Conversation
Context: https://tukaani.org/xz-backdoor/ In light of the recently discovered backdoor in xz-utils and its GitHub repository being blocked, remove the submodule from LibZipSharp and remove all the code to enable lzma compression support in it. Note that XZ support was disabled by default and was never released as part of any official LibZipSharp nugets/binaries, therefore we are not affected in any form or shape by the issue. The submodule is removed so that it is possible to clone and initialize this repository. When the issues surrounding xz-utils are fixed, we can restore support by reverting this commit.
pjcollins
approved these changes
Apr 2, 2024
grendello
added a commit
that referenced
this pull request
Apr 2, 2024
* main: Remove LZMA (XZ) support (#139)
jonpryor
pushed a commit
to dotnet/android
that referenced
this pull request
Jun 26, 2024
Context: #8988 Changes: dotnet/android-libzipsharp@3.1.1...3.3.0 * dotnet/android-libzipsharp@de57dcc: Add xml comments. Centralize the dotnet target framework (dotnet/android-libzipsharp#143) * dotnet/android-libzipsharp@b541b87: Fix the elusive invalid zip archive issue that has been a problem for ages! (dotnet/android-libzipsharp#142) * dotnet/android-libzipsharp@c2ae332: Update OneLocBuildToken (dotnet/android-libzipsharp#141) * dotnet/android-libzipsharp@4fef46a: Bump library versions for the latest upstream releases (dotnet/android-libzipsharp#140) * dotnet/android-libzipsharp@14f591c: Remove LZMA (XZ) support (dotnet/android-libzipsharp#139) * dotnet/android-libzipsharp@336a86f: [ci] Use managed identity for API Scan (dotnet/android-libzipsharp#138) * dotnet/android-libzipsharp@8bc799c: [ci] Add API Scan job (dotnet/android-libzipsharp#132) * dotnet/android-libzipsharp@afef4b2: [ci] Improve binskim scan performance (dotnet/android-libzipsharp#137) * dotnet/android-libzipsharp@577147e: [ci] Migrate to the 1ES template (dotnet/android-libzipsharp#135) Changes: xamarin/monodroid@c6aae9e...e11d9a5 * xamarin/monodroid@e11d9a5af: Bump to LibZipSharp 3.3.0 (xamarin/monodroid#1493) * xamarin/monodroid@c9e71ebe5: Bump to xamarin/xamarin-android/main@eb7fdf7 (xamarin/monodroid#1495) * xamarin/monodroid@5c344d7c2: Bump to xamarin/android-sdk-installer@cc43d20d (xamarin/monodroid#1498) * xamarin/monodroid@004875391: Bump to xamarin/androidtools@0884384b (xamarin/monodroid#1496) dotnet/android-libzipsharp@b541b87 fixes an odd corrupt zip file issue which kept cropping up on our Azure Pipelines builds.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Context: https://tukaani.org/xz-backdoor/
In light of the recently discovered backdoor in xz-utils and its
GitHub repository being blocked, remove the submodule from LibZipSharp
and remove all the code to enable lzma compression support in it.
Note that XZ support was disabled by default and was never released
as part of any official LibZipSharp nugets/binaries, therefore we
are not affected in any form or shape by the issue.
The submodule is removed so that it is possible to clone and initialize
this repository. When the issues surrounding xz-utils are fixed, we can
restore support by reverting this commit.