El Fri, 29 Mar 2024 22:55:26 +0100
Christian Weisgerber escribió:
> Christian Weisgerber:
>
> > > It sounds like a backdoor made it into the upstream repository:
> > > https://www.openwall.com/lists/oss-security/2024/03/29/4
> >
> > Yes, I just learned. I am investigating.
>
> The xz
Christian Weisgerber:
> If the script continued, it would fail because it uses "head -c"
> and "tail -c" which are a nonstandard extension that the corresponding
> OpenBSD commands don't support.
Actually, "tail -c" is in POSIX and available on OpenBSD.
Still would fail for "head -c",
Christian Weisgerber:
> > It sounds like a backdoor made it into the upstream repository:
> > https://www.openwall.com/lists/oss-security/2024/03/29/4
>
> Yes, I just learned. I am investigating.
The xz 5.6.1 update hasn't been committed yet, so this mostly
concerns only me anyway.
* A
Thanks, Christian!
On Fri, Mar 29, 2024 at 4:35 PM Christian Weisgerber
wrote:
> Jesse Darrone:
>
> > I hate to raise the alarm, but it looks like this should be scrutinized.
> >
> > It sounds like a backdoor made it into the upstream repository:
> >
Jesse Darrone:
> I hate to raise the alarm, but it looks like this should be scrutinized.
>
> It sounds like a backdoor made it into the upstream repository:
> https://www.openwall.com/lists/oss-security/2024/03/29/4
Yes, I just learned. I am investigating.
FWIW, I did look over the complete
Hello,
I hate to raise the alarm, but it looks like this should be scrutinized.
It sounds like a backdoor made it into the upstream repository:
https://www.openwall.com/lists/oss-security/2024/03/29/4
On Mon, Mar 18, 2024 at 4:15 AM Christian Weisgerber
wrote:
> archivers/xz: update to 5.
archivers/xz: update to 5.6.1
* Multithreaded mode is now the default.
* New command line options to set filter chains using the liblzma filter
string syntax.
* Significant speed optimizations to the LZMA decoder.
I have added runtime detection code to check for CRC32 instructions
to speed