblzma/common/stream_decoder_mt.c
+++ b/src/liblzma/common/stream_decoder_mt.c
@@ -491,8 +491,6 @@ next_loop_unlocked:
if (ret == LZMA_STREAM_END) {
// Update memory usage counters.
thr->coder->mem_in_use -= thr->in_size;
- thr->in_size = 0; // thr->in was freed above.
-
thr->coder->mem_in_use -= thr->mem_filters;
thr->coder->mem_cached += thr->mem_filters;
@@ -1554,6 +1552,10 @@ stream_decode_mt(void *coder_ptr, const lzma_allocator *allocator,
}
// Return if the input didn't contain the whole Block.
+ //
+ // NOTE: When we updated coder->thr->in_filled a few lines
+ // above, the worker thread might by now have finished its
+ // work and returned itself back to the stack of free threads.
if (coder->thr->in_filled < coder->thr->in_size) {
assert(*in_pos == in_size);
return LZMA_OK;
--
2.49.0

60
xz.spec
View File

@ -1,15 +1,23 @@
Name: xz
Version: 5.4.4
Release: 2
Version: 5.4.7
Release: 5
Summary: A free general-purpose data compreession software with LZMA2 algorithm
License: GPL-3.0-only
URL: http://tukaani.org/xz
Source0: http://tukaani.org/%{name}/%{name}-%{version}.tar.xz
Source1: colorxzgrep.sh
Source2: colorxzgrep.csh
Patch0: backport-liblzma-Add-overflow-check-for-Unpadded-size-in-lzma.patch
# https://github.com/tukaani-project/xz/releases/tag/v5.4.7
# https://github.com/tukaani-project/xz/releases/download/v5.4.7/xz-5213-547-562-libtool.patch
Patch0: xz-5213-547-562-libtool.patch
Patch1: 0001-fix-CVE-2024-47611.patch
Patch2: add-sw_64-support.patch
Patch3: xz-cve-2025-31115.patch
BuildRequires: perl-interpreter gcc
# Patch1 modified Makefile.am so we need this
BuildRequires: automake
Requires: %{name} = %{version}-%{release}
Requires: grep >= 2.20-5
@ -47,12 +55,7 @@ Obsoletes: %{name}-compat-libs < %{version}-%{release}
%description libs
Libraries for decoding files compressed with LZMA or XZ utils.
%package help
Summary: Help documentation related to xz
BuildArch: noarch
%description help
This package includes help documentation and manuals related to xz.
%package_help
%prep
%autosetup -n %{name}-%{version} -p1
@ -65,6 +68,7 @@ sed -i 's|^runpath_var=LD_RUN_PATH|runpath_var=DIE_RPATH_DIE|g' libtool
%install
%make_install
%delete_la
# config color alias for xz*grep
%global profiledir %{_sysconfdir}/profile.d
@ -75,17 +79,14 @@ install -p -m 644 %{SOURCE2} %{buildroot}%{profiledir}
%find_lang %name
%check
LD_LIBRARY_PATH=$PWD/src/liblzma/.libs make check
LD_LIBRARY_PATH=$PWD/src/liblzma/.libs %make_build check
%files -f %{name}.lang
%defattr(-,root,root)
%doc %{_pkgdocdir}
%license %{_pkgdocdir}/COPYING*
%license COPYING*
%{_bindir}/*xz*
%{profiledir}/*
%exclude %_pkgdocdir/examples*
%exclude %{_libdir}/*.la
%files libs
%{_libdir}/lib*.so.5*
@ -104,17 +105,30 @@ LD_LIBRARY_PATH=$PWD/src/liblzma/.libs make check
%{_libdir}/*.so
%files help
%{_mandir}/man1/*lz*
%{_mandir}/man1/*xz*
%{_mandir}/de/man1/*lz*
%{_mandir}/de/man1/*xz*
%{_mandir}/fr/man1/*
%{_mandir}/ko/man1/*
%{_mandir}/ro/man1/*
%{_mandir}/uk/man1/*
%{_mandir}/pt_BR/man1/*
%{_mandir}/man1/*
%lang(de) %{_mandir}/de/man1/*
%lang(fr) %{_mandir}/fr/man1/*
%lang(ko) %{_mandir}/ko/man1/*
%lang(ro) %{_mandir}/ro/man1/*
%lang(uk) %{_mandir}/uk/man1/*
%lang(pt_BR) %{_mandir}/pt_BR/man1/*
%changelog
* Fri Apr 04 2025 Funda Wang <fundawang@yeah.net> - 5.4.7-5
- fix CVE-2025-31115
* Fri Feb 28 2025 maqi <maqi@uniontech.com> - 5.4.7-4
- Add sw_64 support
* Tue Nov 5 15:46:38 2024 Kai Liu <kai.liu@windriver.com> - 5.4.7-3
- Add BuildRequires for automake as patch1 modified Makefile.am.
* Tue Oct 08 2024 changtao <changtao@kylinos.cn> - 5.4.7-2
-fix CVE-2024-47611
* Thu Aug 01 2024 Funda Wang <fundawang@yeah.net> - 5.4.7-1
- Update to 5.4.7
* Tue Apr 30 2024 kouwenqi <kouwenqi@kylinos.cn> - 5.4.4-2
- liblzma: Add overflow check for Unpadded size in lzma_index_append