This commit reverts 8db56defa7,
rolling back the vendor import of xz 5.6.0 and restoring the
package to version 5.4.5.
The revert was not directly due to the attack (CVE-2024-3094):
our import process have removed the test cases and build scripts
that would have enabled the attack. However, reverting would
help to reduce potential confusion and false positives from
security scanners that assess risk based solely on version
numbers.
Another commit will follow to restore binary compatibility with
the liblzma 5.6.0 library by making the previously private
symbol (lzma_mt_block_size) public.
PR: 278127
MFC after: 3 days
- Update xz to 5.2.1, where the most visible change is that it
fixed a compression-ratio regression in fast mode LZMA1 and
LZMA2 and used cpuset_getaffinity() for CPU cores detection.
- Make liblzma use the base system SHA256 implementation instead of
the bundled one.
- Additional annotation in config.h for FreeBSD specific tweaks.
- Refresh symbols in XZprivate_1.0 to reflect reality.
Relnotes: yes
MFC after: 1 month (TBD)
This brings support for multi-threaded compression. This brings close
N times faster compression where N is the number of CPU cores.
Because of this, liblzma now depends on libthr.
Soon libarchive will be modified to use the new lzma API.
Thanks to antoine@ for the exp-run.
Differential Revision: https://reviews.freebsd.org/D1786
Reviewed by: bapt