Skip to content

Commit 3644a3d

Browse files
jmairboeckjmairboeck
committed
xz_utils: switch the SOURCE_URI to the Github generated archive
Apparently, the release tarballs are compromised and contain a backdoor. This mitigates CVE-2024-3094. (even if Haiku is probably not affected by it)
1 parent 9f161e1 commit 3644a3d

File tree

1 file changed

+3
-3
lines changed

1 file changed

+3
-3
lines changed

app-arch/xz_utils/xz_utils-5.6.1.recipe

Lines changed: 3 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -6,9 +6,9 @@ COPYRIGHT="2005-2018 Lasse Collin"
66
LICENSE="GNU LGPL v2.1
77
GNU GPL v2
88
GNU GPL v3"
9-
REVISION="1"
10-
SOURCE_URI="https://github.com/tukaani-project/xz/releases/download/v$portVersion/xz-$portVersion.tar.gz"
11-
CHECKSUM_SHA256="2398f4a8e53345325f44bdd9f0cc7401bd9025d736c6d43b372f4dea77bf75b8"
9+
REVISION="2"
10+
SOURCE_URI="https://github.com/tukaani-project/xz/archive/refs/tags/v$portVersion.tar.gz"
11+
CHECKSUM_SHA256="237284fae40e5f8e9908f0a977e7d0b9a5c7c1c10a41b8e6ed0fb40e930467c8"
1212
SOURCE_DIR="xz-$portVersion"
1313
ADDITIONAL_FILES="xz_utils-expander-rules"
1414

0 commit comments

Comments
 (0)