Revert "tools/xz: update to 5.6.1" (CVE-2024-3094)

This reverts commit 714c91d1a63f29650abaa9cf69ffa47cf2c70297 as probably the upstream xz repository and the xz tarballs have been backdoored. References: https://www.openwall.com/lists/oss-security/2024/03/29/4. Signed-off-by: Petr Štetiar <ynezz@true.cz>
author: Petr Štetiar <ynezz@true.cz> 2024-03-29 16:59:01 +0000
committer: Petr Štetiar <ynezz@true.cz> 2024-03-29 16:59:56 +0000
commit: d4b6b76443207103d3a7c0eae5c0085317fb584f (patch)
tree: ba973fa2f69bb00d325ede4a9be25ab2b002d2a9 /tools/xz
parent: f9f2426e398cf74d1098ae40317bfba677ac7560 (diff)
download: openwrt-d4b6b76443207103d3a7c0eae5c0085317fb584f.tar.gz
openwrt-d4b6b76443207103d3a7c0eae5c0085317fb584f.tar.bz2
openwrt-d4b6b76443207103d3a7c0eae5c0085317fb584f.zip
1 files changed, 4 insertions, 3 deletions
diff --git a/tools/xz/Makefile b/tools/xz/Makefile
index b7b9429244..a90cec86bf 100644
--- a/tools/xz/Makefile
+++ b/tools/xz/Makefile
@@ -7,11 +7,12 @@
 include $(TOPDIR)/rules.mk
 
 PKG_NAME:=xz
-PKG_VERSION:=5.6.1
+PKG_VERSION:=5.4.6
 
 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.bz2
-PKG_SOURCE_URL:=https://github.com/tukaani-project/xz/releases/download/v$(PKG_VERSION)
-PKG_HASH:=d300422649a0124b1121630be559c890ceedf32667d7064b8128933166c217c8
+PKG_SOURCE_URL:=@SF/lzmautils \
+		http://tukaani.org/xz
+PKG_HASH:=913851b274e8e1d31781ec949f1c23e8dbcf0ecf6e73a2436dc21769dd3e6f49
 PKG_CPE_ID:=cpe:/a:tukaani:xz
 
 HOST_BUILD_PARALLEL:=1
author	Petr Štetiar <ynezz@true.cz>	2024-03-29 16:59:01 +0000
committer	Petr Štetiar <ynezz@true.cz>	2024-03-29 16:59:56 +0000
commit	d4b6b76443207103d3a7c0eae5c0085317fb584f (patch)
tree	ba973fa2f69bb00d325ede4a9be25ab2b002d2a9 /tools/xz
parent	f9f2426e398cf74d1098ae40317bfba677ac7560 (diff)
download	openwrt-d4b6b76443207103d3a7c0eae5c0085317fb584f.tar.gz openwrt-d4b6b76443207103d3a7c0eae5c0085317fb584f.tar.bz2 openwrt-d4b6b76443207103d3a7c0eae5c0085317fb584f.zip