From: Christian Melki <christian.melki@t2data.com>
To: Michael Olbrich <m.olbrich@pengutronix.de>
Cc: "ptxdist@pengutronix.de" <ptxdist@pengutronix.de>
Subject: Re: [ptxdist] [PATCH] xz: Version bump. 5.4.4 -> 5.6.0
Date: Fri, 29 Mar 2024 23:04:48 +0100 [thread overview]
Message-ID: <14112741-de42-45c2-9254-32ef9d80bb20@t2data.com> (raw)
In-Reply-To: <Zgc4CdTniZVsWBrh@pengutronix.de>
On 3/29/24 10:52 PM, Michael Olbrich wrote:
> On Sun, Feb 25, 2024 at 03:35:13PM +0100, Christian Melki wrote:
>> https://github.com/tukaani-project/xz/releases/tag/v5.6.0
>> https://github.com/tukaani-project/xz/releases/tag/v5.5.2beta
>> https://github.com/tukaani-project/xz/releases/tag/v5.5.1alpha
>> https://github.com/tukaani-project/xz/releases/tag/v5.4.6
>> https://github.com/tukaani-project/xz/releases/tag/v5.4.5
>>
>> * License conditions changed! The majority of XZ
>> that was public domain is now re-released under the 0-clause BSD license.
>> Otherwise, the other parts still remains the same.
>> The sum of XZ licensing is pretty complex however.
>>
>> * URL changed. XZ is now hosted on github.
>>
>> * Fix a few options.
>
> FYI, I reverted this for now. It seems the release tarballs are
> compromised[1]. From what I've read so far, PTXdist is probably not
> affected, since we don't carry the relevant openssh patches.
> But the next PTXdist release will happen pretty soon, so we'll stick to the
> old version for now. We can update once upstream is sorted out.
>
> Regards,
> Michael
>
> [1] https://www.cve.org/CVERecord?id=CVE-2024-3094
>
>
Yeah. I just saw the news.
I would suspect the actor has tried to infiltrate other projects as well
Everything that account has touched probably needs to be vetted.
https://github.com/JiaT75?tab=repositories
Tnx for the heads up.
Regards,
C
>> Signed-off-by: Christian Melki <christian.melki@t2data.com>
>> ---
>> rules/xz.make | 17 ++++++++++-------
>> 1 file changed, 10 insertions(+), 7 deletions(-)
>>
>> diff --git a/rules/xz.make b/rules/xz.make
>> index f24a2ac03..51490b2ce 100644
>> --- a/rules/xz.make
>> +++ b/rules/xz.make
>> @@ -14,16 +14,16 @@ PACKAGES-$(PTXCONF_XZ) += xz
>> #
>> # Paths and names
>> #
>> -XZ_VERSION := 5.4.4
>> -XZ_MD5 := fbb849a27e266964aefe26bad508144f
>> +XZ_VERSION := 5.6.0
>> +XZ_MD5 := cfb1afdfcfeca02f7677b1b401bc536e
>> XZ := xz-$(XZ_VERSION)
>> -XZ_SUFFIX := tar.bz2
>> -XZ_URL := https://tukaani.org/xz/$(XZ).$(XZ_SUFFIX)
>> +XZ_SUFFIX := tar.xz
>> +XZ_URL := https://github.com/tukaani-project/xz/releases/download/v$(XZ_VERSION)/$(XZ).$(XZ_SUFFIX)
>> XZ_SOURCE := $(SRCDIR)/$(XZ).$(XZ_SUFFIX)
>> XZ_DIR := $(BUILDDIR)/$(XZ)
>> -XZ_LICENSE := public_domain AND LGPL-2.1-or-later AND GPL-2.0-or-later AND GPL-3.0-or-later
>> +XZ_LICENSE := public_domain AND 0BSD AND LGPL-2.1-or-later AND GPL-2.0-or-later AND GPL-3.0-or-later
>> XZ_LICENSE_FILES := \
>> - file://COPYING;md5=c8ea84ebe7b93cce676b54355dc6b2c0 \
>> + file://COPYING;md5=3ef4de063517b8d33e97bbb87a3339ee \
>> file://COPYING.GPLv2;md5=b234ee4d69f5fce4486a80fdaf4a4263 \
>> file://COPYING.GPLv3;md5=1ebbd3e34237af26da5dc08a4e440464 \
>> file://COPYING.LGPLv2.1;md5=4fbd65380cdd255951079008b364516c
>> @@ -44,6 +44,7 @@ XZ_CONF_OPT := \
>> --disable-lzip-decoder \
>> --enable-assembler \
>> --enable-clmul-crc \
>> + --enable-arm64-crc32 \
>> --disable-small \
>> --enable-threads \
>> --$(call ptx/endis,PTXCONF_XZ_TOOLS)-xz \
>> @@ -60,9 +61,11 @@ XZ_CONF_OPT := \
>> --disable-nls \
>> --disable-rpath \
>> $(GLOBAL_LARGE_FILE_OPTION) \
>> + --enable-ifunc \
>> --enable-unaligned-access=auto \
>> --disable-unsafe-type-punning \
>> - --disable-werror
>> + --disable-werror \
>> + --$(call ptx/endis, PTXDIST_Y2038)-year2038
>>
>> # ----------------------------------------------------------------------------
>> # Target-Install
>> --
>> 2.34.1
>>
>>
>>
>
prev parent reply other threads:[~2024-03-29 22:07 UTC|newest]
Thread overview: 6+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-02-25 14:35 Christian Melki
2024-02-25 14:35 ` [ptxdist] [PATCH] host-xz: Follow suit from target xz Christian Melki
2024-03-15 4:06 ` [ptxdist] [APPLIED] " Michael Olbrich
2024-03-15 4:06 ` [ptxdist] [APPLIED] xz: Version bump. 5.4.4 -> 5.6.0 Michael Olbrich
2024-03-29 21:52 ` [ptxdist] [PATCH] " Michael Olbrich
2024-03-29 22:04 ` Christian Melki [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=14112741-de42-45c2-9254-32ef9d80bb20@t2data.com \
--to=christian.melki@t2data.com \
--cc=m.olbrich@pengutronix.de \
--cc=ptxdist@pengutronix.de \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox