* [Buildroot] [PATCH 1/1] package/minizip-zlib: bump to version 1.3.1
@ 2024-01-26 22:13 Fabrice Fontaine
2024-02-05 21:32 ` Thomas Petazzoni via buildroot
0 siblings, 1 reply; 2+ messages in thread
From: Fabrice Fontaine @ 2024-01-26 22:13 UTC (permalink / raw)
To: buildroot; +Cc: Fabrice Fontaine
Drop patch (already in version)
https://github.com/madler/zlib/releases/tag/v1.3.1
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
---
| 39 -------------------
package/minizip-zlib/minizip-zlib.hash | 2 +-
package/minizip-zlib/minizip-zlib.mk | 4 +-
3 files changed, 2 insertions(+), 43 deletions(-)
delete mode 100644 package/minizip-zlib/0001-Reject-overflows-of-zip-header-fields-in-minizip.patch
diff --git a/package/minizip-zlib/0001-Reject-overflows-of-zip-header-fields-in-minizip.patch b/package/minizip-zlib/0001-Reject-overflows-of-zip-header-fields-in-minizip.patch
deleted file mode 100644
index f4eacc7fdc..0000000000
--- a/package/minizip-zlib/0001-Reject-overflows-of-zip-header-fields-in-minizip.patch
+++ /dev/null
@@ -1,39 +0,0 @@
-From 73331a6a0481067628f065ffe87bb1d8f787d10c Mon Sep 17 00:00:00 2001
-From: Hans Wennborg <hans@chromium.org>
-Date: Fri, 18 Aug 2023 11:05:33 +0200
-Subject: [PATCH] Reject overflows of zip header fields in minizip.
-
-This checks the lengths of the file name, extra field, and comment
-that would be put in the zip headers, and rejects them if they are
-too long. They are each limited to 65535 bytes in length by the zip
-format. This also avoids possible buffer overflows if the provided
-fields are too long.
-
-Upstream: https://github.com/madler/zlib/commit/73331a6a0481067628f065ffe87bb1d8f787d10c
-Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
----
- contrib/minizip/zip.c | 11 +++++++++++
- 1 file changed, 11 insertions(+)
-
-diff --git a/contrib/minizip/zip.c b/contrib/minizip/zip.c
-index 3d3d4cadd..0446109b2 100644
---- a/contrib/minizip/zip.c
-+++ b/contrib/minizip/zip.c
-@@ -1043,6 +1043,17 @@ extern int ZEXPORT zipOpenNewFileInZip4_64(zipFile file, const char* filename, c
- return ZIP_PARAMERROR;
- #endif
-
-+ // The filename and comment length must fit in 16 bits.
-+ if ((filename!=NULL) && (strlen(filename)>0xffff))
-+ return ZIP_PARAMERROR;
-+ if ((comment!=NULL) && (strlen(comment)>0xffff))
-+ return ZIP_PARAMERROR;
-+ // The extra field length must fit in 16 bits. If the member also requires
-+ // a Zip64 extra block, that will also need to fit within that 16-bit
-+ // length, but that will be checked for later.
-+ if ((size_extrafield_local>0xffff) || (size_extrafield_global>0xffff))
-+ return ZIP_PARAMERROR;
-+
- zi = (zip64_internal*)file;
-
- if (zi->in_opened_file_inzip == 1)
diff --git a/package/minizip-zlib/minizip-zlib.hash b/package/minizip-zlib/minizip-zlib.hash
index 23bfda8474..cbd9313870 100644
--- a/package/minizip-zlib/minizip-zlib.hash
+++ b/package/minizip-zlib/minizip-zlib.hash
@@ -1,4 +1,4 @@
# From http://www.zlib.net/
-sha256 8a9ba2898e1d0d774eca6ba5b4627a11e5588ba85c8851336eb38de4683050a7 zlib-1.3.tar.xz
+sha256 38ef96b8dfe510d42707d9c781877914792541133e1870841463bfa73f883e32 zlib-1.3.1.tar.xz
# License files, locally calculated
sha256 845efc77857d485d91fb3e0b884aaa929368c717ae8186b66fe1ed2495753243 LICENSE
diff --git a/package/minizip-zlib/minizip-zlib.mk b/package/minizip-zlib/minizip-zlib.mk
index 81fee3c687..6d4a2d2e20 100644
--- a/package/minizip-zlib/minizip-zlib.mk
+++ b/package/minizip-zlib/minizip-zlib.mk
@@ -4,7 +4,7 @@
#
################################################################################
-MINIZIP_ZLIB_VERSION = 1.3
+MINIZIP_ZLIB_VERSION = 1.3.1
MINIZIP_ZLIB_SOURCE = zlib-$(MINIZIP_ZLIB_VERSION).tar.xz
MINIZIP_ZLIB_SITE = http://www.zlib.net
MINIZIP_ZLIB_LICENSE = Zlib
@@ -16,7 +16,5 @@ MINIZIP_ZLIB_AUTORECONF = YES
MINIZIP_ZLIB_DEPENDENCIES = zlib
# demos must be disabled to avoid a conflict with BR2_PACKAGE_MINIZIP_DEMOS
MINIZIP_ZLIB_CONF_OPTS = --disable-demos
-# 0001-Reject-overflows-of-zip-header-fields-in-minizip.patch
-MINIZIP_ZLIB_IGNORE_CVES += CVE-2023-45853
$(eval $(autotools-package))
--
2.43.0
_______________________________________________
buildroot mailing list
buildroot@buildroot.org
https://lists.buildroot.org/mailman/listinfo/buildroot
^ permalink raw reply related [flat|nested] 2+ messages in thread
* Re: [Buildroot] [PATCH 1/1] package/minizip-zlib: bump to version 1.3.1
2024-01-26 22:13 [Buildroot] [PATCH 1/1] package/minizip-zlib: bump to version 1.3.1 Fabrice Fontaine
@ 2024-02-05 21:32 ` Thomas Petazzoni via buildroot
0 siblings, 0 replies; 2+ messages in thread
From: Thomas Petazzoni via buildroot @ 2024-02-05 21:32 UTC (permalink / raw)
To: Fabrice Fontaine; +Cc: buildroot
On Fri, 26 Jan 2024 23:13:23 +0100
Fabrice Fontaine <fontaine.fabrice@gmail.com> wrote:
> Drop patch (already in version)
>
> https://github.com/madler/zlib/releases/tag/v1.3.1
>
> Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
> ---
> ...lows-of-zip-header-fields-in-minizip.patch | 39 -------------------
> package/minizip-zlib/minizip-zlib.hash | 2 +-
> package/minizip-zlib/minizip-zlib.mk | 4 +-
> 3 files changed, 2 insertions(+), 43 deletions(-)
> delete mode 100644 package/minizip-zlib/0001-Reject-overflows-of-zip-header-fields-in-minizip.patch
Applied to master, thanks.
Thomas
--
Thomas Petazzoni, CTO, Bootlin
Embedded Linux and Kernel engineering
https://bootlin.com
_______________________________________________
buildroot mailing list
buildroot@buildroot.org
https://lists.buildroot.org/mailman/listinfo/buildroot
^ permalink raw reply [flat|nested] 2+ messages in thread
end of thread, other threads:[~2024-02-05 21:32 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2024-01-26 22:13 [Buildroot] [PATCH 1/1] package/minizip-zlib: bump to version 1.3.1 Fabrice Fontaine
2024-02-05 21:32 ` Thomas Petazzoni via buildroot
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox