aboutsummaryrefslogtreecommitdiffstats
path: root/package/libs/zlib
Commit message (Collapse)AuthorAgeFilesLines
* zlib: update to 1.2.13Nick Hainke2022-11-137-339/+18
| | | | | | | | | | | | | | | | | | | | | | Remove "001-neon-implementation-of-adler32.patch" because upstreamed deleted assembler code optimizations: https://github.com/madler/zlib/commit/d0704a820186481da35d08f4b655881e1d32089f Remove upstreamed patches: - 006-fix-CVE-2022-37434.patch - 007-fix-null-dereference-in-fix-CVE-2022-37434.patch Refresh patches: - 002-arm-specific-optimisations-for-inflate.patch - 003-arm-specific-optimisations-for-inflate.patch - 004-attach-sourcefiles-in-patch-002-to-buildsystem.patch Switch to "https github.com" for downloading source files. Release Announcements: https://github.com/madler/zlib/releases/tag/v1.2.13 Signed-off-by: Nick Hainke <vincent@systemli.org>
* zlib: backport null dereference fixPetr Štetiar2022-08-091-0/+29
| | | | | | | | | | | | The curl developers found test case that crashed in their testing when using zlib patched against CVE-2022-37434, same patch we've backported in commit 7df6795d4c25 ("zlib: backport fix for heap-based buffer over-read (CVE-2022-37434)"). So we need to backport following patch in order to fix issue introduced in that previous CVE-2022-37434 fix. References: https://github.com/curl/curl/issues/9271 Fixes: 7df6795d4c25 ("zlib: backport fix for heap-based buffer over-read (CVE-2022-37434)") Signed-off-by: Petr Štetiar <ynezz@true.cz>
* zlib: backport fix for heap-based buffer over-read (CVE-2022-37434)Petr Štetiar2022-08-061-0/+32
| | | | | | | | | | | | zlib through 1.2.12 has a heap-based buffer over-read or buffer overflow in inflate in inflate.c via a large gzip header extra field. NOTE: only applications that call inflateGetHeader are affected. Some common applications bundle the affected zlib source code but may be unable to call inflateGetHeader. Fixes: CVE-2022-37434 References: https://github.com/ivd38/zlib_overflow Signed-off-by: Petr Štetiar <ynezz@true.cz>
* libs/zlib: fix implicit function declaration warningPetr Štetiar2022-03-281-3/+3
| | | | | | | | | Fixes following warning: adler32.c:141:12: warning: implicit declaration of function 'NEON_adler32' [-Wimplicit-function-declaration] 141 | return NEON_adler32(adler, buf, len); Signed-off-by: Petr Štetiar <ynezz@true.cz>
* libs/zlib: bump to latest stable release 1.2.12 (CVE-2018-25032)Petr Štetiar2022-03-283-362/+13
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | List of changes since previous release from 2018 is quite long: * Fix crc32.c to compile local functions only if used. * Check for cc masquerading as gcc or clang in configure. * Remove destructive aspects of make distclean. * Separate out address sanitizing from warnings in configure. * Eliminate use of ULL constants. * Add fallthrough comments for gcc. * Clean up minizip to reduce warnings for testing. * Fix unztell64() in minizip to work past 4GB. (Daniël Hörchner) * minizip warning fix if MAXU32 already defined. (gvollant) * Replace black/white with allow/block. (theresa-m) * Fix indentation in minizip's zip.c. * Improve portability of contrib/minizip. * Correct typo in blast.c. * Change macro name in inflate.c to avoid collision in VxWorks. * Clarify gz* function interfaces, referring to parameter names. * Fix error in comment on the polynomial representation of a byte. * Fix memory leak on error in gzlog.c. * Avoid adding empty gzip member after gzflush with Z_FINISH. * Explicitly note that the 32-bit check values are 32 bits. * Use ARM crc32 instructions if the ARM architecture has them. * Add use of the ARMv8 crc32 instructions when requested. * Correct comment in crc32.c. * Don't bother computing check value after successful inflateSync(). * Use atomic test and set, if available, for dynamic CRC tables. * Speed up software CRC-32 computation by a factor of 1.5 to 3. * Add crc32_combine_gen() and crc32_combine_op() for fast combines. * Add tables for crc32_combine(), to speed it up by a factor of 200. * Fix the zran.c example to work on a multiple-member gzip file. * Add gznorm.c example, which normalizes gzip files. * Show all the codes for the maximum tables size in enough.c. * Clarify that prefix codes are counted in enough.c. * Use inline function instead of macro for index in enough.c. * Clean up code style in enough.c, update version. * Use a macro for the printf format of big_t in enough.c. * Use a structure to make globals in enough.c evident. * Assure that the number of bits for deflatePrime() is valid. * Fix a bug that can crash deflate on some input when using Z_FIXED. * Correct the initialization requirements for deflateInit2(). * Emphasize the need to continue decompressing gzip members. * Add legal disclaimer to README. * Fix deflateEnd() to not report an error at start of raw deflate. * Remove old assembler code in which bugs have manifested. * Make the names in functions declarations identical to definitions. * Avoid an undefined behavior of memcpy() in _tr_stored_block(). * Avoid undefined behaviors of memcpy() in gz*printf(). * Avoid an undefined behavior of memcpy() in gzappend(). * Avoid the use of ptrdiff_t. * Handle case where inflateSync used when header never processed. * Don't compute check value for raw inflate if asked to validate. * Add address checking in clang to -w option of configure. * Return an error if the gzputs string length can't fit in an int. * Small speedup to inflate [psumbera]. * Update use of errno for newer Windows CE versions. * Avoid some conversion warnings in gzread.c and gzwrite.c. * Have Makefile return non-zero error code on test failure. * Avoid a conversion error in gzseek when off_t type too small. * Fix CLEAR_HASH macro to be usable as a single statement. * Fix bug when window full in deflate_stored(). * Limit hash table inserts after switch from stored deflate. * Permit a deflateParams() parameter change as soon as possible. * Cygwin does not have _wopen(), so do not create gzopen_w() there. Removed 006-fix-compressor-crash-on-certain-inputs.patch which was hotfix for CVE-2018-25032 and is now included in this release. This release is not available on @SF (yet?) so the sources are now pulled from GitHub. Fixes: CVE-2018-25032 Signed-off-by: Petr Štetiar <ynezz@true.cz>
* zlib: backport security fix for a reproducible crash in compressorPetr Štetiar2022-03-242-1/+344
| | | | | | | | | | | | | | Tavis has just reported, that he was recently trying to track down a reproducible crash in a compressor. Believe it or not, it really was a bug in zlib-1.2.11 when compressing (not decompressing!) certain inputs. Tavis has reported it upstream, but it turns out the issue has been public since 2018, but the patch never made it into a release. As far as he knows, nobody ever assigned it a CVE. Suggested-by: Tavis Ormandy <taviso@gmail.com> References: https://www.openwall.com/lists/oss-security/2022/03/24/1 Signed-off-by: Petr Štetiar <ynezz@true.cz>
* zlib: properly split patchesAdrian Schmutzler2021-02-244-502/+501
| | | | | | | | | | This package had two patches (with two headers etc.) in one file, which would have quilt merging them during a refresh. Separate these patches into two files, as the original intent seems to be having them separate. Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
* zlib: Use relative paths in pkg-config metadata fileJeffery To2019-05-172-1/+15
| | | | | | | | | | | | | | The buildroot pkg-config (in staging_dir/host/bin) overrides the prefix and exec_prefix variables in *.pc files, to supply the correct (buildroot) paths for callers. If other variables are not defined relative to prefix and exec_prefix, then the returned values will be incorrect. The default zlib.pc file generated by cmake contains absolute paths. This patches the file to use relative paths (relative to ${prefix} and ${exec_prefix}). Signed-off-by: Jeffery To <jeffery.to@gmail.com>
* tools/zlib: move zlib build to toolsHauke Mehrtens2018-04-281-2/+0
| | | | | | | | | | | | | This allows us to link the other tools against our libz and we do not need the system zlib any more. Only the static linked library is copied to the staging directory so we have a statically linked library on all systems and not only on Linux. This also adds the new dependencies of the packages which are depending on zlib. Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de> Tested-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
* zlib: only enable NEON optimizations on eligible targetsJo-Philipp Wich2018-01-071-4/+2
| | | | | | | | | | | | | | | | | | | | | | | | Instead of inferring the availability of NEON support from the target optimization flags, use a preprocessor test to decide whether to enable ARMv8 NEON optimizations. Fixes the following build error spotted by the mediatek/32 buildbot: [ 26%] Building C object CMakeFiles/zlib.dir/contrib/arm/inflate.o In file included from .../zlib-1.2.11/contrib/arm/chunkcopy.h:10:0, from .../zlib-1.2.11/contrib/arm/inflate.c:87: .../arm_neon.h:31:2: error: #error You must enable NEON instructions (e.g. -mfloat-abi=softfp -mfpu=neon) to use arm_neon.h #error You must enable NEON instructions (e.g. -mfloat-abi=softfp -mfpu=neon) to use arm_neon.h ^ In file included from .../zlib-1.2.11/contrib/arm/inflate.c:87:0: .../zlib-1.2.11/contrib/arm/chunkcopy.h:18:9: error: unknown type name 'uint8x16_t' typedef uint8x16_t chunkcopy_chunk_t; ^ [...] CMakeFiles/zlib.dir/build.make:302: recipe for target 'CMakeFiles/zlib.dir/contrib/arm/inflate.o' failed Fixes: 3acecba520 "package/libs/zlib: Add ARM and NEON optimizations" Signed-off-by: Jo-Philipp Wich <jo@mein.io>
* package/libs/zlib: Add host buildDaniel Engberg2018-01-021-0/+2
| | | | | | | | | | | | | | | | | | | | | | | | Some packages such as Python/Python3 (host pip/pip3) needs this to compile. More detailed explanation provided by Alexandru: "i need the zlib/host for Python/Python3 ; because, it seems the host pip/pip3 needs this to work ; i suspect in older versions this worked, because some of the host's build env would be used in the build, and then the zlib-dev from the host distro would be used ; now, the host-build does not seem to have any -I/usr/include stuff, which is good and it also seems that Python/Python3 does not like it if the zlib-dev package is too old, so using this zlib/host would be good for this as well" Source: https://github.com/lede-project/source/pull/1329#issuecomment-351055861 Signed-off-by: Alexandru Ardelean <ardeleanalex@gmail.com> Signed-off-by: Daniel Engberg <daniel.engberg.lists@pyret.net>
* package/libs/zlib: Add option for O3 optimizationDaniel Engberg2018-01-022-0/+21
| | | | | | | | | | Add option to use O3 optimization as not all devices have space constraints. This option is default using GCC in upstream but isn't in the CMake makefile for some reason. Source: https://github.com/madler/zlib/blob/master/configure#L170 Signed-off-by: Daniel Engberg <daniel.engberg.lists@pyret.net>
* package/libs/zlib: Add ARM and NEON optimizationsDaniel Engberg2018-01-024-1/+2770
| | | | | | | | | | | | | | | | | | | This adds two optimizations for ARM: NEON optimized Adler(-)32 checksum algorithm (ARMv7 and newer NEON CPUs) ARM(v7+) specific optimization for inflate I've also connected inflate optimization to the build using the following source as template. https://github.com/mirror/chromium/commit/0397489124ce7e6aced020f8b85f5034c7d5f49b#diff-a62ad2db6c83dbc205d34bb9a8884f16 Additional info: https://codereview.chromium.org/2676493007/ https://codereview.chromium.org/2722063002/ Sources: https://github.com/madler/zlib/pull/251 (only the first commit) https://github.com/madler/zlib/pull/256 Signed-off-by: Daniel Engberg <daniel.engberg.lists@pyret.net>
* package/libs/zlib: Use toolchain build logicDaniel Engberg2018-01-021-22/+4
| | | | | | Use build logic provided by toolchain instead of doing it manually. Signed-off-by: Daniel Engberg <daniel.engberg.lists@pyret.net>
* add PKG_CPE_ID ids to package and toolsAlexander Couzens2017-11-171-0/+1
| | | | | | | | | | | CPE ids helps to tracks CVE in packages. https://cpe.mitre.org/specification/ Thanks to swalker for CPE to package mapping and keep tracking CVEs. Acked-by: Jo-Philipp Wich <jo@mein.io> Signed-off-by: Alexander Couzens <lynxis@fe80.eu>
* zlib: use default Build/Configure ruleStijn Tintel2017-07-141-11/+9
| | | | Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
* zlib: Update to 1.2.11Daniel Engberg2017-01-161-3/+3
| | | | | | | | Update to 1.2.11 as suggested by upstream Also add SF as primary source and main site as fallback Note: SF doesn't carry the 1.2.11 update yet. Signed-off-by: Daniel Engberg <daniel.engberg.lists@pyret.net>
* zlib: update to 1.2.10Magnus Kroken2017-01-071-2/+2
| | | | | | | * Fix bug in deflate_stored() for zero-length input * Fix bug in gzwrite.c that produced corrupt gzip files Signed-off-by: Magnus Kroken <mkroken@gmail.com>
* zlib: Update to 1.2.9Daniel Engberg2017-01-031-3/+3
| | | | | | Update zlib to 1.2.9 and switch to XZ tarballs for download. Signed-off-by: Daniel Engberg <daniel.engberg.lists@pyret.net>
* treewide: clean up download hashesFelix Fietkau2016-12-161-1/+1
| | | | | | Replace *MD5SUM with *HASH, replace MD5 hashes with SHA256 Signed-off-by: Felix Fietkau <nbd@nbd.name>
* package/libs/zlib: new package zlib-devFelix Fietkau2016-01-071-0/+32
| | | | | | | | | | | | | | The patch adds a new package zlib-dev. It contains all files needed for compiling a program using the zlib library: /usr/include/zconf.h /usr/include/zlib.h /usr/lib/libz.a /usr/lib/pkgconfig/zlib.pc Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de> SVN-Revision: 48151
* cosmetic: remove trailing whitespacesLuka Perkov2015-10-151-1/+1
| | | | | | Signed-off-by: Luka Perkov <luka@openwrt.org> SVN-Revision: 47197
* Add a few SPDX tagsSteven Barth2014-11-021-1/+1
| | | | | | Signed-off-by: Steven Barth <steven@midlink.org> SVN-Revision: 43151
* zlib: update to 1.2.8Luka Perkov2013-07-281-4/+4
| | | | | | Signed-off-by: Luka Perkov <luka@openwrt.org> SVN-Revision: 37589
* licensing: Add licensing metadata to many packages Two new variables are ↵Hamish Guthrie2012-10-191-0/+3
| | | | | | | | | introduces to many packages, namely PKG_LICENSE and PKG_LICENSE_FILES - there may be more than one license applied to packages, and these are listed in the PKG_LICENSE variable and separated by spaces. All relevant license files are also added to the PKG_LICENSE_FILES variable, also space separated. The licensing metadata is put into the bin/<platform>/packages/Packages file for later parsing. A script for that is on it's way! SVN-Revision: 33861
* move library packages to package/libs/Felix Fietkau2012-10-081-0/+69
SVN-Revision: 33657