joborun-pkg/jobcore
joborun-pkg/jobcore
Template
2
1
Fork 0
Code Issues Pull requests Projects Releases Activity

upg xz

Browse source
This commit is contained in:
joborun linux 2024-05-30 07:45:15 +03:00
parent d446222fe1
commit 20a689da52
4 changed files with 214 additions and 47 deletions
Download patch file Download diff file Expand all files Collapse all files

50
xz/PKGBUILD
View file

@ -1,23 +1,3 @@
# March 30th 2024 concerning xz 5.6.2-01 and 02 (briefly made available at sf)
# before the compromised xz code was announced.
#
# Due to the uncovered back door 3/29/24
# and according to Arch building from git was safer than from tar ball
#
#
# Both tar ball and git source at github is removed
# We have copies of both but we will not use either
# till this clears up.
#
# As far as we can research ONLY when sshd was run by systemd would this
# backdoor be effective, so we have nothing to worry about even if the
# code is in our copies of xz
#
# --------------------------------------------------------------------------
# The following build is perceived cleaned up from what has been discovered
# ad compromised April 2nd 2024
# -------------------------------------------------------------------------
#!/usr/bin/bash
# JOBoRun : Jwm OpenBox Obarun RUNit
# Maintainer : Joe Bo Run <joborun@disroot.org>
@ -26,13 +6,13 @@
#-----------------------------------------| DESCRIPTION |---------------------------------------
pkgname=xz
pkgver=5.6.1
pkgrel=03
pkgver=5.6.2
pkgrel=01
pkgdesc='Library and command line tools for XZ and LZMA compressed files'
url='https://xz.tukaani.org/xz-utils/'
depends=('sh')
makedepends=('git' 'po4a' 'doxygen' 'automake' 'autoconf')
makedepends=('git' 'po4a' 'doxygen' 'automake' 'autoconf' 'spdlog')
provides=('liblzma.so')
#options=('debug') ##### uncomment this to produce the debug pkg
@ -47,7 +27,6 @@ provides=('liblzma.so')
## "https://tukaani.org/${pkgname}/xzgrep-ZDI-CAN-16587.patch"{,.sig})
source=("git+https://git.tukaani.org/xz.git#tag=v${pkgver}")
prepare() {
cd ${pkgname}
# cd "${srcdir}/${pkgname}-${pkgver}"
@ -61,6 +40,7 @@ build() {
./configure \
--prefix=/usr \
--disable-rpath \
--enable-doxygen \
--enable-werror
make
}
@ -90,24 +70,8 @@ license=('GPL' 'LGPL' 'custom')
validpgpkeys=('3690C240CE51B4670D30AD1C38EE757D69184620') # Lasse Collin <lasse.collin@tukaani.org>
# The following checksums come from arch and from the clean git from Lasse Collin's tukaani.org server
# See arch PKGBUILD-arch for reference
#
sha256sums=('e10fa4254d5ff033c78dcbfd2866e79a762b8a719503a7c146758e590de945dc')
sha512sums=('8f4ee2e5c9b46d0917d8bdf8b172a70d02a6cf2d4d78a2e99ae942e32979b72b407809ffda2885af41e2c9d801c19eab5e4fd73888fbaf042346be957df406fc')
sha256sums=(a71fcf56faa1f7d9e9708ca8d6a97906b929307d6a98d220018852eef37853c8) # xz
sha512sums=('f369f126dd3d538ef27ecce62e8ae01a2c9056eeb22c6b21d9a1d5e456f35330bc7f2bb0df525ad4a4f95ba84c0196c7c79ad768359786d3a73f876aa043f164')
## 56e253f6c4eedb18672f60ab77b3f8fb685cc81cc441e8f2536e5250375b3ef8 xz-5.6.1-03-x86_64.pkg.tar.lz
## THIS WAS THE ATTACKER ###
### '22D465F2B4C173803B20C6DE59FCF207FEA7F445') # Jia Tan <jiat0218@gmail.com>
### REMOVE THIS FROM YOUR KEYRING: gpg --delete-keys 22D465F2B4C173803B20C6DE59FCF207FEA7F445
# tarball sums github infected and so where 5.6.0.tar.gz
#sha256sums=(2398f4a8e53345325f44bdd9f0cc7401bd9025d736c6d43b372f4dea77bf75b8 # xz-5.6.1.tar.gz
# 2a0745db95fee581cba776c3f68e75729d8bdc0f3db6e4453d6391894c100dac) # xz-5.6.1.tar.gz.sig
# git sums from github
#sha512sums=('8f4ee2e5c9b46d0917d8bdf8b172a70d02a6cf2d4d78a2e99ae942e32979b72b407809ffda2885af41e2c9d801c19eab5e4fd73888fbaf042346be957df406fc')
#sha256sums=(e10fa4254d5ff033c78dcbfd2866e79a762b8a719503a7c146758e590de945dc) # xz
# We keep the above as reference for possible investigation of the compromised source
##
## 47191d54f8e62c8431136e98cdef2f2b934a75073d684fcf95992855a3b69a38 xz-5.6.2-01-x86_64.pkg.tar.lz

9
xz/PKGBUILD-arch
View file

@ -2,8 +2,8 @@
# Contributor: François Charette <firmicus@gmx.net>
pkgname=xz
pkgver=5.6.1
pkgrel=3
pkgver=5.6.2
pkgrel=1
pkgdesc='Library and command line tools for XZ and LZMA compressed files'
arch=('x86_64')
url='https://xz.tukaani.org/xz-utils/'
@ -13,8 +13,8 @@ makedepends=('git' 'po4a' 'doxygen')
provides=('liblzma.so')
validpgpkeys=('3690C240CE51B4670D30AD1C38EE757D69184620') # Lasse Collin <lasse.collin@tukaani.org>
source=("git+https://git.tukaani.org/xz.git#tag=v${pkgver}")
sha256sums=('e10fa4254d5ff033c78dcbfd2866e79a762b8a719503a7c146758e590de945dc')
sha512sums=('8f4ee2e5c9b46d0917d8bdf8b172a70d02a6cf2d4d78a2e99ae942e32979b72b407809ffda2885af41e2c9d801c19eab5e4fd73888fbaf042346be957df406fc')
sha256sums=('a71fcf56faa1f7d9e9708ca8d6a97906b929307d6a98d220018852eef37853c8')
sha512sums=('f369f126dd3d538ef27ecce62e8ae01a2c9056eeb22c6b21d9a1d5e456f35330bc7f2bb0df525ad4a4f95ba84c0196c7c79ad768359786d3a73f876aa043f164')
prepare() {
cd ${pkgname}
@ -28,6 +28,7 @@ build() {
./configure \
--prefix=/usr \
--disable-rpath \
--enable-doxygen \
--enable-werror
make
}

201
xz/configure vendored
View file

@ -197,3 +197,204 @@ it to find libraries and programs with nonstandard names/locations.
Report bugs to <xz@tukaani.org>.
XZ Utils home page: <https://xz.tukaani.org/xz-utils/>.
'configure' configures XZ Utils 5.6.2 to adapt to many kinds of systems.
Usage: src/xz/configure [OPTION]... [VAR=VALUE]...
To assign environment variables (e.g., CC, CFLAGS...), specify them as
VAR=VALUE. See below for descriptions of some of the useful variables.
Defaults for the options are specified in brackets.
Configuration:
-h, --help display this help and exit
--help=short display options specific to this package
--help=recursive display the short help of all the included packages
-V, --version display version information and exit
-q, --quiet, --silent do not print 'checking ...' messages
--cache-file=FILE cache test results in FILE [disabled]
-C, --config-cache alias for '--cache-file=config.cache'
-n, --no-create do not create output files
--srcdir=DIR find the sources in DIR [configure dir or '..']
Installation directories:
--prefix=PREFIX install architecture-independent files in PREFIX
[/usr/local]
--exec-prefix=EPREFIX install architecture-dependent files in EPREFIX
[PREFIX]
By default, 'make install' will install all the files in
'/usr/local/bin', '/usr/local/lib' etc. You can specify
an installation prefix other than '/usr/local' using '--prefix',
for instance '--prefix=$HOME'.
For better control, use the options below.
Fine tuning of the installation directories:
--bindir=DIR user executables [EPREFIX/bin]
--sbindir=DIR system admin executables [EPREFIX/sbin]
--libexecdir=DIR program executables [EPREFIX/libexec]
--sysconfdir=DIR read-only single-machine data [PREFIX/etc]
--sharedstatedir=DIR modifiable architecture-independent data [PREFIX/com]
--localstatedir=DIR modifiable single-machine data [PREFIX/var]
--runstatedir=DIR modifiable per-process data [LOCALSTATEDIR/run]
--libdir=DIR object code libraries [EPREFIX/lib]
--includedir=DIR C header files [PREFIX/include]
--oldincludedir=DIR C header files for non-gcc [/usr/include]
--datarootdir=DIR read-only arch.-independent data root [PREFIX/share]
--datadir=DIR read-only architecture-independent data [DATAROOTDIR]
--infodir=DIR info documentation [DATAROOTDIR/info]
--localedir=DIR locale-dependent data [DATAROOTDIR/locale]
--mandir=DIR man documentation [DATAROOTDIR/man]
--docdir=DIR documentation root [DATAROOTDIR/doc/xz]
--htmldir=DIR html documentation [DOCDIR]
--dvidir=DIR dvi documentation [DOCDIR]
--pdfdir=DIR pdf documentation [DOCDIR]
--psdir=DIR ps documentation [DOCDIR]
Program names:
--program-prefix=PREFIX prepend PREFIX to installed program names
--program-suffix=SUFFIX append SUFFIX to installed program names
--program-transform-name=PROGRAM run sed PROGRAM on installed program names
System types:
--build=BUILD configure for building on BUILD [guessed]
--host=HOST cross-compile to build programs to run on HOST [BUILD]
Optional Features:
--disable-option-checking ignore unrecognized --enable/--with options
--disable-FEATURE do not include FEATURE (same as --enable-FEATURE=no)
--enable-FEATURE[=ARG] include FEATURE [ARG=yes]
--enable-debug Enable debugging code.
--enable-encoders=LIST Comma-separated list of encoders to build.
Default=all. Available encoders: lzma1 lzma2 delta
x86 powerpc ia64 arm armthumb arm64 sparc riscv
--enable-decoders=LIST Comma-separated list of decoders to build.
Default=all. Available decoders are the same as
available encoders.
--enable-match-finders=LIST
Comma-separated list of match finders to build.
Default=all. At least one match finder is required
for encoding with the LZMA1 and LZMA2 filters.
Available match finders: hc3 hc4 bt2 bt3 bt4
--enable-checks=LIST Comma-separated list of integrity checks to build.
Default=all. Available integrity checks: crc32 crc64
sha256
--enable-external-sha256
Use SHA-256 code from the operating system. See
INSTALL for possible subtle problems.
--disable-microlzma Do not build MicroLZMA encoder and decoder. It is
needed by specific applications only, for example,
erofs-utils.
--disable-lzip-decoder Disable decompression support for .lz (lzip) files.
--disable-assembler Do not use assembler optimizations even if such
exist for the architecture.
--disable-clmul-crc Do not use carryless multiplication for CRC
calculation even if support for it is detected.
--disable-arm64-crc32 Do not use ARM64 CRC32 instructions even if support
for it is detected.
--enable-small Make liblzma smaller and a little slower. This is
disabled by default to optimize for speed.
--enable-threads=METHOD Supported METHODS are 'yes', 'no', 'posix', 'win95',
and 'vista'. The default is 'yes'. Using 'no'
together with --enable-small makes liblzma thread
unsafe.
--enable-assume-ram=SIZE
If and only if the real amount of RAM cannot be
determined, assume SIZE MiB. The default is 128 MiB.
This affects the default memory usage limit.
--disable-xz do not build the xz tool
--disable-xzdec do not build xzdec
--disable-lzmadec do not build lzmadec (it exists primarily for LZMA
Utils compatibility)
--disable-lzmainfo do not build lzmainfo (it exists primarily for LZMA
Utils compatibility)
--disable-lzma-links do not create symlinks for LZMA Utils compatibility
--disable-scripts do not install the scripts xzdiff, xzgrep, xzless,
xzmore, and their symlinks
--disable-doc do not install documentation files to docdir (man
pages are still installed and, if --enable-doxygen
is used, liblzma API documentation is installed too)
--enable-doxygen generate HTML version of the liblzma API
documentation using Doxygen and install the result
to docdir
--enable-sandbox=METHOD Sandboxing METHOD can be 'auto', 'no', 'capsicum',
'pledge', or 'landlock'. The default is 'auto' which
enables sandboxing if a supported sandboxing method
is found.
--enable-path-for-scripts=PREFIX
If PREFIX isn't empty, PATH=PREFIX:$PATH will be set
in the beginning of the scripts (xzgrep and others).
The default is empty except on Solaris the default
is /usr/xpg4/bin.
--enable-silent-rules less verbose build output (undo: "make V=1")
--disable-silent-rules verbose build output (undo: "make V=0")
--enable-dependency-tracking
do not reject slow dependency extractors
--disable-dependency-tracking
speeds up one-time build
--enable-shared[=PKGS] build shared libraries [default=yes]
--enable-static[=PKGS] build static libraries [default=yes]
--enable-fast-install[=PKGS]
optimize for fast installation [default=yes]
--disable-libtool-lock avoid locking (might break parallel builds)
--enable-symbol-versions
Use symbol versioning for liblzma. Enabled by
default on GNU/Linux, other GNU-based systems, and
FreeBSD.
--disable-nls do not use Native Language Support
--disable-rpath do not hardcode runtime library paths
--disable-largefile omit support for large files
--enable-unaligned-access
Enable if the system supports *fast* unaligned
memory access with 16-bit, 32-bit, and 64-bit
integers. By default, this is enabled on x86,
x86-64, 32/64-bit big endian PowerPC, 64-bit little
endian PowerPC, and some ARM, ARM64, and RISC-V
systems.
--enable-unsafe-type-punning
This introduces strict aliasing violations and may
result in broken code. However, this might improve
performance in some cases, especially with old
compilers (e.g. GCC 3 and early 4.x on x86, GCC < 6
on ARMv6 and ARMv7).
--enable-werror Enable -Werror to abort compilation on all compiler
warnings.
--enable-year2038 support timestamps after 2038
Optional Packages:
--with-PACKAGE[=ARG] use PACKAGE [ARG=yes]
--without-PACKAGE do not use PACKAGE (same as --with-PACKAGE=no)
--with-pic[=PKGS] try to use only PIC/non-PIC objects [default=use
both]
--with-aix-soname=aix|svr4|both
shared library versioning (aka "SONAME") variant to
provide on AIX, [default=aix].
--with-gnu-ld assume the C compiler uses GNU ld [default=no]
--with-sysroot[=DIR] Search for dependent libraries within DIR (or the
compiler's sysroot if not specified).
--with-gnu-ld assume the C compiler uses GNU ld [default=no]
--with-libiconv-prefix[=DIR] search for libiconv in DIR/include and DIR/lib
--without-libiconv-prefix don't search for libiconv in includedir and libdir
--with-libintl-prefix[=DIR] search for libintl in DIR/include and DIR/lib
--without-libintl-prefix don't search for libintl in includedir and libdir
Some influential environment variables:
CC C compiler command
CFLAGS C compiler flags
LDFLAGS linker flags, e.g. -L<lib dir> if you have libraries in a
nonstandard directory <lib dir>
LIBS libraries to pass to the linker, e.g. -l<library>
CPPFLAGS (Objective) C/C++ preprocessor flags, e.g. -I<include dir> if
you have headers in a nonstandard directory <include dir>
CCAS assembler compiler command (defaults to CC)
CCASFLAGS assembler compiler flags (defaults to CFLAGS)
CPP C preprocessor
LT_SYS_LIBRARY_PATH
User-defined run-time library search path.
Use these variables to override the choices made by 'configure' or to help
it to find libraries and programs with nonstandard names/locations.
Report bugs to <xz@tukaani.org>.
XZ Utils home page: <https://tukaani.org/xz/>.

1
xz/deps
View file

@ -3,5 +3,6 @@ po4a
doxygen
autoconf
automake
spdlog