Skip to content

Commit

Permalink
Revert "tools/xz: update to 5.6.1" (CVE-2024-3094)
Browse files Browse the repository at this point in the history 
This reverts commit 714c91d as probably
the upstream xz repository and the xz tarballs have been backdoored.

References: https://www.openwall.com/lists/oss-security/2024/03/29/4.
Signed-off-by: Petr Štetiar <[email protected]>
  • Loading branch information
@ynezz
ynezz committed Mar 29, 2024
1 parent f9f2426 commit d4b6b76
Showing 1 changed file with 4 additions and 3 deletions.
7 changes: 4 additions & 3 deletions tools/xz/Makefile
View file
Original file line number Diff line number Diff line change
Expand Up @@ -7,11 +7,12 @@
include $(TOPDIR)/rules.mk

PKG_NAME:=xz
PKG_VERSION:=5.6.1
PKG_VERSION:=5.4.6

PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.bz2
PKG_SOURCE_URL:=https://github.com/tukaani-project/xz/releases/download/v$(PKG_VERSION)
PKG_HASH:=d300422649a0124b1121630be559c890ceedf32667d7064b8128933166c217c8
PKG_SOURCE_URL:=@SF/lzmautils \
http://tukaani.org/xz
PKG_HASH:=913851b274e8e1d31781ec949f1c23e8dbcf0ecf6e73a2436dc21769dd3e6f49
PKG_CPE_ID:=cpe:/a:tukaani:xz

HOST_BUILD_PARALLEL:=1
Expand Down

0 comments on commit d4b6b76

Please sign in to comment.