Mailing List Archive | ports@openbsd.org

From:: Jesse Darrone <jrd321@gmail.com>
Subject:: Re: archivers/xz: update to 5.6.1
To:: Christian Weisgerber <naddy@mips.inka.de>
Cc:: ports@openbsd.org
Date:: Fri, 29 Mar 2024 16:49:44 -0400

Download raw body.

Thread

2024-03-29 20:06 Jesse Darrone:
archivers/xz: update to 5.6.1
- 2024-03-29 20:33 Christian Weisgerber:
  archivers/xz: update to 5.6.1
- - 2024-03-29 20:49 Jesse Darrone:
    archivers/xz: update to 5.6.1
  - 2024-03-29 21:55 Christian Weisgerber:
    archivers/xz: update to 5.6.1
  - - 2024-03-29 23:43 Christian Weisgerber:
      archivers/xz: update to 5.6.1

Thanks, Christian!

On Fri, Mar 29, 2024 at 4:35 PM Christian Weisgerber <naddy@mips.inka.de>
wrote:

> Jesse Darrone:
>
> > I hate to raise the alarm, but it looks like this should be scrutinized.
> >
> > It sounds like a backdoor made it into the upstream repository:
> > https://www.openwall.com/lists/oss-security/2024/03/29/4
>
> Yes, I just learned.  I am investigating.
>
> FWIW, I did look over the complete 5.4.5 -> 5.6.1 diff as part of
> my regular update procedure, but didn't catch this in the 144028-line
> diff.
>
> --
> Christian "naddy" Weisgerber                          naddy@mips.inka.de
>

2024-03-29 20:06 Jesse Darrone:
archivers/xz: update to 5.6.1
- 2024-03-29 20:33 Christian Weisgerber:
  archivers/xz: update to 5.6.1
- - 2024-03-29 20:49 Jesse Darrone:
    archivers/xz: update to 5.6.1
  - 2024-03-29 21:55 Christian Weisgerber:
    archivers/xz: update to 5.6.1
  - - 2024-03-29 23:43 Christian Weisgerber:
      archivers/xz: update to 5.6.1