sys-libs/zlib: backport CRC fix

Would return bad results on bad input. Closes: https://bugs.gentoo.org/836370 Signed-off-by: Sam James <sam@gentoo.org>
author: Sam James <sam@gentoo.org> 2022-03-31 01:18:55 +0100
committer: Sam James <sam@gentoo.org> 2022-03-31 01:19:08 +0100
commit: 37f4162df7f95c4c101ac94792d50894560b994a (patch)
tree: 8b374f241ea4a7d54c539f36446e37012ce28699 /sys-libs/zlib
parent: sys-apps/util-linux: add 2.38 (diff)
download: gentoo-37f4162df7f95c4c101ac94792d50894560b994a.tar.gz
gentoo-37f4162df7f95c4c101ac94792d50894560b994a.tar.bz2
gentoo-37f4162df7f95c4c101ac94792d50894560b994a.zip
3 files changed, 315 insertions, 0 deletions
diff --git a/sys-libs/zlib/files/zlib-1.2.12-CRC-buggy-input.patch b/sys-libs/zlib/files/zlib-1.2.12-CRC-buggy-input.patch
new file mode 100644
index 000000000000..083634929bbe
--- /dev/null
+++ b/sys-libs/zlib/files/zlib-1.2.12-CRC-buggy-input.patch
@@ -0,0 +1,50 @@
+https://github.com/madler/zlib/commit/ec3df00224d4b396e2ac6586ab5d25f673caa4c2
+https://github.com/madler/zlib/issues/613
+https://bugs.gentoo.org/836370
+
+From ec3df00224d4b396e2ac6586ab5d25f673caa4c2 Mon Sep 17 00:00:00 2001
+From: Mark Adler <madler@alumni.caltech.edu>
+Date: Wed, 30 Mar 2022 11:14:53 -0700
+Subject: [PATCH] Correct incorrect inputs provided to the CRC functions.
+
+The previous releases of zlib were not sensitive to incorrect CRC
+inputs with bits set above the low 32. This commit restores that
+behavior, so that applications with such bugs will continue to
+operate as before.
+--- a/crc32.c
++++ b/crc32.c
+@@ -630,7 +630,7 @@ unsigned long ZEXPORT crc32_z(crc, buf, len)
+ #endif /* DYNAMIC_CRC_TABLE */
+ 
+     /* Pre-condition the CRC */
+-    crc ^= 0xffffffff;
++    crc = (~crc) & 0xffffffff;
+ 
+     /* Compute the CRC up to a word boundary. */
+     while (len && ((z_size_t)buf & 7) != 0) {
+@@ -749,7 +749,7 @@ unsigned long ZEXPORT crc32_z(crc, buf, len)
+ #endif /* DYNAMIC_CRC_TABLE */
+ 
+     /* Pre-condition the CRC */
+-    crc ^= 0xffffffff;
++    crc = (~crc) & 0xffffffff;
+ 
+ #ifdef W
+ 
+@@ -1077,7 +1077,7 @@ uLong ZEXPORT crc32_combine64(crc1, crc2, len2)
+ #ifdef DYNAMIC_CRC_TABLE
+     once(&made, make_crc_table);
+ #endif /* DYNAMIC_CRC_TABLE */
+-    return multmodp(x2nmodp(len2, 3), crc1) ^ crc2;
++    return multmodp(x2nmodp(len2, 3), crc1) ^ (crc2 & 0xffffffff);
+ }
+ 
+ /* ========================================================================= */
+@@ -1112,5 +1112,5 @@ uLong crc32_combine_op(crc1, crc2, op)
+     uLong crc2;
+     uLong op;
+ {
+-    return multmodp(op, crc1) ^ crc2;
++    return multmodp(op, crc1) ^ (crc2 & 0xffffffff);
+ }
+
diff --git a/sys-libs/zlib/files/zlib-1.2.12-use-LDFLAGS-in-configure.patch b/sys-libs/zlib/files/zlib-1.2.12-use-LDFLAGS-in-configure.patch
new file mode 100644
index 000000000000..752a473eac22
--- /dev/null
+++ b/sys-libs/zlib/files/zlib-1.2.12-use-LDFLAGS-in-configure.patch
@@ -0,0 +1,71 @@
+https://github.com/madler/zlib/pull/599
+
+From 37c9730ba474d274f4cc6a974943eef95087b9f6 Mon Sep 17 00:00:00 2001
+From: Khem Raj <raj.khem@gmail.com>
+Date: Tue, 8 Mar 2022 22:38:47 -0800
+Subject: [PATCH] configure: Pass LDFLAGS to link tests
+
+LDFLAGS can contain critical flags without which linking wont succeed
+therefore ensure that all configure tests involving link time checks are
+using LDFLAGS on compiler commandline along with CFLAGS to ensure the
+tests perform correctly. Without this some tests may fail resulting in
+wrong confgure result, ending in miscompiling the package
+
+Signed-off-by: Khem Raj <raj.khem@gmail.com>
+--- a/configure
++++ b/configure
+@@ -410,7 +410,7 @@ if test $shared -eq 1; then
+   echo Checking for shared library support... | tee -a configure.log
+   # we must test in two steps (cc then ld), required at least on SunOS 4.x
+   if try $CC -w -c $SFLAGS $test.c &&
+-     try $LDSHARED $SFLAGS -o $test$shared_ext $test.o; then
++     try $LDSHARED $SFLAGS $LDFLAGS -o $test$shared_ext $test.o; then
+     echo Building shared library $SHAREDLIBV with $CC. | tee -a configure.log
+   elif test -z "$old_cc" -a -z "$old_cflags"; then
+     echo No shared library support. | tee -a configure.log
+@@ -492,7 +492,7 @@ int main(void) {
+ }
+ EOF
+   fi
+-  if try $CC $CFLAGS -o $test $test.c; then
++  if try $CC $CFLAGS $LDFLAGS -o $test $test.c; then
+     sizet=`./$test`
+     echo "Checking for a pointer-size integer type..." $sizet"." | tee -a configure.log
+   else
+@@ -530,7 +530,7 @@ int main(void) {
+   return 0;
+ }
+ EOF
+-  if try $CC $CFLAGS -o $test $test.c; then
++  if try $CC $CFLAGS $LDFLAGS -o $test $test.c; then
+     echo "Checking for fseeko... Yes." | tee -a configure.log
+   else
+     CFLAGS="${CFLAGS} -DNO_FSEEKO"
+@@ -547,7 +547,7 @@ cat > $test.c <<EOF
+ #include <errno.h>
+ int main() { return strlen(strerror(errno)); }
+ EOF
+-if try $CC $CFLAGS -o $test $test.c; then
++if try $CC $CFLAGS $LDFLAGS -o $test $test.c; then
+   echo "Checking for strerror... Yes." | tee -a configure.log
+ else
+   CFLAGS="${CFLAGS} -DNO_STRERROR"
+@@ -654,7 +654,7 @@ int main()
+   return (mytest("Hello%d\n", 1));
+ }
+ EOF
+-  if try $CC $CFLAGS -o $test $test.c; then
++  if try $CC $CFLAGS $LDFLAGS -o $test $test.c; then
+     echo "Checking for vsnprintf() in stdio.h... Yes." | tee -a configure.log
+ 
+     echo >> configure.log
+@@ -744,7 +744,7 @@ int main()
+ }
+ EOF
+ 
+-  if try $CC $CFLAGS -o $test $test.c; then
++  if try $CC $CFLAGS $LDFLAGS -o $test $test.c; then
+     echo "Checking for snprintf() in stdio.h... Yes." | tee -a configure.log
+ 
+     echo >> configure.log
+
diff --git a/sys-libs/zlib/zlib-1.2.12-r2.ebuild b/sys-libs/zlib/zlib-1.2.12-r2.ebuild
new file mode 100644
index 000000000000..6aa6f8503bc7
--- /dev/null
+++ b/sys-libs/zlib/zlib-1.2.12-r2.ebuild
@@ -0,0 +1,194 @@
+# Copyright 1999-2022 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=7
+
+AUTOTOOLS_AUTO_DEPEND="no"
+VERIFY_SIG_OPENPGP_KEY_PATH="${BROOT}"/usr/share/openpgp-keys/madler.asc
+inherit autotools multilib-minimal usr-ldscript verify-sig
+
+CYGWINPATCHES=(
+	"https://github.com/cygwinports/zlib/raw/22a3462cae33a82ad966ea0a7d6cbe8fc1368fec/1.2.11-gzopen_w.patch -> ${PN}-1.2.11-cygwin-gzopen_w.patch"
+	"https://github.com/cygwinports/zlib/raw/22a3462cae33a82ad966ea0a7d6cbe8fc1368fec/1.2.7-minizip-cygwin.patch -> ${PN}-1.2.7-cygwin-minizip.patch"
+)
+
+DESCRIPTION="Standard (de)compression library"
+HOMEPAGE="https://zlib.net/"
+SRC_URI="https://zlib.net/${P}.tar.gz
+	https://www.gzip.org/zlib/${P}.tar.gz
+	https://www.zlib.net/current/beta/${P}.tar.gz
+	verify-sig? ( https://zlib.net/${P}.tar.gz.asc )
+	elibc_Cygwin? ( ${CYGWINPATCHES[*]} )"
+
+LICENSE="ZLIB"
+SLOT="0/1" # subslot = SONAME
+KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86 ~x64-cygwin ~amd64-linux ~x86-linux ~ppc-macos ~x64-macos ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris ~x86-winnt"
+IUSE="minizip static-libs"
+
+RDEPEND="!sys-libs/zlib-ng[compat]"
+DEPEND="${RDEPEND}"
+BDEPEND="minizip? ( ${AUTOTOOLS_DEPEND} )
+	verify-sig? ( sec-keys/openpgp-keys-madler )"
+
+PATCHES=(
+	# Don't install unexpected & unused crypt.h header (which would clash with other pkgs)
+	# Pending upstream. bug #658536
+	"${FILESDIR}"/${PN}-1.2.11-minizip-drop-crypt-header.patch
+
+	# Respect AR, RANLIB, NM during build. Pending upstream. bug #831628
+	"${FILESDIR}"/${PN}-1.2.11-configure-fix-AR-RANLIB-NM-detection.patch
+
+	# Respect LDFLAGS during configure tests. Pending upstream
+	"${FILESDIR}"/${PN}-1.2.12-use-LDFLAGS-in-configure.patch
+
+	# Fix broken CC logic
+	"${FILESDIR}"/${P}-fix-CC-logic-in-configure.patch
+
+	# Backport for Java (and others), bug #836370
+	"${FILESDIR}"/${P}-CRC-buggy-input.patch
+)
+
+src_prepare() {
+	default
+
+	if use elibc_Cygwin ; then
+		local p
+		for p in "${CYGWINPATCHES[@]}" ; do
+			# Strip out the "... -> " from the array
+			eapply -p2 "${DISTDIR}/${p#*> }"
+		done
+	fi
+
+	if use minizip ; then
+		cd contrib/minizip || die
+		eautoreconf
+	fi
+
+	case ${CHOST} in
+		*-cygwin*)
+			# Do not use _wopen, it's a mingw-only symbol
+			sed -i -e '/define WIDECHAR/d' "${S}"/gzguts.h || die
+
+			# zlib1.dll is the mingw name, need cygz.dll
+			# cygz.dll is loaded by toolchain, put into subdir
+			sed -i -e 's|zlib1.dll|win32/cygz.dll|' win32/Makefile.gcc || die
+
+			;;
+	esac
+
+	case ${CHOST} in
+		*-mingw*|mingw*|*-cygwin*)
+			# Uses preconfigured Makefile rather than configure script
+			multilib_copy_sources
+
+			;;
+	esac
+}
+
+echoit() { echo "$@"; "$@"; }
+
+multilib_src_configure() {
+	case ${CHOST} in
+		*-mingw*|mingw*|*-cygwin*)
+			;;
+
+		*)
+			# bug #347167
+			local uname=$("${BROOT}"/usr/share/gnuconfig/config.sub "${CHOST}" | cut -d- -f3)
+
+			local myconf=(
+				--shared
+				--prefix="${EPREFIX}/usr"
+				--libdir="${EPREFIX}/usr/$(get_libdir)"
+				${uname:+--uname=${uname}}
+			)
+
+			# Not an autoconf script, so can't use econf
+			echoit "${S}"/configure "${myconf[@]}" || die
+
+			;;
+	esac
+
+	if use minizip ; then
+		local minizipdir="contrib/minizip"
+		mkdir -p "${BUILD_DIR}/${minizipdir}" || die
+
+		cd ${minizipdir} || die
+		ECONF_SOURCE="${S}/${minizipdir}" econf $(use_enable static-libs static)
+	fi
+}
+
+multilib_src_compile() {
+	case ${CHOST} in
+		*-mingw*|mingw*|*-cygwin*)
+			emake -f win32/Makefile.gcc STRIP=true PREFIX=${CHOST}-
+			sed \
+				-e 's|@prefix@|'"${EPREFIX}"'/usr|g' \
+				-e 's|@exec_prefix@|${prefix}|g' \
+				-e 's|@libdir@|${exec_prefix}/'$(get_libdir)'|g' \
+				-e 's|@sharedlibdir@|${exec_prefix}/'$(get_libdir)'|g' \
+				-e 's|@includedir@|${prefix}/include|g' \
+				-e 's|@VERSION@|'${PV}'|g' \
+				zlib.pc.in > zlib.pc || die
+			;;
+
+		*)
+			emake
+
+			;;
+	esac
+
+	use minizip && emake -C contrib/minizip
+}
+
+sed_macros() {
+	# Clean up namespace a little, bug #383179
+	# We do it here so we only have to tweak 2 files
+	sed -i -r 's:\<(O[FN])\>:_Z_\1:g' "$@" || die
+}
+
+multilib_src_install() {
+	case ${CHOST} in
+		*-mingw*|mingw*|*-cygwin*)
+			emake -f win32/Makefile.gcc install \
+				BINARY_PATH="${ED}/usr/bin" \
+				LIBRARY_PATH="${ED}/usr/$(get_libdir)" \
+				INCLUDE_PATH="${ED}/usr/include" \
+				SHARED_MODE=1
+
+			# Overwrites zlib.pc created from win32/Makefile.gcc, bug #620136
+			insinto /usr/$(get_libdir)/pkgconfig
+			doins zlib.pc
+
+			;;
+
+		*)
+			emake install DESTDIR="${D}" LDCONFIG=:
+			gen_usr_ldscript -a z
+
+			;;
+	esac
+
+	sed_macros "${ED}"/usr/include/*.h
+
+	if use minizip ; then
+		emake -C contrib/minizip install DESTDIR="${D}"
+		sed_macros "${ED}"/usr/include/minizip/*.h
+	fi
+
+	if use minizip; then
+		# This might not exist if slibtool is used.
+		# bug #816756
+		rm -f "${ED}"/usr/$(get_libdir)/libminizip.la || die
+	fi
+
+	if ! use static-libs ; then
+		# bug #419645
+		rm "${ED}"/usr/$(get_libdir)/libz.a || die
+	fi
+}
+
+multilib_src_install_all() {
+	dodoc FAQ README ChangeLog doc/*.txt
+	use minizip && dodoc contrib/minizip/*.txt
+}
author	Sam James <sam@gentoo.org>	2022-03-31 01:18:55 +0100
committer	Sam James <sam@gentoo.org>	2022-03-31 01:19:08 +0100
commit	37f4162df7f95c4c101ac94792d50894560b994a (patch)
tree	8b374f241ea4a7d54c539f36446e37012ce28699 /sys-libs/zlib
parent	sys-apps/util-linux: add 2.38 (diff)
download	gentoo-37f4162df7f95c4c101ac94792d50894560b994a.tar.gz gentoo-37f4162df7f95c4c101ac94792d50894560b994a.tar.bz2 gentoo-37f4162df7f95c4c101ac94792d50894560b994a.zip