Package Details: mingw-w64-xz 5.6.1-1

Git Clone URL: https://aur.archlinux.org/mingw-w64-xz.git (read-only, click to copy)
Package Base: mingw-w64-xz
Description: Library and command line tools for XZ and LZMA compressed files (mingw-w64)
Upstream URL: https://xz.tukaani.org/xz-utils/
Keywords: mingw-w64 xz
Licenses: GPL, custom, LGPL
Submitter: Schala
Maintainer: pingplug
Last Packager: pingplug
Votes: 13
Popularity: 0.000113
First Submitted: 2012-08-06 08:05 (UTC)
Last Updated: 2024-04-05 00:36 (UTC)

Latest Comments

1 2 Next › Last »

MonkeeSage commented on 2024-04-03 08:09 (UTC)

This package does not build because Github has suspended the upstream repository because this package has a backdoor.

This package should be updated to follow the main arch xz package and build from git checkout and remove Jia Tan's key.

See: https://archlinux.org/news/the-xz-package-has-been-backdoored/

https://gitlab.archlinux.org/archlinux/packaging/packages/xz/-/commits/main

Martchus commented on 2024-03-29 21:32 (UTC) (edited on 2024-03-29 21:32 (UTC) by Martchus)

When updating, please change the sources in accordance with https://gitlab.archlinux.org/archlinux/packaging/packages/xz/-/commit/881385757abdc39d3cfea1c3e34ec09f637424ad to avoid the recently disclosed security problem.

Martchus commented on 2024-02-08 15:54 (UTC)

Probably it makes most sense to change the source URL to be in-line with https://gitlab.archlinux.org/archlinux/packaging/packages/xz/-/blob/main/PKGBUILD?ref_type=heads.

patlefort commented on 2024-02-07 16:24 (UTC)

Signature also fails to be verified. Sources from github are fine, maybe he forgot to update it on his site?

patlefort commented on 2024-02-07 15:55 (UTC)

Source checksum does not pass.

syyyr commented on 2024-02-07 09:47 (UTC) (edited on 2024-02-07 09:50 (UTC) by syyyr)

It seems that new releases are now found on github. The current source gives 404.

diff --git a/PKGBUILD b/PKGBUILD
index 5573b38..63d8027 100644
--- a/PKGBUILD
+++ b/PKGBUILD
@@ -9,12 +9,12 @@ pkgver=5.4.6
 pkgrel=1
 pkgdesc="Library and command line tools for XZ and LZMA compressed files (mingw-w64)"
 arch=('any')
-url="https://tukaani.org/xz"
+url="https://github.com/tukaani-project/xz/releases/download"
 license=('custom' 'GPL' 'LGPL')
 depends=('mingw-w64-crt')
 makedepends=('mingw-w64-configure')
 options=('!strip' 'staticlibs' '!buildflags')
-source=("${url}/xz-${pkgver}.tar.gz"{,.sig})
+source=("${url}/v${pkgver}/xz-${pkgver}.tar.gz"{,.sig})
 sha256sums=('aeba3e03bf8140ddedf62a0a367158340520f6b384f75ca6045ccc6c0d43fd5c'
             'SKIP')
 validpgpkeys=('22D465F2B4C173803B20C6DE59FCF207FEA7F445') # Jia Tan <jiat0218@gmail.com>