diff options
author | Ross Burton <ross.burton@arm.com> | 2022-10-17 14:32:11 +0100 |
---|---|---|
committer | Richard Purdie <richard.purdie@linuxfoundation.org> | 2022-11-09 17:42:13 +0000 |
commit | baccaad9a0190d0259a381c72b3f5ad5438ad6d7 (patch) | |
tree | 1215eec5b4a0e1dcdc49cd2c7ced060abd76d517 /meta/recipes-core/zlib | |
parent | c5c4cbb024422bd76509af8917e4c288003326ff (diff) | |
download | poky-baccaad9a0190d0259a381c72b3f5ad5438ad6d7.tar.gz |
zlib: upgrade 1.2.12 -> 1.2.13
Changes in 1.2.13 (13 Oct 2022)
- Fix configure issue that discarded provided CC definition
- Correct incorrect inputs provided to the CRC functions
- Repair prototypes and exporting of new CRC functions
- Fix inflateBack to detect invalid input with distances too far
- Have infback() deliver all of the available output up to any error
- Fix a bug when getting a gzip header extra field with inflate()
- Fix bug in block type selection when Z_FIXED used
- Tighten deflateBound bounds
- Remove deleted assembler code references
- Various portability and appearance improvements
Drop a number of patches whicih have been merged upstream.
(From OE-Core rev: b7805c7daef0690e27d44aa18cf3946e3108abbf)
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
(cherry picked from commit 115eb5326dc7f9256d58147b3655cd13d5994cfc)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Diffstat (limited to 'meta/recipes-core/zlib')
-rw-r--r-- | meta/recipes-core/zlib/zlib/0001-Correct-incorrect-inputs-provided-to-the-CRC-functio.patch | 54 | ||||
-rw-r--r-- | meta/recipes-core/zlib/zlib/0001-Fix-a-bug-when-getting-a-gzip-header-extra-field-wit.patch | 38 | ||||
-rw-r--r-- | meta/recipes-core/zlib/zlib/0001-Fix-extra-field-processing-bug-that-dereferences-NUL.patch | 36 | ||||
-rw-r--r-- | meta/recipes-core/zlib/zlib/cc.patch | 27 | ||||
-rw-r--r-- | meta/recipes-core/zlib/zlib/ldflags-tests.patch | 45 | ||||
-rw-r--r-- | meta/recipes-core/zlib/zlib_1.2.13.bb (renamed from meta/recipes-core/zlib/zlib_1.2.12.bb) | 7 |
6 files changed, 1 insertions, 206 deletions
diff --git a/meta/recipes-core/zlib/zlib/0001-Correct-incorrect-inputs-provided-to-the-CRC-functio.patch b/meta/recipes-core/zlib/zlib/0001-Correct-incorrect-inputs-provided-to-the-CRC-functio.patch deleted file mode 100644 index ad5e59de04..0000000000 --- a/meta/recipes-core/zlib/zlib/0001-Correct-incorrect-inputs-provided-to-the-CRC-functio.patch +++ /dev/null | |||
@@ -1,54 +0,0 @@ | |||
1 | From ec3df00224d4b396e2ac6586ab5d25f673caa4c2 Mon Sep 17 00:00:00 2001 | ||
2 | From: Mark Adler <madler@alumni.caltech.edu> | ||
3 | Date: Wed, 30 Mar 2022 11:14:53 -0700 | ||
4 | Subject: [PATCH] Correct incorrect inputs provided to the CRC functions. | ||
5 | |||
6 | The previous releases of zlib were not sensitive to incorrect CRC | ||
7 | inputs with bits set above the low 32. This commit restores that | ||
8 | behavior, so that applications with such bugs will continue to | ||
9 | operate as before. | ||
10 | |||
11 | Upstream-Status: Backport [https://github.com/madler/zlib/commit/ec3df00224d4b396e2ac6586ab5d25f673caa4c2] | ||
12 | Signed-off-by: Jacob Kroon <jacob.kroon@gmail.com> | ||
13 | --- | ||
14 | crc32.c | 8 ++++---- | ||
15 | 1 file changed, 4 insertions(+), 4 deletions(-) | ||
16 | |||
17 | diff --git a/crc32.c b/crc32.c | ||
18 | index a1bdce5..451887b 100644 | ||
19 | --- a/crc32.c | ||
20 | +++ b/crc32.c | ||
21 | @@ -630,7 +630,7 @@ unsigned long ZEXPORT crc32_z(crc, buf, len) | ||
22 | #endif /* DYNAMIC_CRC_TABLE */ | ||
23 | |||
24 | /* Pre-condition the CRC */ | ||
25 | - crc ^= 0xffffffff; | ||
26 | + crc = (~crc) & 0xffffffff; | ||
27 | |||
28 | /* Compute the CRC up to a word boundary. */ | ||
29 | while (len && ((z_size_t)buf & 7) != 0) { | ||
30 | @@ -749,7 +749,7 @@ unsigned long ZEXPORT crc32_z(crc, buf, len) | ||
31 | #endif /* DYNAMIC_CRC_TABLE */ | ||
32 | |||
33 | /* Pre-condition the CRC */ | ||
34 | - crc ^= 0xffffffff; | ||
35 | + crc = (~crc) & 0xffffffff; | ||
36 | |||
37 | #ifdef W | ||
38 | |||
39 | @@ -1077,7 +1077,7 @@ uLong ZEXPORT crc32_combine64(crc1, crc2, len2) | ||
40 | #ifdef DYNAMIC_CRC_TABLE | ||
41 | once(&made, make_crc_table); | ||
42 | #endif /* DYNAMIC_CRC_TABLE */ | ||
43 | - return multmodp(x2nmodp(len2, 3), crc1) ^ crc2; | ||
44 | + return multmodp(x2nmodp(len2, 3), crc1) ^ (crc2 & 0xffffffff); | ||
45 | } | ||
46 | |||
47 | /* ========================================================================= */ | ||
48 | @@ -1112,5 +1112,5 @@ uLong crc32_combine_op(crc1, crc2, op) | ||
49 | uLong crc2; | ||
50 | uLong op; | ||
51 | { | ||
52 | - return multmodp(op, crc1) ^ crc2; | ||
53 | + return multmodp(op, crc1) ^ (crc2 & 0xffffffff); | ||
54 | } | ||
diff --git a/meta/recipes-core/zlib/zlib/0001-Fix-a-bug-when-getting-a-gzip-header-extra-field-wit.patch b/meta/recipes-core/zlib/zlib/0001-Fix-a-bug-when-getting-a-gzip-header-extra-field-wit.patch deleted file mode 100644 index 96ab563121..0000000000 --- a/meta/recipes-core/zlib/zlib/0001-Fix-a-bug-when-getting-a-gzip-header-extra-field-wit.patch +++ /dev/null | |||
@@ -1,38 +0,0 @@ | |||
1 | From eff308af425b67093bab25f80f1ae950166bece1 Mon Sep 17 00:00:00 2001 | ||
2 | From: Mark Adler <fork@madler.net> | ||
3 | Date: Sat, 30 Jul 2022 15:51:11 -0700 | ||
4 | Subject: [PATCH] Fix a bug when getting a gzip header extra field with inflate(). | ||
5 | |||
6 | If the extra field was larger than the space the user provided with | ||
7 | inflateGetHeader(), and if multiple calls of inflate() delivered | ||
8 | the extra header data, then there could be a buffer overflow of the | ||
9 | provided space. This commit assures that provided space is not | ||
10 | exceeded. | ||
11 | |||
12 | CVE: CVE-2022-37434 | ||
13 | Upstream-Status: Backport [https://github.com/madler/zlib/commit/eff308af425b67093bab25f80f1ae950166be] | ||
14 | Signed-off-by: Khem Raj <raj.khem@gmail.com> | ||
15 | --- | ||
16 | inflate.c | 5 +++-- | ||
17 | 1 file changed, 3 insertions(+), 2 deletions(-) | ||
18 | |||
19 | diff --git a/inflate.c b/inflate.c | ||
20 | index 7be8c63..7a72897 100644 | ||
21 | --- a/inflate.c | ||
22 | +++ b/inflate.c | ||
23 | @@ -763,9 +763,10 @@ int flush; | ||
24 | copy = state->length; | ||
25 | if (copy > have) copy = have; | ||
26 | if (copy) { | ||
27 | + len = state->head->extra_len - state->length; | ||
28 | if (state->head != Z_NULL && | ||
29 | - state->head->extra != Z_NULL) { | ||
30 | - len = state->head->extra_len - state->length; | ||
31 | + state->head->extra != Z_NULL && | ||
32 | + len < state->head->extra_max) { | ||
33 | zmemcpy(state->head->extra + len, next, | ||
34 | len + copy > state->head->extra_max ? | ||
35 | state->head->extra_max - len : copy); | ||
36 | -- | ||
37 | 2.37.2 | ||
38 | |||
diff --git a/meta/recipes-core/zlib/zlib/0001-Fix-extra-field-processing-bug-that-dereferences-NUL.patch b/meta/recipes-core/zlib/zlib/0001-Fix-extra-field-processing-bug-that-dereferences-NUL.patch deleted file mode 100644 index a0978c5f95..0000000000 --- a/meta/recipes-core/zlib/zlib/0001-Fix-extra-field-processing-bug-that-dereferences-NUL.patch +++ /dev/null | |||
@@ -1,36 +0,0 @@ | |||
1 | From 1eb7682f845ac9e9bf9ae35bbfb3bad5dacbd91d Mon Sep 17 00:00:00 2001 | ||
2 | From: Mark Adler <fork@madler.net> | ||
3 | Date: Mon, 8 Aug 2022 10:50:09 -0700 | ||
4 | Subject: [PATCH] Fix extra field processing bug that dereferences NULL | ||
5 | state->head. | ||
6 | |||
7 | The recent commit to fix a gzip header extra field processing bug | ||
8 | introduced the new bug fixed here. | ||
9 | |||
10 | CVE: CVE-2022-37434 | ||
11 | Upstream-Status: Backport [https://github.com/madler/zlib/commit/1eb7682f845ac9e9bf9ae35bbfb3bad5dacbd91d] | ||
12 | Signed-off-by: Khem Raj <raj.khem@gmail.com> | ||
13 | --- | ||
14 | inflate.c | 4 ++-- | ||
15 | 1 file changed, 2 insertions(+), 2 deletions(-) | ||
16 | |||
17 | diff --git a/inflate.c b/inflate.c | ||
18 | index 7a72897..2a3c4fe 100644 | ||
19 | --- a/inflate.c | ||
20 | +++ b/inflate.c | ||
21 | @@ -763,10 +763,10 @@ int flush; | ||
22 | copy = state->length; | ||
23 | if (copy > have) copy = have; | ||
24 | if (copy) { | ||
25 | - len = state->head->extra_len - state->length; | ||
26 | if (state->head != Z_NULL && | ||
27 | state->head->extra != Z_NULL && | ||
28 | - len < state->head->extra_max) { | ||
29 | + (len = state->head->extra_len - state->length) < | ||
30 | + state->head->extra_max) { | ||
31 | zmemcpy(state->head->extra + len, next, | ||
32 | len + copy > state->head->extra_max ? | ||
33 | state->head->extra_max - len : copy); | ||
34 | -- | ||
35 | 2.37.2 | ||
36 | |||
diff --git a/meta/recipes-core/zlib/zlib/cc.patch b/meta/recipes-core/zlib/zlib/cc.patch deleted file mode 100644 index 8fb974ded4..0000000000 --- a/meta/recipes-core/zlib/zlib/cc.patch +++ /dev/null | |||
@@ -1,27 +0,0 @@ | |||
1 | Upstream-Status: Backport | ||
2 | Signed-off-by: Ross Burton <ross.burton@arm.com> | ||
3 | |||
4 | From 05796d3d8d5546cf1b4dfe2cd72ab746afae505d Mon Sep 17 00:00:00 2001 | ||
5 | From: Mark Adler <madler@alumni.caltech.edu> | ||
6 | Date: Mon, 28 Mar 2022 18:34:10 -0700 | ||
7 | Subject: [PATCH] Fix configure issue that discarded provided CC definition. | ||
8 | |||
9 | --- | ||
10 | configure | 3 +++ | ||
11 | 1 file changed, 3 insertions(+) | ||
12 | |||
13 | diff --git a/configure b/configure | ||
14 | index 52ff4a04e..3fa3e8618 100755 | ||
15 | --- a/configure | ||
16 | +++ b/configure | ||
17 | @@ -174,7 +174,10 @@ if test -z "$CC"; then | ||
18 | else | ||
19 | cc=${CROSS_PREFIX}cc | ||
20 | fi | ||
21 | +else | ||
22 | + cc=${CC} | ||
23 | fi | ||
24 | + | ||
25 | cflags=${CFLAGS-"-O3"} | ||
26 | # to force the asm version use: CFLAGS="-O3 -DASMV" ./configure | ||
27 | case "$cc" in | ||
diff --git a/meta/recipes-core/zlib/zlib/ldflags-tests.patch b/meta/recipes-core/zlib/zlib/ldflags-tests.patch deleted file mode 100644 index 286390665f..0000000000 --- a/meta/recipes-core/zlib/zlib/ldflags-tests.patch +++ /dev/null | |||
@@ -1,45 +0,0 @@ | |||
1 | Obey LDFLAGS for tests | ||
2 | |||
3 | Upstream-Status: Submitted [https://github.com/madler/zlib/pull/409] | ||
4 | Signed-off-by: Ross Burton <ross.burton@intel.com> | ||
5 | |||
6 | --- zlib-1.2.8.orig/Makefile.in | ||
7 | +++ zlib-1.2.8/Makefile.in | ||
8 | @@ -26,7 +26,7 @@ CFLAGS=-O | ||
9 | |||
10 | SFLAGS=-O | ||
11 | LDFLAGS= | ||
12 | -TEST_LDFLAGS=-L. libz.a | ||
13 | +TEST_LDFLAGS=-L. $(LDFLAGS) | ||
14 | LDSHARED=$(CC) | ||
15 | CPP=$(CC) -E | ||
16 | |||
17 | @@ -176,22 +176,22 @@ placebo $(SHAREDLIBV): $(PIC_OBJS) libz. | ||
18 | -@rmdir objs | ||
19 | |||
20 | example$(EXE): example.o $(STATICLIB) | ||
21 | - $(CC) $(CFLAGS) -o $@ example.o $(TEST_LDFLAGS) | ||
22 | + $(CC) $(CFLAGS) -o $@ example.o $(TEST_LDFLAGS) $(STATICLIB) | ||
23 | |||
24 | minigzip$(EXE): minigzip.o $(STATICLIB) | ||
25 | - $(CC) $(CFLAGS) -o $@ minigzip.o $(TEST_LDFLAGS) | ||
26 | + $(CC) $(CFLAGS) -o $@ minigzip.o $(TEST_LDFLAGS) $(STATICLIB) | ||
27 | |||
28 | examplesh$(EXE): example.o $(SHAREDLIBV) | ||
29 | - $(CC) $(CFLAGS) -o $@ example.o -L. $(SHAREDLIBV) | ||
30 | + $(CC) $(CFLAGS) -o $@ example.o $(TEST_LDFLAGS) $(SHAREDLIBV) | ||
31 | |||
32 | minigzipsh$(EXE): minigzip.o $(SHAREDLIBV) | ||
33 | - $(CC) $(CFLAGS) -o $@ minigzip.o -L. $(SHAREDLIBV) | ||
34 | + $(CC) $(CFLAGS) -o $@ minigzip.o $(TEST_LDFLAGS) $(SHAREDLIBV) | ||
35 | |||
36 | example64$(EXE): example64.o $(STATICLIB) | ||
37 | - $(CC) $(CFLAGS) -o $@ example64.o $(TEST_LDFLAGS) | ||
38 | + $(CC) $(CFLAGS) -o $@ example64.o $(TEST_LDFLAGS) $(STATICLIB) | ||
39 | |||
40 | minigzip64$(EXE): minigzip64.o $(STATICLIB) | ||
41 | - $(CC) $(CFLAGS) -o $@ minigzip64.o $(TEST_LDFLAGS) | ||
42 | + $(CC) $(CFLAGS) -o $@ minigzip64.o $(TEST_LDFLAGS) $(STATICLIB) | ||
43 | |||
44 | install-libs: $(LIBS) | ||
45 | -@if [ ! -d $(DESTDIR)$(exec_prefix) ]; then mkdir -p $(DESTDIR)$(exec_prefix); fi | ||
diff --git a/meta/recipes-core/zlib/zlib_1.2.12.bb b/meta/recipes-core/zlib/zlib_1.2.13.bb index 9ec78b95be..ec977a3035 100644 --- a/meta/recipes-core/zlib/zlib_1.2.12.bb +++ b/meta/recipes-core/zlib/zlib_1.2.13.bb | |||
@@ -8,17 +8,12 @@ LIC_FILES_CHKSUM = "file://zlib.h;beginline=6;endline=23;md5=5377232268e952e9ef6 | |||
8 | 8 | ||
9 | # The source tarball needs to be .gz as only the .gz ends up in fossils/ | 9 | # The source tarball needs to be .gz as only the .gz ends up in fossils/ |
10 | SRC_URI = "https://zlib.net/${BP}.tar.gz \ | 10 | SRC_URI = "https://zlib.net/${BP}.tar.gz \ |
11 | file://cc.patch \ | ||
12 | file://ldflags-tests.patch \ | ||
13 | file://0001-configure-Pass-LDFLAGS-to-link-tests.patch \ | 11 | file://0001-configure-Pass-LDFLAGS-to-link-tests.patch \ |
14 | file://run-ptest \ | 12 | file://run-ptest \ |
15 | file://0001-Correct-incorrect-inputs-provided-to-the-CRC-functio.patch \ | ||
16 | file://0001-Fix-a-bug-when-getting-a-gzip-header-extra-field-wit.patch \ | ||
17 | file://0001-Fix-extra-field-processing-bug-that-dereferences-NUL.patch \ | ||
18 | " | 13 | " |
19 | UPSTREAM_CHECK_URI = "http://zlib.net/" | 14 | UPSTREAM_CHECK_URI = "http://zlib.net/" |
20 | 15 | ||
21 | SRC_URI[sha256sum] = "91844808532e5ce316b3c010929493c0244f3d37593afd6de04f71821d5136d9" | 16 | SRC_URI[sha256sum] = "b3a24de97a8fdbc835b9833169501030b8977031bcb54b3b3ac13740f846ab30" |
22 | 17 | ||
23 | # When a new release is made the previous release is moved to fossils/, so add this | 18 | # When a new release is made the previous release is moved to fossils/, so add this |
24 | # to PREMIRRORS so it is also searched automatically. | 19 | # to PREMIRRORS so it is also searched automatically. |