[ptxdist] [PATCH] xz: Version bump. 5.4.4 -> 5.6.0

mailarchive of the ptxdist mailing list
 help / color / mirror / Atom feed

* [ptxdist] [PATCH] xz: Version bump. 5.4.4 -> 5.6.0
@ 2024-02-25 14:35 Christian Melki
  2024-02-25 14:35 ` [ptxdist] [PATCH] host-xz: Follow suit from target xz Christian Melki
                   ` (2 more replies)
  0 siblings, 3 replies; 6+ messages in thread
From: Christian Melki @ 2024-02-25 14:35 UTC (permalink / raw)
  To: ptxdist

https://github.com/tukaani-project/xz/releases/tag/v5.6.0
https://github.com/tukaani-project/xz/releases/tag/v5.5.2beta
https://github.com/tukaani-project/xz/releases/tag/v5.5.1alpha
https://github.com/tukaani-project/xz/releases/tag/v5.4.6
https://github.com/tukaani-project/xz/releases/tag/v5.4.5

* License conditions changed! The majority of XZ
that was public domain is now re-released under the 0-clause BSD license.
Otherwise, the other parts still remains the same.
The sum of XZ licensing is pretty complex however.

* URL changed. XZ is now hosted on github.

* Fix a few options.

Signed-off-by: Christian Melki <christian.melki@t2data.com>
---
 rules/xz.make | 17 ++++++++++-------
 1 file changed, 10 insertions(+), 7 deletions(-)

diff --git a/rules/xz.make b/rules/xz.make
index f24a2ac03..51490b2ce 100644
--- a/rules/xz.make
+++ b/rules/xz.make
@@ -14,16 +14,16 @@ PACKAGES-$(PTXCONF_XZ) += xz
 #
 # Paths and names
 #
-XZ_VERSION	:= 5.4.4
-XZ_MD5		:= fbb849a27e266964aefe26bad508144f
+XZ_VERSION	:= 5.6.0
+XZ_MD5		:= cfb1afdfcfeca02f7677b1b401bc536e
 XZ		:= xz-$(XZ_VERSION)
-XZ_SUFFIX	:= tar.bz2
-XZ_URL		:= https://tukaani.org/xz/$(XZ).$(XZ_SUFFIX)
+XZ_SUFFIX	:= tar.xz
+XZ_URL		:= https://github.com/tukaani-project/xz/releases/download/v$(XZ_VERSION)/$(XZ).$(XZ_SUFFIX)
 XZ_SOURCE	:= $(SRCDIR)/$(XZ).$(XZ_SUFFIX)
 XZ_DIR		:= $(BUILDDIR)/$(XZ)
-XZ_LICENSE	:= public_domain AND LGPL-2.1-or-later AND GPL-2.0-or-later AND GPL-3.0-or-later
+XZ_LICENSE	:= public_domain AND 0BSD AND LGPL-2.1-or-later AND GPL-2.0-or-later AND GPL-3.0-or-later
 XZ_LICENSE_FILES := \
-	file://COPYING;md5=c8ea84ebe7b93cce676b54355dc6b2c0 \
+	file://COPYING;md5=3ef4de063517b8d33e97bbb87a3339ee \
 	file://COPYING.GPLv2;md5=b234ee4d69f5fce4486a80fdaf4a4263 \
 	file://COPYING.GPLv3;md5=1ebbd3e34237af26da5dc08a4e440464 \
 	file://COPYING.LGPLv2.1;md5=4fbd65380cdd255951079008b364516c
@@ -44,6 +44,7 @@ XZ_CONF_OPT	:= \
 	--disable-lzip-decoder \
 	--enable-assembler \
 	--enable-clmul-crc \
+	--enable-arm64-crc32 \
 	--disable-small \
 	--enable-threads \
 	--$(call ptx/endis,PTXCONF_XZ_TOOLS)-xz \
@@ -60,9 +61,11 @@ XZ_CONF_OPT	:= \
 	--disable-nls \
 	--disable-rpath \
 	$(GLOBAL_LARGE_FILE_OPTION) \
+	--enable-ifunc \
 	--enable-unaligned-access=auto \
 	--disable-unsafe-type-punning \
-	--disable-werror
+	--disable-werror \
+	--$(call ptx/endis, PTXDIST_Y2038)-year2038
 
 # ----------------------------------------------------------------------------
 # Target-Install
-- 
2.34.1




^ permalink raw reply	[flat|nested] 6+ messages in thread

* [ptxdist] [PATCH] host-xz: Follow suit from target xz.
  2024-02-25 14:35 [ptxdist] [PATCH] xz: Version bump. 5.4.4 -> 5.6.0 Christian Melki
@ 2024-02-25 14:35 ` Christian Melki
  2024-03-15  4:06   ` [ptxdist] [APPLIED] " Michael Olbrich
  2024-03-15  4:06 ` [ptxdist] [APPLIED] xz: Version bump. 5.4.4 -> 5.6.0 Michael Olbrich
  2024-03-29 21:52 ` [ptxdist] [PATCH] " Michael Olbrich
  2 siblings, 1 reply; 6+ messages in thread
From: Christian Melki @ 2024-02-25 14:35 UTC (permalink / raw)
  To: ptxdist

* Pin down a few options.

Signed-off-by: Christian Melki <christian.melki@t2data.com>
---
 rules/host-xz.make | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/rules/host-xz.make b/rules/host-xz.make
index c04db9567..bc044fcea 100644
--- a/rules/host-xz.make
+++ b/rules/host-xz.make
@@ -27,6 +27,7 @@ HOST_XZ_CONF_OPT	:= \
 	--disable-lzip-decoder \
 	--enable-assembler \
 	--enable-clmul-crc \
+	--enable-arm64-crc32 \
 	--disable-small \
 	--enable-threads \
 	--enable-xz \
@@ -42,8 +43,10 @@ HOST_XZ_CONF_OPT	:= \
 	--enable-symbol-versions \
 	--disable-nls \
 	--enable-rpath \
+	--enable-ifunc \
 	--enable-unaligned-access=auto \
 	--disable-unsafe-type-punning \
-	--disable-werror
+	--disable-werror \
+	--enable-year2038
 
 # vim: syntax=make
-- 
2.34.1




^ permalink raw reply	[flat|nested] 6+ messages in thread

* Re: [ptxdist] [APPLIED] xz: Version bump. 5.4.4 -> 5.6.0
  2024-02-25 14:35 [ptxdist] [PATCH] xz: Version bump. 5.4.4 -> 5.6.0 Christian Melki
  2024-02-25 14:35 ` [ptxdist] [PATCH] host-xz: Follow suit from target xz Christian Melki
@ 2024-03-15  4:06 ` Michael Olbrich
  2024-03-29 21:52 ` [ptxdist] [PATCH] " Michael Olbrich
  2 siblings, 0 replies; 6+ messages in thread
From: Michael Olbrich @ 2024-03-15  4:06 UTC (permalink / raw)
  To: ptxdist; +Cc: Christian Melki

Thanks, applied as 940d5fe06aca5a26de9afeb608af67f4bf635ae7.

Michael

[sent from post-receive hook]

On Fri, 15 Mar 2024 05:06:16 +0100, Christian Melki <christian.melki@t2data.com> wrote:
> https://github.com/tukaani-project/xz/releases/tag/v5.6.0
> https://github.com/tukaani-project/xz/releases/tag/v5.5.2beta
> https://github.com/tukaani-project/xz/releases/tag/v5.5.1alpha
> https://github.com/tukaani-project/xz/releases/tag/v5.4.6
> https://github.com/tukaani-project/xz/releases/tag/v5.4.5
> 
> * License conditions changed! The majority of XZ
> that was public domain is now re-released under the 0-clause BSD license.
> Otherwise, the other parts still remains the same.
> The sum of XZ licensing is pretty complex however.
> 
> * URL changed. XZ is now hosted on github.
> 
> * Fix a few options.
> 
> Signed-off-by: Christian Melki <christian.melki@t2data.com>
> Message-Id: <20240225143514.2406777-1-christian.melki@t2data.com>
> Signed-off-by: Michael Olbrich <m.olbrich@pengutronix.de>
> 
> diff --git a/rules/xz.make b/rules/xz.make
> index f24a2ac03442..51490b2ce3dd 100644
> --- a/rules/xz.make
> +++ b/rules/xz.make
> @@ -14,16 +14,16 @@ PACKAGES-$(PTXCONF_XZ) += xz
>  #
>  # Paths and names
>  #
> -XZ_VERSION	:= 5.4.4
> -XZ_MD5		:= fbb849a27e266964aefe26bad508144f
> +XZ_VERSION	:= 5.6.0
> +XZ_MD5		:= cfb1afdfcfeca02f7677b1b401bc536e
>  XZ		:= xz-$(XZ_VERSION)
> -XZ_SUFFIX	:= tar.bz2
> -XZ_URL		:= https://tukaani.org/xz/$(XZ).$(XZ_SUFFIX)
> +XZ_SUFFIX	:= tar.xz
> +XZ_URL		:= https://github.com/tukaani-project/xz/releases/download/v$(XZ_VERSION)/$(XZ).$(XZ_SUFFIX)
>  XZ_SOURCE	:= $(SRCDIR)/$(XZ).$(XZ_SUFFIX)
>  XZ_DIR		:= $(BUILDDIR)/$(XZ)
> -XZ_LICENSE	:= public_domain AND LGPL-2.1-or-later AND GPL-2.0-or-later AND GPL-3.0-or-later
> +XZ_LICENSE	:= public_domain AND 0BSD AND LGPL-2.1-or-later AND GPL-2.0-or-later AND GPL-3.0-or-later
>  XZ_LICENSE_FILES := \
> -	file://COPYING;md5=c8ea84ebe7b93cce676b54355dc6b2c0 \
> +	file://COPYING;md5=3ef4de063517b8d33e97bbb87a3339ee \
>  	file://COPYING.GPLv2;md5=b234ee4d69f5fce4486a80fdaf4a4263 \
>  	file://COPYING.GPLv3;md5=1ebbd3e34237af26da5dc08a4e440464 \
>  	file://COPYING.LGPLv2.1;md5=4fbd65380cdd255951079008b364516c
> @@ -44,6 +44,7 @@ XZ_CONF_OPT	:= \
>  	--disable-lzip-decoder \
>  	--enable-assembler \
>  	--enable-clmul-crc \
> +	--enable-arm64-crc32 \
>  	--disable-small \
>  	--enable-threads \
>  	--$(call ptx/endis,PTXCONF_XZ_TOOLS)-xz \
> @@ -60,9 +61,11 @@ XZ_CONF_OPT	:= \
>  	--disable-nls \
>  	--disable-rpath \
>  	$(GLOBAL_LARGE_FILE_OPTION) \
> +	--enable-ifunc \
>  	--enable-unaligned-access=auto \
>  	--disable-unsafe-type-punning \
> -	--disable-werror
> +	--disable-werror \
> +	--$(call ptx/endis, PTXDIST_Y2038)-year2038
>  
>  # ----------------------------------------------------------------------------
>  # Target-Install



^ permalink raw reply	[flat|nested] 6+ messages in thread

* Re: [ptxdist] [APPLIED] host-xz: Follow suit from target xz.
  2024-02-25 14:35 ` [ptxdist] [PATCH] host-xz: Follow suit from target xz Christian Melki
@ 2024-03-15  4:06   ` Michael Olbrich
  0 siblings, 0 replies; 6+ messages in thread
From: Michael Olbrich @ 2024-03-15  4:06 UTC (permalink / raw)
  To: ptxdist; +Cc: Christian Melki

Thanks, applied as 82a2437641ea5c03cdc2b0c6a03450de70ce7a60.

Michael

[sent from post-receive hook]

On Fri, 15 Mar 2024 05:06:17 +0100, Christian Melki <christian.melki@t2data.com> wrote:
> * Pin down a few options.
> 
> Signed-off-by: Christian Melki <christian.melki@t2data.com>
> Message-Id: <20240225143514.2406777-2-christian.melki@t2data.com>
> Signed-off-by: Michael Olbrich <m.olbrich@pengutronix.de>
> 
> diff --git a/rules/host-xz.make b/rules/host-xz.make
> index c04db9567550..bc044fceadab 100644
> --- a/rules/host-xz.make
> +++ b/rules/host-xz.make
> @@ -27,6 +27,7 @@ HOST_XZ_CONF_OPT	:= \
>  	--disable-lzip-decoder \
>  	--enable-assembler \
>  	--enable-clmul-crc \
> +	--enable-arm64-crc32 \
>  	--disable-small \
>  	--enable-threads \
>  	--enable-xz \
> @@ -42,8 +43,10 @@ HOST_XZ_CONF_OPT	:= \
>  	--enable-symbol-versions \
>  	--disable-nls \
>  	--enable-rpath \
> +	--enable-ifunc \
>  	--enable-unaligned-access=auto \
>  	--disable-unsafe-type-punning \
> -	--disable-werror
> +	--disable-werror \
> +	--enable-year2038
>  
>  # vim: syntax=make



^ permalink raw reply	[flat|nested] 6+ messages in thread

* Re: [ptxdist] [PATCH] xz: Version bump. 5.4.4 -> 5.6.0
  2024-02-25 14:35 [ptxdist] [PATCH] xz: Version bump. 5.4.4 -> 5.6.0 Christian Melki
  2024-02-25 14:35 ` [ptxdist] [PATCH] host-xz: Follow suit from target xz Christian Melki
  2024-03-15  4:06 ` [ptxdist] [APPLIED] xz: Version bump. 5.4.4 -> 5.6.0 Michael Olbrich
@ 2024-03-29 21:52 ` Michael Olbrich
  2024-03-29 22:04   ` Christian Melki
  2 siblings, 1 reply; 6+ messages in thread
From: Michael Olbrich @ 2024-03-29 21:52 UTC (permalink / raw)
  To: Christian Melki; +Cc: ptxdist

On Sun, Feb 25, 2024 at 03:35:13PM +0100, Christian Melki wrote:
> https://github.com/tukaani-project/xz/releases/tag/v5.6.0
> https://github.com/tukaani-project/xz/releases/tag/v5.5.2beta
> https://github.com/tukaani-project/xz/releases/tag/v5.5.1alpha
> https://github.com/tukaani-project/xz/releases/tag/v5.4.6
> https://github.com/tukaani-project/xz/releases/tag/v5.4.5
> 
> * License conditions changed! The majority of XZ
> that was public domain is now re-released under the 0-clause BSD license.
> Otherwise, the other parts still remains the same.
> The sum of XZ licensing is pretty complex however.
> 
> * URL changed. XZ is now hosted on github.
> 
> * Fix a few options.

FYI, I reverted this for now. It seems the release tarballs are
compromised[1]. From what I've read so far, PTXdist is probably not
affected, since we don't carry the relevant openssh patches.
But the next PTXdist release will happen pretty soon, so we'll stick to the
old version for now. We can update once upstream is sorted out.

Regards,
Michael

[1] https://www.cve.org/CVERecord?id=CVE-2024-3094


> Signed-off-by: Christian Melki <christian.melki@t2data.com>
> ---
>  rules/xz.make | 17 ++++++++++-------
>  1 file changed, 10 insertions(+), 7 deletions(-)
> 
> diff --git a/rules/xz.make b/rules/xz.make
> index f24a2ac03..51490b2ce 100644
> --- a/rules/xz.make
> +++ b/rules/xz.make
> @@ -14,16 +14,16 @@ PACKAGES-$(PTXCONF_XZ) += xz
>  #
>  # Paths and names
>  #
> -XZ_VERSION	:= 5.4.4
> -XZ_MD5		:= fbb849a27e266964aefe26bad508144f
> +XZ_VERSION	:= 5.6.0
> +XZ_MD5		:= cfb1afdfcfeca02f7677b1b401bc536e
>  XZ		:= xz-$(XZ_VERSION)
> -XZ_SUFFIX	:= tar.bz2
> -XZ_URL		:= https://tukaani.org/xz/$(XZ).$(XZ_SUFFIX)
> +XZ_SUFFIX	:= tar.xz
> +XZ_URL		:= https://github.com/tukaani-project/xz/releases/download/v$(XZ_VERSION)/$(XZ).$(XZ_SUFFIX)
>  XZ_SOURCE	:= $(SRCDIR)/$(XZ).$(XZ_SUFFIX)
>  XZ_DIR		:= $(BUILDDIR)/$(XZ)
> -XZ_LICENSE	:= public_domain AND LGPL-2.1-or-later AND GPL-2.0-or-later AND GPL-3.0-or-later
> +XZ_LICENSE	:= public_domain AND 0BSD AND LGPL-2.1-or-later AND GPL-2.0-or-later AND GPL-3.0-or-later
>  XZ_LICENSE_FILES := \
> -	file://COPYING;md5=c8ea84ebe7b93cce676b54355dc6b2c0 \
> +	file://COPYING;md5=3ef4de063517b8d33e97bbb87a3339ee \
>  	file://COPYING.GPLv2;md5=b234ee4d69f5fce4486a80fdaf4a4263 \
>  	file://COPYING.GPLv3;md5=1ebbd3e34237af26da5dc08a4e440464 \
>  	file://COPYING.LGPLv2.1;md5=4fbd65380cdd255951079008b364516c
> @@ -44,6 +44,7 @@ XZ_CONF_OPT	:= \
>  	--disable-lzip-decoder \
>  	--enable-assembler \
>  	--enable-clmul-crc \
> +	--enable-arm64-crc32 \
>  	--disable-small \
>  	--enable-threads \
>  	--$(call ptx/endis,PTXCONF_XZ_TOOLS)-xz \
> @@ -60,9 +61,11 @@ XZ_CONF_OPT	:= \
>  	--disable-nls \
>  	--disable-rpath \
>  	$(GLOBAL_LARGE_FILE_OPTION) \
> +	--enable-ifunc \
>  	--enable-unaligned-access=auto \
>  	--disable-unsafe-type-punning \
> -	--disable-werror
> +	--disable-werror \
> +	--$(call ptx/endis, PTXDIST_Y2038)-year2038
>  
>  # ----------------------------------------------------------------------------
>  # Target-Install
> -- 
> 2.34.1
> 
> 
> 

-- 
Pengutronix e.K.                           |                             |
Steuerwalder Str. 21                       | http://www.pengutronix.de/  |
31137 Hildesheim, Germany                  | Phone: +49-5121-206917-0    |
Amtsgericht Hildesheim, HRA 2686           | Fax:   +49-5121-206917-5555 |



^ permalink raw reply	[flat|nested] 6+ messages in thread

* Re: [ptxdist] [PATCH] xz: Version bump. 5.4.4 -> 5.6.0
  2024-03-29 21:52 ` [ptxdist] [PATCH] " Michael Olbrich
@ 2024-03-29 22:04   ` Christian Melki
  0 siblings, 0 replies; 6+ messages in thread
From: Christian Melki @ 2024-03-29 22:04 UTC (permalink / raw)
  To: Michael Olbrich; +Cc: ptxdist

On 3/29/24 10:52 PM, Michael Olbrich wrote:
> On Sun, Feb 25, 2024 at 03:35:13PM +0100, Christian Melki wrote:
>> https://github.com/tukaani-project/xz/releases/tag/v5.6.0
>> https://github.com/tukaani-project/xz/releases/tag/v5.5.2beta
>> https://github.com/tukaani-project/xz/releases/tag/v5.5.1alpha
>> https://github.com/tukaani-project/xz/releases/tag/v5.4.6
>> https://github.com/tukaani-project/xz/releases/tag/v5.4.5
>>
>> * License conditions changed! The majority of XZ
>> that was public domain is now re-released under the 0-clause BSD license.
>> Otherwise, the other parts still remains the same.
>> The sum of XZ licensing is pretty complex however.
>>
>> * URL changed. XZ is now hosted on github.
>>
>> * Fix a few options.
> 
> FYI, I reverted this for now. It seems the release tarballs are
> compromised[1]. From what I've read so far, PTXdist is probably not
> affected, since we don't carry the relevant openssh patches.
> But the next PTXdist release will happen pretty soon, so we'll stick to the
> old version for now. We can update once upstream is sorted out.
> 
> Regards,
> Michael
> 
> [1] https://www.cve.org/CVERecord?id=CVE-2024-3094
> 
> 

Yeah. I just saw the news.
I would suspect the actor has tried to infiltrate other projects as well
Everything that account has touched probably needs to be vetted.

https://github.com/JiaT75?tab=repositories

Tnx for the heads up.

Regards,
C

>> Signed-off-by: Christian Melki <christian.melki@t2data.com>
>> ---
>>  rules/xz.make | 17 ++++++++++-------
>>  1 file changed, 10 insertions(+), 7 deletions(-)
>>
>> diff --git a/rules/xz.make b/rules/xz.make
>> index f24a2ac03..51490b2ce 100644
>> --- a/rules/xz.make
>> +++ b/rules/xz.make
>> @@ -14,16 +14,16 @@ PACKAGES-$(PTXCONF_XZ) += xz
>>  #
>>  # Paths and names
>>  #
>> -XZ_VERSION	:= 5.4.4
>> -XZ_MD5		:= fbb849a27e266964aefe26bad508144f
>> +XZ_VERSION	:= 5.6.0
>> +XZ_MD5		:= cfb1afdfcfeca02f7677b1b401bc536e
>>  XZ		:= xz-$(XZ_VERSION)
>> -XZ_SUFFIX	:= tar.bz2
>> -XZ_URL		:= https://tukaani.org/xz/$(XZ).$(XZ_SUFFIX)
>> +XZ_SUFFIX	:= tar.xz
>> +XZ_URL		:= https://github.com/tukaani-project/xz/releases/download/v$(XZ_VERSION)/$(XZ).$(XZ_SUFFIX)
>>  XZ_SOURCE	:= $(SRCDIR)/$(XZ).$(XZ_SUFFIX)
>>  XZ_DIR		:= $(BUILDDIR)/$(XZ)
>> -XZ_LICENSE	:= public_domain AND LGPL-2.1-or-later AND GPL-2.0-or-later AND GPL-3.0-or-later
>> +XZ_LICENSE	:= public_domain AND 0BSD AND LGPL-2.1-or-later AND GPL-2.0-or-later AND GPL-3.0-or-later
>>  XZ_LICENSE_FILES := \
>> -	file://COPYING;md5=c8ea84ebe7b93cce676b54355dc6b2c0 \
>> +	file://COPYING;md5=3ef4de063517b8d33e97bbb87a3339ee \
>>  	file://COPYING.GPLv2;md5=b234ee4d69f5fce4486a80fdaf4a4263 \
>>  	file://COPYING.GPLv3;md5=1ebbd3e34237af26da5dc08a4e440464 \
>>  	file://COPYING.LGPLv2.1;md5=4fbd65380cdd255951079008b364516c
>> @@ -44,6 +44,7 @@ XZ_CONF_OPT	:= \
>>  	--disable-lzip-decoder \
>>  	--enable-assembler \
>>  	--enable-clmul-crc \
>> +	--enable-arm64-crc32 \
>>  	--disable-small \
>>  	--enable-threads \
>>  	--$(call ptx/endis,PTXCONF_XZ_TOOLS)-xz \
>> @@ -60,9 +61,11 @@ XZ_CONF_OPT	:= \
>>  	--disable-nls \
>>  	--disable-rpath \
>>  	$(GLOBAL_LARGE_FILE_OPTION) \
>> +	--enable-ifunc \
>>  	--enable-unaligned-access=auto \
>>  	--disable-unsafe-type-punning \
>> -	--disable-werror
>> +	--disable-werror \
>> +	--$(call ptx/endis, PTXDIST_Y2038)-year2038
>>  
>>  # ----------------------------------------------------------------------------
>>  # Target-Install
>> -- 
>> 2.34.1
>>
>>
>>
> 




^ permalink raw reply	[flat|nested] 6+ messages in thread

end of thread, other threads:[~2024-03-29 22:07 UTC | newest]

Thread overview: 6+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2024-02-25 14:35 [ptxdist] [PATCH] xz: Version bump. 5.4.4 -> 5.6.0 Christian Melki
2024-02-25 14:35 ` [ptxdist] [PATCH] host-xz: Follow suit from target xz Christian Melki
2024-03-15  4:06   ` [ptxdist] [APPLIED] " Michael Olbrich
2024-03-15  4:06 ` [ptxdist] [APPLIED] xz: Version bump. 5.4.4 -> 5.6.0 Michael Olbrich
2024-03-29 21:52 ` [ptxdist] [PATCH] " Michael Olbrich
2024-03-29 22:04   ` Christian Melki

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox