lz4: upgrade 1.9.4 -> 1.10.0

Message ID	20240813060844.5036-1-t.fuchs@thofu.net
State	Accepted, archived
Commit	a4dde4e0dcc2cc75c4eec5d78fbf2a1e47401050
Headers	show Return-Path: <t.fuchs@thofu.net> ip: 80.241.56.151, mailfrom: t.fuchs@thofu.net) From: Thorsten Fuchs <t.fuchs@thofu.net> To: openembedded-core@lists.openembedded.org Cc: Thorsten Fuchs <t.fuchs@thofu.net> Subject: [PATCH] lz4: upgrade 1.9.4 -> 1.10.0 Date: Tue, 13 Aug 2024 08:08:44 +0200 Message-Id: <20240813060844.5036-1-t.fuchs@thofu.net> MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable
Series	lz4: upgrade 1.9.4 -> 1.10.0 \| expand lz4: upgrade 1.9.4 -> 1.10.0

Message ID

20240813060844.5036-1-t.fuchs@thofu.net

State

Accepted, archived

Commit

a4dde4e0dcc2cc75c4eec5d78fbf2a1e47401050

Headers

From: Thorsten Fuchs <t.fuchs@thofu.net>
To: openembedded-core@lists.openembedded.org
Cc: Thorsten Fuchs <t.fuchs@thofu.net>
Subject: [PATCH] lz4: upgrade 1.9.4 -> 1.10.0
Date: Tue, 13 Aug 2024 08:08:44 +0200
Message-Id: <20240813060844.5036-1-t.fuchs@thofu.net>
MIME-Version: 1.0
Content-Transfer-Encoding: quoted-printable

Series

lz4: upgrade 1.9.4 -> 1.10.0 | expand

Commit Message

Thorsten Fuchs Aug. 13, 2024, 6:08 a.m. UTC

* Add a patch to rename LIBDIR variable in Makefiles
* Remove CVE_STATUS for CVE-2014-4715 that was fixed in r118.

Signed-off-by: Thorsten Fuchs <t.fuchs@thofu.net>

Upstream-Status: Inappropriate [oe specific]

CVE: CVE-2014-4715
---
 ...1-Fix-Makefile-variable-name-overlap.patch | 211 ++++++++++++++++++
 .../lz4/{lz4_1.9.4.bb => lz4_1.10.0.bb}       |  26 +--
 2 files changed, 223 insertions(+), 14 deletions(-)
 create mode 100644 meta/recipes-support/lz4/files/0001-Fix-Makefile-variable-name-overlap.patch
 rename meta/recipes-support/lz4/{lz4_1.9.4.bb => lz4_1.10.0.bb} (59%)

Comments

patchtest@automation.yoctoproject.org Aug. 13, 2024, 6:18 a.m. UTC | #1

Thank you for your submission. Patchtest identified one
or more issues with the patch. Please see the log below for
more information:

---
Testing patch /home/patchtest/share/mboxes/lz4-upgrade-1.9.4---1.10.0.patch

FAIL: test CVE tag format: Missing or incorrectly formatted CVE tag in patch file. Correct or include the CVE tag in the patch with format: "CVE: CVE-YYYY-XXXX" (test_patch.TestPatch.test_cve_tag_format)
FAIL: test Upstream-Status presence: Added patch file is missing Upstream-Status: <Valid status> in the commit message (test_patch.TestPatch.test_upstream_status_presence_format)

PASS: pretest src uri left files (test_metadata.TestMetadata.pretest_src_uri_left_files)
PASS: test CVE check ignore (test_metadata.TestMetadata.test_cve_check_ignore)
PASS: test Signed-off-by presence (test_mbox.TestMbox.test_signed_off_by_presence)
PASS: test Signed-off-by presence (test_patch.TestPatch.test_signed_off_by_presence)
PASS: test author valid (test_mbox.TestMbox.test_author_valid)
PASS: test commit message presence (test_mbox.TestMbox.test_commit_message_presence)
PASS: test lic files chksum modified not mentioned (test_metadata.TestMetadata.test_lic_files_chksum_modified_not_mentioned)
PASS: test max line length (test_metadata.TestMetadata.test_max_line_length)
PASS: test mbox format (test_mbox.TestMbox.test_mbox_format)
PASS: test non-AUH upgrade (test_mbox.TestMbox.test_non_auh_upgrade)
PASS: test shortlog format (test_mbox.TestMbox.test_shortlog_format)
PASS: test shortlog length (test_mbox.TestMbox.test_shortlog_length)
PASS: test src uri left files (test_metadata.TestMetadata.test_src_uri_left_files)

SKIP: pretest pylint: No python related patches, skipping test (test_python_pylint.PyLint.pretest_pylint)
SKIP: test bugzilla entry format: No bug ID found (test_mbox.TestMbox.test_bugzilla_entry_format)
SKIP: test lic files chksum presence: No added recipes, skipping test (test_metadata.TestMetadata.test_lic_files_chksum_presence)
SKIP: test license presence: No added recipes, skipping test (test_metadata.TestMetadata.test_license_presence)
SKIP: test pylint: No python related patches, skipping test (test_python_pylint.PyLint.test_pylint)
SKIP: test series merge on head: Merge test is disabled for now (test_mbox.TestMbox.test_series_merge_on_head)
SKIP: test summary presence: No added recipes, skipping test (test_metadata.TestMetadata.test_summary_presence)
SKIP: test target mailing list: Series merged, no reason to check other mailing lists (test_mbox.TestMbox.test_target_mailing_list)

---

Please address the issues identified and
submit a new revision of the patch, or alternatively, reply to this
email with an explanation of why the patch should be accepted. If you
believe these results are due to an error in patchtest, please submit a
bug at https://bugzilla.yoctoproject.org/ (use the 'Patchtest' category
under 'Yocto Project Subprojects'). For more information on specific
failures, see: https://wiki.yoctoproject.org/wiki/Patchtest. Thank
you!

Marko, Peter Aug. 13, 2024, 6:19 a.m. UTC | #2

The CVE_STATUS needs to stay (forever), as r118 > 1.x.y so it would reappear in CVE reports.
Also, you're not fixing this CVE with this upgrade, so commit message should not have "CVE: " flag.

Additionally upstream-status flag is missing in your patch, move it there from commit message.

Cheers,
Peter

> -----Original Message-----
> From: openembedded-core@lists.openembedded.org <openembedded-
> core@lists.openembedded.org> On Behalf Of Thorsten Fuchs via
> lists.openembedded.org
> Sent: Tuesday, August 13, 2024 8:09
> To: openembedded-core@lists.openembedded.org
> Cc: Thorsten Fuchs <t.fuchs@thofu.net>
> Subject: [OE-core] [PATCH] lz4: upgrade 1.9.4 -> 1.10.0
> 
> * Add a patch to rename LIBDIR variable in Makefiles
> * Remove CVE_STATUS for CVE-2014-4715 that was fixed in r118.
> 
> Signed-off-by: Thorsten Fuchs <t.fuchs@thofu.net>
> 
> Upstream-Status: Inappropriate [oe specific]
> 
> CVE: CVE-2014-4715
> ---
>  ...1-Fix-Makefile-variable-name-overlap.patch | 211 ++++++++++++++++++
>  .../lz4/{lz4_1.9.4.bb => lz4_1.10.0.bb}       |  26 +--
>  2 files changed, 223 insertions(+), 14 deletions(-)
>  create mode 100644 meta/recipes-support/lz4/files/0001-Fix-Makefile-
> variable-name-overlap.patch
>  rename meta/recipes-support/lz4/{lz4_1.9.4.bb => lz4_1.10.0.bb} (59%)
> 
> diff --git a/meta/recipes-support/lz4/files/0001-Fix-Makefile-variable-name-
> overlap.patch b/meta/recipes-support/lz4/files/0001-Fix-Makefile-variable-
> name-overlap.patch
> new file mode 100644
> index 0000000000..f69d6bd71b
> --- /dev/null
> +++ b/meta/recipes-support/lz4/files/0001-Fix-Makefile-variable-name-
> overlap.patch
> @@ -0,0 +1,211 @@
> +From ec631bc59a5ae9a38b688e999a9044fef9211d98 Mon Sep 17
> 00:00:00 2001
> +From: Thorsten Fuchs <thorsten.fuchs@abaut.de>
> +Date: Mon, 12 Aug 2024 12:20:21 +0000
> +Subject: [PATCH] Fix Makefile variable name overlap.
> +
> +Upstream renamed LZ4DIR to LIBDIR inside Makefiles which collides with
> +the OpenEmbedded builds.
> +
> +Signed-off-by: Thorsten Fuchs <thorsten.fuchs@abaut.de>
> +---
> + examples/Makefile | 10 +++++-----
> + programs/Makefile | 16 ++++++++--------
> + tests/Makefile    | 28 ++++++++++++++--------------
> + 3 files changed, 27 insertions(+), 27 deletions(-)
> +
> +diff --git a/examples/Makefile b/examples/Makefile
> +index 91a4f484..26fdf6d7 100644
> +--- a/examples/Makefile
> ++++ b/examples/Makefile
> +@@ -27,22 +27,22 @@
> + # kindly provided by Takayuki Matsuoka
> + #
> ###################################################################
> #######
> +
> +-LIBDIR    := ../lib
> ++LZ4DIR    := ../lib
> +
> +-CPPFLAGS  += -I$(LIBDIR)
> ++CPPFLAGS  += -I$(LZ4DIR)
> + USERCFLAGS:= $(CFLAGS)
> + WFLAGS     = -std=gnu99 -Wall -Wextra -Wundef -Wshadow -Wcast-align -
> Wstrict-prototypes -Wc++-compat
> + CFLAGS     = $(WFLAGS) -O2 $(USERCFLAGS)
> +
> + TESTFILE   = Makefile
> +-SLIBLZ4   := $(LIBDIR)/liblz4.a
> ++SLIBLZ4   := $(LZ4DIR)/liblz4.a
> + LZ4DIR     = ../programs
> + LZ4        = $(LZ4DIR)/lz4
> +
> + default: all
> +
> +-$(SLIBLZ4): $(LIBDIR)/lz4.c $(LIBDIR)/lz4hc.c $(LIBDIR)/lz4frame.c
> $(LIBDIR)/lz4.h $(LIBDIR)/lz4hc.h $(LIBDIR)/lz4frame.h
> $(LIBDIR)/lz4frame_static.h
> +-	$(MAKE) -j -C $(LIBDIR) liblz4.a
> ++$(SLIBLZ4): $(LZ4DIR)/lz4.c $(LZ4DIR)/lz4hc.c $(LZ4DIR)/lz4frame.c
> $(LZ4DIR)/lz4.h $(LZ4DIR)/lz4hc.h $(LZ4DIR)/lz4frame.h
> $(LZ4DIR)/lz4frame_static.h
> ++	$(MAKE) -j -C $(LZ4DIR) liblz4.a
> +
> + ALL = print_version \
> + 	  simple_buffer \
> +diff --git a/programs/Makefile b/programs/Makefile
> +index 643ce14f..d9975b26 100644
> +--- a/programs/Makefile
> ++++ b/programs/Makefile
> +@@ -31,8 +31,8 @@
> + SED ?= sed
> +
> + # Version numbers
> +-LIBDIR   := ../lib
> +-LIBVER_SRC := $(LIBDIR)/lz4.h
> ++LZ4DIR   := ../lib
> ++LIBVER_SRC := $(LZ4DIR)/lz4.h
> + LIBVER_MAJOR_SCRIPT:=`$(SED) -n
> '/define[[:blank:]][[:blank:]]*LZ4_VERSION_MAJOR/s/.*[[:blank:]]\([0-9][0-
> 9]*\).*/\1/p' < $(LIBVER_SRC)`
> + LIBVER_MINOR_SCRIPT:=`$(SED) -n
> '/define[[:blank:]][[:blank:]]*LZ4_VERSION_MINOR/s/.*[[:blank:]]\([0-9][0-
> 9]*\).*/\1/p' < $(LIBVER_SRC)`
> + LIBVER_PATCH_SCRIPT:=`$(SED) -n
> '/define[[:blank:]][[:blank:]]*LZ4_VERSION_RELEASE/s/.*[[:blank:]]\([0-9][0-
> 9]*\).*/\1/p' < $(LIBVER_SRC)`
> +@@ -42,7 +42,7 @@ LIBVER_MINOR := $(shell echo
> $(LIBVER_MINOR_SCRIPT))
> + LIBVER_PATCH := $(shell echo $(LIBVER_PATCH_SCRIPT))
> + LIBVER   := $(shell echo $(LIBVER_SCRIPT))
> +
> +-LIBFILES  = $(wildcard $(LIBDIR)/*.c)
> ++LIBFILES  = $(wildcard $(LZ4DIR)/*.c)
> + SRCFILES  = $(sort $(LIBFILES) $(wildcard *.c))
> + OBJFILES  = $(SRCFILES:.c=.o)
> +
> +@@ -51,7 +51,7 @@ DEBUGFLAGS= -Wall -Wextra -Wundef -Wcast-qual -
> Wcast-align -Wshadow \
> +             -Wpointer-arith -Wstrict-aliasing=1
> + USERCFLAGS:= -O3 $(CFLAGS) # -O3 can be overruled by user-provided -Ox
> level
> + CFLAGS    = $(DEBUGFLAGS) $(USERCFLAGS)
> +-CPPFLAGS += -I$(LIBDIR) -DXXH_NAMESPACE=LZ4_
> ++CPPFLAGS += -I$(LZ4DIR) -DXXH_NAMESPACE=LZ4_
> +
> + include ../Makefile.inc
> +
> +@@ -132,8 +132,8 @@ lz4-nomt: $(SRCFILES)
> +
> + CLEAN += lz4-wlib
> + lz4-wlib: LIBFILES =
> +-lz4-wlib: SRCFILES+= $(LIBDIR)/xxhash.c  # benchmark unit needs XXH64()
> +-lz4-wlib: LDFLAGS += -L $(LIBDIR)
> ++lz4-wlib: SRCFILES+= $(LZ4DIR)/xxhash.c  # benchmark unit needs XXH64()
> ++lz4-wlib: LDFLAGS += -L $(LZ4DIR)
> + lz4-wlib: LDLIBS   = -llz4
> + lz4-wlib: liblz4 $(OBJFILES)
> + 	@echo WARNING: $@ must link to an extended variant of the
> dynamic library which also exposes unstable symbols
> +@@ -141,7 +141,7 @@ lz4-wlib: liblz4 $(OBJFILES)
> +
> + .PHONY:liblz4
> + liblz4:
> +-	CPPFLAGS="-DLZ4F_PUBLISH_STATIC_FUNCTIONS -
> DLZ4_PUBLISH_STATIC_FUNCTIONS" $(MAKE) -C $(LIBDIR) liblz4
> ++	CPPFLAGS="-DLZ4F_PUBLISH_STATIC_FUNCTIONS -
> DLZ4_PUBLISH_STATIC_FUNCTIONS" $(MAKE) -C $(LZ4DIR) liblz4
> +
> + CLEAN += lz4c
> + lz4c: lz4
> +@@ -179,7 +179,7 @@ clean:
> + ifeq ($(WINBASED),yes)
> + 	$(RM) *.rc
> + endif
> +-	$(MAKE) -C $(LIBDIR) $@ > $(VOID)
> ++	$(MAKE) -C $(LZ4DIR) $@ > $(VOID)
> + 	$(RM) $(CLEAN) *.o tmp* *.test core
> + 	@echo Cleaning completed
> +
> +diff --git a/tests/Makefile b/tests/Makefile
> +index 47e2774d..7adfdfcc 100644
> +--- a/tests/Makefile
> ++++ b/tests/Makefile
> +@@ -28,7 +28,7 @@
> + # datagen : generates synthetic data samples for tests & benchmarks
> + #
> ###################################################################
> #######
> +
> +-LIBDIR  := ../lib
> ++LZ4DIR  := ../lib
> + PRGDIR  := ../programs
> + TESTDIR := versionsTest
> + PYTHON  ?= python3
> +@@ -40,7 +40,7 @@ WFLAGS    = -Wall -Wextra -Wundef -Wcast-qual -
> Wcast-align -Wshadow \
> +             -Wswitch-enum -Wdeclaration-after-statement -Wstrict-prototypes \
> +             -Wpointer-arith -Wstrict-aliasing=1
> + CFLAGS    = $(WFLAGS) $(DEBUGFLAGS) $(USERCFLAGS)
> +-CPPFLAGS += -I$(LIBDIR) -I$(PRGDIR) -DXXH_NAMESPACE=LZ4_
> ++CPPFLAGS += -I$(LZ4DIR) -I$(PRGDIR) -DXXH_NAMESPACE=LZ4_
> + ALLFLAGS  = $(CFLAGS) $(CPPFLAGS) $(LDFLAGS)
> +
> + include ../Makefile.inc
> +@@ -69,7 +69,7 @@ lz4:
> +
> + .PHONY: lib liblz4.pc
> + lib liblz4.pc:
> +-	$(MAKE) -C $(LIBDIR) $@ CFLAGS="$(CFLAGS)"
> ++	$(MAKE) -C $(LZ4DIR) $@ CFLAGS="$(CFLAGS)"
> +
> + lz4c unlz4 lz4cat: lz4
> + 	$(LN_SF) $(LZ4) $(PRGDIR)/$@
> +@@ -79,7 +79,7 @@ lz4c32:  # create a 32-bits version for 32/64 interop
> tests
> + 	$(MAKE) -C $(PRGDIR) $@ CFLAGS="-m32 $(CFLAGS)"
> +
> + # *.o objects are from library
> +-%.o : $(LIBDIR)/%.c $(LIBDIR)/%.h
> ++%.o : $(LZ4DIR)/%.c $(LZ4DIR)/%.h
> + 	$(CC) -c $(CFLAGS) $(CPPFLAGS) $< -o $@
> +
> + CLEAN += fullbench
> +@@ -88,14 +88,14 @@ fullbench : CPPFLAGS += -DNDEBUG
> + fullbench : lz4.o lz4hc.o lz4frame.o xxhash.o fullbench.c
> + 	$(CC) $(ALLFLAGS) $^ -o $@$(EXT)
> +
> +-.PHONY: $(LIBDIR)/liblz4.a
> +-$(LIBDIR)/liblz4.a:
> +-	$(MAKE) -C $(LIBDIR) liblz4.a
> ++.PHONY: $(LZ4DIR)/liblz4.a
> ++$(LZ4DIR)/liblz4.a:
> ++	$(MAKE) -C $(LZ4DIR) liblz4.a
> +
> + CLEAN += fullbench-lib
> + fullbench-lib : DEBUGLEVEL=0
> + fullbench-lib : CPPFLAGS += -DNDEBUG
> +-fullbench-lib: fullbench.c $(LIBDIR)/liblz4.a
> ++fullbench-lib: fullbench.c $(LZ4DIR)/liblz4.a
> + 	$(CC) $(ALLFLAGS) $^ -o $@$(EXT)
> +
> + # Note: Windows only
> +@@ -103,9 +103,9 @@ ifeq ($(WINBASED),yes)
> + CLEAN += fullbench-dll
> + fullbench-dll : DEBUGLEVEL=0
> + fullbench-dll : CPPFLAGS += -DNDEBUG
> +-fullbench-dll: fullbench.c $(LIBDIR)/xxhash.c
> +-	$(MAKE) -C $(LIBDIR) liblz4
> +-	$(CC) $(ALLFLAGS) $^ -o $@$(EXT) -DLZ4_DLL_IMPORT=1
> $(LIBDIR)/dll/$(LIBLZ4).dll
> ++fullbench-dll: fullbench.c $(LZ4DIR)/xxhash.c
> ++	$(MAKE) -C $(LZ4DIR) liblz4
> ++	$(CC) $(ALLFLAGS) $^ -o $@$(EXT) -DLZ4_DLL_IMPORT=1
> $(LZ4DIR)/dll/$(LIBLZ4).dll
> + endif
> +
> + # test LZ4_USER_MEMORY_FUNCTIONS
> +@@ -143,7 +143,7 @@ decompress-partial-usingDict: lz4.o decompress-
> partial-usingDict.c
> +
> + .PHONY: clean
> + clean:
> +-	@$(MAKE) -C $(LIBDIR) $@ > $(VOID)
> ++	@$(MAKE) -C $(LZ4DIR) $@ > $(VOID)
> + 	@$(MAKE) -C $(PRGDIR) $@ > $(VOID)
> + 	@$(RM) $(CLEAN) core *.o *.test tmp*
> + 	@$(RM) -r $(TESTDIR)
> +@@ -166,7 +166,7 @@ abiTests:
> + 	$(PYTHON) test-lz4-abi.py
> +
> + CLEAN += checkTag
> +-checkTag: checkTag.c $(LIBDIR)/lz4.h
> ++checkTag: checkTag.c $(LZ4DIR)/lz4.h
> + 	$(CC) $(ALLFLAGS) $< -o $@$(EXT)
> +
> + #-----------------------------------------------------------------------------
> +@@ -204,7 +204,7 @@ test32: test
> + test-amalgamation: lz4_all.o
> +
> + CLEAN += lz4_all.c
> +-lz4_all.c: $(LIBDIR)/lz4.c $(LIBDIR)/lz4hc.c $(LIBDIR)/lz4frame.c
> ++lz4_all.c: $(LZ4DIR)/lz4.c $(LZ4DIR)/lz4hc.c $(LZ4DIR)/lz4frame.c
> + 	$(CAT) $^ > $@
> +
> + test-install: lz4 lib liblz4.pc
> +--
> +2.17.1
> +
> diff --git a/meta/recipes-support/lz4/lz4_1.9.4.bb b/meta/recipes-
> support/lz4/lz4_1.10.0.bb
> similarity index 59%
> rename from meta/recipes-support/lz4/lz4_1.9.4.bb
> rename to meta/recipes-support/lz4/lz4_1.10.0.bb
> index 51a854d44a..778a5b6e72 100644
> --- a/meta/recipes-support/lz4/lz4_1.9.4.bb
> +++ b/meta/recipes-support/lz4/lz4_1.10.0.bb
> @@ -2,45 +2,43 @@ SUMMARY = "Extremely Fast Compression algorithm"
>  DESCRIPTION = "LZ4 is a very fast lossless compression algorithm, providing
> compression speed at 400 MB/s per core, scalable with multi-cores CPU. It
> also features an extremely fast decoder, with speed in multiple GB/s per core,
> typically reaching RAM speed limits on multi-core systems."
>  HOMEPAGE = "https://github.com/lz4/lz4"
> 
> -LICENSE = "BSD-2-Clause | GPL-2.0-only"
> +LICENSE = "BSD-2-Clause | GPL-2.0-or-later"
>  LIC_FILES_CHKSUM =
> "file://lib/LICENSE;md5=5cd5f851b52ec832b10eedb3f01f885a \
> -
> file://programs/COPYING;md5=b234ee4d69f5fce4486a80fdaf4a4263 \
> -                    file://LICENSE;md5=c5cc3cd6f9274b4d32988096df9c3ec3 \
> +
> file://programs/COPYING;md5=492daf447d6db0e5eb344a7922e7ec25 \
> +                    file://LICENSE;md5=c111c47e301c2ffe8776729b40b44477 \
>                      "
> 
>  PE = "1"
> 
> -SRCREV = "5ff839680134437dbf4678f3d0c7b371d84f4964"
> +SRCREV = "ebb370ca83af193212df4dcbadcc5d87bc0de2f0"
> 
>  SRC_URI = "git://github.com/lz4/lz4.git;branch=release;protocol=https \
> -	   file://run-ptest \
> -	   "
> +           file://0001-Fix-Makefile-variable-name-overlap.patch \
> +           file://run-ptest \
> +           "
>  UPSTREAM_CHECK_GITTAGREGEX = "v(?P<pver>.*)"
> 
>  S = "${WORKDIR}/git"
> 
>  inherit ptest
> 
> -CVE_STATUS[CVE-2014-4715] = "fixed-version: Fixed in r118, which is larger
> than the current version."
> -
>  EXTRA_OEMAKE = "PREFIX=${prefix} CC='${CC}' CFLAGS='${CFLAGS}'
> DESTDIR=${D} LIBDIR=${libdir} INCLUDEDIR=${includedir} BUILD_STATIC=no"
> 
>  do_install() {
> -	oe_runmake install
> +        oe_runmake install
>  }
> 
>  BBCLASSEXTEND = "native nativesdk"
> 
> -RDEPENDS:${PN}-ptest += "bash"
> +RDEPENDS_${PN}-ptest += "bash"
> 
>  do_compile_ptest() {
>          oe_runmake -C ${B}/tests/
>  }
> 
>  do_install_ptest() {
> -	install -d ${D}${PTEST_PATH}/tests/
> -	install --mode=755 ${B}/tests/frametest ${D}${PTEST_PATH}/tests/
> -	sed -i "s#@PTEST_PATH@#${PTEST_PATH}#g"
> ${D}${PTEST_PATH}/run-ptest
> -
> +        install -d ${D}${PTEST_PATH}/tests/
> +        install --mode=755 ${B}/tests/frametest ${D}${PTEST_PATH}/tests/
> +        sed -i "s#@PTEST_PATH@#${PTEST_PATH}#g" ${D}${PTEST_PATH}/run-
> ptest
>  }
> 
> --
> 2.34.1

Thorsten Fuchs Aug. 13, 2024, 6:50 a.m. UTC | #3

Peter wrote:
> The CVE_STATUS needs to stay (forever), as r118 > 1.x.y so it would reappear in CVE reports.
> Also, you're not fixing this CVE with this upgrade, so commit message should not have "CVE: " flag.

This was a bit confusing to me. I read up on the docs again and understand the system now.
I mistook "r118 being bigger" with regard to release order and not simple lexical order.
Sorry for the inconvenience.

> Additionally upstream-status flag is missing in your patch, move it there from commit message.

Perfect hint, I read patch and assumed the patch we generate and send to the mailing list. Not the patch files themselves.

> Cheers,
> Peter

As a side note, working with the mailing list is still a bit obscure to me so I apologize for any mistakes in advance.

Cheers,
Thorsten

diff --git a/meta/recipes-support/lz4/files/0001-Fix-Makefile-variable-name-overlap.patch b/meta/recipes-support/lz4/files/0001-Fix-Makefile-variable-name-overlap.patch
new file mode 100644
index 0000000000..f69d6bd71b
--- /dev/null
+++ b/meta/recipes-support/lz4/files/0001-Fix-Makefile-variable-name-overlap.patch
@@ -0,0 +1,211 @@ 
+From ec631bc59a5ae9a38b688e999a9044fef9211d98 Mon Sep 17 00:00:00 2001
+From: Thorsten Fuchs <thorsten.fuchs@abaut.de>
+Date: Mon, 12 Aug 2024 12:20:21 +0000
+Subject: [PATCH] Fix Makefile variable name overlap.
+
+Upstream renamed LZ4DIR to LIBDIR inside Makefiles which collides with
+the OpenEmbedded builds.
+
+Signed-off-by: Thorsten Fuchs <thorsten.fuchs@abaut.de>
+---
+ examples/Makefile | 10 +++++-----
+ programs/Makefile | 16 ++++++++--------
+ tests/Makefile    | 28 ++++++++++++++--------------
+ 3 files changed, 27 insertions(+), 27 deletions(-)
+
+diff --git a/examples/Makefile b/examples/Makefile
+index 91a4f484..26fdf6d7 100644
+--- a/examples/Makefile
++++ b/examples/Makefile
+@@ -27,22 +27,22 @@
+ # kindly provided by Takayuki Matsuoka
+ # ##########################################################################
+ 
+-LIBDIR    := ../lib
++LZ4DIR    := ../lib
+ 
+-CPPFLAGS  += -I$(LIBDIR)
++CPPFLAGS  += -I$(LZ4DIR)
+ USERCFLAGS:= $(CFLAGS)
+ WFLAGS     = -std=gnu99 -Wall -Wextra -Wundef -Wshadow -Wcast-align -Wstrict-prototypes -Wc++-compat
+ CFLAGS     = $(WFLAGS) -O2 $(USERCFLAGS)
+ 
+ TESTFILE   = Makefile
+-SLIBLZ4   := $(LIBDIR)/liblz4.a
++SLIBLZ4   := $(LZ4DIR)/liblz4.a
+ LZ4DIR     = ../programs
+ LZ4        = $(LZ4DIR)/lz4
+ 
+ default: all
+ 
+-$(SLIBLZ4): $(LIBDIR)/lz4.c $(LIBDIR)/lz4hc.c $(LIBDIR)/lz4frame.c $(LIBDIR)/lz4.h $(LIBDIR)/lz4hc.h $(LIBDIR)/lz4frame.h $(LIBDIR)/lz4frame_static.h
+-	$(MAKE) -j -C $(LIBDIR) liblz4.a
++$(SLIBLZ4): $(LZ4DIR)/lz4.c $(LZ4DIR)/lz4hc.c $(LZ4DIR)/lz4frame.c $(LZ4DIR)/lz4.h $(LZ4DIR)/lz4hc.h $(LZ4DIR)/lz4frame.h $(LZ4DIR)/lz4frame_static.h
++	$(MAKE) -j -C $(LZ4DIR) liblz4.a
+ 
+ ALL = print_version \
+ 	  simple_buffer \
+diff --git a/programs/Makefile b/programs/Makefile
+index 643ce14f..d9975b26 100644
+--- a/programs/Makefile
++++ b/programs/Makefile
+@@ -31,8 +31,8 @@
+ SED ?= sed
+ 
+ # Version numbers
+-LIBDIR   := ../lib
+-LIBVER_SRC := $(LIBDIR)/lz4.h
++LZ4DIR   := ../lib
++LIBVER_SRC := $(LZ4DIR)/lz4.h
+ LIBVER_MAJOR_SCRIPT:=`$(SED) -n '/define[[:blank:]][[:blank:]]*LZ4_VERSION_MAJOR/s/.*[[:blank:]]\([0-9][0-9]*\).*/\1/p' < $(LIBVER_SRC)`
+ LIBVER_MINOR_SCRIPT:=`$(SED) -n '/define[[:blank:]][[:blank:]]*LZ4_VERSION_MINOR/s/.*[[:blank:]]\([0-9][0-9]*\).*/\1/p' < $(LIBVER_SRC)`
+ LIBVER_PATCH_SCRIPT:=`$(SED) -n '/define[[:blank:]][[:blank:]]*LZ4_VERSION_RELEASE/s/.*[[:blank:]]\([0-9][0-9]*\).*/\1/p' < $(LIBVER_SRC)`
+@@ -42,7 +42,7 @@ LIBVER_MINOR := $(shell echo $(LIBVER_MINOR_SCRIPT))
+ LIBVER_PATCH := $(shell echo $(LIBVER_PATCH_SCRIPT))
+ LIBVER   := $(shell echo $(LIBVER_SCRIPT))
+ 
+-LIBFILES  = $(wildcard $(LIBDIR)/*.c)
++LIBFILES  = $(wildcard $(LZ4DIR)/*.c)
+ SRCFILES  = $(sort $(LIBFILES) $(wildcard *.c))
+ OBJFILES  = $(SRCFILES:.c=.o)
+ 
+@@ -51,7 +51,7 @@ DEBUGFLAGS= -Wall -Wextra -Wundef -Wcast-qual -Wcast-align -Wshadow \
+             -Wpointer-arith -Wstrict-aliasing=1
+ USERCFLAGS:= -O3 $(CFLAGS) # -O3 can be overruled by user-provided -Ox level
+ CFLAGS    = $(DEBUGFLAGS) $(USERCFLAGS)
+-CPPFLAGS += -I$(LIBDIR) -DXXH_NAMESPACE=LZ4_
++CPPFLAGS += -I$(LZ4DIR) -DXXH_NAMESPACE=LZ4_
+ 
+ include ../Makefile.inc
+ 
+@@ -132,8 +132,8 @@ lz4-nomt: $(SRCFILES)
+ 
+ CLEAN += lz4-wlib
+ lz4-wlib: LIBFILES =
+-lz4-wlib: SRCFILES+= $(LIBDIR)/xxhash.c  # benchmark unit needs XXH64()
+-lz4-wlib: LDFLAGS += -L $(LIBDIR)
++lz4-wlib: SRCFILES+= $(LZ4DIR)/xxhash.c  # benchmark unit needs XXH64()
++lz4-wlib: LDFLAGS += -L $(LZ4DIR)
+ lz4-wlib: LDLIBS   = -llz4
+ lz4-wlib: liblz4 $(OBJFILES)
+ 	@echo WARNING: $@ must link to an extended variant of the dynamic library which also exposes unstable symbols
+@@ -141,7 +141,7 @@ lz4-wlib: liblz4 $(OBJFILES)
+ 
+ .PHONY:liblz4
+ liblz4:
+-	CPPFLAGS="-DLZ4F_PUBLISH_STATIC_FUNCTIONS -DLZ4_PUBLISH_STATIC_FUNCTIONS" $(MAKE) -C $(LIBDIR) liblz4
++	CPPFLAGS="-DLZ4F_PUBLISH_STATIC_FUNCTIONS -DLZ4_PUBLISH_STATIC_FUNCTIONS" $(MAKE) -C $(LZ4DIR) liblz4
+ 
+ CLEAN += lz4c
+ lz4c: lz4
+@@ -179,7 +179,7 @@ clean:
+ ifeq ($(WINBASED),yes)
+ 	$(RM) *.rc
+ endif
+-	$(MAKE) -C $(LIBDIR) $@ > $(VOID)
++	$(MAKE) -C $(LZ4DIR) $@ > $(VOID)
+ 	$(RM) $(CLEAN) *.o tmp* *.test core
+ 	@echo Cleaning completed
+ 
+diff --git a/tests/Makefile b/tests/Makefile
+index 47e2774d..7adfdfcc 100644
+--- a/tests/Makefile
++++ b/tests/Makefile
+@@ -28,7 +28,7 @@
+ # datagen : generates synthetic data samples for tests & benchmarks
+ # ##########################################################################
+ 
+-LIBDIR  := ../lib
++LZ4DIR  := ../lib
+ PRGDIR  := ../programs
+ TESTDIR := versionsTest
+ PYTHON  ?= python3
+@@ -40,7 +40,7 @@ WFLAGS    = -Wall -Wextra -Wundef -Wcast-qual -Wcast-align -Wshadow \
+             -Wswitch-enum -Wdeclaration-after-statement -Wstrict-prototypes \
+             -Wpointer-arith -Wstrict-aliasing=1
+ CFLAGS    = $(WFLAGS) $(DEBUGFLAGS) $(USERCFLAGS)
+-CPPFLAGS += -I$(LIBDIR) -I$(PRGDIR) -DXXH_NAMESPACE=LZ4_
++CPPFLAGS += -I$(LZ4DIR) -I$(PRGDIR) -DXXH_NAMESPACE=LZ4_
+ ALLFLAGS  = $(CFLAGS) $(CPPFLAGS) $(LDFLAGS)
+ 
+ include ../Makefile.inc
+@@ -69,7 +69,7 @@ lz4:
+ 
+ .PHONY: lib liblz4.pc
+ lib liblz4.pc:
+-	$(MAKE) -C $(LIBDIR) $@ CFLAGS="$(CFLAGS)"
++	$(MAKE) -C $(LZ4DIR) $@ CFLAGS="$(CFLAGS)"
+ 
+ lz4c unlz4 lz4cat: lz4
+ 	$(LN_SF) $(LZ4) $(PRGDIR)/$@
+@@ -79,7 +79,7 @@ lz4c32:  # create a 32-bits version for 32/64 interop tests
+ 	$(MAKE) -C $(PRGDIR) $@ CFLAGS="-m32 $(CFLAGS)"
+ 
+ # *.o objects are from library
+-%.o : $(LIBDIR)/%.c $(LIBDIR)/%.h
++%.o : $(LZ4DIR)/%.c $(LZ4DIR)/%.h
+ 	$(CC) -c $(CFLAGS) $(CPPFLAGS) $< -o $@
+ 
+ CLEAN += fullbench
+@@ -88,14 +88,14 @@ fullbench : CPPFLAGS += -DNDEBUG
+ fullbench : lz4.o lz4hc.o lz4frame.o xxhash.o fullbench.c
+ 	$(CC) $(ALLFLAGS) $^ -o $@$(EXT)
+ 
+-.PHONY: $(LIBDIR)/liblz4.a
+-$(LIBDIR)/liblz4.a:
+-	$(MAKE) -C $(LIBDIR) liblz4.a
++.PHONY: $(LZ4DIR)/liblz4.a
++$(LZ4DIR)/liblz4.a:
++	$(MAKE) -C $(LZ4DIR) liblz4.a
+ 
+ CLEAN += fullbench-lib
+ fullbench-lib : DEBUGLEVEL=0
+ fullbench-lib : CPPFLAGS += -DNDEBUG
+-fullbench-lib: fullbench.c $(LIBDIR)/liblz4.a
++fullbench-lib: fullbench.c $(LZ4DIR)/liblz4.a
+ 	$(CC) $(ALLFLAGS) $^ -o $@$(EXT)
+ 
+ # Note: Windows only
+@@ -103,9 +103,9 @@ ifeq ($(WINBASED),yes)
+ CLEAN += fullbench-dll
+ fullbench-dll : DEBUGLEVEL=0
+ fullbench-dll : CPPFLAGS += -DNDEBUG
+-fullbench-dll: fullbench.c $(LIBDIR)/xxhash.c
+-	$(MAKE) -C $(LIBDIR) liblz4
+-	$(CC) $(ALLFLAGS) $^ -o $@$(EXT) -DLZ4_DLL_IMPORT=1 $(LIBDIR)/dll/$(LIBLZ4).dll
++fullbench-dll: fullbench.c $(LZ4DIR)/xxhash.c
++	$(MAKE) -C $(LZ4DIR) liblz4
++	$(CC) $(ALLFLAGS) $^ -o $@$(EXT) -DLZ4_DLL_IMPORT=1 $(LZ4DIR)/dll/$(LIBLZ4).dll
+ endif
+ 
+ # test LZ4_USER_MEMORY_FUNCTIONS
+@@ -143,7 +143,7 @@ decompress-partial-usingDict: lz4.o decompress-partial-usingDict.c
+ 
+ .PHONY: clean
+ clean:
+-	@$(MAKE) -C $(LIBDIR) $@ > $(VOID)
++	@$(MAKE) -C $(LZ4DIR) $@ > $(VOID)
+ 	@$(MAKE) -C $(PRGDIR) $@ > $(VOID)
+ 	@$(RM) $(CLEAN) core *.o *.test tmp*
+ 	@$(RM) -r $(TESTDIR)
+@@ -166,7 +166,7 @@ abiTests:
+ 	$(PYTHON) test-lz4-abi.py
+ 
+ CLEAN += checkTag
+-checkTag: checkTag.c $(LIBDIR)/lz4.h
++checkTag: checkTag.c $(LZ4DIR)/lz4.h
+ 	$(CC) $(ALLFLAGS) $< -o $@$(EXT)
+ 
+ #-----------------------------------------------------------------------------
+@@ -204,7 +204,7 @@ test32: test
+ test-amalgamation: lz4_all.o
+ 
+ CLEAN += lz4_all.c
+-lz4_all.c: $(LIBDIR)/lz4.c $(LIBDIR)/lz4hc.c $(LIBDIR)/lz4frame.c
++lz4_all.c: $(LZ4DIR)/lz4.c $(LZ4DIR)/lz4hc.c $(LZ4DIR)/lz4frame.c
+ 	$(CAT) $^ > $@
+ 
+ test-install: lz4 lib liblz4.pc
+-- 
+2.17.1
+
diff --git a/meta/recipes-support/lz4/lz4_1.9.4.bb b/meta/recipes-support/lz4/lz4_1.10.0.bb
similarity index 59%
rename from meta/recipes-support/lz4/lz4_1.9.4.bb
rename to meta/recipes-support/lz4/lz4_1.10.0.bb
index 51a854d44a..778a5b6e72 100644
--- a/meta/recipes-support/lz4/lz4_1.9.4.bb
+++ b/meta/recipes-support/lz4/lz4_1.10.0.bb
@@ -2,45 +2,43 @@  SUMMARY = "Extremely Fast Compression algorithm"
 DESCRIPTION = "LZ4 is a very fast lossless compression algorithm, providing compression speed at 400 MB/s per core, scalable with multi-cores CPU. It also features an extremely fast decoder, with speed in multiple GB/s per core, typically reaching RAM speed limits on multi-core systems."
 HOMEPAGE = "https://github.com/lz4/lz4"
 
-LICENSE = "BSD-2-Clause | GPL-2.0-only"
+LICENSE = "BSD-2-Clause | GPL-2.0-or-later"
 LIC_FILES_CHKSUM = "file://lib/LICENSE;md5=5cd5f851b52ec832b10eedb3f01f885a \
-                    file://programs/COPYING;md5=b234ee4d69f5fce4486a80fdaf4a4263 \
-                    file://LICENSE;md5=c5cc3cd6f9274b4d32988096df9c3ec3 \
+                    file://programs/COPYING;md5=492daf447d6db0e5eb344a7922e7ec25 \
+                    file://LICENSE;md5=c111c47e301c2ffe8776729b40b44477 \
                     "
 
 PE = "1"
 
-SRCREV = "5ff839680134437dbf4678f3d0c7b371d84f4964"
+SRCREV = "ebb370ca83af193212df4dcbadcc5d87bc0de2f0"
 
 SRC_URI = "git://github.com/lz4/lz4.git;branch=release;protocol=https \
-	   file://run-ptest \
-	   "
+           file://0001-Fix-Makefile-variable-name-overlap.patch \
+           file://run-ptest \
+           "
 UPSTREAM_CHECK_GITTAGREGEX = "v(?P<pver>.*)"
 
 S = "${WORKDIR}/git"
 
 inherit ptest
 
-CVE_STATUS[CVE-2014-4715] = "fixed-version: Fixed in r118, which is larger than the current version."
-
 EXTRA_OEMAKE = "PREFIX=${prefix} CC='${CC}' CFLAGS='${CFLAGS}' DESTDIR=${D} LIBDIR=${libdir} INCLUDEDIR=${includedir} BUILD_STATIC=no"
 
 do_install() {
-	oe_runmake install
+        oe_runmake install
 }
 
 BBCLASSEXTEND = "native nativesdk"
 
-RDEPENDS:${PN}-ptest += "bash"
+RDEPENDS_${PN}-ptest += "bash"
 
 do_compile_ptest() {
         oe_runmake -C ${B}/tests/
 }
 
 do_install_ptest() {
-	install -d ${D}${PTEST_PATH}/tests/
-	install --mode=755 ${B}/tests/frametest ${D}${PTEST_PATH}/tests/
-	sed -i "s#@PTEST_PATH@#${PTEST_PATH}#g" ${D}${PTEST_PATH}/run-ptest
-
+        install -d ${D}${PTEST_PATH}/tests/
+        install --mode=755 ${B}/tests/frametest ${D}${PTEST_PATH}/tests/
+        sed -i "s#@PTEST_PATH@#${PTEST_PATH}#g" ${D}${PTEST_PATH}/run-ptest
 }