From c36a915f3438ff5eb864d0f3277d7cb8edf76177 Mon Sep 17 00:00:00 2001
From: Darryl Pogue <darryl@dpogue.ca>
Date: Fri, 29 Mar 2024 13:14:17 -0700
Subject: [PATCH 1/2] Pin liblzma to a non-compromised version

---
 vcpkg.json | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/vcpkg.json b/vcpkg.json
index 3b99d98bee..f3d06c5d46 100644
--- a/vcpkg.json
+++ b/vcpkg.json
@@ -41,6 +41,11 @@
         "name": "physx",
         "version": "4.1.2#6",
         "$comment": "Upstream vcpkg updated to PhysX 5, which drops support for several target platforms. Stick with 4.1.2 for now."
+      },
+      {
+        "name": "liblzma",
+        "version": "5.4.4",
+        "$comment": "liblzma & xz were compromised upstream: CVE-2024-3094."
       }
     ],
     "features": {

From 98b8249050ffd4b74120651a6590ff09958f8b94 Mon Sep 17 00:00:00 2001
From: Darryl Pogue <darryl@dpogue.ca>
Date: Fri, 29 Mar 2024 13:33:25 -0700
Subject: [PATCH 2/2] Fix macOS CI builds due to python setuptools

---
 .github/workflows/ci.yml | 7 ++-----
 1 file changed, 2 insertions(+), 5 deletions(-)

diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
index 0abf611e21..6bfcfabe17 100644
--- a/.github/workflows/ci.yml
+++ b/.github/workflows/ci.yml
@@ -268,11 +268,8 @@ jobs:
               autoconf \
               automake \
               libtool \
-              nasm
-
-      # Workaround for missing distutils on macOS: https://github.com/actions/runner/issues/2958
-      - name: Install setuptools
-        run: sudo -H pip3 install setuptools
+              nasm \
+              python-setuptools
 
       - name: Setup NuGet
         run: |