From a705929a28eb419afe9c2859cce566f7f8a3612e Mon Sep 17 00:00:00 2001 From: Evseniia Komarova Date: Mon, 23 Oct 2023 14:39:28 +0200 Subject: [PATCH 1/6] upd zlib to 1.3 --- recipe/meta.yaml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/recipe/meta.yaml b/recipe/meta.yaml index 8613162..225807e 100644 --- a/recipe/meta.yaml +++ b/recipe/meta.yaml @@ -1,5 +1,5 @@ -{% set version = "1.2.13" %} -{% set build_num = 5 %} +{% set version = "1.3" %} +{% set build_num = 0 %} package: name: zlib-split @@ -9,7 +9,7 @@ source: url: - http://zlib.net/zlib-{{ version }}.tar.gz - https://gnupg.org/ftp/gcrypt/zlib/zlib-{{ version }}.tar.gz - sha256: b3a24de97a8fdbc835b9833169501030b8977031bcb54b3b3ac13740f846ab30 + sha256: ff0ba4c292013dbc27530b3a81e1f9a813cd39de01ca5e0f8bf355702efa593e build: number: {{ build_num }} From 58553e327fa3339b361a7ef6b19b150bd6dff745 Mon Sep 17 00:00:00 2001 From: "conda-forge-webservices[bot]" <91080706+conda-forge-webservices[bot]@users.noreply.github.com> Date: Mon, 23 Oct 2023 12:42:13 +0000 Subject: [PATCH 2/6] MNT: Re-rendered with conda-build 3.27.0, conda-smithy 3.27.1, and conda-forge-pinning 2023.10.23.08.51.53 --- .azure-pipelines/azure-pipelines-linux.yml | 5 - .azure-pipelines/azure-pipelines-win.yml | 56 ++-------- .ci_support/osx_64_.yaml | 2 +- .ci_support/osx_arm64_.yaml | 2 +- .scripts/build_steps.sh | 9 +- .scripts/logging_utils.sh | 4 +- .scripts/run_osx_build.sh | 8 +- .scripts/run_win_build.bat | 115 +++++++++++++++++++++ 8 files changed, 135 insertions(+), 66 deletions(-) create mode 100755 .scripts/run_win_build.bat diff --git a/.azure-pipelines/azure-pipelines-linux.yml b/.azure-pipelines/azure-pipelines-linux.yml index 442ec2a..2757787 100755 --- a/.azure-pipelines/azure-pipelines-linux.yml +++ b/.azure-pipelines/azure-pipelines-linux.yml @@ -19,11 +19,6 @@ jobs: timeoutInMinutes: 360 steps: - - script: | - rm -rf /opt/ghc - df -h - displayName: Manage disk space - # configure qemu binfmt-misc running. This allows us to run docker containers # embedded qemu-static - script: | diff --git a/.azure-pipelines/azure-pipelines-win.yml b/.azure-pipelines/azure-pipelines-win.yml index 2b1f4b5..9cd6ff2 100755 --- a/.azure-pipelines/azure-pipelines-win.yml +++ b/.azure-pipelines/azure-pipelines-win.yml @@ -20,6 +20,7 @@ jobs: UPLOAD_TEMP: D:\\tmp steps: + - task: PythonScript@0 displayName: 'Download Miniforge' inputs: @@ -38,55 +39,14 @@ jobs: displayName: Add conda to PATH - script: | - call activate base - mamba.exe install "python=3.10" conda-build conda pip boa conda-forge-ci-setup=3 -c conda-forge --strict-channel-priority --yes - displayName: Install conda-build - - - script: set PYTHONUNBUFFERED=1 - displayName: Set PYTHONUNBUFFERED - - # Configure the VM - - script: | - call activate base - setup_conda_rc .\ ".\recipe" .\.ci_support\%CONFIG%.yaml - displayName: conda-forge CI setup - - # Configure the VM. - - script: | - set "CI=azure" - call activate base - run_conda_forge_build_setup - displayName: conda-forge build setup - - - script: | - call activate base - if EXIST LICENSE.txt ( - copy LICENSE.txt "recipe\\recipe-scripts-license.txt" - ) - if NOT [%HOST_PLATFORM%] == [%BUILD_PLATFORM%] ( - set "EXTRA_CB_OPTIONS=%EXTRA_CB_OPTIONS% --no-test" - ) - conda.exe mambabuild "recipe" -m .ci_support\%CONFIG%.yaml --suppress-variables %EXTRA_CB_OPTIONS% - displayName: Build recipe + call ".scripts\run_win_build.bat" + displayName: Run Windows build env: PYTHONUNBUFFERED: 1 - - script: | - set "FEEDSTOCK_NAME=%BUILD_REPOSITORY_NAME:*/=%" - call activate base - validate_recipe_outputs "%FEEDSTOCK_NAME%" - displayName: Validate Recipe Outputs - - - script: | - set "GIT_BRANCH=%BUILD_SOURCEBRANCHNAME%" - set "FEEDSTOCK_NAME=%BUILD_REPOSITORY_NAME:*/=%" - set "TEMP=$(UPLOAD_TEMP)" - if not exist "%TEMP%\" md "%TEMP%" - set "TMP=%TEMP%" - call activate base - upload_package --validate --feedstock-name="%FEEDSTOCK_NAME%" .\ ".\recipe" .ci_support\%CONFIG%.yaml - displayName: Upload package - env: + CONFIG: $(CONFIG) + CI: azure + UPLOAD_PACKAGES: $(UPLOAD_PACKAGES) + UPLOAD_TEMP: $(UPLOAD_TEMP) BINSTAR_TOKEN: $(BINSTAR_TOKEN) FEEDSTOCK_TOKEN: $(FEEDSTOCK_TOKEN) - STAGING_BINSTAR_TOKEN: $(STAGING_BINSTAR_TOKEN) - condition: and(succeeded(), not(eq(variables['UPLOAD_PACKAGES'], 'False')), not(eq(variables['Build.Reason'], 'PullRequest'))) \ No newline at end of file + STAGING_BINSTAR_TOKEN: $(STAGING_BINSTAR_TOKEN) \ No newline at end of file diff --git a/.ci_support/osx_64_.yaml b/.ci_support/osx_64_.yaml index 454a863..d2e7321 100644 --- a/.ci_support/osx_64_.yaml +++ b/.ci_support/osx_64_.yaml @@ -3,7 +3,7 @@ MACOSX_DEPLOYMENT_TARGET: c_compiler: - clang_bootstrap c_compiler_version: -- '15' +- '16' channel_sources: - conda-forge channel_targets: diff --git a/.ci_support/osx_arm64_.yaml b/.ci_support/osx_arm64_.yaml index c0b7689..afa0fbe 100644 --- a/.ci_support/osx_arm64_.yaml +++ b/.ci_support/osx_arm64_.yaml @@ -3,7 +3,7 @@ MACOSX_DEPLOYMENT_TARGET: c_compiler: - clang_bootstrap c_compiler_version: -- '15' +- '16' channel_sources: - conda-forge channel_targets: diff --git a/.scripts/build_steps.sh b/.scripts/build_steps.sh index a6b09f6..bd9e671 100755 --- a/.scripts/build_steps.sh +++ b/.scripts/build_steps.sh @@ -31,11 +31,10 @@ pkgs_dirs: CONDARC - -mamba install --update-specs --yes --quiet --channel conda-forge \ - conda-build pip boa conda-forge-ci-setup=3 -mamba update --update-specs --yes --quiet --channel conda-forge \ - conda-build pip boa conda-forge-ci-setup=3 +mamba install --update-specs --yes --quiet --channel conda-forge --strict-channel-priority \ + pip mamba conda-build boa conda-forge-ci-setup=3 +mamba update --update-specs --yes --quiet --channel conda-forge --strict-channel-priority \ + pip mamba conda-build boa conda-forge-ci-setup=3 # set up the condarc setup_conda_rc "${FEEDSTOCK_ROOT}" "${RECIPE_ROOT}" "${CONFIG_FILE}" diff --git a/.scripts/logging_utils.sh b/.scripts/logging_utils.sh index 57bc95c..aff009f 100644 --- a/.scripts/logging_utils.sh +++ b/.scripts/logging_utils.sh @@ -12,7 +12,7 @@ function startgroup { echo "##[group]$1";; travis ) echo "$1" - echo -en 'travis_fold:start:'"${1// /}"'\\r';; + echo -en 'travis_fold:start:'"${1// /}"'\r';; github_actions ) echo "::group::$1";; * ) @@ -28,7 +28,7 @@ function endgroup { azure ) echo "##[endgroup]";; travis ) - echo -en 'travis_fold:end:'"${1// /}"'\\r';; + echo -en 'travis_fold:end:'"${1// /}"'\r';; github_actions ) echo "::endgroup::";; esac diff --git a/.scripts/run_osx_build.sh b/.scripts/run_osx_build.sh index 3969edf..870c49a 100755 --- a/.scripts/run_osx_build.sh +++ b/.scripts/run_osx_build.sh @@ -23,10 +23,10 @@ bash $MINIFORGE_FILE -b -p ${MINIFORGE_HOME} source ${MINIFORGE_HOME}/etc/profile.d/conda.sh conda activate base -mamba install --update-specs --quiet --yes --channel conda-forge \ - conda-build pip boa conda-forge-ci-setup=3 -mamba update --update-specs --yes --quiet --channel conda-forge \ - conda-build pip boa conda-forge-ci-setup=3 +mamba install --update-specs --quiet --yes --channel conda-forge --strict-channel-priority \ + pip mamba conda-build boa conda-forge-ci-setup=3 +mamba update --update-specs --yes --quiet --channel conda-forge --strict-channel-priority \ + pip mamba conda-build boa conda-forge-ci-setup=3 diff --git a/.scripts/run_win_build.bat b/.scripts/run_win_build.bat new file mode 100755 index 0000000..07d3445 --- /dev/null +++ b/.scripts/run_win_build.bat @@ -0,0 +1,115 @@ +:: PLEASE NOTE: This script has been automatically generated by conda-smithy. Any changes here +:: will be lost next time ``conda smithy rerender`` is run. If you would like to make permanent +:: changes to this script, consider a proposal to conda-smithy so that other feedstocks can also +:: benefit from the improvement. + +:: Note: we assume a Miniforge installation is available + +:: INPUTS (required environment variables) +:: CONFIG: name of the .ci_support/*.yaml file for this job +:: CI: azure, github_actions, or unset +:: UPLOAD_PACKAGES: true or false +:: UPLOAD_ON_BRANCH: true or false + +setlocal enableextensions enabledelayedexpansion + +call :start_group "Configuring conda" + +:: Activate the base conda environment +call activate base + +:: Provision the necessary dependencies to build the recipe later +echo Installing dependencies +mamba.exe install "python=3.10" pip mamba conda-build boa conda-forge-ci-setup=3 -c conda-forge --strict-channel-priority --yes +if !errorlevel! neq 0 exit /b !errorlevel! + +:: Set basic configuration +echo Setting up configuration +setup_conda_rc .\ ".\recipe" .\.ci_support\%CONFIG%.yaml +if !errorlevel! neq 0 exit /b !errorlevel! +echo Running build setup +CALL run_conda_forge_build_setup + + +if !errorlevel! neq 0 exit /b !errorlevel! + +if EXIST LICENSE.txt ( + echo Copying feedstock license + copy LICENSE.txt "recipe\\recipe-scripts-license.txt" +) +if NOT [%HOST_PLATFORM%] == [%BUILD_PLATFORM%] ( + set "EXTRA_CB_OPTIONS=%EXTRA_CB_OPTIONS% --no-test" +) + +call :end_group + +:: Build the recipe +echo Building recipe +conda.exe mambabuild "recipe" -m .ci_support\%CONFIG%.yaml --suppress-variables %EXTRA_CB_OPTIONS% +if !errorlevel! neq 0 exit /b !errorlevel! + +:: Prepare some environment variables for the upload step +if /i "%CI%" == "github_actions" ( + set "FEEDSTOCK_NAME=%GITHUB_REPOSITORY:*/=%" + set "GIT_BRANCH=%GITHUB_REF:refs/heads/=%" + if /i "%GITHUB_EVENT_NAME%" == "pull_request" ( + set "IS_PR_BUILD=True" + ) else ( + set "IS_PR_BUILD=False" + ) + set "TEMP=%RUNNER_TEMP%" +) +if /i "%CI%" == "azure" ( + set "FEEDSTOCK_NAME=%BUILD_REPOSITORY_NAME:*/=%" + set "GIT_BRANCH=%BUILD_SOURCEBRANCHNAME%" + if /i "%BUILD_REASON%" == "PullRequest" ( + set "IS_PR_BUILD=True" + ) else ( + set "IS_PR_BUILD=False" + ) + set "TEMP=%UPLOAD_TEMP%" +) + +:: Validate +call :start_group "Validating outputs" +validate_recipe_outputs "%FEEDSTOCK_NAME%" +if !errorlevel! neq 0 exit /b !errorlevel! +call :end_group + +if /i "%UPLOAD_PACKAGES%" == "true" ( + if /i "%IS_PR_BUILD%" == "false" ( + call :start_group "Uploading packages" + if not exist "%TEMP%\" md "%TEMP%" + set "TMP=%TEMP%" + upload_package --validate --feedstock-name="%FEEDSTOCK_NAME%" .\ ".\recipe" .ci_support\%CONFIG%.yaml + if !errorlevel! neq 0 exit /b !errorlevel! + call :end_group + ) +) + +exit + +:: Logging subroutines + +:start_group +if /i "%CI%" == "github_actions" ( + echo ::group::%~1 + exit /b +) +if /i "%CI%" == "azure" ( + echo ##[group]%~1 + exit /b +) +echo %~1 +exit /b + +:end_group +if /i "%CI%" == "github_actions" ( + echo ::endgroup:: + exit /b +) +if /i "%CI%" == "azure" ( + echo ##[endgroup] + exit /b +) +exit /b \ No newline at end of file From eb45c687a180ccd9d6147620a54f3a3e8c17bdb8 Mon Sep 17 00:00:00 2001 From: "Komarova, Evseniia" Date: Tue, 9 Jan 2024 17:16:23 +0100 Subject: [PATCH 3/6] add CVE-2023-45853 patch --- recipe/CVE-2023-45853.patch | 22 ++++++++++++++++++++++ recipe/meta.yaml | 2 ++ 2 files changed, 24 insertions(+) create mode 100644 recipe/CVE-2023-45853.patch diff --git a/recipe/CVE-2023-45853.patch b/recipe/CVE-2023-45853.patch new file mode 100644 index 0000000..c0fd236 --- /dev/null +++ b/recipe/CVE-2023-45853.patch @@ -0,0 +1,22 @@ +diff --git a/contrib/minizip/zip.c b/contrib/minizip/zip.c +index 3d3d4ca..0446109 100644 +--- a/contrib/minizip/zip.c ++++ b/contrib/minizip/zip.c +@@ -1043,6 +1043,17 @@ extern int ZEXPORT zipOpenNewFileInZip4_64(zipFile file, const char* filename, c + return ZIP_PARAMERROR; + #endif + ++ // The filename and comment length must fit in 16 bits. ++ if ((filename!=NULL) && (strlen(filename)>0xffff)) ++ return ZIP_PARAMERROR; ++ if ((comment!=NULL) && (strlen(comment)>0xffff)) ++ return ZIP_PARAMERROR; ++ // The extra field length must fit in 16 bits. If the member also requires ++ // a Zip64 extra block, that will also need to fit within that 16-bit ++ // length, but that will be checked for later. ++ if ((size_extrafield_local>0xffff) || (size_extrafield_global>0xffff)) ++ return ZIP_PARAMERROR; ++ + zi = (zip64_internal*)file; + + if (zi->in_opened_file_inzip == 1) diff --git a/recipe/meta.yaml b/recipe/meta.yaml index 225807e..5ba3693 100644 --- a/recipe/meta.yaml +++ b/recipe/meta.yaml @@ -10,6 +10,8 @@ source: - http://zlib.net/zlib-{{ version }}.tar.gz - https://gnupg.org/ftp/gcrypt/zlib/zlib-{{ version }}.tar.gz sha256: ff0ba4c292013dbc27530b3a81e1f9a813cd39de01ca5e0f8bf355702efa593e + patches: + - CVE-2023-45853.patch build: number: {{ build_num }} From d37a581625f7324a02759c0c251b09fa9fcec02a Mon Sep 17 00:00:00 2001 From: "conda-forge-webservices[bot]" <91080706+conda-forge-webservices[bot]@users.noreply.github.com> Date: Tue, 9 Jan 2024 16:18:48 +0000 Subject: [PATCH 4/6] MNT: Re-rendered with conda-build 3.28.3, conda-smithy 3.30.2, and conda-forge-pinning 2024.01.08.19.20.26 --- .azure-pipelines/azure-pipelines-linux.yml | 3 +++ .azure-pipelines/azure-pipelines-osx.yml | 3 +++ .azure-pipelines/azure-pipelines-win.yml | 3 +++ .gitignore | 14 ++++++++++++-- .scripts/build_steps.sh | 15 ++++++++++++--- .scripts/run_docker_build.sh | 3 +++ .scripts/run_osx_build.sh | 13 ++++++++++--- .scripts/run_win_build.bat | 14 ++++++++++++-- .travis.yml | 3 +++ README.md | 2 +- 10 files changed, 62 insertions(+), 11 deletions(-) diff --git a/.azure-pipelines/azure-pipelines-linux.yml b/.azure-pipelines/azure-pipelines-linux.yml index 2757787..90a880e 100755 --- a/.azure-pipelines/azure-pipelines-linux.yml +++ b/.azure-pipelines/azure-pipelines-linux.yml @@ -29,6 +29,9 @@ jobs: - script: | export CI=azure + export flow_run_id=azure_$(Build.BuildNumber).$(System.JobAttempt) + export remote_url=$(Build.Repository.Uri) + export sha=$(Build.SourceVersion) export GIT_BRANCH=$BUILD_SOURCEBRANCHNAME export FEEDSTOCK_NAME=$(basename ${BUILD_REPOSITORY_NAME}) if [[ "${BUILD_REASON:-}" == "PullRequest" ]]; then diff --git a/.azure-pipelines/azure-pipelines-osx.yml b/.azure-pipelines/azure-pipelines-osx.yml index 8032e96..f3ff063 100755 --- a/.azure-pipelines/azure-pipelines-osx.yml +++ b/.azure-pipelines/azure-pipelines-osx.yml @@ -20,6 +20,9 @@ jobs: # TODO: Fast finish on azure pipelines? - script: | export CI=azure + export flow_run_id=azure_$(Build.BuildNumber).$(System.JobAttempt) + export remote_url=$(Build.Repository.Uri) + export sha=$(Build.SourceVersion) export OSX_FORCE_SDK_DOWNLOAD="1" export GIT_BRANCH=$BUILD_SOURCEBRANCHNAME export FEEDSTOCK_NAME=$(basename ${BUILD_REPOSITORY_NAME}) diff --git a/.azure-pipelines/azure-pipelines-win.yml b/.azure-pipelines/azure-pipelines-win.yml index 9cd6ff2..0983ebb 100755 --- a/.azure-pipelines/azure-pipelines-win.yml +++ b/.azure-pipelines/azure-pipelines-win.yml @@ -45,6 +45,9 @@ jobs: PYTHONUNBUFFERED: 1 CONFIG: $(CONFIG) CI: azure + flow_run_id: azure_$(Build.BuildNumber).$(System.JobAttempt) + remote_url: $(Build.Repository.Uri) + sha: $(Build.SourceVersion) UPLOAD_PACKAGES: $(UPLOAD_PACKAGES) UPLOAD_TEMP: $(UPLOAD_TEMP) BINSTAR_TOKEN: $(BINSTAR_TOKEN) diff --git a/.gitignore b/.gitignore index c89ecb7..c002910 100644 --- a/.gitignore +++ b/.gitignore @@ -1,3 +1,13 @@ -*.pyc +# User content belongs under recipe/. +# Feedstock configuration goes in `conda-forge.yml` +# Everything else is managed by the conda-smithy rerender process. +# Please do not modify + +* +!/conda-forge.yml -build_artifacts +!/*/ +!/recipe/** +!/.ci_support/** + +*.pyc diff --git a/.scripts/build_steps.sh b/.scripts/build_steps.sh index bd9e671..eba1dfd 100755 --- a/.scripts/build_steps.sh +++ b/.scripts/build_steps.sh @@ -28,13 +28,15 @@ conda-build: pkgs_dirs: - ${FEEDSTOCK_ROOT}/build_artifacts/pkg_cache - /opt/conda/pkgs +solver: libmamba CONDARC +export CONDA_LIBMAMBA_SOLVER_NO_CHANNELS_FROM_INSTALLED=1 mamba install --update-specs --yes --quiet --channel conda-forge --strict-channel-priority \ - pip mamba conda-build boa conda-forge-ci-setup=3 + pip mamba conda-build boa conda-forge-ci-setup=4 mamba update --update-specs --yes --quiet --channel conda-forge --strict-channel-priority \ - pip mamba conda-build boa conda-forge-ci-setup=3 + pip mamba conda-build boa conda-forge-ci-setup=4 # set up the condarc setup_conda_rc "${FEEDSTOCK_ROOT}" "${RECIPE_ROOT}" "${CONFIG_FILE}" @@ -55,6 +57,12 @@ if [[ -f "${FEEDSTOCK_ROOT}/LICENSE.txt" ]]; then cp "${FEEDSTOCK_ROOT}/LICENSE.txt" "${RECIPE_ROOT}/recipe-scripts-license.txt" fi +if [[ "${sha:-}" == "" ]]; then + pushd ${FEEDSTOCK_ROOT} + sha=$(git rev-parse HEAD) + popd +fi + if [[ "${BUILD_WITH_CONDA_DEBUG:-0}" == 1 ]]; then if [[ "x${BUILD_OUTPUT_ID:-}" != "x" ]]; then EXTRA_CB_OPTIONS="${EXTRA_CB_OPTIONS:-} --output-id ${BUILD_OUTPUT_ID}" @@ -68,7 +76,8 @@ if [[ "${BUILD_WITH_CONDA_DEBUG:-0}" == 1 ]]; then else conda mambabuild "${RECIPE_ROOT}" -m "${CI_SUPPORT}/${CONFIG}.yaml" \ --suppress-variables ${EXTRA_CB_OPTIONS:-} \ - --clobber-file "${CI_SUPPORT}/clobber_${CONFIG}.yaml" + --clobber-file "${CI_SUPPORT}/clobber_${CONFIG}.yaml" \ + --extra-meta flow_run_id="${flow_run_id:-}" remote_url="${remote_url:-}" sha="${sha:-}" ( startgroup "Validating outputs" ) 2> /dev/null validate_recipe_outputs "${FEEDSTOCK_NAME}" diff --git a/.scripts/run_docker_build.sh b/.scripts/run_docker_build.sh index 9236239..b70ef01 100755 --- a/.scripts/run_docker_build.sh +++ b/.scripts/run_docker_build.sh @@ -91,6 +91,9 @@ docker run ${DOCKER_RUN_ARGS} \ -e CPU_COUNT \ -e BUILD_WITH_CONDA_DEBUG \ -e BUILD_OUTPUT_ID \ + -e flow_run_id \ + -e remote_url \ + -e sha \ -e BINSTAR_TOKEN \ -e FEEDSTOCK_TOKEN \ -e STAGING_BINSTAR_TOKEN \ diff --git a/.scripts/run_osx_build.sh b/.scripts/run_osx_build.sh index 870c49a..9259eb9 100755 --- a/.scripts/run_osx_build.sh +++ b/.scripts/run_osx_build.sh @@ -22,11 +22,13 @@ bash $MINIFORGE_FILE -b -p ${MINIFORGE_HOME} source ${MINIFORGE_HOME}/etc/profile.d/conda.sh conda activate base +export CONDA_SOLVER="libmamba" +export CONDA_LIBMAMBA_SOLVER_NO_CHANNELS_FROM_INSTALLED=1 mamba install --update-specs --quiet --yes --channel conda-forge --strict-channel-priority \ - pip mamba conda-build boa conda-forge-ci-setup=3 + pip mamba conda-build boa conda-forge-ci-setup=4 mamba update --update-specs --yes --quiet --channel conda-forge --strict-channel-priority \ - pip mamba conda-build boa conda-forge-ci-setup=3 + pip mamba conda-build boa conda-forge-ci-setup=4 @@ -45,6 +47,10 @@ else echo -e "\n\nNot mangling homebrew as we are not running in CI" fi +if [[ "${sha:-}" == "" ]]; then + sha=$(git rev-parse HEAD) +fi + echo -e "\n\nRunning the build setup script." source run_conda_forge_build_setup @@ -77,7 +83,8 @@ else conda mambabuild ./recipe -m ./.ci_support/${CONFIG}.yaml \ --suppress-variables ${EXTRA_CB_OPTIONS:-} \ - --clobber-file ./.ci_support/clobber_${CONFIG}.yaml + --clobber-file ./.ci_support/clobber_${CONFIG}.yaml \ + --extra-meta flow_run_id="$flow_run_id" remote_url="$remote_url" sha="$sha" ( startgroup "Validating outputs" ) 2> /dev/null validate_recipe_outputs "${FEEDSTOCK_NAME}" diff --git a/.scripts/run_win_build.bat b/.scripts/run_win_build.bat index 07d3445..48734de 100755 --- a/.scripts/run_win_build.bat +++ b/.scripts/run_win_build.bat @@ -17,10 +17,14 @@ call :start_group "Configuring conda" :: Activate the base conda environment call activate base +:: Configure the solver +set "CONDA_SOLVER=libmamba" +if !errorlevel! neq 0 exit /b !errorlevel! +set "CONDA_LIBMAMBA_SOLVER_NO_CHANNELS_FROM_INSTALLED=1" :: Provision the necessary dependencies to build the recipe later echo Installing dependencies -mamba.exe install "python=3.10" pip mamba conda-build boa conda-forge-ci-setup=3 -c conda-forge --strict-channel-priority --yes +mamba.exe install "python=3.10" pip mamba conda-build boa conda-forge-ci-setup=4 -c conda-forge --strict-channel-priority --yes if !errorlevel! neq 0 exit /b !errorlevel! :: Set basic configuration @@ -38,7 +42,13 @@ if EXIST LICENSE.txt ( copy LICENSE.txt "recipe\\recipe-scripts-license.txt" ) if NOT [%HOST_PLATFORM%] == [%BUILD_PLATFORM%] ( - set "EXTRA_CB_OPTIONS=%EXTRA_CB_OPTIONS% --no-test" + if [%CROSSCOMPILING_EMULATOR%] == [] ( + set "EXTRA_CB_OPTIONS=%EXTRA_CB_OPTIONS% --no-test" + ) +) + +if NOT [%flow_run_id%] == [] ( + set "EXTRA_CB_OPTIONS=%EXTRA_CB_OPTIONS% --extra-meta flow_run_id=%flow_run_id% remote_url=%remote_url% sha=%sha%" ) call :end_group diff --git a/.travis.yml b/.travis.yml index b25d24d..05d64a4 100644 --- a/.travis.yml +++ b/.travis.yml @@ -15,6 +15,9 @@ matrix: script: - export CI=travis - export GIT_BRANCH="$TRAVIS_BRANCH" + - export flow_run_id="travis_$TRAVIS_JOB_ID" + - export sha="$TRAVIS_COMMIT" + - export remote_url="https://github.com/$TRAVIS_REPO_SLUG" - export FEEDSTOCK_NAME=$(basename ${TRAVIS_REPO_SLUG}) - if [[ "${TRAVIS_PULL_REQUEST:-}" == "false" ]]; then export IS_PR_BUILD="False"; else export IS_PR_BUILD="True"; fi diff --git a/README.md b/README.md index 4940861..e3337e5 100644 --- a/README.md +++ b/README.md @@ -174,7 +174,7 @@ available continuous integration services. Thanks to the awesome service provide [CircleCI](https://circleci.com/), [AppVeyor](https://www.appveyor.com/), [Drone](https://cloud.drone.io/welcome), and [TravisCI](https://travis-ci.com/) it is possible to build and upload installable packages to the -[conda-forge](https://anaconda.org/conda-forge) [Anaconda-Cloud](https://anaconda.org/) +[conda-forge](https://anaconda.org/conda-forge) [anaconda.org](https://anaconda.org/) channel for Linux, Windows and OSX respectively. To manage the continuous integration and simplify feedstock maintenance From 6c4f78ff111d12fc40a6a1ea8cff9ad91ee4c78b Mon Sep 17 00:00:00 2001 From: "Komarova, Evseniia" Date: Tue, 9 Jan 2024 17:35:29 +0100 Subject: [PATCH 5/6] update line endings --- recipe/CVE-2023-45853.patch | 44 ++++++++++++++++++------------------- 1 file changed, 22 insertions(+), 22 deletions(-) diff --git a/recipe/CVE-2023-45853.patch b/recipe/CVE-2023-45853.patch index c0fd236..c095d1d 100644 --- a/recipe/CVE-2023-45853.patch +++ b/recipe/CVE-2023-45853.patch @@ -1,22 +1,22 @@ -diff --git a/contrib/minizip/zip.c b/contrib/minizip/zip.c -index 3d3d4ca..0446109 100644 ---- a/contrib/minizip/zip.c -+++ b/contrib/minizip/zip.c -@@ -1043,6 +1043,17 @@ extern int ZEXPORT zipOpenNewFileInZip4_64(zipFile file, const char* filename, c - return ZIP_PARAMERROR; - #endif - -+ // The filename and comment length must fit in 16 bits. -+ if ((filename!=NULL) && (strlen(filename)>0xffff)) -+ return ZIP_PARAMERROR; -+ if ((comment!=NULL) && (strlen(comment)>0xffff)) -+ return ZIP_PARAMERROR; -+ // The extra field length must fit in 16 bits. If the member also requires -+ // a Zip64 extra block, that will also need to fit within that 16-bit -+ // length, but that will be checked for later. -+ if ((size_extrafield_local>0xffff) || (size_extrafield_global>0xffff)) -+ return ZIP_PARAMERROR; -+ - zi = (zip64_internal*)file; - - if (zi->in_opened_file_inzip == 1) +diff --git a/contrib/minizip/zip.c b/contrib/minizip/zip.c +index 3d3d4ca..0446109 100644 +--- a/contrib/minizip/zip.c ++++ b/contrib/minizip/zip.c +@@ -1043,6 +1043,17 @@ extern int ZEXPORT zipOpenNewFileInZip4_64(zipFile file, const char* filename, c + return ZIP_PARAMERROR; + #endif + ++ // The filename and comment length must fit in 16 bits. ++ if ((filename!=NULL) && (strlen(filename)>0xffff)) ++ return ZIP_PARAMERROR; ++ if ((comment!=NULL) && (strlen(comment)>0xffff)) ++ return ZIP_PARAMERROR; ++ // The extra field length must fit in 16 bits. If the member also requires ++ // a Zip64 extra block, that will also need to fit within that 16-bit ++ // length, but that will be checked for later. ++ if ((size_extrafield_local>0xffff) || (size_extrafield_global>0xffff)) ++ return ZIP_PARAMERROR; ++ + zi = (zip64_internal*)file; + + if (zi->in_opened_file_inzip == 1) From 0263b24ced637b1228c03156ec4a79b4e3ae9681 Mon Sep 17 00:00:00 2001 From: "Komarova, Evseniia" Date: Tue, 9 Jan 2024 19:12:47 +0100 Subject: [PATCH 6/6] add comment to CVE patch --- recipe/meta.yaml | 1 + 1 file changed, 1 insertion(+) diff --git a/recipe/meta.yaml b/recipe/meta.yaml index 5ba3693..d3ce982 100644 --- a/recipe/meta.yaml +++ b/recipe/meta.yaml @@ -11,6 +11,7 @@ source: - https://gnupg.org/ftp/gcrypt/zlib/zlib-{{ version }}.tar.gz sha256: ff0ba4c292013dbc27530b3a81e1f9a813cd39de01ca5e0f8bf355702efa593e patches: + # This patch is ported from https://github.com/madler/zlib/pull/843 and can be dropped after the availability of 1.3.1 patch release - CVE-2023-45853.patch build: