From 2c601e39d39f35ce0bf883967443f33cb15abf36 Mon Sep 17 00:00:00 2001 From: Mikhail Lappo Date: Fri, 14 Oct 2022 08:44:21 +0200 Subject: [PATCH 1/3] (#13463) zlib: Bump to 1.2.13 Especially important to fix CVE 2022 37434 --- recipes/zlib/all/conandata.yml | 5 +++++ recipes/zlib/config.yml | 2 ++ 2 files changed, 7 insertions(+) diff --git a/recipes/zlib/all/conandata.yml b/recipes/zlib/all/conandata.yml index d63ae3f0966b2..ae05d8e768bb5 100644 --- a/recipes/zlib/all/conandata.yml +++ b/recipes/zlib/all/conandata.yml @@ -1,4 +1,7 @@ sources: + "1.2.13": + url: "https://zlib.net/fossils/zlib-1.2.13.tar.gz" + sha256: "b3a24de97a8fdbc835b9833169501030b8977031bcb54b3b3ac13740f846ab30" "1.2.12": url: "https://zlib.net/fossils/zlib-1.2.12.tar.gz" sha256: "91844808532e5ce316b3c010929493c0244f3d37593afd6de04f71821d5136d9" @@ -6,6 +9,8 @@ sources: url: "https://zlib.net/fossils/zlib-1.2.11.tar.gz" sha256: "c3e5e9fdd5004dcb542feda5ee4f0ff0744628baf8ed2dd5d66f8ca1197cb1a1" patches: + "1.2.13": + - patch_file: "patches/0002-gzguts-xcode12-compile-fix.patch" "1.2.12": - patch_file: "patches/0001-fix-cmake.patch" - patch_file: "patches/0002-gzguts-xcode12-compile-fix.patch" diff --git a/recipes/zlib/config.yml b/recipes/zlib/config.yml index a92270f2d870a..351c06f68201f 100644 --- a/recipes/zlib/config.yml +++ b/recipes/zlib/config.yml @@ -1,4 +1,6 @@ versions: + "1.2.13": + folder: all "1.2.12": folder: all "1.2.11": From 4d699394812f7ca00d9e0c6556f9dc019398e435 Mon Sep 17 00:00:00 2001 From: Mikhail Lappo Date: Fri, 14 Oct 2022 13:37:58 +0200 Subject: [PATCH 2/3] Rebase Fix-Cmake patch --- recipes/zlib/all/conandata.yml | 17 +-- .../all/patches/1.2.13/0001-Fix-cmake.patch | 118 ++++++++++++++++++ .../patches/{ => 1.2.x}/0001-fix-cmake.patch | 0 .../0002-gzguts-xcode12-compile-fix.patch | 0 .../0003-gzguts-fix-widechar-condition.patch | 0 ...etting-a-gzip-header-extra-field-wit.patch | 0 ...processing-bug-that-dereferences-NUL.patch | 0 7 files changed, 127 insertions(+), 8 deletions(-) create mode 100644 recipes/zlib/all/patches/1.2.13/0001-Fix-cmake.patch rename recipes/zlib/all/patches/{ => 1.2.x}/0001-fix-cmake.patch (100%) rename recipes/zlib/all/patches/{ => 1.2.x}/0002-gzguts-xcode12-compile-fix.patch (100%) rename recipes/zlib/all/patches/{ => 1.2.x}/0003-gzguts-fix-widechar-condition.patch (100%) rename recipes/zlib/all/patches/{ => 1.2.x}/0004-Fix-a-bug-when-getting-a-gzip-header-extra-field-wit.patch (100%) rename recipes/zlib/all/patches/{ => 1.2.x}/0005-Fix-extra-field-processing-bug-that-dereferences-NUL.patch (100%) diff --git a/recipes/zlib/all/conandata.yml b/recipes/zlib/all/conandata.yml index ae05d8e768bb5..c3b210214cdbf 100644 --- a/recipes/zlib/all/conandata.yml +++ b/recipes/zlib/all/conandata.yml @@ -10,22 +10,23 @@ sources: sha256: "c3e5e9fdd5004dcb542feda5ee4f0ff0744628baf8ed2dd5d66f8ca1197cb1a1" patches: "1.2.13": - - patch_file: "patches/0002-gzguts-xcode12-compile-fix.patch" + - patch_file: "patches/1.2.13/0001-fix-cmake.patch" + - patch_file: "patches/1.2.x/0002-gzguts-xcode12-compile-fix.patch" "1.2.12": - - patch_file: "patches/0001-fix-cmake.patch" - - patch_file: "patches/0002-gzguts-xcode12-compile-fix.patch" - - patch_file: "patches/0004-Fix-a-bug-when-getting-a-gzip-header-extra-field-wit.patch" + - patch_file: "patches/1.2.x/0001-fix-cmake.patch" + - patch_file: "patches/1.2.x/0002-gzguts-xcode12-compile-fix.patch" + - patch_file: "patches/1.2.x/0004-Fix-a-bug-when-getting-a-gzip-header-extra-field-wit.patch" patch_description: "CVE-2022-37434: Fix a bug when getting a gzip header extra field with inflate()" patch_type: "vulnerability" patch_source: "https://github.com/madler/zlib/commit/eff308af425b67093bab25f80f1ae950166bece1" sha256: "15e3c177dc2a034a22e02490a97ba5b1719aae3f8129a06c16d727b661d1650f" - - patch_file: "patches/0005-Fix-extra-field-processing-bug-that-dereferences-NUL.patch" + - patch_file: "patches/1.2.x/0005-Fix-extra-field-processing-bug-that-dereferences-NUL.patch" patch_description: "CVE-2022-37434: Fix extra field processing bug that dereferences NULL state->head" patch_type: "vulnerability" patch_source: "https://github.com/madler/zlib/commit/1eb7682f845ac9e9bf9ae35bbfb3bad5dacbd91d" sha256: "cdd69eb3251728b1875c8ecae6427b50aa750b4045ef984ab79b6c07b7e6dd3a" "1.2.11": - - patch_file: "patches/0001-fix-cmake.patch" - - patch_file: "patches/0002-gzguts-xcode12-compile-fix.patch" + - patch_file: "patches/1.2.x/0001-fix-cmake.patch" + - patch_file: "patches/1.2.x/0002-gzguts-xcode12-compile-fix.patch" # https://github.com/madler/zlib/issues/268 - - patch_file: "patches/0003-gzguts-fix-widechar-condition.patch" + - patch_file: "patches/1.2.x/0003-gzguts-fix-widechar-condition.patch" diff --git a/recipes/zlib/all/patches/1.2.13/0001-Fix-cmake.patch b/recipes/zlib/all/patches/1.2.13/0001-Fix-cmake.patch new file mode 100644 index 0000000000000..ede4babb2e94c --- /dev/null +++ b/recipes/zlib/all/patches/1.2.13/0001-Fix-cmake.patch @@ -0,0 +1,118 @@ +From 9a709a43549fbe23ca41eeb450d4c71e3b78c8c4 Mon Sep 17 00:00:00 2001 +From: Mikhail Lappo +Date: Fri, 14 Oct 2022 13:29:56 +0200 +Subject: [PATCH] Fix cmake + +--- + CMakeLists.txt | 33 +++++++++++++++++++++------------ + 1 file changed, 21 insertions(+), 12 deletions(-) + +diff --git a/CMakeLists.txt b/CMakeLists.txt +index b412dc7..a5284ed 100644 +--- a/CMakeLists.txt ++++ b/CMakeLists.txt +@@ -1,4 +1,4 @@ +-cmake_minimum_required(VERSION 2.4.4) ++cmake_minimum_required(VERSION 3.0) # it's important to have https://cmake.org/cmake/help/latest/policy/CMP0042.html#policy:CMP0042 + set(CMAKE_ALLOW_LOOSE_LOOP_CONSTRUCTS ON) + + project(zlib C) +@@ -57,7 +57,6 @@ endif() + check_include_file(unistd.h Z_HAVE_UNISTD_H) + + if(MSVC) +- set(CMAKE_DEBUG_POSTFIX "d") + add_definitions(-D_CRT_SECURE_NO_DEPRECATE) + add_definitions(-D_CRT_NONSTDC_NO_DEPRECATE) + include_directories(${CMAKE_CURRENT_SOURCE_DIR}) +@@ -80,7 +79,7 @@ configure_file( ${CMAKE_CURRENT_SOURCE_DIR}/zlib.pc.cmakein + ${ZLIB_PC} @ONLY) + configure_file( ${CMAKE_CURRENT_SOURCE_DIR}/zconf.h.cmakein + ${CMAKE_CURRENT_BINARY_DIR}/zconf.h @ONLY) +-include_directories(${CMAKE_CURRENT_BINARY_DIR} ${CMAKE_SOURCE_DIR}) ++include_directories(${CMAKE_CURRENT_BINARY_DIR} ${CMAKE_CURRENT_SOURCE_DIR}) + + + #============================================================================ +@@ -120,7 +119,7 @@ set(ZLIB_SRCS + zutil.c + ) + +-if(NOT MINGW) ++if(MSVC) + set(ZLIB_DLL_SRCS + win32/zlib1.rc # If present will override custom build rule below. + ) +@@ -131,7 +130,7 @@ file(READ ${CMAKE_CURRENT_SOURCE_DIR}/zlib.h _zlib_h_contents) + string(REGEX REPLACE ".*#define[ \t]+ZLIB_VERSION[ \t]+\"([-0-9A-Za-z.]+)\".*" + "\\1" ZLIB_FULL_VERSION ${_zlib_h_contents}) + +-if(MINGW) ++if(WIN32 AND NOT MSVC) + # This gets us DLL resource information when compiling on MinGW. + if(NOT CMAKE_RC_COMPILER) + set(CMAKE_RC_COMPILER windres.exe) +@@ -145,12 +144,15 @@ if(MINGW) + -o ${CMAKE_CURRENT_BINARY_DIR}/zlib1rc.obj + -i ${CMAKE_CURRENT_SOURCE_DIR}/win32/zlib1.rc) + set(ZLIB_DLL_SRCS ${CMAKE_CURRENT_BINARY_DIR}/zlib1rc.obj) +-endif(MINGW) ++endif() + ++if(BUILD_SHARED_LIBS) + add_library(zlib SHARED ${ZLIB_SRCS} ${ZLIB_DLL_SRCS} ${ZLIB_PUBLIC_HDRS} ${ZLIB_PRIVATE_HDRS}) +-add_library(zlibstatic STATIC ${ZLIB_SRCS} ${ZLIB_PUBLIC_HDRS} ${ZLIB_PRIVATE_HDRS}) + set_target_properties(zlib PROPERTIES DEFINE_SYMBOL ZLIB_DLL) + set_target_properties(zlib PROPERTIES SOVERSION 1) ++else() ++add_library(zlib STATIC ${ZLIB_SRCS} ${ZLIB_ASMS} ${ZLIB_PUBLIC_HDRS} ${ZLIB_PRIVATE_HDRS}) ++endif() + + if(NOT CYGWIN) + # This property causes shared libraries on Linux to have the full version +@@ -163,19 +165,24 @@ if(NOT CYGWIN) + set_target_properties(zlib PROPERTIES VERSION ${ZLIB_FULL_VERSION}) + endif() + +-if(UNIX) ++if(MSVC) ++ if(BUILD_SHARED_LIBS) ++ set_target_properties(zlib PROPERTIES ARCHIVE_OUTPUT_NAME zdll) ++ endif() ++else() + # On unix-like platforms the library is almost always called libz +- set_target_properties(zlib zlibstatic PROPERTIES OUTPUT_NAME z) ++ set_target_properties(zlib PROPERTIES OUTPUT_NAME z) + if(NOT APPLE) + set_target_properties(zlib PROPERTIES LINK_FLAGS "-Wl,--version-script,\"${CMAKE_CURRENT_SOURCE_DIR}/zlib.map\"") + endif() +-elseif(BUILD_SHARED_LIBS AND WIN32) ++endif() ++if(BUILD_SHARED_LIBS AND WIN32) + # Creates zlib1.dll when building shared library version +- set_target_properties(zlib PROPERTIES SUFFIX "1.dll") ++ set_target_properties(zlib PROPERTIES PREFIX "" RUNTIME_OUTPUT_NAME "zlib1") + endif() + + if(NOT SKIP_INSTALL_LIBRARIES AND NOT SKIP_INSTALL_ALL ) +- install(TARGETS zlib zlibstatic ++ install(TARGETS zlib + RUNTIME DESTINATION "${INSTALL_BIN_DIR}" + ARCHIVE DESTINATION "${INSTALL_LIB_DIR}" + LIBRARY DESTINATION "${INSTALL_LIB_DIR}" ) +@@ -194,6 +201,7 @@ endif() + # Example binaries + #============================================================================ + ++if(0) + add_executable(example test/example.c) + target_link_libraries(example zlib) + add_test(example example) +@@ -211,3 +219,4 @@ if(HAVE_OFF64_T) + target_link_libraries(minigzip64 zlib) + set_target_properties(minigzip64 PROPERTIES COMPILE_FLAGS "-D_FILE_OFFSET_BITS=64") + endif() ++endif() +-- +2.24.3 (Apple Git-128) + diff --git a/recipes/zlib/all/patches/0001-fix-cmake.patch b/recipes/zlib/all/patches/1.2.x/0001-fix-cmake.patch similarity index 100% rename from recipes/zlib/all/patches/0001-fix-cmake.patch rename to recipes/zlib/all/patches/1.2.x/0001-fix-cmake.patch diff --git a/recipes/zlib/all/patches/0002-gzguts-xcode12-compile-fix.patch b/recipes/zlib/all/patches/1.2.x/0002-gzguts-xcode12-compile-fix.patch similarity index 100% rename from recipes/zlib/all/patches/0002-gzguts-xcode12-compile-fix.patch rename to recipes/zlib/all/patches/1.2.x/0002-gzguts-xcode12-compile-fix.patch diff --git a/recipes/zlib/all/patches/0003-gzguts-fix-widechar-condition.patch b/recipes/zlib/all/patches/1.2.x/0003-gzguts-fix-widechar-condition.patch similarity index 100% rename from recipes/zlib/all/patches/0003-gzguts-fix-widechar-condition.patch rename to recipes/zlib/all/patches/1.2.x/0003-gzguts-fix-widechar-condition.patch diff --git a/recipes/zlib/all/patches/0004-Fix-a-bug-when-getting-a-gzip-header-extra-field-wit.patch b/recipes/zlib/all/patches/1.2.x/0004-Fix-a-bug-when-getting-a-gzip-header-extra-field-wit.patch similarity index 100% rename from recipes/zlib/all/patches/0004-Fix-a-bug-when-getting-a-gzip-header-extra-field-wit.patch rename to recipes/zlib/all/patches/1.2.x/0004-Fix-a-bug-when-getting-a-gzip-header-extra-field-wit.patch diff --git a/recipes/zlib/all/patches/0005-Fix-extra-field-processing-bug-that-dereferences-NUL.patch b/recipes/zlib/all/patches/1.2.x/0005-Fix-extra-field-processing-bug-that-dereferences-NUL.patch similarity index 100% rename from recipes/zlib/all/patches/0005-Fix-extra-field-processing-bug-that-dereferences-NUL.patch rename to recipes/zlib/all/patches/1.2.x/0005-Fix-extra-field-processing-bug-that-dereferences-NUL.patch From 3bbcd4f499d9a2bd35120a78fe10bc4bc73db724 Mon Sep 17 00:00:00 2001 From: Mikhail Lappo Date: Fri, 14 Oct 2022 14:04:39 +0200 Subject: [PATCH 3/3] Fix typo --- recipes/zlib/all/conandata.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/recipes/zlib/all/conandata.yml b/recipes/zlib/all/conandata.yml index c3b210214cdbf..e2abd8cd4f339 100644 --- a/recipes/zlib/all/conandata.yml +++ b/recipes/zlib/all/conandata.yml @@ -10,7 +10,7 @@ sources: sha256: "c3e5e9fdd5004dcb542feda5ee4f0ff0744628baf8ed2dd5d66f8ca1197cb1a1" patches: "1.2.13": - - patch_file: "patches/1.2.13/0001-fix-cmake.patch" + - patch_file: "patches/1.2.13/0001-Fix-cmake.patch" - patch_file: "patches/1.2.x/0002-gzguts-xcode12-compile-fix.patch" "1.2.12": - patch_file: "patches/1.2.x/0001-fix-cmake.patch"