NetCube-Systems-Austria/kumquat-buildroot
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

package/libzlib: bump to version 1.2.13

Browse Source 
- Drop all patches (already in version)
- Replace README by LICENSE file added with
  352cb28d12

https://github.com/madler/zlib/releases/tag/v1.2.13

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
This commit is contained in:
Fabrice Fontaine 2022-10-23 18:50:26 +02:00 committed by Thomas Petazzoni
parent 58cc3977e8
commit 5a948e32fe
5 changed files with 4 additions and 102 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

28
package/libzlib/0001-Fix-configure-issue-that-discarded-provided-CC-definition.patch
View File

@ -1,28 +0,0 @@
From 05796d3d8d5546cf1b4dfe2cd72ab746afae505d Mon Sep 17 00:00:00 2001
From: Mark Adler <madler@alumni.caltech.edu>
Date: Mon, 28 Mar 2022 18:34:10 -0700
Subject: [PATCH] Fix configure issue that discarded provided CC definition.
Downloaded from upstream commit:
https://github.com/madler/zlib/commit/05796d3d8d5546cf1b4dfe2cd72ab746afae505d
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
---
configure | 3 +++
1 file changed, 3 insertions(+)
diff --git a/configure b/configure
index 52ff4a04e..3fa3e8618 100755
--- a/configure
+++ b/configure
@@ -174,7 +174,10 @@ if test -z "$CC"; then
else
cc=${CROSS_PREFIX}cc
fi
+else
+ cc=${CC}
fi
+
cflags=${CFLAGS-"-O3"}
# to force the asm version use: CFLAGS="-O3 -DASMV" ./configure
case "$cc" in

35
package/libzlib/0002-fix-CVE-2022-37434.patch
View File

@ -1,35 +0,0 @@
From eff308af425b67093bab25f80f1ae950166bece1 Mon Sep 17 00:00:00 2001
From: Mark Adler <fork@madler.net>
Date: Sat, 30 Jul 2022 15:51:11 -0700
Subject: [PATCH] Fix a bug when getting a gzip header extra field with
inflate().
If the extra field was larger than the space the user provided with
inflateGetHeader(), and if multiple calls of inflate() delivered
the extra header data, then there could be a buffer overflow of the
provided space. This commit assures that provided space is not
exceeded.
Backported from: eff308af425b67093bab25f80f1ae950166bece1
Signed-off-by: Marcus Hoffmann <marcus.hoffmann@othermo.de>
---
inflate.c | 5 +++--
1 file changed, 3 insertions(+), 2 deletions(-)
diff --git a/inflate.c b/inflate.c
index 7be8c6366..7a7289749 100644
--- a/inflate.c
+++ b/inflate.c
@@ -763,9 +763,10 @@ int flush;
copy = state->length;
if (copy > have) copy = have;
if (copy) {
+ len = state->head->extra_len - state->length;
if (state->head != Z_NULL &&
- state->head->extra != Z_NULL) {
- len = state->head->extra_len - state->length;
+ state->head->extra != Z_NULL &&
+ len < state->head->extra_max) {
zmemcpy(state->head->extra + len, next,
len + copy > state->head->extra_max ?
state->head->extra_max - len : copy);

32
package/libzlib/0003-fix-CVE-2022-37434-regression.patch
View File

@ -1,32 +0,0 @@
From 1eb7682f845ac9e9bf9ae35bbfb3bad5dacbd91d Mon Sep 17 00:00:00 2001
From: Mark Adler <fork@madler.net>
Date: Mon, 8 Aug 2022 10:50:09 -0700
Subject: [PATCH] Fix extra field processing bug that dereferences NULL
state->head.
The recent commit to fix a gzip header extra field processing bug
introduced the new bug fixed here.
Backported from: 1eb7682f845ac9e9bf9ae35bbfb3bad5dacbd91d
Signed-off-by: Marcus Hoffmann <marcus.hoffmann@othermo.de>
---
inflate.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/inflate.c b/inflate.c
index 7a7289749..2a3c4fe98 100644
--- a/inflate.c
+++ b/inflate.c
@@ -763,10 +763,10 @@ int flush;
copy = state->length;
if (copy > have) copy = have;
if (copy) {
- len = state->head->extra_len - state->length;
if (state->head != Z_NULL &&
state->head->extra != Z_NULL &&
- len < state->head->extra_max) {
+ (len = state->head->extra_len - state->length) <
+ state->head->extra_max) {
zmemcpy(state->head->extra + len, next,
len + copy > state->head->extra_max ?
state->head->extra_max - len : copy);

4
package/libzlib/libzlib.hash
View File

@ -1,4 +1,4 @@
# From http://www.zlib.net/
sha256 7db46b8d7726232a621befaab4a1c870f00a90805511c0e0090441dac57def18 zlib-1.2.12.tar.xz
sha256 d14c38e313afc35a9a8760dadf26042f51ea0f5d154b0630a31da0540107fb98 zlib-1.2.13.tar.xz
# License files, locally calculated
sha256 fc2c3368901700f0acdeb1d8afeaca5923296768ec6824ecdf627aac396001fd README
sha256 845efc77857d485d91fb3e0b884aaa929368c717ae8186b66fe1ed2495753243 LICENSE

7
package/libzlib/libzlib.mk
View File

@ -4,19 +4,16 @@
#
################################################################################
LIBZLIB_VERSION = 1.2.12
LIBZLIB_VERSION = 1.2.13
LIBZLIB_SOURCE = zlib-$(LIBZLIB_VERSION).tar.xz
LIBZLIB_SITE = http://www.zlib.net
LIBZLIB_LICENSE = Zlib
LIBZLIB_LICENSE_FILES = README
LIBZLIB_LICENSE_FILES = LICENSE
LIBZLIB_INSTALL_STAGING = YES
LIBZLIB_PROVIDES = zlib
LIBZLIB_CPE_ID_VENDOR = zlib
LIBZLIB_CPE_ID_PRODUCT = zlib
# 0002-fix-CVE-2022-37434.patch
LIBZLIB_IGNORE_CVES = CVE-2022-37434
# It is not possible to build only a shared version of zlib, so we build both
# shared and static, unless we only want the static libs, and we eventually
# selectively remove what we do not want