The CVE_STATUS needs to stay (forever), as r118 > 1.x.y so it would reappear in CVE reports. Also, you're not fixing this CVE with this upgrade, so commit message should not have "CVE: " flag.
Additionally upstream-status flag is missing in your patch, move it there from commit message. Cheers, Peter > -----Original Message----- > From: [email protected] <openembedded- > [email protected]> On Behalf Of Thorsten Fuchs via > lists.openembedded.org > Sent: Tuesday, August 13, 2024 8:09 > To: [email protected] > Cc: Thorsten Fuchs <[email protected]> > Subject: [OE-core] [PATCH] lz4: upgrade 1.9.4 -> 1.10.0 > > * Add a patch to rename LIBDIR variable in Makefiles > * Remove CVE_STATUS for CVE-2014-4715 that was fixed in r118. > > Signed-off-by: Thorsten Fuchs <[email protected]> > > Upstream-Status: Inappropriate [oe specific] > > CVE: CVE-2014-4715 > --- > ...1-Fix-Makefile-variable-name-overlap.patch | 211 ++++++++++++++++++ > .../lz4/{lz4_1.9.4.bb => lz4_1.10.0.bb} | 26 +-- > 2 files changed, 223 insertions(+), 14 deletions(-) > create mode 100644 meta/recipes-support/lz4/files/0001-Fix-Makefile- > variable-name-overlap.patch > rename meta/recipes-support/lz4/{lz4_1.9.4.bb => lz4_1.10.0.bb} (59%) > > diff --git a/meta/recipes-support/lz4/files/0001-Fix-Makefile-variable-name- > overlap.patch b/meta/recipes-support/lz4/files/0001-Fix-Makefile-variable- > name-overlap.patch > new file mode 100644 > index 0000000000..f69d6bd71b > --- /dev/null > +++ b/meta/recipes-support/lz4/files/0001-Fix-Makefile-variable-name- > overlap.patch > @@ -0,0 +1,211 @@ > +From ec631bc59a5ae9a38b688e999a9044fef9211d98 Mon Sep 17 > 00:00:00 2001 > +From: Thorsten Fuchs <[email protected]> > +Date: Mon, 12 Aug 2024 12:20:21 +0000 > +Subject: [PATCH] Fix Makefile variable name overlap. > + > +Upstream renamed LZ4DIR to LIBDIR inside Makefiles which collides with > +the OpenEmbedded builds. > + > +Signed-off-by: Thorsten Fuchs <[email protected]> > +--- > + examples/Makefile | 10 +++++----- > + programs/Makefile | 16 ++++++++-------- > + tests/Makefile | 28 ++++++++++++++-------------- > + 3 files changed, 27 insertions(+), 27 deletions(-) > + > +diff --git a/examples/Makefile b/examples/Makefile > +index 91a4f484..26fdf6d7 100644 > +--- a/examples/Makefile > ++++ b/examples/Makefile > +@@ -27,22 +27,22 @@ > + # kindly provided by Takayuki Matsuoka > + # > ################################################################### > ####### > + > +-LIBDIR := ../lib > ++LZ4DIR := ../lib > + > +-CPPFLAGS += -I$(LIBDIR) > ++CPPFLAGS += -I$(LZ4DIR) > + USERCFLAGS:= $(CFLAGS) > + WFLAGS = -std=gnu99 -Wall -Wextra -Wundef -Wshadow -Wcast-align - > Wstrict-prototypes -Wc++-compat > + CFLAGS = $(WFLAGS) -O2 $(USERCFLAGS) > + > + TESTFILE = Makefile > +-SLIBLZ4 := $(LIBDIR)/liblz4.a > ++SLIBLZ4 := $(LZ4DIR)/liblz4.a > + LZ4DIR = ../programs > + LZ4 = $(LZ4DIR)/lz4 > + > + default: all > + > +-$(SLIBLZ4): $(LIBDIR)/lz4.c $(LIBDIR)/lz4hc.c $(LIBDIR)/lz4frame.c > $(LIBDIR)/lz4.h $(LIBDIR)/lz4hc.h $(LIBDIR)/lz4frame.h > $(LIBDIR)/lz4frame_static.h > +- $(MAKE) -j -C $(LIBDIR) liblz4.a > ++$(SLIBLZ4): $(LZ4DIR)/lz4.c $(LZ4DIR)/lz4hc.c $(LZ4DIR)/lz4frame.c > $(LZ4DIR)/lz4.h $(LZ4DIR)/lz4hc.h $(LZ4DIR)/lz4frame.h > $(LZ4DIR)/lz4frame_static.h > ++ $(MAKE) -j -C $(LZ4DIR) liblz4.a > + > + ALL = print_version \ > + simple_buffer \ > +diff --git a/programs/Makefile b/programs/Makefile > +index 643ce14f..d9975b26 100644 > +--- a/programs/Makefile > ++++ b/programs/Makefile > +@@ -31,8 +31,8 @@ > + SED ?= sed > + > + # Version numbers > +-LIBDIR := ../lib > +-LIBVER_SRC := $(LIBDIR)/lz4.h > ++LZ4DIR := ../lib > ++LIBVER_SRC := $(LZ4DIR)/lz4.h > + LIBVER_MAJOR_SCRIPT:=`$(SED) -n > '/define[[:blank:]][[:blank:]]*LZ4_VERSION_MAJOR/s/.*[[:blank:]]\([0-9][0- > 9]*\).*/\1/p' < $(LIBVER_SRC)` > + LIBVER_MINOR_SCRIPT:=`$(SED) -n > '/define[[:blank:]][[:blank:]]*LZ4_VERSION_MINOR/s/.*[[:blank:]]\([0-9][0- > 9]*\).*/\1/p' < $(LIBVER_SRC)` > + LIBVER_PATCH_SCRIPT:=`$(SED) -n > '/define[[:blank:]][[:blank:]]*LZ4_VERSION_RELEASE/s/.*[[:blank:]]\([0-9][0- > 9]*\).*/\1/p' < $(LIBVER_SRC)` > +@@ -42,7 +42,7 @@ LIBVER_MINOR := $(shell echo > $(LIBVER_MINOR_SCRIPT)) > + LIBVER_PATCH := $(shell echo $(LIBVER_PATCH_SCRIPT)) > + LIBVER := $(shell echo $(LIBVER_SCRIPT)) > + > +-LIBFILES = $(wildcard $(LIBDIR)/*.c) > ++LIBFILES = $(wildcard $(LZ4DIR)/*.c) > + SRCFILES = $(sort $(LIBFILES) $(wildcard *.c)) > + OBJFILES = $(SRCFILES:.c=.o) > + > +@@ -51,7 +51,7 @@ DEBUGFLAGS= -Wall -Wextra -Wundef -Wcast-qual - > Wcast-align -Wshadow \ > + -Wpointer-arith -Wstrict-aliasing=1 > + USERCFLAGS:= -O3 $(CFLAGS) # -O3 can be overruled by user-provided -Ox > level > + CFLAGS = $(DEBUGFLAGS) $(USERCFLAGS) > +-CPPFLAGS += -I$(LIBDIR) -DXXH_NAMESPACE=LZ4_ > ++CPPFLAGS += -I$(LZ4DIR) -DXXH_NAMESPACE=LZ4_ > + > + include ../Makefile.inc > + > +@@ -132,8 +132,8 @@ lz4-nomt: $(SRCFILES) > + > + CLEAN += lz4-wlib > + lz4-wlib: LIBFILES = > +-lz4-wlib: SRCFILES+= $(LIBDIR)/xxhash.c # benchmark unit needs XXH64() > +-lz4-wlib: LDFLAGS += -L $(LIBDIR) > ++lz4-wlib: SRCFILES+= $(LZ4DIR)/xxhash.c # benchmark unit needs XXH64() > ++lz4-wlib: LDFLAGS += -L $(LZ4DIR) > + lz4-wlib: LDLIBS = -llz4 > + lz4-wlib: liblz4 $(OBJFILES) > + @echo WARNING: $@ must link to an extended variant of the > dynamic library which also exposes unstable symbols > +@@ -141,7 +141,7 @@ lz4-wlib: liblz4 $(OBJFILES) > + > + .PHONY:liblz4 > + liblz4: > +- CPPFLAGS="-DLZ4F_PUBLISH_STATIC_FUNCTIONS - > DLZ4_PUBLISH_STATIC_FUNCTIONS" $(MAKE) -C $(LIBDIR) liblz4 > ++ CPPFLAGS="-DLZ4F_PUBLISH_STATIC_FUNCTIONS - > DLZ4_PUBLISH_STATIC_FUNCTIONS" $(MAKE) -C $(LZ4DIR) liblz4 > + > + CLEAN += lz4c > + lz4c: lz4 > +@@ -179,7 +179,7 @@ clean: > + ifeq ($(WINBASED),yes) > + $(RM) *.rc > + endif > +- $(MAKE) -C $(LIBDIR) $@ > $(VOID) > ++ $(MAKE) -C $(LZ4DIR) $@ > $(VOID) > + $(RM) $(CLEAN) *.o tmp* *.test core > + @echo Cleaning completed > + > +diff --git a/tests/Makefile b/tests/Makefile > +index 47e2774d..7adfdfcc 100644 > +--- a/tests/Makefile > ++++ b/tests/Makefile > +@@ -28,7 +28,7 @@ > + # datagen : generates synthetic data samples for tests & benchmarks > + # > ################################################################### > ####### > + > +-LIBDIR := ../lib > ++LZ4DIR := ../lib > + PRGDIR := ../programs > + TESTDIR := versionsTest > + PYTHON ?= python3 > +@@ -40,7 +40,7 @@ WFLAGS = -Wall -Wextra -Wundef -Wcast-qual - > Wcast-align -Wshadow \ > + -Wswitch-enum -Wdeclaration-after-statement -Wstrict-prototypes > \ > + -Wpointer-arith -Wstrict-aliasing=1 > + CFLAGS = $(WFLAGS) $(DEBUGFLAGS) $(USERCFLAGS) > +-CPPFLAGS += -I$(LIBDIR) -I$(PRGDIR) -DXXH_NAMESPACE=LZ4_ > ++CPPFLAGS += -I$(LZ4DIR) -I$(PRGDIR) -DXXH_NAMESPACE=LZ4_ > + ALLFLAGS = $(CFLAGS) $(CPPFLAGS) $(LDFLAGS) > + > + include ../Makefile.inc > +@@ -69,7 +69,7 @@ lz4: > + > + .PHONY: lib liblz4.pc > + lib liblz4.pc: > +- $(MAKE) -C $(LIBDIR) $@ CFLAGS="$(CFLAGS)" > ++ $(MAKE) -C $(LZ4DIR) $@ CFLAGS="$(CFLAGS)" > + > + lz4c unlz4 lz4cat: lz4 > + $(LN_SF) $(LZ4) $(PRGDIR)/$@ > +@@ -79,7 +79,7 @@ lz4c32: # create a 32-bits version for 32/64 interop > tests > + $(MAKE) -C $(PRGDIR) $@ CFLAGS="-m32 $(CFLAGS)" > + > + # *.o objects are from library > +-%.o : $(LIBDIR)/%.c $(LIBDIR)/%.h > ++%.o : $(LZ4DIR)/%.c $(LZ4DIR)/%.h > + $(CC) -c $(CFLAGS) $(CPPFLAGS) $< -o $@ > + > + CLEAN += fullbench > +@@ -88,14 +88,14 @@ fullbench : CPPFLAGS += -DNDEBUG > + fullbench : lz4.o lz4hc.o lz4frame.o xxhash.o fullbench.c > + $(CC) $(ALLFLAGS) $^ -o $@$(EXT) > + > +-.PHONY: $(LIBDIR)/liblz4.a > +-$(LIBDIR)/liblz4.a: > +- $(MAKE) -C $(LIBDIR) liblz4.a > ++.PHONY: $(LZ4DIR)/liblz4.a > ++$(LZ4DIR)/liblz4.a: > ++ $(MAKE) -C $(LZ4DIR) liblz4.a > + > + CLEAN += fullbench-lib > + fullbench-lib : DEBUGLEVEL=0 > + fullbench-lib : CPPFLAGS += -DNDEBUG > +-fullbench-lib: fullbench.c $(LIBDIR)/liblz4.a > ++fullbench-lib: fullbench.c $(LZ4DIR)/liblz4.a > + $(CC) $(ALLFLAGS) $^ -o $@$(EXT) > + > + # Note: Windows only > +@@ -103,9 +103,9 @@ ifeq ($(WINBASED),yes) > + CLEAN += fullbench-dll > + fullbench-dll : DEBUGLEVEL=0 > + fullbench-dll : CPPFLAGS += -DNDEBUG > +-fullbench-dll: fullbench.c $(LIBDIR)/xxhash.c > +- $(MAKE) -C $(LIBDIR) liblz4 > +- $(CC) $(ALLFLAGS) $^ -o $@$(EXT) -DLZ4_DLL_IMPORT=1 > $(LIBDIR)/dll/$(LIBLZ4).dll > ++fullbench-dll: fullbench.c $(LZ4DIR)/xxhash.c > ++ $(MAKE) -C $(LZ4DIR) liblz4 > ++ $(CC) $(ALLFLAGS) $^ -o $@$(EXT) -DLZ4_DLL_IMPORT=1 > $(LZ4DIR)/dll/$(LIBLZ4).dll > + endif > + > + # test LZ4_USER_MEMORY_FUNCTIONS > +@@ -143,7 +143,7 @@ decompress-partial-usingDict: lz4.o decompress- > partial-usingDict.c > + > + .PHONY: clean > + clean: > +- @$(MAKE) -C $(LIBDIR) $@ > $(VOID) > ++ @$(MAKE) -C $(LZ4DIR) $@ > $(VOID) > + @$(MAKE) -C $(PRGDIR) $@ > $(VOID) > + @$(RM) $(CLEAN) core *.o *.test tmp* > + @$(RM) -r $(TESTDIR) > +@@ -166,7 +166,7 @@ abiTests: > + $(PYTHON) test-lz4-abi.py > + > + CLEAN += checkTag > +-checkTag: checkTag.c $(LIBDIR)/lz4.h > ++checkTag: checkTag.c $(LZ4DIR)/lz4.h > + $(CC) $(ALLFLAGS) $< -o $@$(EXT) > + > + > #----------------------------------------------------------------------------- > +@@ -204,7 +204,7 @@ test32: test > + test-amalgamation: lz4_all.o > + > + CLEAN += lz4_all.c > +-lz4_all.c: $(LIBDIR)/lz4.c $(LIBDIR)/lz4hc.c $(LIBDIR)/lz4frame.c > ++lz4_all.c: $(LZ4DIR)/lz4.c $(LZ4DIR)/lz4hc.c $(LZ4DIR)/lz4frame.c > + $(CAT) $^ > $@ > + > + test-install: lz4 lib liblz4.pc > +-- > +2.17.1 > + > diff --git a/meta/recipes-support/lz4/lz4_1.9.4.bb b/meta/recipes- > support/lz4/lz4_1.10.0.bb > similarity index 59% > rename from meta/recipes-support/lz4/lz4_1.9.4.bb > rename to meta/recipes-support/lz4/lz4_1.10.0.bb > index 51a854d44a..778a5b6e72 100644 > --- a/meta/recipes-support/lz4/lz4_1.9.4.bb > +++ b/meta/recipes-support/lz4/lz4_1.10.0.bb > @@ -2,45 +2,43 @@ SUMMARY = "Extremely Fast Compression algorithm" > DESCRIPTION = "LZ4 is a very fast lossless compression algorithm, providing > compression speed at 400 MB/s per core, scalable with multi-cores CPU. It > also features an extremely fast decoder, with speed in multiple GB/s per core, > typically reaching RAM speed limits on multi-core systems." > HOMEPAGE = "https://github.com/lz4/lz4"; > > -LICENSE = "BSD-2-Clause | GPL-2.0-only" > +LICENSE = "BSD-2-Clause | GPL-2.0-or-later" > LIC_FILES_CHKSUM = > "file://lib/LICENSE;md5=5cd5f851b52ec832b10eedb3f01f885a \ > - > file://programs/COPYING;md5=b234ee4d69f5fce4486a80fdaf4a4263 \ > - file://LICENSE;md5=c5cc3cd6f9274b4d32988096df9c3ec3 \ > + > file://programs/COPYING;md5=492daf447d6db0e5eb344a7922e7ec25 \ > + file://LICENSE;md5=c111c47e301c2ffe8776729b40b44477 \ > " > > PE = "1" > > -SRCREV = "5ff839680134437dbf4678f3d0c7b371d84f4964" > +SRCREV = "ebb370ca83af193212df4dcbadcc5d87bc0de2f0" > > SRC_URI = "git://github.com/lz4/lz4.git;branch=release;protocol=https \ > - file://run-ptest \ > - " > + file://0001-Fix-Makefile-variable-name-overlap.patch \ > + file://run-ptest \ > + " > UPSTREAM_CHECK_GITTAGREGEX = "v(?P<pver>.*)" > > S = "${WORKDIR}/git" > > inherit ptest > > -CVE_STATUS[CVE-2014-4715] = "fixed-version: Fixed in r118, which is larger > than the current version." > - > EXTRA_OEMAKE = "PREFIX=${prefix} CC='${CC}' CFLAGS='${CFLAGS}' > DESTDIR=${D} LIBDIR=${libdir} INCLUDEDIR=${includedir} BUILD_STATIC=no" > > do_install() { > - oe_runmake install > + oe_runmake install > } > > BBCLASSEXTEND = "native nativesdk" > > -RDEPENDS:${PN}-ptest += "bash" > +RDEPENDS_${PN}-ptest += "bash" > > do_compile_ptest() { > oe_runmake -C ${B}/tests/ > } > > do_install_ptest() { > - install -d ${D}${PTEST_PATH}/tests/ > - install --mode=755 ${B}/tests/frametest ${D}${PTEST_PATH}/tests/ > - sed -i "s#@PTEST_PATH@#${PTEST_PATH}#g" > ${D}${PTEST_PATH}/run-ptest > - > + install -d ${D}${PTEST_PATH}/tests/ > + install --mode=755 ${B}/tests/frametest ${D}${PTEST_PATH}/tests/ > + sed -i "s#@PTEST_PATH@#${PTEST_PATH}#g" ${D}${PTEST_PATH}/run- > ptest > } > > -- > 2.34.1
-=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#203252): https://lists.openembedded.org/g/openembedded-core/message/203252 Mute This Topic: https://lists.openembedded.org/mt/107871250/21656 Group Owner: [email protected] Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [[email protected]] -=-=-=-=-=-=-=-=-=-=-=-
