Revert "package/tar: security bump to version 1.35"

This reverts commit d4d483451f. Tar 1.35 unfortunately changes the behaviour for the devmajor/devminor fields, breaking the download hash validation. From the release notes: * Leave the devmajor and devminor fields empty (rather than zero) for non-special files, as this is more compatible with traditional tar. https://lists.gnu.org/archive/html/info-gnu/2023-07/msg00005.html So revert the bump for now. Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2024-11-27 15:33:28 +08:00 · 2023-11-12 20:43:23 +01:00 · 2023-11-12 20:43:23 +01:00 · f2b23a6320
commit f2b23a6320
parent b32a46e2a8
2 changed files with 4 additions and 4 deletions
--- a/package/tar/tar.hash
+++ b/package/tar/tar.hash
@ -1,4 +1,4 @@
 # Locally calculated after checking signature
-sha256  4d62ff37342ec7aed748535323930c7cf94acf71c3591882b26a7ea50f3edc16  tar-1.35.tar.xz
-sha256  c77a38fcf25b21fd8209d20d35638744344ded239cfc7df80138bf46d3c6b16d  tar-1.35.cpio.gz
-sha256  3972dc9744f6499f0f9b2dbf76696f2ae7ad8af9b23dde66d6af86c9dfb36986  COPYING
+sha256  63bebd26879c5e1eea4352f0d03c991f966aeb3ddeb3c7445c902568d5411d28  tar-1.34.tar.xz
+sha256  51337b19c71df92cd4f51c50efe4dc6ddc267d31fd54679be9e9bc2e6ce8132b  tar-1.34.cpio.gz
+sha256  8ceb4b9ee5adedde47b31e975c1d90c73ad27b6b165a1dcd80c7c545eb65b903  COPYING
--- a/package/tar/tar.mk
+++ b/package/tar/tar.mk
@ -4,7 +4,7 @@
 #
 ################################################################################

-TAR_VERSION = 1.35
+TAR_VERSION = 1.34
 TAR_SOURCE = tar-$(TAR_VERSION).tar.xz
 TAR_SITE = $(BR2_GNU_MIRROR)/tar
 # busybox installs in /bin, so we need tar to install as well in /bin