public inbox for buildroot@busybox.net
 help / color / mirror / Atom feed
* [Buildroot] [PATCH 1/1] package/xz: security bump version to 5.8.3
@ 2026-04-02 18:05 Bernd Kuhls
  2026-04-02 19:43 ` Julien Olivain via buildroot
  2026-04-14 15:44 ` Thomas Perale via buildroot
  0 siblings, 2 replies; 5+ messages in thread
From: Bernd Kuhls @ 2026-04-02 18:05 UTC (permalink / raw)
  To: buildroot

https://github.com/tukaani-project/xz/releases/tag/v5.8.3

Fixes CVE-2026-34743.

Switched to sha256 tarball provided by upstream.

Signed-off-by: Bernd Kuhls <bernd@kuhls.net>
---
 package/xz/xz.hash | 6 ++----
 package/xz/xz.mk   | 2 +-
 2 files changed, 3 insertions(+), 5 deletions(-)

diff --git a/package/xz/xz.hash b/package/xz/xz.hash
index 99daa5e9df..488a3d55dc 100644
--- a/package/xz/xz.hash
+++ b/package/xz/xz.hash
@@ -1,7 +1,5 @@
-# Locally calculated after checking pgp signature
-# https://github.com/tukaani-project/xz/releases/download/v5.8.2/xz-5.8.2.tar.bz2.sig
-# using key 3690C240CE51B4670D30AD1C38EE757D69184620 Lasse Collin <lasse.collin@tukaani.org>
-sha256  60345d7c0b9c8d7ffa469e96898c300def3669f5047fc76219b819340839f3d8  xz-5.8.2.tar.bz2
+# From https://github.com/tukaani-project/xz/releases/tag/v5.8.3
+sha256  33bf69c0d6c698e83a68f77e6c1f465778e418ca0b3d59860d3ab446f4ac99a6  xz-5.8.3.tar.bz2
 
 # Hash for license files
 sha256  616a3ad264ce29b8f1cb97e53037b139d406899ca8d1f799651e17bfa09830b8  COPYING
diff --git a/package/xz/xz.mk b/package/xz/xz.mk
index 8aa0716b18..91eedd7a83 100644
--- a/package/xz/xz.mk
+++ b/package/xz/xz.mk
@@ -4,7 +4,7 @@
 #
 ################################################################################
 
-XZ_VERSION = 5.8.2
+XZ_VERSION = 5.8.3
 XZ_SOURCE = xz-$(XZ_VERSION).tar.bz2
 XZ_SITE = https://github.com/tukaani-project/xz/releases/download/v$(XZ_VERSION)
 XZ_INSTALL_STAGING = YES
-- 
2.47.3

_______________________________________________
buildroot mailing list
buildroot@buildroot.org
https://lists.buildroot.org/mailman/listinfo/buildroot

^ permalink raw reply related	[flat|nested] 5+ messages in thread
* Re: [Buildroot] [PATCH 1/1] package/xz: security bump version to 5.8.3
  2026-04-02 18:05 [Buildroot] [PATCH 1/1] package/xz: security bump version to 5.8.3 Bernd Kuhls
@ 2026-04-02 19:43 ` Julien Olivain via buildroot
  2026-04-14 15:44 ` Thomas Perale via buildroot
  1 sibling, 0 replies; 5+ messages in thread
From: Julien Olivain via buildroot @ 2026-04-02 19:43 UTC (permalink / raw)
  To: Bernd Kuhls; +Cc: buildroot

On 02/04/2026 20:05, Bernd Kuhls wrote:
> https://github.com/tukaani-project/xz/releases/tag/v5.8.3
> 
> Fixes CVE-2026-34743.
> 
> Switched to sha256 tarball provided by upstream.
> 
> Signed-off-by: Bernd Kuhls <bernd@kuhls.net>

Applied to master, thanks.
_______________________________________________
buildroot mailing list
buildroot@buildroot.org
https://lists.buildroot.org/mailman/listinfo/buildroot

^ permalink raw reply	[flat|nested] 5+ messages in thread
* Re: [Buildroot] [PATCH 1/1] package/xz: security bump version to 5.8.3
  2026-04-02 18:05 [Buildroot] [PATCH 1/1] package/xz: security bump version to 5.8.3 Bernd Kuhls
  2026-04-02 19:43 ` Julien Olivain via buildroot
@ 2026-04-14 15:44 ` Thomas Perale via buildroot
  2026-04-15  4:31   ` Baruch Siach via buildroot
  1 sibling, 1 reply; 5+ messages in thread
From: Thomas Perale via buildroot @ 2026-04-14 15:44 UTC (permalink / raw)
  To: Bernd Kuhls; +Cc: Thomas Perale, buildroot

In reply of:
> https://github.com/tukaani-project/xz/releases/tag/v5.8.3
> 
> Fixes CVE-2026-34743.
> 
> Switched to sha256 tarball provided by upstream.
> 
> Signed-off-by: Bernd Kuhls <bernd@kuhls.net>

Applied to 2026.02.x. Thanks

> ---
>  package/xz/xz.hash | 6 ++----
>  package/xz/xz.mk   | 2 +-
>  2 files changed, 3 insertions(+), 5 deletions(-)
> 
> diff --git a/package/xz/xz.hash b/package/xz/xz.hash
> index 99daa5e9df..488a3d55dc 100644
> --- a/package/xz/xz.hash
> +++ b/package/xz/xz.hash
> @@ -1,7 +1,5 @@
> -# Locally calculated after checking pgp signature
> -# https://github.com/tukaani-project/xz/releases/download/v5.8.2/xz-5.8.2.tar.bz2.sig
> -# using key 3690C240CE51B4670D30AD1C38EE757D69184620 Lasse Collin <lasse.collin@tukaani.org>
> -sha256  60345d7c0b9c8d7ffa469e96898c300def3669f5047fc76219b819340839f3d8  xz-5.8.2.tar.bz2
> +# From https://github.com/tukaani-project/xz/releases/tag/v5.8.3
> +sha256  33bf69c0d6c698e83a68f77e6c1f465778e418ca0b3d59860d3ab446f4ac99a6  xz-5.8.3.tar.bz2
>  
>  # Hash for license files
>  sha256  616a3ad264ce29b8f1cb97e53037b139d406899ca8d1f799651e17bfa09830b8  COPYING
> diff --git a/package/xz/xz.mk b/package/xz/xz.mk
> index 8aa0716b18..91eedd7a83 100644
> --- a/package/xz/xz.mk
> +++ b/package/xz/xz.mk
> @@ -4,7 +4,7 @@
>  #
>  ################################################################################
>  
> -XZ_VERSION = 5.8.2
> +XZ_VERSION = 5.8.3
>  XZ_SOURCE = xz-$(XZ_VERSION).tar.bz2
>  XZ_SITE = https://github.com/tukaani-project/xz/releases/download/v$(XZ_VERSION)
>  XZ_INSTALL_STAGING = YES
> -- 
> 2.47.3
> 
> _______________________________________________
> buildroot mailing list
> buildroot@buildroot.org
> https://lists.buildroot.org/mailman/listinfo/buildroot
_______________________________________________
buildroot mailing list
buildroot@buildroot.org
https://lists.buildroot.org/mailman/listinfo/buildroot

^ permalink raw reply	[flat|nested] 5+ messages in thread
* Re: [Buildroot] [PATCH 1/1] package/xz: security bump version to 5.8.3
  2026-04-14 15:44 ` Thomas Perale via buildroot
@ 2026-04-15  4:31   ` Baruch Siach via buildroot
  2026-04-15  6:27     ` Thomas Perale via buildroot
  0 siblings, 1 reply; 5+ messages in thread
From: Baruch Siach via buildroot @ 2026-04-15  4:31 UTC (permalink / raw)
  To: Thomas Perale via buildroot; +Cc: Bernd Kuhls, Thomas Perale

Hi Thomas,

On Tue, Apr 14 2026, Thomas Perale via buildroot wrote:
> In reply of:
>> https://github.com/tukaani-project/xz/releases/tag/v5.8.3
>> 
>> Fixes CVE-2026-34743.
>> 
>> Switched to sha256 tarball provided by upstream.
>> 
>> Signed-off-by: Bernd Kuhls <bernd@kuhls.net>
>
> Applied to 2026.02.x. Thanks

Not in 2026.02.x branch as of commit 8f19b5b8096f ("package/leafnode2:
fix build without pod2man").

baruch

>
>> ---
>>  package/xz/xz.hash | 6 ++----
>>  package/xz/xz.mk   | 2 +-
>>  2 files changed, 3 insertions(+), 5 deletions(-)
>> 
>> diff --git a/package/xz/xz.hash b/package/xz/xz.hash
>> index 99daa5e9df..488a3d55dc 100644
>> --- a/package/xz/xz.hash
>> +++ b/package/xz/xz.hash
>> @@ -1,7 +1,5 @@
>> -# Locally calculated after checking pgp signature
>> -# https://github.com/tukaani-project/xz/releases/download/v5.8.2/xz-5.8.2.tar.bz2.sig
>> -# using key 3690C240CE51B4670D30AD1C38EE757D69184620 Lasse Collin <lasse.collin@tukaani.org>
>> -sha256  60345d7c0b9c8d7ffa469e96898c300def3669f5047fc76219b819340839f3d8  xz-5.8.2.tar.bz2
>> +# From https://github.com/tukaani-project/xz/releases/tag/v5.8.3
>> +sha256  33bf69c0d6c698e83a68f77e6c1f465778e418ca0b3d59860d3ab446f4ac99a6  xz-5.8.3.tar.bz2
>>  
>>  # Hash for license files
>>  sha256  616a3ad264ce29b8f1cb97e53037b139d406899ca8d1f799651e17bfa09830b8  COPYING
>> diff --git a/package/xz/xz.mk b/package/xz/xz.mk
>> index 8aa0716b18..91eedd7a83 100644
>> --- a/package/xz/xz.mk
>> +++ b/package/xz/xz.mk
>> @@ -4,7 +4,7 @@
>>  #
>>  ################################################################################
>>  
>> -XZ_VERSION = 5.8.2
>> +XZ_VERSION = 5.8.3
>>  XZ_SOURCE = xz-$(XZ_VERSION).tar.bz2
>>  XZ_SITE = https://github.com/tukaani-project/xz/releases/download/v$(XZ_VERSION)
>>  XZ_INSTALL_STAGING = YES
>> -- 
>> 2.47.3

-- 
                                                     ~. .~   Tk Open Systems
=}------------------------------------------------ooO--U--Ooo------------{=
   - baruch@tkos.co.il - tel: +972.52.368.4656, http://www.tkos.co.il -
_______________________________________________
buildroot mailing list
buildroot@buildroot.org
https://lists.buildroot.org/mailman/listinfo/buildroot

^ permalink raw reply	[flat|nested] 5+ messages in thread
* Re: [Buildroot] [PATCH 1/1] package/xz: security bump version to 5.8.3
  2026-04-15  4:31   ` Baruch Siach via buildroot
@ 2026-04-15  6:27     ` Thomas Perale via buildroot
  0 siblings, 0 replies; 5+ messages in thread
From: Thomas Perale via buildroot @ 2026-04-15  6:27 UTC (permalink / raw)
  To: Baruch Siach; +Cc: Thomas Perale, Thomas Perale via buildroot, Bernd Kuhls

Hi Baruch,

In reply of:
> Hi Thomas,
> 
> On Tue, Apr 14 2026, Thomas Perale via buildroot wrote:
> > In reply of:
> >> https://github.com/tukaani-project/xz/releases/tag/v5.8.3
> >> 
> >> Fixes CVE-2026-34743.
> >> 
> >> Switched to sha256 tarball provided by upstream.
> >> 
> >> Signed-off-by: Bernd Kuhls <bernd@kuhls.net>
> >
> > Applied to 2026.02.x. Thanks
> 
> Not in 2026.02.x branch as of commit 8f19b5b8096f ("package/leafnode2:
> fix build without pod2man").
> 
> baruch

Fixed thanks

PERALE Thomas

> >
> >> ---
> >>  package/xz/xz.hash | 6 ++----
> >>  package/xz/xz.mk   | 2 +-
> >>  2 files changed, 3 insertions(+), 5 deletions(-)
> >> 
> >> diff --git a/package/xz/xz.hash b/package/xz/xz.hash
> >> index 99daa5e9df..488a3d55dc 100644
> >> --- a/package/xz/xz.hash
> >> +++ b/package/xz/xz.hash
> >> @@ -1,7 +1,5 @@
> >> -# Locally calculated after checking pgp signature
> >> -# https://github.com/tukaani-project/xz/releases/download/v5.8.2/xz-5.8.2.tar.bz2.sig
> >> -# using key 3690C240CE51B4670D30AD1C38EE757D69184620 Lasse Collin <lasse.collin@tukaani.org>
> >> -sha256  60345d7c0b9c8d7ffa469e96898c300def3669f5047fc76219b819340839f3d8  xz-5.8.2.tar.bz2
> >> +# From https://github.com/tukaani-project/xz/releases/tag/v5.8.3
> >> +sha256  33bf69c0d6c698e83a68f77e6c1f465778e418ca0b3d59860d3ab446f4ac99a6  xz-5.8.3.tar.bz2
> >>  
> >>  # Hash for license files
> >>  sha256  616a3ad264ce29b8f1cb97e53037b139d406899ca8d1f799651e17bfa09830b8  COPYING
> >> diff --git a/package/xz/xz.mk b/package/xz/xz.mk
> >> index 8aa0716b18..91eedd7a83 100644
> >> --- a/package/xz/xz.mk
> >> +++ b/package/xz/xz.mk
> >> @@ -4,7 +4,7 @@
> >>  #
> >>  ################################################################################
> >>  
> >> -XZ_VERSION = 5.8.2
> >> +XZ_VERSION = 5.8.3
> >>  XZ_SOURCE = xz-$(XZ_VERSION).tar.bz2
> >>  XZ_SITE = https://github.com/tukaani-project/xz/releases/download/v$(XZ_VERSION)
> >>  XZ_INSTALL_STAGING = YES
> >> -- 
> >> 2.47.3
> 
> -- 
>                                                      ~. .~   Tk Open Systems
> =}------------------------------------------------ooO--U--Ooo------------{=
>    - baruch@tkos.co.il - tel: +972.52.368.4656, http://www.tkos.co.il -
> _______________________________________________
> buildroot mailing list
> buildroot@buildroot.org
> https://lists.buildroot.org/mailman/listinfo/buildroot


_______________________________________________
buildroot mailing list
buildroot@buildroot.org
https://lists.buildroot.org/mailman/listinfo/buildroot

^ permalink raw reply	[flat|nested] 5+ messages in thread
end of thread, other threads:[~2026-04-15  6:27 UTC | newest]

Thread overview: 5+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2026-04-02 18:05 [Buildroot] [PATCH 1/1] package/xz: security bump version to 5.8.3 Bernd Kuhls
2026-04-02 19:43 ` Julien Olivain via buildroot
2026-04-14 15:44 ` Thomas Perale via buildroot
2026-04-15  4:31   ` Baruch Siach via buildroot
2026-04-15  6:27     ` Thomas Perale via buildroot

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox