From 47f32ca16ba89b3304735a7088a9fd15f8cbbebb Mon Sep 17 00:00:00 2001 From: Owen Rafferty Date: Thu, 13 Oct 2022 21:43:00 -0500 Subject: [PATCH] zlib: 1.2.13 --- core/zlib/build | 4 -- core/zlib/checksums | 6 +-- core/zlib/patches/0001-CVE-2022-37434.patch | 32 ------------ core/zlib/patches/0002-CVE-2022-37434.patch | 29 ----------- .../patches/Fix-CC-logic-in-configure.patch | 43 ---------------- core/zlib/patches/crc32.patch | 51 ------------------- core/zlib/sources | 4 -- core/zlib/version | 2 +- 8 files changed, 2 insertions(+), 169 deletions(-) delete mode 100644 core/zlib/patches/0001-CVE-2022-37434.patch delete mode 100644 core/zlib/patches/0002-CVE-2022-37434.patch delete mode 100644 core/zlib/patches/Fix-CC-logic-in-configure.patch delete mode 100644 core/zlib/patches/crc32.patch diff --git a/core/zlib/build b/core/zlib/build index ced8305a..39962de2 100755 --- a/core/zlib/build +++ b/core/zlib/build @@ -2,10 +2,6 @@ export CFLAGS="$CFLAGS -fPIC" -for patch in *.patch; do - patch -p1 < "$patch" -done - ./configure \ --prefix=/usr diff --git a/core/zlib/checksums b/core/zlib/checksums index bec3eb35..0777ac36 100644 --- a/core/zlib/checksums +++ b/core/zlib/checksums @@ -1,5 +1 @@ -91844808532e5ce316b3c010929493c0244f3d37593afd6de04f71821d5136d9 -0bf4794975bd3be95f3f1d92cdf781a26c937d5c879b72939ae9cffbf6c430c7 -db41b76fd40bdc77b26e9a202177cee807da5e7cf751e72298d62742c349057d -f35eb05334a4f8d7b40b6c5610a6369f654863b5fa1a19c2507888f918025238 -00e023c3ccb7b895ebb3421970b1b77f8a527b40190f35050b79fd0e817a7b0c +b3a24de97a8fdbc835b9833169501030b8977031bcb54b3b3ac13740f846ab30 diff --git a/core/zlib/patches/0001-CVE-2022-37434.patch b/core/zlib/patches/0001-CVE-2022-37434.patch deleted file mode 100644 index dc84d3a1..00000000 --- a/core/zlib/patches/0001-CVE-2022-37434.patch +++ /dev/null @@ -1,32 +0,0 @@ -From eff308af425b67093bab25f80f1ae950166bece1 Mon Sep 17 00:00:00 2001 -From: Mark Adler -Date: Sat, 30 Jul 2022 15:51:11 -0700 -Subject: [PATCH] Fix a bug when getting a gzip header extra field with - inflate(). - -If the extra field was larger than the space the user provided with -inflateGetHeader(), and if multiple calls of inflate() delivered -the extra header data, then there could be a buffer overflow of the -provided space. This commit assures that provided space is not -exceeded. ---- - inflate.c | 5 +++-- - 1 file changed, 3 insertions(+), 2 deletions(-) - -diff --git a/inflate.c b/inflate.c -index 7be8c6366..7a7289749 100644 ---- a/inflate.c -+++ b/inflate.c -@@ -763,9 +763,10 @@ int flush; - copy = state->length; - if (copy > have) copy = have; - if (copy) { -+ len = state->head->extra_len - state->length; - if (state->head != Z_NULL && -- state->head->extra != Z_NULL) { -- len = state->head->extra_len - state->length; -+ state->head->extra != Z_NULL && -+ len < state->head->extra_max) { - zmemcpy(state->head->extra + len, next, - len + copy > state->head->extra_max ? - state->head->extra_max - len : copy); diff --git a/core/zlib/patches/0002-CVE-2022-37434.patch b/core/zlib/patches/0002-CVE-2022-37434.patch deleted file mode 100644 index c5c95a92..00000000 --- a/core/zlib/patches/0002-CVE-2022-37434.patch +++ /dev/null @@ -1,29 +0,0 @@ -From 1eb7682f845ac9e9bf9ae35bbfb3bad5dacbd91d Mon Sep 17 00:00:00 2001 -From: Mark Adler -Date: Mon, 8 Aug 2022 10:50:09 -0700 -Subject: [PATCH] Fix extra field processing bug that dereferences NULL - state->head. - -The recent commit to fix a gzip header extra field processing bug -introduced the new bug fixed here. ---- - inflate.c | 4 ++-- - 1 file changed, 2 insertions(+), 2 deletions(-) - -diff --git a/inflate.c b/inflate.c -index 7a7289749..2a3c4fe98 100644 ---- a/inflate.c -+++ b/inflate.c -@@ -763,10 +763,10 @@ int flush; - copy = state->length; - if (copy > have) copy = have; - if (copy) { -- len = state->head->extra_len - state->length; - if (state->head != Z_NULL && - state->head->extra != Z_NULL && -- len < state->head->extra_max) { -+ (len = state->head->extra_len - state->length) < -+ state->head->extra_max) { - zmemcpy(state->head->extra + len, next, - len + copy > state->head->extra_max ? - state->head->extra_max - len : copy); diff --git a/core/zlib/patches/Fix-CC-logic-in-configure.patch b/core/zlib/patches/Fix-CC-logic-in-configure.patch deleted file mode 100644 index f34c4044..00000000 --- a/core/zlib/patches/Fix-CC-logic-in-configure.patch +++ /dev/null @@ -1,43 +0,0 @@ -From 80d086357a55b94a13e43756cf3e131f25eef0e4 Mon Sep 17 00:00:00 2001 -From: Sam James -Date: Mon, 28 Mar 2022 08:40:45 +0100 -Subject: [PATCH] Fix CC logic in configure - -In https://github.com/madler/zlib/commit/e9a52aa129efe3834383e415580716a7c4027f8d, -the logic was changed to try check harder for GCC, but it dropped -the default setting of cc=${CC}. It was throwing away any pre-set CC value as -a result. - -The rest of the script then cascades down a bad path because it's convinced -it's not GCC or a GCC-like compiler. - -This led to e.g. misdetection of inability to build shared libs -for say, multilib cases (w/ CC being one thing from the environment being used -for one test (e.g. x86_64-unknown-linux-gnu-gcc -m32 and then 'cc' used for -shared libs (but missing "-m32"!)). Obviously just one example of how -the old logic could break. - -This restores the old default of 'CC' if nothing overrides it later -in configure. - -Bug: https://bugs.gentoo.org/836308 -Signed-off-by: Sam James ---- - configure | 3 +++ - 1 file changed, 3 insertions(+) - -diff --git a/configure b/configure -index 52ff4a04e..3fa3e8618 100755 ---- a/configure -+++ b/configure -@@ -174,7 +174,10 @@ if test -z "$CC"; then - else - cc=${CROSS_PREFIX}cc - fi -+else -+ cc=${CC} - fi -+ - cflags=${CFLAGS-"-O3"} - # to force the asm version use: CFLAGS="-O3 -DASMV" ./configure - case "$cc" in diff --git a/core/zlib/patches/crc32.patch b/core/zlib/patches/crc32.patch deleted file mode 100644 index 85a6a7e3..00000000 --- a/core/zlib/patches/crc32.patch +++ /dev/null @@ -1,51 +0,0 @@ -From ec3df00224d4b396e2ac6586ab5d25f673caa4c2 Mon Sep 17 00:00:00 2001 -From: Mark Adler -Date: Wed, 30 Mar 2022 11:14:53 -0700 -Subject: [PATCH] Correct incorrect inputs provided to the CRC functions. - -The previous releases of zlib were not sensitive to incorrect CRC -inputs with bits set above the low 32. This commit restores that -behavior, so that applications with such bugs will continue to -operate as before. ---- - crc32.c | 8 ++++---- - 1 file changed, 4 insertions(+), 4 deletions(-) - -diff --git a/crc32.c b/crc32.c -index a1bdce5c2..451887bc7 100644 ---- a/crc32.c -+++ b/crc32.c -@@ -630,7 +630,7 @@ unsigned long ZEXPORT crc32_z(crc, buf, len) - #endif /* DYNAMIC_CRC_TABLE */ - - /* Pre-condition the CRC */ -- crc ^= 0xffffffff; -+ crc = (~crc) & 0xffffffff; - - /* Compute the CRC up to a word boundary. */ - while (len && ((z_size_t)buf & 7) != 0) { -@@ -749,7 +749,7 @@ unsigned long ZEXPORT crc32_z(crc, buf, len) - #endif /* DYNAMIC_CRC_TABLE */ - - /* Pre-condition the CRC */ -- crc ^= 0xffffffff; -+ crc = (~crc) & 0xffffffff; - - #ifdef W - -@@ -1077,7 +1077,7 @@ uLong ZEXPORT crc32_combine64(crc1, crc2, len2) - #ifdef DYNAMIC_CRC_TABLE - once(&made, make_crc_table); - #endif /* DYNAMIC_CRC_TABLE */ -- return multmodp(x2nmodp(len2, 3), crc1) ^ crc2; -+ return multmodp(x2nmodp(len2, 3), crc1) ^ (crc2 & 0xffffffff); - } - - /* ========================================================================= */ -@@ -1112,5 +1112,5 @@ uLong crc32_combine_op(crc1, crc2, op) - uLong crc2; - uLong op; - { -- return multmodp(op, crc1) ^ crc2; -+ return multmodp(op, crc1) ^ (crc2 & 0xffffffff); - } diff --git a/core/zlib/sources b/core/zlib/sources index b68731e8..3ef20adc 100644 --- a/core/zlib/sources +++ b/core/zlib/sources @@ -1,5 +1 @@ https://zlib.net/fossils/zlib-VERSION.tar.gz -patches/0001-CVE-2022-37434.patch -patches/0002-CVE-2022-37434.patch -patches/Fix-CC-logic-in-configure.patch -patches/crc32.patch diff --git a/core/zlib/version b/core/zlib/version index e6eb08df..f19e3891 100644 --- a/core/zlib/version +++ b/core/zlib/version @@ -1 +1 @@ -1.2.12 2 +1.2.13 1