Info: XZ library and vcpkg

otland / forgottenserver

A free and open-source MMORPG server emulator written in C++

https://otland.net

GNU General Public License v2.0

1.57k stars 1.05k forks source link

Info: XZ library and vcpkg #4639

Closed ArturKnopik closed 4 months ago

ArturKnopik commented 5 months ago

XZ library is down due backdoor issue. It's affect vcpkg library instalation. (other way to setup project not tested)

more info: https://arstechnica.com/security/2024/03/backdoor-found-in-widely-used-linux-utility-breaks-encrypted-ssh-connections/

fabsantandrea commented 5 months ago

I found this solution https://github.com/microsoft/vcpkg/issues/37839#issuecomment-2028011285

ArturKnopik commented 5 months ago

i know this solution, now I have to ask whether this fork has a backdoor. The description may suggest that yes. "Unofficial mirror of git.tukaani.org/xz.git. Updated daily." last tag: v5.6.1 - backdoor is there

For development this workaround is enaught.