From: Baruch Siach via buildroot <buildroot@buildroot.org>
To: Thomas Perale via buildroot <buildroot@buildroot.org>
Cc: Bernd Kuhls <bernd@kuhls.net>, Thomas Perale <thomas.perale@mind.be>
Subject: Re: [Buildroot] [PATCH 1/1] package/xz: security bump version to 5.8.3
Date: Wed, 15 Apr 2026 07:31:18 +0300 [thread overview]
Message-ID: <877bq8deuh.fsf@tarshish> (raw)
In-Reply-To: <20260414154407.334265-1-thomas.perale@mind.be> (Thomas Perale via buildroot's message of "Tue, 14 Apr 2026 17:44:07 +0200")
Hi Thomas,
On Tue, Apr 14 2026, Thomas Perale via buildroot wrote:
> In reply of:
>> https://github.com/tukaani-project/xz/releases/tag/v5.8.3
>>
>> Fixes CVE-2026-34743.
>>
>> Switched to sha256 tarball provided by upstream.
>>
>> Signed-off-by: Bernd Kuhls <bernd@kuhls.net>
>
> Applied to 2026.02.x. Thanks
Not in 2026.02.x branch as of commit 8f19b5b8096f ("package/leafnode2:
fix build without pod2man").
baruch
>
>> ---
>> package/xz/xz.hash | 6 ++----
>> package/xz/xz.mk | 2 +-
>> 2 files changed, 3 insertions(+), 5 deletions(-)
>>
>> diff --git a/package/xz/xz.hash b/package/xz/xz.hash
>> index 99daa5e9df..488a3d55dc 100644
>> --- a/package/xz/xz.hash
>> +++ b/package/xz/xz.hash
>> @@ -1,7 +1,5 @@
>> -# Locally calculated after checking pgp signature
>> -# https://github.com/tukaani-project/xz/releases/download/v5.8.2/xz-5.8.2.tar.bz2.sig
>> -# using key 3690C240CE51B4670D30AD1C38EE757D69184620 Lasse Collin <lasse.collin@tukaani.org>
>> -sha256 60345d7c0b9c8d7ffa469e96898c300def3669f5047fc76219b819340839f3d8 xz-5.8.2.tar.bz2
>> +# From https://github.com/tukaani-project/xz/releases/tag/v5.8.3
>> +sha256 33bf69c0d6c698e83a68f77e6c1f465778e418ca0b3d59860d3ab446f4ac99a6 xz-5.8.3.tar.bz2
>>
>> # Hash for license files
>> sha256 616a3ad264ce29b8f1cb97e53037b139d406899ca8d1f799651e17bfa09830b8 COPYING
>> diff --git a/package/xz/xz.mk b/package/xz/xz.mk
>> index 8aa0716b18..91eedd7a83 100644
>> --- a/package/xz/xz.mk
>> +++ b/package/xz/xz.mk
>> @@ -4,7 +4,7 @@
>> #
>> ################################################################################
>>
>> -XZ_VERSION = 5.8.2
>> +XZ_VERSION = 5.8.3
>> XZ_SOURCE = xz-$(XZ_VERSION).tar.bz2
>> XZ_SITE = https://github.com/tukaani-project/xz/releases/download/v$(XZ_VERSION)
>> XZ_INSTALL_STAGING = YES
>> --
>> 2.47.3
--
~. .~ Tk Open Systems
=}------------------------------------------------ooO--U--Ooo------------{=
- baruch@tkos.co.il - tel: +972.52.368.4656, http://www.tkos.co.il -
_______________________________________________
buildroot mailing list
buildroot@buildroot.org
https://lists.buildroot.org/mailman/listinfo/buildroot
next prev parent reply other threads:[~2026-04-15 4:31 UTC|newest]
Thread overview: 5+ messages / expand[flat|nested] mbox.gz Atom feed top
2026-04-02 18:05 [Buildroot] [PATCH 1/1] package/xz: security bump version to 5.8.3 Bernd Kuhls
2026-04-02 19:43 ` Julien Olivain via buildroot
2026-04-14 15:44 ` Thomas Perale via buildroot
2026-04-15 4:31 ` Baruch Siach via buildroot [this message]
2026-04-15 6:27 ` Thomas Perale via buildroot
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=877bq8deuh.fsf@tarshish \
--to=buildroot@buildroot.org \
--cc=baruch@tkos.co.il \
--cc=bernd@kuhls.net \
--cc=thomas.perale@mind.be \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.