From 6aa50d08087b8a5265ca3a41174341245ed69fe0 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Vladim=C3=ADr=20=C4=8Cun=C3=A1t?= Date: Sat, 30 Mar 2024 06:39:25 +0100 Subject: [PATCH] xz: switch to a working src URL, add warning --- pkgs/tools/compression/xz/default.nix | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/pkgs/tools/compression/xz/default.nix b/pkgs/tools/compression/xz/default.nix index e02be74b60d3..4431a178ac02 100644 --- a/pkgs/tools/compression/xz/default.nix +++ b/pkgs/tools/compression/xz/default.nix @@ -11,10 +11,13 @@ stdenv.mkDerivation (finalAttrs: { pname = "xz"; - version = "5.4.6"; + version = "5.4.6"; # Beware of CVE-2024-3094 and related risks!!! src = fetchurl { - url = with finalAttrs; "https://github.com/tukaani-project/xz/releases/download/v${version}/xz-${version}.tar.bz2"; + url = with finalAttrs; + # The original URL has been taken down. + # "https://github.com/tukaani-project/xz/releases/download/v${version}/xz-${version}.tar.bz2"; + "mirror://sourceforge/lzmautils/xz-${version}.tar.bz2"; sha256 = "sha256-kThRsnTo4dMXgeyUnxwj6NvPDs9uc6JDbcIXad0+b0k="; };