[PR PATCH] xz: reverts addition of `xz` for CVE-2024-3094

[PR PATCH] xz: reverts addition of `xz` for CVE-2024-3094

[akierig]

[-- Attachment #1: Type: text/plain, Size: 567 bytes --]

There is a new pull request by akierig against master on the void-packages repository

https://github.com/akierig/void-packages n-revert-xz
https://github.com/void-linux/void-packages/pull/49594

xz: reverts addition of `xz` for CVE-2024-3094
cf. https://www.openwall.com/lists/oss-security/2024/03/29/4

#### Testing the changes
- I tested the changes in this PR: **YES**


#### Local build testing
- I built this PR locally for my native architecture, x86_64-glibc


A patch file from https://github.com/void-linux/void-packages/pull/49594.patch is attached

[-- Warning: decoded text below may be mangled, UTF-8 assumed --]
[-- Attachment #2: github-pr-n-revert-xz-49594.patch --]
[-- Type: text/x-diff, Size: 778 bytes --]

From 422c78150f4327a784d9cec1296a37d4845ece46 Mon Sep 17 00:00:00 2001
From: anelki <akierig@fastmail.de>
Date: Fri, 29 Mar 2024 13:43:58 -0500
Subject: [PATCH] xz: reverts addition of `xz` for CVE-2024-3094

cf. https://www.openwall.com/lists/oss-security/2024/03/29/4
---
 srcpkgs/n/template | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/srcpkgs/n/template b/srcpkgs/n/template
index 4897850676cf99..e54f1dd5d9488d 100644
--- a/srcpkgs/n/template
+++ b/srcpkgs/n/template
@@ -1,9 +1,9 @@
 # Template file for 'n'
 pkgname=n
 version=9.2.1
-revision=1
+revision=2
 build_style=gnu-makefile
-depends="curl tar xz"
+depends="curl tar"
 short_desc="Simple command line NodeJS version management"
 maintainer="anelki <akierig@fastmail.de>"
 license="MIT"

Re: xz: reverts addition of `xz` for CVE-2024-3094

[classabbyamp]

[-- Attachment #1: Type: text/plain, Size: 247 bytes --]

New comment by classabbyamp on void-packages repository

https://github.com/void-linux/void-packages/pull/49594#issuecomment-2027604548

Comment:
i think you mean `n: ...`, but void's xz has been reverted and appears to not be affected by the CVE

Re: [PR PATCH] [Updated] xz: reverts addition of `xz` for CVE-2024-3094

[akierig]

[-- Attachment #1: Type: text/plain, Size: 572 bytes --]

There is an updated pull request by akierig against master on the void-packages repository

https://github.com/akierig/void-packages n-revert-xz
https://github.com/void-linux/void-packages/pull/49594

xz: reverts addition of `xz` for CVE-2024-3094
cf. https://www.openwall.com/lists/oss-security/2024/03/29/4

#### Testing the changes
- I tested the changes in this PR: **YES**


#### Local build testing
- I built this PR locally for my native architecture, x86_64-glibc


A patch file from https://github.com/void-linux/void-packages/pull/49594.patch is attached

[-- Warning: decoded text below may be mangled, UTF-8 assumed --]
[-- Attachment #2: github-pr-n-revert-xz-49594.patch --]
[-- Type: text/x-diff, Size: 777 bytes --]

From fa8689aa4e94e434ff1cde2a284bc7df38f44d56 Mon Sep 17 00:00:00 2001
From: anelki <akierig@fastmail.de>
Date: Fri, 29 Mar 2024 13:43:58 -0500
Subject: [PATCH] n: reverts addition of `xz` for CVE-2024-3094

cf. https://www.openwall.com/lists/oss-security/2024/03/29/4
---
 srcpkgs/n/template | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/srcpkgs/n/template b/srcpkgs/n/template
index 4897850676cf99..e54f1dd5d9488d 100644
--- a/srcpkgs/n/template
+++ b/srcpkgs/n/template
@@ -1,9 +1,9 @@
 # Template file for 'n'
 pkgname=n
 version=9.2.1
-revision=1
+revision=2
 build_style=gnu-makefile
-depends="curl tar xz"
+depends="curl tar"
 short_desc="Simple command line NodeJS version management"
 maintainer="anelki <akierig@fastmail.de>"
 license="MIT"

Re: xz: reverts addition of `xz` for CVE-2024-3094

[akierig]

[-- Attachment #1: Type: text/plain, Size: 249 bytes --]

New comment by akierig on void-packages repository

https://github.com/void-linux/void-packages/pull/49594#issuecomment-2027605652

Comment:
why is there no facepalm emoji good lord. Sorry, this is what I get for trying to do this during a meeting.

Re: [PR PATCH] [Closed]: n: reverts addition of `xz`

[sgn]

[-- Attachment #1: Type: text/plain, Size: 394 bytes --]

There's a closed pull request on the void-packages repository

n: reverts addition of `xz` 
https://github.com/void-linux/void-packages/pull/49594

Description:
cf. https://www.openwall.com/lists/oss-security/2024/03/29/4

#### Testing the changes
- I tested the changes in this PR: **YES**


#### Local build testing
- I built this PR locally for my native architecture, x86_64-glibc