[Toybox] [PATCH] Clean up xz a good amount
Oliver Webb
aquahobbyist at proton.me
Fri Mar 29 15:50:12 PDT 2024
> > ah, crap, that's another thing to put on the riscv64 to-do list...
> > (thanks for bringing that to light!)
>
> so, TIL that upstream already added a risc-v bcj implementation...
I always thought that the xz decompresser we use in toybox ("xx-embeded") and the main
one (The one with the CVE) were different projects (Separate git repos, one is much slower
than the other, etc). That being said, There are 0BSD licensed parts in the xz repo
(one of SIX different licenses).
> (rob will of course be delighted to hear of systemd's involvement in
> the exploit chain :-) )
Who would've known that a over-complicated, extremely large hairball with a massive dependency chain
that tries to consume _everything_ makes it easy to perform exploits.
- Oliver Webb <aquahobbyist at proton.me>
More information about the Toybox
mailing list