Re: [ptxdist] [PATCH] xz: Version bump. 5.4.4 -> 5.6.0

mailarchive of the ptxdist mailing list
 help / color / mirror / Atom feed

From: Christian Melki <christian.melki@t2data.com>
To: Michael Olbrich <m.olbrich@pengutronix.de>
Cc: "ptxdist@pengutronix.de" <ptxdist@pengutronix.de>
Subject: Re: [ptxdist] [PATCH] xz: Version bump. 5.4.4 -> 5.6.0
Date: Fri, 29 Mar 2024 23:04:48 +0100	[thread overview]
Message-ID: <14112741-de42-45c2-9254-32ef9d80bb20@t2data.com> (raw)
In-Reply-To: <Zgc4CdTniZVsWBrh@pengutronix.de>

On 3/29/24 10:52 PM, Michael Olbrich wrote:
> On Sun, Feb 25, 2024 at 03:35:13PM +0100, Christian Melki wrote:
>> https://github.com/tukaani-project/xz/releases/tag/v5.6.0
>> https://github.com/tukaani-project/xz/releases/tag/v5.5.2beta
>> https://github.com/tukaani-project/xz/releases/tag/v5.5.1alpha
>> https://github.com/tukaani-project/xz/releases/tag/v5.4.6
>> https://github.com/tukaani-project/xz/releases/tag/v5.4.5
>>
>> * License conditions changed! The majority of XZ
>> that was public domain is now re-released under the 0-clause BSD license.
>> Otherwise, the other parts still remains the same.
>> The sum of XZ licensing is pretty complex however.
>>
>> * URL changed. XZ is now hosted on github.
>>
>> * Fix a few options.
> 
> FYI, I reverted this for now. It seems the release tarballs are
> compromised[1]. From what I've read so far, PTXdist is probably not
> affected, since we don't carry the relevant openssh patches.
> But the next PTXdist release will happen pretty soon, so we'll stick to the
> old version for now. We can update once upstream is sorted out.
> 
> Regards,
> Michael
> 
> [1] https://www.cve.org/CVERecord?id=CVE-2024-3094
> 
> 

Yeah. I just saw the news.
I would suspect the actor has tried to infiltrate other projects as well
Everything that account has touched probably needs to be vetted.

https://github.com/JiaT75?tab=repositories

Tnx for the heads up.

Regards,
C

>> Signed-off-by: Christian Melki <christian.melki@t2data.com>
>> ---
>>  rules/xz.make | 17 ++++++++++-------
>>  1 file changed, 10 insertions(+), 7 deletions(-)
>>
>> diff --git a/rules/xz.make b/rules/xz.make
>> index f24a2ac03..51490b2ce 100644
>> --- a/rules/xz.make
>> +++ b/rules/xz.make
>> @@ -14,16 +14,16 @@ PACKAGES-$(PTXCONF_XZ) += xz
>>  #
>>  # Paths and names
>>  #
>> -XZ_VERSION	:= 5.4.4
>> -XZ_MD5		:= fbb849a27e266964aefe26bad508144f
>> +XZ_VERSION	:= 5.6.0
>> +XZ_MD5		:= cfb1afdfcfeca02f7677b1b401bc536e
>>  XZ		:= xz-$(XZ_VERSION)
>> -XZ_SUFFIX	:= tar.bz2
>> -XZ_URL		:= https://tukaani.org/xz/$(XZ).$(XZ_SUFFIX)
>> +XZ_SUFFIX	:= tar.xz
>> +XZ_URL		:= https://github.com/tukaani-project/xz/releases/download/v$(XZ_VERSION)/$(XZ).$(XZ_SUFFIX)
>>  XZ_SOURCE	:= $(SRCDIR)/$(XZ).$(XZ_SUFFIX)
>>  XZ_DIR		:= $(BUILDDIR)/$(XZ)
>> -XZ_LICENSE	:= public_domain AND LGPL-2.1-or-later AND GPL-2.0-or-later AND GPL-3.0-or-later
>> +XZ_LICENSE	:= public_domain AND 0BSD AND LGPL-2.1-or-later AND GPL-2.0-or-later AND GPL-3.0-or-later
>>  XZ_LICENSE_FILES := \
>> -	file://COPYING;md5=c8ea84ebe7b93cce676b54355dc6b2c0 \
>> +	file://COPYING;md5=3ef4de063517b8d33e97bbb87a3339ee \
>>  	file://COPYING.GPLv2;md5=b234ee4d69f5fce4486a80fdaf4a4263 \
>>  	file://COPYING.GPLv3;md5=1ebbd3e34237af26da5dc08a4e440464 \
>>  	file://COPYING.LGPLv2.1;md5=4fbd65380cdd255951079008b364516c
>> @@ -44,6 +44,7 @@ XZ_CONF_OPT	:= \
>>  	--disable-lzip-decoder \
>>  	--enable-assembler \
>>  	--enable-clmul-crc \
>> +	--enable-arm64-crc32 \
>>  	--disable-small \
>>  	--enable-threads \
>>  	--$(call ptx/endis,PTXCONF_XZ_TOOLS)-xz \
>> @@ -60,9 +61,11 @@ XZ_CONF_OPT	:= \
>>  	--disable-nls \
>>  	--disable-rpath \
>>  	$(GLOBAL_LARGE_FILE_OPTION) \
>> +	--enable-ifunc \
>>  	--enable-unaligned-access=auto \
>>  	--disable-unsafe-type-punning \
>> -	--disable-werror
>> +	--disable-werror \
>> +	--$(call ptx/endis, PTXDIST_Y2038)-year2038
>>  
>>  # ----------------------------------------------------------------------------
>>  # Target-Install
>> -- 
>> 2.34.1
>>
>>
>>
>

     prev parent reply	other threads:[~2024-03-29 22:07 UTC|newest]

Thread overview: 6+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2024-02-25 14:35 Christian Melki
2024-02-25 14:35 ` [ptxdist] [PATCH] host-xz: Follow suit from target xz Christian Melki
2024-03-15  4:06   ` [ptxdist] [APPLIED] " Michael Olbrich
2024-03-15  4:06 ` [ptxdist] [APPLIED] xz: Version bump. 5.4.4 -> 5.6.0 Michael Olbrich
2024-03-29 21:52 ` [ptxdist] [PATCH] " Michael Olbrich
2024-03-29 22:04   ` Christian Melki [this message]

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=14112741-de42-45c2-9254-32ef9d80bb20@t2data.com \
    --to=christian.melki@t2data.com \
    --cc=m.olbrich@pengutronix.de \
    --cc=ptxdist@pengutronix.de \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox