From d4b6b76443207103d3a7c0eae5c0085317fb584f Mon Sep 17 00:00:00 2001 From: =?utf8?q?Petr=20=C5=A0tetiar?= Date: Fri, 29 Mar 2024 16:59:01 +0000 Subject: [PATCH] Revert "tools/xz: update to 5.6.1" (CVE-2024-3094) MIME-Version: 1.0 Content-Type: text/plain; charset=utf8 Content-Transfer-Encoding: 8bit This reverts commit 714c91d1a63f29650abaa9cf69ffa47cf2c70297 as probably the upstream xz repository and the xz tarballs have been backdoored. References: https://www.openwall.com/lists/oss-security/2024/03/29/4. Signed-off-by: Petr Å tetiar --- tools/xz/Makefile | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/tools/xz/Makefile b/tools/xz/Makefile index b7b9429244..a90cec86bf 100644 --- a/tools/xz/Makefile +++ b/tools/xz/Makefile @@ -7,11 +7,12 @@ include $(TOPDIR)/rules.mk PKG_NAME:=xz -PKG_VERSION:=5.6.1 +PKG_VERSION:=5.4.6 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.bz2 -PKG_SOURCE_URL:=https://github.com/tukaani-project/xz/releases/download/v$(PKG_VERSION) -PKG_HASH:=d300422649a0124b1121630be559c890ceedf32667d7064b8128933166c217c8 +PKG_SOURCE_URL:=@SF/lzmautils \ + http://tukaani.org/xz +PKG_HASH:=913851b274e8e1d31781ec949f1c23e8dbcf0ecf6e73a2436dc21769dd3e6f49 PKG_CPE_ID:=cpe:/a:tukaani:xz HOST_BUILD_PARALLEL:=1 -- 2.30.2