From mboxrd@z Thu Jan 1 00:00:00 1970 Delivery-date: Tue, 21 Oct 2025 15:20:57 +0200 Received: from metis.whiteo.stw.pengutronix.de ([2a0a:edc0:2:b01:1d::104]) by lore.white.stw.pengutronix.de with esmtps (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.96) (envelope-from ) id 1vBCIL-00AGJI-2N for lore@lore.pengutronix.de; Tue, 21 Oct 2025 15:20:57 +0200 Received: from localhost ([127.0.0.1] helo=metis.whiteo.stw.pengutronix.de) by metis.whiteo.stw.pengutronix.de with esmtp (Exim 4.92) (envelope-from ) id 1vBCIL-0004Xa-HT; Tue, 21 Oct 2025 15:20:57 +0200 Received: from mail-westeuropeazon11021130.outbound.protection.outlook.com ([52.101.70.130] helo=AS8PR04CU009.outbound.protection.outlook.com) by metis.whiteo.stw.pengutronix.de with esmtps (TLS1.3:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.92) (envelope-from ) id 1vBCID-0004XL-Gs; Tue, 21 Oct 2025 15:20:50 +0200 ARC-Seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none; b=cTPaJcVerYLvJNmvIHv+qHL9HPX67WnAN2A0XRVw4FbhNev23VmRaI0ddwdhkoQRDys28rzTsY4VgvnxRyaq0To0NdgKcYDpW0+jnGFVKo5lt8hbwP2yWGoq3MPcjHtV9Z+4C9OtlxGLCUNvDE78kSybpu2TKfDf9MoFQWxH7sVIhmK0bzgFhtIZvT4JEOgQuAlLhCfCc84FUasVcMOeh/vS+SDoo59cgqhzGDc7UDlJeKViFjFp/th0jrIK2z5IFnJSqLR7QbWUG5yiJpGDaWea6EyetL3StRFJiH7eqOlkCeCw2eFTdHLX035qTY4UmUwxmWEFBVmUzhzJHgGu5A== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=HyUKfOamlOm6FbKbIS8Rr64zAYxa9amPBxh2Li+63Zs=; b=kEOvI386ZEaNCf6VcWOI84iXmNfQF7cMH/pVzmKo+52RrW2g7cIC/7otqo6hvHg4SAGX4Wm2hsq+62UbutlGtoVXOOI2SnntSWAtfaq8bDDcMU067Ihb33PWTrCfTXsLCayTdOBiSY9jI3bvkFh7XBYLOAV++oqEGmo3K08XR/2BTyfZ60Itm6aQCpZJ1+6Mb9yFYxyfMPdGfnz8G4cVD4QkJR+9jCoyNa3qmTTWIPlLzIBcgv6c2bAP6qJKx+OIcX7XdTu0EOU0xsKXujP7ANV5zXfbiSdQ1klpgXLXBZWFR4o0Gj3btwRocQqbWlW3V3EQ1Rc9LtwV34vMCUdlQA== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=t2data.com; dmarc=pass action=none header.from=t2data.com; dkim=pass header.d=t2data.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=t2datacom.onmicrosoft.com; s=selector1-t2datacom-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=HyUKfOamlOm6FbKbIS8Rr64zAYxa9amPBxh2Li+63Zs=; b=JR3oqSmuT2zAxILfnc2YT6I78/NxEN27HpbXVw/du7r6MUI0pEne07e79TuF75YERZ/lkcjTM8tWR82hbM2xyMGJknnLE6uF6DUobvjWSN2+aEy3ztvojEQiw9M6fCaKsbG9uDP87XB+DC/6zV+wuDaHiPvvb4gDIJTqgIO8rTE= Authentication-Results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=t2data.com; Received: from DB9P251MB0618.EURP251.PROD.OUTLOOK.COM (2603:10a6:10:334::22) by DB4P251MB1108.EURP251.PROD.OUTLOOK.COM (2603:10a6:10:5e4::5) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.9253.11; Tue, 21 Oct 2025 13:18:23 +0000 Received: from DB9P251MB0618.EURP251.PROD.OUTLOOK.COM ([fe80::a4b2:58d7:8549:4b19]) by DB9P251MB0618.EURP251.PROD.OUTLOOK.COM ([fe80::a4b2:58d7:8549:4b19%5]) with mapi id 15.20.9253.010; Tue, 21 Oct 2025 13:18:23 +0000 Message-ID: Date: Tue, 21 Oct 2025 15:18:01 +0200 User-Agent: Mozilla Thunderbird To: s.pueschel@pengutronix.de References: <20251021131035.2034805-1-s.pueschel@pengutronix.de> Content-Language: en-US From: Christian Melki In-Reply-To: <20251021131035.2034805-1-s.pueschel@pengutronix.de> Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 8bit X-ClientProxiedBy: GV3PEPF00002BA5.SWEP280.PROD.OUTLOOK.COM (2603:10a6:144:1:0:6:0:1c) To DB9P251MB0618.EURP251.PROD.OUTLOOK.COM (2603:10a6:10:334::22) MIME-Version: 1.0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: DB9P251MB0618:EE_|DB4P251MB1108:EE_ X-MS-Office365-Filtering-Correlation-Id: e8c4cdc5-78c3-4d69-f585-08de10a44f59 X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0;ARA:13230040|366016|1800799024|376014|7053199007; X-Microsoft-Antispam-Message-Info: =?utf-8?B?dG9xODVRK29BYzNveWJvemFkQjFtTks2eDVLTWgxVCtRQnI0c0JzWHB1Vldi?= =?utf-8?B?RzlaNXdtU2xacjcyMlpnT0ZiVUptWVdMRWhOSlI2dVI4eDRkZkFlTzZzUkdX?= =?utf-8?B?VUViQ3dneWNzdHAzYW1TOEI2Szdlci96cEFtWGo3aG5VY1N6OWhJTEZNOGFz?= =?utf-8?B?ZEFzL0cvVXlRK2hsbkwxM2tPa3gwSEFDN1N4aGJQWm04OXNlREEvc0x2bkVZ?= =?utf-8?B?S3dvVS93Y1hRcDhjd2wrbU9QcnhhSmZkQWtFeVRyMk9POVE5TWphSld2NGk3?= =?utf-8?B?dFROdnAxejlwL0V4MTVIRm5UdmMrNXV2SU5XN0xPR0JZUTFsdCtRVHdwVDQv?= =?utf-8?B?eXpYM3AyZ3hPek1zaWMzcTZFS3l2ZURmUFQyTFNvSUhOeDFsb0RKYkNTbXM1?= =?utf-8?B?cFY5eEppbmtKRzdDb0h1UTBFZzM2S0hxYlVkOE03QktzOHpiRlRwWlpMV25K?= =?utf-8?B?Z2U1SWVLQ0krUXQzU05UdzRwbW1nUkJGb3hUZm1hVHkxTXAyTkdrejExeHhK?= =?utf-8?B?MW40WVZWSVBJeXpmZ2xNV0tXb1pIT1ZUVC9QMjd6V2NtNGNDaU85VEZhMXlR?= =?utf-8?B?Y2cxN05xczdLTHJiUVRXYk90RVV6VmJiWnY4aUhOSmpha2tjK3lMVmxBY0lu?= =?utf-8?B?dVEvOVV3RGVYUTFWbWlnUk5qR2xrbVFoZlI0T0tHVU5RRHpCeGFwVHlPbWJQ?= =?utf-8?B?SzZNYy9yenpnemN2K3Z0VHQrZW94eFVJcCtVQzk1TWcxeW8wYytNeCtoZWJI?= =?utf-8?B?czdmWWFjakhiYnprZEQzTEcyMDh6OFhMc1lFemdqc2t1RjRqMTcyeURIR2lP?= =?utf-8?B?Y3Jidzg3Rk9DQXZYdnZIMGpFUmpabFloQTFmWDlNQlp4Y3BRRms2ZTF6NzZT?= =?utf-8?B?d0lUdU53MDNteE0zWE9kZ2FtUUJ1NG8rdlR6YkY2WWpGclZ4WW44dGQ1WlNm?= =?utf-8?B?T2ZiN2dxMk5ZUVY3Mk1xZE9DVFkycVNkaW5GaVNyZ05ucjljZFNnZVp0bERT?= =?utf-8?B?VlZMSzhkWldiL0FwbHBDWElzeGlLS2lJN24vQlkzaDNOd0pmTHhrMnRyMUFJ?= =?utf-8?B?a3NTV1JqQjBrQXhJMjlOQU00dkdUTjVoVUEwOUJ6OHhBaEZURkw4MThNdDgy?= =?utf-8?B?VzlXdVhRblU2YjA1NDVQSGtRYmpVTHdXcVlCNkpYL2d0b2tkbFJxenowSW5k?= =?utf-8?B?NFg1OGdGRGZQZ1d3NjRMYkxIdVlTdHVQVDZ1eVRKV0gyNW1WU0wxSUVkdTZV?= =?utf-8?B?OHV1YVphSmJKWTFUZ1VkMStlMzNtQVNlbXVaelM2NGNDR0ZaQ1k0UlZsOVV5?= =?utf-8?B?QlVEYzMvMUovTnowMXI0REtmTXBLNmNmNjRMV2RYKy9VMENGZ21Mb0NzYTYw?= =?utf-8?B?U2FNSUIvMTk2ZzU1dFBRTVJPb3ExQ21YUTB5MjRaWnVoeDdFQzVPM2NkM3RD?= =?utf-8?B?NXQyTG1xejRadFlvWm9mZTM4bmZpRFM1ZVRIWlFzR2M5T1g3dkRDOFd1WE92?= =?utf-8?B?NW85dGw4cWdBam53ZHE2ZWorUlZYeVFyTU5vYWlqZ2ZpVlVPOG96cGhvaHNW?= =?utf-8?B?MHU3ckFPVWdDYXlMUSs1ckhMSmFqMkpZRmhodHRnWWxiSmlNeXErMGt3Mml1?= =?utf-8?B?WVB1Z1RKZmprUUl3V2NOUDBVSDJWN0JZZUgvZHlSQm5tOCtEOWsyK2UzQ0VL?= =?utf-8?B?WTBUYXhST3NtY3FlVW5KMFdoSDFsZjhkdjdGa1pFN2g4bEIxVzA1RWk0NlB1?= =?utf-8?B?UFZFSVVtclhFZjdiZTJtUFNmeFZlRTM2MXRWMngza01zZ0llU2hkUmVnUzd6?= =?utf-8?B?VlltSktEcWRMWWJzc052UHl5T08yY1JVZWpITFJCVk1OcTFHRmsxZGxSZTBl?= =?utf-8?B?NXc0MC9vT2Zmc0w5a1ZFN2JCSzdkNEpZK0JqSkRRS3dPaVE9PQ==?= X-Forefront-Antispam-Report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:DB9P251MB0618.EURP251.PROD.OUTLOOK.COM; PTR:; CAT:NONE; SFS:(13230040)(366016)(1800799024)(376014)(7053199007); DIR:OUT; SFP:1102; X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1 X-MS-Exchange-AntiSpam-MessageData-0: =?utf-8?B?eUFSM3c2TXhoWm5VbjBkU0ZLOXZwVWwwU3RseDRjeFNaOHJ1QXNxYm5KYUVk?= =?utf-8?B?NU5LODlmK2tkaFZqYXVBbEExZXp3bjBvbDRnUTl0dXBIdVVMMmJIWkJYTnpK?= =?utf-8?B?aXJYQ05qK0kvNzJKSHVzRzlOdVR1VEg2Q0l6NDNsSTdaTTBycDJUelpMSkpP?= =?utf-8?B?TTFGRTl4bTluOTZKOTBpR2p0VWFDeWFqRXNJbTBJYjQ3QlpqQnZxVTg3Zys5?= =?utf-8?B?VUk2V0l6dzd1TlNYeEJlamNhNlRpNlpJMzRTRi9MSHorRHBnTDhySEs1aC9h?= =?utf-8?B?a1RQRUh5NzU0VHRJdjZ4d3haWmhoK2lVNVFwWWpGQnZWdkxDL3hpdUNaZFNs?= =?utf-8?B?WkxMaE5pdUN5M1BoT2pkM29ISDc2MGFLVzNJYkk0dUY1a0VHSEI1K1JvcU5P?= =?utf-8?B?Z2FzRy9rUUJQTHhiaFVPMWxPNzN2R3ZUWXh1R3RUSkIySndnUEp6Q0UxaEZ4?= =?utf-8?B?Wk9tYTdOVWwwOVZielc3ZUloYXFaaTV2SnowaTI5YXNlUThQMGVDbmxHSE1l?= =?utf-8?B?UFZLa0QxaXV0TmlnWFZVNlNmR3RpWTFEOW9odTNvY1l1eFJZdHJTcHY5OXg1?= =?utf-8?B?VDJtN1daRWtpRGFGR0h4ZUN5UURDVE1LeU5BM3IwV21HM1dDWUExbmYxaC9q?= =?utf-8?B?M0psQ3F3bzRWRjZHakJIQUVGOUJpWG9iZEJ1TGVpSnhuMUhWSlJQSzdWRVlB?= =?utf-8?B?dDdZS3podzI0MWxIbmZjVEsrZHVDdXEyQzZtUGFuUlVpNjVJUkIzaUE3ZDV1?= =?utf-8?B?ZnFtQ0wwTzNrbXRSRlFLUjNiazNzdXdpODN5cXcyLzUrVlJLRytWMmlkUU1X?= =?utf-8?B?a0grYXJTUFU4RytGakZ2MUdJZDlQNXNhUGZHSkRIY2FVV2FHelZEbTRacXVL?= =?utf-8?B?Z1lCK3JSazJ5bFMydTdyZW9obGNwN1JjR3lmdzdBK3AxdVpRL0R4TWw0clg5?= =?utf-8?B?VjhkQnVhZ0tlcTVSN3lBMElvNXM5WFRVMThwQURWUFhRQXpaOUk4WllmNCsw?= =?utf-8?B?ZnVmV0VHZ3JHNUJDbkUra1pzeTFnS2hlNEtnNFA0SGE1MmdsQlQvM3Z5Yjlr?= =?utf-8?B?eWtNN3dLQ01MYTFrdTlieW80MkNWZEtyVGFhTGxNUVZTZURzL3NQMDJqTWUw?= =?utf-8?B?SHFHbGJzUS9nQUZUTDlGVEUyK2JXVUs0aGoyVlQxU0JhQXhuQUkyMzQ5dWRv?= =?utf-8?B?NTcxNFVTeHdIajdqWW1qaEJzdVRwdlpLM1pmMG0xdHZRYlB0WVRmd3RFOVFW?= =?utf-8?B?Q3c4MEhYRGkzeGszaUNOZ2UyQWthMldPZ0hkd1lJMmQ3cFRPL3hmR0VzcC9x?= =?utf-8?B?aFhMc25CU1BYTVRYRUV5MkpkY000VGpzdld3N1ZqZW53MnRxS0FzU1F6OGNR?= =?utf-8?B?NzN0SUd0cm9ITEZKd0xYWFd0YXdFTjJLVEk4UUMzN3RyTXNCMWN5MmJoMnhs?= =?utf-8?B?MTBWa2NmZ1dvUGc3aGl3UUh4L2VLa3B5QmRVclp2dko3NE5kNWNtZ3d4d0ZS?= =?utf-8?B?K015eU83clZvUzNCZXVlenBsenBtajc1Z2U3VEtyRkdqY0ZjQkd6UVBoYXNq?= =?utf-8?B?S1dEU0tlampXdDYvbVdxaEdvTkpXTVRSRHFWaW1wUnFiaHpaN05odThDN3I4?= =?utf-8?B?Mlh6Nk9KVXBJTndOWHRCVXYwOXVrb1ZEZFZZTWJDL1pMdVBzMlZzb0J1WVdX?= =?utf-8?B?ZVJhTmprOFB1YUdnNnBlYWg3SEt3cXY0b29Uby9mN0RBazlLUFZzeFZNdmdm?= =?utf-8?B?S3hsRTduNFY5blgyTlFZWHo5dUR0M0ZFMllvL2dsdDVOdzFkaXdiMHhic3Nz?= =?utf-8?B?YllOMEl1b09jNDRDZzA5RkZrbWt1bGNzYTlBUVpBbWJHRmdKRE1FdjIyZFho?= =?utf-8?B?NTR2MTJkVE12VThGaWVnUDRVc2RDd2F1VHhkT2Z2bU9rem5CSkwvNkNjVjZQ?= =?utf-8?B?TTBoaEZUdG9UbEJxVllKRkhXQVZmZFpYME5JU3V0OEtRVFgvLzYxYzdrakpK?= =?utf-8?B?TERtYUhxNk9NSjlNVzBHOFRGbzFibjMwWnd3MjVCMDVZMUJZdGdmNm5mMzFB?= =?utf-8?B?T2ZFUXJzRkVPUStLTFJEc0UxbGpRcjlQeERxTFk5Yy8wNTI4TEN4UEhXUWpr?= =?utf-8?B?ZWJ2RVB5a0FtM2JVSTRSZWNvUzZlaGlRV1BTV1BDTHpMcmFwVWtYbDJ3RzA5?= =?utf-8?B?WkE9PQ==?= X-OriginatorOrg: t2data.com X-MS-Exchange-CrossTenant-Network-Message-Id: e8c4cdc5-78c3-4d69-f585-08de10a44f59 X-MS-Exchange-CrossTenant-AuthSource: DB9P251MB0618.EURP251.PROD.OUTLOOK.COM X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 21 Oct 2025 13:18:23.1344 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 27928da5-aacd-4ba1-9566-c748a6863e6c X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: asVKm/N0aLDmaaR4nMtCEGkvthw1MUBkcQbAPRav3CQ4OYXbT84ECbUtnwnJPwFHi2mjOZk0lEVkAU7vYAJMW5hPivi/fgdpRKMgyuMVrE4= X-MS-Exchange-Transport-CrossTenantHeadersStamped: DB4P251MB1108 X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on metis.whiteo.stw.pengutronix.de X-Spam-Level: X-Spam-Status: No, score=-2.1 required=4.0 tests=AWL,BAYES_00,DKIM_SIGNED, DKIM_VALID,RCVD_IN_DNSWL_NONE,RCVD_IN_MSPIKE_H2, RCVD_IN_VALIDITY_CERTIFIED_BLOCKED,RCVD_IN_VALIDITY_RPBL_BLOCKED, SPF_HELO_PASS,SPF_PASS autolearn=ham autolearn_force=no version=3.4.2 Subject: Re: [ptxdist] [PATCH] xz: version bump 5.4.4 -> 5.8.1 X-BeenThere: ptxdist@pengutronix.de X-Mailman-Version: 2.1.29 Precedence: list List-Id: PTXdist Development Mailing List List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Reply-To: ptxdist@pengutronix.de Cc: ptxdist@pengutronix.de Sender: "ptxdist" X-SA-Exim-Connect-IP: 127.0.0.1 X-SA-Exim-Mail-From: ptxdist-bounces@pengutronix.de X-SA-Exim-Scanned: No (on metis.whiteo.stw.pengutronix.de); SAEximRunCond expanded to false Hi Sven. Glad you did this. There was a bit of controversy regarding the xz bump at the time after the project got compromised. I don't remember what it was about, but I don't mind xz at all. Could you also be so kind and check the host-* equivalents too? Regards, Christian On 10/21/25 3:10 PM, Sven Püschel wrote: > This fixes CVE-2025-31115: Threaded .xz decoder frees memory too early. > > Most parts of the COPYING file replaced public domain licenses with > 0BSD. But public domain is still mentioned for some old translations. > Therefore only add 0BSD to the license list. > > Signed-off-by: Sven Püschel > --- > rules/xz.make | 12 +++++++----- > 1 file changed, 7 insertions(+), 5 deletions(-) > > diff --git a/rules/xz.make b/rules/xz.make > index f24a2ac03..90a32f728 100644 > --- a/rules/xz.make > +++ b/rules/xz.make > @@ -14,16 +14,16 @@ PACKAGES-$(PTXCONF_XZ) += xz > # > # Paths and names > # > -XZ_VERSION := 5.4.4 > -XZ_MD5 := fbb849a27e266964aefe26bad508144f > +XZ_VERSION := 5.8.1 > +XZ_MD5 := a814a04a94c5ce757e2f90e387bd1a5c > XZ := xz-$(XZ_VERSION) > XZ_SUFFIX := tar.bz2 > XZ_URL := https://tukaani.org/xz/$(XZ).$(XZ_SUFFIX) > XZ_SOURCE := $(SRCDIR)/$(XZ).$(XZ_SUFFIX) > XZ_DIR := $(BUILDDIR)/$(XZ) > -XZ_LICENSE := public_domain AND LGPL-2.1-or-later AND GPL-2.0-or-later AND GPL-3.0-or-later > +XZ_LICENSE := 0BSD AND public_domain AND LGPL-2.1-or-later AND GPL-2.0-or-later AND GPL-3.0-or-later > XZ_LICENSE_FILES := \ > - file://COPYING;md5=c8ea84ebe7b93cce676b54355dc6b2c0 \ > + file://COPYING;md5=d38d562f6112174de93a9677682231b2 \ > file://COPYING.GPLv2;md5=b234ee4d69f5fce4486a80fdaf4a4263 \ > file://COPYING.GPLv3;md5=1ebbd3e34237af26da5dc08a4e440464 \ > file://COPYING.LGPLv2.1;md5=4fbd65380cdd255951079008b364516c > @@ -53,6 +53,7 @@ XZ_CONF_OPT := \ > --disable-lzma-links \ > --$(call ptx/endis,PTXCONF_XZ_TOOLS)-scripts \ > --disable-doc \ > + --disable-doxygen \ > --disable-sandbox \ > --enable-shared \ > --disable-static \ > @@ -62,7 +63,8 @@ XZ_CONF_OPT := \ > $(GLOBAL_LARGE_FILE_OPTION) \ > --enable-unaligned-access=auto \ > --disable-unsafe-type-punning \ > - --disable-werror > + --disable-werror \ > + --$(call ptx/endis, PTXDIST_Y2038)-year2038 > > # ---------------------------------------------------------------------------- > # Target-Install