Re: Bulk builds after xz downgrade

To: Jonathan Perkin <jperkin%mnx.io@localhost>
Subject: Re: Bulk builds after xz downgrade
From: Thomas Klausner <wiz%gatalith.at@localhost>
Date: Fri, 29 Mar 2024 19:57:44 +0100

On Fri, Mar 29, 2024 at 01:33:44PM +0000, Jonathan Perkin wrote:
> Heads up to those performing bulk builds, you'll need to remove xz-5.6.*
> from your PACKAGES directory before starting builds after this change,
> otherwise you'll run into depends failures.

I've renamed the version to "5.6.1nb100" so it's newer than what we
had before. It contains the code of 5.4.6 though. I noted this in
DESCR and COMMENT.

The reason for the downgrade is a backdoor introduced in 5.6.0 that
only seems to affect Linux installations. Here's the full write-up:

https://www.openwall.com/lists/oss-security/2024/03/29/4

 Thomas

References:
- Bulk builds after xz downgrade
  - From: Jonathan Perkin

Prev by Date: Bulk builds after xz downgrade
Next by Date: glib2 linking
Previous by Thread: Bulk builds after xz downgrade
Next by Thread: glib2 linking
Indexes:

Home | Main Index | Thread Index | Old Index