macOS
brew install xzlocal Homebrew formula metadata
sudo port install xzMacPorts ports tree · archivers/xz/Portfile · 来源: api.github.com
安装
brew install xzlocal Homebrew formula metadata
sudo port install xzMacPorts ports tree · archivers/xz/Portfile · 来源: api.github.com
sudo apk add xzAlpine Linux edge package indexes · xz · 来源: dl-cdn.alpinelinux.org
sudo dnf install xzFedora Rawhide package metadata · xz · 来源: dl.fedoraproject.org
nix profile install nixpkgs#xznixpkgs package indexes · xz · 来源: raw.githubusercontent.com
sudo pacman -S xzArch Linux sync databases · xz · 来源: geo.mirror.pkgbuild.com
sudo zypper install xzopenSUSE Tumbleweed package metadata · xz · 来源: download.opensuse.org
scoop install main/xzScoop official bucket manifest trees · bucket/xz.json · 来源: api.github.com
概览
General-purpose data compression with high compression ratio
历史
XZ Utils is the standard free-software implementation of the .xz container format, the LZMA2 compression method, and liblzma. It matters to package ecosystems because .tar.xz release archives, source packages, initramfs images, distribution payloads, and build systems rely on xz and liblzma for high-ratio lossless compression.
XZ Utils comes from the Tukaani Project and the earlier LZMA Utils lineage maintained by Lasse Collin. The project generalized Igor Pavlov's LZMA-family compression ideas into the .xz format and liblzma API used by Unix-like systems.
The 5.0.0 release on 2010-10-23 was a major packaging milestone because the NEWS file marks liblzma API and ABI as stable and bumps the shared-library soname to 5.0.0. From a distro perspective, that turned xz from a promising compressor into a dependable system library.
The project continued to evolve around multithreading, build-system support, portability, translated documentation, and platform coverage. The official site lists support across GNU/Linux, BSDs, macOS/Darwin, Solaris, AIX, Windows, DOS, and several more specialized systems, which explains why package managers treat it as base infrastructure.
The 2024 CVE-2024-3094 backdoor is now part of XZ Utils history. Official Tukaani pages state that XZ Utils 5.6.0 and 5.6.1 release tarballs contained a backdoor inserted by a malicious co-maintainer and discovered by Andres Freund before broad stable distribution. The incident made xz one of the central examples in open-source supply-chain security discussions.
XZ adoption followed its compression ratio and Unix-friendly tooling. The familiar xz, unxz, xzcat, xzgrep, xzless, and compatibility aliases made it a drop-in neighbor to gzip and bzip2, while liblzma let package managers and applications decode .xz streams without shelling out.
Distribution adoption became especially visible through .tar.xz source releases and compressed package artifacts. Many upstream projects now publish release tarballs as .tar.xz, and free operating systems commonly install xz or liblzma because so much source distribution and packaging machinery expects them.
After CVE-2024-3094, adoption history also includes a trust reset: project infrastructure moved back under Tukaani-controlled URLs, GitHub repositories were restored, and clean XZ Utils releases were made on 2024-05-29, according to the official backdoor page.
Command-line users compress and decompress files with xz, unxz, and xzcat, inspect streams with xz --list, and use xzgrep/xzless style helpers for text workflows inside compressed files. It is common in source-release workflows as tar -cJf or tar.xz packaging.
Developers use liblzma directly or via bindings in languages such as Python, Perl, Haskell, Delphi, and Free Pascal. Package builders care about xz because archive format support, reproducible source distributions, and decompression availability can affect bootstrap chains.
XZ Utils is package-manager bedrock: small enough to be invisible most days, but important enough that a bad release can shake the whole distribution world. It sits in build roots, source tarball handling, package extraction, and language runtime bindings.
The backdoor incident made xz historically significant beyond compression. It showed how a low-glamour maintainer package can become a high-value target precisely because it is everywhere, and why tarball provenance, release signing, maintainer access, and distro staging matter.
安全态势
broad file, network, media, or database tool signal.
blue 风险 · 中 置信度 · tool
在无人值守的代理使用前,请检查该工具是否读取明文凭据、写入远程状态、发布制品或调用插件。
可执行文件
| 命令 | 类型 | 暴露范围 | 备注 |
|---|---|---|---|
lzcat | cli | 全局可执行文件 | |
lzcmp | cli | 全局可执行文件 | |
lzdiff | cli | 全局可执行文件 | |
lzegrep | cli | 全局可执行文件 | |
lzfgrep | cli | 全局可执行文件 | |
lzgrep | cli | 全局可执行文件 | |
lzless | cli | 全局可执行文件 | |
lzma | cli | 全局可执行文件 | |
lzmadec | cli | 全局可执行文件 | |
lzmainfo | cli | 全局可执行文件 | |
lzmore | cli | 全局可执行文件 | |
unlzma | cli | 全局可执行文件 | |
unxz | cli | 全局可执行文件 | |
xz | cli | 全局可执行文件 | |
xzcat | cli | 全局可执行文件 | |
xzcmp | cli | 全局可执行文件 | |
xzdec | cli | 全局可执行文件 | |
xzdiff | cli | 全局可执行文件 | |
xzegrep | cli | 全局可执行文件 | |
xzfgrep | cli | 全局可执行文件 | |
xzgrep | cli | 全局可执行文件 | |
xzless | cli | 全局可执行文件 | |
xzmore | cli | 全局可执行文件 |
新鲜度
这些信号区分页生成时间、软件包管理器活动和上游发布比较。只有存在证据 URL 和可比较版本时,才会提示版本落后。
https://github.com/tukaani-project/xz
安装元数据
| 软件包键 | brew:xz |
|---|---|
| 版本 | 5.8.3 |
| 软件包管理器 | Homebrew |
| 软件包管理器页面 | https://formulae.brew.sh/formula/xz |
| 主页 | https://tukaani.org/xz/ |
| 仓库 | https://github.com/tukaani-project/xz |
| 上游文档 | https://github.com/tukaani-project/xz#readme |
| 许可证 | 0BSD AND GPL-2.0-or-later |
| 源码归档 | https://github.com/tukaani-project/xz/releases/download/v5.8.3/xz-5.8.3.tar.gz |
| Bottle | 可用 (于 arm64_linux, arm64_sequoia, arm64_sonoma, arm64_tahoe, sequoia, sonoma, tahoe, x86_64_linux) |
| Homebrew post-install | 未定义 |
| 服务 | 未声明 |
注册表事实
| Source Database | Homebrew formula API |
|---|---|
| Tap | homebrew/core |
| Full Name | xz |
| Version Scheme | 1 |
| Revision | 0 |
| Bottle Stable Root URL | https://ghcr.io/v2/homebrew/core |
| Deprecated | no |
| Disabled | no |
| Keg Only | no |
| URL Keys |
|
源数据库匹配
匹配项来自外部软件包管理器索引,并与本地 Automic Vault 软件包链接分开显示。
xz
nix profile install nixpkgs#xzxz 5.8.3-r0
Library and CLI tools for XZ and LZMA compressed files
sudo apk add xzxz-dev 5.8.3-r0
Library and CLI tools for XZ and LZMA compressed files (development files)
sudo apk add xz-devxz-doc 5.8.3-r0
Library and CLI tools for XZ and LZMA compressed files (documentation)
sudo apk add xz-docxz-libs 5.8.3-r0
Library and CLI tools for XZ and LZMA compressed files (libraries)
sudo apk add xz-libsxz-static 5.8.3-r0
Library and CLI tools for XZ and LZMA compressed files (static library)
sudo apk add xz-staticxz 5.8.3-1.fc45
LZMA compression utilities
sudo dnf install xzxz-devel 5.8.3-1.fc45
Devel libraries & headers for liblzma
sudo dnf install xz-develxz-libs 5.8.3-1.fc45
Libraries for decoding LZMA compression
sudo dnf install xz-libsxz-lzma-compat 5.8.3-1.fc45
Older LZMA format compatibility binaries
sudo dnf install xz-lzma-compatxz-static 5.8.3-1.fc45
Statically linked library for decoding LZMA compression
sudo dnf install xz-staticxz 5.8.3-1
Library and command line tools for XZ and LZMA compressed files
sudo pacman -S xzliblzma5 5.8.3-1.2
Lempel–Ziv–Markov chain algorithm compression library
sudo zypper install liblzma5liblzma5-32bit 5.8.3-1.2
Lempel–Ziv–Markov chain algorithm compression library
sudo zypper install liblzma5-32bitliblzma5-x86-64-v3 5.8.3-1.2
Lempel–Ziv–Markov chain algorithm compression library
sudo zypper install liblzma5-x86-64-v3xz 5.8.3-1.2
A Program for Compressing Files with the Lempel–Ziv–Markov algorithm
sudo zypper install xz来源线索
此页面由 av-web 从 scripts/generate-pkg-sqlite.py 生成的私有软件包 SQLite 工件提供。
View the package source record on GitHub.