Skip to content

XZ Utils 5.8.1 (stable)

Latest
Latest

Choose a tag to compare

View all tags
@Larhzu Larhzu released this 03 Apr 15:04
· 80 commits to master since this release
v5.8.1
This tag was signed with the committer’s verified signature.
Larhzu Lasse Collin
GPG key ID: 38EE757D69184620
Verified
Learn about vigilant mode.
a522a22
This commit was signed with the committer’s verified signature.
Larhzu Lasse Collin
GPG key ID: 38EE757D69184620
Verified
Learn about vigilant mode.

IMPORTANT: This includes a security fix for CVE-2025-31115 which affects XZ Utils from 5.3.3alpha to 5.8.0. See the security advisory for details.

5.8.1 (2025-04-03)

    * Multithreaded .xz decoder (lzma_stream_decoder_mt()):

        - Fix a bug that could at least result in a crash with
          invalid input. (CVE-2025-31115)

        - Fix a performance bug: Only one thread was used if the whole
          input file was provided at once to lzma_code(), the output
          buffer was big enough, timeout was disabled, and LZMA_FINISH
          was used. There are no bug reports about this, thus it's
          possible that no real-world application was affected.

    * Avoid <stdalign.h> even with C11/C17 compilers. This fixes the
      build with Oracle Developer Studio 12.6 on Solaris 10 when the
      compiler is in C11 mode (the header doesn't exist).

    * Autotools: Restore compatibility with GNU make versions older
      than 4.0 by creating the package using GNU gettext 0.23.1
      infrastructure instead of 0.24.

    * Update Croatian translation.
Assets 13
Loading