On Thu, 18 Dec 2025 at 23:29, Tom Rini <[email protected]> wrote: > > Hey all, > > A long while ago, Darek reported that our copy of the LZMA SDK library > is quite old and so vulnerable to at least one possible security issue > he found that was fixed upstream. > > This RFC series does a few things. First, we introduce a Kconfig option > to enable LZMA's size reduction option, and enable it on > gardena-smart-gateway-mt7688. This is not critical at the start, but is > as we move forward. Next, we remove some files from our initial import > of the library that do not make sense to keep in-tree. After that, the > next 5 patches update us from the imported version to the current > release of 25.01. This is split up such that few have the very few > places where the update requires some slight changes to our code be more > visible. This in turn is mainly that the file that says the license has > changed, and that we need to guard around some unused upstream code that > also conflicts with our own code. Finally, we restore the spacing > changes that our copy of the code had, and then improve things by adding > SPDX tags to the LZMA code so the license is more visible overall.
Does it make sense to try and get the SPDX bits back upstream so we have less delta the next time we rebase? > I've marked this as RFC in part because I plan to follow-up with v1 > shortly where patches 2 through 8 are squashed together as they're > mainly separate right now for ease of review, but the split doesn't make > sense I believe to preserve in git as our changes are so isolated. > > Link: > https://lore.kernel.org/u-boot/CAC7rXdTb5u5pzP-mr_+pddCxzfcO8Vm_t-=_+5wxritmjy6...@mail.gmail.com/ > -- > Tom >
