From mboxrd@z Thu Jan 1 00:00:00 1970 Delivery-date: Fri, 29 Mar 2024 22:52:31 +0100 Received: from metis.whiteo.stw.pengutronix.de ([2a0a:edc0:2:b01:1d::104]) by lore.white.stw.pengutronix.de with esmtps (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.96) (envelope-from ) id 1rqK9H-00CwU8-1N for lore@lore.pengutronix.de; Fri, 29 Mar 2024 22:52:31 +0100 Received: from localhost ([127.0.0.1] helo=metis.whiteo.stw.pengutronix.de) by metis.whiteo.stw.pengutronix.de with esmtp (Exim 4.92) (envelope-from ) id 1rqK9H-0000g6-5v; Fri, 29 Mar 2024 22:52:31 +0100 Received: from drehscheibe.grey.stw.pengutronix.de ([2a0a:edc0:0:c01:1d::a2]) by metis.whiteo.stw.pengutronix.de with esmtps (TLS1.3:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.92) (envelope-from ) id 1rqK8v-0000fs-S7; Fri, 29 Mar 2024 22:52:09 +0100 Received: from [2a0a:edc0:0:1101:1d::54] (helo=dude05.red.stw.pengutronix.de) by drehscheibe.grey.stw.pengutronix.de with esmtps (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.94.2) (envelope-from ) id 1rqK8v-009GLv-Bh; Fri, 29 Mar 2024 22:52:09 +0100 Received: from mol by dude05.red.stw.pengutronix.de with local (Exim 4.96) (envelope-from ) id 1rqK8v-0049Ir-11; Fri, 29 Mar 2024 22:52:09 +0100 Date: Fri, 29 Mar 2024 22:52:09 +0100 From: Michael Olbrich To: Christian Melki Message-ID: Mail-Followup-To: Christian Melki , ptxdist@pengutronix.de References: <20240225143514.2406777-1-christian.melki@t2data.com> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20240225143514.2406777-1-christian.melki@t2data.com> X-Sent-From: Pengutronix Hildesheim X-URL: http://www.pengutronix.de/ X-IRC: #ptxdist @freenode X-Accept-Language: de,en X-Accept-Content-Type: text/plain Subject: Re: [ptxdist] [PATCH] xz: Version bump. 5.4.4 -> 5.6.0 X-BeenThere: ptxdist@pengutronix.de X-Mailman-Version: 2.1.29 Precedence: list List-Id: PTXdist Development Mailing List List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Reply-To: ptxdist@pengutronix.de Cc: ptxdist@pengutronix.de Sender: "ptxdist" X-SA-Exim-Connect-IP: 127.0.0.1 X-SA-Exim-Mail-From: ptxdist-bounces@pengutronix.de X-SA-Exim-Scanned: No (on metis.whiteo.stw.pengutronix.de); SAEximRunCond expanded to false On Sun, Feb 25, 2024 at 03:35:13PM +0100, Christian Melki wrote: > https://github.com/tukaani-project/xz/releases/tag/v5.6.0 > https://github.com/tukaani-project/xz/releases/tag/v5.5.2beta > https://github.com/tukaani-project/xz/releases/tag/v5.5.1alpha > https://github.com/tukaani-project/xz/releases/tag/v5.4.6 > https://github.com/tukaani-project/xz/releases/tag/v5.4.5 > > * License conditions changed! The majority of XZ > that was public domain is now re-released under the 0-clause BSD license. > Otherwise, the other parts still remains the same. > The sum of XZ licensing is pretty complex however. > > * URL changed. XZ is now hosted on github. > > * Fix a few options. FYI, I reverted this for now. It seems the release tarballs are compromised[1]. From what I've read so far, PTXdist is probably not affected, since we don't carry the relevant openssh patches. But the next PTXdist release will happen pretty soon, so we'll stick to the old version for now. We can update once upstream is sorted out. Regards, Michael [1] https://www.cve.org/CVERecord?id=CVE-2024-3094 > Signed-off-by: Christian Melki > --- > rules/xz.make | 17 ++++++++++------- > 1 file changed, 10 insertions(+), 7 deletions(-) > > diff --git a/rules/xz.make b/rules/xz.make > index f24a2ac03..51490b2ce 100644 > --- a/rules/xz.make > +++ b/rules/xz.make > @@ -14,16 +14,16 @@ PACKAGES-$(PTXCONF_XZ) += xz > # > # Paths and names > # > -XZ_VERSION := 5.4.4 > -XZ_MD5 := fbb849a27e266964aefe26bad508144f > +XZ_VERSION := 5.6.0 > +XZ_MD5 := cfb1afdfcfeca02f7677b1b401bc536e > XZ := xz-$(XZ_VERSION) > -XZ_SUFFIX := tar.bz2 > -XZ_URL := https://tukaani.org/xz/$(XZ).$(XZ_SUFFIX) > +XZ_SUFFIX := tar.xz > +XZ_URL := https://github.com/tukaani-project/xz/releases/download/v$(XZ_VERSION)/$(XZ).$(XZ_SUFFIX) > XZ_SOURCE := $(SRCDIR)/$(XZ).$(XZ_SUFFIX) > XZ_DIR := $(BUILDDIR)/$(XZ) > -XZ_LICENSE := public_domain AND LGPL-2.1-or-later AND GPL-2.0-or-later AND GPL-3.0-or-later > +XZ_LICENSE := public_domain AND 0BSD AND LGPL-2.1-or-later AND GPL-2.0-or-later AND GPL-3.0-or-later > XZ_LICENSE_FILES := \ > - file://COPYING;md5=c8ea84ebe7b93cce676b54355dc6b2c0 \ > + file://COPYING;md5=3ef4de063517b8d33e97bbb87a3339ee \ > file://COPYING.GPLv2;md5=b234ee4d69f5fce4486a80fdaf4a4263 \ > file://COPYING.GPLv3;md5=1ebbd3e34237af26da5dc08a4e440464 \ > file://COPYING.LGPLv2.1;md5=4fbd65380cdd255951079008b364516c > @@ -44,6 +44,7 @@ XZ_CONF_OPT := \ > --disable-lzip-decoder \ > --enable-assembler \ > --enable-clmul-crc \ > + --enable-arm64-crc32 \ > --disable-small \ > --enable-threads \ > --$(call ptx/endis,PTXCONF_XZ_TOOLS)-xz \ > @@ -60,9 +61,11 @@ XZ_CONF_OPT := \ > --disable-nls \ > --disable-rpath \ > $(GLOBAL_LARGE_FILE_OPTION) \ > + --enable-ifunc \ > --enable-unaligned-access=auto \ > --disable-unsafe-type-punning \ > - --disable-werror > + --disable-werror \ > + --$(call ptx/endis, PTXDIST_Y2038)-year2038 > > # ---------------------------------------------------------------------------- > # Target-Install > -- > 2.34.1 > > > -- Pengutronix e.K. | | Steuerwalder Str. 21 | http://www.pengutronix.de/ | 31137 Hildesheim, Germany | Phone: +49-5121-206917-0 | Amtsgericht Hildesheim, HRA 2686 | Fax: +49-5121-206917-5555 |