From eaf4f3daa760252966577d3fde803dbfda90b2d2 Mon Sep 17 00:00:00 2001 From: Tim Biermann Date: Sat, 30 Mar 2024 18:42:37 +0100 Subject: [PATCH] [notify] xz: 5.6.1 -> 5.4.6; cautious measure: downgraded due to CVE-2024-3094, see https://tukaani.org/xz-backdoor/ --- xz/.footprint | 6 +++--- xz/.signature | 8 ++++---- xz/Pkgfile | 14 ++++++++------ 3 files changed, 15 insertions(+), 13 deletions(-) diff --git a/xz/.footprint b/xz/.footprint index 50ae9aec..e107f149 100644 --- a/xz/.footprint +++ b/xz/.footprint @@ -43,9 +43,9 @@ drwxr-xr-x root/root usr/include/lzma/ drwxr-xr-x root/root usr/lib/ -rw-r--r-- root/root usr/lib/liblzma.a -rwxr-xr-x root/root usr/lib/liblzma.la -lrwxrwxrwx root/root usr/lib/liblzma.so -> liblzma.so.5.6.1 -lrwxrwxrwx root/root usr/lib/liblzma.so.5 -> liblzma.so.5.6.1 --rwxr-xr-x root/root usr/lib/liblzma.so.5.6.1 +lrwxrwxrwx root/root usr/lib/liblzma.so -> liblzma.so.5.4.6 +lrwxrwxrwx root/root usr/lib/liblzma.so.5 -> liblzma.so.5.4.6 +-rwxr-xr-x root/root usr/lib/liblzma.so.5.4.6 drwxr-xr-x root/root usr/lib/pkgconfig/ -rw-r--r-- root/root usr/lib/pkgconfig/liblzma.pc drwxr-xr-x root/root usr/share/ diff --git a/xz/.signature b/xz/.signature index 89c7072c..4c2fdb69 100644 --- a/xz/.signature +++ b/xz/.signature @@ -1,5 +1,5 @@ untrusted comment: verify with /etc/ports/core.pub -RWRJc1FUaeVeqhLS8e+fnILwy6mLWa62Q7QPox8n8tW78867Pl1SvSbcCJKOmHV3ZpiLcZf8kZ1DECyyBNLEPKpvWmtVASb2XwM= -SHA256 (Pkgfile) = 3cb1a9217407c826ff47322703f577765a207be686d316e3e40504b78a1000c8 -SHA256 (.footprint) = ee7051e49b60696487b991016014c9be231806f104d0c33f2c5e898537765fb1 -SHA256 (xz-5.6.1.tar.xz) = f334777310ca3ae9ba07206d78ed286a655aa3f44eec27854f740c26b2cd2ed0 +RWRJc1FUaeVequDt5ldK3zc4UySgBWtEGYb0h6RW7zvhbRMZXYdckpcb9u2K5r+kK6QEEyG+vj6J5z4KQw1Oi1RYiNfdbNLWAQo= +SHA256 (Pkgfile) = aa69e1eb2f37f2eef89fc6ea1e529e4cbd6aeccea77273fb90ffde8535dd8fe0 +SHA256 (.footprint) = 90bf085eac68b6ba5efac1b66a50892e1a90ee299c29347903c8789430b4576f +SHA256 (xz-5.4.6.tar.gz) = 60831005fddb270824fa9f7cdd28a59da8757fe95466ed5b10bcfe23379f17d9 diff --git a/xz/Pkgfile b/xz/Pkgfile index e539942e..e8b0d419 100644 --- a/xz/Pkgfile +++ b/xz/Pkgfile @@ -3,17 +3,19 @@ # Maintainer: CRUX System Team, core-ports at crux dot nu name=xz -version=5.6.1 +version=5.4.6 release=1 -source=(https://github.com/tukaani-project/xz/releases/download/v$version/$name-$version.tar.xz) +source=(https://crux.nu/files/distfiles/xz-5.4.6.tar.gz) build() { cd $name-$version - ./configure \ - --prefix=/usr \ - --disable-nls \ - --disable-doc + autoreconf -vfi + ./configure --prefix=/usr \ + --enable-threads \ + --enable-werror \ + --disable-doc \ + --disable-nls make make DESTDIR=$PKG install