xz backdoor is included in 0.3.2

[louislang]

The current distribution (v0.3.2) on Crates.io contains the test files for xz that contain the backdoor. The test files themselves are not included in either the .tar.gz nor the .zip tags here on Github and are only present in liblzma-sys_0.3.2.crate that is installed from Crates.io.

The hashes for these files are as follows:

• liblzma-sys-0.3.2/xz/tests/files/bad-3-corrupt_lzma2.xz ecda10d8877d555dbda4a4eba329e146b2be8ac4b7915fb723eaacc9f89d16bd
• liblzma-sys-0.3.2/xz/tests/files/good-large_compressed.lzma 9aef898229de60f94cdea42f19268e6e3047f7136f2ff97510390a2deeda7032

It remains to be seen if these are executed in any way. Still, it seems prudent to not ship these files if it can be avoided.

[ChanTsune]

Thank you for your report @louislang !
I'll release a version without them as soon as possible.