Accepting request 1151199 from devel:libraries:c_c++

OBS-URL: https://build.opensuse.org/request/show/1151199
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/zlib?expand=0&rev=92

CVE-2023-45853.patch

@@ -14,13 +14,13 @@ overflow on subsequent writes to zi->ci.central_header.
  contrib/minizip/zip.c | 11 +++++++++++
  1 file changed, 11 insertions(+)
 
-diff --git a/contrib/minizip/zip.c b/contrib/minizip/zip.c
-index 3d3d4cadd..0446109b2 100644
---- a/contrib/minizip/zip.c
-+++ b/contrib/minizip/zip.c
-@@ -1043,6 +1043,17 @@ extern int ZEXPORT zipOpenNewFileInZip4_64(zipFile file, const char* filename, c
-       return ZIP_PARAMERROR;
- #endif
+Index: zlib-1.3.1/contrib/minizip/zip.c
+===================================================================
+--- zlib-1.3.1.orig/contrib/minizip/zip.c
++++ zlib-1.3.1/contrib/minizip/zip.c
+@@ -1054,6 +1054,17 @@ extern int ZEXPORT zipOpenNewFileInZip4_
+     if ((size_extrafield_local>0xffff) || (size_extrafield_global>0xffff))
+         return ZIP_PARAMERROR;
  
 +    // The filename and comment length must fit in 16 bits.
 +    if ((filename!=NULL) && (strlen(filename)>0xffff))

zlib-1.3.1.tar.gz

@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:9a93b2b7dfdac77ceba5a558a580e74667dd6fede4585b91eefb60f03b72df23
+size 1512791

zlib-1.3.1.tar.gz.asc

@@ -0,0 +1,7 @@
+-----BEGIN PGP SIGNATURE-----
+Comment: GPGTools - http://gpgtools.org
+
+iF0EABECAB0WIQRe1GpnIdNlWHeR4qp4P82OWLyvugUCZa7ENwAKCRB4P82OWLyv
+untOAKCWHAR69MZ1xGZZ6h267NtYuRVq5wCfe24DfJii/TvcNxt5XTNgn+bufoc=
+=KZjh
+-----END PGP SIGNATURE-----

zlib-1.3.tar.gz

@@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:ff0ba4c292013dbc27530b3a81e1f9a813cd39de01ca5e0f8bf355702efa593e
-size 1495873

zlib-1.3.tar.gz.asc

@@ -1,7 +0,0 @@
------BEGIN PGP SIGNATURE-----
-Comment: GPGTools - http://gpgtools.org
-
-iF0EABECAB0WIQRe1GpnIdNlWHeR4qp4P82OWLyvugUCZN8+EgAKCRB4P82OWLyv
-usBmAKC6ixPJLSVYgQivrqK4KBw4gTGFGwCgxJ9SfDFGqI3uqjyR99/13L7vn3o=
-=TwN5
------END PGP SIGNATURE-----

zlib.changes

@@ -1,3 +1,23 @@
+-------------------------------------------------------------------
+Mon Feb 26 11:08:33 UTC 2024 - Danilo Spinella <danilo.spinella@suse.com>
+
+- Use %autopatch instead of %patch
+
+-------------------------------------------------------------------
+Fri Feb 23 14:17:22 UTC 2024 - Danilo Spinella <danilo.spinella@suse.com>
+
+- Update to 1.3.1:
+  * Reject overflows of zip header fields in minizip
+  * Fix bug in inflateSync() for data held in bit buffer
+  * Add LIT_MEM define to use more memory for a small deflate speedup
+  * Fix decision on the emission of Zip64 end records in minizip
+  * Add bounds checking to ERR_MSG() macro, used by zError()
+  * Neutralize zip file traversal attacks in miniunz
+  * Fix a bug in ZLIB_DEBUG compiles in check_match()
+- Update pacthes:
+  * CVE-2023-45853.patch
+  * zlib-1.3-IBM-Z-hw-accelerated-deflate-s390x.patch
+
 -------------------------------------------------------------------
 Tue Feb 20 12:10:46 UTC 2024 - Dominique Leuenberger <dimstar@opensuse.org>
 

zlib.spec

@@ -1,7 +1,7 @@
 #
 # spec file for package zlib
 #
-# Copyright (c) 2023 SUSE LLC
+# Copyright (c) 2024 SUSE LLC
 #
 # All modifications and additions to the file contributed by third parties
 # remain the property of their copyright owners, unless otherwise agreed
@@ -17,7 +17,7 @@
 
 
 Name:           zlib
-Version:        1.3
+Version:        1.3.1
 Release:        0
 Summary:        Library implementing the DEFLATE compression algorithm
 License:        Zlib
@@ -135,16 +135,10 @@ It should exit 0
 
 %prep
 %setup -q
-%patch -P 1
-%patch -P 2 -p1
-%patch -P 3 -p1
-%patch -P 4 -p1
-%patch -P 6 -p1
-%patch -P 7 -p1
-%patch -P 8
-%patch -P 10 -p1
-%patch -P 11 -p1
-%patch -P 12 -p1
+%autopatch -M 1
+%autopatch -m 2 -M 7 -p1
+%autopatch -m 8 -M 8
+%autopatch -m 10 -p1
 cp %{SOURCE4} .
 
 %build
@@ -207,7 +201,7 @@ find %{buildroot} -type f -name "*.la" -delete -print
 
 %files -n libz1
 %license LICENSE
-%{_libdir}/libz.so.1.3
+%{_libdir}/libz.so.1.3.1
 %{_libdir}/libz.so.1
 
 %files devel