{"id":2219282,"url":"http://patchwork.ozlabs.org/api/patches/2219282/?format=json","web_url":"http://patchwork.ozlabs.org/project/buildroot/patch/20260402180534.2780167-1-bernd@kuhls.net/","project":{"id":27,"url":"http://patchwork.ozlabs.org/api/projects/27/?format=json","name":"Buildroot development","link_name":"buildroot","list_id":"buildroot.buildroot.org","list_email":"buildroot@buildroot.org","web_url":"","scm_url":"","webscm_url":"","list_archive_url":"","list_archive_url_format":"","commit_url_format":""},"msgid":"<20260402180534.2780167-1-bernd@kuhls.net>","list_archive_url":null,"date":"2026-04-02T18:05:34","name":"[1/1] package/xz: security bump version to 5.8.3","commit_ref":null,"pull_url":null,"state":"accepted","archived":false,"hash":"726d1500e090f03be855e617bd4628f46c170911","submitter":{"id":86624,"url":"http://patchwork.ozlabs.org/api/people/86624/?format=json","name":"Bernd Kuhls","email":"bernd@kuhls.net"},"delegate":{"id":89618,"url":"http://patchwork.ozlabs.org/api/users/89618/?format=json","username":"juju","first_name":"Julien","last_name":"Olivain","email":"juju@cotds.org"},"mbox":"http://patchwork.ozlabs.org/project/buildroot/patch/20260402180534.2780167-1-bernd@kuhls.net/mbox/","series":[{"id":498534,"url":"http://patchwork.ozlabs.org/api/series/498534/?format=json","web_url":"http://patchwork.ozlabs.org/project/buildroot/list/?series=498534","date":"2026-04-02T18:05:34","name":"[1/1] package/xz: security bump version to 5.8.3","version":1,"mbox":"http://patchwork.ozlabs.org/series/498534/mbox/"}],"comments":"http://patchwork.ozlabs.org/api/patches/2219282/comments/","check":"pending","checks":"http://patchwork.ozlabs.org/api/patches/2219282/checks/","tags":{},"related":[],"headers":{"Return-Path":"<buildroot-bounces@buildroot.org>","X-Original-To":["incoming-buildroot@patchwork.ozlabs.org","buildroot@buildroot.org"],"Delivered-To":["patchwork-incoming-buildroot@legolas.ozlabs.org","buildroot@buildroot.org"],"Authentication-Results":["legolas.ozlabs.org;\n\tdkim=pass (2048-bit key;\n unprotected) header.d=buildroot.org header.i=@buildroot.org\n header.a=rsa-sha256 header.s=default header.b=CzJsXKeo;\n\tdkim-atps=neutral","legolas.ozlabs.org;\n spf=pass (sender SPF authorized) smtp.mailfrom=buildroot.org\n (client-ip=140.211.166.138; helo=smtp1.osuosl.org;\n envelope-from=buildroot-bounces@buildroot.org; receiver=patchwork.ozlabs.org)"],"Received":["from smtp1.osuosl.org (smtp1.osuosl.org [140.211.166.138])\n\t(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)\n\t key-exchange x25519 server-signature ECDSA (secp384r1) server-digest SHA384)\n\t(No client certificate requested)\n\tby legolas.ozlabs.org (Postfix) with ESMTPS id 4fmqXQ5pPdz1xtJ\n\tfor <incoming-buildroot@patchwork.ozlabs.org>;\n Fri, 03 Apr 2026 05:05:42 +1100 (AEDT)","from localhost (localhost [127.0.0.1])\n\tby smtp1.osuosl.org (Postfix) with ESMTP id D151280C8F;\n\tThu,  2 Apr 2026 18:05:40 +0000 (UTC)","from smtp1.osuosl.org ([127.0.0.1])\n by localhost (smtp1.osuosl.org [127.0.0.1]) (amavis, port 10024) with ESMTP\n id bGokYjmnPW0s; Thu,  2 Apr 2026 18:05:39 +0000 (UTC)","from lists1.osuosl.org (lists1.osuosl.org [140.211.166.142])\n\tby smtp1.osuosl.org (Postfix) with ESMTP id 4F11180C69;\n\tThu,  2 Apr 2026 18:05:39 +0000 (UTC)","from smtp4.osuosl.org (smtp4.osuosl.org [IPv6:2605:bc80:3010::137])\n by lists1.osuosl.org (Postfix) with ESMTP id DB1B82CC\n for <buildroot@buildroot.org>; Thu,  2 Apr 2026 18:05:37 +0000 (UTC)","from localhost (localhost [127.0.0.1])\n by smtp4.osuosl.org (Postfix) with ESMTP id D8E8A40FC2\n for <buildroot@buildroot.org>; Thu,  2 Apr 2026 18:05:37 +0000 (UTC)","from smtp4.osuosl.org ([127.0.0.1])\n by localhost (smtp4.osuosl.org [127.0.0.1]) (amavis, port 10024) with ESMTP\n id wnai7bu5DFjX for <buildroot@buildroot.org>;\n Thu,  2 Apr 2026 18:05:37 +0000 (UTC)","from dd20012.kasserver.com (dd20012.kasserver.com [85.13.140.57])\n by smtp4.osuosl.org (Postfix) with ESMTPS id D22B040E8F\n for <buildroot@buildroot.org>; Thu,  2 Apr 2026 18:05:36 +0000 (UTC)","from fli4l.lan.fli4l (p5b3a08f0.dip0.t-ipconnect.de [91.58.8.240])\n by dd20012.kasserver.com (Postfix) with ESMTPSA id 12537A4C3596\n for <buildroot@buildroot.org>; Thu,  2 Apr 2026 20:05:35 +0200 (CEST)","from bruckner.lan.fli4l ([192.168.1.1]:52120)\n by fli4l.lan.fli4l with esmtp (Exim 4.99.1)\n (envelope-from <bernd@kuhls.net>) id 1w8MQA-000000000Lm-2D7T\n for buildroot@buildroot.org; Thu, 02 Apr 2026 18:05:34 +0000"],"X-Virus-Scanned":["amavis at osuosl.org","amavis at osuosl.org"],"X-Comment":"SPF check N/A for local connections - client-ip=140.211.166.142;\n helo=lists1.osuosl.org; envelope-from=buildroot-bounces@buildroot.org;\n receiver=<UNKNOWN> ","DKIM-Filter":["OpenDKIM Filter v2.11.0 smtp1.osuosl.org 4F11180C69","OpenDKIM Filter v2.11.0 smtp4.osuosl.org D22B040E8F"],"DKIM-Signature":"v=1; a=rsa-sha256; c=relaxed/relaxed; d=buildroot.org;\n\ts=default; t=1775153139;\n\tbh=qK2SkrphKGo+GY9n0Er/sOq6fD9vj7dOWJsqmRNxPoY=;\n\th=From:To:Date:Subject:List-Id:List-Unsubscribe:List-Archive:\n\t List-Post:List-Help:List-Subscribe:From;\n\tb=CzJsXKeof8ksLs+6Vk5VUCUxgAZQJK0GW2Wqqw/S5TnEoHZicGaBOhvdod3khtEEw\n\t d5SVJQ6bqbu0DCzA5fSI6kIyh12Ux66j4GIydhN+kTiEwtiXwozYm07if0XQ/9pXsn\n\t 9+vL9vOuLFmI0nzHbhLF3W2Jefd3lnsobaOlRA+MUMDWfFMZvBaZQv9+1zJ6okM3RO\n\t c9dj4PHriNaWpSjdfmQSsyQKT7NUkaqxDnRq1YLeEQN/y9Eop7U0E3WFhtiCFoy5vm\n\t P+GJwol0jR5lZjrzQLJQ4FbQY7Bh5wElixbuleSU4yxeMX0wBxUEYqDTWBQ9IYjup2\n\t YAa5XkR6USyeg==","Received-SPF":"Pass (mailfrom) identity=mailfrom; client-ip=85.13.140.57;\n helo=dd20012.kasserver.com; envelope-from=bernd@kuhls.net;\n receiver=<UNKNOWN>","DMARC-Filter":"OpenDMARC Filter v1.4.2 smtp4.osuosl.org D22B040E8F","From":"Bernd Kuhls <bernd@kuhls.net>","To":"buildroot@buildroot.org","Date":"Thu,  2 Apr 2026 20:05:34 +0200","Message-ID":"<20260402180534.2780167-1-bernd@kuhls.net>","X-Mailer":"git-send-email 2.47.3","MIME-Version":"1.0","X-Spamd-Bar":"+","X-Mailman-Original-DKIM-Signature":"v=1; a=rsa-sha256; c=relaxed/relaxed;\n d=kuhls.net;\n s=kas202511301023; t=1775153135;\n bh=0rX3Vg2F56FQXFgRrXG1gihTdCktcCqJZXiIEwLpWNc=;\n h=From:To:Subject:Date:From;\n b=Qj02Gy7RxY5ChM+9BqJac+JbLoBVrUyuVmsq9pFXHSGA784cBAUsHXu/hV97B8ttH\n qfA/JKdHJdf1b03BSSUY47M0dYqDnJxn9dxD1n/A33tRo3iF9RfCpft5w/6CXy6kP6\n bsCBuE4d8TaTiWoweiUT7VbYxbTXD/vtcQ+rCG5Q4zRYrstbA6F+t19YjhvoSWr+gb\n H0xIo84VCjOVk12lUQcii0tyW0A/oXeRiG3FOqsyoUP2SoP2FBIH40AdUyfSse0ZaI\n KCrigdtCvtlJBgnR7kma1jVdvAwnVvfECHs5/60ZBQ1/u2fcELoZQfnxUbqwG+IW/8\n JdyF5SzdDLmQg==","X-Mailman-Original-Authentication-Results":["smtp4.osuosl.org;\n dmarc=pass (p=none dis=none)\n header.from=kuhls.net","smtp4.osuosl.org;\n dkim=pass (2048-bit key) header.d=kuhls.net header.i=@kuhls.net\n header.a=rsa-sha256 header.s=kas202511301023 header.b=Qj02Gy7R"],"Subject":"[Buildroot] [PATCH 1/1] package/xz: security bump version to 5.8.3","X-BeenThere":"buildroot@buildroot.org","X-Mailman-Version":"2.1.30","Precedence":"list","List-Id":"Discussion and development of buildroot <buildroot.buildroot.org>","List-Unsubscribe":"<https://lists.buildroot.org/mailman/options/buildroot>,\n <mailto:buildroot-request@buildroot.org?subject=unsubscribe>","List-Archive":"<http://lists.buildroot.org/pipermail/buildroot/>","List-Post":"<mailto:buildroot@buildroot.org>","List-Help":"<mailto:buildroot-request@buildroot.org?subject=help>","List-Subscribe":"<https://lists.buildroot.org/mailman/listinfo/buildroot>,\n <mailto:buildroot-request@buildroot.org?subject=subscribe>","Content-Type":"text/plain; charset=\"us-ascii\"","Content-Transfer-Encoding":"7bit","Errors-To":"buildroot-bounces@buildroot.org","Sender":"\"buildroot\" <buildroot-bounces@buildroot.org>"},"content":"https://github.com/tukaani-project/xz/releases/tag/v5.8.3\n\nFixes CVE-2026-34743.\n\nSwitched to sha256 tarball provided by upstream.\n\nSigned-off-by: Bernd Kuhls <bernd@kuhls.net>\n---\n package/xz/xz.hash | 6 ++----\n package/xz/xz.mk   | 2 +-\n 2 files changed, 3 insertions(+), 5 deletions(-)","diff":"diff --git a/package/xz/xz.hash b/package/xz/xz.hash\nindex 99daa5e9df..488a3d55dc 100644\n--- a/package/xz/xz.hash\n+++ b/package/xz/xz.hash\n@@ -1,7 +1,5 @@\n-# Locally calculated after checking pgp signature\n-# https://github.com/tukaani-project/xz/releases/download/v5.8.2/xz-5.8.2.tar.bz2.sig\n-# using key 3690C240CE51B4670D30AD1C38EE757D69184620 Lasse Collin <lasse.collin@tukaani.org>\n-sha256  60345d7c0b9c8d7ffa469e96898c300def3669f5047fc76219b819340839f3d8  xz-5.8.2.tar.bz2\n+# From https://github.com/tukaani-project/xz/releases/tag/v5.8.3\n+sha256  33bf69c0d6c698e83a68f77e6c1f465778e418ca0b3d59860d3ab446f4ac99a6  xz-5.8.3.tar.bz2\n \n # Hash for license files\n sha256  616a3ad264ce29b8f1cb97e53037b139d406899ca8d1f799651e17bfa09830b8  COPYING\ndiff --git a/package/xz/xz.mk b/package/xz/xz.mk\nindex 8aa0716b18..91eedd7a83 100644\n--- a/package/xz/xz.mk\n+++ b/package/xz/xz.mk\n@@ -4,7 +4,7 @@\n #\n ################################################################################\n \n-XZ_VERSION = 5.8.2\n+XZ_VERSION = 5.8.3\n XZ_SOURCE = xz-$(XZ_VERSION).tar.bz2\n XZ_SITE = https://github.com/tukaani-project/xz/releases/download/v$(XZ_VERSION)\n XZ_INSTALL_STAGING = YES\n","prefixes":["1/1"]}