[32/32] xz: upgrade 5.4.6 -> 5.6.2

Message ID	20240822093521.36790-32-alex.kanavin@gmail.com
State	Accepted, archived
Commit	6446d82a533da091ec2acc613b4cf06951d78ff3
Headers	show Return-Path: <alex.kanavin@gmail.com> ip: 209.85.208.48, mailfrom: alex.kanavin@gmail.com) From: Alexander Kanavin <alex.kanavin@gmail.com> To: openembedded-core@lists.openembedded.org Cc: Alexander Kanavin <alex@linutronix.de> Subject: [PATCH 32/32] xz: upgrade 5.4.6 -> 5.6.2 Date: Thu, 22 Aug 2024 11:35:21 +0200 Message-Id: <20240822093521.36790-32-alex.kanavin@gmail.com> In-Reply-To: <20240822093521.36790-1-alex.kanavin@gmail.com> References: <20240822093521.36790-1-alex.kanavin@gmail.com> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit
Series	[01/32] mesa: set PV from the .inc file and not via filenames \| expand [01/32] mesa: set PV from the .inc file and not via filenames [02/32] sysvinit: take release tarballs from github [03/32] bash: upgrade 5.2.21 -> 5.2.32 [04/32] boost: upgrade 1.85.0 -> 1.86.0 [05/32] ccache: upgrade 4.10.1 -> 4.10.2 [06/32] cmake: upgrade 3.30.1 -> 3.30.2 [07/32] dpkg: upgrade 1.22.10 -> 1.22.11 [08/32] e2fsprogs: upgrade 1.47.0 -> 1.47.1 [09/32] epiphany: upgrade 46.0 -> 46.3 [10/32] gstreamer1.0: upgrade 1.24.5 -> 1.24.6 [11/32] kmod: upgrade 32 -> 33 [12/32] kmscube: upgrade to latest revision [13/32] libadwaita: upgrade 1.5.2 -> 1.5.3 [14/32] libedit: upgrade 20240517-3.1 -> 20240808-3.1 [15/32] libnl: upgrade 3.9.0 -> 3.10.0 [16/32] librepo: upgrade 1.17.0 -> 1.18.1 [17/32] libva: upgrade 2.20.0 -> 2.22.0 [18/32] linux-firmware: upgrade 20240513 -> 20240811 [19/32] lua: upgrade 5.4.6 -> 5.4.7 [20/32] mpg123: upgrade 1.32.6 -> 1.32.7 [21/32] mtools: upgrade 4.0.43 -> 4.0.44 [22/32] nghttp2: upgrade 1.62.0 -> 1.62.1 [23/32] puzzles: upgrade to latest revision [24/32] python3-dtschema: upgrade 2024.4 -> 2024.5 [25/32] python3-uritools: upgrade 4.0.2 -> 4.0.3 [26/32] python3-webcolors: upgrade 1.13 -> 24.8.0 [27/32] sqlite3: upgrade 3.45.3 -> 3.46.1 [28/32] stress-ng: upgrade 0.17.08 -> 0.18.02 [29/32] webkitgtk: upgrade 2.44.1 -> 2.44.3 [30/32] weston: upgrade 13.0.1 -> 13.0.3 [31/32] xkeyboard-config: upgrade 2.41 -> 2.42 [32/32] xz: upgrade 5.4.6 -> 5.6.2

Message ID

20240822093521.36790-32-alex.kanavin@gmail.com

State

Accepted, archived

Commit

6446d82a533da091ec2acc613b4cf06951d78ff3

Headers

From: Alexander Kanavin <alex.kanavin@gmail.com>
To: openembedded-core@lists.openembedded.org
Cc: Alexander Kanavin <alex@linutronix.de>
Subject: [PATCH 32/32] xz: upgrade 5.4.6 -> 5.6.2
Date: Thu, 22 Aug 2024 11:35:21 +0200
Message-Id: <20240822093521.36790-32-alex.kanavin@gmail.com>
In-Reply-To: <20240822093521.36790-1-alex.kanavin@gmail.com>
References: <20240822093521.36790-1-alex.kanavin@gmail.com>
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit

Series

[01/32] mesa: set PV from the .inc file and not via filenames | expand

Commit Message

Alexander Kanavin Aug. 22, 2024, 9:35 a.m. UTC

From: Alexander Kanavin <alex@linutronix.de>

This is the first post-backdoor release.

These are the release notes:
https://github.com/tukaani-project/xz/releases/

There are also backdoor notes:
https://tukaani.org/xz-backdoor/
"I plan to write an article how the backdoor got into the releases and
what can be learned from this." - that'd be most welcome, as it would
be first hand information that sets the record straight.

And there's a commit by commit review of Jia Tan's contributions:
https://tukaani.org/xz-backdoor/review.html

Add an option for landlock sandbox (off by default as it clashes with running under pseudo).

License-Update: public domain bits were relicensed under 0BSD license

Signed-off-by: Alexander Kanavin <alex@linutronix.de>
---
 .../xz/{xz_5.4.6.bb => xz_5.6.2.bb}           | 23 +++++++++++--------
 1 file changed, 13 insertions(+), 10 deletions(-)
 rename meta/recipes-extended/xz/{xz_5.4.6.bb => xz_5.6.2.bb} (77%)

diff --git a/meta/recipes-extended/xz/xz_5.4.6.bb b/meta/recipes-extended/xz/xz_5.6.2.bb
similarity index 77%
rename from meta/recipes-extended/xz/xz_5.4.6.bb
rename to meta/recipes-extended/xz/xz_5.6.2.bb
index 3f82e476bf4..96fc691ef7e 100644
--- a/meta/recipes-extended/xz/xz_5.4.6.bb
+++ b/meta/recipes-extended/xz/xz_5.6.2.bb
@@ -3,31 +3,32 @@  HOMEPAGE = "https://tukaani.org/xz/"
 DESCRIPTION = "XZ Utils is free general-purpose data compression software with a high compression ratio. XZ Utils were written for POSIX-like systems, but also work on some not-so-POSIX systems. XZ Utils are the successor to LZMA Utils."
 SECTION = "base"
 
-# The source includes bits of PD, GPL-2.0, GPL-3.0, LGPL-2.1-or-later, but the
+# The source includes bits of 0BSD, GPL-2.0, GPL-3.0, LGPL-2.1-or-later, but the
 # only file which is GPL-3.0 is an m4 macro which isn't shipped in any of our
 # packages, and the LGPL bits are under lib/, which appears to be used for
 # libgnu, which appears to be used for DOS builds. So we're left with
-# GPL-2.0-or-later and PD.
-LICENSE = "GPL-2.0-or-later & GPL-3.0-with-autoconf-exception & LGPL-2.1-or-later & PD"
-LICENSE:${PN} = "PD & GPL-2.0-or-later"
-LICENSE:${PN}-dev = "PD & GPL-2.0-or-later"
+# GPL-2.0-or-later and 0BSD.
+LICENSE = "GPL-2.0-or-later & GPL-3.0-with-autoconf-exception & LGPL-2.1-or-later & 0BSD"
+LICENSE:${PN} = "0BSD & GPL-2.0-or-later"
+LICENSE:${PN}-dev = "0BSD & GPL-2.0-or-later"
 LICENSE:${PN}-staticdev = "GPL-2.0-or-later"
-LICENSE:${PN}-doc = "PD & GPL-2.0-or-later"
+LICENSE:${PN}-doc = "0BSD & GPL-2.0-or-later"
 LICENSE:${PN}-dbg = "GPL-2.0-or-later"
 LICENSE:${PN}-locale = "GPL-2.0-or-later"
-LICENSE:liblzma = "PD"
+LICENSE:liblzma = "0BSD"
 
-LIC_FILES_CHKSUM = "file://COPYING;md5=d4378ea9d5d1fc9ab0ae10d7948827d9 \
+LIC_FILES_CHKSUM = "file://COPYING;md5=c02de712b028a5cc7e22472e8f2b3db1 \
+                    file://COPYING.0BSD;md5=0672c210ce80c83444339b9aa31fee2f \
                     file://COPYING.GPLv2;md5=b234ee4d69f5fce4486a80fdaf4a4263 \
                     file://COPYING.GPLv3;md5=1ebbd3e34237af26da5dc08a4e440464 \
                     file://COPYING.LGPLv2.1;md5=4fbd65380cdd255951079008b364516c \
-                    file://lib/getopt.c;endline=23;md5=2069b0ee710572c03bb3114e4532cd84 \
+                    file://lib/getopt.c;endline=23;md5=3f33e207287bf72834f3ae8c247dfb6a \
                     "
 
 SRC_URI = "https://github.com/tukaani-project/xz/releases/download/v${PV}/xz-${PV}.tar.gz \
            file://run-ptest \
           "
-SRC_URI[sha256sum] = "aeba3e03bf8140ddedf62a0a367158340520f6b384f75ca6045ccc6c0d43fd5c"
+SRC_URI[sha256sum] = "8bfd20c0e1d86f0402f2497cfa71c6ab62d4cd35fd704276e3140bfb71414519"
 UPSTREAM_CHECK_REGEX = "releases/tag/v(?P<pver>\d+(\.\d+)+)"
 UPSTREAM_CHECK_URI = "https://github.com/tukaani-project/xz/releases/"
 
@@ -35,6 +36,8 @@  CACHED_CONFIGUREVARS += "gl_cv_posix_shell=/bin/sh"
 
 inherit autotools gettext ptest
 
+PACKAGECONFIG[landlock] = "--enable-sandbox=landlock,--enable-sandbox=no"
+
 PACKAGES =+ "liblzma"
 
 FILES:liblzma = "${libdir}/liblzma*${SOLIBS}"

[32/32] xz: upgrade 5.4.6 -> 5.6.2

Commit Message

Patch