MFV: xz 5.6.2.

MFC after:	4 weeks

contrib/xz/AUTHORS

@@ -2,38 +2,57 @@
 Authors of XZ Utils
 ===================
 
-    XZ Utils is developed and maintained by Lasse Collin
-    <[email protected]> and Jia Tan <[email protected]>.
+    XZ Utils is developed and maintained by
+    Lasse Collin <[email protected]>.
 
     Major parts of liblzma are based on code written by Igor Pavlov,
     specifically the LZMA SDK <https://7-zip.org/sdk.html>. Without
     this code, XZ Utils wouldn't exist.
 
-    The SHA-256 implementation in liblzma is based on the code found from
-    7-Zip <https://7-zip.org/>, which has a modified version of the SHA-256
-    code found from Crypto++ <https://www.cryptopp.com/>. The SHA-256 code
-    in Crypto++ was written by Kevin Springle and Wei Dai.
+    The SHA-256 implementation in liblzma is based on code written by
+    Wei Dai in Crypto++ Library <https://www.cryptopp.com/>.
 
-    Some scripts have been adapted from gzip. The original versions
-    were written by Jean-loup Gailly, Charles Levert, and Paul Eggert.
-    Andrew Dudman helped adapting the scripts and their man pages for
-    XZ Utils.
+    A few scripts have been adapted from GNU gzip. The original
+    versions were written by Jean-loup Gailly, Charles Levert, and
+    Paul Eggert. Andrew Dudman helped adapting the scripts and their
+    man pages for XZ Utils.
 
     The initial version of the threaded .xz decompressor was written
     by Sebastian Andrzej Siewior.
 
     The initial version of the .lz (lzip) decoder was written
     by Michał Górny.
 
-    CLMUL-accelerated CRC code was contributed by Ilya Kurdyukov.
+    Architecture-specific CRC optimizations were contributed by
+    Ilya Kurdyukov, Hans Jansen, and Chenxi Mao.
 
     Other authors:
       - Jonathan Nieder
       - Joachim Henke
 
-    The GNU Autotools-based build system contains files from many authors,
-    which I'm not trying to list here.
+    Special author: Jia Tan was a co-maintainer in 2022-2024. He and
+    the team behind him inserted a backdoor (CVE-2024-3094) into
+    XZ Utils 5.6.0 and 5.6.1 releases. He suddenly disappeared when
+    this was discovered.
 
-    Several people have contributed fixes or reported bugs. Most of them
-    are mentioned in the file THANKS.
+    Many people have contributed improvements or reported bugs.
+    Most of these people are mentioned in the file THANKS.
+
+    The translations of the command line tools and man pages have been
+    contributed by many people via the Translation Project:
+
+      - https://translationproject.org/domain/xz.html
+      - https://translationproject.org/domain/xz-man.html
+
+    The authors of the translated man pages are in the header comments
+    of the man page files. In the source package, the authors of the
+    translations are in po/*.po and po4a/*.po files.
+
+    Third-party code whose authors aren't listed here:
+
+      - GNU getopt_long() in the 'lib' directory is included for
+        platforms that don't have a usable getopt_long().
+
+      - The build system files from GNU Autoconf, GNU Automake,
+        GNU Libtool, GNU Gettext, Autoconf Archive, and related files.
 

contrib/xz/COPYING

@@ -3,74 +3,81 @@ XZ Utils Licensing
 ==================
 
     Different licenses apply to different files in this package. Here
-    is a rough summary of which licenses apply to which parts of this
-    package (but check the individual files to be sure!):
+    is a summary of which licenses apply to which parts of this package:
 
-      - liblzma is in the public domain.
+      - liblzma is under the BSD Zero Clause License (0BSD).
 
-      - xz, xzdec, and lzmadec command line tools are in the public
-        domain unless GNU getopt_long had to be compiled and linked
-        in from the lib directory. The getopt_long code is under
-        GNU LGPLv2.1+.
+      - The command line tools xz, xzdec, lzmadec, and lzmainfo are
+        under 0BSD except that, on systems that don't have a usable
+        getopt_long, GNU getopt_long is compiled and linked in from the
+        'lib' directory. The getopt_long code is under GNU LGPLv2.1+.
 
       - The scripts to grep, diff, and view compressed files have been
-        adapted from gzip. These scripts and their documentation are
-        under GNU GPLv2+.
+        adapted from GNU gzip. These scripts (xzgrep, xzdiff, xzless,
+        and xzmore) are under GNU GPLv2+. The man pages of the scripts
+        are under 0BSD; they aren't based on the man pages of GNU gzip.
 
-      - All the documentation in the doc directory and most of the
-        XZ Utils specific documentation files in other directories
-        are in the public domain.
+      - Most of the XZ Utils specific documentation that is in
+        plain text files (like README, INSTALL, PACKAGERS, NEWS,
+        and ChangeLog) are under 0BSD unless stated otherwise in
+        the file itself. The files xz-file-format.txt and
+        lzma-file-format.xt are in the public domain but may
+        be distributed under the terms of 0BSD too.
 
-        Note: The JavaScript files (under the MIT license) have
-        been removed from the Doxygen-generated HTML version of the
-        liblzma API documentation. Doxygen itself is under the GNU GPL
-        but the remaining files generated by Doxygen are not affected
-        by the licenses used in Doxygen because Doxygen licensing has
-        the following exception:
+      - Translated messages and man pages are under 0BSD except that
+        some old translations are in the public domain.
 
-            "Documents produced by doxygen are derivative works
-            derived from the input used in their production;
-            they are not affected by this license."
+      - Test files and test code in the 'tests' directory, and
+        debugging utilities in the 'debug' directory are under
+        the BSD Zero Clause License (0BSD).
 
-      - Translated messages are in the public domain.
+      - The GNU Autotools based build system contains files that are
+        under GNU GPLv2+, GNU GPLv3+, and a few permissive licenses.
+        These files don't affect the licensing of the binaries being
+        built.
 
-      - The build system contains public domain files, and files that
-        are under GNU GPLv2+ or GNU GPLv3+. None of these files end up
-        in the binaries being built.
+      - The 'extra' directory contains files that are under various
+        free software licenses. These aren't built or installed as
+        part of XZ Utils.
 
-      - Test files and test code in the tests directory, and debugging
-        utilities in the debug directory are in the public domain.
+    For the files under the BSD Zero Clause License (0BSD), if
+    a copyright notice is needed, the following is sufficient:
 
-      - The extra directory may contain public domain files, and files
-        that are under various free software licenses.
+        Copyright (C) The XZ Utils authors and contributors
 
-    You can do whatever you want with the files that have been put into
-    the public domain. If you find public domain legally problematic,
-    take the previous sentence as a license grant. If you still find
-    the lack of copyright legally problematic, you have too many
-    lawyers.
-
-    As usual, this software is provided "as is", without any warranty.
-
-    If you copy significant amounts of public domain code from XZ Utils
+    If you copy significant amounts of 0BSD-licensed code from XZ Utils
     into your project, acknowledging this somewhere in your software is
     polite (especially if it is proprietary, non-free software), but
-    naturally it is not legally required. Here is an example of a good
-    notice to put into "about box" or into documentation:
+    it is not legally required by the license terms. Here is an example
+    of a good notice to put into "about box" or into documentation:
 
         This software includes code from XZ Utils <https://tukaani.org/xz/>.
 
     The following license texts are included in the following files:
+      - COPYING.0BSD: BSD Zero Clause License
       - COPYING.LGPLv2.1: GNU Lesser General Public License version 2.1
       - COPYING.GPLv2: GNU General Public License version 2
       - COPYING.GPLv3: GNU General Public License version 3
 
-    Note that the toolchain (compiler, linker etc.) may add some code
-    pieces that are copyrighted. Thus, it is possible that e.g. liblzma
-    binary wouldn't actually be in the public domain in its entirety
-    even though it contains no copyrighted code from the XZ Utils source
-    package.
-
-    If you have questions, don't hesitate to ask the author(s) for more
-    information.
+    A note about old XZ Utils releases:
+
+        XZ Utils releases 5.4.6 and older and 5.5.1alpha have a
+        significant amount of code put into the public domain and
+        that obviously remains so. The switch from public domain to
+        0BSD for newer releases was made in Febrary 2024 because
+        public domain has (real or perceived) legal ambiguities in
+        some jurisdictions.
+
+        There is very little *practical* difference between public
+        domain and 0BSD. The main difference likely is that one
+        shouldn't claim that 0BSD-licensed code is in the public
+        domain; 0BSD-licensed code is copyrighted but available under
+        an extremely permissive license. Neither 0BSD nor public domain
+        require retaining or reproducing author, copyright holder, or
+        license notices when distributing the software. (Compare to,
+        for example, BSD 2-Clause "Simplified" License which does have
+        such requirements.)
+
+    If you have questions, don't hesitate to ask for more information.
+    The contact information is in the README file.
 

contrib/xz/COPYING.0BSD

@@ -0,0 +1,11 @@
+Permission to use, copy, modify, and/or distribute this
+software for any purpose with or without fee is hereby granted.
+
+THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL
+WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED
+WARRANTIES OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL
+THE AUTHOR BE LIABLE FOR ANY SPECIAL, DIRECT, INDIRECT, OR
+CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
+LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT,
+NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN
+CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.