From mboxrd@z Thu Jan 1 00:00:00 1970 Delivery-date: Tue, 21 Oct 2025 15:10:42 +0200 Received: from metis.whiteo.stw.pengutronix.de ([2a0a:edc0:2:b01:1d::104]) by lore.white.stw.pengutronix.de with esmtps (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.96) (envelope-from ) id 1vBC8Q-00AFtB-1J for lore@lore.pengutronix.de; Tue, 21 Oct 2025 15:10:42 +0200 Received: from localhost ([127.0.0.1] helo=metis.whiteo.stw.pengutronix.de) by metis.whiteo.stw.pengutronix.de with esmtp (Exim 4.92) (envelope-from ) id 1vBC8Q-0001Sy-74; Tue, 21 Oct 2025 15:10:42 +0200 Received: from dude04.red.stw.pengutronix.de ([2a0a:edc0:0:1101:1d::ac]) by metis.whiteo.stw.pengutronix.de with esmtp (Exim 4.92) (envelope-from ) id 1vBC8K-0001SV-AY; Tue, 21 Oct 2025 15:10:36 +0200 From: =?UTF-8?q?Sven=20P=C3=BCschel?= To: ptxdist@pengutronix.de Date: Tue, 21 Oct 2025 15:10:30 +0200 Message-ID: <20251021131035.2034805-1-s.pueschel@pengutronix.de> X-Mailer: git-send-email 2.47.3 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Subject: [ptxdist] [PATCH] xz: version bump 5.4.4 -> 5.8.1 X-BeenThere: ptxdist@pengutronix.de X-Mailman-Version: 2.1.29 Precedence: list List-Id: PTXdist Development Mailing List List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Reply-To: ptxdist@pengutronix.de Cc: =?UTF-8?q?Sven=20P=C3=BCschel?= Sender: "ptxdist" X-SA-Exim-Connect-IP: 127.0.0.1 X-SA-Exim-Mail-From: ptxdist-bounces@pengutronix.de X-SA-Exim-Scanned: No (on metis.whiteo.stw.pengutronix.de); SAEximRunCond expanded to false This fixes CVE-2025-31115: Threaded .xz decoder frees memory too early. Most parts of the COPYING file replaced public domain licenses with 0BSD. But public domain is still mentioned for some old translations. Therefore only add 0BSD to the license list. Signed-off-by: Sven PĆ¼schel --- rules/xz.make | 12 +++++++----- 1 file changed, 7 insertions(+), 5 deletions(-) diff --git a/rules/xz.make b/rules/xz.make index f24a2ac03..90a32f728 100644 --- a/rules/xz.make +++ b/rules/xz.make @@ -14,16 +14,16 @@ PACKAGES-$(PTXCONF_XZ) += xz # # Paths and names # -XZ_VERSION := 5.4.4 -XZ_MD5 := fbb849a27e266964aefe26bad508144f +XZ_VERSION := 5.8.1 +XZ_MD5 := a814a04a94c5ce757e2f90e387bd1a5c XZ := xz-$(XZ_VERSION) XZ_SUFFIX := tar.bz2 XZ_URL := https://tukaani.org/xz/$(XZ).$(XZ_SUFFIX) XZ_SOURCE := $(SRCDIR)/$(XZ).$(XZ_SUFFIX) XZ_DIR := $(BUILDDIR)/$(XZ) -XZ_LICENSE := public_domain AND LGPL-2.1-or-later AND GPL-2.0-or-later AND GPL-3.0-or-later +XZ_LICENSE := 0BSD AND public_domain AND LGPL-2.1-or-later AND GPL-2.0-or-later AND GPL-3.0-or-later XZ_LICENSE_FILES := \ - file://COPYING;md5=c8ea84ebe7b93cce676b54355dc6b2c0 \ + file://COPYING;md5=d38d562f6112174de93a9677682231b2 \ file://COPYING.GPLv2;md5=b234ee4d69f5fce4486a80fdaf4a4263 \ file://COPYING.GPLv3;md5=1ebbd3e34237af26da5dc08a4e440464 \ file://COPYING.LGPLv2.1;md5=4fbd65380cdd255951079008b364516c @@ -53,6 +53,7 @@ XZ_CONF_OPT := \ --disable-lzma-links \ --$(call ptx/endis,PTXCONF_XZ_TOOLS)-scripts \ --disable-doc \ + --disable-doxygen \ --disable-sandbox \ --enable-shared \ --disable-static \ @@ -62,7 +63,8 @@ XZ_CONF_OPT := \ $(GLOBAL_LARGE_FILE_OPTION) \ --enable-unaligned-access=auto \ --disable-unsafe-type-punning \ - --disable-werror + --disable-werror \ + --$(call ptx/endis, PTXDIST_Y2038)-year2038 # ---------------------------------------------------------------------------- # Target-Install -- 2.47.3