From patchwork Mon Oct 17 13:32:09 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Ross Burton X-Patchwork-Id: 13925 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id BA61EC4332F for ; Mon, 17 Oct 2022 13:32:23 +0000 (UTC) Received: from foss.arm.com (foss.arm.com [217.140.110.172]) by mx.groups.io with SMTP id smtpd.web12.40932.1666013536795110182 for ; Mon, 17 Oct 2022 06:32:17 -0700 Authentication-Results: mx.groups.io; dkim=missing; spf=pass (domain: arm.com, ip: 217.140.110.172, mailfrom: ross.burton@arm.com) Received: from usa-sjc-imap-foss1.foss.arm.com (unknown [10.121.207.14]) by usa-sjc-mx-foss1.foss.arm.com (Postfix) with ESMTP id 932871042; Mon, 17 Oct 2022 06:32:22 -0700 (PDT) Received: from oss-tx204.lab.cambridge.arm.com (usa-sjc-imap-foss1.foss.arm.com [10.121.207.14]) by usa-sjc-imap-foss1.foss.arm.com (Postfix) with ESMTPSA id E67203F67D; Mon, 17 Oct 2022 06:32:15 -0700 (PDT) From: Ross Burton To: openembedded-core@lists.openembedded.org Cc: nd@arm.com Subject: [PATCH 1/3] zlib: use .gz archive and set a PREMIRROR Date: Mon, 17 Oct 2022 14:32:09 +0100 Message-Id: <20221017133211.212616-1-ross.burton@arm.com> X-Mailer: git-send-email 2.34.1 MIME-Version: 1.0 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Mon, 17 Oct 2022 13:32:23 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/171909 When a new zlib release is made, the top-level URL is no longer available and it is only available as a .gz under the /fossils/ directory. When this happens the source fetch fails and bitbake noisily warns that it is using the mirrors. Avoid this by using the .gz tarball and add the /fossils/ directory to PREMIRRORS so fetches will check there too. Signed-off-by: Ross Burton --- meta/recipes-core/zlib/zlib_1.2.12.bb | 9 +++++++-- 1 file changed, 7 insertions(+), 2 deletions(-) diff --git a/meta/recipes-core/zlib/zlib_1.2.12.bb b/meta/recipes-core/zlib/zlib_1.2.12.bb index b999f13530e..2491cb941f5 100644 --- a/meta/recipes-core/zlib/zlib_1.2.12.bb +++ b/meta/recipes-core/zlib/zlib_1.2.12.bb @@ -6,7 +6,8 @@ SECTION = "libs" LICENSE = "Zlib" LIC_FILES_CHKSUM = "file://zlib.h;beginline=6;endline=23;md5=5377232268e952e9ef63bc555f7aa6c0" -SRC_URI = "https://zlib.net/${BP}.tar.xz \ +# The source tarball needs to be .gz as only the .gz ends up in fossils/ +SRC_URI = "https://zlib.net/${BP}.tar.gz \ file://cc.patch \ file://ldflags-tests.patch \ file://0001-configure-Pass-LDFLAGS-to-link-tests.patch \ @@ -17,7 +18,11 @@ SRC_URI = "https://zlib.net/${BP}.tar.xz \ " UPSTREAM_CHECK_URI = "http://zlib.net/" -SRC_URI[sha256sum] = "7db46b8d7726232a621befaab4a1c870f00a90805511c0e0090441dac57def18" +SRC_URI[sha256sum] = "91844808532e5ce316b3c010929493c0244f3d37593afd6de04f71821d5136d9" + +# When a new release is made the previous release is moved to fossils/, so add this +# to PREMIRRORS so it is also searched automatically. +PREMIRRORS:append = " https://zlib.net/ https://zlib.net/fossils/" CFLAGS += "-D_REENTRANT" From patchwork Mon Oct 17 13:32:10 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Ross Burton X-Patchwork-Id: 13923 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id BB9FAC43219 for ; Mon, 17 Oct 2022 13:32:23 +0000 (UTC) Received: from foss.arm.com (foss.arm.com [217.140.110.172]) by mx.groups.io with SMTP id smtpd.web10.40874.1666013537509519161 for ; Mon, 17 Oct 2022 06:32:17 -0700 Authentication-Results: mx.groups.io; dkim=missing; spf=pass (domain: arm.com, ip: 217.140.110.172, mailfrom: ross.burton@arm.com) Received: from usa-sjc-imap-foss1.foss.arm.com (unknown [10.121.207.14]) by usa-sjc-mx-foss1.foss.arm.com (Postfix) with ESMTP id 64E8A113E; Mon, 17 Oct 2022 06:32:23 -0700 (PDT) Received: from oss-tx204.lab.cambridge.arm.com (usa-sjc-imap-foss1.foss.arm.com [10.121.207.14]) by usa-sjc-imap-foss1.foss.arm.com (Postfix) with ESMTPSA id 97FEB3F67D; Mon, 17 Oct 2022 06:32:16 -0700 (PDT) From: Ross Burton To: openembedded-core@lists.openembedded.org Cc: nd@arm.com Subject: [PATCH 2/3] zlib: do out-of-tree builds Date: Mon, 17 Oct 2022 14:32:10 +0100 Message-Id: <20221017133211.212616-2-ross.burton@arm.com> X-Mailer: git-send-email 2.34.1 In-Reply-To: <20221017133211.212616-1-ross.burton@arm.com> References: <20221017133211.212616-1-ross.burton@arm.com> MIME-Version: 1.0 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Mon, 17 Oct 2022 13:32:23 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/171910 zlib supports out-of-tree builds, so do them. Signed-off-by: Ross Burton --- meta/recipes-core/zlib/zlib_1.2.12.bb | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/meta/recipes-core/zlib/zlib_1.2.12.bb b/meta/recipes-core/zlib/zlib_1.2.12.bb index 2491cb941f5..9ec78b95be0 100644 --- a/meta/recipes-core/zlib/zlib_1.2.12.bb +++ b/meta/recipes-core/zlib/zlib_1.2.12.bb @@ -30,9 +30,12 @@ RDEPENDS:${PN}-ptest += "make" inherit ptest +B = "${WORKDIR}/build" + do_configure() { - LDCONFIG=true ./configure --prefix=${prefix} --shared --libdir=${libdir} --uname=GNU + LDCONFIG=true ${S}/configure --prefix=${prefix} --shared --libdir=${libdir} --uname=GNU } +do_configure[cleandirs] += "${B}" do_compile() { oe_runmake shared From patchwork Mon Oct 17 13:32:11 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Ross Burton X-Patchwork-Id: 13924 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id B974DC433FE for ; Mon, 17 Oct 2022 13:32:23 +0000 (UTC) Received: from foss.arm.com (foss.arm.com [217.140.110.172]) by mx.groups.io with SMTP id smtpd.web12.40934.1666013538333700195 for ; Mon, 17 Oct 2022 06:32:18 -0700 Authentication-Results: mx.groups.io; dkim=missing; spf=pass (domain: arm.com, ip: 217.140.110.172, mailfrom: ross.burton@arm.com) Received: from usa-sjc-imap-foss1.foss.arm.com (unknown [10.121.207.14]) by usa-sjc-mx-foss1.foss.arm.com (Postfix) with ESMTP id 437251042; Mon, 17 Oct 2022 06:32:24 -0700 (PDT) Received: from oss-tx204.lab.cambridge.arm.com (usa-sjc-imap-foss1.foss.arm.com [10.121.207.14]) by usa-sjc-imap-foss1.foss.arm.com (Postfix) with ESMTPSA id 763853F67D; Mon, 17 Oct 2022 06:32:17 -0700 (PDT) From: Ross Burton To: openembedded-core@lists.openembedded.org Cc: nd@arm.com Subject: [PATCH 3/3] zlib: upgrade 1.2.12 -> 1.2.13 Date: Mon, 17 Oct 2022 14:32:11 +0100 Message-Id: <20221017133211.212616-3-ross.burton@arm.com> X-Mailer: git-send-email 2.34.1 In-Reply-To: <20221017133211.212616-1-ross.burton@arm.com> References: <20221017133211.212616-1-ross.burton@arm.com> MIME-Version: 1.0 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Mon, 17 Oct 2022 13:32:23 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/171911 Drop a number of patches whicih have been merged upstream. Signed-off-by: Ross Burton --- ...t-inputs-provided-to-the-CRC-functio.patch | 54 ------------------- ...etting-a-gzip-header-extra-field-wit.patch | 38 ------------- ...processing-bug-that-dereferences-NUL.patch | 36 ------------- meta/recipes-core/zlib/zlib/cc.patch | 27 ---------- .../zlib/zlib/ldflags-tests.patch | 45 ---------------- .../zlib/{zlib_1.2.12.bb => zlib_1.2.13.bb} | 7 +-- 6 files changed, 1 insertion(+), 206 deletions(-) delete mode 100644 meta/recipes-core/zlib/zlib/0001-Correct-incorrect-inputs-provided-to-the-CRC-functio.patch delete mode 100644 meta/recipes-core/zlib/zlib/0001-Fix-a-bug-when-getting-a-gzip-header-extra-field-wit.patch delete mode 100644 meta/recipes-core/zlib/zlib/0001-Fix-extra-field-processing-bug-that-dereferences-NUL.patch delete mode 100644 meta/recipes-core/zlib/zlib/cc.patch delete mode 100644 meta/recipes-core/zlib/zlib/ldflags-tests.patch rename meta/recipes-core/zlib/{zlib_1.2.12.bb => zlib_1.2.13.bb} (75%) diff --git a/meta/recipes-core/zlib/zlib/0001-Correct-incorrect-inputs-provided-to-the-CRC-functio.patch b/meta/recipes-core/zlib/zlib/0001-Correct-incorrect-inputs-provided-to-the-CRC-functio.patch deleted file mode 100644 index ad5e59de040..00000000000 --- a/meta/recipes-core/zlib/zlib/0001-Correct-incorrect-inputs-provided-to-the-CRC-functio.patch +++ /dev/null @@ -1,54 +0,0 @@ -From ec3df00224d4b396e2ac6586ab5d25f673caa4c2 Mon Sep 17 00:00:00 2001 -From: Mark Adler -Date: Wed, 30 Mar 2022 11:14:53 -0700 -Subject: [PATCH] Correct incorrect inputs provided to the CRC functions. - -The previous releases of zlib were not sensitive to incorrect CRC -inputs with bits set above the low 32. This commit restores that -behavior, so that applications with such bugs will continue to -operate as before. - -Upstream-Status: Backport [https://github.com/madler/zlib/commit/ec3df00224d4b396e2ac6586ab5d25f673caa4c2] -Signed-off-by: Jacob Kroon ---- - crc32.c | 8 ++++---- - 1 file changed, 4 insertions(+), 4 deletions(-) - -diff --git a/crc32.c b/crc32.c -index a1bdce5..451887b 100644 ---- a/crc32.c -+++ b/crc32.c -@@ -630,7 +630,7 @@ unsigned long ZEXPORT crc32_z(crc, buf, len) - #endif /* DYNAMIC_CRC_TABLE */ - - /* Pre-condition the CRC */ -- crc ^= 0xffffffff; -+ crc = (~crc) & 0xffffffff; - - /* Compute the CRC up to a word boundary. */ - while (len && ((z_size_t)buf & 7) != 0) { -@@ -749,7 +749,7 @@ unsigned long ZEXPORT crc32_z(crc, buf, len) - #endif /* DYNAMIC_CRC_TABLE */ - - /* Pre-condition the CRC */ -- crc ^= 0xffffffff; -+ crc = (~crc) & 0xffffffff; - - #ifdef W - -@@ -1077,7 +1077,7 @@ uLong ZEXPORT crc32_combine64(crc1, crc2, len2) - #ifdef DYNAMIC_CRC_TABLE - once(&made, make_crc_table); - #endif /* DYNAMIC_CRC_TABLE */ -- return multmodp(x2nmodp(len2, 3), crc1) ^ crc2; -+ return multmodp(x2nmodp(len2, 3), crc1) ^ (crc2 & 0xffffffff); - } - - /* ========================================================================= */ -@@ -1112,5 +1112,5 @@ uLong crc32_combine_op(crc1, crc2, op) - uLong crc2; - uLong op; - { -- return multmodp(op, crc1) ^ crc2; -+ return multmodp(op, crc1) ^ (crc2 & 0xffffffff); - } diff --git a/meta/recipes-core/zlib/zlib/0001-Fix-a-bug-when-getting-a-gzip-header-extra-field-wit.patch b/meta/recipes-core/zlib/zlib/0001-Fix-a-bug-when-getting-a-gzip-header-extra-field-wit.patch deleted file mode 100644 index 96ab563121c..00000000000 --- a/meta/recipes-core/zlib/zlib/0001-Fix-a-bug-when-getting-a-gzip-header-extra-field-wit.patch +++ /dev/null @@ -1,38 +0,0 @@ -From eff308af425b67093bab25f80f1ae950166bece1 Mon Sep 17 00:00:00 2001 -From: Mark Adler -Date: Sat, 30 Jul 2022 15:51:11 -0700 -Subject: [PATCH] Fix a bug when getting a gzip header extra field with inflate(). - -If the extra field was larger than the space the user provided with -inflateGetHeader(), and if multiple calls of inflate() delivered -the extra header data, then there could be a buffer overflow of the -provided space. This commit assures that provided space is not -exceeded. - -CVE: CVE-2022-37434 -Upstream-Status: Backport [https://github.com/madler/zlib/commit/eff308af425b67093bab25f80f1ae950166be] -Signed-off-by: Khem Raj ---- - inflate.c | 5 +++-- - 1 file changed, 3 insertions(+), 2 deletions(-) - -diff --git a/inflate.c b/inflate.c -index 7be8c63..7a72897 100644 ---- a/inflate.c -+++ b/inflate.c -@@ -763,9 +763,10 @@ int flush; - copy = state->length; - if (copy > have) copy = have; - if (copy) { -+ len = state->head->extra_len - state->length; - if (state->head != Z_NULL && -- state->head->extra != Z_NULL) { -- len = state->head->extra_len - state->length; -+ state->head->extra != Z_NULL && -+ len < state->head->extra_max) { - zmemcpy(state->head->extra + len, next, - len + copy > state->head->extra_max ? - state->head->extra_max - len : copy); --- -2.37.2 - diff --git a/meta/recipes-core/zlib/zlib/0001-Fix-extra-field-processing-bug-that-dereferences-NUL.patch b/meta/recipes-core/zlib/zlib/0001-Fix-extra-field-processing-bug-that-dereferences-NUL.patch deleted file mode 100644 index a0978c5f953..00000000000 --- a/meta/recipes-core/zlib/zlib/0001-Fix-extra-field-processing-bug-that-dereferences-NUL.patch +++ /dev/null @@ -1,36 +0,0 @@ -From 1eb7682f845ac9e9bf9ae35bbfb3bad5dacbd91d Mon Sep 17 00:00:00 2001 -From: Mark Adler -Date: Mon, 8 Aug 2022 10:50:09 -0700 -Subject: [PATCH] Fix extra field processing bug that dereferences NULL - state->head. - -The recent commit to fix a gzip header extra field processing bug -introduced the new bug fixed here. - -CVE: CVE-2022-37434 -Upstream-Status: Backport [https://github.com/madler/zlib/commit/1eb7682f845ac9e9bf9ae35bbfb3bad5dacbd91d] -Signed-off-by: Khem Raj ---- - inflate.c | 4 ++-- - 1 file changed, 2 insertions(+), 2 deletions(-) - -diff --git a/inflate.c b/inflate.c -index 7a72897..2a3c4fe 100644 ---- a/inflate.c -+++ b/inflate.c -@@ -763,10 +763,10 @@ int flush; - copy = state->length; - if (copy > have) copy = have; - if (copy) { -- len = state->head->extra_len - state->length; - if (state->head != Z_NULL && - state->head->extra != Z_NULL && -- len < state->head->extra_max) { -+ (len = state->head->extra_len - state->length) < -+ state->head->extra_max) { - zmemcpy(state->head->extra + len, next, - len + copy > state->head->extra_max ? - state->head->extra_max - len : copy); --- -2.37.2 - diff --git a/meta/recipes-core/zlib/zlib/cc.patch b/meta/recipes-core/zlib/zlib/cc.patch deleted file mode 100644 index 8fb974ded4a..00000000000 --- a/meta/recipes-core/zlib/zlib/cc.patch +++ /dev/null @@ -1,27 +0,0 @@ -Upstream-Status: Backport -Signed-off-by: Ross Burton - -From 05796d3d8d5546cf1b4dfe2cd72ab746afae505d Mon Sep 17 00:00:00 2001 -From: Mark Adler -Date: Mon, 28 Mar 2022 18:34:10 -0700 -Subject: [PATCH] Fix configure issue that discarded provided CC definition. - ---- - configure | 3 +++ - 1 file changed, 3 insertions(+) - -diff --git a/configure b/configure -index 52ff4a04e..3fa3e8618 100755 ---- a/configure -+++ b/configure -@@ -174,7 +174,10 @@ if test -z "$CC"; then - else - cc=${CROSS_PREFIX}cc - fi -+else -+ cc=${CC} - fi -+ - cflags=${CFLAGS-"-O3"} - # to force the asm version use: CFLAGS="-O3 -DASMV" ./configure - case "$cc" in diff --git a/meta/recipes-core/zlib/zlib/ldflags-tests.patch b/meta/recipes-core/zlib/zlib/ldflags-tests.patch deleted file mode 100644 index 286390665f0..00000000000 --- a/meta/recipes-core/zlib/zlib/ldflags-tests.patch +++ /dev/null @@ -1,45 +0,0 @@ -Obey LDFLAGS for tests - -Upstream-Status: Submitted [https://github.com/madler/zlib/pull/409] -Signed-off-by: Ross Burton - ---- zlib-1.2.8.orig/Makefile.in -+++ zlib-1.2.8/Makefile.in -@@ -26,7 +26,7 @@ CFLAGS=-O - - SFLAGS=-O - LDFLAGS= --TEST_LDFLAGS=-L. libz.a -+TEST_LDFLAGS=-L. $(LDFLAGS) - LDSHARED=$(CC) - CPP=$(CC) -E - -@@ -176,22 +176,22 @@ placebo $(SHAREDLIBV): $(PIC_OBJS) libz. - -@rmdir objs - - example$(EXE): example.o $(STATICLIB) -- $(CC) $(CFLAGS) -o $@ example.o $(TEST_LDFLAGS) -+ $(CC) $(CFLAGS) -o $@ example.o $(TEST_LDFLAGS) $(STATICLIB) - - minigzip$(EXE): minigzip.o $(STATICLIB) -- $(CC) $(CFLAGS) -o $@ minigzip.o $(TEST_LDFLAGS) -+ $(CC) $(CFLAGS) -o $@ minigzip.o $(TEST_LDFLAGS) $(STATICLIB) - - examplesh$(EXE): example.o $(SHAREDLIBV) -- $(CC) $(CFLAGS) -o $@ example.o -L. $(SHAREDLIBV) -+ $(CC) $(CFLAGS) -o $@ example.o $(TEST_LDFLAGS) $(SHAREDLIBV) - - minigzipsh$(EXE): minigzip.o $(SHAREDLIBV) -- $(CC) $(CFLAGS) -o $@ minigzip.o -L. $(SHAREDLIBV) -+ $(CC) $(CFLAGS) -o $@ minigzip.o $(TEST_LDFLAGS) $(SHAREDLIBV) - - example64$(EXE): example64.o $(STATICLIB) -- $(CC) $(CFLAGS) -o $@ example64.o $(TEST_LDFLAGS) -+ $(CC) $(CFLAGS) -o $@ example64.o $(TEST_LDFLAGS) $(STATICLIB) - - minigzip64$(EXE): minigzip64.o $(STATICLIB) -- $(CC) $(CFLAGS) -o $@ minigzip64.o $(TEST_LDFLAGS) -+ $(CC) $(CFLAGS) -o $@ minigzip64.o $(TEST_LDFLAGS) $(STATICLIB) - - install-libs: $(LIBS) - -@if [ ! -d $(DESTDIR)$(exec_prefix) ]; then mkdir -p $(DESTDIR)$(exec_prefix); fi diff --git a/meta/recipes-core/zlib/zlib_1.2.12.bb b/meta/recipes-core/zlib/zlib_1.2.13.bb similarity index 75% rename from meta/recipes-core/zlib/zlib_1.2.12.bb rename to meta/recipes-core/zlib/zlib_1.2.13.bb index 9ec78b95be0..ec977a30354 100644 --- a/meta/recipes-core/zlib/zlib_1.2.12.bb +++ b/meta/recipes-core/zlib/zlib_1.2.13.bb @@ -8,17 +8,12 @@ LIC_FILES_CHKSUM = "file://zlib.h;beginline=6;endline=23;md5=5377232268e952e9ef6 # The source tarball needs to be .gz as only the .gz ends up in fossils/ SRC_URI = "https://zlib.net/${BP}.tar.gz \ - file://cc.patch \ - file://ldflags-tests.patch \ file://0001-configure-Pass-LDFLAGS-to-link-tests.patch \ file://run-ptest \ - file://0001-Correct-incorrect-inputs-provided-to-the-CRC-functio.patch \ - file://0001-Fix-a-bug-when-getting-a-gzip-header-extra-field-wit.patch \ - file://0001-Fix-extra-field-processing-bug-that-dereferences-NUL.patch \ " UPSTREAM_CHECK_URI = "http://zlib.net/" -SRC_URI[sha256sum] = "91844808532e5ce316b3c010929493c0244f3d37593afd6de04f71821d5136d9" +SRC_URI[sha256sum] = "b3a24de97a8fdbc835b9833169501030b8977031bcb54b3b3ac13740f846ab30" # When a new release is made the previous release is moved to fossils/, so add this # to PREMIRRORS so it is also searched automatically.