-
Notifications
You must be signed in to change notification settings - Fork 53
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
app-arch/xz-utils: Sync with Gentoo (revert to known-good)
The 5.6 release contained a backdoor for SSH. The 5.6 release wasn't used in Flatcar and so far it seems that the backdoor wouldn't even be compiled for Gentoo. However, we so far don't know whether the other patches are malicious. Revert to 5.4.2 as last known-good release (like Gentoo did). Note that the Flatcar main branch had a copy of the 5.6 ebuild but was not using it. Flatcar Alpha was on 5.4.6-r1, so before the backdoor but the malicious contributor did other changes of unclear impact part of this release. Similarly, Beta is on 5.4.5 and Stable is on 5.4.3. These should get downgraded, too.
- Loading branch information
Showing
9 changed files
with
11 additions
and
514 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1 @@ | ||
| - Downgraded xz-utils to 5.4.2 as precaution even though Flatcar is not affected of the SSH backdoor ([CVE-2024-3094](https://nvd.nist.gov/vuln/detail/CVE-2024-3094)) |
8 changes: 2 additions & 6 deletions
8
sdk_container/src/third_party/portage-stable/app-arch/xz-utils/Manifest
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -1,8 +1,4 @@ | ||
| DIST xz-5.4.5.tar.gz 2884510 BLAKE2B 647c8227080a7f37e3321e778d7f52ccb9da3810f2be81b2d2b46001605b22cef6e724f9b3facfada26a12b24401c9a11449d6066443849b37b28e0eaa199315 SHA512 91f8f548c915de0ed79cee13ce0336b51c1cebf2eb142fa1efecfd07771c662c99cad3730540fcb712057ab274130e13b87960f6b4c62f0bd9477f27a303fb2b | ||
| DIST xz-5.4.5.tar.gz.sig 566 BLAKE2B c6ec64f92ecb30395e6d580be5d0aad1ee007585245ed42e7b05f1ea3a8cd8bf4317e8dc964c65417daa0a04e8f523c6ba8ae61a7f5b2ff3dc17dd53c7593ce2 SHA512 4f2c779d3c14bacd0451cfd68846201a48931128994c4119fcbf4f0dd7331710c32098039d38561de29327d543d67174fddbb6a83cb2fcfda9b3153cab092d4d | ||
| DIST xz-5.4.2.tar.gz 2799022 BLAKE2B 3c622b0823f0cbb5fbc5eaa0372fc2f0fefe0950d131417f831bce47b6d9747d145429f0649de106819331f9ae6a289c497182c7b6d1e211513308dd083a9b72 SHA512 149f980338bea3d66de1ff5994b2b236ae1773135eda68b62b009df0c9dcdf5467f8cb2c06da95a71b6556d60bd3d21f475feced34d5dfdb80ee95416a2f9737 | ||
| DIST xz-5.4.2.tar.gz.sig 566 BLAKE2B 95c9c70fdd25b92095dd9691e4d9d4306a3f982becfe7bd42ca6132a76f29be2c2bc66f4fc2bda547058c18e227292f4185799eb905084fc3ab415ae867b4b1b SHA512 30e965c228ed3a8ecb804db8eb11703a765b7ee934030ea69bb3940b630811eb71bf74fd20371ef7759761904ece4f0144a0b00be4d843cf98299fd016f161aa | ||
| DIST xz-5.4.6.tar.gz 2889306 BLAKE2B f0bbd33ea7cd64d475c3501f6e76080c8c0080e377f23462f5f76459935f4e621538ddaa8452d2feaed278d62a596e38ed2aca18ed9e76512c4ec77fa2f4cc5f SHA512 b08a61d8d478d3b4675cb1ddacdbbd98dc6941a55bcdd81a28679e54e9367d3a595fa123ac97874a17da571c1b712e2a3e901c2737099a9d268616a1ba3de497 | ||
| DIST xz-5.4.6.tar.gz.sig 566 BLAKE2B 808f1b5e2a17729f36a05ba88a9c00210cda2afa02923e6f289d13dc2a48f7674cafec6e25660e142d67f01dd941c7390cee2757b054df3a3193dde0791363a1 SHA512 d5e32b944e7492a32c40f675d918796e077f63490a23c6fce5c4d6d1eebc443f129d27a2e888913c5a36c3ffdac75b9c96c1749402283445e0ba9ff72b965741 | ||
| DIST xz-5.6.0.tar.gz 3036813 BLAKE2B 7b7ed5da5711fee6e53af1c72a6f4aff569d7cf986bca8cd3f3104cbb73342e81306295903a8660476d228344eb17d08e2a005230c06ac7e3d9e27bbaba0e075 SHA512 1ef3cd3607818314e55b28c20263a9088d4b6e5362a45fbd37c17e799e26b4a7579928b99925ffe71e7804b0db2f65936f66a825bac9b23b7b0664f902925de8 | ||
| DIST xz-5.6.0.tar.gz.sig 566 BLAKE2B 6c073c620b03751fcb40f47612acf96bee67f9dd5c38aa8ccd1f140cf3183ba009b60496fe319c14d9a32bd6cc6563f142d1716d9ae1e0554f77114dc9fc8f21 SHA512 2800c3f440b6b17b61c418e12945f136535cc5a59069be2ee0de37e312e9ad16a29338152990eeb22ebe6cc3513679bdc40336cfa089a279d3b3476ac9d13ed0 | ||
| DIST xz-5.6.1.tar.gz 3045434 BLAKE2B b3fc3140c9655e812a03800a5ed8ac709aaafaee2ce5d3a62defdd085e643fa639de44beb64833160f4eb12829ad25b96d9f50a8c3d56d79cd5bbef71b9009b2 SHA512 8af100eb83288f032e4813be2bf8de7d733c8761f77f078776c1391709241ad8fe3192d107664786e2543677915c5eeb3fe7add5c53b48b50c10a9de7c9f4fda | ||
| DIST xz-5.6.1.tar.gz.sig 566 BLAKE2B d515e60da078e6cb79a2c7a9daa3c8326487d7e8c0f1398d6059c53493232c3a3c21174dab5904833d0938a59fdb02f86aab05767d8cf02f8ee53981d3767fae SHA512 73f50ff5ce7f9d0a3bed1bc7d9e26de2217915517d2057f0c7102374eb20de1bb8b02a2f78680aae80b55913b2ede5141a118c51a2f565c6eba6ae8406474938 |
27 changes: 0 additions & 27 deletions
27
...rd_party/portage-stable/app-arch/xz-utils/files/xz-utils-5.6.0-ifunc-crc-workaround.patch
This file was deleted.
Oops, something went wrong.
43 changes: 0 additions & 43 deletions
43
...ortage-stable/app-arch/xz-utils/files/xz-utils-5.6.0-logging-verbosity-threads-auto.patch
This file was deleted.
Oops, something went wrong.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
146 changes: 0 additions & 146 deletions
146
sdk_container/src/third_party/portage-stable/app-arch/xz-utils/xz-utils-5.4.5.ebuild
This file was deleted.
Oops, something went wrong.
Oops, something went wrong.