Debian Patches

Status for xz-utils/5.4.1-1

Patch Description Author Forwarded Bugs Origin Last update
Translations-Add-Brazilian-Portuguese-translation-of-man-.patch Translations: Add Brazilian Portuguese translation of man pages.
Thanks to Rafael Fontenelle.		 Jia Tan <jiat0218@gmail.com> no 2023-01-27
po-pt_BR-Revert-changes-from-the-release.patch po/pt_BR: Revert changes from the release. Sebastian Andrzej Siewior <sebastian@breakpoint.cc> no 2023-01-30
Translations-Update-the-Brazilian-Portuguese-translation.patch Translations: Update the Brazilian Portuguese translation. Jia Tan <jiat0218@gmail.com> no 2023-01-13
Add-da.po-based-on-translation-from-manpages-l10n.patch Add da.po based on translation from manpages-l10n. Sebastian Andrzej Siewior <sebastian@breakpoint.cc> no 2023-02-12
liblzma-Add-assertions-to-lzma_bufcpy.patch liblzma: Add assertions to lzma_bufcpy()
(cherry picked from commit b9d168eee4fb6393b4fe207c0aeb5faee316ca1a)		 Lasse Collin <lasse.collin@tukaani.org> no 2025-04-03
liblzma-mt-dec-Fix-a-comment.patch liblzma: mt dec: Fix a comment
(cherry picked from commit 831b55b971cf579ee16a854f177c36b20d3c6999)		 Lasse Collin <lasse.collin@tukaani.org> no 2025-04-03
liblzma-mt-dec-Simplify-by-removing-the-THR_STOP-state.patch liblzma: mt dec: Simplify by removing the THR_STOP state
The main thread can directly set THR_IDLE in threads_stop() which is
called when errors are detected. threads_stop() won't return the stopped
threads to the pool or free the memory pointed by thr->in anymore, but
it doesn't matter because the existing workers won't be reused after
an error. The resources will be cleaned up when threads_end() is
called (reinitializing the decoder always calls threads_end()).

(cherry picked from commit c0c835964dfaeb2513a3c0bdb642105152fe9f34)		 Lasse Collin <lasse.collin@tukaani.org> no 2025-04-03
liblzma-mt-dec-Don-t-free-the-input-buffer-too-early-CVE-.patch liblzma: mt dec: Don't free the input buffer too early (CVE-2025-31115)

The input buffer must be valid as long as the main thread is writing
to the worker-specific input buffer. Fix it by making the worker
thread not free the buffer on errors and not return the worker thread to
the pool. The input buffer will be freed when threads_end() is called.

With invalid input, the bug could at least result in a crash. The
effects include heap use after free and writing to an address based
on the null pointer plus an offset.

The bug has been there since the first committed version of the threaded
decoder and thus affects versions from 5.3.3alpha to 5.8.0.

As the commit message in 4cce3e27f529 says, I had made significant
changes on top of Sebastian's patch. This bug was indeed introduced
by my changes; it wasn't in Sebastian's version.

Thanks to Harri K. Koskinen for discovering and reporting this issue.

(cherry picked from commit d5a2ffe41bb77b918a8c96084885d4dbe4bf6480)		 Lasse Collin <lasse.collin@tukaani.org> no 2025-04-03
liblzma-mt-dec-Don-t-modify-thr-in_size-in-the-worker-thr.patch liblzma: mt dec: Don't modify thr->in_size in the worker thread
Don't set thr->in_size = 0 when returning the thread to the stack of
available threads. Not only is it useless, but the main thread may
read the value in SEQ_BLOCK_THR_RUN. With valid inputs, it made
no difference if the main thread saw the original value or 0. With
invalid inputs (when worker thread stops early), thr->in_size was
no longer modified after the previous commit with the security fix
("Don't free the input buffer too early").

So while the bug appears harmless now, it's important to fix it because
the variable was being modified without proper locking. It's trivial
to fix because there is no need to change the value. Only main thread
needs to set the value in (in SEQ_BLOCK_THR_INIT) when starting a new
Block before the worker thread is activated.

(cherry picked from commit 8188048854e8d11071b8a50d093c74f4c030acc9)		 Lasse Collin <lasse.collin@tukaani.org> no 2025-04-03

All known versions for source package 'xz-utils'

Links