On Fri, Dec 19, 2025 at 01:51:11AM +0000, Peter Robinson wrote: > On Thu, 18 Dec 2025 at 23:29, Tom Rini <[email protected]> wrote: > > > > Hey all, > > > > A long while ago, Darek reported that our copy of the LZMA SDK library > > is quite old and so vulnerable to at least one possible security issue > > he found that was fixed upstream. > > > > This RFC series does a few things. First, we introduce a Kconfig option > > to enable LZMA's size reduction option, and enable it on > > gardena-smart-gateway-mt7688. This is not critical at the start, but is > > as we move forward. Next, we remove some files from our initial import > > of the library that do not make sense to keep in-tree. After that, the > > next 5 patches update us from the imported version to the current > > release of 25.01. This is split up such that few have the very few > > places where the update requires some slight changes to our code be more > > visible. This in turn is mainly that the file that says the license has > > changed, and that we need to guard around some unused upstream code that > > also conflicts with our own code. Finally, we restore the spacing > > changes that our copy of the code had, and then improve things by adding > > SPDX tags to the LZMA code so the license is more visible overall. > > Does it make sense to try and get the SPDX bits back upstream so we > have less delta the next time we rebase?
Upstream seems to be done very much as a one person as they like it project. There is an issue tracker. I'll sign up and file a request at least. -- Tom
signature.asc
Description: PGP signature
