From ad8c2d6099a7da5192ee6e2c52a8303642271877 Mon Sep 17 00:00:00 2001 From: Mathias Kresin Date: Sat, 5 Jan 2019 20:51:00 +0100 Subject: tools: add zip utility One image requires a zip compressed image, so add the zip util found in the packages feed, and extend it with some useful debian patches. Signed-off-by: Mathias Kresin --- tools/zip/Makefile | 36 +++++++++ ...figure-borrow-the-LFS-test-from-autotools.patch | 89 ++++++++++++++++++++++ .../patches/004-do-not-set-unwanted-cflags.patch | 15 ++++ ...-stack-markings-to-avoid-executable-stack.patch | 21 +++++ .../patches/007-fclose-in-file-not-fclose-x.patch | 16 ++++ tools/zip/patches/008-hardening-build-fix-1.patch | 25 ++++++ tools/zip/patches/009-hardening-build-fix-2.patch | 16 ++++ tools/zip/patches/010-remove-build-date.patch | 15 ++++ 8 files changed, 233 insertions(+) create mode 100644 tools/zip/Makefile create mode 100644 tools/zip/patches/001-unix-configure-borrow-the-LFS-test-from-autotools.patch create mode 100644 tools/zip/patches/004-do-not-set-unwanted-cflags.patch create mode 100644 tools/zip/patches/006-stack-markings-to-avoid-executable-stack.patch create mode 100644 tools/zip/patches/007-fclose-in-file-not-fclose-x.patch create mode 100644 tools/zip/patches/008-hardening-build-fix-1.patch create mode 100644 tools/zip/patches/009-hardening-build-fix-2.patch create mode 100644 tools/zip/patches/010-remove-build-date.patch (limited to 'tools/zip') diff --git a/tools/zip/Makefile b/tools/zip/Makefile new file mode 100644 index 0000000000..7dd81a1b8b --- /dev/null +++ b/tools/zip/Makefile @@ -0,0 +1,36 @@ +# +# Copyright (C) 2007-2016 OpenWrt.org +# +# This is free software, licensed under the GNU General Public License v2. +# See /LICENSE for more information. +# + +include $(TOPDIR)/rules.mk + +PKG_NAME:=zip +PKG_REV:=30 +PKG_VERSION:=3.0 + +PKG_SOURCE:=$(PKG_NAME)$(PKG_REV).tar.gz +PKG_SOURCE_URL:=@SF/infozip +PKG_HASH:=f0e8bb1f9b7eb0b01285495a2699df3a4b766784c1765a8f1aeedf63c0806369 + +PKG_LICENSE:=BSD-4-Clause +PKG_LICENSE_FILES:=LICENSE + +HOST_BUILD_DIR:=$(BUILD_DIR_HOST)/$(PKG_NAME)-$(PKG_VERSION)/zip$(PKG_REV) +HOST_BUILD_PARALLEL:=1 + +include $(INCLUDE_DIR)/host-build.mk + +define Host/Compile + +$(HOST_MAKE_VARS) $(MAKE) $(HOST_JOBS) -C $(HOST_BUILD_DIR) -I. -f unix/Makefile zip +endef + +define Host/Install + $(INSTALL_DIR) $(STAGING_DIR_HOST)/bin/ + $(INSTALL_BIN) $(HOST_BUILD_DIR)/zip $(STAGING_DIR_HOST)/bin/ +endef + +$(eval $(call HostBuild)) +#$(eval $(call BuildPackage,zip)) diff --git a/tools/zip/patches/001-unix-configure-borrow-the-LFS-test-from-autotools.patch b/tools/zip/patches/001-unix-configure-borrow-the-LFS-test-from-autotools.patch new file mode 100644 index 0000000000..ef0de6fd9b --- /dev/null +++ b/tools/zip/patches/001-unix-configure-borrow-the-LFS-test-from-autotools.patch @@ -0,0 +1,89 @@ +From fc392c939b9a18959482f588aff0afc29dd6d30a Mon Sep 17 00:00:00 2001 +From: Romain Naour +Date: Fri, 23 Jan 2015 22:20:18 +0100 +Subject: [PATCH 6/6] unix/configure: borrow the LFS test from autotools. + +Infozip's LFS check can't work for cross-compilation +since it try to run a target's binary on the host system. + +Instead, use to LFS test used by autotools which is a +compilation test. +(see autotools/lib/autoconf/specific.m4) + +Reported-by: Richard Genoud +Signed-off-by: Romain Naour +--- + configure | 46 +++++++++++++++------------------------------- + 1 file changed, 15 insertions(+), 31 deletions(-) + +--- a/unix/configure ++++ b/unix/configure +@@ -399,9 +399,8 @@ else + fi + + +-# Now we set the 64-bit file environment and check the size of off_t +-# Added 11/4/2003 EG +-# Revised 8/12/2004 EG ++# LFS check borrowed from autotools sources ++# lib/autoconf/specific.m4 + + echo Check for Large File Support + cat > conftest.c << _EOF_ +@@ -410,23 +409,19 @@ cat > conftest.c << _EOF_ + # define _FILE_OFFSET_BITS 64 /* select default interface as 64 bit */ + # define _LARGE_FILES /* some OSes need this for 64-bit off_t */ + #include +-#include +-#include +-#include ++ ++ /* Check that off_t can represent 2**63 - 1 correctly. ++ We can't simply define LARGE_OFF_T to be 9223372036854775807, ++ since some C++ compilers masquerading as C compilers ++ incorrectly reject 9223372036854775807. */ ++#define LARGE_OFF_T (((off_t) 1 << 62) - 1 + ((off_t) 1 << 62)) ++ int off_t_is_large[(LARGE_OFF_T % 2147483629 == 721 ++ && LARGE_OFF_T % 2147483647 == 1) ++ ? 1 : -1]; ++ + int main() + { +- off_t offset; +- struct stat s; +- /* see if have 64-bit off_t */ +- if (sizeof(offset) < 8) +- return 1; +- printf(" off_t is %d bytes\n", sizeof(off_t)); +- /* see if have 64-bit stat */ +- if (sizeof(s.st_size) < 8) { +- printf(" s.st_size is %d bytes\n", sizeof(s.st_size)); +- return 2; +- } +- return 3; ++ return 0; + } + _EOF_ + # compile it +@@ -434,19 +429,8 @@ $CC -o conftest conftest.c >/dev/null 2> + if [ $? -ne 0 ]; then + echo -- no Large File Support + else +-# run it +- ./conftest +- r=$? +- if [ $r -eq 1 ]; then +- echo -- no Large File Support - no 64-bit off_t +- elif [ $r -eq 2 ]; then +- echo -- no Large File Support - no 64-bit stat +- elif [ $r -eq 3 ]; then +- echo -- yes we have Large File Support! +- CFLAGS="${CFLAGS} -DLARGE_FILE_SUPPORT" +- else +- echo -- no Large File Support - conftest returned $r +- fi ++ echo -- yes we have Large File Support! ++ CFLAGS="${CFLAGS} -DLARGE_FILE_SUPPORT" + fi + + diff --git a/tools/zip/patches/004-do-not-set-unwanted-cflags.patch b/tools/zip/patches/004-do-not-set-unwanted-cflags.patch new file mode 100644 index 0000000000..bfd226077a --- /dev/null +++ b/tools/zip/patches/004-do-not-set-unwanted-cflags.patch @@ -0,0 +1,15 @@ +From: Santiago Vila +Subject: Do not set unwanted CFLAGS, as it breaks DEB_BUILD_OPTIONS +X-Debian-version: 2.32-1 + +--- a/unix/configure ++++ b/unix/configure +@@ -98,7 +98,7 @@ int main() + _EOF_ + $CC $CFLAGS -c conftest.c > /dev/null 2>/dev/null + if test $? -eq 0; then +- CFLAGS_OPT='-O3' ++ # CFLAGS_OPT='-O3' + echo " GNU C ($CFLAGS_OPT)" + # Special Mac OS X shared library "ld" option? + if test ` uname -s 2> /dev/null ` = 'Darwin'; then diff --git a/tools/zip/patches/006-stack-markings-to-avoid-executable-stack.patch b/tools/zip/patches/006-stack-markings-to-avoid-executable-stack.patch new file mode 100644 index 0000000000..8b479faeda --- /dev/null +++ b/tools/zip/patches/006-stack-markings-to-avoid-executable-stack.patch @@ -0,0 +1,21 @@ +From: Kees Cook +Subject: put stack markings in i386 assembly to avoid executable stack +Bug-Debian: http://bugs.debian.org/528280 +X-Debian-version: 3.0-2 + +--- a/crc_i386.S ++++ b/crc_i386.S +@@ -302,3 +302,5 @@ _crc32: /* ulg c + #endif /* i386 || _i386 || _I386 || __i386 */ + + #endif /* !USE_ZLIB && !CRC_TABLE_ONLY */ ++.section .note.GNU-stack, "", @progbits ++.previous +--- a/match.S ++++ b/match.S +@@ -405,3 +405,5 @@ L__return: + #endif /* i386 || _I386 || _i386 || __i386 */ + + #endif /* !USE_ZLIB */ ++.section .note.GNU-stack, "", @progbits ++.previous diff --git a/tools/zip/patches/007-fclose-in-file-not-fclose-x.patch b/tools/zip/patches/007-fclose-in-file-not-fclose-x.patch new file mode 100644 index 0000000000..402f90a2d5 --- /dev/null +++ b/tools/zip/patches/007-fclose-in-file-not-fclose-x.patch @@ -0,0 +1,16 @@ +From: Christian Spieler +Subject: zipnote.c: Close in_file instead of undefined file x +Bug-Debian: http://bugs.debian.org/628594 +X-Debian-version: 3.0-4 + +--- a/zipnote.c ++++ b/zipnote.c +@@ -661,7 +661,7 @@ char **argv; /* command line + if ((r = zipcopy(z)) != ZE_OK) + ziperr(r, "was copying an entry"); + } +- fclose(x); ++ fclose(in_file); + + /* Write central directory and end of central directory with new comments */ + if ((c = zftello(y)) == (zoff_t)-1) /* get start of central */ diff --git a/tools/zip/patches/008-hardening-build-fix-1.patch b/tools/zip/patches/008-hardening-build-fix-1.patch new file mode 100644 index 0000000000..a0c3a91eee --- /dev/null +++ b/tools/zip/patches/008-hardening-build-fix-1.patch @@ -0,0 +1,25 @@ +From: Santiago Vila +Subject: Use format specifier %s to print strings, not the string itself +Bug-Debian: http://bugs.debian.org/673476 +X-Debian-version: 3.0-5 + +--- a/zip.c ++++ b/zip.c +@@ -1028,7 +1028,7 @@ local void help_extended() + + for (i = 0; i < sizeof(text)/sizeof(char *); i++) + { +- printf(text[i]); ++ printf("%s", text[i]); + putchar('\n'); + } + #ifdef DOS +@@ -1225,7 +1225,7 @@ local void version_info() + CR_MAJORVER, CR_MINORVER, CR_BETA_VER, CR_VERSION_DATE); + for (i = 0; i < sizeof(cryptnote)/sizeof(char *); i++) + { +- printf(cryptnote[i]); ++ printf("%s", cryptnote[i]); + putchar('\n'); + } + ++i; /* crypt support means there IS at least one compilation option */ diff --git a/tools/zip/patches/009-hardening-build-fix-2.patch b/tools/zip/patches/009-hardening-build-fix-2.patch new file mode 100644 index 0000000000..e295ffbc64 --- /dev/null +++ b/tools/zip/patches/009-hardening-build-fix-2.patch @@ -0,0 +1,16 @@ +From: Santiago Vila +Subject: unix/configure: Take linking flags from the environment +Bug-Debian: http://bugs.debian.org/673476 +X-Debian-version: 3.0-5 + +--- a/unix/configure ++++ b/unix/configure +@@ -18,7 +18,7 @@ trap "rm -f conftest* core a.out; exit 1 + + CC=${1-cc} + CFLAGS=${2-"-I. -DUNIX"} +-LFLAGS1='' ++LFLAGS1=${LDFLAGS} + LFLAGS2='' + LN="ln -s" + diff --git a/tools/zip/patches/010-remove-build-date.patch b/tools/zip/patches/010-remove-build-date.patch new file mode 100644 index 0000000000..5fc385228a --- /dev/null +++ b/tools/zip/patches/010-remove-build-date.patch @@ -0,0 +1,15 @@ +From: Santiago Vila +Subject: Remove (optional) build date to make the build reproducible +Bug-Debian: http://bugs.debian.org/779042 + +--- a/unix/unix.c ++++ b/unix/unix.c +@@ -1020,7 +1020,7 @@ void version_local() + + + /* Define the compile date string */ +-#ifdef __DATE__ ++#if 0 + # define COMPILE_DATE " on " __DATE__ + #else + # define COMPILE_DATE "" -- cgit v1.2.3