From 7a72e8fef266a9c1950a4425a2797e39b23c6665 Mon Sep 17 00:00:00 2001 From: Alexander Kanavin Date: Thu, 22 Aug 2024 11:35:21 +0200 Subject: xz: upgrade 5.4.6 -> 5.6.2 This is the first post-backdoor release. These are the release notes: https://github.com/tukaani-project/xz/releases/ There are also backdoor notes: https://tukaani.org/xz-backdoor/ "I plan to write an article how the backdoor got into the releases and what can be learned from this." - that'd be most welcome, as it would be first hand information that sets the record straight. And there's a commit by commit review of Jia Tan's contributions: https://tukaani.org/xz-backdoor/review.html Add an option for landlock sandbox (off by default as it clashes with running under pseudo). License-Update: public domain bits were relicensed under 0BSD license (From OE-Core rev: 6446d82a533da091ec2acc613b4cf06951d78ff3) Signed-off-by: Alexander Kanavin Signed-off-by: Richard Purdie --- meta/recipes-extended/xz/xz_5.4.6.bb | 69 ---------------------------------- meta/recipes-extended/xz/xz_5.6.2.bb | 72 ++++++++++++++++++++++++++++++++++++ 2 files changed, 72 insertions(+), 69 deletions(-) delete mode 100644 meta/recipes-extended/xz/xz_5.4.6.bb create mode 100644 meta/recipes-extended/xz/xz_5.6.2.bb diff --git a/meta/recipes-extended/xz/xz_5.4.6.bb b/meta/recipes-extended/xz/xz_5.4.6.bb deleted file mode 100644 index 3f82e476bf..0000000000 --- a/meta/recipes-extended/xz/xz_5.4.6.bb +++ /dev/null @@ -1,69 +0,0 @@ -SUMMARY = "Utilities for managing LZMA compressed files" -HOMEPAGE = "https://tukaani.org/xz/" -DESCRIPTION = "XZ Utils is free general-purpose data compression software with a high compression ratio. XZ Utils were written for POSIX-like systems, but also work on some not-so-POSIX systems. XZ Utils are the successor to LZMA Utils." -SECTION = "base" - -# The source includes bits of PD, GPL-2.0, GPL-3.0, LGPL-2.1-or-later, but the -# only file which is GPL-3.0 is an m4 macro which isn't shipped in any of our -# packages, and the LGPL bits are under lib/, which appears to be used for -# libgnu, which appears to be used for DOS builds. So we're left with -# GPL-2.0-or-later and PD. -LICENSE = "GPL-2.0-or-later & GPL-3.0-with-autoconf-exception & LGPL-2.1-or-later & PD" -LICENSE:${PN} = "PD & GPL-2.0-or-later" -LICENSE:${PN}-dev = "PD & GPL-2.0-or-later" -LICENSE:${PN}-staticdev = "GPL-2.0-or-later" -LICENSE:${PN}-doc = "PD & GPL-2.0-or-later" -LICENSE:${PN}-dbg = "GPL-2.0-or-later" -LICENSE:${PN}-locale = "GPL-2.0-or-later" -LICENSE:liblzma = "PD" - -LIC_FILES_CHKSUM = "file://COPYING;md5=d4378ea9d5d1fc9ab0ae10d7948827d9 \ - file://COPYING.GPLv2;md5=b234ee4d69f5fce4486a80fdaf4a4263 \ - file://COPYING.GPLv3;md5=1ebbd3e34237af26da5dc08a4e440464 \ - file://COPYING.LGPLv2.1;md5=4fbd65380cdd255951079008b364516c \ - file://lib/getopt.c;endline=23;md5=2069b0ee710572c03bb3114e4532cd84 \ - " - -SRC_URI = "https://github.com/tukaani-project/xz/releases/download/v${PV}/xz-${PV}.tar.gz \ - file://run-ptest \ - " -SRC_URI[sha256sum] = "aeba3e03bf8140ddedf62a0a367158340520f6b384f75ca6045ccc6c0d43fd5c" -UPSTREAM_CHECK_REGEX = "releases/tag/v(?P\d+(\.\d+)+)" -UPSTREAM_CHECK_URI = "https://github.com/tukaani-project/xz/releases/" - -CACHED_CONFIGUREVARS += "gl_cv_posix_shell=/bin/sh" - -inherit autotools gettext ptest - -PACKAGES =+ "liblzma" - -FILES:liblzma = "${libdir}/liblzma*${SOLIBS}" - -inherit update-alternatives -ALTERNATIVE_PRIORITY = "100" -ALTERNATIVE:${PN} = "xz xzcat unxz \ - lzma lzcat unlzma" - -BBCLASSEXTEND = "native nativesdk" - -RDEPENDS:${PN}-ptest += "bash file" - -do_compile_ptest() { - oe_runmake check TESTS= -} - -do_install_ptest () { - install -d ${D}${PTEST_PATH}/tests - find ${B}/tests/.libs -type f -executable -exec cp {} ${D}${PTEST_PATH}/tests \; - cp ${B}/config.h ${D}${PTEST_PATH} - for i in files xzgrep_expected_output test_files.sh test_scripts.sh test_compress.sh; do - cp -r ${S}/tests/$i ${D}${PTEST_PATH}/tests - done - mkdir -p ${D}${PTEST_PATH}/src/xz - ln -s ${bindir}/xz ${D}${PTEST_PATH}/src/xz/xz - mkdir -p ${D}${PTEST_PATH}/src/xzdec - ln -s ${bindir}/xzdec ${D}${PTEST_PATH}/src/xzdec/xzdec - mkdir -p ${D}${PTEST_PATH}/src/scripts - ln -s ${bindir}/xzdiff ${D}${PTEST_PATH}/src/scripts/xzdiff - ln -s ${bindir}/xzgrep ${D}${PTEST_PATH}/src/scripts/xzgrep -} diff --git a/meta/recipes-extended/xz/xz_5.6.2.bb b/meta/recipes-extended/xz/xz_5.6.2.bb new file mode 100644 index 0000000000..96fc691ef7 --- /dev/null +++ b/meta/recipes-extended/xz/xz_5.6.2.bb @@ -0,0 +1,72 @@ +SUMMARY = "Utilities for managing LZMA compressed files" +HOMEPAGE = "https://tukaani.org/xz/" +DESCRIPTION = "XZ Utils is free general-purpose data compression software with a high compression ratio. XZ Utils were written for POSIX-like systems, but also work on some not-so-POSIX systems. XZ Utils are the successor to LZMA Utils." +SECTION = "base" + +# The source includes bits of 0BSD, GPL-2.0, GPL-3.0, LGPL-2.1-or-later, but the +# only file which is GPL-3.0 is an m4 macro which isn't shipped in any of our +# packages, and the LGPL bits are under lib/, which appears to be used for +# libgnu, which appears to be used for DOS builds. So we're left with +# GPL-2.0-or-later and 0BSD. +LICENSE = "GPL-2.0-or-later & GPL-3.0-with-autoconf-exception & LGPL-2.1-or-later & 0BSD" +LICENSE:${PN} = "0BSD & GPL-2.0-or-later" +LICENSE:${PN}-dev = "0BSD & GPL-2.0-or-later" +LICENSE:${PN}-staticdev = "GPL-2.0-or-later" +LICENSE:${PN}-doc = "0BSD & GPL-2.0-or-later" +LICENSE:${PN}-dbg = "GPL-2.0-or-later" +LICENSE:${PN}-locale = "GPL-2.0-or-later" +LICENSE:liblzma = "0BSD" + +LIC_FILES_CHKSUM = "file://COPYING;md5=c02de712b028a5cc7e22472e8f2b3db1 \ + file://COPYING.0BSD;md5=0672c210ce80c83444339b9aa31fee2f \ + file://COPYING.GPLv2;md5=b234ee4d69f5fce4486a80fdaf4a4263 \ + file://COPYING.GPLv3;md5=1ebbd3e34237af26da5dc08a4e440464 \ + file://COPYING.LGPLv2.1;md5=4fbd65380cdd255951079008b364516c \ + file://lib/getopt.c;endline=23;md5=3f33e207287bf72834f3ae8c247dfb6a \ + " + +SRC_URI = "https://github.com/tukaani-project/xz/releases/download/v${PV}/xz-${PV}.tar.gz \ + file://run-ptest \ + " +SRC_URI[sha256sum] = "8bfd20c0e1d86f0402f2497cfa71c6ab62d4cd35fd704276e3140bfb71414519" +UPSTREAM_CHECK_REGEX = "releases/tag/v(?P\d+(\.\d+)+)" +UPSTREAM_CHECK_URI = "https://github.com/tukaani-project/xz/releases/" + +CACHED_CONFIGUREVARS += "gl_cv_posix_shell=/bin/sh" + +inherit autotools gettext ptest + +PACKAGECONFIG[landlock] = "--enable-sandbox=landlock,--enable-sandbox=no" + +PACKAGES =+ "liblzma" + +FILES:liblzma = "${libdir}/liblzma*${SOLIBS}" + +inherit update-alternatives +ALTERNATIVE_PRIORITY = "100" +ALTERNATIVE:${PN} = "xz xzcat unxz \ + lzma lzcat unlzma" + +BBCLASSEXTEND = "native nativesdk" + +RDEPENDS:${PN}-ptest += "bash file" + +do_compile_ptest() { + oe_runmake check TESTS= +} + +do_install_ptest () { + install -d ${D}${PTEST_PATH}/tests + find ${B}/tests/.libs -type f -executable -exec cp {} ${D}${PTEST_PATH}/tests \; + cp ${B}/config.h ${D}${PTEST_PATH} + for i in files xzgrep_expected_output test_files.sh test_scripts.sh test_compress.sh; do + cp -r ${S}/tests/$i ${D}${PTEST_PATH}/tests + done + mkdir -p ${D}${PTEST_PATH}/src/xz + ln -s ${bindir}/xz ${D}${PTEST_PATH}/src/xz/xz + mkdir -p ${D}${PTEST_PATH}/src/xzdec + ln -s ${bindir}/xzdec ${D}${PTEST_PATH}/src/xzdec/xzdec + mkdir -p ${D}${PTEST_PATH}/src/scripts + ln -s ${bindir}/xzdiff ${D}${PTEST_PATH}/src/scripts/xzdiff + ln -s ${bindir}/xzgrep ${D}${PTEST_PATH}/src/scripts/xzgrep +} -- cgit v1.2.3-54-g00ecf