Accepting request 1151199 from devel:libraries:c_c++

OBS-URL: https://build.opensuse.org/request/show/1151199
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/zlib?expand=0&rev=92
This commit is contained in:
Ana Guerrero 2024-02-28 18:44:20 +00:00 committed by Git OBS Bridge
commit 84535d320c
8 changed files with 386 additions and 787 deletions

View File

@ -14,13 +14,13 @@ overflow on subsequent writes to zi->ci.central_header.
contrib/minizip/zip.c | 11 +++++++++++
1 file changed, 11 insertions(+)
diff --git a/contrib/minizip/zip.c b/contrib/minizip/zip.c
index 3d3d4cadd..0446109b2 100644
--- a/contrib/minizip/zip.c
+++ b/contrib/minizip/zip.c
@@ -1043,6 +1043,17 @@ extern int ZEXPORT zipOpenNewFileInZip4_64(zipFile file, const char* filename, c
return ZIP_PARAMERROR;
#endif
Index: zlib-1.3.1/contrib/minizip/zip.c
===================================================================
--- zlib-1.3.1.orig/contrib/minizip/zip.c
+++ zlib-1.3.1/contrib/minizip/zip.c
@@ -1054,6 +1054,17 @@ extern int ZEXPORT zipOpenNewFileInZip4_
if ((size_extrafield_local>0xffff) || (size_extrafield_global>0xffff))
return ZIP_PARAMERROR;
+ // The filename and comment length must fit in 16 bits.
+ if ((filename!=NULL) && (strlen(filename)>0xffff))

File diff suppressed because it is too large Load Diff

3
zlib-1.3.1.tar.gz Normal file
View File

@ -0,0 +1,3 @@
version https://git-lfs.github.com/spec/v1
oid sha256:9a93b2b7dfdac77ceba5a558a580e74667dd6fede4585b91eefb60f03b72df23
size 1512791

7
zlib-1.3.1.tar.gz.asc Normal file
View File

@ -0,0 +1,7 @@
-----BEGIN PGP SIGNATURE-----
Comment: GPGTools - http://gpgtools.org
iF0EABECAB0WIQRe1GpnIdNlWHeR4qp4P82OWLyvugUCZa7ENwAKCRB4P82OWLyv
untOAKCWHAR69MZ1xGZZ6h267NtYuRVq5wCfe24DfJii/TvcNxt5XTNgn+bufoc=
=KZjh
-----END PGP SIGNATURE-----

View File

@ -1,3 +0,0 @@
version https://git-lfs.github.com/spec/v1
oid sha256:ff0ba4c292013dbc27530b3a81e1f9a813cd39de01ca5e0f8bf355702efa593e
size 1495873

View File

@ -1,7 +0,0 @@
-----BEGIN PGP SIGNATURE-----
Comment: GPGTools - http://gpgtools.org
iF0EABECAB0WIQRe1GpnIdNlWHeR4qp4P82OWLyvugUCZN8+EgAKCRB4P82OWLyv
usBmAKC6ixPJLSVYgQivrqK4KBw4gTGFGwCgxJ9SfDFGqI3uqjyR99/13L7vn3o=
=TwN5
-----END PGP SIGNATURE-----

View File

@ -1,3 +1,23 @@
-------------------------------------------------------------------
Mon Feb 26 11:08:33 UTC 2024 - Danilo Spinella <danilo.spinella@suse.com>
- Use %autopatch instead of %patch
-------------------------------------------------------------------
Fri Feb 23 14:17:22 UTC 2024 - Danilo Spinella <danilo.spinella@suse.com>
- Update to 1.3.1:
* Reject overflows of zip header fields in minizip
* Fix bug in inflateSync() for data held in bit buffer
* Add LIT_MEM define to use more memory for a small deflate speedup
* Fix decision on the emission of Zip64 end records in minizip
* Add bounds checking to ERR_MSG() macro, used by zError()
* Neutralize zip file traversal attacks in miniunz
* Fix a bug in ZLIB_DEBUG compiles in check_match()
- Update pacthes:
* CVE-2023-45853.patch
* zlib-1.3-IBM-Z-hw-accelerated-deflate-s390x.patch
-------------------------------------------------------------------
Tue Feb 20 12:10:46 UTC 2024 - Dominique Leuenberger <dimstar@opensuse.org>

View File

@ -1,7 +1,7 @@
#
# spec file for package zlib
#
# Copyright (c) 2023 SUSE LLC
# Copyright (c) 2024 SUSE LLC
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
@ -17,7 +17,7 @@
Name: zlib
Version: 1.3
Version: 1.3.1
Release: 0
Summary: Library implementing the DEFLATE compression algorithm
License: Zlib
@ -135,16 +135,10 @@ It should exit 0
%prep
%setup -q
%patch -P 1
%patch -P 2 -p1
%patch -P 3 -p1
%patch -P 4 -p1
%patch -P 6 -p1
%patch -P 7 -p1
%patch -P 8
%patch -P 10 -p1
%patch -P 11 -p1
%patch -P 12 -p1
%autopatch -M 1
%autopatch -m 2 -M 7 -p1
%autopatch -m 8 -M 8
%autopatch -m 10 -p1
cp %{SOURCE4} .
%build
@ -207,7 +201,7 @@ find %{buildroot} -type f -name "*.la" -delete -print
%files -n libz1
%license LICENSE
%{_libdir}/libz.so.1.3
%{_libdir}/libz.so.1.3.1
%{_libdir}/libz.so.1
%files devel