haikuprojects/haikuports
1
0
Fork 0
mirror of https://github.com/yann64/haikuports.git synced 2026-04-08 21:00:05 +02:00
Code Issues Packages Projects Releases Wiki Activity

xz_utils: switch the SOURCE_URI to the Github generated archive

Browse Source 
Apparently, the release tarballs are compromised and contain a backdoor.

This mitigates CVE-2024-3094. (even if Haiku is probably not affected by it)
This commit is contained in:
Joachim Mairböck
2024-03-29 22:39:30 +01:00
parent 9f161e1282
commit 3644a3db2a
1 changed files with 3 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
app-arch/xz_utils/xz_utils-5.6.1.recipe
View File

@@ -6,9 +6,9 @@ COPYRIGHT="2005-2018 Lasse Collin"
LICENSE="GNU LGPL v2.1
GNU GPL v2
GNU GPL v3"
REVISION="1"
SOURCE_URI="https://github.com/tukaani-project/xz/releases/download/v$portVersion/xz-$portVersion.tar.gz"
CHECKSUM_SHA256="2398f4a8e53345325f44bdd9f0cc7401bd9025d736c6d43b372f4dea77bf75b8"
REVISION="2"
SOURCE_URI="https://github.com/tukaani-project/xz/archive/refs/tags/v$portVersion.tar.gz"
CHECKSUM_SHA256="237284fae40e5f8e9908f0a977e7d0b9a5c7c1c10a41b8e6ed0fb40e930467c8"
SOURCE_DIR="xz-$portVersion"
ADDITIONAL_FILES="xz_utils-expander-rules"