From: James Hilliard <james.hilliard1@gmail.com>
To: Peter Seiderer <ps.report@gmx.net>
Cc: buildroot@busybox.net, Samuel Martin <s.martin49@gmail.com>
Subject: Re: [Buildroot] [PATCH v1 1/4] package/xz: bump version to 5.6.0
Date: Fri, 29 Mar 2024 11:21:33 -0600 [thread overview]
Message-ID: <CADvTj4obpt2KevT7pCZ6j=VdOefb8x-iU_-NLRJOVz_MS0Ng1A@mail.gmail.com> (raw)
In-Reply-To: <20240307165218.10027-1-ps.report@gmx.net>
[-- Attachment #1.1: Type: text/plain, Size: 3857 bytes --]
On Thu, Mar 7, 2024 at 9:52 AM Peter Seiderer via buildroot <
buildroot@buildroot.org> wrote:
> - bump version to 5.6.0
> - change homepage URL to https://xz.tukaani.org/xz-utils/
> - add BSD-0-Clause and update license file hash accordingly (see [1], [2],
> and [3])
>
> For details see [4].
>
> [1]
> https://github.com/tukaani-project/xz/commit/b1ee6cf259bb49ce91abe9f622294524e37edf4c
> [2]
> https://github.com/tukaani-project/xz/commit/689e0228baeb95232430e90d628379db89583d71
> [3]
> https://github.com/tukaani-project/xz/commit/28ce45e38fbed4b5f54f2013e38dab47d22bf699
> [4] https://github.com/tukaani-project/xz/blob/master/NEWS
>
> Signed-off-by: Peter Seiderer <ps.report@gmx.net>
> ---
> package/xz/Config.in | 2 +-
> package/xz/xz.hash | 7 ++++---
> package/xz/xz.mk | 6 +++---
> 3 files changed, 8 insertions(+), 7 deletions(-)
>
> diff --git a/package/xz/Config.in b/package/xz/Config.in
> index 687bd55482..7130fa5e8e 100644
> --- a/package/xz/Config.in
> +++ b/package/xz/Config.in
> @@ -12,4 +12,4 @@ config BR2_PACKAGE_XZ
> invoked via appropriate symlinks will emulate the behavior
> of the commands in the lzma package.
>
> - https://tukaani.org/xz/
> + https://xz.tukaani.org/xz-utils/
> diff --git a/package/xz/xz.hash b/package/xz/xz.hash
> index e8025a8065..71c2c65a3e 100644
> --- a/package/xz/xz.hash
> +++ b/package/xz/xz.hash
> @@ -1,9 +1,10 @@
> # Locally calculated after checking pgp signature
> -#
> https://github.com/tukaani-project/xz/releases/download/v5.4.6/xz-5.4.6.tar.bz2.sig
> -sha256
> <https://github.com/tukaani-project/xz/releases/download/v5.4.6/xz-5.4.6.tar.bz2.sig-sha256>
> 913851b274e8e1d31781ec949f1c23e8dbcf0ecf6e73a2436dc21769dd3e6f49
> xz-5.4.6.tar.bz2
> +#
> https://github.com/tukaani-project/xz/releases/download/v5.6.0/xz-5.6.0.tar.bz2.sig
> +sha256
> <https://github.com/tukaani-project/xz/releases/download/v5.6.0/xz-5.6.0.tar.bz2.sig+sha256>
> 88c8631cefba91664fdc47b14bb753e1876f4964a07db650821d203992b1e1ea
> xz-5.6.0.tar.bz2
>
> # Hash for license files
> -sha256 29a1e305b2e34eefe5d4602d00cde1d528b71c5d9f2eec5106972cf6ddb6f73f
> COPYING
> +sha256 0864e508475f20b43a2393957fdb5a966558099ffa8fed1e3e73fe2b3eebb145
> COPYING
> +sha256 0b01625d853911cd0e2e088dcfb743261034a091bb379246cb25a14cc4c74bf1
> COPYING.0BSD
> sha256 8177f97513213526df2cf6184d8ff986c675afb514d4e68a404010521b880643
> COPYING.GPLv2
> sha256 3972dc9744f6499f0f9b2dbf76696f2ae7ad8af9b23dde66d6af86c9dfb36986
> COPYING.GPLv3
> sha256 dc626520dcd53a22f727af3ee42c770e56c97a64fe3adb063799d8ab032fe551
> COPYING.LGPLv2.1
> diff --git a/package/xz/xz.mk b/package/xz/xz.mk
> index 40fa59ca7c..e35fbc0268 100644
> --- a/package/xz/xz.mk
> +++ b/package/xz/xz.mk
> @@ -4,13 +4,13 @@
> #
>
> ################################################################################
>
> -XZ_VERSION = 5.4.6
> +XZ_VERSION = 5.6.0
>
Is this version backdoored?
https://www.openwall.com/lists/oss-security/2024/03/29/4
> XZ_SOURCE = xz-$(XZ_VERSION).tar.bz2
> XZ_SITE =
> https://github.com/tukaani-project/xz/releases/download/v$(XZ_VERSION)
> XZ_INSTALL_STAGING = YES
> XZ_CONF_ENV = ac_cv_prog_cc_c99='-std=gnu99'
> -XZ_LICENSE = Public Domain, GPL-2.0+, GPL-3.0+, LGPL-2.1+
> -XZ_LICENSE_FILES = COPYING COPYING.GPLv2 COPYING.GPLv3 COPYING.LGPLv2.1
> +XZ_LICENSE = Public Domain, BSD-0-Clause, GPL-2.0+, GPL-3.0+, LGPL-2.1+
> +XZ_LICENSE_FILES = COPYING COPYING.0BSD COPYING.GPLv2 COPYING.GPLv3
> COPYING.LGPLv2.1
> XZ_CPE_ID_VENDOR = tukaani
>
> ifeq ($(BR2_TOOLCHAIN_HAS_THREADS),y)
> --
> 2.44.0
>
> _______________________________________________
> buildroot mailing list
> buildroot@buildroot.org
> https://lists.buildroot.org/mailman/listinfo/buildroot
>
[-- Attachment #1.2: Type: text/html, Size: 6043 bytes --]
[-- Attachment #2: Type: text/plain, Size: 150 bytes --]
_______________________________________________
buildroot mailing list
buildroot@buildroot.org
https://lists.buildroot.org/mailman/listinfo/buildroot
next prev parent reply other threads:[~2024-03-29 17:21 UTC|newest]
Thread overview: 7+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-03-07 16:52 [Buildroot] [PATCH v1 1/4] package/xz: bump version to 5.6.0 Peter Seiderer via buildroot
2024-03-07 16:52 ` [Buildroot] [PATCH v1 2/4] package/xz: determine all autoconf options Peter Seiderer via buildroot
2024-03-07 16:52 ` [Buildroot] [RFC v1 3/4] package/xz: enable year2038 option Peter Seiderer via buildroot
2024-03-07 16:52 ` [Buildroot] [RFC v1 4/4] package/xz: convert to cmake build Peter Seiderer via buildroot
2024-03-29 17:21 ` James Hilliard [this message]
2024-03-29 19:54 ` [Buildroot] [PATCH v1 1/4] package/xz: bump version to 5.6.0 Yann E. MORIN
2024-03-31 7:26 ` Thomas Petazzoni via buildroot
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to='CADvTj4obpt2KevT7pCZ6j=VdOefb8x-iU_-NLRJOVz_MS0Ng1A@mail.gmail.com' \
--to=james.hilliard1@gmail.com \
--cc=buildroot@busybox.net \
--cc=ps.report@gmx.net \
--cc=s.martin49@gmail.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.