xz: Switch from upstream tarball to git tarball

[lazka]

Run autogen to get the documentation built instead of just autoreconf Also needs extra build depends for things already included in the tarball.

And remove the signing key from the bad actor.

[jeremyd2019]

I'm (already) getting a checksum failure on that new tar.

[jeremyd2019]

oh, access to the repository has been disabled due to terms of service violation. That's messing up the tar link too.

[jeremyd2019]

For now, I'm reverting to 5.6.0-1 in my i686 msys repo. EDIT: oops, should have read first, 5.6.0 was also backdoored. But, luckily, it sounds like only linux x86_64 was targeted, and then only when building rpm or deb packages. Reverted to 5.4.6-2 now.

[lazka]

uh, annoying. It seems contra productive to hinder people from downgrading, or switching sources.

For now, I'm reverting to 5.6.0-1 in my i686 msys repo. EDIT: oops, should have read first, 5.6.0 was also backdoored. But, luckily, it sounds like only linux x86_64 was targeted, and then only when building rpm or deb packages. Reverted to 5.4.6-2 now.

Yeah, it shouldn't be a problem either way. But using git at least doesn't run any of the found (as of now) problematic code.