diff --git a/0001-Do-not-try-to-store-negative-values-in-unsigned-int.patch b/0001-Do-not-try-to-store-negative-values-in-unsigned-int.patch new file mode 100644 index 0000000..360acf3 --- /dev/null +++ b/0001-Do-not-try-to-store-negative-values-in-unsigned-int.patch @@ -0,0 +1,28 @@ +From bb5eec59e3ec66f6dccb79b1900aa806a1cca12e Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Tom=C3=A1=C5=A1=20Chv=C3=A1tal?= +Date: Fri, 8 Dec 2017 14:59:08 +0100 +Subject: [PATCH] Do not try to store negative values in unsigned int + +--- + deflate.c | 5 ++++- + 1 file changed, 4 insertions(+), 1 deletion(-) + +diff --git a/deflate.c b/deflate.c +index 1ec7614..1bad1eb 100644 +--- a/deflate.c ++++ b/deflate.c +@@ -1536,7 +1536,10 @@ local void fill_window(s) + + /* Initialize the hash value now that we have some input: */ + if (s->lookahead + s->insert >= MIN_MATCH) { +- uInt str = s->strstart - s->insert; ++ uInt str = 0; ++ /* storing negative values to uInt is not good idea */ ++ if (s->strstart - s->insert > 0) ++ str = s->strstart - s->insert; + s->ins_h = s->window[str]; + UPDATE_HASH(s, s->ins_h, s->window[str + 1]); + #if MIN_MATCH != 3 +-- +2.15.1 + diff --git a/zlib.changes b/zlib.changes index de5473c..18af36a 100644 --- a/zlib.changes +++ b/zlib.changes @@ -1,3 +1,9 @@ +------------------------------------------------------------------- +Tue May 15 10:56:20 UTC 2018 - tchvatal@suse.com + +- Add patch to safeguard against negative values in uInt bsc#1071321: + * 0001-Do-not-try-to-store-negative-values-in-unsigned-int.patch + ------------------------------------------------------------------- Mon Jun 12 17:35:18 UTC 2017 - kah0922@gmail.com diff --git a/zlib.spec b/zlib.spec index 3f55e3d..fbdc16a 100644 --- a/zlib.spec +++ b/zlib.spec @@ -33,6 +33,8 @@ Source6: zlib-rpmlintrc Patch0: zlib-1.2.11-optimized-s390.patch #PATCH-FIX-SUSE: compiler check of varguments passed to gzprintf Patch1: zlib-format.patch +#PATCH-FIX-UPSTREAM do not store negative values in uInt +Patch2: 0001-Do-not-try-to-store-negative-values-in-unsigned-int.patch BuildRequires: autoconf BuildRequires: automake BuildRequires: libtool @@ -115,6 +117,7 @@ developing applications which use minizip. %setup -q %patch0 %patch1 +%patch2 -p1 %build export LDFLAGS="-Wl,-z,relro,-z,now"