[packages/zlib] up to 1.2.13
atler
atler at pld-linux.org
Fri Oct 14 15:06:23 CEST 2022
commit d74f25fe70302e7303a6036efaa5286e8fe12f18
Author: Jan Palus <atler at pld-linux.org>
Date: Fri Oct 14 15:05:38 2022 +0200
up to 1.2.13
CVE-2022-37434.patch | 61 ----------------------------------------------
cc.patch | 43 --------------------------------
java-regr-workaround.patch | 51 --------------------------------------
zlib.spec | 12 +++------
4 files changed, 3 insertions(+), 164 deletions(-)
---
diff --git a/zlib.spec b/zlib.spec
index 486edc9..bd00af0 100644
--- a/zlib.spec
+++ b/zlib.spec
@@ -17,16 +17,13 @@ Summary(ru.UTF-8): Библиотека для компрессии и деко
Summary(tr.UTF-8): Sıkıştırma işlemleri için kitaplık
Summary(uk.UTF-8): Бібліотека для компресії та декомпресії
Name: zlib
-Version: 1.2.12
-Release: 5
+Version: 1.2.13
+Release: 1
License: BSD
Group: Libraries
Source0: http://www.zlib.net/current/%{name}-%{version}.tar.gz
-# Source0-md5: 5fc414a9726be31427b440b434d05f78
+# Source0-md5: 9b8aa094c4e5765dabf4da391f00d15c
Patch0: %{name}-asm.patch
-Patch1: cc.patch
-Patch2: java-regr-workaround.patch
-Patch3: CVE-2022-37434.patch
URL: http://www.zlib.net/
BuildRequires: autoconf >= 2.50
BuildRequires: automake
@@ -305,9 +302,6 @@ cp contrib/asm686/match.S .
cp contrib/amd64/amd64-match.S match.S
%endif
%endif
-%patch1 -p1
-%patch2 -p1
-%patch3 -p1
%build
CC="%{__cc}" \
diff --git a/CVE-2022-37434.patch b/CVE-2022-37434.patch
deleted file mode 100644
index 4fd6e5b..0000000
--- a/CVE-2022-37434.patch
+++ /dev/null
@@ -1,61 +0,0 @@
-From eff308af425b67093bab25f80f1ae950166bece1 Mon Sep 17 00:00:00 2001
-From: Mark Adler <fork at madler.net>
-Date: Sat, 30 Jul 2022 15:51:11 -0700
-Subject: [PATCH] Fix a bug when getting a gzip header extra field with
- inflate().
-
-If the extra field was larger than the space the user provided with
-inflateGetHeader(), and if multiple calls of inflate() delivered
-the extra header data, then there could be a buffer overflow of the
-provided space. This commit assures that provided space is not
-exceeded.
----
- inflate.c | 5 +++--
- 1 file changed, 3 insertions(+), 2 deletions(-)
-
-diff --git a/inflate.c b/inflate.c
-index 7be8c6366..7a7289749 100644
---- a/inflate.c
-+++ b/inflate.c
-@@ -763,9 +763,10 @@ int flush;
- copy = state->length;
- if (copy > have) copy = have;
- if (copy) {
-+ len = state->head->extra_len - state->length;
- if (state->head != Z_NULL &&
-- state->head->extra != Z_NULL) {
-- len = state->head->extra_len - state->length;
-+ state->head->extra != Z_NULL &&
-+ len < state->head->extra_max) {
- zmemcpy(state->head->extra + len, next,
- len + copy > state->head->extra_max ?
- state->head->extra_max - len : copy);
-From 1eb7682f845ac9e9bf9ae35bbfb3bad5dacbd91d Mon Sep 17 00:00:00 2001
-From: Mark Adler <fork at madler.net>
-Date: Mon, 8 Aug 2022 10:50:09 -0700
-Subject: [PATCH] Fix extra field processing bug that dereferences NULL
- state->head.
-
-The recent commit to fix a gzip header extra field processing bug
-introduced the new bug fixed here.
----
- inflate.c | 4 ++--
- 1 file changed, 2 insertions(+), 2 deletions(-)
-
-diff --git a/inflate.c b/inflate.c
-index 7a7289749..2a3c4fe98 100644
---- a/inflate.c
-+++ b/inflate.c
-@@ -763,10 +763,10 @@ int flush;
- copy = state->length;
- if (copy > have) copy = have;
- if (copy) {
-- len = state->head->extra_len - state->length;
- if (state->head != Z_NULL &&
- state->head->extra != Z_NULL &&
-- len < state->head->extra_max) {
-+ (len = state->head->extra_len - state->length) <
-+ state->head->extra_max) {
- zmemcpy(state->head->extra + len, next,
- len + copy > state->head->extra_max ?
- state->head->extra_max - len : copy);
diff --git a/cc.patch b/cc.patch
deleted file mode 100644
index f34c404..0000000
--- a/cc.patch
+++ /dev/null
@@ -1,43 +0,0 @@
-From 80d086357a55b94a13e43756cf3e131f25eef0e4 Mon Sep 17 00:00:00 2001
-From: Sam James <sam at gentoo.org>
-Date: Mon, 28 Mar 2022 08:40:45 +0100
-Subject: [PATCH] Fix CC logic in configure
-
-In https://github.com/madler/zlib/commit/e9a52aa129efe3834383e415580716a7c4027f8d,
-the logic was changed to try check harder for GCC, but it dropped
-the default setting of cc=${CC}. It was throwing away any pre-set CC value as
-a result.
-
-The rest of the script then cascades down a bad path because it's convinced
-it's not GCC or a GCC-like compiler.
-
-This led to e.g. misdetection of inability to build shared libs
-for say, multilib cases (w/ CC being one thing from the environment being used
-for one test (e.g. x86_64-unknown-linux-gnu-gcc -m32 and then 'cc' used for
-shared libs (but missing "-m32"!)). Obviously just one example of how
-the old logic could break.
-
-This restores the old default of 'CC' if nothing overrides it later
-in configure.
-
-Bug: https://bugs.gentoo.org/836308
-Signed-off-by: Sam James <sam at gentoo.org>
----
- configure | 3 +++
- 1 file changed, 3 insertions(+)
-
-diff --git a/configure b/configure
-index 52ff4a04e..3fa3e8618 100755
---- a/configure
-+++ b/configure
-@@ -174,7 +174,10 @@ if test -z "$CC"; then
- else
- cc=${CROSS_PREFIX}cc
- fi
-+else
-+ cc=${CC}
- fi
-+
- cflags=${CFLAGS-"-O3"}
- # to force the asm version use: CFLAGS="-O3 -DASMV" ./configure
- case "$cc" in
diff --git a/java-regr-workaround.patch b/java-regr-workaround.patch
deleted file mode 100644
index 85a6a7e..0000000
--- a/java-regr-workaround.patch
+++ /dev/null
@@ -1,51 +0,0 @@
-From ec3df00224d4b396e2ac6586ab5d25f673caa4c2 Mon Sep 17 00:00:00 2001
-From: Mark Adler <madler at alumni.caltech.edu>
-Date: Wed, 30 Mar 2022 11:14:53 -0700
-Subject: [PATCH] Correct incorrect inputs provided to the CRC functions.
-
-The previous releases of zlib were not sensitive to incorrect CRC
-inputs with bits set above the low 32. This commit restores that
-behavior, so that applications with such bugs will continue to
-operate as before.
----
- crc32.c | 8 ++++----
- 1 file changed, 4 insertions(+), 4 deletions(-)
-
-diff --git a/crc32.c b/crc32.c
-index a1bdce5c2..451887bc7 100644
---- a/crc32.c
-+++ b/crc32.c
-@@ -630,7 +630,7 @@ unsigned long ZEXPORT crc32_z(crc, buf, len)
- #endif /* DYNAMIC_CRC_TABLE */
-
- /* Pre-condition the CRC */
-- crc ^= 0xffffffff;
-+ crc = (~crc) & 0xffffffff;
-
- /* Compute the CRC up to a word boundary. */
- while (len && ((z_size_t)buf & 7) != 0) {
-@@ -749,7 +749,7 @@ unsigned long ZEXPORT crc32_z(crc, buf, len)
- #endif /* DYNAMIC_CRC_TABLE */
-
- /* Pre-condition the CRC */
-- crc ^= 0xffffffff;
-+ crc = (~crc) & 0xffffffff;
-
- #ifdef W
-
-@@ -1077,7 +1077,7 @@ uLong ZEXPORT crc32_combine64(crc1, crc2, len2)
- #ifdef DYNAMIC_CRC_TABLE
- once(&made, make_crc_table);
- #endif /* DYNAMIC_CRC_TABLE */
-- return multmodp(x2nmodp(len2, 3), crc1) ^ crc2;
-+ return multmodp(x2nmodp(len2, 3), crc1) ^ (crc2 & 0xffffffff);
- }
-
- /* ========================================================================= */
-@@ -1112,5 +1112,5 @@ uLong crc32_combine_op(crc1, crc2, op)
- uLong crc2;
- uLong op;
- {
-- return multmodp(op, crc1) ^ crc2;
-+ return multmodp(op, crc1) ^ (crc2 & 0xffffffff);
- }
================================================================
---- gitweb:
http://git.pld-linux.org/gitweb.cgi/packages/zlib.git/commitdiff/d74f25fe70302e7303a6036efaa5286e8fe12f18
More information about the pld-cvs-commit
mailing list