On Sun, Feb 25, 2024 at 03:35:13PM +0100, Christian Melki wrote: > https://github.com/tukaani-project/xz/releases/tag/v5.6.0 > https://github.com/tukaani-project/xz/releases/tag/v5.5.2beta > https://github.com/tukaani-project/xz/releases/tag/v5.5.1alpha > https://github.com/tukaani-project/xz/releases/tag/v5.4.6 > https://github.com/tukaani-project/xz/releases/tag/v5.4.5 > > * License conditions changed! The majority of XZ > that was public domain is now re-released under the 0-clause BSD license. > Otherwise, the other parts still remains the same. > The sum of XZ licensing is pretty complex however. > > * URL changed. XZ is now hosted on github. > > * Fix a few options.
FYI, I reverted this for now. It seems the release tarballs are compromised[1]. From what I've read so far, PTXdist is probably not affected, since we don't carry the relevant openssh patches. But the next PTXdist release will happen pretty soon, so we'll stick to the old version for now. We can update once upstream is sorted out. Regards, Michael [1] https://www.cve.org/CVERecord?id=CVE-2024-3094 > Signed-off-by: Christian Melki <christian.me...@t2data.com> > --- > rules/xz.make | 17 ++++++++++------- > 1 file changed, 10 insertions(+), 7 deletions(-) > > diff --git a/rules/xz.make b/rules/xz.make > index f24a2ac03..51490b2ce 100644 > --- a/rules/xz.make > +++ b/rules/xz.make > @@ -14,16 +14,16 @@ PACKAGES-$(PTXCONF_XZ) += xz > # > # Paths and names > # > -XZ_VERSION := 5.4.4 > -XZ_MD5 := fbb849a27e266964aefe26bad508144f > +XZ_VERSION := 5.6.0 > +XZ_MD5 := cfb1afdfcfeca02f7677b1b401bc536e > XZ := xz-$(XZ_VERSION) > -XZ_SUFFIX := tar.bz2 > -XZ_URL := https://tukaani.org/xz/$(XZ).$(XZ_SUFFIX) > +XZ_SUFFIX := tar.xz > +XZ_URL := > https://github.com/tukaani-project/xz/releases/download/v$(XZ_VERSION)/$(XZ).$(XZ_SUFFIX) > XZ_SOURCE := $(SRCDIR)/$(XZ).$(XZ_SUFFIX) > XZ_DIR := $(BUILDDIR)/$(XZ) > -XZ_LICENSE := public_domain AND LGPL-2.1-or-later AND GPL-2.0-or-later AND > GPL-3.0-or-later > +XZ_LICENSE := public_domain AND 0BSD AND LGPL-2.1-or-later AND > GPL-2.0-or-later AND GPL-3.0-or-later > XZ_LICENSE_FILES := \ > - file://COPYING;md5=c8ea84ebe7b93cce676b54355dc6b2c0 \ > + file://COPYING;md5=3ef4de063517b8d33e97bbb87a3339ee \ > file://COPYING.GPLv2;md5=b234ee4d69f5fce4486a80fdaf4a4263 \ > file://COPYING.GPLv3;md5=1ebbd3e34237af26da5dc08a4e440464 \ > file://COPYING.LGPLv2.1;md5=4fbd65380cdd255951079008b364516c > @@ -44,6 +44,7 @@ XZ_CONF_OPT := \ > --disable-lzip-decoder \ > --enable-assembler \ > --enable-clmul-crc \ > + --enable-arm64-crc32 \ > --disable-small \ > --enable-threads \ > --$(call ptx/endis,PTXCONF_XZ_TOOLS)-xz \ > @@ -60,9 +61,11 @@ XZ_CONF_OPT := \ > --disable-nls \ > --disable-rpath \ > $(GLOBAL_LARGE_FILE_OPTION) \ > + --enable-ifunc \ > --enable-unaligned-access=auto \ > --disable-unsafe-type-punning \ > - --disable-werror > + --disable-werror \ > + --$(call ptx/endis, PTXDIST_Y2038)-year2038 > > # > ---------------------------------------------------------------------------- > # Target-Install > -- > 2.34.1 > > > -- Pengutronix e.K. | | Steuerwalder Str. 21 | http://www.pengutronix.de/ | 31137 Hildesheim, Germany | Phone: +49-5121-206917-0 | Amtsgericht Hildesheim, HRA 2686 | Fax: +49-5121-206917-5555 |
