From d9ec8de250ddc362ca4726cd6c055216b529177a Mon Sep 17 00:00:00 2001
From: V3n3RiX <venerix@koprulu.sector>
Date: Sat, 30 Mar 2024 01:13:30 +0000
Subject: gentoo auto-resync : 30:03:2024 - 01:13:30

---
 profiles/Manifest.gz                  | Bin 203036 -> 203035 bytes
 profiles/arch/amd64/x32/make.defaults |   5 +++++
 profiles/package.mask                 |  11 ++++++++++-
 3 files changed, 15 insertions(+), 1 deletion(-)

(limited to 'profiles')

diff --git a/profiles/Manifest.gz b/profiles/Manifest.gz
index 00f959fb5815..68bef727257e 100644
Binary files a/profiles/Manifest.gz and b/profiles/Manifest.gz differ
diff --git a/profiles/arch/amd64/x32/make.defaults b/profiles/arch/amd64/x32/make.defaults
index 0c9b008c9fd7..b1eb0b20a751 100644
--- a/profiles/arch/amd64/x32/make.defaults
+++ b/profiles/arch/amd64/x32/make.defaults
@@ -5,6 +5,11 @@ DEFAULT_ABI="x32"
 ABI="x32"
 MULTILIB_ABIS="amd64 x86 x32"
 
+# Andreas K. Hüttel <dilfridge@gentoo.org> (2024-03-29)
+# Appears to be needed so stage1 can build stage3 ...
+# The bug is elsewhere, this is a workaround.
+BOOTSTRAP_USE="${BOOTSTRAP_USE} abi_x86_64"
+
 # Mike Gilbert <floppym@gentoo.org> (2021-09-06)
 # x32 userspace runs on amd64 kernels.
 KERNEL_ABI="amd64"
diff --git a/profiles/package.mask b/profiles/package.mask
index 7abcf6cc3031..6c0d5f5a7b23 100644
--- a/profiles/package.mask
+++ b/profiles/package.mask
@@ -33,11 +33,20 @@
 
 #--- END OF EXAMPLES ---
 
+# Sam James <sam@gentoo.org> (2024-03-28)
+# Newer releases were signed by a potentially compromised upstream maintainer.
+# There is no evidence that these releases contain malicious code, but masked
+# out of an abundance of caution. See bug #928134.
+>=app-arch/xz-utils-5.4.3
+
 # Sam James <sam@gentoo.org> (2024-03-28)
 # Backdoor discovered in release tarballs. DOWNGRADE NOW.
 # https://www.openwall.com/lists/oss-security/2024/03/29/4
 # https://bugs.gentoo.org/928134
->=app-arch/xz-utils-5.6.0
+~app-arch/xz-utils-5.5.1_alpha
+~app-arch/xz-utils-5.5.2_beta
+~app-arch/xz-utils-5.6.0
+~app-arch/xz-utils-5.6.1
 
 # Michał Górny <mgorny@gentoo.org> (2024-03-26)
 # Last release in 2012.  No reverse dependencies.
-- 
cgit v1.2.3