From 3644a3db2a0ad46971aa433c105e2cce9d141b46 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Joachim=20Mairb=C3=B6ck?= <j.mairboeck@gmail.com>
Date: Fri, 29 Mar 2024 22:39:30 +0100
Subject: [PATCH] xz_utils: switch the SOURCE_URI to the Github generated
 archive

Apparently, the release tarballs are compromised and contain a backdoor.

This mitigates CVE-2024-3094. (even if Haiku is probably not affected by it)
---
 app-arch/xz_utils/xz_utils-5.6.1.recipe | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/app-arch/xz_utils/xz_utils-5.6.1.recipe b/app-arch/xz_utils/xz_utils-5.6.1.recipe
index 77f37cd8b..013881078 100644
--- a/app-arch/xz_utils/xz_utils-5.6.1.recipe
+++ b/app-arch/xz_utils/xz_utils-5.6.1.recipe
@@ -6,9 +6,9 @@ COPYRIGHT="2005-2018 Lasse Collin"
 LICENSE="GNU LGPL v2.1
 	GNU GPL v2
 	GNU GPL v3"
-REVISION="1"
-SOURCE_URI="https://github.com/tukaani-project/xz/releases/download/v$portVersion/xz-$portVersion.tar.gz"
-CHECKSUM_SHA256="2398f4a8e53345325f44bdd9f0cc7401bd9025d736c6d43b372f4dea77bf75b8"
+REVISION="2"
+SOURCE_URI="https://github.com/tukaani-project/xz/archive/refs/tags/v$portVersion.tar.gz"
+CHECKSUM_SHA256="237284fae40e5f8e9908f0a977e7d0b9a5c7c1c10a41b8e6ed0fb40e930467c8"
 SOURCE_DIR="xz-$portVersion"
 ADDITIONAL_FILES="xz_utils-expander-rules"