[Buildroot] [PATCH 1/1] package/xz: security bump version to 5.8.3

All of lore.kernel.org
 help / color / mirror / Atom feed

* [Buildroot] [PATCH 1/1] package/xz: security bump version to 5.8.3
@ 2026-04-02 18:05 Bernd Kuhls
  2026-04-02 19:43 ` Julien Olivain via buildroot
  2026-04-14 15:44 ` Thomas Perale via buildroot
  0 siblings, 2 replies; 5+ messages in thread
From: Bernd Kuhls @ 2026-04-02 18:05 UTC (permalink / raw)
  To: buildroot

https://github.com/tukaani-project/xz/releases/tag/v5.8.3

Fixes CVE-2026-34743.

Switched to sha256 tarball provided by upstream.

Signed-off-by: Bernd Kuhls <bernd@kuhls.net>
---
 package/xz/xz.hash | 6 ++----
 package/xz/xz.mk   | 2 +-
 2 files changed, 3 insertions(+), 5 deletions(-)

diff --git a/package/xz/xz.hash b/package/xz/xz.hash
index 99daa5e9df..488a3d55dc 100644
--- a/package/xz/xz.hash
+++ b/package/xz/xz.hash
@@ -1,7 +1,5 @@
-# Locally calculated after checking pgp signature
-# https://github.com/tukaani-project/xz/releases/download/v5.8.2/xz-5.8.2.tar.bz2.sig
-# using key 3690C240CE51B4670D30AD1C38EE757D69184620 Lasse Collin <lasse.collin@tukaani.org>
-sha256  60345d7c0b9c8d7ffa469e96898c300def3669f5047fc76219b819340839f3d8  xz-5.8.2.tar.bz2
+# From https://github.com/tukaani-project/xz/releases/tag/v5.8.3
+sha256  33bf69c0d6c698e83a68f77e6c1f465778e418ca0b3d59860d3ab446f4ac99a6  xz-5.8.3.tar.bz2
 
 # Hash for license files
 sha256  616a3ad264ce29b8f1cb97e53037b139d406899ca8d1f799651e17bfa09830b8  COPYING
diff --git a/package/xz/xz.mk b/package/xz/xz.mk
index 8aa0716b18..91eedd7a83 100644
--- a/package/xz/xz.mk
+++ b/package/xz/xz.mk
@@ -4,7 +4,7 @@
 #
 ################################################################################
 
-XZ_VERSION = 5.8.2
+XZ_VERSION = 5.8.3
 XZ_SOURCE = xz-$(XZ_VERSION).tar.bz2
 XZ_SITE = https://github.com/tukaani-project/xz/releases/download/v$(XZ_VERSION)
 XZ_INSTALL_STAGING = YES
-- 
2.47.3

_______________________________________________
buildroot mailing list
buildroot@buildroot.org
https://lists.buildroot.org/mailman/listinfo/buildroot

^ permalink raw reply related	[flat|nested] 5+ messages in thread

* Re: [Buildroot] [PATCH 1/1] package/xz: security bump version to 5.8.3
  2026-04-02 18:05 [Buildroot] [PATCH 1/1] package/xz: security bump version to 5.8.3 Bernd Kuhls
@ 2026-04-02 19:43 ` Julien Olivain via buildroot
  2026-04-14 15:44 ` Thomas Perale via buildroot
  1 sibling, 0 replies; 5+ messages in thread
From: Julien Olivain via buildroot @ 2026-04-02 19:43 UTC (permalink / raw)
  To: Bernd Kuhls; +Cc: buildroot

On 02/04/2026 20:05, Bernd Kuhls wrote:
> https://github.com/tukaani-project/xz/releases/tag/v5.8.3
> 
> Fixes CVE-2026-34743.
> 
> Switched to sha256 tarball provided by upstream.
> 
> Signed-off-by: Bernd Kuhls <bernd@kuhls.net>

Applied to master, thanks.
_______________________________________________
buildroot mailing list
buildroot@buildroot.org
https://lists.buildroot.org/mailman/listinfo/buildroot

^ permalink raw reply	[flat|nested] 5+ messages in thread

* Re: [Buildroot] [PATCH 1/1] package/xz: security bump version to 5.8.3
  2026-04-02 18:05 [Buildroot] [PATCH 1/1] package/xz: security bump version to 5.8.3 Bernd Kuhls
  2026-04-02 19:43 ` Julien Olivain via buildroot
@ 2026-04-14 15:44 ` Thomas Perale via buildroot
  2026-04-15  4:31   ` Baruch Siach via buildroot
  1 sibling, 1 reply; 5+ messages in thread
From: Thomas Perale via buildroot @ 2026-04-14 15:44 UTC (permalink / raw)
  To: Bernd Kuhls; +Cc: Thomas Perale, buildroot

In reply of:
> https://github.com/tukaani-project/xz/releases/tag/v5.8.3
> 
> Fixes CVE-2026-34743.
> 
> Switched to sha256 tarball provided by upstream.
> 
> Signed-off-by: Bernd Kuhls <bernd@kuhls.net>

Applied to 2026.02.x. Thanks

> ---
>  package/xz/xz.hash | 6 ++----
>  package/xz/xz.mk   | 2 +-
>  2 files changed, 3 insertions(+), 5 deletions(-)
> 
> diff --git a/package/xz/xz.hash b/package/xz/xz.hash
> index 99daa5e9df..488a3d55dc 100644
> --- a/package/xz/xz.hash
> +++ b/package/xz/xz.hash
> @@ -1,7 +1,5 @@
> -# Locally calculated after checking pgp signature
> -# https://github.com/tukaani-project/xz/releases/download/v5.8.2/xz-5.8.2.tar.bz2.sig
> -# using key 3690C240CE51B4670D30AD1C38EE757D69184620 Lasse Collin <lasse.collin@tukaani.org>
> -sha256  60345d7c0b9c8d7ffa469e96898c300def3669f5047fc76219b819340839f3d8  xz-5.8.2.tar.bz2
> +# From https://github.com/tukaani-project/xz/releases/tag/v5.8.3
> +sha256  33bf69c0d6c698e83a68f77e6c1f465778e418ca0b3d59860d3ab446f4ac99a6  xz-5.8.3.tar.bz2
>  
>  # Hash for license files
>  sha256  616a3ad264ce29b8f1cb97e53037b139d406899ca8d1f799651e17bfa09830b8  COPYING
> diff --git a/package/xz/xz.mk b/package/xz/xz.mk
> index 8aa0716b18..91eedd7a83 100644
> --- a/package/xz/xz.mk
> +++ b/package/xz/xz.mk
> @@ -4,7 +4,7 @@
>  #
>  ################################################################################
>  
> -XZ_VERSION = 5.8.2
> +XZ_VERSION = 5.8.3
>  XZ_SOURCE = xz-$(XZ_VERSION).tar.bz2
>  XZ_SITE = https://github.com/tukaani-project/xz/releases/download/v$(XZ_VERSION)
>  XZ_INSTALL_STAGING = YES
> -- 
> 2.47.3
> 
> _______________________________________________
> buildroot mailing list
> buildroot@buildroot.org
> https://lists.buildroot.org/mailman/listinfo/buildroot
_______________________________________________
buildroot mailing list
buildroot@buildroot.org
https://lists.buildroot.org/mailman/listinfo/buildroot

^ permalink raw reply	[flat|nested] 5+ messages in thread

* Re: [Buildroot] [PATCH 1/1] package/xz: security bump version to 5.8.3
  2026-04-14 15:44 ` Thomas Perale via buildroot
@ 2026-04-15  4:31   ` Baruch Siach via buildroot
  2026-04-15  6:27     ` Thomas Perale via buildroot
  0 siblings, 1 reply; 5+ messages in thread
From: Baruch Siach via buildroot @ 2026-04-15  4:31 UTC (permalink / raw)
  To: Thomas Perale via buildroot; +Cc: Bernd Kuhls, Thomas Perale

Hi Thomas,

On Tue, Apr 14 2026, Thomas Perale via buildroot wrote:
> In reply of:
>> https://github.com/tukaani-project/xz/releases/tag/v5.8.3
>> 
>> Fixes CVE-2026-34743.
>> 
>> Switched to sha256 tarball provided by upstream.
>> 
>> Signed-off-by: Bernd Kuhls <bernd@kuhls.net>
>
> Applied to 2026.02.x. Thanks

Not in 2026.02.x branch as of commit 8f19b5b8096f ("package/leafnode2:
fix build without pod2man").

baruch

>
>> ---
>>  package/xz/xz.hash | 6 ++----
>>  package/xz/xz.mk   | 2 +-
>>  2 files changed, 3 insertions(+), 5 deletions(-)
>> 
>> diff --git a/package/xz/xz.hash b/package/xz/xz.hash
>> index 99daa5e9df..488a3d55dc 100644
>> --- a/package/xz/xz.hash
>> +++ b/package/xz/xz.hash
>> @@ -1,7 +1,5 @@
>> -# Locally calculated after checking pgp signature
>> -# https://github.com/tukaani-project/xz/releases/download/v5.8.2/xz-5.8.2.tar.bz2.sig
>> -# using key 3690C240CE51B4670D30AD1C38EE757D69184620 Lasse Collin <lasse.collin@tukaani.org>
>> -sha256  60345d7c0b9c8d7ffa469e96898c300def3669f5047fc76219b819340839f3d8  xz-5.8.2.tar.bz2
>> +# From https://github.com/tukaani-project/xz/releases/tag/v5.8.3
>> +sha256  33bf69c0d6c698e83a68f77e6c1f465778e418ca0b3d59860d3ab446f4ac99a6  xz-5.8.3.tar.bz2
>>  
>>  # Hash for license files
>>  sha256  616a3ad264ce29b8f1cb97e53037b139d406899ca8d1f799651e17bfa09830b8  COPYING
>> diff --git a/package/xz/xz.mk b/package/xz/xz.mk
>> index 8aa0716b18..91eedd7a83 100644
>> --- a/package/xz/xz.mk
>> +++ b/package/xz/xz.mk
>> @@ -4,7 +4,7 @@
>>  #
>>  ################################################################################
>>  
>> -XZ_VERSION = 5.8.2
>> +XZ_VERSION = 5.8.3
>>  XZ_SOURCE = xz-$(XZ_VERSION).tar.bz2
>>  XZ_SITE = https://github.com/tukaani-project/xz/releases/download/v$(XZ_VERSION)
>>  XZ_INSTALL_STAGING = YES
>> -- 
>> 2.47.3

-- 
                                                     ~. .~   Tk Open Systems
=}------------------------------------------------ooO--U--Ooo------------{=
   - baruch@tkos.co.il - tel: +972.52.368.4656, http://www.tkos.co.il -
_______________________________________________
buildroot mailing list
buildroot@buildroot.org
https://lists.buildroot.org/mailman/listinfo/buildroot

^ permalink raw reply	[flat|nested] 5+ messages in thread

* Re: [Buildroot] [PATCH 1/1] package/xz: security bump version to 5.8.3
  2026-04-15  4:31   ` Baruch Siach via buildroot
@ 2026-04-15  6:27     ` Thomas Perale via buildroot
  0 siblings, 0 replies; 5+ messages in thread
From: Thomas Perale via buildroot @ 2026-04-15  6:27 UTC (permalink / raw)
  To: Baruch Siach; +Cc: Thomas Perale, Thomas Perale via buildroot, Bernd Kuhls

Hi Baruch,

In reply of:
> Hi Thomas,
> 
> On Tue, Apr 14 2026, Thomas Perale via buildroot wrote:
> > In reply of:
> >> https://github.com/tukaani-project/xz/releases/tag/v5.8.3
> >> 
> >> Fixes CVE-2026-34743.
> >> 
> >> Switched to sha256 tarball provided by upstream.
> >> 
> >> Signed-off-by: Bernd Kuhls <bernd@kuhls.net>
> >
> > Applied to 2026.02.x. Thanks
> 
> Not in 2026.02.x branch as of commit 8f19b5b8096f ("package/leafnode2:
> fix build without pod2man").
> 
> baruch

Fixed thanks

PERALE Thomas

> >
> >> ---
> >>  package/xz/xz.hash | 6 ++----
> >>  package/xz/xz.mk   | 2 +-
> >>  2 files changed, 3 insertions(+), 5 deletions(-)
> >> 
> >> diff --git a/package/xz/xz.hash b/package/xz/xz.hash
> >> index 99daa5e9df..488a3d55dc 100644
> >> --- a/package/xz/xz.hash
> >> +++ b/package/xz/xz.hash
> >> @@ -1,7 +1,5 @@
> >> -# Locally calculated after checking pgp signature
> >> -# https://github.com/tukaani-project/xz/releases/download/v5.8.2/xz-5.8.2.tar.bz2.sig
> >> -# using key 3690C240CE51B4670D30AD1C38EE757D69184620 Lasse Collin <lasse.collin@tukaani.org>
> >> -sha256  60345d7c0b9c8d7ffa469e96898c300def3669f5047fc76219b819340839f3d8  xz-5.8.2.tar.bz2
> >> +# From https://github.com/tukaani-project/xz/releases/tag/v5.8.3
> >> +sha256  33bf69c0d6c698e83a68f77e6c1f465778e418ca0b3d59860d3ab446f4ac99a6  xz-5.8.3.tar.bz2
> >>  
> >>  # Hash for license files
> >>  sha256  616a3ad264ce29b8f1cb97e53037b139d406899ca8d1f799651e17bfa09830b8  COPYING
> >> diff --git a/package/xz/xz.mk b/package/xz/xz.mk
> >> index 8aa0716b18..91eedd7a83 100644
> >> --- a/package/xz/xz.mk
> >> +++ b/package/xz/xz.mk
> >> @@ -4,7 +4,7 @@
> >>  #
> >>  ################################################################################
> >>  
> >> -XZ_VERSION = 5.8.2
> >> +XZ_VERSION = 5.8.3
> >>  XZ_SOURCE = xz-$(XZ_VERSION).tar.bz2
> >>  XZ_SITE = https://github.com/tukaani-project/xz/releases/download/v$(XZ_VERSION)
> >>  XZ_INSTALL_STAGING = YES
> >> -- 
> >> 2.47.3
> 
> -- 
>                                                      ~. .~   Tk Open Systems
> =}------------------------------------------------ooO--U--Ooo------------{=
>    - baruch@tkos.co.il - tel: +972.52.368.4656, http://www.tkos.co.il -
> _______________________________________________
> buildroot mailing list
> buildroot@buildroot.org
> https://lists.buildroot.org/mailman/listinfo/buildroot


_______________________________________________
buildroot mailing list
buildroot@buildroot.org
https://lists.buildroot.org/mailman/listinfo/buildroot

^ permalink raw reply	[flat|nested] 5+ messages in thread

end of thread, other threads:[~2026-04-15  6:27 UTC | newest]

Thread overview: 5+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2026-04-02 18:05 [Buildroot] [PATCH 1/1] package/xz: security bump version to 5.8.3 Bernd Kuhls
2026-04-02 19:43 ` Julien Olivain via buildroot
2026-04-14 15:44 ` Thomas Perale via buildroot
2026-04-15  4:31   ` Baruch Siach via buildroot
2026-04-15  6:27     ` Thomas Perale via buildroot

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.