From: Christian Weisgerber <naddy@mips.inka.de>
Subject: Re: archivers/xz: update to 5.6.1
To: Jesse Darrone <jrd321@gmail.com>
Cc: ports@openbsd.org
Date: Fri, 29 Mar 2024 21:33:42 +0100

Jesse Darrone:

> I hate to raise the alarm, but it looks like this should be scrutinized.
> 
> It sounds like a backdoor made it into the upstream repository:
> https://www.openwall.com/lists/oss-security/2024/03/29/4

Yes, I just learned.  I am investigating.

FWIW, I did look over the complete 5.4.5 -> 5.6.1 diff as part of
my regular update procedure, but didn't catch this in the 144028-line
diff.

-- 
Christian "naddy" Weisgerber                          naddy@mips.inka.de