- xz version 5.6.0 and 5.6.1 discovered to have been backdoored by what looks to have been one of the xz devs. - IPFire looks not to be affected by the problem as we don't patch openssh to be linked with liblzma - However due to question marks about what else might be in these 5.6.x versions it is better to revert back to a version that did not have the build-to-host.m4 file with the code that modifies the build if it meets certain criteria.
Signed-off-by: Adolf Belka adolf.belka@ipfire.org --- config/rootfiles/common/xz | 34 +++++++++++++++++++++++----------- lfs/xz | 6 ++++-- 2 files changed, 27 insertions(+), 13 deletions(-)
diff --git a/config/rootfiles/common/xz b/config/rootfiles/common/xz index 73c0e4d24..f3818a083 100644 --- a/config/rootfiles/common/xz +++ b/config/rootfiles/common/xz @@ -41,18 +41,17 @@ usr/bin/xzmore #usr/lib/liblzma.la #usr/lib/liblzma.so usr/lib/liblzma.so.5 -usr/lib/liblzma.so.5.6.1 +usr/lib/liblzma.so.5.4.5 #usr/lib/pkgconfig/liblzma.pc #usr/share/doc/xz #usr/share/doc/xz/AUTHORS #usr/share/doc/xz/COPYING -#usr/share/doc/xz/COPYING.0BSD #usr/share/doc/xz/COPYING.GPLv2 #usr/share/doc/xz/NEWS #usr/share/doc/xz/README #usr/share/doc/xz/THANKS +#usr/share/doc/xz/TODO #usr/share/doc/xz/api -#usr/share/doc/xz/api/COPYING.CC-BY-SA-4.0 #usr/share/doc/xz/api/annotated.html #usr/share/doc/xz/api/base_8h.html #usr/share/doc/xz/api/bc_s.png @@ -121,15 +120,16 @@ usr/lib/liblzma.so.5.6.1 #usr/share/doc/xz/api/tabs.css #usr/share/doc/xz/api/version_8h.html #usr/share/doc/xz/api/vli_8h.html -#usr/share/doc/xz/api/xz-logo.png #usr/share/doc/xz/examples #usr/share/doc/xz/examples/00_README.txt #usr/share/doc/xz/examples/01_compress_easy.c #usr/share/doc/xz/examples/02_decompress.c #usr/share/doc/xz/examples/03_compress_custom.c #usr/share/doc/xz/examples/04_compress_easy_mt.c -#usr/share/doc/xz/examples/11_file_info.c #usr/share/doc/xz/examples/Makefile +#usr/share/doc/xz/examples_old +#usr/share/doc/xz/examples_old/xz_pipe_comp.c +#usr/share/doc/xz/examples_old/xz_pipe_decomp.c #usr/share/doc/xz/faq.txt #usr/share/doc/xz/history.txt #usr/share/doc/xz/lzma-file-format.txt @@ -168,7 +168,6 @@ usr/lib/liblzma.so.5.6.1 #usr/share/man/de/man1/lzless.1 #usr/share/man/de/man1/lzma.1 #usr/share/man/de/man1/lzmadec.1 -#usr/share/man/de/man1/lzmainfo.1 #usr/share/man/de/man1/lzmore.1 #usr/share/man/de/man1/unlzma.1 #usr/share/man/de/man1/unxz.1 @@ -185,16 +184,21 @@ usr/lib/liblzma.so.5.6.1 #usr/share/man/fr #usr/share/man/fr/man1 #usr/share/man/fr/man1/lzcat.1 +#usr/share/man/fr/man1/lzcmp.1 +#usr/share/man/fr/man1/lzdiff.1 #usr/share/man/fr/man1/lzless.1 #usr/share/man/fr/man1/lzma.1 #usr/share/man/fr/man1/lzmadec.1 -#usr/share/man/fr/man1/lzmainfo.1 +#usr/share/man/fr/man1/lzmore.1 #usr/share/man/fr/man1/unlzma.1 #usr/share/man/fr/man1/unxz.1 #usr/share/man/fr/man1/xz.1 #usr/share/man/fr/man1/xzcat.1 +#usr/share/man/fr/man1/xzcmp.1 #usr/share/man/fr/man1/xzdec.1 +#usr/share/man/fr/man1/xzdiff.1 #usr/share/man/fr/man1/xzless.1 +#usr/share/man/fr/man1/xzmore.1 #usr/share/man/ko #usr/share/man/ko/man1 #usr/share/man/ko/man1/lzcat.1 @@ -206,7 +210,6 @@ usr/lib/liblzma.so.5.6.1 #usr/share/man/ko/man1/lzless.1 #usr/share/man/ko/man1/lzma.1 #usr/share/man/ko/man1/lzmadec.1 -#usr/share/man/ko/man1/lzmainfo.1 #usr/share/man/ko/man1/lzmore.1 #usr/share/man/ko/man1/unlzma.1 #usr/share/man/ko/man1/unxz.1 @@ -246,16 +249,27 @@ usr/lib/liblzma.so.5.6.1 #usr/share/man/pt_BR #usr/share/man/pt_BR/man1 #usr/share/man/pt_BR/man1/lzcat.1 +#usr/share/man/pt_BR/man1/lzcmp.1 +#usr/share/man/pt_BR/man1/lzdiff.1 +#usr/share/man/pt_BR/man1/lzegrep.1 +#usr/share/man/pt_BR/man1/lzfgrep.1 +#usr/share/man/pt_BR/man1/lzgrep.1 #usr/share/man/pt_BR/man1/lzless.1 #usr/share/man/pt_BR/man1/lzma.1 #usr/share/man/pt_BR/man1/lzmadec.1 -#usr/share/man/pt_BR/man1/lzmainfo.1 +#usr/share/man/pt_BR/man1/lzmore.1 #usr/share/man/pt_BR/man1/unlzma.1 #usr/share/man/pt_BR/man1/unxz.1 #usr/share/man/pt_BR/man1/xz.1 #usr/share/man/pt_BR/man1/xzcat.1 +#usr/share/man/pt_BR/man1/xzcmp.1 #usr/share/man/pt_BR/man1/xzdec.1 +#usr/share/man/pt_BR/man1/xzdiff.1 +#usr/share/man/pt_BR/man1/xzegrep.1 +#usr/share/man/pt_BR/man1/xzfgrep.1 +#usr/share/man/pt_BR/man1/xzgrep.1 #usr/share/man/pt_BR/man1/xzless.1 +#usr/share/man/pt_BR/man1/xzmore.1 #usr/share/man/ro #usr/share/man/ro/man1 #usr/share/man/ro/man1/lzcat.1 @@ -267,7 +281,6 @@ usr/lib/liblzma.so.5.6.1 #usr/share/man/ro/man1/lzless.1 #usr/share/man/ro/man1/lzma.1 #usr/share/man/ro/man1/lzmadec.1 -#usr/share/man/ro/man1/lzmainfo.1 #usr/share/man/ro/man1/lzmore.1 #usr/share/man/ro/man1/unlzma.1 #usr/share/man/ro/man1/unxz.1 @@ -292,7 +305,6 @@ usr/lib/liblzma.so.5.6.1 #usr/share/man/uk/man1/lzless.1 #usr/share/man/uk/man1/lzma.1 #usr/share/man/uk/man1/lzmadec.1 -#usr/share/man/uk/man1/lzmainfo.1 #usr/share/man/uk/man1/lzmore.1 #usr/share/man/uk/man1/unlzma.1 #usr/share/man/uk/man1/unxz.1 diff --git a/lfs/xz b/lfs/xz index cbec430d4..982392aa0 100644 --- a/lfs/xz +++ b/lfs/xz @@ -24,7 +24,7 @@
include Config
-VER = 5.6.1 +VER = 5.4.5
THISAPP = xz-$(VER) DL_FILE = $(THISAPP).tar.xz @@ -45,7 +45,7 @@ objects = $(DL_FILE)
$(DL_FILE) = $(DL_FROM)/$(DL_FILE)
-$(DL_FILE)_BLAKE2 = 3a1cf93d7223eb57e78eabe828a3d623acac5824ada299470e3126692ef89d1648293aef32468d70a5289611969d5299180c1b373dfbda002a49f3afc729d925 +$(DL_FILE)_BLAKE2 = 08d9afebd927ea5d155515a4c9eedda4d1a249f2b1ab6ada11f50e5b7a3c90b389b32378ab1c0872c7f4627de8dff37149d85e49f7f4d30614add37320ec4f3e
install : $(TARGET)
@@ -80,3 +80,5 @@ $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects)) cd $(DIR_APP) && make install @rm -rf $(DIR_APP) @$(POSTBUILD) + +
Hello,
Thank you. I merged this. The patch did add a couple of empty new lines at the end of the file again?!
-Michael
On 30 Mar 2024, at 08:14, Adolf Belka adolf.belka@ipfire.org wrote:
- xz version 5.6.0 and 5.6.1 discovered to have been backdoored by what looks to have been one of the xz devs.
- IPFire looks not to be affected by the problem as we don't patch openssh to be linked with liblzma
- However due to question marks about what else might be in these 5.6.x versions it is better to revert back to a version that did not have the build-to-host.m4 file with the code that modifies the build if it meets certain criteria.
Signed-off-by: Adolf Belka adolf.belka@ipfire.org
config/rootfiles/common/xz | 34 +++++++++++++++++++++++----------- lfs/xz | 6 ++++-- 2 files changed, 27 insertions(+), 13 deletions(-)
diff --git a/config/rootfiles/common/xz b/config/rootfiles/common/xz index 73c0e4d24..f3818a083 100644 --- a/config/rootfiles/common/xz +++ b/config/rootfiles/common/xz @@ -41,18 +41,17 @@ usr/bin/xzmore #usr/lib/liblzma.la #usr/lib/liblzma.so usr/lib/liblzma.so.5 -usr/lib/liblzma.so.5.6.1 +usr/lib/liblzma.so.5.4.5 #usr/lib/pkgconfig/liblzma.pc #usr/share/doc/xz #usr/share/doc/xz/AUTHORS #usr/share/doc/xz/COPYING -#usr/share/doc/xz/COPYING.0BSD #usr/share/doc/xz/COPYING.GPLv2 #usr/share/doc/xz/NEWS #usr/share/doc/xz/README #usr/share/doc/xz/THANKS +#usr/share/doc/xz/TODO #usr/share/doc/xz/api -#usr/share/doc/xz/api/COPYING.CC-BY-SA-4.0 #usr/share/doc/xz/api/annotated.html #usr/share/doc/xz/api/base_8h.html #usr/share/doc/xz/api/bc_s.png @@ -121,15 +120,16 @@ usr/lib/liblzma.so.5.6.1 #usr/share/doc/xz/api/tabs.css #usr/share/doc/xz/api/version_8h.html #usr/share/doc/xz/api/vli_8h.html -#usr/share/doc/xz/api/xz-logo.png #usr/share/doc/xz/examples #usr/share/doc/xz/examples/00_README.txt #usr/share/doc/xz/examples/01_compress_easy.c #usr/share/doc/xz/examples/02_decompress.c #usr/share/doc/xz/examples/03_compress_custom.c #usr/share/doc/xz/examples/04_compress_easy_mt.c -#usr/share/doc/xz/examples/11_file_info.c #usr/share/doc/xz/examples/Makefile +#usr/share/doc/xz/examples_old +#usr/share/doc/xz/examples_old/xz_pipe_comp.c +#usr/share/doc/xz/examples_old/xz_pipe_decomp.c #usr/share/doc/xz/faq.txt #usr/share/doc/xz/history.txt #usr/share/doc/xz/lzma-file-format.txt @@ -168,7 +168,6 @@ usr/lib/liblzma.so.5.6.1 #usr/share/man/de/man1/lzless.1 #usr/share/man/de/man1/lzma.1 #usr/share/man/de/man1/lzmadec.1 -#usr/share/man/de/man1/lzmainfo.1 #usr/share/man/de/man1/lzmore.1 #usr/share/man/de/man1/unlzma.1 #usr/share/man/de/man1/unxz.1 @@ -185,16 +184,21 @@ usr/lib/liblzma.so.5.6.1 #usr/share/man/fr #usr/share/man/fr/man1 #usr/share/man/fr/man1/lzcat.1 +#usr/share/man/fr/man1/lzcmp.1 +#usr/share/man/fr/man1/lzdiff.1 #usr/share/man/fr/man1/lzless.1 #usr/share/man/fr/man1/lzma.1 #usr/share/man/fr/man1/lzmadec.1 -#usr/share/man/fr/man1/lzmainfo.1 +#usr/share/man/fr/man1/lzmore.1 #usr/share/man/fr/man1/unlzma.1 #usr/share/man/fr/man1/unxz.1 #usr/share/man/fr/man1/xz.1 #usr/share/man/fr/man1/xzcat.1 +#usr/share/man/fr/man1/xzcmp.1 #usr/share/man/fr/man1/xzdec.1 +#usr/share/man/fr/man1/xzdiff.1 #usr/share/man/fr/man1/xzless.1 +#usr/share/man/fr/man1/xzmore.1 #usr/share/man/ko #usr/share/man/ko/man1 #usr/share/man/ko/man1/lzcat.1 @@ -206,7 +210,6 @@ usr/lib/liblzma.so.5.6.1 #usr/share/man/ko/man1/lzless.1 #usr/share/man/ko/man1/lzma.1 #usr/share/man/ko/man1/lzmadec.1 -#usr/share/man/ko/man1/lzmainfo.1 #usr/share/man/ko/man1/lzmore.1 #usr/share/man/ko/man1/unlzma.1 #usr/share/man/ko/man1/unxz.1 @@ -246,16 +249,27 @@ usr/lib/liblzma.so.5.6.1 #usr/share/man/pt_BR #usr/share/man/pt_BR/man1 #usr/share/man/pt_BR/man1/lzcat.1 +#usr/share/man/pt_BR/man1/lzcmp.1 +#usr/share/man/pt_BR/man1/lzdiff.1 +#usr/share/man/pt_BR/man1/lzegrep.1 +#usr/share/man/pt_BR/man1/lzfgrep.1 +#usr/share/man/pt_BR/man1/lzgrep.1 #usr/share/man/pt_BR/man1/lzless.1 #usr/share/man/pt_BR/man1/lzma.1 #usr/share/man/pt_BR/man1/lzmadec.1 -#usr/share/man/pt_BR/man1/lzmainfo.1 +#usr/share/man/pt_BR/man1/lzmore.1 #usr/share/man/pt_BR/man1/unlzma.1 #usr/share/man/pt_BR/man1/unxz.1 #usr/share/man/pt_BR/man1/xz.1 #usr/share/man/pt_BR/man1/xzcat.1 +#usr/share/man/pt_BR/man1/xzcmp.1 #usr/share/man/pt_BR/man1/xzdec.1 +#usr/share/man/pt_BR/man1/xzdiff.1 +#usr/share/man/pt_BR/man1/xzegrep.1 +#usr/share/man/pt_BR/man1/xzfgrep.1 +#usr/share/man/pt_BR/man1/xzgrep.1 #usr/share/man/pt_BR/man1/xzless.1 +#usr/share/man/pt_BR/man1/xzmore.1 #usr/share/man/ro #usr/share/man/ro/man1 #usr/share/man/ro/man1/lzcat.1 @@ -267,7 +281,6 @@ usr/lib/liblzma.so.5.6.1 #usr/share/man/ro/man1/lzless.1 #usr/share/man/ro/man1/lzma.1 #usr/share/man/ro/man1/lzmadec.1 -#usr/share/man/ro/man1/lzmainfo.1 #usr/share/man/ro/man1/lzmore.1 #usr/share/man/ro/man1/unlzma.1 #usr/share/man/ro/man1/unxz.1 @@ -292,7 +305,6 @@ usr/lib/liblzma.so.5.6.1 #usr/share/man/uk/man1/lzless.1 #usr/share/man/uk/man1/lzma.1 #usr/share/man/uk/man1/lzmadec.1 -#usr/share/man/uk/man1/lzmainfo.1 #usr/share/man/uk/man1/lzmore.1 #usr/share/man/uk/man1/unlzma.1 #usr/share/man/uk/man1/unxz.1 diff --git a/lfs/xz b/lfs/xz index cbec430d4..982392aa0 100644 --- a/lfs/xz +++ b/lfs/xz @@ -24,7 +24,7 @@
include Config
-VER = 5.6.1 +VER = 5.4.5
THISAPP = xz-$(VER) DL_FILE = $(THISAPP).tar.xz @@ -45,7 +45,7 @@ objects = $(DL_FILE)
$(DL_FILE) = $(DL_FROM)/$(DL_FILE)
-$(DL_FILE)_BLAKE2 = 3a1cf93d7223eb57e78eabe828a3d623acac5824ada299470e3126692ef89d1648293aef32468d70a5289611969d5299180c1b373dfbda002a49f3afc729d925 +$(DL_FILE)_BLAKE2 = 08d9afebd927ea5d155515a4c9eedda4d1a249f2b1ab6ada11f50e5b7a3c90b389b32378ab1c0872c7f4627de8dff37149d85e49f7f4d30614add37320ec4f3e
install : $(TARGET)
@@ -80,3 +80,5 @@ $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects)) cd $(DIR_APP) && make install @rm -rf $(DIR_APP) @$(POSTBUILD)
-- 2.44.0
Hi Michael,
On 30/03/2024 13:28, Michael Tremer wrote:
Hello,
Thank you. I merged this. The patch did add a couple of empty new lines at the end of the file again?!
I think that was just a plain and simple error on my part.
So that I didn't have to do a build then get the updated rootfile from the log and then repeat the build with the new rootfile, I copy and pasted the rootfile from CU183. I did see two blank lines at the end of the file and I deleted them and then "saved the file". I think I didn't correctly save the file with the two blank lines deleted.
No problem with the editor only with the fingers controlling the editor faster than the brain controlling the fingers :-)
Regards,
Adolf.
-Michael
On 30 Mar 2024, at 08:14, Adolf Belka adolf.belka@ipfire.org wrote:
- xz version 5.6.0 and 5.6.1 discovered to have been backdoored by what looks to have been one of the xz devs.
- IPFire looks not to be affected by the problem as we don't patch openssh to be linked with liblzma
- However due to question marks about what else might be in these 5.6.x versions it is better to revert back to a version that did not have the build-to-host.m4 file with the code that modifies the build if it meets certain criteria.
Signed-off-by: Adolf Belka adolf.belka@ipfire.org
config/rootfiles/common/xz | 34 +++++++++++++++++++++++----------- lfs/xz | 6 ++++-- 2 files changed, 27 insertions(+), 13 deletions(-)
diff --git a/config/rootfiles/common/xz b/config/rootfiles/common/xz index 73c0e4d24..f3818a083 100644 --- a/config/rootfiles/common/xz +++ b/config/rootfiles/common/xz @@ -41,18 +41,17 @@ usr/bin/xzmore #usr/lib/liblzma.la #usr/lib/liblzma.so usr/lib/liblzma.so.5 -usr/lib/liblzma.so.5.6.1 +usr/lib/liblzma.so.5.4.5 #usr/lib/pkgconfig/liblzma.pc #usr/share/doc/xz #usr/share/doc/xz/AUTHORS #usr/share/doc/xz/COPYING -#usr/share/doc/xz/COPYING.0BSD #usr/share/doc/xz/COPYING.GPLv2 #usr/share/doc/xz/NEWS #usr/share/doc/xz/README #usr/share/doc/xz/THANKS +#usr/share/doc/xz/TODO #usr/share/doc/xz/api -#usr/share/doc/xz/api/COPYING.CC-BY-SA-4.0 #usr/share/doc/xz/api/annotated.html #usr/share/doc/xz/api/base_8h.html #usr/share/doc/xz/api/bc_s.png @@ -121,15 +120,16 @@ usr/lib/liblzma.so.5.6.1 #usr/share/doc/xz/api/tabs.css #usr/share/doc/xz/api/version_8h.html #usr/share/doc/xz/api/vli_8h.html -#usr/share/doc/xz/api/xz-logo.png #usr/share/doc/xz/examples #usr/share/doc/xz/examples/00_README.txt #usr/share/doc/xz/examples/01_compress_easy.c #usr/share/doc/xz/examples/02_decompress.c #usr/share/doc/xz/examples/03_compress_custom.c #usr/share/doc/xz/examples/04_compress_easy_mt.c -#usr/share/doc/xz/examples/11_file_info.c #usr/share/doc/xz/examples/Makefile +#usr/share/doc/xz/examples_old +#usr/share/doc/xz/examples_old/xz_pipe_comp.c +#usr/share/doc/xz/examples_old/xz_pipe_decomp.c #usr/share/doc/xz/faq.txt #usr/share/doc/xz/history.txt #usr/share/doc/xz/lzma-file-format.txt @@ -168,7 +168,6 @@ usr/lib/liblzma.so.5.6.1 #usr/share/man/de/man1/lzless.1 #usr/share/man/de/man1/lzma.1 #usr/share/man/de/man1/lzmadec.1 -#usr/share/man/de/man1/lzmainfo.1 #usr/share/man/de/man1/lzmore.1 #usr/share/man/de/man1/unlzma.1 #usr/share/man/de/man1/unxz.1 @@ -185,16 +184,21 @@ usr/lib/liblzma.so.5.6.1 #usr/share/man/fr #usr/share/man/fr/man1 #usr/share/man/fr/man1/lzcat.1 +#usr/share/man/fr/man1/lzcmp.1 +#usr/share/man/fr/man1/lzdiff.1 #usr/share/man/fr/man1/lzless.1 #usr/share/man/fr/man1/lzma.1 #usr/share/man/fr/man1/lzmadec.1 -#usr/share/man/fr/man1/lzmainfo.1 +#usr/share/man/fr/man1/lzmore.1 #usr/share/man/fr/man1/unlzma.1 #usr/share/man/fr/man1/unxz.1 #usr/share/man/fr/man1/xz.1 #usr/share/man/fr/man1/xzcat.1 +#usr/share/man/fr/man1/xzcmp.1 #usr/share/man/fr/man1/xzdec.1 +#usr/share/man/fr/man1/xzdiff.1 #usr/share/man/fr/man1/xzless.1 +#usr/share/man/fr/man1/xzmore.1 #usr/share/man/ko #usr/share/man/ko/man1 #usr/share/man/ko/man1/lzcat.1 @@ -206,7 +210,6 @@ usr/lib/liblzma.so.5.6.1 #usr/share/man/ko/man1/lzless.1 #usr/share/man/ko/man1/lzma.1 #usr/share/man/ko/man1/lzmadec.1 -#usr/share/man/ko/man1/lzmainfo.1 #usr/share/man/ko/man1/lzmore.1 #usr/share/man/ko/man1/unlzma.1 #usr/share/man/ko/man1/unxz.1 @@ -246,16 +249,27 @@ usr/lib/liblzma.so.5.6.1 #usr/share/man/pt_BR #usr/share/man/pt_BR/man1 #usr/share/man/pt_BR/man1/lzcat.1 +#usr/share/man/pt_BR/man1/lzcmp.1 +#usr/share/man/pt_BR/man1/lzdiff.1 +#usr/share/man/pt_BR/man1/lzegrep.1 +#usr/share/man/pt_BR/man1/lzfgrep.1 +#usr/share/man/pt_BR/man1/lzgrep.1 #usr/share/man/pt_BR/man1/lzless.1 #usr/share/man/pt_BR/man1/lzma.1 #usr/share/man/pt_BR/man1/lzmadec.1 -#usr/share/man/pt_BR/man1/lzmainfo.1 +#usr/share/man/pt_BR/man1/lzmore.1 #usr/share/man/pt_BR/man1/unlzma.1 #usr/share/man/pt_BR/man1/unxz.1 #usr/share/man/pt_BR/man1/xz.1 #usr/share/man/pt_BR/man1/xzcat.1 +#usr/share/man/pt_BR/man1/xzcmp.1 #usr/share/man/pt_BR/man1/xzdec.1 +#usr/share/man/pt_BR/man1/xzdiff.1 +#usr/share/man/pt_BR/man1/xzegrep.1 +#usr/share/man/pt_BR/man1/xzfgrep.1 +#usr/share/man/pt_BR/man1/xzgrep.1 #usr/share/man/pt_BR/man1/xzless.1 +#usr/share/man/pt_BR/man1/xzmore.1 #usr/share/man/ro #usr/share/man/ro/man1 #usr/share/man/ro/man1/lzcat.1 @@ -267,7 +281,6 @@ usr/lib/liblzma.so.5.6.1 #usr/share/man/ro/man1/lzless.1 #usr/share/man/ro/man1/lzma.1 #usr/share/man/ro/man1/lzmadec.1 -#usr/share/man/ro/man1/lzmainfo.1 #usr/share/man/ro/man1/lzmore.1 #usr/share/man/ro/man1/unlzma.1 #usr/share/man/ro/man1/unxz.1 @@ -292,7 +305,6 @@ usr/lib/liblzma.so.5.6.1 #usr/share/man/uk/man1/lzless.1 #usr/share/man/uk/man1/lzma.1 #usr/share/man/uk/man1/lzmadec.1 -#usr/share/man/uk/man1/lzmainfo.1 #usr/share/man/uk/man1/lzmore.1 #usr/share/man/uk/man1/unlzma.1 #usr/share/man/uk/man1/unxz.1 diff --git a/lfs/xz b/lfs/xz index cbec430d4..982392aa0 100644 --- a/lfs/xz +++ b/lfs/xz @@ -24,7 +24,7 @@
include Config
-VER = 5.6.1 +VER = 5.4.5
THISAPP = xz-$(VER) DL_FILE = $(THISAPP).tar.xz @@ -45,7 +45,7 @@ objects = $(DL_FILE)
$(DL_FILE) = $(DL_FROM)/$(DL_FILE)
-$(DL_FILE)_BLAKE2 = 3a1cf93d7223eb57e78eabe828a3d623acac5824ada299470e3126692ef89d1648293aef32468d70a5289611969d5299180c1b373dfbda002a49f3afc729d925 +$(DL_FILE)_BLAKE2 = 08d9afebd927ea5d155515a4c9eedda4d1a249f2b1ab6ada11f50e5b7a3c90b389b32378ab1c0872c7f4627de8dff37149d85e49f7f4d30614add37320ec4f3e
install : $(TARGET)
@@ -80,3 +80,5 @@ $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects)) cd $(DIR_APP) && make install @rm -rf $(DIR_APP) @$(POSTBUILD)
-- 2.44.0
Ah okay, I do that all the time :) I just wanted to make sure that the configuration change you made didn’t get lost.
On 30 Mar 2024, at 12:56, Adolf Belka adolf.belka@ipfire.org wrote:
Hi Michael,
On 30/03/2024 13:28, Michael Tremer wrote:
Hello, Thank you. I merged this. The patch did add a couple of empty new lines at the end of the file again?!
I think that was just a plain and simple error on my part.
So that I didn't have to do a build then get the updated rootfile from the log and then repeat the build with the new rootfile, I copy and pasted the rootfile from CU183. I did see two blank lines at the end of the file and I deleted them and then "saved the file". I think I didn't correctly save the file with the two blank lines deleted.
No problem with the editor only with the fingers controlling the editor faster than the brain controlling the fingers :-)
Regards,
Adolf.
-Michael
On 30 Mar 2024, at 08:14, Adolf Belka adolf.belka@ipfire.org wrote:
- xz version 5.6.0 and 5.6.1 discovered to have been backdoored by what looks to have been one of the xz devs.
- IPFire looks not to be affected by the problem as we don't patch openssh to be linked with liblzma
- However due to question marks about what else might be in these 5.6.x versions it is better to revert back to a version that did not have the build-to-host.m4 file with the code that modifies the build if it meets certain criteria.
Signed-off-by: Adolf Belka adolf.belka@ipfire.org
config/rootfiles/common/xz | 34 +++++++++++++++++++++++----------- lfs/xz | 6 ++++-- 2 files changed, 27 insertions(+), 13 deletions(-)
diff --git a/config/rootfiles/common/xz b/config/rootfiles/common/xz index 73c0e4d24..f3818a083 100644 --- a/config/rootfiles/common/xz +++ b/config/rootfiles/common/xz @@ -41,18 +41,17 @@ usr/bin/xzmore #usr/lib/liblzma.la #usr/lib/liblzma.so usr/lib/liblzma.so.5 -usr/lib/liblzma.so.5.6.1 +usr/lib/liblzma.so.5.4.5 #usr/lib/pkgconfig/liblzma.pc #usr/share/doc/xz #usr/share/doc/xz/AUTHORS #usr/share/doc/xz/COPYING -#usr/share/doc/xz/COPYING.0BSD #usr/share/doc/xz/COPYING.GPLv2 #usr/share/doc/xz/NEWS #usr/share/doc/xz/README #usr/share/doc/xz/THANKS +#usr/share/doc/xz/TODO #usr/share/doc/xz/api -#usr/share/doc/xz/api/COPYING.CC-BY-SA-4.0 #usr/share/doc/xz/api/annotated.html #usr/share/doc/xz/api/base_8h.html #usr/share/doc/xz/api/bc_s.png @@ -121,15 +120,16 @@ usr/lib/liblzma.so.5.6.1 #usr/share/doc/xz/api/tabs.css #usr/share/doc/xz/api/version_8h.html #usr/share/doc/xz/api/vli_8h.html -#usr/share/doc/xz/api/xz-logo.png #usr/share/doc/xz/examples #usr/share/doc/xz/examples/00_README.txt #usr/share/doc/xz/examples/01_compress_easy.c #usr/share/doc/xz/examples/02_decompress.c #usr/share/doc/xz/examples/03_compress_custom.c #usr/share/doc/xz/examples/04_compress_easy_mt.c -#usr/share/doc/xz/examples/11_file_info.c #usr/share/doc/xz/examples/Makefile +#usr/share/doc/xz/examples_old +#usr/share/doc/xz/examples_old/xz_pipe_comp.c +#usr/share/doc/xz/examples_old/xz_pipe_decomp.c #usr/share/doc/xz/faq.txt #usr/share/doc/xz/history.txt #usr/share/doc/xz/lzma-file-format.txt @@ -168,7 +168,6 @@ usr/lib/liblzma.so.5.6.1 #usr/share/man/de/man1/lzless.1 #usr/share/man/de/man1/lzma.1 #usr/share/man/de/man1/lzmadec.1 -#usr/share/man/de/man1/lzmainfo.1 #usr/share/man/de/man1/lzmore.1 #usr/share/man/de/man1/unlzma.1 #usr/share/man/de/man1/unxz.1 @@ -185,16 +184,21 @@ usr/lib/liblzma.so.5.6.1 #usr/share/man/fr #usr/share/man/fr/man1 #usr/share/man/fr/man1/lzcat.1 +#usr/share/man/fr/man1/lzcmp.1 +#usr/share/man/fr/man1/lzdiff.1 #usr/share/man/fr/man1/lzless.1 #usr/share/man/fr/man1/lzma.1 #usr/share/man/fr/man1/lzmadec.1 -#usr/share/man/fr/man1/lzmainfo.1 +#usr/share/man/fr/man1/lzmore.1 #usr/share/man/fr/man1/unlzma.1 #usr/share/man/fr/man1/unxz.1 #usr/share/man/fr/man1/xz.1 #usr/share/man/fr/man1/xzcat.1 +#usr/share/man/fr/man1/xzcmp.1 #usr/share/man/fr/man1/xzdec.1 +#usr/share/man/fr/man1/xzdiff.1 #usr/share/man/fr/man1/xzless.1 +#usr/share/man/fr/man1/xzmore.1 #usr/share/man/ko #usr/share/man/ko/man1 #usr/share/man/ko/man1/lzcat.1 @@ -206,7 +210,6 @@ usr/lib/liblzma.so.5.6.1 #usr/share/man/ko/man1/lzless.1 #usr/share/man/ko/man1/lzma.1 #usr/share/man/ko/man1/lzmadec.1 -#usr/share/man/ko/man1/lzmainfo.1 #usr/share/man/ko/man1/lzmore.1 #usr/share/man/ko/man1/unlzma.1 #usr/share/man/ko/man1/unxz.1 @@ -246,16 +249,27 @@ usr/lib/liblzma.so.5.6.1 #usr/share/man/pt_BR #usr/share/man/pt_BR/man1 #usr/share/man/pt_BR/man1/lzcat.1 +#usr/share/man/pt_BR/man1/lzcmp.1 +#usr/share/man/pt_BR/man1/lzdiff.1 +#usr/share/man/pt_BR/man1/lzegrep.1 +#usr/share/man/pt_BR/man1/lzfgrep.1 +#usr/share/man/pt_BR/man1/lzgrep.1 #usr/share/man/pt_BR/man1/lzless.1 #usr/share/man/pt_BR/man1/lzma.1 #usr/share/man/pt_BR/man1/lzmadec.1 -#usr/share/man/pt_BR/man1/lzmainfo.1 +#usr/share/man/pt_BR/man1/lzmore.1 #usr/share/man/pt_BR/man1/unlzma.1 #usr/share/man/pt_BR/man1/unxz.1 #usr/share/man/pt_BR/man1/xz.1 #usr/share/man/pt_BR/man1/xzcat.1 +#usr/share/man/pt_BR/man1/xzcmp.1 #usr/share/man/pt_BR/man1/xzdec.1 +#usr/share/man/pt_BR/man1/xzdiff.1 +#usr/share/man/pt_BR/man1/xzegrep.1 +#usr/share/man/pt_BR/man1/xzfgrep.1 +#usr/share/man/pt_BR/man1/xzgrep.1 #usr/share/man/pt_BR/man1/xzless.1 +#usr/share/man/pt_BR/man1/xzmore.1 #usr/share/man/ro #usr/share/man/ro/man1 #usr/share/man/ro/man1/lzcat.1 @@ -267,7 +281,6 @@ usr/lib/liblzma.so.5.6.1 #usr/share/man/ro/man1/lzless.1 #usr/share/man/ro/man1/lzma.1 #usr/share/man/ro/man1/lzmadec.1 -#usr/share/man/ro/man1/lzmainfo.1 #usr/share/man/ro/man1/lzmore.1 #usr/share/man/ro/man1/unlzma.1 #usr/share/man/ro/man1/unxz.1 @@ -292,7 +305,6 @@ usr/lib/liblzma.so.5.6.1 #usr/share/man/uk/man1/lzless.1 #usr/share/man/uk/man1/lzma.1 #usr/share/man/uk/man1/lzmadec.1 -#usr/share/man/uk/man1/lzmainfo.1 #usr/share/man/uk/man1/lzmore.1 #usr/share/man/uk/man1/unlzma.1 #usr/share/man/uk/man1/unxz.1 diff --git a/lfs/xz b/lfs/xz index cbec430d4..982392aa0 100644 --- a/lfs/xz +++ b/lfs/xz @@ -24,7 +24,7 @@
include Config
-VER = 5.6.1 +VER = 5.4.5
THISAPP = xz-$(VER) DL_FILE = $(THISAPP).tar.xz @@ -45,7 +45,7 @@ objects = $(DL_FILE)
$(DL_FILE) = $(DL_FROM)/$(DL_FILE)
-$(DL_FILE)_BLAKE2 = 3a1cf93d7223eb57e78eabe828a3d623acac5824ada299470e3126692ef89d1648293aef32468d70a5289611969d5299180c1b373dfbda002a49f3afc729d925 +$(DL_FILE)_BLAKE2 = 08d9afebd927ea5d155515a4c9eedda4d1a249f2b1ab6ada11f50e5b7a3c90b389b32378ab1c0872c7f4627de8dff37149d85e49f7f4d30614add37320ec4f3e
install : $(TARGET)
@@ -80,3 +80,5 @@ $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects)) cd $(DIR_APP) && make install @rm -rf $(DIR_APP) @$(POSTBUILD)
-- 2.44.0
-- Sent from my laptop