[2/3] package/bsdiff: switch upstream
diff mbox series

Message ID 20241004215451.1198861-2-dario.binacchi@amarulasolutions.com
State New
Headers show
Series
  • [1/3] package/libdivsufsort: new package
Related show

Commit Message

Dario Binacchi Oct. 4, 2024, 9:54 p.m. UTC 
I asked Colin Percival, the creator of bsdiff, about the failure to
download bsdiff-4.3.tar.gz from  https://www.daemonology.net/bsdiff,
and he kindly replied that he intentionally disabled the package
download because "that code has some security bugs and I didn't have
time to roll a new tarball with them fixed. Grab the bsdiff code from
FreeBSD or Chromium, I'm pretty sure they have all the fixes."

I chose the Chromium version because the FreeBSD one was less suitable
for integration into Buildroot, given that there is no git repository
for the project itself, but rather for all FreeBSD sources (4.7 GB).

C++11 is now mandatory.

Fixes:
- http://autobuild.buildroot.org/results/21bb827d3dbf553c79f49d7c184099c75df3d45d

Cc: Colin Percival <cperciva@freebsd.org>
Signed-off-by: Dario Binacchi <dario.binacchi@amarulasolutions.com>
---
 .checkpackageignore                            |  1 -
 .../0001-Add-missing-header-for-u_char.patch   | 17 -----------------
 package/bsdiff/Config.in                       |  4 +++-
 package/bsdiff/bsdiff.hash                     |  7 +++----
 package/bsdiff/bsdiff.mk                       | 18 ++++++++----------
 5 files changed, 14 insertions(+), 33 deletions(-)
 delete mode 100644 package/bsdiff/0001-Add-missing-header-for-u_char.patch

Comments

'Krzysztof Kozlowski' via Amarula Linux Oct. 24, 2024, 8:31 p.m. UTC | #1 
Hello Dario,

On Fri,  4 Oct 2024 23:54:45 +0200
Dario Binacchi <dario.binacchi@amarulasolutions.com> wrote:

> I asked Colin Percival, the creator of bsdiff, about the failure to

We try to avoid first person singular sentences in commit logs. Either
we use "we", or we turn the sentences around.

> download bsdiff-4.3.tar.gz from  https://www.daemonology.net/bsdiff,
> and he kindly replied that he intentionally disabled the package
> download because "that code has some security bugs and I didn't have
> time to roll a new tarball with them fixed. Grab the bsdiff code from
> FreeBSD or Chromium, I'm pretty sure they have all the fixes."
> 
> I chose the Chromium version because the FreeBSD one was less suitable
> for integration into Buildroot, given that there is no git repository
> for the project itself, but rather for all FreeBSD sources (4.7 GB).

https://chromium.googlesource.com/chromiumos/third_party/bsdiff shows:

  (MOVED) https://android.googlesource.com/platform/external/bsdiff/ fork of bsdiff; http://www.daemonology.net/bsdiff/

Does that mean we should use
https://android.googlesource.com/platform/external/bsdiff/ instead?

That being said, even the repo at
https://chromium.googlesource.com/chromiumos/third_party/bsdiff had its
last commit 10 years ago, so this really looks like unmaintained
software.

Shouldn't we instead just remove it from Buildroot?

Thomas
Dario Binacchi Oct. 30, 2024, 9:06 a.m. UTC | #2 
Hello Thomas,

On Thu, Oct 24, 2024 at 10:31 PM Thomas Petazzoni
<thomas.petazzoni@bootlin.com> wrote:
>
> Hello Dario,
>
> On Fri,  4 Oct 2024 23:54:45 +0200
> Dario Binacchi <dario.binacchi@amarulasolutions.com> wrote:
>
> > I asked Colin Percival, the creator of bsdiff, about the failure to
>
> We try to avoid first person singular sentences in commit logs. Either
> we use "we", or we turn the sentences around.
>
> > download bsdiff-4.3.tar.gz from  https://www.daemonology.net/bsdiff,
> > and he kindly replied that he intentionally disabled the package
> > download because "that code has some security bugs and I didn't have
> > time to roll a new tarball with them fixed. Grab the bsdiff code from
> > FreeBSD or Chromium, I'm pretty sure they have all the fixes."
> >
> > I chose the Chromium version because the FreeBSD one was less suitable
> > for integration into Buildroot, given that there is no git repository
> > for the project itself, but rather for all FreeBSD sources (4.7 GB).
>
> https://chromium.googlesource.com/chromiumos/third_party/bsdiff shows:
>
>   (MOVED) https://android.googlesource.com/platform/external/bsdiff/ fork of bsdiff; http://www.daemonology.net/bsdiff/
>
> Does that mean we should use
> https://android.googlesource.com/platform/external/bsdiff/ instead?
>
> That being said, even the repo at
> https://chromium.googlesource.com/chromiumos/third_party/bsdiff had its
> last commit 10 years ago, so this really looks like unmaintained
> software.

The FreeBSD version (i.e., https://github.com/freebsd/freebsd-src.git)
has more recent
commits for bsdiff and bspatch, but it’s a container repository for
many other projects (4.7GB)
and not specific to bsdiff. I do not know if it’s possible to extract
just that project. Any ideas?
Otherwise, would it be better to remove the package from buildroot?

Thanks and regards,
Dario

>
> Shouldn't we instead just remove it from Buildroot?


>
> Thomas
> --
> Thomas Petazzoni, co-owner and CEO, Bootlin
> Embedded Linux and Kernel engineering and training
> https://bootlin.com



--

Dario Binacchi

Senior Embedded Linux Developer

dario.binacchi@amarulasolutions.com
'Krzysztof Kozlowski' via Amarula Linux Oct. 30, 2024, 9:14 a.m. UTC | #3 
On Wed, 30 Oct 2024 10:06:42 +0100
Dario Binacchi <dario.binacchi@amarulasolutions.com> wrote:

> Otherwise, would it be better to remove the package from buildroot?

Yes, that was the feedback also from Arnout yesterday: let's remove
bsdiff entirely. It has no upstream, it's no longer maintained, so
let's drop it.

Thanks!

Thomas

Patch
diff mbox series 

diff --git a/.checkpackageignore b/.checkpackageignore
index 0cc742bf0960..98b38a386f01 100644
--- a/.checkpackageignore
+++ b/.checkpackageignore
@@ -343,7 +343,6 @@  package/brickd/S70brickd Shellcheck lib_sysv.Indent lib_sysv.Variables
 package/bridge-utils/0001-fix-build-on-musl.patch lib_patch.Upstream
 package/brltty/0001-Fix-linking-error-on-mips64el.patch lib_patch.Upstream
 package/brltty/S10brltty Shellcheck lib_sysv.Indent lib_sysv.Variables
-package/bsdiff/0001-Add-missing-header-for-u_char.patch lib_patch.Upstream
 package/bustle/0001-Makefile-fix-pcap-config-call.patch lib_patch.Upstream
 package/busybox/0001-networking-libiproute-use-linux-if_packet.h-instead-.patch lib_patch.Upstream
 package/busybox/0002-Makefile.flags-strip-non-l-arguments-returned-by-pkg.patch lib_patch.Upstream
diff --git a/package/bsdiff/0001-Add-missing-header-for-u_char.patch b/package/bsdiff/0001-Add-missing-header-for-u_char.patch
deleted file mode 100644
index 56affb4102ce..000000000000
--- a/package/bsdiff/0001-Add-missing-header-for-u_char.patch
+++ /dev/null
@@ -1,17 +0,0 @@ 
-bspatch: Fix missing header <sys/types.h> for u_char
-
-Fixes http://autobuild.buildroot.net/results/31a/31a837cf6e34b02dce498f2b12e40d6d16a5a8e6/
-
-Signed-off-by: Jörg Krause <joerg.krause@embedded.rocks>
-
-diff -purN bsdiff-4.3.orig/bspatch.c bsdiff-4.3/bspatch.c
---- bsdiff-4.3.orig/bspatch.c	2015-04-30 13:47:26.485903359 +0200
-+++ bsdiff-4.3/bspatch.c	2015-04-30 13:48:14.808908672 +0200
-@@ -35,6 +35,7 @@ __FBSDID("$FreeBSD: src/usr.bin/bsdiff/b
- #include <err.h>
- #include <unistd.h>
- #include <fcntl.h>
-+#include <sys/types.h>
-
- static off_t offtin(u_char *buf)
- {
diff --git a/package/bsdiff/Config.in b/package/bsdiff/Config.in
index 11fd8b9d3523..25295f06e70d 100644
--- a/package/bsdiff/Config.in
+++ b/package/bsdiff/Config.in
@@ -1,8 +1,10 @@ 
 config BR2_PACKAGE_BSDIFF
 	bool "bsdiff"
+	depends on BR2_TOOLCHAIN_GCC_AT_LEAST_4_9 # C++11
 	select BR2_PACKAGE_BZIP2
+	select BR2_PACKAGE_LIBDIVSUFSORT
 	help
 	  Binary patch/diff like xdelta but creates smaller diffs.
 	  Needs bzip2 support.
 
-	  http://www.daemonology.net/bsdiff/
+	  https://android.googlesource.com/platform/external/bsdiff/
diff --git a/package/bsdiff/bsdiff.hash b/package/bsdiff/bsdiff.hash
index 102086b9fc04..e16d32023e1c 100644
--- a/package/bsdiff/bsdiff.hash
+++ b/package/bsdiff/bsdiff.hash
@@ -1,4 +1,3 @@ 
-# From http://www.daemonology.net/bsdiff/:
-md5  e6d812394f0e0ecc8d5df255aa1db22a  bsdiff-4.3.tar.gz
-# locally computed
-sha256  fc0a6e634ef77dcf14bf36c7b6d1e57ba1ac5c4809073dfaacb3b5f7ab277eb7  bsdiff.c
+# Locally calculated
+sha256  6f84d3b2f0b758a97e79f6294ed84da4cd5c1a2ab0f7cb3d5ed80fc234e09c32  bsdiff-8c17bdc0d759c8e6da90c5f72b052ba2605a0a3a-git4.tar.gz
+sha256  82d5f69a01bd5b3962ddf42f9346aee41ab80bf4cb67ed8a1ede966e8b080c54  README.chromium
diff --git a/package/bsdiff/bsdiff.mk b/package/bsdiff/bsdiff.mk
index 97a1b3921df4..e9ee9fa1b9f2 100644
--- a/package/bsdiff/bsdiff.mk
+++ b/package/bsdiff/bsdiff.mk
@@ -4,23 +4,21 @@ 
 #
 ################################################################################
 
-BSDIFF_VERSION = 4.3
-BSDIFF_SITE = http://www.daemonology.net/bsdiff
-BSDIFF_DEPENDENCIES = bzip2
+BSDIFF_VERSION = 8c17bdc0d759c8e6da90c5f72b052ba2605a0a3a
+BSDIFF_SITE = https://chromium.googlesource.com/chromiumos/third_party/bsdiff
+BSDIFF_SITE_METHOD = git
+BSDIFF_DEPENDENCIES = bzip2 libdivsufsort
 BSDIFF_LICENSE = BSD-2-Clause
-BSDIFF_LICENSE_FILES = bsdiff.c
+BSDIFF_LICENSE_FILES = README.chromium
 BSDIFF_CPE_ID_VENDOR = daemonology
 
 define BSDIFF_BUILD_CMDS
-	$(TARGET_MAKE_ENV) $(TARGET_CC) $(TARGET_CFLAGS) $(TARGET_LDFLAGS) \
-		$(@D)/bsdiff.c -lbz2 -o $(@D)/bsdiff
-	$(TARGET_MAKE_ENV) $(TARGET_CC) $(TARGET_CFLAGS) $(TARGET_LDFLAGS) \
-		$(@D)/bspatch.c -lbz2 -o $(@D)/bspatch
+	$(TARGET_MAKE_ENV)  $(MAKE) -C $(@D) $(TARGET_CONFIGURE_OPTS)
 endef
 
 define BSDIFF_INSTALL_TARGET_CMDS
-	$(INSTALL) -D -m 755 $(@D)/bsdiff $(TARGET_DIR)/usr/bin/bsdiff
-	$(INSTALL) -D -m 755 $(@D)/bspatch $(TARGET_DIR)/usr/bin/bspatch
+	$(TARGET_MAKE_ENV) $(MAKE) -C $(@D) $(TARGET_CONFIGURE_OPTS) \
+		DESTDIR=$(TARGET_DIR) install
 endef
 
 $(eval $(generic-package))