From: Alexander Kanavin Date: Thu, 22 Aug 2024 09:35:21 +0000 (+0200) Subject: xz: upgrade 5.4.6 -> 5.6.2 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=6446d82a533da091ec2acc613b4cf06951d78ff3;p=thirdparty%2Fopenembedded%2Fopenembedded-core-contrib.git xz: upgrade 5.4.6 -> 5.6.2 This is the first post-backdoor release. These are the release notes: https://github.com/tukaani-project/xz/releases/ There are also backdoor notes: https://tukaani.org/xz-backdoor/ "I plan to write an article how the backdoor got into the releases and what can be learned from this." - that'd be most welcome, as it would be first hand information that sets the record straight. And there's a commit by commit review of Jia Tan's contributions: https://tukaani.org/xz-backdoor/review.html Add an option for landlock sandbox (off by default as it clashes with running under pseudo). License-Update: public domain bits were relicensed under 0BSD license Signed-off-by: Alexander Kanavin Signed-off-by: Richard Purdie --- diff --git a/meta/recipes-extended/xz/xz_5.4.6.bb b/meta/recipes-extended/xz/xz_5.6.2.bb similarity index 77% rename from meta/recipes-extended/xz/xz_5.4.6.bb rename to meta/recipes-extended/xz/xz_5.6.2.bb index 3f82e476bf4..96fc691ef7e 100644 --- a/meta/recipes-extended/xz/xz_5.4.6.bb +++ b/meta/recipes-extended/xz/xz_5.6.2.bb @@ -3,31 +3,32 @@ HOMEPAGE = "https://tukaani.org/xz/" DESCRIPTION = "XZ Utils is free general-purpose data compression software with a high compression ratio. XZ Utils were written for POSIX-like systems, but also work on some not-so-POSIX systems. XZ Utils are the successor to LZMA Utils." SECTION = "base" -# The source includes bits of PD, GPL-2.0, GPL-3.0, LGPL-2.1-or-later, but the +# The source includes bits of 0BSD, GPL-2.0, GPL-3.0, LGPL-2.1-or-later, but the # only file which is GPL-3.0 is an m4 macro which isn't shipped in any of our # packages, and the LGPL bits are under lib/, which appears to be used for # libgnu, which appears to be used for DOS builds. So we're left with -# GPL-2.0-or-later and PD. -LICENSE = "GPL-2.0-or-later & GPL-3.0-with-autoconf-exception & LGPL-2.1-or-later & PD" -LICENSE:${PN} = "PD & GPL-2.0-or-later" -LICENSE:${PN}-dev = "PD & GPL-2.0-or-later" +# GPL-2.0-or-later and 0BSD. +LICENSE = "GPL-2.0-or-later & GPL-3.0-with-autoconf-exception & LGPL-2.1-or-later & 0BSD" +LICENSE:${PN} = "0BSD & GPL-2.0-or-later" +LICENSE:${PN}-dev = "0BSD & GPL-2.0-or-later" LICENSE:${PN}-staticdev = "GPL-2.0-or-later" -LICENSE:${PN}-doc = "PD & GPL-2.0-or-later" +LICENSE:${PN}-doc = "0BSD & GPL-2.0-or-later" LICENSE:${PN}-dbg = "GPL-2.0-or-later" LICENSE:${PN}-locale = "GPL-2.0-or-later" -LICENSE:liblzma = "PD" +LICENSE:liblzma = "0BSD" -LIC_FILES_CHKSUM = "file://COPYING;md5=d4378ea9d5d1fc9ab0ae10d7948827d9 \ +LIC_FILES_CHKSUM = "file://COPYING;md5=c02de712b028a5cc7e22472e8f2b3db1 \ + file://COPYING.0BSD;md5=0672c210ce80c83444339b9aa31fee2f \ file://COPYING.GPLv2;md5=b234ee4d69f5fce4486a80fdaf4a4263 \ file://COPYING.GPLv3;md5=1ebbd3e34237af26da5dc08a4e440464 \ file://COPYING.LGPLv2.1;md5=4fbd65380cdd255951079008b364516c \ - file://lib/getopt.c;endline=23;md5=2069b0ee710572c03bb3114e4532cd84 \ + file://lib/getopt.c;endline=23;md5=3f33e207287bf72834f3ae8c247dfb6a \ " SRC_URI = "https://github.com/tukaani-project/xz/releases/download/v${PV}/xz-${PV}.tar.gz \ file://run-ptest \ " -SRC_URI[sha256sum] = "aeba3e03bf8140ddedf62a0a367158340520f6b384f75ca6045ccc6c0d43fd5c" +SRC_URI[sha256sum] = "8bfd20c0e1d86f0402f2497cfa71c6ab62d4cd35fd704276e3140bfb71414519" UPSTREAM_CHECK_REGEX = "releases/tag/v(?P\d+(\.\d+)+)" UPSTREAM_CHECK_URI = "https://github.com/tukaani-project/xz/releases/" @@ -35,6 +36,8 @@ CACHED_CONFIGUREVARS += "gl_cv_posix_shell=/bin/sh" inherit autotools gettext ptest +PACKAGECONFIG[landlock] = "--enable-sandbox=landlock,--enable-sandbox=no" + PACKAGES =+ "liblzma" FILES:liblzma = "${libdir}/liblzma*${SOLIBS}"