@@ -1,10 +1,10 @@
# Locally calculated after checking pgp signature
-# https://github.com/tukaani-project/xz/releases/download/v5.6.4/xz-5.6.4.tar.bz2.sig
+# https://github.com/tukaani-project/xz/releases/download/v5.8.1/xz-5.8.1.tar.bz2.sig
# using key 3690C240CE51B4670D30AD1C38EE757D69184620 Lasse Collin <lasse.collin@tukaani.org>
-sha256 176d510c30d80a23b8050bbc048f2ecaacb823ae48b6821727ed6591f0df9200 xz-5.6.4.tar.bz2
+sha256 5965c692c4c8800cd4b33ce6d0f6ac9ac9d6ab227b17c512b6561bce4f08d47e xz-5.8.1.tar.bz2
# Hash for license files
-sha256 ee3b35b82f7bb0ba5fd9f13ca34ebbe757a59c05bfde5ab9d50ff4188ed33396 COPYING
+sha256 616a3ad264ce29b8f1cb97e53037b139d406899ca8d1f799651e17bfa09830b8 COPYING
sha256 0b01625d853911cd0e2e088dcfb743261034a091bb379246cb25a14cc4c74bf1 COPYING.0BSD
sha256 8177f97513213526df2cf6184d8ff986c675afb514d4e68a404010521b880643 COPYING.GPLv2
sha256 3972dc9744f6499f0f9b2dbf76696f2ae7ad8af9b23dde66d6af86c9dfb36986 COPYING.GPLv3
@@ -4,7 +4,7 @@
#
################################################################################
-XZ_VERSION = 5.6.4
+XZ_VERSION = 5.8.1
XZ_SOURCE = xz-$(XZ_VERSION).tar.bz2
XZ_SITE = https://github.com/tukaani-project/xz/releases/download/v$(XZ_VERSION)
XZ_INSTALL_STAGING = YES
This fixes the following CVE: CVE-2025-31115: Threaded .xz decoder frees memory too early Update hash of the COPYING file. (Notes about old releases was removed) Release notes: https://github.com/tukaani-project/xz/releases/tag/v5.8.1 https://github.com/tukaani-project/xz/releases/tag/v5.8.0 Signed-off-by: Kadambini Nema <kadambini.nema@gmail.com> --- package/xz/xz.hash | 6 +++--- package/xz/xz.mk | 2 +- 2 files changed, 4 insertions(+), 4 deletions(-)