* [Buildroot] [PATCH 1/1] package/minizip-zlib: bump to version 1.3.1
@ 2024-01-26 22:13 Fabrice Fontaine
2024-02-05 21:32 ` Thomas Petazzoni via buildroot
0 siblings, 1 reply; 2+ messages in thread
From: Fabrice Fontaine @ 2024-01-26 22:13 UTC (permalink / raw)
To: buildroot; +Cc: Fabrice Fontaine
Drop patch (already in version)
https://github.com/madler/zlib/releases/tag/v1.3.1
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
---
| 39 -------------------
package/minizip-zlib/minizip-zlib.hash | 2 +-
package/minizip-zlib/minizip-zlib.mk | 4 +-
3 files changed, 2 insertions(+), 43 deletions(-)
delete mode 100644 package/minizip-zlib/0001-Reject-overflows-of-zip-header-fields-in-minizip.patch
diff --git a/package/minizip-zlib/0001-Reject-overflows-of-zip-header-fields-in-minizip.patch b/package/minizip-zlib/0001-Reject-overflows-of-zip-header-fields-in-minizip.patch
deleted file mode 100644
index f4eacc7fdc..0000000000
--- a/package/minizip-zlib/0001-Reject-overflows-of-zip-header-fields-in-minizip.patch
+++ /dev/null
@@ -1,39 +0,0 @@
-From 73331a6a0481067628f065ffe87bb1d8f787d10c Mon Sep 17 00:00:00 2001
-From: Hans Wennborg <hans@chromium.org>
-Date: Fri, 18 Aug 2023 11:05:33 +0200
-Subject: [PATCH] Reject overflows of zip header fields in minizip.
-
-This checks the lengths of the file name, extra field, and comment
-that would be put in the zip headers, and rejects them if they are
-too long. They are each limited to 65535 bytes in length by the zip
-format. This also avoids possible buffer overflows if the provided
-fields are too long.
-
-Upstream: https://github.com/madler/zlib/commit/73331a6a0481067628f065ffe87bb1d8f787d10c
-Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
----
- contrib/minizip/zip.c | 11 +++++++++++
- 1 file changed, 11 insertions(+)
-
-diff --git a/contrib/minizip/zip.c b/contrib/minizip/zip.c
-index 3d3d4cadd..0446109b2 100644
---- a/contrib/minizip/zip.c
-+++ b/contrib/minizip/zip.c
-@@ -1043,6 +1043,17 @@ extern int ZEXPORT zipOpenNewFileInZip4_64(zipFile file, const char* filename, c
- return ZIP_PARAMERROR;
- #endif
-
-+ // The filename and comment length must fit in 16 bits.
-+ if ((filename!=NULL) && (strlen(filename)>0xffff))
-+ return ZIP_PARAMERROR;
-+ if ((comment!=NULL) && (strlen(comment)>0xffff))
-+ return ZIP_PARAMERROR;
-+ // The extra field length must fit in 16 bits. If the member also requires
-+ // a Zip64 extra block, that will also need to fit within that 16-bit
-+ // length, but that will be checked for later.
-+ if ((size_extrafield_local>0xffff) || (size_extrafield_global>0xffff))
-+ return ZIP_PARAMERROR;
-+
- zi = (zip64_internal*)file;
-
- if (zi->in_opened_file_inzip == 1)
diff --git a/package/minizip-zlib/minizip-zlib.hash b/package/minizip-zlib/minizip-zlib.hash
index 23bfda8474..cbd9313870 100644
--- a/package/minizip-zlib/minizip-zlib.hash
+++ b/package/minizip-zlib/minizip-zlib.hash
@@ -1,4 +1,4 @@
# From http://www.zlib.net/
-sha256 8a9ba2898e1d0d774eca6ba5b4627a11e5588ba85c8851336eb38de4683050a7 zlib-1.3.tar.xz
+sha256 38ef96b8dfe510d42707d9c781877914792541133e1870841463bfa73f883e32 zlib-1.3.1.tar.xz
# License files, locally calculated
sha256 845efc77857d485d91fb3e0b884aaa929368c717ae8186b66fe1ed2495753243 LICENSE
diff --git a/package/minizip-zlib/minizip-zlib.mk b/package/minizip-zlib/minizip-zlib.mk
index 81fee3c687..6d4a2d2e20 100644
--- a/package/minizip-zlib/minizip-zlib.mk
+++ b/package/minizip-zlib/minizip-zlib.mk
@@ -4,7 +4,7 @@
#
################################################################################
-MINIZIP_ZLIB_VERSION = 1.3
+MINIZIP_ZLIB_VERSION = 1.3.1
MINIZIP_ZLIB_SOURCE = zlib-$(MINIZIP_ZLIB_VERSION).tar.xz
MINIZIP_ZLIB_SITE = http://www.zlib.net
MINIZIP_ZLIB_LICENSE = Zlib
@@ -16,7 +16,5 @@ MINIZIP_ZLIB_AUTORECONF = YES
MINIZIP_ZLIB_DEPENDENCIES = zlib
# demos must be disabled to avoid a conflict with BR2_PACKAGE_MINIZIP_DEMOS
MINIZIP_ZLIB_CONF_OPTS = --disable-demos
-# 0001-Reject-overflows-of-zip-header-fields-in-minizip.patch
-MINIZIP_ZLIB_IGNORE_CVES += CVE-2023-45853
$(eval $(autotools-package))
--
2.43.0
_______________________________________________
buildroot mailing list
buildroot@buildroot.org
https://lists.buildroot.org/mailman/listinfo/buildroot
^ permalink raw reply related [flat|nested] 2+ messages in thread
* Re: [Buildroot] [PATCH 1/1] package/minizip-zlib: bump to version 1.3.1
2024-01-26 22:13 [Buildroot] [PATCH 1/1] package/minizip-zlib: bump to version 1.3.1 Fabrice Fontaine
@ 2024-02-05 21:32 ` Thomas Petazzoni via buildroot
0 siblings, 0 replies; 2+ messages in thread
From: Thomas Petazzoni via buildroot @ 2024-02-05 21:32 UTC (permalink / raw)
To: Fabrice Fontaine; +Cc: buildroot
On Fri, 26 Jan 2024 23:13:23 +0100
Fabrice Fontaine <fontaine.fabrice@gmail.com> wrote:
> Drop patch (already in version)
>
> https://github.com/madler/zlib/releases/tag/v1.3.1
>
> Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
> ---
> ...lows-of-zip-header-fields-in-minizip.patch | 39 -------------------
> package/minizip-zlib/minizip-zlib.hash | 2 +-
> package/minizip-zlib/minizip-zlib.mk | 4 +-
> 3 files changed, 2 insertions(+), 43 deletions(-)
> delete mode 100644 package/minizip-zlib/0001-Reject-overflows-of-zip-header-fields-in-minizip.patch
Applied to master, thanks.
Thomas
--
Thomas Petazzoni, CTO, Bootlin
Embedded Linux and Kernel engineering
https://bootlin.com
_______________________________________________
buildroot mailing list
buildroot@buildroot.org
https://lists.buildroot.org/mailman/listinfo/buildroot
^ permalink raw reply [flat|nested] 2+ messages in thread
end of thread, other threads:[~2024-02-05 21:32 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2024-01-26 22:13 [Buildroot] [PATCH 1/1] package/minizip-zlib: bump to version 1.3.1 Fabrice Fontaine
2024-02-05 21:32 ` Thomas Petazzoni via buildroot
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.