Bump version and soname for 5.6.1.

The original files were generated with random local to my machine.
To better reproduce these files in the future, a constant seed was used
to recreate these files.

.github/SECURITY.md

@@ -16,7 +16,13 @@ the chance that the exploit will be used before a patch is released.
 You may submit a report by emailing us at
 [xz@tukaani.org](mailto:xz@tukaani.org), or through
 [Security Advisories](https://github.com/tukaani-project/xz/security/advisories/new).
-While both options are available, we prefer email.
+While both options are available, we prefer email. In any case, please
+provide a clear description of the vulnerability including:
+
+- Affected versions of XZ Utils
+- Estimated severity (low, moderate, high, critical)
+- Steps to recreate the vulnerability
+- All relevant files (core dumps, build logs, input files, etc.)
 
 This project is maintained by a team of volunteers on a reasonable-effort
 basis. As such, please give us 90 days to work on a fix before

CMakeLists.txt

@@ -333,69 +333,6 @@ endif()
 
 option(BUILD_SHARED_LIBS "Build liblzma as a shared library instead of static")
 
-if(NOT WIN32)
-    # Symbol versioning only affects ELF shared libraries. The option is
-    # ignored for static libraries.
-    #
-    # Determine the default value so that it's always set with
-    # shared libraries in mind which helps if the build dir is reconfigured
-    # from static to shared libs without resetting the cache variables.
-    set(SYMBOL_VERSIONING_DEFAULT OFF)
-
-    if(CMAKE_SYSTEM_NAME STREQUAL "Linux" AND
-            (CMAKE_SYSTEM_PROCESSOR MATCHES "[Mm]icro[Bb]laze" OR
-             CMAKE_C_COMPILER_ID STREQUAL "NVHPC"))
-        # As a special case, GNU/Linux on MicroBlaze gets the generic
-        # symbol versioning because GCC 12 doesn't support the __symver__
-        # attribute on MicroBlaze. On Linux, CMAKE_SYSTEM_PROCESSOR comes
-        # from "uname -m" for native builds (should be "microblaze") or from
-        # the CMake toolchain file (not perfectly standardized but it very
-        # likely has "microblaze" in lower case or mixed case somewhere in
-        # the string).
-        #
-        # NVIDIA HPC Compiler doesn't support symbol versioning but
-        # it uses the linked from the system so the linker script
-        # can still be used to get the generic symbol versioning.
-        set(SYMBOL_VERSIONING_DEFAULT "generic")
-
-    elseif(CMAKE_SYSTEM_NAME STREQUAL "Linux")
-        # GNU/Linux-specific symbol versioning for shared liblzma.
-        # This includes a few extra compatibility symbols for RHEL/CentOS 7
-        # which are pointless on non-glibc non-Linux systems.
-        #
-        # Avoid symvers on Linux with non-glibc like musl and uClibc.
-        # In Autoconf it's enough to check that $host_os equals linux-gnu
-        # instead of, for example, linux-musl. CMake doesn't provide such
-        # a method.
-        #
-        # This check is here for now since it's not strictly required
-        # by anything else.
-        check_c_source_compiles(
-                "#include <features.h>
-                #if defined(__GLIBC__) && !defined(__UCLIBC__)
-                int main(void) { return 0; }
-                #else
-                compile error
-                #endif
-            "
-            IS_LINUX_WITH_GLIBC)
-
-        if(IS_LINUX_WITH_GLIBC)
-            set(SYMBOL_VERSIONING_DEFAULT "linux")
-        endif()
-
-    elseif(CMAKE_SYSTEM_NAME STREQUAL "FreeBSD")
-        set(SYMBOL_VERSIONING_DEFAULT "generic")
-    endif()
-
-    set(SYMBOL_VERSIONING "${SYMBOL_VERSIONING_DEFAULT}" CACHE STRING
-        "Enable ELF shared library symbol versioning (OFF, generic, linux)")
-
-    # Show a dropdown menu in CMake GUI:
-    set_property(CACHE SYMBOL_VERSIONING PROPERTY STRINGS "OFF;generic;linux")
-endif()
-
-
 add_library(liblzma
     src/common/mythread.h
     src/common/sysdefs.h
@@ -1339,7 +1276,22 @@ if(WIN32)
         # Disable __declspec(dllimport) when linking against static liblzma.
         target_compile_definitions(liblzma INTERFACE LZMA_API_STATIC)
     endif()
-elseif(BUILD_SHARED_LIBS AND SYMBOL_VERSIONING STREQUAL "linux")
+elseif(BUILD_SHARED_LIBS AND CMAKE_SYSTEM_NAME STREQUAL "Linux" AND
+       NOT CMAKE_SYSTEM_PROCESSOR MATCHES "[Mm]icro[Bb]laze")
+    # GNU/Linux-specific symbol versioning for shared liblzma.
+    # This includes a few extra compatibility symbols for RHEL/CentOS 7
+    # which are pointless on non-glibc non-Linux systems.
+    #
+    # As a special case, GNU/Linux on MicroBlaze gets the generic
+    # symbol versioning because GCC 12 doesn't support the __symver__
+    # attribute on MicroBlaze. On Linux, CMAKE_SYSTEM_PROCESSOR comes
+    # from "uname -m" for native builds (should be "microblaze") or from
+    # the CMake toolchain file (not perfectly standardized but it very
+    # likely has "microblaze" in lower case or mixed case somewhere in
+    # the string).
+    #
+    # FIXME? Avoid symvers on Linux with non-glibc like musl?
+    #
     # Note that adding link options doesn't affect static builds
     # but HAVE_SYMBOL_VERSIONS_LINUX must not be used with static builds
     # because it would put symbol versions into the static library which
@@ -1355,7 +1307,10 @@ elseif(BUILD_SHARED_LIBS AND SYMBOL_VERSIONING STREQUAL "linux")
     set_target_properties(liblzma PROPERTIES
         LINK_DEPENDS "${CMAKE_CURRENT_SOURCE_DIR}/src/liblzma/liblzma_linux.map"
     )
-elseif(BUILD_SHARED_LIBS AND SYMBOL_VERSIONING STREQUAL "generic")
+elseif(BUILD_SHARED_LIBS AND (CMAKE_SYSTEM_NAME STREQUAL "FreeBSD" OR
+                              CMAKE_SYSTEM_NAME STREQUAL "Linux"))
+    # Generic symbol versioning for shared liblzma is used on FreeBSD and
+    # also on GNU/Linux on MicroBlaze.
     target_link_options(liblzma PRIVATE
         "-Wl,--version-script=${CMAKE_CURRENT_SOURCE_DIR}/src/liblzma/liblzma_generic.map"
     )

INSTALL

@@ -561,45 +561,10 @@ XZ Utils Installation
                                 sandboxing. If no Landlock support
                                 is found, configure will give an error.
 
-    --enable-symbol-versions[=VARIANT]
-                Use symbol versioning for liblzma shared library.
-                This is enabled by default on GNU/Linux (glibc only),
-                other GNU-based systems, and FreeBSD.
-
-                Symbol versioning is never used for static liblzma. This
-                option is ignored when not building a shared library.
-
-                Supported VARIANTs:
-
-                        no      Disable symbol versioning. This is the
-                                same as using --disable-symbol-versions.
-
-                        auto    Autodetect between "no", "linux",
-                                and "generic".
-
-                        yes     Autodetect between "linux" and
-                                "generic". This forces symbol
-                                versioning to be used when
-                                building a shared library.
-
-                        generic Generic version is the default for
-                                FreeBSD and GNU/Linux on MicroBlaze.
-
-                                This is also used on GNU/Linux when
-                                building with NVIDIA HPC Compiler
-                                because the compiler doesn't support
-                                the features required for the "linux"
-                                variant below.
-
-                        linux   Special version for GNU/Linux (glibc
-                                only). This adds a few extra symbol
-                                versions for compatibility with binaries
-                                that have been linked against a liblzma
-                                version that has been patched with
-                                "xz-5.2.2-compat-libs.patch" from
-                                RHEL/CentOS 7. That patch was used
-                                by some build tools outside of
-                                RHEL/CentOS 7 too.
+    --enable-symbol-versions
+                Use symbol versioning for liblzma. This is enabled by
+                default on GNU/Linux, other GNU-based systems, and
+                FreeBSD.
 
     --enable-debug
                 This enables the assert() macro and possibly some other

THANKS

@@ -76,7 +76,6 @@ has been important. :-) In alphabetical order:
   - Richard Koch
   - Anton Kochkov
   - Ville Koskinen
-  - Sergey Kosukhin
   - Marcin Kowalczyk
   - Jan Kratochvil
   - Christian Kujau

configure.ac

@@ -709,44 +709,23 @@ fi
 # --with-pic and --without-pic though. As long as neither --with-pic nor
 # --without-pic is used then we can use #ifdef PIC to detect if the file is
 # being built for a shared library.
-AS_IF([test "x$enable_symbol_versions" = xno], [
+if test "x$enable_symbol_versions" = xno ; then
 	enable_symbol_versions=no
 	AC_MSG_RESULT([no])
-], [test "x$enable_shared" = xno], [
+elif test "x$enable_shared" = xno ; then
 	enable_symbol_versions=no
 	AC_MSG_RESULT([no (not building a shared library)])
-], [
-	# "yes" means that symbol version are to be used but we need to
-	# autodetect which variant to use.
-	if test "x$enable_symbol_versions" = xyes ; then
+else
 	case "$host_cpu-$host_os" in
 		microblaze*)
-				# GCC 12 on MicroBlaze doesn't support
-				# __symver__ attribute. It's simplest and
-				# safest to use the generic version on that
-				# platform since then only the linker script
-				# is needed. The RHEL/CentOS 7 compatibility
-				# symbols don't matter on MicroBlaze.
+			# GCC 12 on MicroBlaze doesn't support __symver__
+			# attribute. It's simplest and safest to use the
+			# generic version on that platform since then only
+			# the linker script is needed. The RHEL/CentOS 7
+			# compatibility symbols don't matter on MicroBlaze.
 			enable_symbol_versions=generic
 			;;
 		*-linux*)
-				# NVIDIA HPC Compiler doesn't support symbol
-				# versioning but the linker script can still
-				# be used.
-				AC_EGREP_CPP([use_generic_symbol_versioning],
-					[#ifdef __NVCOMPILER
-					use_generic_symbol_versioning
-					#endif],
-					[enable_symbol_versions=generic],
-					[enable_symbol_versions=linux])
-				;;
-			*)
-				enable_symbol_versions=generic
-				;;
-		esac
-	fi
-
-	if test "x$enable_symbol_versions" = xlinux ; then
 			case "$pic_mode-$enable_static" in
 				default-*)
 					# Use symvers if PIC is defined.
@@ -767,6 +746,7 @@ AS_IF([test "x$enable_symbol_versions" = xno], [
     possibly picking only src/liblzma/.libs/liblzma.a from the static build.])
 					;;
 			esac
+			enable_symbol_versions=linux
 			AC_DEFINE_UNQUOTED([HAVE_SYMBOL_VERSIONS_LINUX],
 				[$have_symbol_versions_linux],
 				[Define to 1 to if GNU/Linux-specific details
@@ -777,12 +757,13 @@ AS_IF([test "x$enable_symbol_versions" = xno], [
 				time with Libtool if neither --with-pic nor
 				--without-pic is used). This define must be
 				used together with liblzma_linux.map.])
-	elif test "x$enable_symbol_versions" != xgeneric ; then
-		AC_MSG_RESULT([])
-		AC_MSG_ERROR([unknown symbol versioning variant '$enable_symbol_versions'])
-	fi
+			;;
+		*)
+			enable_symbol_versions=generic
+			;;
+	esac
 	AC_MSG_RESULT([yes ($enable_symbol_versions)])
-])
+fi
 
 AM_CONDITIONAL([COND_SYMVERS_LINUX],
 	[test "x$enable_symbol_versions" = xlinux])

src/liblzma/Makefile.am

@@ -20,7 +20,7 @@ liblzma_la_CPPFLAGS = \
 	-I$(top_srcdir)/src/liblzma/simple \
 	-I$(top_srcdir)/src/common \
 	-DTUKLIB_SYMBOL_PREFIX=lzma_
-liblzma_la_LDFLAGS = -no-undefined -version-info 11:99:6
+liblzma_la_LDFLAGS = -no-undefined -version-info 11:1:6
 
 EXTRA_DIST += liblzma_generic.map liblzma_linux.map validate_map.sh
 if COND_SYMVERS_GENERIC

src/liblzma/api/lzma/version.h

@@ -19,10 +19,10 @@
 #define LZMA_VERSION_MAJOR 5
 
 /** \brief Minor version number of the liblzma release. */
-#define LZMA_VERSION_MINOR 7
+#define LZMA_VERSION_MINOR 6
 
 /** \brief Patch version number of the liblzma release. */
-#define LZMA_VERSION_PATCH 0
+#define LZMA_VERSION_PATCH 1
 
 /**
  * \brief Version stability marker
@@ -32,7 +32,7 @@
  *   - LZMA_VERSION_STABILITY_BETA
  *   - LZMA_VERSION_STABILITY_STABLE
  */
-#define LZMA_VERSION_STABILITY LZMA_VERSION_STABILITY_ALPHA
+#define LZMA_VERSION_STABILITY LZMA_VERSION_STABILITY_STABLE
 
 /** \brief Commit version number of the liblzma release */
 #ifndef LZMA_VERSION_COMMIT

src/liblzma/common/memcmplen.h

@@ -67,19 +67,6 @@ lzma_memcmplen(const uint8_t *buf1, const uint8_t *buf2,
 	// This is only for x86-64 and ARM64 for now. This might be fine on
 	// other 64-bit processors too. On big endian one should use xor
 	// instead of subtraction and switch to __builtin_clzll().
-	//
-	// Reasons to use subtraction instead of xor:
-	//
-	//   - On some x86-64 processors (Intel Sandy Bridge to Tiger Lake),
-	//     sub+jz and sub+jnz can be fused but xor+jz or xor+jnz cannot.
-	//     Thus using subtraction has potential to be a tiny amount faster
-	//     since the code checks if the quotient is non-zero.
-	//
-	//   - Some processors (Intel Pentium 4) used to have more ALU
-	//     resources for add/sub instructions than and/or/xor.
-	//
-	// The processor info is based on Agner Fog's microarchitecture.pdf
-	// version 2023-05-26. https://www.agner.org/optimize/
 #define LZMA_MEMCMPLEN_EXTRA 8
 	while (len < limit) {
 		const uint64_t x = read64ne(buf1 + len) - read64ne(buf2 + len);

src/liblzma/common/string_conversion.c

@@ -217,14 +217,12 @@ typedef struct {
 	uint16_t offset;
 
 	union {
-		// NVHPC has problems with unions that contain pointers that
-		// are not the first members, so keep "map" at the top.
-		const name_value_map *map;
-
 		struct {
 			uint32_t min;
 			uint32_t max;
 		} range;
+
+		const name_value_map *map;
 	} u;
 } option_map;
 

src/liblzma/delta/delta_decoder.c

@@ -25,11 +25,6 @@ decode_buffer(lzma_delta_coder *coder, uint8_t *buffer, size_t size)
 }
 
 
-// For an unknown reason NVIDIA HPC Compiler needs this pragma
-// to produce working code.
-#ifdef __NVCOMPILER
-#	pragma routine novector
-#endif
 static lzma_ret
 delta_decode(void *coder_ptr, const lzma_allocator *allocator,
 		const uint8_t *restrict in, size_t *restrict in_pos,

src/liblzma/rangecoder/range_decoder.h

@@ -45,7 +45,6 @@
 //     and different processors. Overall 0x1F0 seems to be the best choice.
 #ifndef LZMA_RANGE_DECODER_CONFIG
 #	if defined(__x86_64__) && !defined(__ILP32__) \
-			&& !defined(__NVCOMPILER) \
 			&& (defined(__GNUC__) || defined(__clang__))
 #		define LZMA_RANGE_DECODER_CONFIG 0x1F0
 #	else