From mboxrd@z Thu Jan 1 00:00:00 1970 Delivery-date: Wed, 19 Oct 2022 09:19:13 +0200 Received: from metis.ext.pengutronix.de ([2001:67c:670:201:290:27ff:fe1d:cc33]) by lore.white.stw.pengutronix.de with esmtps (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.94.2) (envelope-from ) id 1ol3MA-000MxH-Nc for lore@lore.pengutronix.de; Wed, 19 Oct 2022 09:19:13 +0200 Received: from localhost ([127.0.0.1] helo=metis.ext.pengutronix.de) by metis.ext.pengutronix.de with esmtp (Exim 4.92) (envelope-from ) id 1ol3M8-0002w4-Fu; Wed, 19 Oct 2022 09:19:12 +0200 Received: from mail-am6eur05on2042.outbound.protection.outlook.com ([40.107.22.42] helo=EUR05-AM6-obe.outbound.protection.outlook.com) by metis.ext.pengutronix.de with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.92) (envelope-from ) id 1ol3Lj-0002vt-R1 for ptxdist@pengutronix.de; Wed, 19 Oct 2022 09:18:51 +0200 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=Px1gvqepw7YjJOidaKV1m4ixd+yMinIW/gf7C04iYuK/NiHBt2iKyLqYqKpc7B0kyS7dhhR9LFOoVPeB+NskDFIwdb4MCrpvIO3pbXD7GZrKxGh1+Z0bBAPKbvksGWr1r0plSK6MhyHrj+Fzz/1iBfT+Do1ZIL1NF5EC5PnZTrNKAwUaxrI4SBclxUeXDofARP03UNc9JtGJDuJ1W1I7fzgFOjcSHN7RyTVVssXf7+xhjTL1bcoZ76my3jzEb/iCiBrhqLuGdouiaAPWxdEHouvgjjJPjb+d65vbXdhHxQ/MKbe3IHkzN0hneb6qcCJDhHf681qeJEXl4tFNhdQDbQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=XFwse6FhsZKH0Jq04BKj2aDyyw/fuY2imUJHkv9Xa8A=; b=bK5iG6hb+YNNcVauKXrChXAPJGdnyFMxt4ONGcUdS2lpbzJ1SL5SsqByO7FhW54Knpw/L/sUPkuDukQLqrqVIGN2Vl/deVmV8CjzIwZ+U2GOqhqK7yW7qiZq1mk9CZVA4VlJgoD/i7A6783w9Ob94j8UkAD56u8vcJXRXGSUiG95r2phHAJ87C8Igo0MZj5A+Y+b11gDw6kosbFv3/ag4vgfh0LimqnqOJVSCjWF2Cu5dFWfFep7OByaO8GwHUkUqyshTey07zppe1V+gqHAnoFn53OGD6YFLl6nq9V9fsdRJPkO6X1+zClAIklpCIzfj5VlsArSAFHSozKyOfkTeA== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=t2data.com; dmarc=pass action=none header.from=t2data.com; dkim=pass header.d=t2data.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=t2datacom.onmicrosoft.com; s=selector1-t2datacom-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=XFwse6FhsZKH0Jq04BKj2aDyyw/fuY2imUJHkv9Xa8A=; b=C0wkpourJbsRbdhkFkay5/w/QH6Kd8FH9ZFo9OGk/TlOBXvuzBqJUZ/lqLmFkLYgw48rPBEAm01sObuJhF/4vrXvrQH09aKS16VCu/pyFNZA+1y1T9aAcrsLi0NspR/eSLBNZcWmWoXfwRvnWySpl+0oGkr6LRcDsnwfIvjq4To= Authentication-Results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=t2data.com; Received: from DB9P251MB0618.EURP251.PROD.OUTLOOK.COM (2603:10a6:10:334::22) by GV1P251MB0881.EURP251.PROD.OUTLOOK.COM (2603:10a6:150:8e::22) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.5723.29; Wed, 19 Oct 2022 07:18:43 +0000 Received: from DB9P251MB0618.EURP251.PROD.OUTLOOK.COM ([fe80::e75a:4c4e:8faa:99ae]) by DB9P251MB0618.EURP251.PROD.OUTLOOK.COM ([fe80::e75a:4c4e:8faa:99ae%7]) with mapi id 15.20.5723.034; Wed, 19 Oct 2022 07:18:43 +0000 From: Christian Melki To: ptxdist@pengutronix.de Date: Wed, 19 Oct 2022 09:18:27 +0200 Message-Id: <20221019071827.3557341-1-christian.melki@t2data.com> X-Mailer: git-send-email 2.34.1 Content-Transfer-Encoding: 8bit Content-Type: text/plain X-ClientProxiedBy: GV3P280CA0016.SWEP280.PROD.OUTLOOK.COM (2603:10a6:150:b::26) To DB9P251MB0618.EURP251.PROD.OUTLOOK.COM (2603:10a6:10:334::22) MIME-Version: 1.0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: DB9P251MB0618:EE_|GV1P251MB0881:EE_ X-MS-Office365-Filtering-Correlation-Id: e5cddd7c-7b32-476c-abb4-08dab1a22767 X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: SwaA0k544I/PXSzNqmQoWAgkNF3MVpmCnOBMKjJSgT7v+PcRDmT4lGJy5cHOSgYrpEByd69wrC+Pyj8i85dKDqBwiP3he9z7c+1uN5CXiCr6k++6RDG6jYgs4/3KOd7VgbiCgNbQYF/Gcv/912SFi+6g2dKNdU6fg/+wbbmauTczfJcCoLZ5AFS/OOH7TRklqAja9tMeEDLmvAmfQRQzPRTU5ymIHNZPEatNcNJUjbnC6GCOgrmXX6XWpthG56F+SU4s5s8iQ7jwVMTKkw0d+AKth0Yl7a6MoJFxrTkwYAF95CMjbUomDmkzNkIlLvNH/mXhAm//KU4B5geADRA+BiWpA95qdIAYspeylc0HOL8nzwHyuXkBYSJ231SPbOp78EdRMgjbG1ZSH8es1LpECrn2ERg1sk0Rc+9Ter39CxU1ED4Ze0W1mgwomCQ5ME1eWoF+mqIttJXQLwsTxnq+MLTHsiAG4ib8H9szEad6XmjKMDgNwDFLwdLw+KSEyra9yDBKqSrbql51YcgoFkN+XMR1JTDw64jp8Zd0u9AX7/U7uc2aXG9N7SPjluhhSFATfxd8h2wakB7NEQMz9tGKJzkOSEcricgVzO0fmaegKyKHgzCJD40rOYrvk75+Gc0G3YpfZYvCicW+9z5tGpLmY9gvDecuxJ5Zlaem4eGHtmVRvbZYBZkpYTzBJ/KIU0BpyEXQIs5dkLxIwnUt0GONaAvyDHyg5kPjWfiSyU6jFCfBvkJyN8BmM999P55JcpauL7vZwKnPwMMbo+PlArAS0k8qqlVk4MHnXfZI3Mmv73c= X-Forefront-Antispam-Report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:DB9P251MB0618.EURP251.PROD.OUTLOOK.COM; PTR:; CAT:NONE; SFS:(13230022)(366004)(396003)(39830400003)(346002)(376002)(136003)(451199015)(6916009)(316002)(8936002)(6512007)(26005)(1076003)(186003)(2616005)(2906002)(5660300002)(44832011)(6666004)(8676002)(66476007)(66556008)(83380400001)(41300700001)(66946007)(86362001)(36756003)(52116002)(6506007)(38350700002)(966005)(6486002)(38100700002)(478600001); DIR:OUT; SFP:1101; X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1 X-MS-Exchange-AntiSpam-MessageData-0: =?us-ascii?Q?GmTShHFVZbiyztnWOn/DUGxbapSVZ00/jMmlGr32o/cyCZ7Gq9DvgaxhlUUj?= =?us-ascii?Q?Blf1769nNW/gsmBv1YVw07ZzLSxNBkqAPcaoLxpZEQjr0kZHm00vFoZPDJds?= =?us-ascii?Q?meFJM45AQiQOa+5ky4SksEUtRFaEUqmYp0hA/R2fQ8zMMDf2E4cLC+lLBUeu?= =?us-ascii?Q?sKQdl/VgqfKGJ/gnGQGS2Vcgnu9gEFZ7EHBNZmSUtQF5xEX2MWm0X4kcwU4+?= =?us-ascii?Q?wOWWRWT8cMC8uOzWekQs15z1bZT8tZPCDvmP/e4M59gGTq+/e33O0BMMjwTQ?= =?us-ascii?Q?nxXf3F61JZzVsEQceRtkhZ9TzfxtXmuN0QKigESF9X7Yv2Xx6GUB+7g9RZ8t?= =?us-ascii?Q?T4nAS6tTZDMv/3P2AMpFAk+5riJ1TkLDAnFTTEP5Y36ap1kOvDaqk+ngMnPm?= =?us-ascii?Q?7r6pK1Ax9w1Xi+6THVlOFGvgz78t5i1XnLiQ+Vs9uMguhhA/DA02lkIF6YaE?= =?us-ascii?Q?nr6/WWhiKszzlGT763lBfXY5eLSawLUT/caHrnSC/hlRx39+YYYSwsnSFaX7?= =?us-ascii?Q?O+Tx/xjQ2Nq2z7sCq0ikhQYiDvZSsYwWAvs0/rGTNZpWrvSNhrZ1lXNRKZ9I?= =?us-ascii?Q?GRpclXHd60QlKOBL3NJ2dyQDxMWEKw6s96i6qSJpr70j6KrY/sguJsLaEaUx?= =?us-ascii?Q?e+ah/jkRHDgpUEVKuPm1OLMWzdHnmJ3KwYQcdcfKL0klZcwtdX10sTI+XxsG?= =?us-ascii?Q?/xu3CHhcLZCE0ZTdEo9xdiIhuT8C6SsfxI3FfISz6xdBj+xcIijkA02+kjWl?= =?us-ascii?Q?jVSt3MqGzB0WadLUPBv7Z5uJpViy3wCLzB4n8bqHpbAkBW9/q5sVxmAKRK+u?= =?us-ascii?Q?4vMCLPFje0D5jU+56L95Fn0CFLd2crtBuIOHrP/t60wNV8RUhyzOYv3UzY9M?= =?us-ascii?Q?ONZzKt1tD+k53P662dR5QEMOpJc/NT1nFUpsEBvhrRAKZQGdwOCK0ewNLwF3?= =?us-ascii?Q?cBHvPQlaZsDsVKZloe1oWp7kzUwGkttuPnabrH3jBWmw/j8nErNK9r7fagQj?= =?us-ascii?Q?yM08ZZnVhWm3CLuQNyZ/8jgOSjAYjxBbMbX2UnqyzlR8zD4RXMk7fDnJZGlf?= =?us-ascii?Q?W/RlDtaRCa+Fwns1rjKeOM7Qh8t076AKucd8J+MqM2im8/9t8ZTEXjyopyYq?= =?us-ascii?Q?JUF2tY/53uQ7+NdAOc3pMeFFvJLJc3MN/ouYdulGJ+qYuZWFKJLcQcZ9Ua8t?= =?us-ascii?Q?G6dzQoPADUpVjnL10b/RTCVjg0NVG803YezcIPcDn3Zca1k5bY+DbkSpIzyr?= =?us-ascii?Q?1trjxDJtqBudsMB/9DsRcLzehb3IFbhzvFYmQ6Ed6rvu+iDQaj6nSAqIeJMv?= =?us-ascii?Q?zOPevgC3/SNpz1IPb4zJVNLW9AiJ5lohoae99hFkMrM5cdlLStf2zkp4MEjA?= =?us-ascii?Q?6NTrm4xUY2Rk9jIHDXgNjTNLjhdD4ZANFkas4LZUsvTn2dojMEpadL0Va3DI?= =?us-ascii?Q?okAfx+vUBtePvrNSVVPf6t6bo+8050aEsMFY8Cv2DalKR4Gd4wJuOW99bc5w?= =?us-ascii?Q?JHwyIE+1Ie1jtzpeUOB1cwjuFI7eLn7g1M2wI9h8mr2ooelZ5yrMx+mbBC7U?= =?us-ascii?Q?bio2K5OfC4X75xPsCeie2zZA8NznsOgdhHAEm9eW1HAS4vejgDhQGH67sKlt?= =?us-ascii?Q?tA=3D=3D?= X-OriginatorOrg: t2data.com X-MS-Exchange-CrossTenant-Network-Message-Id: e5cddd7c-7b32-476c-abb4-08dab1a22767 X-MS-Exchange-CrossTenant-AuthSource: DB9P251MB0618.EURP251.PROD.OUTLOOK.COM X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 19 Oct 2022 07:18:43.1363 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 27928da5-aacd-4ba1-9566-c748a6863e6c X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: Rykj5PsmZyvad4YDAyUZIMaRI3GbxB7PMcBTG/YQAXpJUx3k8tVhXmhS/cYBRFah6EXkqID4DnwX4vaol/oJCpMT/R3OHexB+0WXYRzAJ6Y= X-MS-Exchange-Transport-CrossTenantHeadersStamped: GV1P251MB0881 X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on metis.ext.pengutronix.de X-Spam-Level: X-Spam-Status: No, score=-2.1 required=4.0 tests=AWL,BAYES_00,DKIM_SIGNED, DKIM_VALID,RCVD_IN_DNSWL_NONE,RCVD_IN_MSPIKE_H2,SPF_HELO_PASS,SPF_PASS autolearn=ham autolearn_force=no version=3.4.2 Subject: [ptxdist] [PATCH v2] zlib: Version bump. 1.2.12 -> 1.2.13 X-BeenThere: ptxdist@pengutronix.de X-Mailman-Version: 2.1.29 Precedence: list List-Id: PTXdist Development Mailing List List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Reply-To: ptxdist@pengutronix.de Sender: "ptxdist" X-SA-Exim-Connect-IP: 127.0.0.1 X-SA-Exim-Mail-From: ptxdist-bounces@pengutronix.de X-SA-Exim-Scanned: No (on metis.ext.pengutronix.de); SAEximRunCond expanded to false https://zlib.net/ Minor fixes in this release. Version bump plugs CVE-2022-37434. * Remove all patches for 1.2.12. They're now fixed. * Reindent license file line. * Zlib added a real LICENSE file describing the zlib license. Use that file instead of the README which changes every release due to version numbering. Signed-off-by: Christian Melki --- ...sue-that-discarded-provided-CC-defin.patch | 23 -------------- ...etting-a-gzip-header-extra-field-wit.patch | 31 ------------------- ...processing-bug-that-dereferences-NUL.patch | 28 ----------------- patches/zlib-1.2.12/series | 6 ---- rules/zlib.make | 7 +++-- 5 files changed, 4 insertions(+), 91 deletions(-) delete mode 100644 patches/zlib-1.2.12/0001-Fix-configure-issue-that-discarded-provided-CC-defin.patch delete mode 100644 patches/zlib-1.2.12/0002-Fix-a-bug-when-getting-a-gzip-header-extra-field-wit.patch delete mode 100644 patches/zlib-1.2.12/0003-Fix-extra-field-processing-bug-that-dereferences-NUL.patch delete mode 100644 patches/zlib-1.2.12/series diff --git a/patches/zlib-1.2.12/0001-Fix-configure-issue-that-discarded-provided-CC-defin.patch b/patches/zlib-1.2.12/0001-Fix-configure-issue-that-discarded-provided-CC-defin.patch deleted file mode 100644 index 63bdb67c0..000000000 --- a/patches/zlib-1.2.12/0001-Fix-configure-issue-that-discarded-provided-CC-defin.patch +++ /dev/null @@ -1,23 +0,0 @@ -From: Mark Adler -Date: Mon, 28 Mar 2022 18:34:10 -0700 -Subject: [PATCH] Fix configure issue that discarded provided CC definition. - ---- - configure | 3 +++ - 1 file changed, 3 insertions(+) - -diff --git a/configure b/configure -index 52ff4a04ea89..3fa3e8618f9c 100755 ---- a/configure -+++ b/configure -@@ -174,7 +174,10 @@ if test -z "$CC"; then - else - cc=${CROSS_PREFIX}cc - fi -+else -+ cc=${CC} - fi -+ - cflags=${CFLAGS-"-O3"} - # to force the asm version use: CFLAGS="-O3 -DASMV" ./configure - case "$cc" in diff --git a/patches/zlib-1.2.12/0002-Fix-a-bug-when-getting-a-gzip-header-extra-field-wit.patch b/patches/zlib-1.2.12/0002-Fix-a-bug-when-getting-a-gzip-header-extra-field-wit.patch deleted file mode 100644 index e8b36be46..000000000 --- a/patches/zlib-1.2.12/0002-Fix-a-bug-when-getting-a-gzip-header-extra-field-wit.patch +++ /dev/null @@ -1,31 +0,0 @@ -From: Mark Adler -Date: Sat, 30 Jul 2022 15:51:11 -0700 -Subject: [PATCH] Fix a bug when getting a gzip header extra field with - inflate(). - -If the extra field was larger than the space the user provided with -inflateGetHeader(), and if multiple calls of inflate() delivered -the extra header data, then there could be a buffer overflow of the -provided space. This commit assures that provided space is not -exceeded. ---- - inflate.c | 5 +++-- - 1 file changed, 3 insertions(+), 2 deletions(-) - -diff --git a/inflate.c b/inflate.c -index 7be8c63662a7..7a728974923a 100644 ---- a/inflate.c -+++ b/inflate.c -@@ -763,9 +763,10 @@ int flush; - copy = state->length; - if (copy > have) copy = have; - if (copy) { -+ len = state->head->extra_len - state->length; - if (state->head != Z_NULL && -- state->head->extra != Z_NULL) { -- len = state->head->extra_len - state->length; -+ state->head->extra != Z_NULL && -+ len < state->head->extra_max) { - zmemcpy(state->head->extra + len, next, - len + copy > state->head->extra_max ? - state->head->extra_max - len : copy); diff --git a/patches/zlib-1.2.12/0003-Fix-extra-field-processing-bug-that-dereferences-NUL.patch b/patches/zlib-1.2.12/0003-Fix-extra-field-processing-bug-that-dereferences-NUL.patch deleted file mode 100644 index 381c52128..000000000 --- a/patches/zlib-1.2.12/0003-Fix-extra-field-processing-bug-that-dereferences-NUL.patch +++ /dev/null @@ -1,28 +0,0 @@ -From: Mark Adler -Date: Mon, 8 Aug 2022 10:50:09 -0700 -Subject: [PATCH] Fix extra field processing bug that dereferences NULL - state->head. - -The recent commit to fix a gzip header extra field processing bug -introduced the new bug fixed here. ---- - inflate.c | 4 ++-- - 1 file changed, 2 insertions(+), 2 deletions(-) - -diff --git a/inflate.c b/inflate.c -index 7a728974923a..2a3c4fe98464 100644 ---- a/inflate.c -+++ b/inflate.c -@@ -763,10 +763,10 @@ int flush; - copy = state->length; - if (copy > have) copy = have; - if (copy) { -- len = state->head->extra_len - state->length; - if (state->head != Z_NULL && - state->head->extra != Z_NULL && -- len < state->head->extra_max) { -+ (len = state->head->extra_len - state->length) < -+ state->head->extra_max) { - zmemcpy(state->head->extra + len, next, - len + copy > state->head->extra_max ? - state->head->extra_max - len : copy); diff --git a/patches/zlib-1.2.12/series b/patches/zlib-1.2.12/series deleted file mode 100644 index 5287c5835..000000000 --- a/patches/zlib-1.2.12/series +++ /dev/null @@ -1,6 +0,0 @@ -# generated by git-ptx-patches -#tag:base --start-number 1 -0001-Fix-configure-issue-that-discarded-provided-CC-defin.patch -0002-Fix-a-bug-when-getting-a-gzip-header-extra-field-wit.patch -0003-Fix-extra-field-processing-bug-that-dereferences-NUL.patch -# cd27facc69e3374f1354a2aca57309ec - git-ptx-patches magic diff --git a/rules/zlib.make b/rules/zlib.make index dcfca75af..4ae0aaea4 100644 --- a/rules/zlib.make +++ b/rules/zlib.make @@ -15,8 +15,8 @@ PACKAGES-$(PTXCONF_ZLIB) += zlib # # Paths and names # -ZLIB_VERSION := 1.2.12 -ZLIB_MD5 := 28687d676c04e7103bb6ff2b9694c471 +ZLIB_VERSION := 1.2.13 +ZLIB_MD5 := 7d9fc1d78ae2fa3e84fe98b77d006c63 ZLIB := zlib-$(ZLIB_VERSION) ZLIB_SUFFIX := tar.xz ZLIB_URL := \ @@ -25,7 +25,8 @@ ZLIB_URL := \ ZLIB_SOURCE := $(SRCDIR)/$(ZLIB).$(ZLIB_SUFFIX) ZLIB_DIR := $(BUILDDIR)/$(ZLIB) ZLIB_LICENSE := Zlib -ZLIB_LICENSE_FILES := file://README;md5=7ae390a32824ef4d6316800962e5c66f +ZLIB_LICENSE_FILES := \ + file://LICENSE;md5=b51a40671bc46e961c0498897742c0b8 # ---------------------------------------------------------------------------- # Prepare -- 2.34.1