mirror
/
openwrt-packages
mirror of https://git.openwrt.org/feed/packages.git
1
0
Fork 0
Code Releases Activity

Revert "tools/xz: update to 5.6.1" (CVE-2024-3094) 

This reverts commit 714c91d1a63f29650abaa9cf69ffa47cf2c70297 as probably
the upstream xz repository and the xz tarballs have been backdoored.

References: https://www.openwall.com/lists/oss-security/2024/03/29/4
Signed-off-by: Petr Štetiar <ynezz@true.cz>
This commit is contained in:
Petr Štetiar 2024-03-29 17:31:17 +00:00
parent ccabe6d8e6
commit 9e46b47ca3
No known key found for this signature in database
GPG Key ID: 58EE120F30CC02D3
2 changed files with 5 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
utils/xz/Makefile
View File

@ -9,12 +9,12 @@
include $(TOPDIR)/rules.mk
PKG_NAME:=xz
PKG_VERSION:=5.6.1
PKG_VERSION:=5.4.6
PKG_RELEASE:=1
PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.xz
PKG_SOURCE_URL:=https://github.com/tukaani-project/xz/releases/download/v$(PKG_VERSION)
PKG_HASH:=f334777310ca3ae9ba07206d78ed286a655aa3f44eec27854f740c26b2cd2ed0
PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.bz2
PKG_SOURCE_URL:=@SF/lzmautils
PKG_HASH:=913851b274e8e1d31781ec949f1c23e8dbcf0ecf6e73a2436dc21769dd3e6f49
PKG_MAINTAINER:=
PKG_LICENSE:=Public-Domain LGPL-2.1-or-later GPL-2.0-or-later GPL-3.0-or-later

2
utils/xz/patches/001-relative-pkg-config-paths.patch
View File

@ -1,6 +1,6 @@
--- a/src/liblzma/liblzma.pc.in
+++ b/src/liblzma/liblzma.pc.in
@@ -3,8 +3,8 @@
@@ -7,8 +7,8 @@
prefix=@prefix@
exec_prefix=@exec_prefix@