Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[liblzma] update to 5.6.0 #37197

Closed
Neustradamus opened this issue Mar 6, 2024 · 7 comments · Fixed by #37199
Closed

[liblzma] update to 5.6.0 #37197

Neustradamus opened this issue Mar 6, 2024 · 7 comments · Fixed by #37199
Assignees
@FrankXie05
Labels
category:port-update The issue is with a library, which is requesting update new revision

Comments

@Neustradamus
Copy link

Neustradamus commented Mar 6, 2024
edited
Loading

Library name

liblzma

New version number

5.6.0

Other information that may be useful (release notes, etc...)

Can you update the current liblzma?

Note: There is a 5.4.5 too.

Thanks in advance.
@Neustradamus Neustradamus added the category:port-update The issue is with a library, which is requesting update new revision label Mar 6, 2024
@Neustradamus Neustradamus mentioned this issue Mar 6, 2024
Merged
7 tasks
@carsten-grimm carsten-grimm mentioned this issue Mar 6, 2024
Merged
7 tasks
JavierMatosD pushed a commit that referenced this issue Mar 11, 2024
@carsten-grimm
[liblzma] update to version 5.6.0 (#37199)
0ddcda3 
Fixes #37197.

- [x] Changes comply with the [maintainer
guide](https://github.com/microsoft/vcpkg-docs/blob/main/vcpkg/contributing/maintainer-guide.md).
- [x] SHA512s are updated for each updated download.
- [x] The "supports" clause reflects platforms that may be fixed by this
new version.
- [x] Any fixed [CI
baseline](https://github.com/microsoft/vcpkg/blob/master/scripts/ci.baseline.txt)
entries are removed from that file.
- [x] Any patches that are no longer applied are deleted from the port's
directory.
- [x] The version database is fixed by rerunning `./vcpkg x-add-version
--all` and committing the result.
- [x] Only one version is added to each modified port's versions file.

The update to version 5.6.0, includes the following changes
* the patches were adapted for changes in the new version (I cannot
check if the patch for iOS support was adapted correctly)
* the new tools `lzmadec` and `lzmainfo` are handled in the same manner
as the existing tools `xz` and `xzdec`
* ~nls was disabled to sidestep an issue with installing the man pages~
* ~a new feature `nls` was added to enable native language support. This
was necessary to handle a new optional dependency on `gettext` so that
the existing `tools` feature continues to work.~
* nls support was not added, yet. See discussion below for details.

I have successfully built 
* `liblzma:x86-windows`,
* `liblzma:x64-windows`,
* `liblzma:x64-linux`, 
* `liblzma[tools]:x64-linux`,

Note that `tools`  is not supported on `windows`.

Requested by @Neustradamus

EDIT 1: added nls feature
EDIT 2: removed nls feature again
@Sjneugent
Copy link

hey guys.. might wanna check this dude out with the with the whole xz lib fiasco.

@Neustradamus
Copy link
Author

Warning, some people attack me because I have requested the XZ update.
I am not linked to the XZ project.

@Aerocatia
Copy link

You have unknowingly implicated yourself simply by following the bad actor on here, who is heavily suspected of using sock puppet accounts to push for xz updates everywhere to more widely spread the infected release. Your account is old so I doubt this is the case, however people are wary. No personal attacks are intended.

@stux2000
Copy link

hey guys.. might wanna check this dude out with the with the whole xz lib fiasco.

Perhaps raising an issue would be the best course of action?

@Neustradamus
Copy link
Author

Neustradamus commented Mar 30, 2024
edited
Loading

@Aerocatia: Thanks for your message.

The official XZ team announcement is here:

Important to know: There is no problem with contributors here like @carsten-grimm.

But several people mix all because I have requested the XZ update in vcpkg.
I have received a lot of bad messages (private and public).
I have no link with XZ project, I follow only the project and do announcement or/and update requests.
I have requested 5.4.5 and 5.6.0 because there was only 5.4.4 in vcpkg.

@gowthamgts has participated on HN against me badly and I have commented on two places where he has commented (on my SCRAM request publications):

You can look here the original comment:

You can follow my announcements here:

The good point, people speak about SCRAM "Salted Challenge Response Authentication Mechanism" security ;)

Badly, some people or projects like only old unsecure mechanisms, some would like security improvements.

@wookey wookey mentioned this issue Apr 3, 2024
Closed
@Neustradamus Neustradamus mentioned this issue Apr 4, 2024
Merged
@dylanmtaylor dylanmtaylor mentioned this issue Apr 4, 2024
Closed
@Neustradamus
Copy link
Author

I have received a lot of attacks (private and public) and I am listed here, a lot of people have attacked me here:
Several people have blocked me about this history.

Free software's not-so-eXZellent adventure:

Free software's not-so-eXZellent adventure [LWN.net] on Reddit:

This project is still alive? · Issue 234 · ifupdown-ng/ifupdown-ng on Reddit:

xz-utils backdoor situation (CVE-2024-3094): @thesamesam:

Dear all,

I have already commented, that I have no link with XZ team, I do only request of updates, and I do announcements on social networks:

I propose you to follow me to have announcements.

Examples for XZ on Twitter:

I have already done several explanation about my request of update in VCPKG to 5.4.5 and 5.6.0 etc.

I have successed to have a new team for Avahi and nss-mdns, but at this time, Avahi is always UNSECURE because there are a lot of CVEs from 2021 and 2023, I have requested several times, a new release build:

I have helped @EasyNetDev to have reaction of dormant ifupdown-ng team because no review of PRs, etc.
Some people have been selected to create a new fork, I have said that it was a bad idea, and it was important to wake up the team.

@Neustradamus Neustradamus mentioned this issue Apr 16, 2024
Closed
This was referenced May 31, 2024
Merged
Closed
@Neustradamus
Copy link
Author

@teo-tsirpanis has done a PR about the new XZ version (5.6.2) here:

cc: @carsten-grimm.

Linked to:

Official XZ links:

@Neustradamus Neustradamus mentioned this issue May 31, 2024
Closed
@TwizzyDizzy TwizzyDizzy mentioned this issue Jan 27, 2025
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@FrankXie05 FrankXie05

Labels
category:port-update The issue is with a library, which is requesting update new revision
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

[liblzma] update to version 5.6.0 carsten-grimm/vcpkg
5 participants
@Neustradamus @stux2000 @Aerocatia @Sjneugent @FrankXie05