diff mbox series

xz: Update to version 5.8.1

Message ID	20250408213727.3271294-1-adolf.belka@ipfire.org
State	New
Headers	From: Adolf Belka <adolf.belka@ipfire.org> To: development@lists.ipfire.org Cc: Adolf Belka <adolf.belka@ipfire.org> Subject: [PATCH] xz: Update to version 5.8.1 Date: Tue, 8 Apr 2025 23:37:27 +0200 Message-ID: <20250408213727.3271294-1-adolf.belka@ipfire.org> Precedence: list Sender: <development@lists.ipfire.org> Mail-Followup-To: <development@lists.ipfire.org> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit
Series	xz: Update to version 5.8.1 \| xz: Update to version 5.8.1

Commit Message

Adolf Belka April 8, 2025, 9:37 p.m. UTC

  - Update from version 5.8.0 to 5.8.1
- Update of rootfile
- Changelog
    5.8.1
	    IMPORTANT: This includes a security fix for CVE-2025-31115 which
	    affects XZ Utils from 5.3.3alpha to 5.8.0. No new 5.4.x or 5.6.x
	    releases will be made, but the fix is in the v5.4 and v5.6 branches
	    in the xz Git repository. A standalone patch for all affected
	    versions is available as well.
	    * Multithreaded .xz decoder (lzma_stream_decoder_mt()):
	        - Fix a bug that could at least result in a crash with
	          invalid input. (CVE-2025-31115)
	        - Fix a performance bug: Only one thread was used if the whole
	          input file was provided at once to lzma_code(), the output
	          buffer was big enough, timeout was disabled, and LZMA_FINISH
	          was used. There are no bug reports about this, thus it's
	          possible that no real-world application was affected.
	    * Avoid <stdalign.h> even with C11/C17 compilers. This fixes the
	      build with Oracle Developer Studio 12.6 on Solaris 10 when the
	      compiler is in C11 mode (the header doesn't exist).
	    * Autotools: Restore compatibility with GNU make versions older
	      than 4.0 by creating the package using GNU gettext 0.23.1
	      infrastructure instead of 0.24.
	    * Update Croatian translation.

Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
---
 config/rootfiles/common/xz | 2 +-
 lfs/xz                     | 4 ++--
 2 files changed, 3 insertions(+), 3 deletions(-)

Comments

Michael Tremer April 10, 2025, 10:18 a.m. UTC | #1

Reviewed-by: Michael Tremer <michael.tremer@ipfire.org>

This was obviously too late for c193, but I strongly suggest to ship this in c194.

Best,
-Michael

> On 8 Apr 2025, at 22:37, Adolf Belka <adolf.belka@ipfire.org> wrote:
> 
> - Update from version 5.8.0 to 5.8.1
> - Update of rootfile
> - Changelog
>    5.8.1
>    IMPORTANT: This includes a security fix for CVE-2025-31115 which
>    affects XZ Utils from 5.3.3alpha to 5.8.0. No new 5.4.x or 5.6.x
>    releases will be made, but the fix is in the v5.4 and v5.6 branches
>    in the xz Git repository. A standalone patch for all affected
>    versions is available as well.
>    * Multithreaded .xz decoder (lzma_stream_decoder_mt()):
>        - Fix a bug that could at least result in a crash with
>          invalid input. (CVE-2025-31115)
>        - Fix a performance bug: Only one thread was used if the whole
>          input file was provided at once to lzma_code(), the output
>          buffer was big enough, timeout was disabled, and LZMA_FINISH
>          was used. There are no bug reports about this, thus it's
>          possible that no real-world application was affected.
>    * Avoid <stdalign.h> even with C11/C17 compilers. This fixes the
>      build with Oracle Developer Studio 12.6 on Solaris 10 when the
>      compiler is in C11 mode (the header doesn't exist).
>    * Autotools: Restore compatibility with GNU make versions older
>      than 4.0 by creating the package using GNU gettext 0.23.1
>      infrastructure instead of 0.24.
>    * Update Croatian translation.
> 
> Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
> ---
> config/rootfiles/common/xz | 2 +-
> lfs/xz                     | 4 ++--
> 2 files changed, 3 insertions(+), 3 deletions(-)
> 
> diff --git a/config/rootfiles/common/xz b/config/rootfiles/common/xz
> index 3873744c8..f836d4578 100644
> --- a/config/rootfiles/common/xz
> +++ b/config/rootfiles/common/xz
> @@ -41,7 +41,7 @@ usr/bin/xzmore
> #usr/lib/liblzma.la
> #usr/lib/liblzma.so
> usr/lib/liblzma.so.5
> -usr/lib/liblzma.so.5.8.0
> +usr/lib/liblzma.so.5.8.1
> #usr/lib/pkgconfig/liblzma.pc
> #usr/share/doc/xz
> #usr/share/doc/xz/AUTHORS
> diff --git a/lfs/xz b/lfs/xz
> index 511848c1d..1ee1faa52 100644
> --- a/lfs/xz
> +++ b/lfs/xz
> @@ -24,7 +24,7 @@
> 
> include Config
> 
> -VER        = 5.8.0
> +VER        = 5.8.1
> 
> THISAPP    = xz-$(VER)
> DL_FILE    = $(THISAPP).tar.xz
> @@ -45,7 +45,7 @@ objects = $(DL_FILE)
> 
> $(DL_FILE) = $(DL_FROM)/$(DL_FILE)
> 
> -$(DL_FILE)_BLAKE2 = 5087c88884a857b96bc5658548fc9b07ab2f14fe9eabfaeaa19e21810e7588c97621db08353632bd56e66ae2085ec5adc421c4d6849525b630d56dadd65c9f81
> +$(DL_FILE)_BLAKE2 = f11be3971e181bb49b6a92d3cc07ebb1c6b5fb53bc5d079e0952eed94f069656cffb37a2e2e8f068a5f119c6ef5ee565b3ac9978a5afa24a40d49607d492d176
> 
> install : $(TARGET)
> 
> -- 
> 2.49.0
> 
>

diff mbox series

Patch

diff --git a/config/rootfiles/common/xz b/config/rootfiles/common/xz
index 3873744c8..f836d4578 100644
--- a/config/rootfiles/common/xz
+++ b/config/rootfiles/common/xz
@@ -41,7 +41,7 @@  usr/bin/xzmore
 #usr/lib/liblzma.la
 #usr/lib/liblzma.so
 usr/lib/liblzma.so.5
-usr/lib/liblzma.so.5.8.0
+usr/lib/liblzma.so.5.8.1
 #usr/lib/pkgconfig/liblzma.pc
 #usr/share/doc/xz
 #usr/share/doc/xz/AUTHORS
diff --git a/lfs/xz b/lfs/xz
index 511848c1d..1ee1faa52 100644
--- a/lfs/xz
+++ b/lfs/xz
@@ -24,7 +24,7 @@ 
 
 include Config
 
-VER        = 5.8.0
+VER        = 5.8.1
 
 THISAPP    = xz-$(VER)
 DL_FILE    = $(THISAPP).tar.xz
@@ -45,7 +45,7 @@  objects = $(DL_FILE)
 
 $(DL_FILE) = $(DL_FROM)/$(DL_FILE)
 
-$(DL_FILE)_BLAKE2 = 5087c88884a857b96bc5658548fc9b07ab2f14fe9eabfaeaa19e21810e7588c97621db08353632bd56e66ae2085ec5adc421c4d6849525b630d56dadd65c9f81
+$(DL_FILE)_BLAKE2 = f11be3971e181bb49b6a92d3cc07ebb1c6b5fb53bc5d079e0952eed94f069656cffb37a2e2e8f068a5f119c6ef5ee565b3ac9978a5afa24a40d49607d492d176
 
 install : $(TARGET)