mirror of
https://github.com/microsoft/vcpkg.git
synced 2024-12-27 18:31:15 +08:00
ce1916404f
Resolves https://github.com/microsoft/vcpkg/issues/37839 Reverts #37199 See https://www.openwall.com/lists/oss-security/2024/03/29/4 Note that the version database is unmodified, only the baseline is changed. Because vcpkg builds liblzma from cmake sources downloaded from github and this backdoor required modifications only present in the release tarballs, it is our belief that vcpkg customers are not affected by this problem. However, we are reverting this version out of an abundance of caution as the threat actor clearly has broad access to liblzma infrastructure, and because we believe customers will start flagging this package by version as being a problem.
24 lines
450 B
JSON
24 lines
450 B
JSON
{
|
|
"name": "liblzma",
|
|
"version": "5.4.4",
|
|
"description": "Compression library with an API similar to that of zlib.",
|
|
"homepage": "https://tukaani.org/xz/",
|
|
"license": null,
|
|
"dependencies": [
|
|
{
|
|
"name": "vcpkg-cmake",
|
|
"host": true
|
|
},
|
|
{
|
|
"name": "vcpkg-cmake-config",
|
|
"host": true
|
|
}
|
|
],
|
|
"features": {
|
|
"tools": {
|
|
"description": "Build tools",
|
|
"supports": "!windows, mingw"
|
|
}
|
|
}
|
|
}
|