<pre style='margin:0'>
Ryan Carsten Schmidt (ryandesign) pushed a commit to branch curl
in repository macports-ports.

</pre>
<p><a href="https://github.com/macports/macports-ports/commit/217a87fff07715be090e85aeed0ba36f2e1f893b">https://github.com/macports/macports-ports/commit/217a87fff07715be090e85aeed0ba36f2e1f893b</a></p>
<pre style="white-space: pre; background: #F8F8F8"><span style='display:block; white-space:pre;color:#808000;'>commit 217a87fff07715be090e85aeed0ba36f2e1f893b
</span>Author: Ryan Carsten Schmidt <ryandesign@macports.org>
AuthorDate: Fri Mar 29 13:22:22 2024 -0500

<span style='display:block; white-space:pre;color:#404040;'>    Revert "xz: update to 5.6.1"
</span><span style='display:block; white-space:pre;color:#404040;'>    
</span><span style='display:block; white-space:pre;color:#404040;'>    This reverts commit 784e59f99e51adbadc663b1b689d66363adf193a.
</span><span style='display:block; white-space:pre;color:#404040;'>    
</span><span style='display:block; white-space:pre;color:#404040;'>    5.6.0 and later are compromised upstream and contain malware.
</span><span style='display:block; white-space:pre;color:#404040;'>    
</span><span style='display:block; white-space:pre;color:#404040;'>    https://lists.macports.org/pipermail/macports-dev/2024-March/045563.html
</span><span style='display:block; white-space:pre;color:#404040;'>    https://lists.debian.org/debian-security-announce/2024/msg00057.html
</span><span style='display:block; white-space:pre;color:#404040;'>    https://www.openwall.com/lists/oss-security/2024/03/29/4
</span><span style='display:block; white-space:pre;color:#404040;'>    https://github.com/tukaani-project/xz/issues/92
</span>---
 archivers/xz/Portfile | 20 ++++++++++++--------
 1 file changed, 12 insertions(+), 8 deletions(-)

<span style='display:block; white-space:pre;color:#808080;'>diff --git a/archivers/xz/Portfile b/archivers/xz/Portfile
</span><span style='display:block; white-space:pre;color:#808080;'>index efdc7271896..73ea41eae80 100644
</span><span style='display:block; white-space:pre;background:#e0e0ff;'>--- a/archivers/xz/Portfile
</span><span style='display:block; white-space:pre;background:#e0e0ff;'>+++ b/archivers/xz/Portfile
</span><span style='display:block; white-space:pre;background:#e0e0e0;'>@@ -2,13 +2,18 @@
</span> 
 PortSystem      1.0
 PortGroup       clang_dependency 1.0
<span style='display:block; white-space:pre;background:#ffe0e0;'>-PortGroup       github 1.0
</span> 
<span style='display:block; white-space:pre;background:#ffe0e0;'>-github.setup    tukaani-project xz 5.6.1 v
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-checksums       rmd160  518e6571a7e63bc5c4ec9f0b330210fe65d7423c \
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-                sha256  d300422649a0124b1121630be559c890ceedf32667d7064b8128933166c217c8 \
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-                size    2292062
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+name            xz
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+epoch           1
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+version         5.4.6
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+# DO NOT UPDATE past this version as upstream appears to be compromised and distributing malware.
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+# https://lists.macports.org/pipermail/macports-dev/2024-March/045563.html
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+# https://lists.debian.org/debian-security-announce/2024/msg00057.html
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+# https://www.openwall.com/lists/oss-security/2024/03/29/4
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+# https://github.com/tukaani-project/xz/issues/92
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+checksums       rmd160  b520491a5cae36c5295859d51eee5573a5953a1f \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+                sha256  913851b274e8e1d31781ec949f1c23e8dbcf0ecf6e73a2436dc21769dd3e6f49 \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+                size    2181925
</span> 
 categories      archivers
 # some executables are GPL, libs and everything else are public domain
<span style='display:block; white-space:pre;background:#e0e0e0;'>@@ -23,8 +28,7 @@ XZ utils consist of a few relatively separate submodules: \
</span> \n* Scripts to ease grepping, diffing and viewing (lz*grep, lzdiff/lzcmp, lzmore/lzless)
 
 homepage        https://tukaani.org/xz/
<span style='display:block; white-space:pre;background:#ffe0e0;'>-github.tarball_from \
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-                releases
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+master_sites    sourceforge:project/lzmautils
</span> use_bzip2       yes
 
 if {${subport} eq ${name}} {
</pre><pre style='margin:0'>

</pre>