* [ptxdist] [PATCH v2] zlib: Version bump. 1.2.12 -> 1.2.13
@ 2022-10-19 7:18 Christian Melki
2022-10-28 14:44 ` [ptxdist] [APPLIED] " Michael Olbrich
0 siblings, 1 reply; 2+ messages in thread
From: Christian Melki @ 2022-10-19 7:18 UTC (permalink / raw)
To: ptxdist
https://zlib.net/
Minor fixes in this release.
Version bump plugs CVE-2022-37434.
* Remove all patches for 1.2.12. They're now fixed.
* Reindent license file line.
* Zlib added a real LICENSE file describing the zlib license.
Use that file instead of the README which changes every
release due to version numbering.
Signed-off-by: Christian Melki <christian.melki@t2data.com>
---
...sue-that-discarded-provided-CC-defin.patch | 23 --------------
| 31 -------------------
...processing-bug-that-dereferences-NUL.patch | 28 -----------------
patches/zlib-1.2.12/series | 6 ----
rules/zlib.make | 7 +++--
5 files changed, 4 insertions(+), 91 deletions(-)
delete mode 100644 patches/zlib-1.2.12/0001-Fix-configure-issue-that-discarded-provided-CC-defin.patch
delete mode 100644 patches/zlib-1.2.12/0002-Fix-a-bug-when-getting-a-gzip-header-extra-field-wit.patch
delete mode 100644 patches/zlib-1.2.12/0003-Fix-extra-field-processing-bug-that-dereferences-NUL.patch
delete mode 100644 patches/zlib-1.2.12/series
diff --git a/patches/zlib-1.2.12/0001-Fix-configure-issue-that-discarded-provided-CC-defin.patch b/patches/zlib-1.2.12/0001-Fix-configure-issue-that-discarded-provided-CC-defin.patch
deleted file mode 100644
index 63bdb67c0..000000000
--- a/patches/zlib-1.2.12/0001-Fix-configure-issue-that-discarded-provided-CC-defin.patch
+++ /dev/null
@@ -1,23 +0,0 @@
-From: Mark Adler <madler@alumni.caltech.edu>
-Date: Mon, 28 Mar 2022 18:34:10 -0700
-Subject: [PATCH] Fix configure issue that discarded provided CC definition.
-
----
- configure | 3 +++
- 1 file changed, 3 insertions(+)
-
-diff --git a/configure b/configure
-index 52ff4a04ea89..3fa3e8618f9c 100755
---- a/configure
-+++ b/configure
-@@ -174,7 +174,10 @@ if test -z "$CC"; then
- else
- cc=${CROSS_PREFIX}cc
- fi
-+else
-+ cc=${CC}
- fi
-+
- cflags=${CFLAGS-"-O3"}
- # to force the asm version use: CFLAGS="-O3 -DASMV" ./configure
- case "$cc" in
diff --git a/patches/zlib-1.2.12/0002-Fix-a-bug-when-getting-a-gzip-header-extra-field-wit.patch b/patches/zlib-1.2.12/0002-Fix-a-bug-when-getting-a-gzip-header-extra-field-wit.patch
deleted file mode 100644
index e8b36be46..000000000
--- a/patches/zlib-1.2.12/0002-Fix-a-bug-when-getting-a-gzip-header-extra-field-wit.patch
+++ /dev/null
@@ -1,31 +0,0 @@
-From: Mark Adler <fork@madler.net>
-Date: Sat, 30 Jul 2022 15:51:11 -0700
-Subject: [PATCH] Fix a bug when getting a gzip header extra field with
- inflate().
-
-If the extra field was larger than the space the user provided with
-inflateGetHeader(), and if multiple calls of inflate() delivered
-the extra header data, then there could be a buffer overflow of the
-provided space. This commit assures that provided space is not
-exceeded.
----
- inflate.c | 5 +++--
- 1 file changed, 3 insertions(+), 2 deletions(-)
-
-diff --git a/inflate.c b/inflate.c
-index 7be8c63662a7..7a728974923a 100644
---- a/inflate.c
-+++ b/inflate.c
-@@ -763,9 +763,10 @@ int flush;
- copy = state->length;
- if (copy > have) copy = have;
- if (copy) {
-+ len = state->head->extra_len - state->length;
- if (state->head != Z_NULL &&
-- state->head->extra != Z_NULL) {
-- len = state->head->extra_len - state->length;
-+ state->head->extra != Z_NULL &&
-+ len < state->head->extra_max) {
- zmemcpy(state->head->extra + len, next,
- len + copy > state->head->extra_max ?
- state->head->extra_max - len : copy);
diff --git a/patches/zlib-1.2.12/0003-Fix-extra-field-processing-bug-that-dereferences-NUL.patch b/patches/zlib-1.2.12/0003-Fix-extra-field-processing-bug-that-dereferences-NUL.patch
deleted file mode 100644
index 381c52128..000000000
--- a/patches/zlib-1.2.12/0003-Fix-extra-field-processing-bug-that-dereferences-NUL.patch
+++ /dev/null
@@ -1,28 +0,0 @@
-From: Mark Adler <fork@madler.net>
-Date: Mon, 8 Aug 2022 10:50:09 -0700
-Subject: [PATCH] Fix extra field processing bug that dereferences NULL
- state->head.
-
-The recent commit to fix a gzip header extra field processing bug
-introduced the new bug fixed here.
----
- inflate.c | 4 ++--
- 1 file changed, 2 insertions(+), 2 deletions(-)
-
-diff --git a/inflate.c b/inflate.c
-index 7a728974923a..2a3c4fe98464 100644
---- a/inflate.c
-+++ b/inflate.c
-@@ -763,10 +763,10 @@ int flush;
- copy = state->length;
- if (copy > have) copy = have;
- if (copy) {
-- len = state->head->extra_len - state->length;
- if (state->head != Z_NULL &&
- state->head->extra != Z_NULL &&
-- len < state->head->extra_max) {
-+ (len = state->head->extra_len - state->length) <
-+ state->head->extra_max) {
- zmemcpy(state->head->extra + len, next,
- len + copy > state->head->extra_max ?
- state->head->extra_max - len : copy);
diff --git a/patches/zlib-1.2.12/series b/patches/zlib-1.2.12/series
deleted file mode 100644
index 5287c5835..000000000
--- a/patches/zlib-1.2.12/series
+++ /dev/null
@@ -1,6 +0,0 @@
-# generated by git-ptx-patches
-#tag:base --start-number 1
-0001-Fix-configure-issue-that-discarded-provided-CC-defin.patch
-0002-Fix-a-bug-when-getting-a-gzip-header-extra-field-wit.patch
-0003-Fix-extra-field-processing-bug-that-dereferences-NUL.patch
-# cd27facc69e3374f1354a2aca57309ec - git-ptx-patches magic
diff --git a/rules/zlib.make b/rules/zlib.make
index dcfca75af..4ae0aaea4 100644
--- a/rules/zlib.make
+++ b/rules/zlib.make
@@ -15,8 +15,8 @@ PACKAGES-$(PTXCONF_ZLIB) += zlib
#
# Paths and names
#
-ZLIB_VERSION := 1.2.12
-ZLIB_MD5 := 28687d676c04e7103bb6ff2b9694c471
+ZLIB_VERSION := 1.2.13
+ZLIB_MD5 := 7d9fc1d78ae2fa3e84fe98b77d006c63
ZLIB := zlib-$(ZLIB_VERSION)
ZLIB_SUFFIX := tar.xz
ZLIB_URL := \
@@ -25,7 +25,8 @@ ZLIB_URL := \
ZLIB_SOURCE := $(SRCDIR)/$(ZLIB).$(ZLIB_SUFFIX)
ZLIB_DIR := $(BUILDDIR)/$(ZLIB)
ZLIB_LICENSE := Zlib
-ZLIB_LICENSE_FILES := file://README;md5=7ae390a32824ef4d6316800962e5c66f
+ZLIB_LICENSE_FILES := \
+ file://LICENSE;md5=b51a40671bc46e961c0498897742c0b8
# ----------------------------------------------------------------------------
# Prepare
--
2.34.1
^ permalink raw reply [flat|nested] 2+ messages in thread
* Re: [ptxdist] [APPLIED] zlib: Version bump. 1.2.12 -> 1.2.13
2022-10-19 7:18 [ptxdist] [PATCH v2] zlib: Version bump. 1.2.12 -> 1.2.13 Christian Melki
@ 2022-10-28 14:44 ` Michael Olbrich
0 siblings, 0 replies; 2+ messages in thread
From: Michael Olbrich @ 2022-10-28 14:44 UTC (permalink / raw)
To: ptxdist; +Cc: Christian Melki
Thanks, applied as 03f1deb5adf18ef54014476c1b82ca5efa04780b.
Michael
[sent from post-receive hook]
On Fri, 28 Oct 2022 16:44:18 +0200, Christian Melki <christian.melki@t2data.com> wrote:
> https://zlib.net/
> Minor fixes in this release.
> Version bump plugs CVE-2022-37434.
>
> * Remove all patches for 1.2.12. They're now fixed.
> * Reindent license file line.
> * Zlib added a real LICENSE file describing the zlib license.
> Use that file instead of the README which changes every
> release due to version numbering.
>
> Signed-off-by: Christian Melki <christian.melki@t2data.com>
> Message-Id: <20221019071827.3557341-1-christian.melki@t2data.com>
> Acked-by: Denis Osterland-Heim <denis.osterland@diehl.com>
> Signed-off-by: Michael Olbrich <m.olbrich@pengutronix.de>
>
> diff --git a/patches/zlib-1.2.12/0001-Fix-configure-issue-that-discarded-provided-CC-defin.patch b/patches/zlib-1.2.12/0001-Fix-configure-issue-that-discarded-provided-CC-defin.patch
> deleted file mode 100644
> index 63bdb67c0225..000000000000
> --- a/patches/zlib-1.2.12/0001-Fix-configure-issue-that-discarded-provided-CC-defin.patch
> +++ /dev/null
> @@ -1,23 +0,0 @@
> -From: Mark Adler <madler@alumni.caltech.edu>
> -Date: Mon, 28 Mar 2022 18:34:10 -0700
> -Subject: [PATCH] Fix configure issue that discarded provided CC definition.
> -
> ----
> - configure | 3 +++
> - 1 file changed, 3 insertions(+)
> -
> -diff --git a/configure b/configure
> -index 52ff4a04ea89..3fa3e8618f9c 100755
> ---- a/configure
> -+++ b/configure
> -@@ -174,7 +174,10 @@ if test -z "$CC"; then
> - else
> - cc=${CROSS_PREFIX}cc
> - fi
> -+else
> -+ cc=${CC}
> - fi
> -+
> - cflags=${CFLAGS-"-O3"}
> - # to force the asm version use: CFLAGS="-O3 -DASMV" ./configure
> - case "$cc" in
> diff --git a/patches/zlib-1.2.12/0002-Fix-a-bug-when-getting-a-gzip-header-extra-field-wit.patch b/patches/zlib-1.2.12/0002-Fix-a-bug-when-getting-a-gzip-header-extra-field-wit.patch
> deleted file mode 100644
> index e8b36be46ac3..000000000000
> --- a/patches/zlib-1.2.12/0002-Fix-a-bug-when-getting-a-gzip-header-extra-field-wit.patch
> +++ /dev/null
> @@ -1,31 +0,0 @@
> -From: Mark Adler <fork@madler.net>
> -Date: Sat, 30 Jul 2022 15:51:11 -0700
> -Subject: [PATCH] Fix a bug when getting a gzip header extra field with
> - inflate().
> -
> -If the extra field was larger than the space the user provided with
> -inflateGetHeader(), and if multiple calls of inflate() delivered
> -the extra header data, then there could be a buffer overflow of the
> -provided space. This commit assures that provided space is not
> -exceeded.
> ----
> - inflate.c | 5 +++--
> - 1 file changed, 3 insertions(+), 2 deletions(-)
> -
> -diff --git a/inflate.c b/inflate.c
> -index 7be8c63662a7..7a728974923a 100644
> ---- a/inflate.c
> -+++ b/inflate.c
> -@@ -763,9 +763,10 @@ int flush;
> - copy = state->length;
> - if (copy > have) copy = have;
> - if (copy) {
> -+ len = state->head->extra_len - state->length;
> - if (state->head != Z_NULL &&
> -- state->head->extra != Z_NULL) {
> -- len = state->head->extra_len - state->length;
> -+ state->head->extra != Z_NULL &&
> -+ len < state->head->extra_max) {
> - zmemcpy(state->head->extra + len, next,
> - len + copy > state->head->extra_max ?
> - state->head->extra_max - len : copy);
> diff --git a/patches/zlib-1.2.12/0003-Fix-extra-field-processing-bug-that-dereferences-NUL.patch b/patches/zlib-1.2.12/0003-Fix-extra-field-processing-bug-that-dereferences-NUL.patch
> deleted file mode 100644
> index 381c5212898c..000000000000
> --- a/patches/zlib-1.2.12/0003-Fix-extra-field-processing-bug-that-dereferences-NUL.patch
> +++ /dev/null
> @@ -1,28 +0,0 @@
> -From: Mark Adler <fork@madler.net>
> -Date: Mon, 8 Aug 2022 10:50:09 -0700
> -Subject: [PATCH] Fix extra field processing bug that dereferences NULL
> - state->head.
> -
> -The recent commit to fix a gzip header extra field processing bug
> -introduced the new bug fixed here.
> ----
> - inflate.c | 4 ++--
> - 1 file changed, 2 insertions(+), 2 deletions(-)
> -
> -diff --git a/inflate.c b/inflate.c
> -index 7a728974923a..2a3c4fe98464 100644
> ---- a/inflate.c
> -+++ b/inflate.c
> -@@ -763,10 +763,10 @@ int flush;
> - copy = state->length;
> - if (copy > have) copy = have;
> - if (copy) {
> -- len = state->head->extra_len - state->length;
> - if (state->head != Z_NULL &&
> - state->head->extra != Z_NULL &&
> -- len < state->head->extra_max) {
> -+ (len = state->head->extra_len - state->length) <
> -+ state->head->extra_max) {
> - zmemcpy(state->head->extra + len, next,
> - len + copy > state->head->extra_max ?
> - state->head->extra_max - len : copy);
> diff --git a/patches/zlib-1.2.12/series b/patches/zlib-1.2.12/series
> deleted file mode 100644
> index 5287c5835744..000000000000
> --- a/patches/zlib-1.2.12/series
> +++ /dev/null
> @@ -1,6 +0,0 @@
> -# generated by git-ptx-patches
> -#tag:base --start-number 1
> -0001-Fix-configure-issue-that-discarded-provided-CC-defin.patch
> -0002-Fix-a-bug-when-getting-a-gzip-header-extra-field-wit.patch
> -0003-Fix-extra-field-processing-bug-that-dereferences-NUL.patch
> -# cd27facc69e3374f1354a2aca57309ec - git-ptx-patches magic
> diff --git a/rules/zlib.make b/rules/zlib.make
> index dcfca75af018..4ae0aaea4ffa 100644
> --- a/rules/zlib.make
> +++ b/rules/zlib.make
> @@ -15,8 +15,8 @@ PACKAGES-$(PTXCONF_ZLIB) += zlib
> #
> # Paths and names
> #
> -ZLIB_VERSION := 1.2.12
> -ZLIB_MD5 := 28687d676c04e7103bb6ff2b9694c471
> +ZLIB_VERSION := 1.2.13
> +ZLIB_MD5 := 7d9fc1d78ae2fa3e84fe98b77d006c63
> ZLIB := zlib-$(ZLIB_VERSION)
> ZLIB_SUFFIX := tar.xz
> ZLIB_URL := \
> @@ -25,7 +25,8 @@ ZLIB_URL := \
> ZLIB_SOURCE := $(SRCDIR)/$(ZLIB).$(ZLIB_SUFFIX)
> ZLIB_DIR := $(BUILDDIR)/$(ZLIB)
> ZLIB_LICENSE := Zlib
> -ZLIB_LICENSE_FILES := file://README;md5=7ae390a32824ef4d6316800962e5c66f
> +ZLIB_LICENSE_FILES := \
> + file://LICENSE;md5=b51a40671bc46e961c0498897742c0b8
>
> # ----------------------------------------------------------------------------
> # Prepare
^ permalink raw reply [flat|nested] 2+ messages in thread
end of thread, other threads:[~2022-10-28 14:45 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2022-10-19 7:18 [ptxdist] [PATCH v2] zlib: Version bump. 1.2.12 -> 1.2.13 Christian Melki
2022-10-28 14:44 ` [ptxdist] [APPLIED] " Michael Olbrich
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox