xz: upgrade 5.4.6 -> 5.6.2

This is the first post-backdoor release. These are the release notes: https://github.com/tukaani-project/xz/releases/ There are also backdoor notes: https://tukaani.org/xz-backdoor/ "I plan to write an article how the backdoor got into the releases and what can be learned from this." - that'd be most welcome, as it would be first hand information that sets the record straight. And there's a commit by commit review of Jia Tan's contributions: https://tukaani.org/xz-backdoor/review.html Add an option for landlock sandbox (off by default as it clashes with running under pseudo). License-Update: public domain bits were relicensed under 0BSD license (From OE-Core rev: 6446d82a533da091ec2acc613b4cf06951d78ff3) Signed-off-by: Alexander Kanavin <alex@linutronix.de> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2026-01-29 21:08:42 +01:00 · 2024-08-22 11:35:21 +02:00
parent 17522412a2
commit 7a72e8fef2
1 changed files with 13 additions and 10 deletions
--- a/meta/recipes-extended/xz/xz_5.6.2.bb
+++ b/meta/recipes-extended/xz/xz_5.6.2.bb
@@ -3,31 +3,32 @@ HOMEPAGE = "https://tukaani.org/xz/"
 DESCRIPTION = "XZ Utils is free general-purpose data compression software with a high compression ratio. XZ Utils were written for POSIX-like systems, but also work on some not-so-POSIX systems. XZ Utils are the successor to LZMA Utils."
 SECTION = "base"

-# The source includes bits of PD, GPL-2.0, GPL-3.0, LGPL-2.1-or-later, but the
+# The source includes bits of 0BSD, GPL-2.0, GPL-3.0, LGPL-2.1-or-later, but the
 # only file which is GPL-3.0 is an m4 macro which isn't shipped in any of our
 # packages, and the LGPL bits are under lib/, which appears to be used for
 # libgnu, which appears to be used for DOS builds. So we're left with
-# GPL-2.0-or-later and PD.
-LICENSE = "GPL-2.0-or-later & GPL-3.0-with-autoconf-exception & LGPL-2.1-or-later & PD"
-LICENSE:${PN} = "PD & GPL-2.0-or-later"
-LICENSE:${PN}-dev = "PD & GPL-2.0-or-later"
+# GPL-2.0-or-later and 0BSD.
+LICENSE = "GPL-2.0-or-later & GPL-3.0-with-autoconf-exception & LGPL-2.1-or-later & 0BSD"
+LICENSE:${PN} = "0BSD & GPL-2.0-or-later"
+LICENSE:${PN}-dev = "0BSD & GPL-2.0-or-later"
 LICENSE:${PN}-staticdev = "GPL-2.0-or-later"
-LICENSE:${PN}-doc = "PD & GPL-2.0-or-later"
+LICENSE:${PN}-doc = "0BSD & GPL-2.0-or-later"
 LICENSE:${PN}-dbg = "GPL-2.0-or-later"
 LICENSE:${PN}-locale = "GPL-2.0-or-later"
-LICENSE:liblzma = "PD"
+LICENSE:liblzma = "0BSD"

-LIC_FILES_CHKSUM = "file://COPYING;md5=d4378ea9d5d1fc9ab0ae10d7948827d9 \
+LIC_FILES_CHKSUM = "file://COPYING;md5=c02de712b028a5cc7e22472e8f2b3db1 \
+                    file://COPYING.0BSD;md5=0672c210ce80c83444339b9aa31fee2f \
                    file://COPYING.GPLv2;md5=b234ee4d69f5fce4486a80fdaf4a4263 \
                    file://COPYING.GPLv3;md5=1ebbd3e34237af26da5dc08a4e440464 \
                    file://COPYING.LGPLv2.1;md5=4fbd65380cdd255951079008b364516c \
-                    file://lib/getopt.c;endline=23;md5=2069b0ee710572c03bb3114e4532cd84 \
+                    file://lib/getopt.c;endline=23;md5=3f33e207287bf72834f3ae8c247dfb6a \
                    "

 SRC_URI = "https://github.com/tukaani-project/xz/releases/download/v${PV}/xz-${PV}.tar.gz \
           file://run-ptest \
          "
-SRC_URI[sha256sum] = "aeba3e03bf8140ddedf62a0a367158340520f6b384f75ca6045ccc6c0d43fd5c"
+SRC_URI[sha256sum] = "8bfd20c0e1d86f0402f2497cfa71c6ab62d4cd35fd704276e3140bfb71414519"
 UPSTREAM_CHECK_REGEX = "releases/tag/v(?P<pver>\d+(\.\d+)+)"
 UPSTREAM_CHECK_URI = "https://github.com/tukaani-project/xz/releases/"

@@ -35,6 +36,8 @@ CACHED_CONFIGUREVARS += "gl_cv_posix_shell=/bin/sh"

 inherit autotools gettext ptest

+PACKAGECONFIG[landlock] = "--enable-sandbox=landlock,--enable-sandbox=no"
+
 PACKAGES =+ "liblzma"

 FILES:liblzma = "${libdir}/liblzma*${SOLIBS}"