Message ID | 20241004215451.1198861-2-dario.binacchi@amarulasolutions.com |
---|---|
State | New |
Headers | show |
Series |
|
Related | show |
Hello Dario, On Fri, 4 Oct 2024 23:54:45 +0200 Dario Binacchi <dario.binacchi@amarulasolutions.com> wrote: > I asked Colin Percival, the creator of bsdiff, about the failure to We try to avoid first person singular sentences in commit logs. Either we use "we", or we turn the sentences around. > download bsdiff-4.3.tar.gz from https://www.daemonology.net/bsdiff, > and he kindly replied that he intentionally disabled the package > download because "that code has some security bugs and I didn't have > time to roll a new tarball with them fixed. Grab the bsdiff code from > FreeBSD or Chromium, I'm pretty sure they have all the fixes." > > I chose the Chromium version because the FreeBSD one was less suitable > for integration into Buildroot, given that there is no git repository > for the project itself, but rather for all FreeBSD sources (4.7 GB). https://chromium.googlesource.com/chromiumos/third_party/bsdiff shows: (MOVED) https://android.googlesource.com/platform/external/bsdiff/ fork of bsdiff; http://www.daemonology.net/bsdiff/ Does that mean we should use https://android.googlesource.com/platform/external/bsdiff/ instead? That being said, even the repo at https://chromium.googlesource.com/chromiumos/third_party/bsdiff had its last commit 10 years ago, so this really looks like unmaintained software. Shouldn't we instead just remove it from Buildroot? Thomas
Hello Thomas, On Thu, Oct 24, 2024 at 10:31 PM Thomas Petazzoni <thomas.petazzoni@bootlin.com> wrote: > > Hello Dario, > > On Fri, 4 Oct 2024 23:54:45 +0200 > Dario Binacchi <dario.binacchi@amarulasolutions.com> wrote: > > > I asked Colin Percival, the creator of bsdiff, about the failure to > > We try to avoid first person singular sentences in commit logs. Either > we use "we", or we turn the sentences around. > > > download bsdiff-4.3.tar.gz from https://www.daemonology.net/bsdiff, > > and he kindly replied that he intentionally disabled the package > > download because "that code has some security bugs and I didn't have > > time to roll a new tarball with them fixed. Grab the bsdiff code from > > FreeBSD or Chromium, I'm pretty sure they have all the fixes." > > > > I chose the Chromium version because the FreeBSD one was less suitable > > for integration into Buildroot, given that there is no git repository > > for the project itself, but rather for all FreeBSD sources (4.7 GB). > > https://chromium.googlesource.com/chromiumos/third_party/bsdiff shows: > > (MOVED) https://android.googlesource.com/platform/external/bsdiff/ fork of bsdiff; http://www.daemonology.net/bsdiff/ > > Does that mean we should use > https://android.googlesource.com/platform/external/bsdiff/ instead? > > That being said, even the repo at > https://chromium.googlesource.com/chromiumos/third_party/bsdiff had its > last commit 10 years ago, so this really looks like unmaintained > software. The FreeBSD version (i.e., https://github.com/freebsd/freebsd-src.git) has more recent commits for bsdiff and bspatch, but it’s a container repository for many other projects (4.7GB) and not specific to bsdiff. I do not know if it’s possible to extract just that project. Any ideas? Otherwise, would it be better to remove the package from buildroot? Thanks and regards, Dario > > Shouldn't we instead just remove it from Buildroot? > > Thomas > -- > Thomas Petazzoni, co-owner and CEO, Bootlin > Embedded Linux and Kernel engineering and training > https://bootlin.com -- Dario Binacchi Senior Embedded Linux Developer dario.binacchi@amarulasolutions.com
On Wed, 30 Oct 2024 10:06:42 +0100
Dario Binacchi <dario.binacchi@amarulasolutions.com> wrote:
> Otherwise, would it be better to remove the package from buildroot?
Yes, that was the feedback also from Arnout yesterday: let's remove
bsdiff entirely. It has no upstream, it's no longer maintained, so
let's drop it.
Thanks!
Thomas
diff --git a/.checkpackageignore b/.checkpackageignore index 0cc742bf0960..98b38a386f01 100644 --- a/.checkpackageignore +++ b/.checkpackageignore @@ -343,7 +343,6 @@ package/brickd/S70brickd Shellcheck lib_sysv.Indent lib_sysv.Variables package/bridge-utils/0001-fix-build-on-musl.patch lib_patch.Upstream package/brltty/0001-Fix-linking-error-on-mips64el.patch lib_patch.Upstream package/brltty/S10brltty Shellcheck lib_sysv.Indent lib_sysv.Variables -package/bsdiff/0001-Add-missing-header-for-u_char.patch lib_patch.Upstream package/bustle/0001-Makefile-fix-pcap-config-call.patch lib_patch.Upstream package/busybox/0001-networking-libiproute-use-linux-if_packet.h-instead-.patch lib_patch.Upstream package/busybox/0002-Makefile.flags-strip-non-l-arguments-returned-by-pkg.patch lib_patch.Upstream diff --git a/package/bsdiff/0001-Add-missing-header-for-u_char.patch b/package/bsdiff/0001-Add-missing-header-for-u_char.patch deleted file mode 100644 index 56affb4102ce..000000000000 --- a/package/bsdiff/0001-Add-missing-header-for-u_char.patch +++ /dev/null @@ -1,17 +0,0 @@ -bspatch: Fix missing header <sys/types.h> for u_char - -Fixes http://autobuild.buildroot.net/results/31a/31a837cf6e34b02dce498f2b12e40d6d16a5a8e6/ - -Signed-off-by: Jörg Krause <joerg.krause@embedded.rocks> - -diff -purN bsdiff-4.3.orig/bspatch.c bsdiff-4.3/bspatch.c ---- bsdiff-4.3.orig/bspatch.c 2015-04-30 13:47:26.485903359 +0200 -+++ bsdiff-4.3/bspatch.c 2015-04-30 13:48:14.808908672 +0200 -@@ -35,6 +35,7 @@ __FBSDID("$FreeBSD: src/usr.bin/bsdiff/b - #include <err.h> - #include <unistd.h> - #include <fcntl.h> -+#include <sys/types.h> - - static off_t offtin(u_char *buf) - { diff --git a/package/bsdiff/Config.in b/package/bsdiff/Config.in index 11fd8b9d3523..25295f06e70d 100644 --- a/package/bsdiff/Config.in +++ b/package/bsdiff/Config.in @@ -1,8 +1,10 @@ config BR2_PACKAGE_BSDIFF bool "bsdiff" + depends on BR2_TOOLCHAIN_GCC_AT_LEAST_4_9 # C++11 select BR2_PACKAGE_BZIP2 + select BR2_PACKAGE_LIBDIVSUFSORT help Binary patch/diff like xdelta but creates smaller diffs. Needs bzip2 support. - http://www.daemonology.net/bsdiff/ + https://android.googlesource.com/platform/external/bsdiff/ diff --git a/package/bsdiff/bsdiff.hash b/package/bsdiff/bsdiff.hash index 102086b9fc04..e16d32023e1c 100644 --- a/package/bsdiff/bsdiff.hash +++ b/package/bsdiff/bsdiff.hash @@ -1,4 +1,3 @@ -# From http://www.daemonology.net/bsdiff/: -md5 e6d812394f0e0ecc8d5df255aa1db22a bsdiff-4.3.tar.gz -# locally computed -sha256 fc0a6e634ef77dcf14bf36c7b6d1e57ba1ac5c4809073dfaacb3b5f7ab277eb7 bsdiff.c +# Locally calculated +sha256 6f84d3b2f0b758a97e79f6294ed84da4cd5c1a2ab0f7cb3d5ed80fc234e09c32 bsdiff-8c17bdc0d759c8e6da90c5f72b052ba2605a0a3a-git4.tar.gz +sha256 82d5f69a01bd5b3962ddf42f9346aee41ab80bf4cb67ed8a1ede966e8b080c54 README.chromium diff --git a/package/bsdiff/bsdiff.mk b/package/bsdiff/bsdiff.mk index 97a1b3921df4..e9ee9fa1b9f2 100644 --- a/package/bsdiff/bsdiff.mk +++ b/package/bsdiff/bsdiff.mk @@ -4,23 +4,21 @@ # ################################################################################ -BSDIFF_VERSION = 4.3 -BSDIFF_SITE = http://www.daemonology.net/bsdiff -BSDIFF_DEPENDENCIES = bzip2 +BSDIFF_VERSION = 8c17bdc0d759c8e6da90c5f72b052ba2605a0a3a +BSDIFF_SITE = https://chromium.googlesource.com/chromiumos/third_party/bsdiff +BSDIFF_SITE_METHOD = git +BSDIFF_DEPENDENCIES = bzip2 libdivsufsort BSDIFF_LICENSE = BSD-2-Clause -BSDIFF_LICENSE_FILES = bsdiff.c +BSDIFF_LICENSE_FILES = README.chromium BSDIFF_CPE_ID_VENDOR = daemonology define BSDIFF_BUILD_CMDS - $(TARGET_MAKE_ENV) $(TARGET_CC) $(TARGET_CFLAGS) $(TARGET_LDFLAGS) \ - $(@D)/bsdiff.c -lbz2 -o $(@D)/bsdiff - $(TARGET_MAKE_ENV) $(TARGET_CC) $(TARGET_CFLAGS) $(TARGET_LDFLAGS) \ - $(@D)/bspatch.c -lbz2 -o $(@D)/bspatch + $(TARGET_MAKE_ENV) $(MAKE) -C $(@D) $(TARGET_CONFIGURE_OPTS) endef define BSDIFF_INSTALL_TARGET_CMDS - $(INSTALL) -D -m 755 $(@D)/bsdiff $(TARGET_DIR)/usr/bin/bsdiff - $(INSTALL) -D -m 755 $(@D)/bspatch $(TARGET_DIR)/usr/bin/bspatch + $(TARGET_MAKE_ENV) $(MAKE) -C $(@D) $(TARGET_CONFIGURE_OPTS) \ + DESTDIR=$(TARGET_DIR) install endef $(eval $(generic-package))
I asked Colin Percival, the creator of bsdiff, about the failure to download bsdiff-4.3.tar.gz from https://www.daemonology.net/bsdiff, and he kindly replied that he intentionally disabled the package download because "that code has some security bugs and I didn't have time to roll a new tarball with them fixed. Grab the bsdiff code from FreeBSD or Chromium, I'm pretty sure they have all the fixes." I chose the Chromium version because the FreeBSD one was less suitable for integration into Buildroot, given that there is no git repository for the project itself, but rather for all FreeBSD sources (4.7 GB). C++11 is now mandatory. Fixes: - http://autobuild.buildroot.org/results/21bb827d3dbf553c79f49d7c184099c75df3d45d Cc: Colin Percival <cperciva@freebsd.org> Signed-off-by: Dario Binacchi <dario.binacchi@amarulasolutions.com> --- .checkpackageignore | 1 - .../0001-Add-missing-header-for-u_char.patch | 17 ----------------- package/bsdiff/Config.in | 4 +++- package/bsdiff/bsdiff.hash | 7 +++---- package/bsdiff/bsdiff.mk | 18 ++++++++---------- 5 files changed, 14 insertions(+), 33 deletions(-) delete mode 100644 package/bsdiff/0001-Add-missing-header-for-u_char.patch