From mboxrd@z Thu Jan  1 00:00:00 1970
Delivery-date: Wed, 19 Oct 2022 07:38:58 +0200
Received: from metis.ext.pengutronix.de ([2001:67c:670:201:290:27ff:fe1d:cc33])
	by lore.white.stw.pengutronix.de with esmtps  (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
	(Exim 4.94.2)
	(envelope-from <ptxdist-bounces+lore=lore.pengutronix.de@pengutronix.de>)
	id 1ol1nA-000GDw-Ap
	for lore@lore.pengutronix.de; Wed, 19 Oct 2022 07:38:58 +0200
Received: from localhost ([127.0.0.1] helo=metis.ext.pengutronix.de)
	by metis.ext.pengutronix.de with esmtp (Exim 4.92)
	(envelope-from <ptxdist-bounces@pengutronix.de>)
	id 1ol1n7-0000Sk-9q; Wed, 19 Oct 2022 07:38:57 +0200
Received: from drehscheibe.grey.stw.pengutronix.de ([2a0a:edc0:0:c01:1d::a2])
 by metis.ext.pengutronix.de with esmtps
 (TLS1.3:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.92)
 (envelope-from <mol@pengutronix.de>)
 id 1ol1mh-0000Sa-T6; Wed, 19 Oct 2022 07:38:31 +0200
Received: from [2a0a:edc0:0:1101:1d::54] (helo=dude05.red.stw.pengutronix.de)
 by drehscheibe.grey.stw.pengutronix.de with esmtp (Exim 4.94.2)
 (envelope-from <mol@pengutronix.de>)
 id 1ol1mg-0002uK-Uc; Wed, 19 Oct 2022 07:38:30 +0200
Received: from mol by dude05.red.stw.pengutronix.de with local (Exim 4.94.2)
 (envelope-from <mol@pengutronix.de>)
 id 1ol1mf-001g98-U8; Wed, 19 Oct 2022 07:38:29 +0200
Date: Wed, 19 Oct 2022 07:38:29 +0200
From: Michael Olbrich <m.olbrich@pengutronix.de>
To: Christian Melki <christian.melki@t2data.com>
Message-ID: <Y0+NVWbsx/w7Rl3O@pengutronix.de>
Mail-Followup-To: Christian Melki <christian.melki@t2data.com>,
 ptxdist@pengutronix.de
References: <20221014140723.531912-1-christian.melki@t2data.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <20221014140723.531912-1-christian.melki@t2data.com>
X-Sent-From: Pengutronix Hildesheim
X-URL: http://www.pengutronix.de/
X-IRC: #ptxdist @freenode
X-Accept-Language: de,en
X-Accept-Content-Type: text/plain
Subject: Re: [ptxdist] [PATCH] zlib: Version bump. 1.2.12 -> 1.2.13
X-BeenThere: ptxdist@pengutronix.de
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: PTXdist Development Mailing List <ptxdist.pengutronix.de>
List-Unsubscribe: <http://metis.pengutronix.de/cgi-bin/mailman/options/ptxdist>, 
 <mailto:ptxdist-request@pengutronix.de?subject=unsubscribe>
List-Archive: <http://metis.pengutronix.de/cgi-bin/mailman/private/ptxdist/>
List-Post: <mailto:ptxdist@pengutronix.de>
List-Help: <mailto:ptxdist-request@pengutronix.de?subject=help>
List-Subscribe: <http://metis.pengutronix.de/cgi-bin/mailman/listinfo/ptxdist>, 
 <mailto:ptxdist-request@pengutronix.de?subject=subscribe>
Reply-To: ptxdist@pengutronix.de
Cc: ptxdist@pengutronix.de
Sender: "ptxdist" <ptxdist-bounces@pengutronix.de>
X-SA-Exim-Connect-IP: 127.0.0.1
X-SA-Exim-Mail-From: ptxdist-bounces@pengutronix.de
X-SA-Exim-Scanned: No (on metis.ext.pengutronix.de); SAEximRunCond expanded to false

On Fri, Oct 14, 2022 at 04:07:23PM +0200, Christian Melki wrote:
> https://zlib.net/
> Minor fixes in this release.
> Version bump plugs CVE-2022-37434.
> 
> * Remove all patches for 1.2.12. They're now fixed.
> * Reindent license file line.

The license checksum changed. Please check and add a comment here.

Michael

> Signed-off-by: Christian Melki <christian.melki@t2data.com>
> ---
>  ...sue-that-discarded-provided-CC-defin.patch | 23 --------------
>  ...etting-a-gzip-header-extra-field-wit.patch | 31 -------------------
>  ...processing-bug-that-dereferences-NUL.patch | 28 -----------------
>  patches/zlib-1.2.12/series                    |  6 ----
>  rules/zlib.make                               |  7 +++--
>  5 files changed, 4 insertions(+), 91 deletions(-)
>  delete mode 100644 patches/zlib-1.2.12/0001-Fix-configure-issue-that-discarded-provided-CC-defin.patch
>  delete mode 100644 patches/zlib-1.2.12/0002-Fix-a-bug-when-getting-a-gzip-header-extra-field-wit.patch
>  delete mode 100644 patches/zlib-1.2.12/0003-Fix-extra-field-processing-bug-that-dereferences-NUL.patch
>  delete mode 100644 patches/zlib-1.2.12/series
> 
> diff --git a/patches/zlib-1.2.12/0001-Fix-configure-issue-that-discarded-provided-CC-defin.patch b/patches/zlib-1.2.12/0001-Fix-configure-issue-that-discarded-provided-CC-defin.patch
> deleted file mode 100644
> index 63bdb67c0..000000000
> --- a/patches/zlib-1.2.12/0001-Fix-configure-issue-that-discarded-provided-CC-defin.patch
> +++ /dev/null
> @@ -1,23 +0,0 @@
> -From: Mark Adler <madler@alumni.caltech.edu>
> -Date: Mon, 28 Mar 2022 18:34:10 -0700
> -Subject: [PATCH] Fix configure issue that discarded provided CC definition.
> -
> ----
> - configure | 3 +++
> - 1 file changed, 3 insertions(+)
> -
> -diff --git a/configure b/configure
> -index 52ff4a04ea89..3fa3e8618f9c 100755
> ---- a/configure
> -+++ b/configure
> -@@ -174,7 +174,10 @@ if test -z "$CC"; then
> -   else
> -     cc=${CROSS_PREFIX}cc
> -   fi
> -+else
> -+  cc=${CC}
> - fi
> -+
> - cflags=${CFLAGS-"-O3"}
> - # to force the asm version use: CFLAGS="-O3 -DASMV" ./configure
> - case "$cc" in
> diff --git a/patches/zlib-1.2.12/0002-Fix-a-bug-when-getting-a-gzip-header-extra-field-wit.patch b/patches/zlib-1.2.12/0002-Fix-a-bug-when-getting-a-gzip-header-extra-field-wit.patch
> deleted file mode 100644
> index e8b36be46..000000000
> --- a/patches/zlib-1.2.12/0002-Fix-a-bug-when-getting-a-gzip-header-extra-field-wit.patch
> +++ /dev/null
> @@ -1,31 +0,0 @@
> -From: Mark Adler <fork@madler.net>
> -Date: Sat, 30 Jul 2022 15:51:11 -0700
> -Subject: [PATCH] Fix a bug when getting a gzip header extra field with
> - inflate().
> -
> -If the extra field was larger than the space the user provided with
> -inflateGetHeader(), and if multiple calls of inflate() delivered
> -the extra header data, then there could be a buffer overflow of the
> -provided space. This commit assures that provided space is not
> -exceeded.
> ----
> - inflate.c | 5 +++--
> - 1 file changed, 3 insertions(+), 2 deletions(-)
> -
> -diff --git a/inflate.c b/inflate.c
> -index 7be8c63662a7..7a728974923a 100644
> ---- a/inflate.c
> -+++ b/inflate.c
> -@@ -763,9 +763,10 @@ int flush;
> -                 copy = state->length;
> -                 if (copy > have) copy = have;
> -                 if (copy) {
> -+                    len = state->head->extra_len - state->length;
> -                     if (state->head != Z_NULL &&
> --                        state->head->extra != Z_NULL) {
> --                        len = state->head->extra_len - state->length;
> -+                        state->head->extra != Z_NULL &&
> -+                        len < state->head->extra_max) {
> -                         zmemcpy(state->head->extra + len, next,
> -                                 len + copy > state->head->extra_max ?
> -                                 state->head->extra_max - len : copy);
> diff --git a/patches/zlib-1.2.12/0003-Fix-extra-field-processing-bug-that-dereferences-NUL.patch b/patches/zlib-1.2.12/0003-Fix-extra-field-processing-bug-that-dereferences-NUL.patch
> deleted file mode 100644
> index 381c52128..000000000
> --- a/patches/zlib-1.2.12/0003-Fix-extra-field-processing-bug-that-dereferences-NUL.patch
> +++ /dev/null
> @@ -1,28 +0,0 @@
> -From: Mark Adler <fork@madler.net>
> -Date: Mon, 8 Aug 2022 10:50:09 -0700
> -Subject: [PATCH] Fix extra field processing bug that dereferences NULL
> - state->head.
> -
> -The recent commit to fix a gzip header extra field processing bug
> -introduced the new bug fixed here.
> ----
> - inflate.c | 4 ++--
> - 1 file changed, 2 insertions(+), 2 deletions(-)
> -
> -diff --git a/inflate.c b/inflate.c
> -index 7a728974923a..2a3c4fe98464 100644
> ---- a/inflate.c
> -+++ b/inflate.c
> -@@ -763,10 +763,10 @@ int flush;
> -                 copy = state->length;
> -                 if (copy > have) copy = have;
> -                 if (copy) {
> --                    len = state->head->extra_len - state->length;
> -                     if (state->head != Z_NULL &&
> -                         state->head->extra != Z_NULL &&
> --                        len < state->head->extra_max) {
> -+                        (len = state->head->extra_len - state->length) <
> -+                            state->head->extra_max) {
> -                         zmemcpy(state->head->extra + len, next,
> -                                 len + copy > state->head->extra_max ?
> -                                 state->head->extra_max - len : copy);
> diff --git a/patches/zlib-1.2.12/series b/patches/zlib-1.2.12/series
> deleted file mode 100644
> index 5287c5835..000000000
> --- a/patches/zlib-1.2.12/series
> +++ /dev/null
> @@ -1,6 +0,0 @@
> -# generated by git-ptx-patches
> -#tag:base --start-number 1
> -0001-Fix-configure-issue-that-discarded-provided-CC-defin.patch
> -0002-Fix-a-bug-when-getting-a-gzip-header-extra-field-wit.patch
> -0003-Fix-extra-field-processing-bug-that-dereferences-NUL.patch
> -# cd27facc69e3374f1354a2aca57309ec  - git-ptx-patches magic
> diff --git a/rules/zlib.make b/rules/zlib.make
> index dcfca75af..6a3362549 100644
> --- a/rules/zlib.make
> +++ b/rules/zlib.make
> @@ -15,8 +15,8 @@ PACKAGES-$(PTXCONF_ZLIB) += zlib
>  #
>  # Paths and names
>  #
> -ZLIB_VERSION	:= 1.2.12
> -ZLIB_MD5	:= 28687d676c04e7103bb6ff2b9694c471
> +ZLIB_VERSION	:= 1.2.13
> +ZLIB_MD5	:= 7d9fc1d78ae2fa3e84fe98b77d006c63
>  ZLIB		:= zlib-$(ZLIB_VERSION)
>  ZLIB_SUFFIX	:= tar.xz
>  ZLIB_URL	:= \
> @@ -25,7 +25,8 @@ ZLIB_URL	:= \
>  ZLIB_SOURCE	:= $(SRCDIR)/$(ZLIB).$(ZLIB_SUFFIX)
>  ZLIB_DIR	:= $(BUILDDIR)/$(ZLIB)
>  ZLIB_LICENSE	:= Zlib
> -ZLIB_LICENSE_FILES := file://README;md5=7ae390a32824ef4d6316800962e5c66f
> +ZLIB_LICENSE_FILES := \
> +	file://README;md5=7ae390a32824ef4d6316800962e5c66f
>  
>  # ----------------------------------------------------------------------------
>  # Prepare
> -- 
> 2.34.1
> 
> 
> 

-- 
Pengutronix e.K.                           |                             |
Steuerwalder Str. 21                       | http://www.pengutronix.de/  |
31137 Hildesheim, Germany                  | Phone: +49-5121-206917-0    |
Amtsgericht Hildesheim, HRA 2686           | Fax:   +49-5121-206917-5555 |