From mboxrd@z Thu Jan 1 00:00:00 1970 Delivery-date: Fri, 14 Oct 2022 16:08:11 +0200 Received: from metis.ext.pengutronix.de ([2001:67c:670:201:290:27ff:fe1d:cc33]) by lore.white.stw.pengutronix.de with esmtps (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.94.2) (envelope-from ) id 1ojLMC-008a56-Eg for lore@lore.pengutronix.de; Fri, 14 Oct 2022 16:08:11 +0200 Received: from localhost ([127.0.0.1] helo=metis.ext.pengutronix.de) by metis.ext.pengutronix.de with esmtp (Exim 4.92) (envelope-from ) id 1ojLMA-0001ON-Fk; Fri, 14 Oct 2022 16:08:10 +0200 Received: from mail-eopbgr130050.outbound.protection.outlook.com ([40.107.13.50] helo=EUR01-HE1-obe.outbound.protection.outlook.com) by metis.ext.pengutronix.de with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.92) (envelope-from ) id 1ojLLf-0001OC-Ul for ptxdist@pengutronix.de; Fri, 14 Oct 2022 16:07:41 +0200 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=Z2YP/DuWcIPVNVb6jSYuevTYMXY+T6D8OuSRQS+SzJqanm8Mw7hX7qnWoa8WgJ8IMkG6Mm0biBUyH0Y7eOjZgqCEGdCjaNTxrX8vpFAnG2YuRba507LXE+FQRqUDRQKCKv1Qxt5pC0r7KdQ1+7hYUYWr53saJsjo0MgXfdYqcI1BfprlFuzaDW1O/VEu7DbATXGHIPtavTAhO75bCA44RJQJei8Qti/bovLoIonDhKw7rmSzivNuxWizH3m84mFtkzXjz7MI6lebaxt9KvG38VqsDKJfXgnEYvOmISE1t87bANQFvt9ZSYTZ4ZpFt7H693QzpJegTHvROYTtbY57Mw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=vr5ViuJt9RgcYcAoZgk3K5dI1kHOnFI4IaDffcHE4mg=; b=VO1YFfn5UnPWX6rH0mjw1c9PJeZlkuiSaqacIRvTB54BvKz84z4YnvmTg4opRhPvdu3xXwEostBJcKIVUn6ryNBV7KmZPQ/848gNHQZ0elLrX6VI4d8oS5eivNCBfm4Kwy/A2xkcxJuWPfpVdSuDWNUJC0s4ZfVJ3aOZYnX3V9X1EhvBNT3s8DV4rnRXfDnebsj3ARsDO2IV43JyW/GWfOfjlZxVL91yBTNAs5LrBomKveDB1l8Wr8GX9KQbxf6EkSaD4Vt5D4ZjRDW8XwK1spiU9pnGKo5X6JQMe9kzUYk3lT44eb3mdlP0EpQoljxGqkWPD4SIIz+WcZvVXtpyWQ== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=t2data.com; dmarc=pass action=none header.from=t2data.com; dkim=pass header.d=t2data.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=t2datacom.onmicrosoft.com; s=selector1-t2datacom-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=vr5ViuJt9RgcYcAoZgk3K5dI1kHOnFI4IaDffcHE4mg=; b=Q/eeLwP5+RGK3oLQQksoij3/IKeftM0ww/5bBFf1Z5it3vtLb4ZuQvdc2mEQPuqd279ityyVgCoNwQaNAwciC7D6pIl99nE491/wMyW6/vyncD9Hbttv9yer7bvHFEJxm6V/aZqCmqsArV6xagFnrm2DNu1awOEooVRbpmIt4pM= Authentication-Results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=t2data.com; Received: from DB9P251MB0618.EURP251.PROD.OUTLOOK.COM (2603:10a6:10:334::22) by DB9P251MB0596.EURP251.PROD.OUTLOOK.COM (2603:10a6:10:332::9) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.5723.26; Fri, 14 Oct 2022 14:07:37 +0000 Received: from DB9P251MB0618.EURP251.PROD.OUTLOOK.COM ([fe80::e75a:4c4e:8faa:99ae]) by DB9P251MB0618.EURP251.PROD.OUTLOOK.COM ([fe80::e75a:4c4e:8faa:99ae%5]) with mapi id 15.20.5723.026; Fri, 14 Oct 2022 14:07:36 +0000 From: Christian Melki To: ptxdist@pengutronix.de Date: Fri, 14 Oct 2022 16:07:23 +0200 Message-Id: <20221014140723.531912-1-christian.melki@t2data.com> X-Mailer: git-send-email 2.34.1 Content-Transfer-Encoding: 8bit Content-Type: text/plain X-ClientProxiedBy: GV3P280CA0012.SWEP280.PROD.OUTLOOK.COM (2603:10a6:150:b::23) To DB9P251MB0618.EURP251.PROD.OUTLOOK.COM (2603:10a6:10:334::22) MIME-Version: 1.0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: DB9P251MB0618:EE_|DB9P251MB0596:EE_ X-MS-Office365-Filtering-Correlation-Id: 167940b1-42d5-4729-1bac-08daaded728f X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: 3mKER6rRMJvusORmmLHxI2KpIU8ZVNAb24+UM2xEUQis6L5WWhtCFfWgMGhsJYjBlZvok4HWRdJnvKjR4Dt8y0ML6EN2FP9NwmTsDLJFduCXxXFDR/ve8vCpReJ6opXIn+tqZsFfEwci6iuOAqo1jMJKKJL+f+V8h/AB3q8PjZEnx+DavmnAv1W/+z0woyMzG1zagohGJjbpECEEBhUHKq6yy/rKJwnvDGKwPMlqz9M5Miu5/T3jzZI3SF6GYoaglPFpanKeJV31iw4m6o4phnZ+l49AIoC11iBsKJ0zpFyo9ikazSuwdNLQ4BnZ9jDtzxX1cT6qb3bxhbvqvzod3ZisJesSN+zOYAQLK8LC/08YiNR+cpTtx8qeSRnIVH5EaJprnAbKnbn5PlS/6P4axefTj57Y5M9dCHYTHEwCluYj7BkQUveVrUtqPmO8WEHJlvyDu8ZYqHkj6WWpVtLCBlHL7MzBLJ1DRFfdoZSY2FRnev1ZLR48KX7PSPslypyLcdXDxz7Yih6F1CvQc4RyWizD+iBN068+W9vcwrc0JUxLDZRXsfryzk5wP3kEjM0tshezDjZ0tW8LTkRov4rNqRKiAo9CNGs+DG8TYx99a9jKvYnXEperrajmhEyOkmd7YFpTu6Fh18nd3mn+/sg6mLkwJ5+Ls+rvv/XV+X9QcxZxgVCsRaorvPnlhFHH6APBMUW45Wc0OvUpTfDDxJWLGlAZkiSbQ8Fj7RyZYgC9Jx7Z7Iiw9Sqt6yQdTakYj7SQr6xZ9OWgs3t3t2hLfVD9xSy9MzbMQOTKPX9FtY/ZcWE= X-Forefront-Antispam-Report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:DB9P251MB0618.EURP251.PROD.OUTLOOK.COM; PTR:; CAT:NONE; SFS:(13230022)(39830400003)(366004)(376002)(346002)(396003)(136003)(451199015)(83380400001)(316002)(6916009)(66556008)(8936002)(8676002)(66476007)(41300700001)(86362001)(2616005)(36756003)(66946007)(26005)(6512007)(52116002)(186003)(44832011)(6486002)(966005)(38100700002)(1076003)(6506007)(38350700002)(6666004)(5660300002)(2906002)(478600001); DIR:OUT; SFP:1101; X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1 X-MS-Exchange-AntiSpam-MessageData-0: =?us-ascii?Q?63C8QlPZoc2iDGr2XvEfsFiupONw3z6neyHk1Lg+im/fae4CJ7BozSjza6Pw?= =?us-ascii?Q?NtS6zVgl0zDasJq9nV4Jv9tIjvkmScdIC2XzR6AQEOJDYhcP/TxVBGS4hgca?= =?us-ascii?Q?MFw0YXVNmp5qMw6H8tJ1z3HumEpCwzfnmdnCwvMzpjn6/cpdrn1JvBY2wsd9?= =?us-ascii?Q?hfMT9MLx0vTQ9mlZQUM29pevYwGmUcYL7HUKi0YV/aX/EAsDcTLbsEu/qfPJ?= =?us-ascii?Q?MQQm553CtUuQXDvWniliZOVVYz2eYtTWwDwa417byoaCuO+VOOFhHhgkMFCa?= =?us-ascii?Q?Hz/SpissEp8v11818Q5uevBYY5jA0/abHEUxOfhAoz7mnJ3Dij22NGPsrpLT?= =?us-ascii?Q?UFzlrdlcVx06iG6juca4h56ZCn8RZAwYMNzPIxQqvL8e4ujYNdlaz+FwE+zr?= =?us-ascii?Q?olEpf1q6JxbVbesuQfMKTxn3B92Tr4k96lasNI1uVnmY5+QkmI4Uh/K9WLnd?= =?us-ascii?Q?3p57sh0sfVcJf0ODnTXzS3juk6nnTdS/rbqCSgQ++8tz2C1OfmGYGAue768J?= =?us-ascii?Q?HADSq/zh6dNhtLiUrWqW1fwm32N+UR711e0PE/df3LLLx9HQl8rjpI3cwspD?= =?us-ascii?Q?tY0srS7EyKJO2akgiJXfy92IQwRNDnOjHtzWVPzYeIYWNJviEqZEwljoVaAq?= =?us-ascii?Q?g7zeGt4UUVUomrw0CqRzPPxxpRT8Lrbl9vZYo9LC/tK75A+YnZCPV5t1Cuoi?= =?us-ascii?Q?knzMJtPDWVo8GM9N2BZp6bYU4I85M8fyy6rciaV93g4NafUTOSc2vc5rJuM8?= =?us-ascii?Q?5Qt1dY1kwiet9mekVpAW7FBPDREndtWyL7BjseapHB4mpZV6OnYbwr2JEv4w?= =?us-ascii?Q?HZJA1077Mt5fdXZtQwAYNoMAkVG1cUrte50PwMg9OYFJEixER273oNtnAqKq?= =?us-ascii?Q?iCKIDV43QO+akj85AqSkL+oWQ9Lo9lB2hK8uGSEIBIAZ53WDcPmrZh+7+50S?= =?us-ascii?Q?o9hJsJRfY9OwjKbl1bf5JIk2HFP9znmXhUQ2GbB4/8qv721jJDxbhzA2Uk9U?= =?us-ascii?Q?8wzu4VnW+Ciyac+F448HmJlFUSKAz8nlqOcdUEWMWLeveTswJOeduFwoSEV2?= =?us-ascii?Q?n2xHkFgkzKUWETiXIaX3qwBk9DuVhxftYfmBftbtYguv5z3/U8t2xWZIYKjO?= =?us-ascii?Q?CG2dD99dDhhI/w8kSZ4tYlCs8MWlEcGI+5y+Ghb53UaQpwkM4V4ZAvJLJXPY?= =?us-ascii?Q?THTb5yFy8EtUhljWMcyqM9G854FT9ZeP9GgY6ysYqe2wWfjfA3Lvroi6JRi2?= =?us-ascii?Q?jvkEAAhk/BIoxG14TxuaciocxsEu9OEMIlDjayEjEfxtjPuk2hGjZ7jFcFJ3?= =?us-ascii?Q?8r0Zo9i2N4Gb9POTWaC53vV8eMuuSbpqCCBCvAFbaZfICPrqhxvKk1TxtTLF?= =?us-ascii?Q?MjhOuEfSy0hm9k/fVnyhbwGtTpY1BU3UKXB5S5/8BymDEhIl/MtzmrFHw3YD?= =?us-ascii?Q?MYNR9q76bi+Dplwj2uaBOc5ZIwzGlW/UXojXc6jbFRYmmq5eE+sXn/bYdVWM?= =?us-ascii?Q?sVlyxQR++4Q0wRgv2TKnXo0YnxEhz/Ygwq5zvUNuwYELEv2qUDG6Csq/Q5Zs?= =?us-ascii?Q?pjmI4Rt2rI3fLnsfWjUi9a2z9tNfwqjNCYiBOHPQEJIXQRacmlw2Ij7/jQ6O?= =?us-ascii?Q?lQ=3D=3D?= X-OriginatorOrg: t2data.com X-MS-Exchange-CrossTenant-Network-Message-Id: 167940b1-42d5-4729-1bac-08daaded728f X-MS-Exchange-CrossTenant-AuthSource: DB9P251MB0618.EURP251.PROD.OUTLOOK.COM X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 14 Oct 2022 14:07:36.8275 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 27928da5-aacd-4ba1-9566-c748a6863e6c X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: scisz+bVkStcPcBIijEmO4z++wNkXBfuaMC32RHbVeG6Rd+XEQkARUuY/yfurHJB+XLvyaGO28R01t58Eq80PK8rctGYy4Wygm6q0VFqROg= X-MS-Exchange-Transport-CrossTenantHeadersStamped: DB9P251MB0596 X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on metis.ext.pengutronix.de X-Spam-Level: X-Spam-Status: No, score=-2.1 required=4.0 tests=AWL,BAYES_00,DKIM_SIGNED, DKIM_VALID,RCVD_IN_DNSWL_NONE,RCVD_IN_MSPIKE_H2,SPF_HELO_PASS,SPF_PASS, URIBL_BLOCKED autolearn=ham autolearn_force=no version=3.4.2 Subject: [ptxdist] [PATCH] zlib: Version bump. 1.2.12 -> 1.2.13 X-BeenThere: ptxdist@pengutronix.de X-Mailman-Version: 2.1.29 Precedence: list List-Id: PTXdist Development Mailing List List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Reply-To: ptxdist@pengutronix.de Sender: "ptxdist" X-SA-Exim-Connect-IP: 127.0.0.1 X-SA-Exim-Mail-From: ptxdist-bounces@pengutronix.de X-SA-Exim-Scanned: No (on metis.ext.pengutronix.de); SAEximRunCond expanded to false https://zlib.net/ Minor fixes in this release. Version bump plugs CVE-2022-37434. * Remove all patches for 1.2.12. They're now fixed. * Reindent license file line. Signed-off-by: Christian Melki --- ...sue-that-discarded-provided-CC-defin.patch | 23 -------------- ...etting-a-gzip-header-extra-field-wit.patch | 31 ------------------- ...processing-bug-that-dereferences-NUL.patch | 28 ----------------- patches/zlib-1.2.12/series | 6 ---- rules/zlib.make | 7 +++-- 5 files changed, 4 insertions(+), 91 deletions(-) delete mode 100644 patches/zlib-1.2.12/0001-Fix-configure-issue-that-discarded-provided-CC-defin.patch delete mode 100644 patches/zlib-1.2.12/0002-Fix-a-bug-when-getting-a-gzip-header-extra-field-wit.patch delete mode 100644 patches/zlib-1.2.12/0003-Fix-extra-field-processing-bug-that-dereferences-NUL.patch delete mode 100644 patches/zlib-1.2.12/series diff --git a/patches/zlib-1.2.12/0001-Fix-configure-issue-that-discarded-provided-CC-defin.patch b/patches/zlib-1.2.12/0001-Fix-configure-issue-that-discarded-provided-CC-defin.patch deleted file mode 100644 index 63bdb67c0..000000000 --- a/patches/zlib-1.2.12/0001-Fix-configure-issue-that-discarded-provided-CC-defin.patch +++ /dev/null @@ -1,23 +0,0 @@ -From: Mark Adler -Date: Mon, 28 Mar 2022 18:34:10 -0700 -Subject: [PATCH] Fix configure issue that discarded provided CC definition. - ---- - configure | 3 +++ - 1 file changed, 3 insertions(+) - -diff --git a/configure b/configure -index 52ff4a04ea89..3fa3e8618f9c 100755 ---- a/configure -+++ b/configure -@@ -174,7 +174,10 @@ if test -z "$CC"; then - else - cc=${CROSS_PREFIX}cc - fi -+else -+ cc=${CC} - fi -+ - cflags=${CFLAGS-"-O3"} - # to force the asm version use: CFLAGS="-O3 -DASMV" ./configure - case "$cc" in diff --git a/patches/zlib-1.2.12/0002-Fix-a-bug-when-getting-a-gzip-header-extra-field-wit.patch b/patches/zlib-1.2.12/0002-Fix-a-bug-when-getting-a-gzip-header-extra-field-wit.patch deleted file mode 100644 index e8b36be46..000000000 --- a/patches/zlib-1.2.12/0002-Fix-a-bug-when-getting-a-gzip-header-extra-field-wit.patch +++ /dev/null @@ -1,31 +0,0 @@ -From: Mark Adler -Date: Sat, 30 Jul 2022 15:51:11 -0700 -Subject: [PATCH] Fix a bug when getting a gzip header extra field with - inflate(). - -If the extra field was larger than the space the user provided with -inflateGetHeader(), and if multiple calls of inflate() delivered -the extra header data, then there could be a buffer overflow of the -provided space. This commit assures that provided space is not -exceeded. ---- - inflate.c | 5 +++-- - 1 file changed, 3 insertions(+), 2 deletions(-) - -diff --git a/inflate.c b/inflate.c -index 7be8c63662a7..7a728974923a 100644 ---- a/inflate.c -+++ b/inflate.c -@@ -763,9 +763,10 @@ int flush; - copy = state->length; - if (copy > have) copy = have; - if (copy) { -+ len = state->head->extra_len - state->length; - if (state->head != Z_NULL && -- state->head->extra != Z_NULL) { -- len = state->head->extra_len - state->length; -+ state->head->extra != Z_NULL && -+ len < state->head->extra_max) { - zmemcpy(state->head->extra + len, next, - len + copy > state->head->extra_max ? - state->head->extra_max - len : copy); diff --git a/patches/zlib-1.2.12/0003-Fix-extra-field-processing-bug-that-dereferences-NUL.patch b/patches/zlib-1.2.12/0003-Fix-extra-field-processing-bug-that-dereferences-NUL.patch deleted file mode 100644 index 381c52128..000000000 --- a/patches/zlib-1.2.12/0003-Fix-extra-field-processing-bug-that-dereferences-NUL.patch +++ /dev/null @@ -1,28 +0,0 @@ -From: Mark Adler -Date: Mon, 8 Aug 2022 10:50:09 -0700 -Subject: [PATCH] Fix extra field processing bug that dereferences NULL - state->head. - -The recent commit to fix a gzip header extra field processing bug -introduced the new bug fixed here. ---- - inflate.c | 4 ++-- - 1 file changed, 2 insertions(+), 2 deletions(-) - -diff --git a/inflate.c b/inflate.c -index 7a728974923a..2a3c4fe98464 100644 ---- a/inflate.c -+++ b/inflate.c -@@ -763,10 +763,10 @@ int flush; - copy = state->length; - if (copy > have) copy = have; - if (copy) { -- len = state->head->extra_len - state->length; - if (state->head != Z_NULL && - state->head->extra != Z_NULL && -- len < state->head->extra_max) { -+ (len = state->head->extra_len - state->length) < -+ state->head->extra_max) { - zmemcpy(state->head->extra + len, next, - len + copy > state->head->extra_max ? - state->head->extra_max - len : copy); diff --git a/patches/zlib-1.2.12/series b/patches/zlib-1.2.12/series deleted file mode 100644 index 5287c5835..000000000 --- a/patches/zlib-1.2.12/series +++ /dev/null @@ -1,6 +0,0 @@ -# generated by git-ptx-patches -#tag:base --start-number 1 -0001-Fix-configure-issue-that-discarded-provided-CC-defin.patch -0002-Fix-a-bug-when-getting-a-gzip-header-extra-field-wit.patch -0003-Fix-extra-field-processing-bug-that-dereferences-NUL.patch -# cd27facc69e3374f1354a2aca57309ec - git-ptx-patches magic diff --git a/rules/zlib.make b/rules/zlib.make index dcfca75af..6a3362549 100644 --- a/rules/zlib.make +++ b/rules/zlib.make @@ -15,8 +15,8 @@ PACKAGES-$(PTXCONF_ZLIB) += zlib # # Paths and names # -ZLIB_VERSION := 1.2.12 -ZLIB_MD5 := 28687d676c04e7103bb6ff2b9694c471 +ZLIB_VERSION := 1.2.13 +ZLIB_MD5 := 7d9fc1d78ae2fa3e84fe98b77d006c63 ZLIB := zlib-$(ZLIB_VERSION) ZLIB_SUFFIX := tar.xz ZLIB_URL := \ @@ -25,7 +25,8 @@ ZLIB_URL := \ ZLIB_SOURCE := $(SRCDIR)/$(ZLIB).$(ZLIB_SUFFIX) ZLIB_DIR := $(BUILDDIR)/$(ZLIB) ZLIB_LICENSE := Zlib -ZLIB_LICENSE_FILES := file://README;md5=7ae390a32824ef4d6316800962e5c66f +ZLIB_LICENSE_FILES := \ + file://README;md5=7ae390a32824ef4d6316800962e5c66f # ---------------------------------------------------------------------------- # Prepare -- 2.34.1