diff options
author | Andreas Baumann | 2024-03-30 10:32:35 +0100 |
---|---|---|
committer | Andreas Baumann | 2024-03-30 10:32:35 +0100 |
commit | 1c60b774f99c1c745c4a2de4e03b10edb4b9a53c (patch) | |
tree | 411ceb33571c66df966e91c09b3f9ef94d8308bf | |
parent | 1907dbef676c4074c03414438c47a0bea809a534 (diff) | |
download | aur-1c60b774f99c1c745c4a2de4e03b10edb4b9a53c.tar.gz |
hotfix for xz vulnerability
-rw-r--r-- | .SRCINFO | 8 | ||||
-rw-r--r-- | PKGBUILD | 12 |
2 files changed, 12 insertions, 8 deletions
@@ -1,7 +1,7 @@ pkgbase = pacman-static pkgdesc = Statically-compiled pacman (to fix or install systems without libc) pkgver = 6.1.0 - pkgrel = 1 + pkgrel = 2 url = https://www.archlinux.org/pacman/ arch = i486 arch = i686 @@ -37,8 +37,8 @@ pkgbase = pacman-static source = openssl-3.0.7-no-atomic.patch source = https://zlib.net/zlib-1.3.1.tar.gz source = https://zlib.net/zlib-1.3.1.tar.gz.asc - source = https://github.com/tukaani-project/xz/releases/download/v5.6.1/xz-5.6.1.tar.gz - source = https://github.com/tukaani-project/xz/releases/download/v5.6.1/xz-5.6.1.tar.gz.sig + source = https://src.fedoraproject.org/lookaside/extras/xz/xz-5.4.6.tar.gz/sha512/083f5e675d73f3233c7930ebe20425a533feedeaaa9d8cc86831312a6581cefbe6ed0d08d2fa89be81082f2a5abdabca8b3c080bf97218a1bd59dc118a30b9f3/xz-5.4.6.tar.gz + source = https://src.fedoraproject.org/lookaside/extras/xz/xz-5.4.6.tar.gz.sig/sha512/d5e32b944e7492a32c40f675d918796e077f63490a23c6fce5c4d6d1eebc443f129d27a2e888913c5a36c3ffdac75b9c96c1749402283445e0ba9ff72b965741/xz-5.4.6.tar.gz.sig source = https://sourceware.org/pub/bzip2/bzip2-1.0.8.tar.gz source = https://sourceware.org/pub/bzip2/bzip2-1.0.8.tar.gz.sig source = https://github.com/facebook/zstd/releases/download/v1.5.5/zstd-1.5.5.tar.zst @@ -94,7 +94,7 @@ pkgbase = pacman-static sha512sums = b5887ea77417fae49b6cb1e9fa782d3021f268d5219701d87a092235964f73fa72a31428b630445517f56f2bb69dcbbb24119ef9dbf8b4e40a753369a9f9a16f sha512sums = 580677aad97093829090d4b605ac81c50327e74a6c2de0b85dd2e8525553f3ddde17556ea46f8f007f89e435493c9a20bc997d1ef1c1c2c23274528e3c46b94f sha512sums = SKIP - sha512sums = 8af100eb83288f032e4813be2bf8de7d733c8761f77f078776c1391709241ad8fe3192d107664786e2543677915c5eeb3fe7add5c53b48b50c10a9de7c9f4fda + sha512sums = b08a61d8d478d3b4675cb1ddacdbbd98dc6941a55bcdd81a28679e54e9367d3a595fa123ac97874a17da571c1b712e2a3e901c2737099a9d268616a1ba3de497 sha512sums = SKIP sha512sums = 083f5e675d73f3233c7930ebe20425a533feedeaaa9d8cc86831312a6581cefbe6ed0d08d2fa89be81082f2a5abdabca8b3c080bf97218a1bd59dc118a30b9f3 sha512sums = SKIP @@ -9,14 +9,14 @@ _nghttp2_ver=1.60.0 _curlver=8.6.0 _sslver=3.2.1 _zlibver=1.3.1 -_xzver=5.6.1 +_xzver=5.4.6 _bzipver=1.0.8 _zstdver=1.5.5 _libarchive_ver=3.7.2 _gpgerrorver=1.48 _libassuanver=2.5.6 _gpgmever=1.23.2 -pkgrel=1 +pkgrel=2 pkgdesc="Statically-compiled pacman (to fix or install systems without libc)" arch=('i486' 'i686' 'pentium4' 'x86_64' 'arm' 'armv6h' 'armv7h' 'aarch64') url="https://www.archlinux.org/pacman/" @@ -62,7 +62,11 @@ validpgpkeys+=('8657ABB260F056B1E5190839D9C4D26D0E604491' # Matt Caswell <matt@ source+=("https://zlib.net/zlib-${_zlibver}.tar.gz"{,.asc}) validpgpkeys+=('5ED46A6721D365587791E2AA783FCD8E58BCAFBA') # Mark Adler <madler@alumni.caltech.edu> # xz -source+=("https://github.com/tukaani-project/xz/releases/download/v${_xzver}/xz-${_xzver}.tar.gz"{,.sig}) +#source+=("https://github.com/tukaani-project/xz/releases/download/v${_xzver}/xz-${_xzver}.tar.gz"{,.sig}) +source+=( +https://src.fedoraproject.org/lookaside/extras/xz/xz-5.4.6.tar.gz/sha512/083f5e675d73f3233c7930ebe20425a533feedeaaa9d8cc86831312a6581cefbe6ed0d08d2fa89be81082f2a5abdabca8b3c080bf97218a1bd59dc118a30b9f3/xz-5.4.6.tar.gz +https://src.fedoraproject.org/lookaside/extras/xz/xz-5.4.6.tar.gz.sig/sha512/d5e32b944e7492a32c40f675d918796e077f63490a23c6fce5c4d6d1eebc443f129d27a2e888913c5a36c3ffdac75b9c96c1749402283445e0ba9ff72b965741/xz-5.4.6.tar.gz.sig +) validpgpkeys+=('3690C240CE51B4670D30AD1C38EE757D69184620' # Lasse Collin <lasse.collin@tukaani.org> '22D465F2B4C173803B20C6DE59FCF207FEA7F445') # Jia Tan <jiat0218@gmail.com> # bzip2 @@ -106,7 +110,7 @@ sha512sums=('da5e78506e0505aac47def4b658a8cd6012be90c7ad7f7343da2edca2df5bd01909 'b5887ea77417fae49b6cb1e9fa782d3021f268d5219701d87a092235964f73fa72a31428b630445517f56f2bb69dcbbb24119ef9dbf8b4e40a753369a9f9a16f' '580677aad97093829090d4b605ac81c50327e74a6c2de0b85dd2e8525553f3ddde17556ea46f8f007f89e435493c9a20bc997d1ef1c1c2c23274528e3c46b94f' 'SKIP' - '8af100eb83288f032e4813be2bf8de7d733c8761f77f078776c1391709241ad8fe3192d107664786e2543677915c5eeb3fe7add5c53b48b50c10a9de7c9f4fda' + 'b08a61d8d478d3b4675cb1ddacdbbd98dc6941a55bcdd81a28679e54e9367d3a595fa123ac97874a17da571c1b712e2a3e901c2737099a9d268616a1ba3de497' 'SKIP' '083f5e675d73f3233c7930ebe20425a533feedeaaa9d8cc86831312a6581cefbe6ed0d08d2fa89be81082f2a5abdabca8b3c080bf97218a1bd59dc118a30b9f3' 'SKIP' |