xz rebuild to not use released tar

severe CVE https://www.openwall.com/lists/oss-security/2024/03/29/4
use github created source tar for now, should not be effected by the backdoor

xz/PKGBUILD

@@ -1,16 +1,17 @@
 
 pkgname=xz
 pkgver=5.6.1
-pkgrel=1
+pkgrel=2
 pkgdesc='Library and command line tools for XZ and LZMA compressed files'
 arch=('x86_64')
 url='https://xz.tukaani.org/xz-utils/'
 license=('GPL' 'LGPL' '0BSD')
 depends=('sh')
 options=('!libtool')
-source=("https://github.com/tukaani-project/xz/releases/download/v${pkgver}/${pkgname}-${pkgver}.tar.xz"
+#source=("https://github.com/tukaani-project/xz/releases/download/v${pkgver}/${pkgname}-${pkgver}.tar.xz"
+source=("https://github.com/tukaani-project/xz/archive/refs/tags/v${pkgver}.tar.gz"
         'xzgrep-ZDI-CAN-16587.patch')
-md5sums=('3ffbb426381c011dc9c986376d944ab7'
+md5sums=('b873d65db3e66157bf382a0fa9f90b7e'
          'a194a4240198e221b7d0249dc2c1fe06')
 
 build() {
@@ -19,6 +20,7 @@ build() {
     #patch -p1 -i ${srcdir}/xzgrep-ZDI-CAN-16587.patch
     #export CFLAGS="$CFLAGS -Wno-format-truncation"
 
+    autoreconf -vfi
     ./configure --prefix=/usr \
         --disable-rpath \
         --enable-werror