From mboxrd@z Thu Jan 1 00:00:00 1970 Delivery-date: Fri, 29 Mar 2024 23:07:27 +0100 Received: from metis.whiteo.stw.pengutronix.de ([2a0a:edc0:2:b01:1d::104]) by lore.white.stw.pengutronix.de with esmtps (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.96) (envelope-from ) id 1rqKNj-00CxqZ-0D for lore@lore.pengutronix.de; Fri, 29 Mar 2024 23:07:27 +0100 Received: from localhost ([127.0.0.1] helo=metis.whiteo.stw.pengutronix.de) by metis.whiteo.stw.pengutronix.de with esmtp (Exim 4.92) (envelope-from ) id 1rqKNi-00067p-RU; Fri, 29 Mar 2024 23:07:26 +0100 Received: from mail-db3eur04on2104.outbound.protection.outlook.com ([40.107.6.104] helo=EUR04-DB3-obe.outbound.protection.outlook.com) by metis.whiteo.stw.pengutronix.de with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.92) (envelope-from ) id 1rqKNY-00063e-U3; Fri, 29 Mar 2024 23:07:18 +0100 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=eidepGZjfxVcJvbXVky1seWSzxbwraShychWPsGfeZBgsr2l9o1ndRwakugyHq6dhB195euHGVqwg0RVEW+zJQ11sEh6nNqaQCUl+E2UnREokTWHOqA0M8KcAuIWBo42lebvthtlECxGMvDdsxtZ0ft+iueEVOwMBOolgPW/gho/hVJ8ZROTemzU5rLG/AOf5r/DD4qwFLO7hUMsCTZRgjWb72hZmymAtXM8013he6LJsSkC88fs5YbBO3GBsJRPkEaisOSsPqiA/9oGREn1KtKYmMpXMJEkxwqy3PnL2AZAThl9ZHo6L0RCA7CjXQfI5W0VUG6jqI2/Xa7Ri4qNWg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=Nfnf0XbhYIt+jYS1M+DYYf20iGeWMF7Pnqd8lyPkIOw=; b=nRdaoDb9KvJPBmna/rLj1BWDisjt4NcADTma6j5w2wNYQc7v/q1yrX46wy4wyzIY2jbKU3Lq/IHP8Dak1Mihs3tJ35XtX0roadckGgxGtOEuJX+S+z2fnyHro+FYjQ1WLj3XI0FJtT6D2aRryPrqyG6tOBbYvqizO3eKlznv5W6XHMxC9XnbwGVu1p6biKAoReCAl3wTAE13nvAvZ+84YlGvEOyH932quxDYaLVl+6Qz5cSiKzY09yRP/HJiDHJZPHnf+mPdHqY6eCyrIk8a3VGnvCypRzKdAJUBgvV71KI1/e2/7Crr/5hR/A179tz9PsKzCmE0zlzFdDNN4v1suw== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=t2data.com; dmarc=pass action=none header.from=t2data.com; dkim=pass header.d=t2data.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=t2datacom.onmicrosoft.com; s=selector1-t2datacom-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=Nfnf0XbhYIt+jYS1M+DYYf20iGeWMF7Pnqd8lyPkIOw=; b=apz2fcko/GCe9jeX+LOuLb6LuvXxKCvE8KrRtbQohAuNjeXiQqiJu2P/rEEC2pdwneM31EQz2HItVxVmRvLYx1vYqIG2Z9eeA3HcJw87lkAELO2j7od3DEmh7qZymx1pntlQwF3Mer4IJ78jD9v757WeH3lwm8t+67r3eBYBNFA= Received: from DB9P251MB0618.EURP251.PROD.OUTLOOK.COM (2603:10a6:10:334::22) by AS4P251MB0968.EURP251.PROD.OUTLOOK.COM (2603:10a6:20b:584::7) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7409.42; Fri, 29 Mar 2024 22:07:13 +0000 Received: from DB9P251MB0618.EURP251.PROD.OUTLOOK.COM ([fe80::ba8c:3db:3a02:7ce4]) by DB9P251MB0618.EURP251.PROD.OUTLOOK.COM ([fe80::ba8c:3db:3a02:7ce4%6]) with mapi id 15.20.7409.039; Fri, 29 Mar 2024 22:07:13 +0000 Message-ID: <14112741-de42-45c2-9254-32ef9d80bb20@t2data.com> Date: Fri, 29 Mar 2024 23:04:48 +0100 User-Agent: Mozilla Thunderbird To: Michael Olbrich References: <20240225143514.2406777-1-christian.melki@t2data.com> Content-Language: en-US From: Christian Melki In-Reply-To: Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 7bit X-ClientProxiedBy: GV3P280CA0115.SWEP280.PROD.OUTLOOK.COM (2603:10a6:150:8::18) To DB9P251MB0618.EURP251.PROD.OUTLOOK.COM (2603:10a6:10:334::22) MIME-Version: 1.0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: DB9P251MB0618:EE_|AS4P251MB0968:EE_ X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: 4fIxQDwArXhzkio4gvGMHpStJ6Vl28G5Ju8tPXn1V79IjCB3wArT7QfewvqzQYr3fKAd764Y8maXLoODjofJYOVko2GiaBXpMGBtBC5iYeIy1NT1GPBdJfrYzS7DlEehpVsgTZXbxhDSNTwHmYTcHEx1krK8TRpJlQ+LzIUpPDV/+iYAmqIWYWpfhfppVSIrLDK2tRavLF9qh6yXs5xqxgL/LoRYVKVJnQHOqBuTiSlWllSKQPtDsawk0vofCBYPgUdXDAKDy+/KQSpONwAj86IT2JW/vs0D6sn0de1SLATzcAoEa2MYpYM38/8eQVBnzuK2dpWsxn5BdukVL2isczrB0khS2cwDTZxFZ6P9UQkIG48NkH1aapO8hsxmnaBM+qrpAFgxMv5Ygte3g+m/6TUgWHdrio3jPa5RzK7q1JkJaSkHf7a2TGdGS/fC+34t7XtfxBNg9GqPuQI3SxSa89aQucU6j+HLBgwoS+Q3FpaNkWivBwhR6aIJs/FEDfdiYY/31CC2PZHmL9f7Bz+msrMQo43zZxS60NvrSgvlaA3Y6JxMREExOvQ3DZsNO2ZKJGUUWGTN84NMuOrxIbJ6YtvudhPm5bSErM1iJENg++4= X-Forefront-Antispam-Report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:DB9P251MB0618.EURP251.PROD.OUTLOOK.COM; PTR:; CAT:NONE; SFS:(13230031)(366007)(1800799015)(376005); DIR:OUT; SFP:1102; X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1 X-MS-Exchange-AntiSpam-MessageData-0: =?utf-8?B?MUNrci9VcjlhMUo5ZXR5TkV0TjBLRDUrVGVWNm9NS3QzcDVXMUdUbkVSK2pR?= =?utf-8?B?WXU2YkF6YlpCaUFEVDEwN0R1VVdnZ1EwTHI5ZzVjVXFuUWdPWkRRSDM0L2lE?= =?utf-8?B?ZmhzU1dnNVpXL2ZVWERsRFBQSGVWcnZoSEFtVVI1UjhxUnNKSTVoSnowL2Jp?= =?utf-8?B?ZVF0SHFmbHhxbkpYMkdzSUgzOGJ5RHU4MTAwcDlTOGZhY1U0RVdKSE40a2Fx?= =?utf-8?B?NDNlMU9kd1A2WU8weFFjS3d2dWpzYk1XVWpHRDNiR2tOa3NFSzFMOGpFcGJr?= =?utf-8?B?TWpsTm1CTHM4bTQ4cVBqRmFiak9GK0ltakFmVTU3U3N4QklLNnNxenQ2R0pZ?= =?utf-8?B?SUpnT3g2WFRsUXc1aVRaTGRJUEZlSDJHR1lKK1c5MjlzUEJHWVV6MVBtNXI2?= =?utf-8?B?VllmTEhGcXNjc1l5SXZ5ZXhiT0gyNjh0UmVFZFVLb3BHSkU0THJ2UEhsckd6?= =?utf-8?B?cFUzU2N4dDEvekRheDhHRHNUNHBmVHFVcEtFYTFmTmRQNnZ2bUg2YmZBTU4z?= =?utf-8?B?YnRkUXNrUFdVUGZhb2ppQStFaU9leHE5dDlsTFU4MWZ6cGtFRm1JNUIrMHB5?= =?utf-8?B?UXY5bzI0TnFXNm5oTkxPSFMwN2tNdEVUbnQ3c3N6OFk4dWdZZXhwOU5kME9D?= =?utf-8?B?Mlg5blcraWwrQm5xZk9qQkk3cnlPb0pKdG11Zis1MFIxQWVTeC9Ddk9DSldp?= =?utf-8?B?cER3UXRCUnFPU1Q4REZxbWhEWFViUjY1L09YY3F0K0pROGZkMDMvSFBqemxU?= =?utf-8?B?aWVrak5ZejA4NkQ1czA3RXowUmNROTgrY2xrODRUemhtWCtBY1pFWk5NWEhv?= =?utf-8?B?ZWd4cnVnQW45T0pJSStVSFZ6WEJocm96aGJ6R3JOR2d6bHFkZHhDRjMrQWxB?= =?utf-8?B?R2JBa0E5YlRERXh4TkJONzhZeld2ZzR1bkhJQUVHRGIxZkdNdlVyeXJPdTMv?= =?utf-8?B?YkVEa1V0ZnJ0Snk0dzY4eGhTN3UyaWN2VG1mWUdpbTBhb1lBZ2NqVmJIOW5S?= =?utf-8?B?K3FBSk9ISEE1b3IrZmxUYlBUaDFnUXRlYzVTOWNCa3FuVS84THdzcUhwQUxy?= =?utf-8?B?ZytOZHFleGNXUmlTbVMzK2RaMnp2QTVBR21nQThFSXA4OWo4b1BRNjVNTnUr?= =?utf-8?B?ZFd5RDhESXNpYWJoL04zZWViNGxmU3Y2Vm42UXE1elIwcHFWSEhCZW5BanU1?= =?utf-8?B?cjJyYndWVkx6RXNlUENacEtmUnIxQ1d6UFFSRUNvQUEyaVhSd3hmaStGV2pQ?= =?utf-8?B?dDdmVDcydkoxbGNmdUc4NmthQXg2ckw0NVZtbW1xMGQ2VVRBVDE2ZkR2clR1?= =?utf-8?B?YVJyQmlXQXYxWm4zMUM5ZllqZGZISjQvSFFueGdJR3JaQUx1cm5DckhjVmt0?= =?utf-8?B?OFZXUjFqK2xrNEpJWHdJVWRJQnhzM3FKQmRySjhrQklYVEQxWWRQZGhqVjJs?= =?utf-8?B?OW1kSWRGeEpRYTdQMEFkcC8xbjNwSjBZU3ExNmc5TWorVExwMW9xK3Jubkh3?= =?utf-8?B?a0NuSWZZb3VJdG1hak9jVkpvd1hNbHhwcmpwWFZKUms4N2dzSDd0b2J4QVE5?= =?utf-8?B?WDUvVmlieTVqalFYSkdOQmY1ejU5ZjZBM3RkQmlURHBDdE5uelIyN0lCODFV?= =?utf-8?B?Qnp1Ykd5a0U2QnhFbjhmZVVGdUtwdDArN0tuRUdQZDFHNmhTNWROL3Fvbmho?= =?utf-8?B?bHRlM1U1bmNhTEVtRjVOOG5UZkZDM0QvWE1EajUxMUgvQlBvK3kzQUlxeTlt?= =?utf-8?B?OWU4YWlwSDZUNHZyYmQ1WHRvM3V0ZHFGQm1WbDBPeVg0ekZGTWo3NVZLMFk1?= =?utf-8?B?L0d6TSt4YzdhYVF5VExHTVZEQkNranFLZC94YkJTSzVaWlZtK1ZrL1UyZDhR?= =?utf-8?B?Kzhkb3g3blJuREwrSnBFU3YrSFVvbGVObE9QRVgwOHVyWUNkaWdBd0xNWHBT?= =?utf-8?B?bnJCd21meDZKRzN2d0VuSXFObkZHKzJKckw2NGtqb1YzbVhpQWNuejRHOVRt?= =?utf-8?B?WnJOWmJqak14ZC9ZdEVadjRSVEJWYWUzZysyekZaUTFWd1djcDFSa0pLcXho?= =?utf-8?B?V2ZzWWkwY3MxaUl1ME84dGh5KytOL2JNaUxPQWVWeE85YkEyVjJsbnNiSXM1?= =?utf-8?B?OVExTEpEODd5YVhTQ0JIMXQ1MHlIRS9HRkNEWitZZlB1WnVHTHlYWjJJMmIv?= =?utf-8?B?cUE9PQ==?= X-OriginatorOrg: t2data.com X-MS-Exchange-CrossTenant-Network-Message-Id: 0e6925c8-4f6c-4703-9eff-08dc503c967d X-MS-Exchange-CrossTenant-AuthSource: DB9P251MB0618.EURP251.PROD.OUTLOOK.COM X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 29 Mar 2024 22:07:13.3905 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 27928da5-aacd-4ba1-9566-c748a6863e6c X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: XdDFkgcTkupqsLxE/bdAwfwabjFtZ52zzAl5g1Fq+c44vFWiC0SJTqPcSIvVmtjmDO/kezmwtdz1HqSv9k8fYJuZmTDHL7u5EDSgu07Xrt4= X-MS-Exchange-Transport-CrossTenantHeadersStamped: AS4P251MB0968 X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on metis.whiteo.stw.pengutronix.de X-Spam-Level: X-Spam-Status: No, score=-2.1 required=4.0 tests=AWL,BAYES_00,DKIM_SIGNED, DKIM_VALID,RCVD_IN_MSPIKE_H2,SPF_HELO_PASS,SPF_PASS autolearn=ham autolearn_force=no version=3.4.2 Subject: Re: [ptxdist] [PATCH] xz: Version bump. 5.4.4 -> 5.6.0 X-BeenThere: ptxdist@pengutronix.de X-Mailman-Version: 2.1.29 Precedence: list List-Id: PTXdist Development Mailing List List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Reply-To: ptxdist@pengutronix.de, christian.melki@t2data.com Cc: "ptxdist@pengutronix.de" Sender: "ptxdist" X-SA-Exim-Connect-IP: 127.0.0.1 X-SA-Exim-Mail-From: ptxdist-bounces@pengutronix.de X-SA-Exim-Scanned: No (on metis.whiteo.stw.pengutronix.de); SAEximRunCond expanded to false On 3/29/24 10:52 PM, Michael Olbrich wrote: > On Sun, Feb 25, 2024 at 03:35:13PM +0100, Christian Melki wrote: >> https://github.com/tukaani-project/xz/releases/tag/v5.6.0 >> https://github.com/tukaani-project/xz/releases/tag/v5.5.2beta >> https://github.com/tukaani-project/xz/releases/tag/v5.5.1alpha >> https://github.com/tukaani-project/xz/releases/tag/v5.4.6 >> https://github.com/tukaani-project/xz/releases/tag/v5.4.5 >> >> * License conditions changed! The majority of XZ >> that was public domain is now re-released under the 0-clause BSD license. >> Otherwise, the other parts still remains the same. >> The sum of XZ licensing is pretty complex however. >> >> * URL changed. XZ is now hosted on github. >> >> * Fix a few options. > > FYI, I reverted this for now. It seems the release tarballs are > compromised[1]. From what I've read so far, PTXdist is probably not > affected, since we don't carry the relevant openssh patches. > But the next PTXdist release will happen pretty soon, so we'll stick to the > old version for now. We can update once upstream is sorted out. > > Regards, > Michael > > [1] https://www.cve.org/CVERecord?id=CVE-2024-3094 > > Yeah. I just saw the news. I would suspect the actor has tried to infiltrate other projects as well Everything that account has touched probably needs to be vetted. https://github.com/JiaT75?tab=repositories Tnx for the heads up. Regards, C >> Signed-off-by: Christian Melki >> --- >> rules/xz.make | 17 ++++++++++------- >> 1 file changed, 10 insertions(+), 7 deletions(-) >> >> diff --git a/rules/xz.make b/rules/xz.make >> index f24a2ac03..51490b2ce 100644 >> --- a/rules/xz.make >> +++ b/rules/xz.make >> @@ -14,16 +14,16 @@ PACKAGES-$(PTXCONF_XZ) += xz >> # >> # Paths and names >> # >> -XZ_VERSION := 5.4.4 >> -XZ_MD5 := fbb849a27e266964aefe26bad508144f >> +XZ_VERSION := 5.6.0 >> +XZ_MD5 := cfb1afdfcfeca02f7677b1b401bc536e >> XZ := xz-$(XZ_VERSION) >> -XZ_SUFFIX := tar.bz2 >> -XZ_URL := https://tukaani.org/xz/$(XZ).$(XZ_SUFFIX) >> +XZ_SUFFIX := tar.xz >> +XZ_URL := https://github.com/tukaani-project/xz/releases/download/v$(XZ_VERSION)/$(XZ).$(XZ_SUFFIX) >> XZ_SOURCE := $(SRCDIR)/$(XZ).$(XZ_SUFFIX) >> XZ_DIR := $(BUILDDIR)/$(XZ) >> -XZ_LICENSE := public_domain AND LGPL-2.1-or-later AND GPL-2.0-or-later AND GPL-3.0-or-later >> +XZ_LICENSE := public_domain AND 0BSD AND LGPL-2.1-or-later AND GPL-2.0-or-later AND GPL-3.0-or-later >> XZ_LICENSE_FILES := \ >> - file://COPYING;md5=c8ea84ebe7b93cce676b54355dc6b2c0 \ >> + file://COPYING;md5=3ef4de063517b8d33e97bbb87a3339ee \ >> file://COPYING.GPLv2;md5=b234ee4d69f5fce4486a80fdaf4a4263 \ >> file://COPYING.GPLv3;md5=1ebbd3e34237af26da5dc08a4e440464 \ >> file://COPYING.LGPLv2.1;md5=4fbd65380cdd255951079008b364516c >> @@ -44,6 +44,7 @@ XZ_CONF_OPT := \ >> --disable-lzip-decoder \ >> --enable-assembler \ >> --enable-clmul-crc \ >> + --enable-arm64-crc32 \ >> --disable-small \ >> --enable-threads \ >> --$(call ptx/endis,PTXCONF_XZ_TOOLS)-xz \ >> @@ -60,9 +61,11 @@ XZ_CONF_OPT := \ >> --disable-nls \ >> --disable-rpath \ >> $(GLOBAL_LARGE_FILE_OPTION) \ >> + --enable-ifunc \ >> --enable-unaligned-access=auto \ >> --disable-unsafe-type-punning \ >> - --disable-werror >> + --disable-werror \ >> + --$(call ptx/endis, PTXDIST_Y2038)-year2038 >> >> # ---------------------------------------------------------------------------- >> # Target-Install >> -- >> 2.34.1 >> >> >> >