From f72123158996b8d4449de481897d855bc47c7bf6 Mon Sep 17 00:00:00 2001
From: Martin Weinelt <hexa@darmstadt.ccc.de>
Date: Fri, 29 Mar 2024 03:45:03 +0100
Subject: Revert "xz: 5.4.6 -> 5.6.0"

This reverts commit 5c7c19cc7ef416b2f4a154263c6d04a50bbac86c.

The upstream tarball has been tampered with and includes a backport for
which we cannot completely rule out, whether we are affected.

https://www.openwall.com/lists/oss-security/2024/03/29/4
---
 pkgs/tools/compression/xz/default.nix | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/pkgs/tools/compression/xz/default.nix b/pkgs/tools/compression/xz/default.nix
index 2f10236b46b3b..e02be74b60d30 100644
--- a/pkgs/tools/compression/xz/default.nix
+++ b/pkgs/tools/compression/xz/default.nix
@@ -11,11 +11,11 @@
 
 stdenv.mkDerivation (finalAttrs: {
   pname = "xz";
-  version = "5.6.0";
+  version = "5.4.6";
 
   src = fetchurl {
     url = with finalAttrs; "https://github.com/tukaani-project/xz/releases/download/v${version}/xz-${version}.tar.bz2";
-    hash = "sha256-iMhjHO+6kWZP3EexS7dT4YdvSWSgfbZQgh0gOZKx4eo=";
+    sha256 = "sha256-kThRsnTo4dMXgeyUnxwj6NvPDs9uc6JDbcIXad0+b0k=";
   };
 
   strictDeps = true;
-- 
cgit 1.4.1