Remove the backdoor found in 5.6.0 and 5.6.1 (CVE-2024-3094). · tukaani-project/xz@e93e13c

2 min read Original article ↗

@@ -41,8 +41,6 @@

4141

good-0catpad-empty.xz has two zero-Block Streams concatenated with

4242

four-byte Stream Padding between the Streams.

434344-

good-2cat.xz has two Streams with one Block each.

45-4644

good-1-check-none.xz has one Stream with one Block with two

4745

uncompressed LZMA2 chunks and no integrity check.

48468381

good-1-arm64-lzma2-2.xz is like good-1-arm64-lzma2-1.xz but with

8482

non-zero start offset. XZ Embedded doesn't support this file.

858386-

good-1-riscv-lzma2-1.xz uses the RISC-V filter and LZMA2. The

87-

uncompressed data is constructed so it tests all of the instructions

88-

that should be encoded and a few that should not. Additionally, the

89-

file contains random bytes to help test unforeseen corner cases.

90-91-

good-1-riscv-lzma2-2.xz is like good-1-riscv-lzma2-1.xz but with

92-

non-zero start offset. XZ Embedded doesn't support this file.

93-9484

good-1-lzma2-1.xz has two LZMA2 chunks, of which the second sets

9585

new properties.

9686294284

Uncompressed Size bytes of output will have been produced but

295285

the LZMA2 decoder doesn't indicate end of stream.

296286297-

bad-3-corrupt_lzma2.xz has three Streams in it. The first and third

298-

streams are valid xz Streams. The middle Stream has a correct Stream

299-

Header, Block Header, Index and Stream Footer. Only the LZMA2 data

300-

is corrupt. This file should decompress if --single-stream is used.

301-302287303288

3. Descriptions of Individual .lzma Files

304289

@@ -315,14 +300,6 @@

315300

will give an error at the end of the file after producing the

316301

correct uncompressed output.

317302318-

good-small_compressed.lzma was created with a small dictionary (2^16).

319-

It contains the string "Hello World" repeated 100,000 times. This tests

320-

match decoding and wrapping the dictionary.

321-322-

good-large_compressed.lzma was created with a mix of repeated

323-

characters and random data to test a data stream containing many

324-

matches and many literals.

325-326303327304

3.2. Bad Files

328305

@@ -344,10 +321,6 @@

344321

bad-too_small_size-without_eopm-3.lzma is like -1 above but instead

345322

of a literal the problem occurs in the middle of a match.

346323347-

bad-dict_size.lzma has a valid dictionary size according to the .lzma

348-

File Format, but will be rejected by XZ Utils because it is not 2^n or

349-

2^n + 2^(n-1).

350-351324352325

4. Descriptions of Individual .lz (lzip) Files

353326