From: Adolf Belka Date: Tue, 8 Apr 2025 21:37:27 +0000 (+0200) Subject: xz: Update to version 5.8.1 X-Git-Tag: v2.29-core194~12 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=5426ee1d309a5d0f9c2ca9d36b9b1d4fae8ed009;p=ipfire-2.x.git xz: Update to version 5.8.1 - Update from version 5.8.0 to 5.8.1 - Update of rootfile - Changelog 5.8.1 IMPORTANT: This includes a security fix for CVE-2025-31115 which affects XZ Utils from 5.3.3alpha to 5.8.0. No new 5.4.x or 5.6.x releases will be made, but the fix is in the v5.4 and v5.6 branches in the xz Git repository. A standalone patch for all affected versions is available as well. * Multithreaded .xz decoder (lzma_stream_decoder_mt()): - Fix a bug that could at least result in a crash with invalid input. (CVE-2025-31115) - Fix a performance bug: Only one thread was used if the whole input file was provided at once to lzma_code(), the output buffer was big enough, timeout was disabled, and LZMA_FINISH was used. There are no bug reports about this, thus it's possible that no real-world application was affected. * Avoid even with C11/C17 compilers. This fixes the build with Oracle Developer Studio 12.6 on Solaris 10 when the compiler is in C11 mode (the header doesn't exist). * Autotools: Restore compatibility with GNU make versions older than 4.0 by creating the package using GNU gettext 0.23.1 infrastructure instead of 0.24. * Update Croatian translation. Signed-off-by: Adolf Belka Reviewed-by: Michael Tremer Signed-off-by: Michael Tremer --- diff --git a/config/rootfiles/common/xz b/config/rootfiles/common/xz index 3873744c8..f836d4578 100644 --- a/config/rootfiles/common/xz +++ b/config/rootfiles/common/xz @@ -41,7 +41,7 @@ usr/bin/xzmore #usr/lib/liblzma.la #usr/lib/liblzma.so usr/lib/liblzma.so.5 -usr/lib/liblzma.so.5.8.0 +usr/lib/liblzma.so.5.8.1 #usr/lib/pkgconfig/liblzma.pc #usr/share/doc/xz #usr/share/doc/xz/AUTHORS diff --git a/lfs/xz b/lfs/xz index 511848c1d..1ee1faa52 100644 --- a/lfs/xz +++ b/lfs/xz @@ -24,7 +24,7 @@ include Config -VER = 5.8.0 +VER = 5.8.1 THISAPP = xz-$(VER) DL_FILE = $(THISAPP).tar.xz @@ -45,7 +45,7 @@ objects = $(DL_FILE) $(DL_FILE) = $(DL_FROM)/$(DL_FILE) -$(DL_FILE)_BLAKE2 = 5087c88884a857b96bc5658548fc9b07ab2f14fe9eabfaeaa19e21810e7588c97621db08353632bd56e66ae2085ec5adc421c4d6849525b630d56dadd65c9f81 +$(DL_FILE)_BLAKE2 = f11be3971e181bb49b6a92d3cc07ebb1c6b5fb53bc5d079e0952eed94f069656cffb37a2e2e8f068a5f119c6ef5ee565b3ac9978a5afa24a40d49607d492d176 install : $(TARGET)