Accepting request 445412 from devel:libraries:c_c++
- Include fixes for bnc#1003580 bnc#1003579 bnc#1003577 bnc#1013882: * zlib-bnc1003580.patch refreshed * zlib-bnc1013882.patch CVE-2016-9843 OBS-URL: https://build.opensuse.org/request/show/445412 OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/zlib?expand=0&rev=63
This commit is contained in:
commit
6383c1580f
@ -1,49 +1,29 @@
|
||||
From d1d577490c15a0c6862473d7576352a9f18ef811 Mon Sep 17 00:00:00 2001
|
||||
From e54e1299404101a5a9d0cf5e45512b543967f958 Mon Sep 17 00:00:00 2001
|
||||
From: Mark Adler <madler@alumni.caltech.edu>
|
||||
Date: Wed, 28 Sep 2016 20:20:25 -0700
|
||||
Subject: [PATCH] Avoid pre-decrement of pointer in big-endian CRC calculation.
|
||||
Date: Sat, 5 Sep 2015 17:45:55 -0700
|
||||
Subject: [PATCH] Avoid shifts of negative values inflateMark().
|
||||
|
||||
There was a small optimization for PowerPCs to pre-increment a
|
||||
pointer when accessing a word, instead of post-incrementing. This
|
||||
required prefacing the loop with a decrement of the pointer,
|
||||
possibly pointing before the object passed. This is not compliant
|
||||
with the C standard, for which decrementing a pointer before its
|
||||
allocated memory is undefined. When tested on a modern PowerPC
|
||||
with a modern compiler, the optimization no longer has any effect.
|
||||
Due to all that, and per the recommendation of a security audit of
|
||||
the zlib code by Trail of Bits and TrustInSoft, in support of the
|
||||
Mozilla Foundation, this "optimization" was removed, in order to
|
||||
avoid the possibility of undefined behavior.
|
||||
The C standard says that bit shifts of negative integers is
|
||||
undefined. This casts to unsigned values to assure a known
|
||||
result.
|
||||
---
|
||||
crc32.c | 4 +---
|
||||
1 file changed, 1 insertion(+), 3 deletions(-)
|
||||
inflate.c | 5 +++--
|
||||
1 file changed, 3 insertions(+), 2 deletions(-)
|
||||
|
||||
diff --git a/crc32.c b/crc32.c
|
||||
index 979a719..05733f4 100644
|
||||
--- a/crc32.c
|
||||
+++ b/crc32.c
|
||||
@@ -278,7 +278,7 @@ local unsigned long crc32_little(crc, buf, len)
|
||||
diff --git a/inflate.c b/inflate.c
|
||||
index 2889e3a..a718416 100644
|
||||
--- a/inflate.c
|
||||
+++ b/inflate.c
|
||||
@@ -1506,9 +1506,10 @@ z_streamp strm;
|
||||
{
|
||||
struct inflate_state FAR *state;
|
||||
|
||||
- if (strm == Z_NULL || strm->state == Z_NULL) return -1L << 16;
|
||||
+ if (strm == Z_NULL || strm->state == Z_NULL)
|
||||
+ return (long)(((unsigned long)0 - 1) << 16);
|
||||
state = (struct inflate_state FAR *)strm->state;
|
||||
- return ((long)(state->back) << 16) +
|
||||
+ return (long)(((unsigned long)((long)state->back)) << 16) +
|
||||
(state->mode == COPY ? state->length :
|
||||
(state->mode == MATCH ? state->was - state->length : 0));
|
||||
}
|
||||
|
||||
/* ========================================================================= */
|
||||
-#define DOBIG4 c ^= *++buf4; \
|
||||
+#define DOBIG4 c ^= *buf4++; \
|
||||
c = crc_table[4][c & 0xff] ^ crc_table[5][(c >> 8) & 0xff] ^ \
|
||||
crc_table[6][(c >> 16) & 0xff] ^ crc_table[7][c >> 24]
|
||||
#define DOBIG32 DOBIG4; DOBIG4; DOBIG4; DOBIG4; DOBIG4; DOBIG4; DOBIG4; DOBIG4
|
||||
@@ -300,7 +300,6 @@ local unsigned long crc32_big(crc, buf, len)
|
||||
}
|
||||
|
||||
buf4 = (const z_crc_t FAR *)(const void FAR *)buf;
|
||||
- buf4--;
|
||||
while (len >= 32) {
|
||||
DOBIG32;
|
||||
len -= 32;
|
||||
@@ -309,7 +308,6 @@ local unsigned long crc32_big(crc, buf, len)
|
||||
DOBIG4;
|
||||
len -= 4;
|
||||
}
|
||||
- buf4++;
|
||||
buf = (const unsigned char FAR *)buf4;
|
||||
|
||||
if (len) do {
|
||||
|
49
zlib-bnc1013882.patch
Normal file
49
zlib-bnc1013882.patch
Normal file
@ -0,0 +1,49 @@
|
||||
From d1d577490c15a0c6862473d7576352a9f18ef811 Mon Sep 17 00:00:00 2001
|
||||
From: Mark Adler <madler@alumni.caltech.edu>
|
||||
Date: Wed, 28 Sep 2016 20:20:25 -0700
|
||||
Subject: [PATCH] Avoid pre-decrement of pointer in big-endian CRC calculation.
|
||||
|
||||
There was a small optimization for PowerPCs to pre-increment a
|
||||
pointer when accessing a word, instead of post-incrementing. This
|
||||
required prefacing the loop with a decrement of the pointer,
|
||||
possibly pointing before the object passed. This is not compliant
|
||||
with the C standard, for which decrementing a pointer before its
|
||||
allocated memory is undefined. When tested on a modern PowerPC
|
||||
with a modern compiler, the optimization no longer has any effect.
|
||||
Due to all that, and per the recommendation of a security audit of
|
||||
the zlib code by Trail of Bits and TrustInSoft, in support of the
|
||||
Mozilla Foundation, this "optimization" was removed, in order to
|
||||
avoid the possibility of undefined behavior.
|
||||
---
|
||||
crc32.c | 4 +---
|
||||
1 file changed, 1 insertion(+), 3 deletions(-)
|
||||
|
||||
diff --git a/crc32.c b/crc32.c
|
||||
index 979a719..05733f4 100644
|
||||
--- a/crc32.c
|
||||
+++ b/crc32.c
|
||||
@@ -278,7 +278,7 @@ local unsigned long crc32_little(crc, buf, len)
|
||||
}
|
||||
|
||||
/* ========================================================================= */
|
||||
-#define DOBIG4 c ^= *++buf4; \
|
||||
+#define DOBIG4 c ^= *buf4++; \
|
||||
c = crc_table[4][c & 0xff] ^ crc_table[5][(c >> 8) & 0xff] ^ \
|
||||
crc_table[6][(c >> 16) & 0xff] ^ crc_table[7][c >> 24]
|
||||
#define DOBIG32 DOBIG4; DOBIG4; DOBIG4; DOBIG4; DOBIG4; DOBIG4; DOBIG4; DOBIG4
|
||||
@@ -300,7 +300,6 @@ local unsigned long crc32_big(crc, buf, len)
|
||||
}
|
||||
|
||||
buf4 = (const z_crc_t FAR *)(const void FAR *)buf;
|
||||
- buf4--;
|
||||
while (len >= 32) {
|
||||
DOBIG32;
|
||||
len -= 32;
|
||||
@@ -309,7 +308,6 @@ local unsigned long crc32_big(crc, buf, len)
|
||||
DOBIG4;
|
||||
len -= 4;
|
||||
}
|
||||
- buf4++;
|
||||
buf = (const unsigned char FAR *)buf4;
|
||||
|
||||
if (len) do {
|
@ -1,11 +1,12 @@
|
||||
-------------------------------------------------------------------
|
||||
Sun Dec 4 12:47:51 UTC 2016 - tchvatal@suse.com
|
||||
|
||||
- Include fixes for bnc#1003580 bnc#1003579 bnc#1003577:
|
||||
- Include fixes for bnc#1003580 bnc#1003579 bnc#1003577 bnc#1013882:
|
||||
* zlib-bnc1003577.patch
|
||||
* zlib-bnc1003579-part2.patch
|
||||
* zlib-bnc1003579.patch
|
||||
* zlib-bnc1003580.patch
|
||||
* zlib-bnc1003580.patch refreshed
|
||||
* zlib-bnc1013882.patch CVE-2016-9843
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Thu Sep 24 20:21:46 UTC 2015 - jengelh@inai.de
|
||||
|
@ -37,6 +37,7 @@ Patch2: zlib-bnc1003577.patch
|
||||
Patch3: zlib-bnc1003579-part2.patch
|
||||
Patch4: zlib-bnc1003579.patch
|
||||
Patch5: zlib-bnc1003580.patch
|
||||
Patch6: zlib-bnc1013882.patch
|
||||
BuildRequires: autoconf
|
||||
BuildRequires: automake
|
||||
BuildRequires: libtool
|
||||
@ -124,6 +125,7 @@ developing applications which use minizip.
|
||||
%patch3 -p1
|
||||
%patch4 -p1
|
||||
%patch5 -p1
|
||||
%patch6 -p1
|
||||
|
||||
%build
|
||||
export LDFLAGS="-Wl,-z,relro,-z,now"
|
||||
|
Loading…
Reference in New Issue
Block a user