From 6b41fb7ed107d78408614298d5d33a4286fa8beb Mon Sep 17 00:00:00 2001 From: Silvan Calarco Date: Sun, 31 Mar 2024 01:51:37 +0100 Subject: [PATCH] switch to clean source as required from CVE-2024-3094 [release 5.6.1-2mamba;Sun Mar 31 2024] --- xz.spec | 12 ++++++++---- 1 file changed, 8 insertions(+), 4 deletions(-) diff --git a/xz.spec b/xz.spec index ce06bfa..c313dc3 100644 --- a/xz.spec +++ b/xz.spec @@ -1,13 +1,13 @@ Name: xz Version: 5.6.1 -Release: 1mamba +Release: 2mamba Summary: Utilities for the .xz and .lzma formats Group: Applications/Archiving Vendor: openmamba Distribution: openmamba Packager: Silvan Calarco -URL: https://xz.tukaani.org/xz-utils/ -Source: https://github.com/tukaani-project/xz/releases/download/v%{version}/xz-%{version}.tar.xz +URL: https://tukaani.org/xz-backdoor/ +Source: https://git.tukaani.org/xz.git/v%{version}/xz-%{version}.tar.bz2 License: GPL ## AUTOBUILDREQ-BEGIN BuildRequires: glibc-devel @@ -60,12 +60,13 @@ Features: * Very similar command line interface than what gzip and bzip2 have. * The patch for GNU tar integrates LZMA compression with the tar command in the same way as with gzip and bzip2. * Free software licensed under the GNU GPL (actually most parts are under the GNU LGPL). -This package contains static libraries and header files need for development. +This package contains static libraries and header files needed for development. %debug_package %prep %setup -q +./autogen.sh %build %configure @@ -111,6 +112,9 @@ This package contains static libraries and header files need for development. %doc ChangeLog README THANKS %changelog +* Sun Mar 31 2024 Silvan Calarco 5.6.1-2mamba +- switch to clean source as required from CVE-2024-3094 + * Sun Mar 10 2024 Automatic Build System 5.6.1-1mamba - automatic version update by autodist