Commit Graph

39 Commits

Author SHA1 Message Date
Petr Štetiar
d4b6b76443
Revert "tools/xz: update to 5.6.1" (CVE-2024-3094)
This reverts commit 714c91d1a6 as probably
the upstream xz repository and the xz tarballs have been backdoored.

References: https://www.openwall.com/lists/oss-security/2024/03/29/4.
Signed-off-by: Petr Štetiar <ynezz@true.cz>
2024-03-29 16:59:56 +00:00
Nick Hainke
714c91d1a6 tools/xz: update to 5.6.1
Change mirror to github.

Signed-off-by: Nick Hainke <vincent@systemli.org>
2024-03-29 06:56:43 +01:00
Nick Hainke
dfb4babfdf tools/xz: update to 5.4.6
Changelog:
https://git.tukaani.org/?p=xz.git;a=blob;f=NEWS;h=d271dad2d3f1ec54e56ef8fa60275a88697a24aa;hb=0ef8192e8d5af4e6200d5d4aee22d1f177f7a2df

Signed-off-by: Nick Hainke <vincent@systemli.org>
2024-01-30 10:37:34 +01:00
Nick Hainke
39bdcec011 tools/xz: update to 5.4.5
* liblzma:
    - Use __attribute__((__no_sanitize_address__)) to avoid address
      sanitization with CRC64 CLMUL. It uses 16-byte-aligned reads
      which can extend past the bounds of the input buffer and
      inherently trigger address sanitization errors. This isn't
      a bug.
    - Fixed an assertion failure that could be triggered by a large
      unpadded_size argument. It was verified that there was no
      other bug than the assertion failure.
    - Fixed a bug that prevented building with Windows Vista
      threading when __attribute__((__constructor__)) is not
      supported.
* xz now properly handles special files such as "con" or "nul" on
  Windows. Before this fix, the following wrote "foo" to the
  console and deleted the input file "con_xz":
      echo foo | xz > con_xz
      xz --suffix=_xz --decompress con_xz
* Build systems:
    - Allow builds with Windows win95 threading and small mode when
      __attribute__((__constructor__)) is supported.
    - Added a new line to liblzma.pc for MSYS2 (Windows):
          Cflags.private: -DLZMA_API_STATIC
      When compiling code that will link against static liblzma,
      the LZMA_API_STATIC macro needs to be defined on Windows.
    - CMake specific changes:
        * Fixed a bug that allowed CLOCK_MONOTONIC to be used even
          if the check for it failed.
        * Fixed a bug where configuring CMake multiple times
          resulted in HAVE_CLOCK_GETTIME and HAVE_CLOCK_MONOTONIC
          not being set.
        * Fixed the build with MinGW-w64-based Clang/LLVM 17.
          llvm-windres now has more accurate GNU windres emulation
          so the GNU windres workaround from 5.4.1 is needed with
          llvm-windres version 17 too.
        * The import library on Windows is now properly named
          "liblzma.dll.a" instead of "libliblzma.dll.a"
        * Fixed a bug causing the Ninja Generator to fail on
          UNIX-like systems. This bug was introduced in 5.4.0.
        * Added a new option to disable CLMUL CRC64.
        * A module-definition (.def) file is now created when
          building liblzma.dll with MinGW-w64.
        * The pkg-config liblzma.pc file is now installed on all
          builds except when using MSVC on Windows.
        * Added large file support by default for platforms that
          need it to handle files larger than 2 GiB. This includes
          MinGW-w64, even 64-bit builds.
* Small fixes and improvements to the tests.
* Updated translations: Chinese (simplified) and Esperanto.

Signed-off-by: Nick Hainke <vincent@systemli.org>
2023-12-04 13:18:35 +01:00
Rosen Penev
813ef01a27 tools/xz: update to 5.4.4
* liblzma and xzdec can now build against WASI SDK when threading
  support is disabled. xz and tests don't build yet.

* CMake:

    - Fixed a bug preventing other projects from including liblzma
      multiple times using find_package().

    - Don't create broken symlinks in Cygwin and MSYS2 unless
      supported by the environment. This prevented building for the
      default MSYS2 environment. The problem was introduced in
      xz 5.4.0.

* Documentation:

    - Small improvements to man pages.

    - Small improvements and typo fixes for liblzma API
      documentation.

* Tests:

    - Added a new section to INSTALL to describe basic test usage
      and address recent questions about building the tests when
      cross compiling.

    - Small fixes and improvements to the tests.

* Translations:

    - Fixed a mistake that caused one of the error messages to not
      be translated. This only affected versions 5.4.2 and 5.4.3.

    - Updated the Chinese (simplified), Croatian, Esperanto, German,
      Korean, Polish, Romanian, Spanish, Swedish, Ukrainian, and
      Vietnamese translations.

    - Updated the German, Korean, Romanian, and Ukrainian man page
      translations.

Signed-off-by: Rosen Penev <rosenp@gmail.com>
2023-08-14 10:18:43 +02:00
Nick Hainke
2526b98a62
tools/xz: update to 5.4.3
Changelog:
https://git.tukaani.org/?p=xz.git;a=blob;f=NEWS;h=2f4d35adca6198671434d2988803cc9316ad1ec8;hb=c247d06e1f6cada9a76f4f6225cbd97ea760f52f#l5

Signed-off-by: Nick Hainke <vincent@systemli.org>
2023-05-06 07:16:15 +02:00
Linhui Liu
450698804c tools/xz: bump to 5.4.2
Release Notes:
https://git.tukaani.org/?p=xz.git;a=blob;f=NEWS;hb=HEAD

Signed-off-by: Linhui Liu <liulinhui36@gmail.com>
2023-03-20 23:41:27 +01:00
Linhui Liu
753efd45b2 tools/xz: update to 5.4.1
Release notes:
    https://git.tukaani.org/?p=xz.git;a=blob;f=NEWS;hb=HEAD

Signed-off-by: Linhui Liu <liulinhui36@gmail.com>
2023-01-13 22:09:12 +01:00
Linhui Liu
c4b5239b63 tools/xz: update to 5.4.0
Release notes:
    https://git.tukaani.org/?p=xz.git;a=blob;f=NEWS;hb=HEAD

Signed-off-by: Linhui Liu <liulinhui36@gmail.com>
2023-01-07 17:17:04 +01:00
Nick Hainke
a0bf926a46 tools/xz: update to 5.2.10
Update to latest version.

Signed-off-by: Nick Hainke <vincent@systemli.org>
2022-12-19 23:25:35 +01:00
Nick Hainke
d010e36a0d tools/xz: update to 5.2.9
Update to latest release.

Signed-off-by: Nick Hainke <vincent@systemli.org>
2022-12-03 20:40:36 +01:00
Nick Hainke
511d02a758 tools/xz: update to 5.2.8
Update to latest release.

Signed-off-by: Nick Hainke <vincent@systemli.org>
2022-11-16 23:30:11 +01:00
Nick Hainke
ef51c0150a tools/xz: update to 5.2.7
Update to latest version.

Signed-off-by: Nick Hainke <vincent@systemli.org>
2022-10-22 22:50:37 +02:00
Rosen Penev
a63805b25f
tools: add Host/Uninstall where possible
This cleans staging_dir when calling tool/x/clean.

Signed-off-by: Rosen Penev <rosenp@gmail.com>
2022-10-20 00:33:22 +02:00
Nick Hainke
20f8101a26 tools/xz: update to 5.2.6
This update contains a security fix to xzgrep (CVE-2022-1271,
ZDI-CAN-16587). Release notes:
https://git.tukaani.org/?p=xz.git;a=blob;f=NEWS;hb=HEAD

Signed-off-by: Nick Hainke <vincent@systemli.org>
2022-08-20 23:25:32 +02:00
Daniel Engberg
d158b26c1e tools/xz: Update to 5.2.5
Update xz to 5.2.5
Disable NLS support to be consistent with other tools such as bison, e2fsprogs
and sed.
Signed-off-by: Daniel Engberg <daniel.engberg.lists@pyret.net>
2020-04-09 22:09:13 +02:00
Rosen Penev
46dc4e206d tools/xz: Compile with PIC to fix linking errors
I made a similar change to this here:
https://github.com/openwrt/packages/pull/8159

However, it turns out this did not fix the problem as the problem has to
do with tools/xz and not the xz package. The error is the same and causes
linking errors as can be seen above.

Signed-off-by: Rosen Penev <rosenp@gmail.com>
2019-04-06 19:14:06 +02:00
Rosen Penev
622176262d tools/xz: Add PKG_CPE_ID for proper CVE tracking
Signed-off-by: Rosen Penev <rosenp@gmail.com>
2018-10-16 19:17:36 +01:00
Daniel Engberg
93959bd86d tools/xz: Update to 5.2.4
Update to 5.2.4
Remove FreeBSD fix as it's not needed
Disable docs

Signed-off-by: Daniel Engberg <daniel.engberg.lists@pyret.net>
2018-05-05 07:13:53 +02:00
Daniel Engberg
54ff3b1def xz: Update to 5.2.3
Update xz to 5.2.3

Signed-off-by: Daniel Engberg <daniel.engberg.lists@pyret.net>
2017-01-03 14:24:32 +01:00
Felix Fietkau
720b99215d treewide: clean up download hashes
Replace *MD5SUM with *HASH, replace MD5 hashes with SHA256

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2016-12-16 22:39:22 +01:00
Jo-Philipp Wich
27950ddc0e tools: xz: force building without ccache
Since XZ is required to bootstrap ccache we must not use the ccache compiler
wrapper to avoid circular dependencies.

Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2016-10-06 15:29:33 +02:00
Jo-Philipp Wich
e68c0a1325 tools: xz: use .bz2 archive
In order to build XZ itself we cannot assume that XZ support is available,
so fetch the bz2 archive variant of its sources instead.

Also drop the FreeBSD portability patch and apply it at prepare time using
sed, to avoid a dependency on GNU patch which in turn depends on XZ support.

Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2016-10-06 14:12:45 +02:00
Daniel Engberg
9edfe7dd13 source: Switch to xz for packages and tools where possible
* Change git packages to xz
* Update mirror checksums in packages where they are used
* Change a few source tarballs to xz if available upstream
* Remove unused lines in packages we're touching, requested by jow- and blogic
* We're relying more on xz-utils so add official mirror as primary source, master site as secondary.
* Add SHA256 checksums to multiple git tarball packages

Signed-off-by: Daniel Engberg <daniel.engberg.lists@pyret.net>
2016-10-06 12:16:56 +02:00
Felix Fietkau
7002454b3c tools/xz: update to 5.2.2
Update xz to version 5.2.2.
Add a secondary download location.

Signed-off-by: Hannu Nyman <hannu.nyman@iki.fi>

SVN-Revision: 47298
2015-10-30 22:31:09 +00:00
Jo-Philipp Wich
b4e49ad8f0 tools/xz: disable shared library
Force a static build of the xz utilities in order to avoid the dependency on a
shared liblzma.so which might collide with the distro version.

Signed-off-by: Jo-Philipp Wich <jow@openwrt.org>

SVN-Revision: 46907
2015-09-14 14:03:21 +00:00
Hauke Mehrtens
7aa7a4b06b tools: xz: update to version 5.2.1
This adds support for symbol versioning which is needed on
CentOs/RedHat 7 to fix #20134.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>

SVN-Revision: 46603
2015-08-15 11:27:11 +00:00
Jo-Philipp Wich
f7e56763e1 tools: remove static linking support
Signed-off-by: Jo-Philipp Wich <jow@openwrt.org>

SVN-Revision: 44285
2015-02-06 00:00:43 +00:00
Luka Perkov
e83cacd2c1 xz: upgrade to 5.0.5
Signed-off-by: Luka Perkov <luka@openwrt.org>

SVN-Revision: 37797
2013-08-16 00:19:21 +00:00
Felix Fietkau
ed2bf29be5 build: add the + token to any commands that can pass through the jobserver, fixes parallel build on some systems
SVN-Revision: 33523
2012-09-23 09:50:01 +00:00
Felix Fietkau
b0065ecb72 tools/xz enable parallel builds
SVN-Revision: 33431
2012-09-15 14:17:40 +00:00
Jo-Philipp Wich
958a9c96cd xz: update to 5.0.4
Signed-off-by: Jonh Wendell <jonh.wendell@gmail.com>

SVN-Revision: 33146
2012-08-12 12:48:49 +00:00
Jo-Philipp Wich
cf1698c637 use HOST_STATIC_LINKING instead of hardcoding -static
SVN-Revision: 33140
2012-08-12 12:34:30 +00:00
Jo-Philipp Wich
da6f82a16e xz: link statically
SVN-Revision: 33111
2012-08-10 19:27:00 +00:00
Florian Fainelli
9c6d6caf0e xz: update to 5.0.3
Signed-off-by: Luka Perkov <openwrt@lukaperkov.net>

SVN-Revision: 31172
2012-04-02 16:25:25 +00:00
Hauke Mehrtens
ce6942268c xz: update to version 5.0.2
SVN-Revision: 26438
2011-04-03 13:19:16 +00:00
Alexandros C. Couloumbis
8d9c6a8f06 tools/xz: update to version 5.0.1
SVN-Revision: 25847
2011-03-03 10:26:11 +00:00
Felix Fietkau
4dbb7f8cb5 tools/xz: do not overwrite the lzma binary
SVN-Revision: 24499
2010-12-11 21:29:53 +00:00
Felix Fietkau
82ac7bb00a add a host package for xz
SVN-Revision: 24481
2010-12-11 13:20:19 +00:00