Update contrib/libs/lzma to 5.6.3

commit_hash:625353c0ed27ce033147a8f5121982b83e126bdc

Author: robot-piglet

contrib/libs/lzma/.yandex_meta/override.nix

@@ -1,11 +1,11 @@
 pkgs: attrs: with pkgs; with attrs; rec {
-  version = "5.6.2";
+  version = "5.6.3";
 
   src = fetchFromGitHub {
     owner = "tukaani-project";
     repo = "xz";
     rev = "v${version}";
-    hash = "sha256-NB6EHOSAL4eMyhgSJqyJ10H9HgTUv5NFJpEQTEzUofo=";
+    hash = "sha256-2bxTxgDGlA0zPlfFs69bkuBGL44Se1ktSZCJ1Pt75I0=";
   };
 
   nativeBuildInputs = [ autoreconfHook ];

contrib/libs/lzma/INSTALL

@@ -789,7 +789,7 @@ XZ Utils Installation
 
     The configure script determines if assembler code can be used by
     looking at the configure triplet; there is currently no check if
-    the assembler code can actually actually be built. The x86 assembler
+    the assembler code can actually be built. The x86 assembler
     code should work on x86 GNU/Linux, *BSDs, Solaris, Darwin, MinGW,
     Cygwin, and DJGPP. On other x86 systems, there may be problems and
     the assembler code may need to be disabled with the configure option.

contrib/libs/lzma/NEWS

@@ -2,6 +2,131 @@
 XZ Utils Release Notes
 ======================
 
+5.6.3 (2024-10-01)
+
+    IMPORTANT: This includes a Windows-specific security fix to
+    the command line tools. liblzma isn't affected by this issue.
+
+    * liblzma:
+
+        - Fix x86-64 inline assembly compatibility with GNU Binutils
+          older than 2.27.
+
+        - Fix the build with GCC 4.2 on OpenBSD/sparc64.
+
+    * xzdec: Display an error instead of failing silently if the
+      unsupported option -M is specified.
+
+    * lzmainfo: Fix integer overflows when rounding the dictionary and
+      uncompressed sizes to the nearest mebibyte.
+
+    * Windows (except Cygwin and MSYS2): Add an application manifest to
+      xz, xzdec, lzmadec, and lzmainfo executables:
+
+        - Declare them compatible with Vista/7/8/8.1/10/11. This way
+          the programs won't needlessly use Operating System Context
+          of Vista when running on later Windows versions. This setting
+          doesn't mean that the executables cannot run on even older
+          versions if otherwise built that way.
+
+        - Declare them as UAC-compliant. MSVC added this by default
+          already but it wasn't done with MinGW-w64, at least not
+          with all toolchain variants.
+
+        - Declare them long path aware. This makes long path names
+          work on Windows 10 and 11 if the feature has been enabled
+          in the Windows registry.
+
+        - Use the UTF-8 code page on Windows 10 version 1903 and later.
+
+            * Now command line tools can access files whose names
+              contain characters that don't exist in the current
+              legacy code page.
+
+            * The options --files and --files0 now expect file lists
+              to be in UTF-8 instead of the legacy code page.
+
+            * This fixes a security issue: If a command line contains
+              Unicode characters (for example, filenames) that don't
+              exist in the current legacy code page, the characters are
+              converted to similar-looking characters with best-fit
+              mapping. Some best-fit mappings result in ASCII
+              characters that change the meaning of the command line,
+              which can be exploited with malicious filenames to do
+              argument injection or directory traversal attacks.
+              UTF-8 avoids best-fit mappings and thus fixes the issue.
+
+              Forcing the process code page to UTF-8 is possible only
+              on Windows 10 version 1903 and later. The command line
+              tools remain vulnerable if used on an old older
+              version of Windows.
+
+              This issue was discovered by Orange Tsai and splitline
+              from DEVCORE Research Team.
+
+              A related smaller issue remains: Windows filenames may
+              contain unpaired surrogates (invalid UTF-16). These are
+              converted to the replacement character U+FFFD in the
+              UTF-8 code page. Thus, filenames with different unpaired
+              surrogates appear identical and aren't distinguishable
+              from filenames that contain the actual replacement
+              character U+FFFD.
+
+            * When building with MinGW-w64, it is recommended to use
+              UCRT version instead of the old MSVCRT. For example,
+              non-ASCII characters from filenames won't print
+              correctly in messages to console with MSVCRT with
+              the UTF-8 code page (a cosmetic issue). liblzma-only
+              builds are still fine with MSVCRT.
+
+        - Cygwin and MSYS2 process command line options differently and
+          the above issues don't exist. There is no need to replace the
+          default application manifest on Cygwin and MSYS2.
+
+    * Autotools-based build:
+
+        - Fix feature checks with link-time optimization (-flto).
+
+        - Solaris: Fix a compatibility issue in version.sh. It matters
+          if one wants to regenerate configure by running autoconf.
+
+    * CMake:
+
+        - Use paths relative to ${prefix} in liblzma.pc when possible.
+          This is done only with CMake >= 3.20.
+
+        - MSVC: Install liblzma.pc as it can be useful with MSVC too.
+
+        - Windows: Fix liblzma filename prefix, for example:
+
+            * Cygwin: The DLL was incorrectly named liblzma-5.dll.
+              Now it is cyglzma-5.dll.
+
+            * MSVC: Rename import library from liblzma.lib to lzma.lib
+              while keeping liblzma.dll name as is. This helps with
+              "pkgconf --msvc-syntax --libs liblzma" because it mungles
+              "-llzma" in liblzma.pc to "lzma.lib".
+
+            * MinGW-w64: No changes.
+
+        - Windows: Use the correct resource file for lzmadec.exe.
+          Previously the resource file for xzdec.exe was used for both.
+          Autotools-based build isn't affected.
+
+        - Prefer a C11 compiler over a C99 compiler but accept both.
+
+        - Link Threads::Threads against liblzma using PRIVATE so that
+          -pthread and such flags won't unnecessarily get included in
+          the usage requirements of shared liblzma. That is,
+          target_link_libraries(foo PRIVATE liblzma::liblzma) no
+          longer adds -pthread if using POSIX threads and linking
+          against shared liblzma. The threading flags are still added
+          if linking against static liblzma.
+
+    * Updated translations: Catalan, Chinese (simplified), and
+      Brazilian Portuguese.
+
+
 5.6.2 (2024-05-29)
 
     * Remove the backdoor (CVE-2024-3094).

contrib/libs/lzma/THANKS

@@ -33,6 +33,7 @@ has been important. :-) In alphabetical order:
   - Tomer Chachamu
   - Vitaly Chikunov
   - Antoine Cœur
+  - Felix Collin
   - Gabi Davar
   - İhsan Doğan
   - Chris Donawa
@@ -69,9 +70,11 @@ has been important. :-) In alphabetical order:
   - Hans Jansen
   - Jouk Jansen
   - Jun I Jin
+  - Christoph Junghans
   - Kiyoshi Kanazawa
   - Joona Kannisto
   - Per Øyvind Karlsen
+  - Firas Khalil Khana
   - Iouri Kharon
   - Thomas Klausner
   - Richard Koch
@@ -92,6 +95,7 @@ has been important. :-) In alphabetical order:
   - Cary Lewis
   - Wim Lewis
   - Xin Li
+  - Yifeng Li
   - Eric Lindblad
   - Lorenzo De Liso
   - H.J. Lu
@@ -107,9 +111,11 @@ has been important. :-) In alphabetical order:
   - Nathan Moinvaziri
   - Étienne Mollier
   - Conley Moorhous
+  - Andrew Murray
   - Rafał Mużyło
   - Adrien Nader
   - Evan Nemerson
+  - Alexander Neumann
   - Hongbo Ni
   - Jonathan Nieder
   - Andre Noll
@@ -118,11 +124,13 @@ has been important. :-) In alphabetical order:
   - Daniel Packard
   - Filip Palian
   - Peter Pallinger
+  - Kai Pastor
   - Rui Paulo
   - Igor Pavlov
   - Diego Elio Pettenò
   - Elbert Pol
   - Mikko Pouru
+  - Frank Prochnow
   - Rich Prohaska
   - Trần Ngọc Quân
   - Pavel Raiskup
@@ -138,9 +146,12 @@ has been important. :-) In alphabetical order:
   - Stephen Sachs
   - Jukka Salmi
   - Agostino Sarubbo
+  - Vijay Sarvepalli
   - Alexandre Sauvé
   - Benno Schulenberg
   - Andreas Schwab
+  - Eli Schwartz
+  - Peter Seiderer
   - Bhargava Shastry
   - Dan Shechter
   - Stuart Shelton
@@ -149,14 +160,18 @@ has been important. :-) In alphabetical order:
   - Brad Smith
   - Bruce Stark
   - Pippijn van Steenhoven
+  - Tobias Stoeckmann
   - Martin Storsjö
   - Jonathan Stott
   - Dan Stromberg
+  - Douglas Thor
   - Vincent Torri
   - Alexey Tourbin
   - Paul Townsend
   - Mohammed Adnène Trojette
+  - Orange Tsai
   - Taiki Tsunekawa
+  - Mathieu Vachon
   - Maksym Vatsyk
   - Loganaden Velvindron
   - Patrick J. Volkerding
@@ -176,6 +191,10 @@ has been important. :-) In alphabetical order:
   - Ryan Young
   - Andreas Zieringer
 
+Companies:
+  - Google
+  - Sandfly Security
+
 Also thanks to all the people who have participated in the Tukaani project.
 
 I have probably forgot to add some names to the above list. Sorry about

contrib/libs/lzma/common/tuklib_integer.h

@@ -86,9 +86,15 @@
 #elif defined(HAVE_SYS_ENDIAN_H)
 	// *BSDs and Darwin
 #	include <sys/endian.h>
-#	define byteswap16(num) bswap16(num)
-#	define byteswap32(num) bswap32(num)
-#	define byteswap64(num) bswap64(num)
+#	ifdef __OpenBSD__
+#		define byteswap16(num) swap16(num)
+#		define byteswap32(num) swap32(num)
+#		define byteswap64(num) swap64(num)
+#	else
+#		define byteswap16(num) bswap16(num)
+#		define byteswap32(num) bswap32(num)
+#		define byteswap64(num) bswap64(num)
+#	endif
 
 #elif defined(HAVE_SYS_BYTEORDER_H)
 	// Solaris
@@ -237,7 +243,7 @@
 // from the memcpy() method than from simple byte-by-byte shift-or code
 // when reading a 32-bit integer:
 //
-//     (1) It may be constructed on stack using using four 8-bit loads,
+//     (1) It may be constructed on stack using four 8-bit loads,
 //         four 8-bit stores to stack, and finally one 32-bit load from stack.
 //
 //     (2) Especially with -Os, an actual memcpy() call may be emitted.

contrib/libs/lzma/liblzma/api/lzma/container.h

@@ -306,7 +306,7 @@ extern LZMA_API(uint64_t) lzma_easy_decoder_memusage(uint32_t preset)
  *                      number and zero or more flags. Usually flags aren't
  *                      used, so preset is simply a number [0, 9] which match
  *                      the options -0 ... -9 of the xz command line tool.
- *                      Additional flags can be be set using bitwise-or with
+ *                      Additional flags can be set using bitwise-or with
  *                      the preset level number, e.g. 6 | LZMA_PRESET_EXTREME.
  * \param       check   Integrity check type to use. See check.h for available
  *                      checks. The xz command line tool defaults to

contrib/libs/lzma/liblzma/api/lzma/version.h

@@ -22,7 +22,7 @@
 #define LZMA_VERSION_MINOR 6
 
 /** \brief Patch version number of the liblzma release. */
-#define LZMA_VERSION_PATCH 2
+#define LZMA_VERSION_PATCH 3
 
 /**
  * \brief Version stability marker

contrib/libs/lzma/liblzma/check/crc32_table.c

@@ -34,9 +34,9 @@ typedef void lzma_crc32_dummy;
 // Having the declaration here silences clang -Wmissing-variable-declarations.
 extern const uint32_t lzma_crc32_table[8][256];
 
-#       ifdef WORDS_BIGENDIAN
-#       	error #include "crc32_table_be.h"
-#       else
-#       	include "crc32_table_le.h"
-#       endif
+#	ifdef WORDS_BIGENDIAN
+#		error #include "crc32_table_be.h"
+#	else
+#		include "crc32_table_le.h"
+#	endif
 #endif

contrib/libs/lzma/liblzma/check/crc_common.h

@@ -76,9 +76,9 @@
 // NOTE: Keep this and the next check in sync with the macro
 //       NO_CRC32_TABLE in crc32_table.c
 #if defined(HAVE_ARM64_CRC32) && !defined(WORDS_BIGENDIAN)
-// Allow ARM64 CRC32 instruction without a runtime check if
-// __ARM_FEATURE_CRC32 is defined. GCC and Clang only define this if the
-// proper compiler options are used.
+	// Allow ARM64 CRC32 instruction without a runtime check if
+	// __ARM_FEATURE_CRC32 is defined. GCC and Clang only define
+	// this if the proper compiler options are used.
 #	if defined(__ARM_FEATURE_CRC32)
 #		define CRC32_ARCH_OPTIMIZED 1
 #		define CRC32_ARM64 1

contrib/libs/lzma/liblzma/check/crc_x86_clmul.h

@@ -266,7 +266,7 @@ crc32_arch_optimized(const uint8_t *buf, size_t size, uint32_t crc)
 
 	__m128i v0, v1, v2;
 
-	crc_simd_body(buf,  size, &v0, &v1, vfold16,
+	crc_simd_body(buf, size, &v0, &v1, vfold16,
 			_mm_cvtsi32_si128((int32_t)~crc));
 
 	v1 = _mm_xor_si128(
@@ -355,12 +355,12 @@ crc64_arch_optimized(const uint8_t *buf, size_t size, uint64_t crc)
 	__m128i v0, v1, v2;
 
 #if defined(__i386__) || defined(_M_IX86)
-	crc_simd_body(buf,  size, &v0, &v1, vfold16,
+	crc_simd_body(buf, size, &v0, &v1, vfold16,
 			_mm_set_epi64x(0, (int64_t)~crc));
 #else
 	// GCC and Clang would produce good code with _mm_set_epi64x
 	// but MSVC needs _mm_cvtsi64_si128 on x86-64.
-	crc_simd_body(buf,  size, &v0, &v1, vfold16,
+	crc_simd_body(buf, size, &v0, &v1, vfold16,
 			_mm_cvtsi64_si128((int64_t)~crc));
 #endif
 
@@ -385,6 +385,9 @@ crc64_arch_optimized(const uint8_t *buf, size_t size, uint64_t crc)
 #endif // BUILDING_CRC64_CLMUL
 
 
+// Even though this is an inline function, compile it only when needed.
+// This way it won't appear in E2K builds at all.
+#if defined(CRC32_GENERIC) || defined(CRC64_GENERIC)
 // Inlining this function duplicates the function body in crc32_resolve() and
 // crc64_resolve(), but this is acceptable because this is a tiny function.
 static inline bool
@@ -420,9 +423,10 @@ is_arch_extension_supported(void)
 	//   - ICC's _may_i_use_cpu_feature: the other methods should work too.
 	//   - GCC >= 6 / Clang / ICX __builtin_cpu_supports("pclmul")
 	//
-	// CPUID decding is needed with MSVC anyway and older GCC. This keeps
+	// CPUID decoding is needed with MSVC anyway and older GCC. This keeps
 	// the feature checks in the build system simpler too. The nice thing
 	// about __builtin_cpu_supports would be that it generates very short
 	// code as is it only reads a variable set at startup but a few bytes
 	// doesn't matter here.
 }
+#endif