u-boot.git/lib/zlib, branch v2024.01 Unnamed repository; edit this file 'description' to name the repository. lib/zlib: Fix a bug when getting a gzip header extra field 2023-07-14T19:21:08+00:00 Oleksandr Suvorov oleksandr.suvorov@foundries.io 2023-06-15T14:54:34+00:00 ef402577c2e3af6c3b967b2e4499b3796a37fde5 This fixes CVE-2022-37434 [1] and bases on 2 commits from Mark Adler's zlib master repo - the original fix of CVE bug [2] and the fix for the fix [3]. [1] https://github.com/advisories/GHSA-cfmr-vrgj-vqwv [2] https://github.com/madler/zlib/commit/eff308af425b67093bab25f80f1ae950166bece1 [3] https://github.com/madler/zlib/commit/1eb7682f845ac9e9bf9ae35bbfb3bad5dacbd91d Fixes: e89516f031d ("zlib: split up to match original source tree") Signed-off-by: Oleksandr Suvorov <oleksandr.suvorov@foundries.io> 
This fixes CVE-2022-37434 [1] and bases on 2 commits from Mark
Adler's zlib master repo - the original fix of CVE bug [2] and
the fix for the fix [3].

[1]
https://github.com/advisories/GHSA-cfmr-vrgj-vqwv
[2]
https://github.com/madler/zlib/commit/eff308af425b67093bab25f80f1ae950166bece1
[3]
https://github.com/madler/zlib/commit/1eb7682f845ac9e9bf9ae35bbfb3bad5dacbd91d

Fixes: e89516f031d ("zlib: split up to match original source tree")
Signed-off-by: Oleksandr Suvorov <oleksandr.suvorov@foundries.io>
zlib: trees.c: Fix a warning with clang-15 2023-03-22T19:22:48+00:00 Tom Rini trini@konsulko.com 2023-02-27T22:08:36+00:00 99de38a1092b584da438970a3b636cc3178b3637 With clang-15 we now will get warnings such as: warning: a function declaration without a prototype is deprecated in all versions of C [-Wstrict-prototypes] And it is easy enough to address this warning here, even if we would like to stay in sync more with upstream as it's a single location. Signed-off-by: Tom Rini <trini@konsulko.com> Reviewed-by: Simon Glass <sjg@chromium.org> 
With clang-15 we now will get warnings such as:

warning: a function declaration without a prototype is deprecated in all
versions of C [-Wstrict-prototypes]

And it is easy enough to address this warning here, even if we would
like to stay in sync more with upstream as it's a single location.

Signed-off-by: Tom Rini <trini@konsulko.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
cyclic: Use schedule() instead of WATCHDOG_RESET() 2022-09-18T08:26:33+00:00 Stefan Roese sr@denx.de 2022-09-02T12:10:46+00:00 29caf9305b6fafe8f6d6b18fa1f825dff8686e61 Globally replace all occurances of WATCHDOG_RESET() with schedule(), which handles the HW_WATCHDOG functionality and the cyclic infrastructure. Signed-off-by: Stefan Roese <sr@denx.de> Reviewed-by: Simon Glass <sjg@chromium.org> Tested-by: Tom Rini <trini@konsulko.com> [am335x_evm, mx6cuboxi, rpi_3,dra7xx_evm, pine64_plus, am65x_evm, j721e_evm] 
Globally replace all occurances of WATCHDOG_RESET() with schedule(),
which handles the HW_WATCHDOG functionality and the cyclic
infrastructure.

Signed-off-by: Stefan Roese <sr@denx.de>
Reviewed-by: Simon Glass <sjg@chromium.org>
Tested-by: Tom Rini <trini@konsulko.com> [am335x_evm, mx6cuboxi, rpi_3,dra7xx_evm, pine64_plus, am65x_evm, j721e_evm]
zlib: Port fix for CVE-2018-25032 to U-Boot 2022-06-06T21:47:17+00:00 Tom Rini trini@konsulko.com 2022-05-10T18:36:59+00:00 2e2e784de0605081af7c5c9d04a014af69888c2c While our copy of zlib is missing upstream commit 263b1a05b04e ("Allow deflatePrime() to insert bits in the middle of a stream.") we do have Z_FIXED support, and so the majority of the code changes in 5c44459c3b28 ("Fix a bug that can crash deflate on some input when using Z_FIXED.") apply here directly and cleanly. As this has been assigned a CVE, lets go and apply these changes. Link: https://github.com/madler/zlib/commit/5c44459c3b28a9bd3283aaceab7c615f8020c531 Reported-by: "Gan, Yau Wai" <yau.wai.gan@intel.com> Signed-off-by: Tom Rini <trini@konsulko.com> 
While our copy of zlib is missing upstream commit 263b1a05b04e ("Allow
deflatePrime() to insert bits in the middle of a stream.") we do have
Z_FIXED support, and so the majority of the code changes in 5c44459c3b28
("Fix a bug that can crash deflate on some input when using Z_FIXED.")
apply here directly and cleanly.  As this has been assigned a CVE, lets
go and apply these changes.

Link: https://github.com/madler/zlib/commit/5c44459c3b28a9bd3283aaceab7c615f8020c531
Reported-by: "Gan, Yau Wai" <yau.wai.gan@intel.com>
Signed-off-by: Tom Rini <trini@konsulko.com>
common: Drop asm/global_data.h from common header 2021-02-02T20:33:42+00:00 Simon Glass sjg@chromium.org 2020-10-31T03:38:53+00:00 401d1c4f5d2d29c4bc4beaec95402ca23eb63295 Move this out of the common header and include it only where needed. In a number of cases this requires adding "struct udevice;" to avoid adding another large header or in other cases replacing / adding missing header files that had been pulled in, very indirectly. Finally, we have a few cases where we did not need to include <asm/global_data.h> at all, so remove that include. Signed-off-by: Simon Glass <sjg@chromium.org> Signed-off-by: Tom Rini <trini@konsulko.com> 
Move this out of the common header and include it only where needed.  In
a number of cases this requires adding "struct udevice;" to avoid adding
another large header or in other cases replacing / adding missing header
files that had been pulled in, very indirectly.   Finally, we have a few
cases where we did not need to include <asm/global_data.h> at all, so
remove that include.

Signed-off-by: Simon Glass <sjg@chromium.org>
Signed-off-by: Tom Rini <trini@konsulko.com>
lib: zlib: our putc() takes only one argument 2021-01-17T00:17:11+00:00 Heinrich Schuchardt xypron.glpk@gmx.de 2020-12-28T20:41:40+00:00 986c841c8b41ba3dc8d8bc4ce3802779cf69bfc0 In contrast to the C99 standard [1] our putc() takes only one argument. [1] ISO/IEC 9899:1999 Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de> 
In contrast to the C99 standard [1] our putc() takes only one argument.

[1] ISO/IEC 9899:1999

Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
lib: zlib: include ctype.h 2021-01-17T00:17:11+00:00 Heinrich Schuchardt xypron.glpk@gmx.de 2020-12-28T20:31:43+00:00 834427d46365e5e76ec5b23eca40063f7881c493 Our ctype.h is in include/linux/ Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de> 
Our ctype.h is in include/linux/

Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
include/u-boot, lib/zlib: add sources for zlib decompression 2020-08-08T02:31:32+00:00 Joao Marcos Costa joaomarcos.costa@bootlin.com 2020-07-30T13:33:49+00:00 81014f73f0906a70bd710ed8d7e8559e1fd8f400 Add zlib (v1.2.11) uncompr() function to U-Boot. SquashFS depends on this function to decompress data from a raw disk image. The actual support for zlib into SquashFS sources will be added in a follow-up commit. Signed-off-by: Joao Marcos Costa <joaomarcos.costa@bootlin.com> 
Add zlib (v1.2.11) uncompr() function to U-Boot. SquashFS depends on
this function to decompress data from a raw disk image. The actual
support for zlib into SquashFS sources will be added in a follow-up
commit.

Signed-off-by: Joao Marcos Costa <joaomarcos.costa@bootlin.com>
lib: zlib: Remove offset pointer optimization in inftrees.c 2020-07-17T12:51:29+00:00 Chin Liang See chin.liang.see@intel.com 2020-06-24T08:31:08+00:00 499b7493e7a4d8c9171ff14accafe5a5b22cf00c This fixes the CVE-2016-9840. Commit imported from [1]. inftrees.c was subtracting an offset from a pointer to an array, in order to provide a pointer that allowed indexing starting at the offset. This is not compliant with the C standard, for which the behavior of a pointer decremented before its allocated memory is undefined. Per the recommendation of a security audit of the zlib code by Trail of Bits and TrustInSoft, in support of the Mozilla Foundation, this tiny optimization was removed, in order to avoid the possibility of undefined behavior. [1]: https://github.com/madler/zlib/commit/6a043145ca6e9c55184013841a67b2fef87e44c0 Signed-off-by: Mark Adler <madler@alumni.caltech.edu> Signed-off-by: Chin Liang See <chin.liang.see@intel.com> Signed-off-by: Ley Foon Tan <ley.foon.tan@intel.com> 
This fixes the CVE-2016-9840. Commit imported from [1].

inftrees.c was subtracting an offset from a pointer to an array,
in order to provide a pointer that allowed indexing starting at
the offset. This is not compliant with the C standard, for which
the behavior of a pointer decremented before its allocated memory
is undefined. Per the recommendation of a security audit of the
zlib code by Trail of Bits and TrustInSoft, in support of the
Mozilla Foundation, this tiny optimization was removed, in order
to avoid the possibility of undefined behavior.

[1]: https://github.com/madler/zlib/commit/6a043145ca6e9c55184013841a67b2fef87e44c0

Signed-off-by: Mark Adler <madler@alumni.caltech.edu>
Signed-off-by: Chin Liang See <chin.liang.see@intel.com>
Signed-off-by: Ley Foon Tan <ley.foon.tan@intel.com>
lib: zlib: fix formatting, reference 2020-04-27T18:55:29+00:00 Heinrich Schuchardt xypron.glpk@gmx.de 2020-04-20T15:40:57+00:00 cc3860f66f682f17fd2ef4b31dbb9b7d864b53e1 Provide a valid reference for the deflate format. Reformat the ALGORITHM and REFERENCES comments. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de> 
Provide a valid reference for the deflate format.
Reformat the ALGORITHM and REFERENCES comments.

Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>