IMPORTANT: This includes a security fix for CVE-2025-31115 which affects XZ Utils from 5.3.3alpha to 5.8.0. See the security advisory for details.
5.8.1 (2025-04-03)
* Multithreaded .xz decoder (lzma_stream_decoder_mt()):
- Fix a bug that could at least result in a crash with
invalid input. (CVE-2025-31115)
- Fix a performance bug: Only one thread was used if the whole
input file was provided at once to lzma_code(), the output
buffer was big enough, timeout was disabled, and LZMA_FINISH
was used. There are no bug reports about this, thus it's
possible that no real-world application was affected.
* Avoid <stdalign.h> even with C11/C17 compilers. This fixes the
build with Oracle Developer Studio 12.6 on Solaris 10 when the
compiler is in C11 mode (the header doesn't exist).
* Autotools: Restore compatibility with GNU make versions older
than 4.0 by creating the package using GNU gettext 0.23.1
infrastructure instead of 0.24.
* Update Croatian translation.