From mboxrd@z Thu Jan 1 00:00:00 1970 Delivery-date: Fri, 28 Oct 2022 16:45:05 +0200 Received: from metis.ext.pengutronix.de ([2001:67c:670:201:290:27ff:fe1d:cc33]) by lore.white.stw.pengutronix.de with esmtps (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.94.2) (envelope-from ) id 1ooQbZ-005SaO-D7 for lore@lore.pengutronix.de; Fri, 28 Oct 2022 16:45:05 +0200 Received: from localhost ([127.0.0.1] helo=metis.ext.pengutronix.de) by metis.ext.pengutronix.de with esmtp (Exim 4.92) (envelope-from ) id 1ooQbY-00082J-EZ; Fri, 28 Oct 2022 16:45:04 +0200 Received: from drehscheibe.grey.stw.pengutronix.de ([2a0a:edc0:0:c01:1d::a2]) by metis.ext.pengutronix.de with esmtps (TLS1.3:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.92) (envelope-from ) id 1ooQaq-0006Mu-4w; Fri, 28 Oct 2022 16:44:20 +0200 Received: from [2a0a:edc0:0:1101:1d::54] (helo=dude05.red.stw.pengutronix.de) by drehscheibe.grey.stw.pengutronix.de with esmtp (Exim 4.94.2) (envelope-from ) id 1ooQaq-000v2Z-D8; Fri, 28 Oct 2022 16:44:19 +0200 Received: from mol by dude05.red.stw.pengutronix.de with local (Exim 4.94.2) (envelope-from ) id 1ooQao-009TSr-Jh; Fri, 28 Oct 2022 16:44:18 +0200 From: Michael Olbrich To: ptxdist@pengutronix.de Date: Fri, 28 Oct 2022 16:44:18 +0200 Message-Id: <20221028144418.2257679-1-m.olbrich@pengutronix.de> X-Mailer: git-send-email 2.30.2 In-Reply-To: <20221019071827.3557341-1-christian.melki@t2data.com> References: <20221019071827.3557341-1-christian.melki@t2data.com> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Subject: Re: [ptxdist] [APPLIED] zlib: Version bump. 1.2.12 -> 1.2.13 X-BeenThere: ptxdist@pengutronix.de X-Mailman-Version: 2.1.29 Precedence: list List-Id: PTXdist Development Mailing List List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Reply-To: ptxdist@pengutronix.de Cc: Christian Melki Sender: "ptxdist" X-SA-Exim-Connect-IP: 127.0.0.1 X-SA-Exim-Mail-From: ptxdist-bounces@pengutronix.de X-SA-Exim-Scanned: No (on metis.ext.pengutronix.de); SAEximRunCond expanded to false Thanks, applied as 03f1deb5adf18ef54014476c1b82ca5efa04780b. Michael [sent from post-receive hook] On Fri, 28 Oct 2022 16:44:18 +0200, Christian Melki wrote: > https://zlib.net/ > Minor fixes in this release. > Version bump plugs CVE-2022-37434. > > * Remove all patches for 1.2.12. They're now fixed. > * Reindent license file line. > * Zlib added a real LICENSE file describing the zlib license. > Use that file instead of the README which changes every > release due to version numbering. > > Signed-off-by: Christian Melki > Message-Id: <20221019071827.3557341-1-christian.melki@t2data.com> > Acked-by: Denis Osterland-Heim > Signed-off-by: Michael Olbrich > > diff --git a/patches/zlib-1.2.12/0001-Fix-configure-issue-that-discarded-provided-CC-defin.patch b/patches/zlib-1.2.12/0001-Fix-configure-issue-that-discarded-provided-CC-defin.patch > deleted file mode 100644 > index 63bdb67c0225..000000000000 > --- a/patches/zlib-1.2.12/0001-Fix-configure-issue-that-discarded-provided-CC-defin.patch > +++ /dev/null > @@ -1,23 +0,0 @@ > -From: Mark Adler > -Date: Mon, 28 Mar 2022 18:34:10 -0700 > -Subject: [PATCH] Fix configure issue that discarded provided CC definition. > - > ---- > - configure | 3 +++ > - 1 file changed, 3 insertions(+) > - > -diff --git a/configure b/configure > -index 52ff4a04ea89..3fa3e8618f9c 100755 > ---- a/configure > -+++ b/configure > -@@ -174,7 +174,10 @@ if test -z "$CC"; then > - else > - cc=${CROSS_PREFIX}cc > - fi > -+else > -+ cc=${CC} > - fi > -+ > - cflags=${CFLAGS-"-O3"} > - # to force the asm version use: CFLAGS="-O3 -DASMV" ./configure > - case "$cc" in > diff --git a/patches/zlib-1.2.12/0002-Fix-a-bug-when-getting-a-gzip-header-extra-field-wit.patch b/patches/zlib-1.2.12/0002-Fix-a-bug-when-getting-a-gzip-header-extra-field-wit.patch > deleted file mode 100644 > index e8b36be46ac3..000000000000 > --- a/patches/zlib-1.2.12/0002-Fix-a-bug-when-getting-a-gzip-header-extra-field-wit.patch > +++ /dev/null > @@ -1,31 +0,0 @@ > -From: Mark Adler > -Date: Sat, 30 Jul 2022 15:51:11 -0700 > -Subject: [PATCH] Fix a bug when getting a gzip header extra field with > - inflate(). > - > -If the extra field was larger than the space the user provided with > -inflateGetHeader(), and if multiple calls of inflate() delivered > -the extra header data, then there could be a buffer overflow of the > -provided space. This commit assures that provided space is not > -exceeded. > ---- > - inflate.c | 5 +++-- > - 1 file changed, 3 insertions(+), 2 deletions(-) > - > -diff --git a/inflate.c b/inflate.c > -index 7be8c63662a7..7a728974923a 100644 > ---- a/inflate.c > -+++ b/inflate.c > -@@ -763,9 +763,10 @@ int flush; > - copy = state->length; > - if (copy > have) copy = have; > - if (copy) { > -+ len = state->head->extra_len - state->length; > - if (state->head != Z_NULL && > -- state->head->extra != Z_NULL) { > -- len = state->head->extra_len - state->length; > -+ state->head->extra != Z_NULL && > -+ len < state->head->extra_max) { > - zmemcpy(state->head->extra + len, next, > - len + copy > state->head->extra_max ? > - state->head->extra_max - len : copy); > diff --git a/patches/zlib-1.2.12/0003-Fix-extra-field-processing-bug-that-dereferences-NUL.patch b/patches/zlib-1.2.12/0003-Fix-extra-field-processing-bug-that-dereferences-NUL.patch > deleted file mode 100644 > index 381c5212898c..000000000000 > --- a/patches/zlib-1.2.12/0003-Fix-extra-field-processing-bug-that-dereferences-NUL.patch > +++ /dev/null > @@ -1,28 +0,0 @@ > -From: Mark Adler > -Date: Mon, 8 Aug 2022 10:50:09 -0700 > -Subject: [PATCH] Fix extra field processing bug that dereferences NULL > - state->head. > - > -The recent commit to fix a gzip header extra field processing bug > -introduced the new bug fixed here. > ---- > - inflate.c | 4 ++-- > - 1 file changed, 2 insertions(+), 2 deletions(-) > - > -diff --git a/inflate.c b/inflate.c > -index 7a728974923a..2a3c4fe98464 100644 > ---- a/inflate.c > -+++ b/inflate.c > -@@ -763,10 +763,10 @@ int flush; > - copy = state->length; > - if (copy > have) copy = have; > - if (copy) { > -- len = state->head->extra_len - state->length; > - if (state->head != Z_NULL && > - state->head->extra != Z_NULL && > -- len < state->head->extra_max) { > -+ (len = state->head->extra_len - state->length) < > -+ state->head->extra_max) { > - zmemcpy(state->head->extra + len, next, > - len + copy > state->head->extra_max ? > - state->head->extra_max - len : copy); > diff --git a/patches/zlib-1.2.12/series b/patches/zlib-1.2.12/series > deleted file mode 100644 > index 5287c5835744..000000000000 > --- a/patches/zlib-1.2.12/series > +++ /dev/null > @@ -1,6 +0,0 @@ > -# generated by git-ptx-patches > -#tag:base --start-number 1 > -0001-Fix-configure-issue-that-discarded-provided-CC-defin.patch > -0002-Fix-a-bug-when-getting-a-gzip-header-extra-field-wit.patch > -0003-Fix-extra-field-processing-bug-that-dereferences-NUL.patch > -# cd27facc69e3374f1354a2aca57309ec - git-ptx-patches magic > diff --git a/rules/zlib.make b/rules/zlib.make > index dcfca75af018..4ae0aaea4ffa 100644 > --- a/rules/zlib.make > +++ b/rules/zlib.make > @@ -15,8 +15,8 @@ PACKAGES-$(PTXCONF_ZLIB) += zlib > # > # Paths and names > # > -ZLIB_VERSION := 1.2.12 > -ZLIB_MD5 := 28687d676c04e7103bb6ff2b9694c471 > +ZLIB_VERSION := 1.2.13 > +ZLIB_MD5 := 7d9fc1d78ae2fa3e84fe98b77d006c63 > ZLIB := zlib-$(ZLIB_VERSION) > ZLIB_SUFFIX := tar.xz > ZLIB_URL := \ > @@ -25,7 +25,8 @@ ZLIB_URL := \ > ZLIB_SOURCE := $(SRCDIR)/$(ZLIB).$(ZLIB_SUFFIX) > ZLIB_DIR := $(BUILDDIR)/$(ZLIB) > ZLIB_LICENSE := Zlib > -ZLIB_LICENSE_FILES := file://README;md5=7ae390a32824ef4d6316800962e5c66f > +ZLIB_LICENSE_FILES := \ > + file://LICENSE;md5=b51a40671bc46e961c0498897742c0b8 > > # ---------------------------------------------------------------------------- > # Prepare