Accepting request 1149966 from home:dspinella:branches:devel:libraries:c_c++

- Update to 1.3.1:
  * Reject overflows of zip header fields in minizip
  * Fix bug in inflateSync() for data held in bit buffer
  * Add LIT_MEM define to use more memory for a small deflate speedup
  * Fix decision on the emission of Zip64 end records in minizip
  * Add bounds checking to ERR_MSG() macro, used by zError()
  * Neutralize zip file traversal attacks in miniunz
  * Fix a bug in ZLIB_DEBUG compiles in check_match()
- Update pacthes:
  * CVE-2023-45853.patch
  * zlib-1.3-IBM-Z-hw-accelerated-deflate-s390x.patch

OBS-URL: https://build.opensuse.org/request/show/1149966
OBS-URL: https://build.opensuse.org/package/show/devel:libraries:c_c++/zlib?expand=0&rev=99
This commit is contained in:
Danilo Spinella 2024-02-26 11:03:17 +00:00 committed by Git OBS Bridge
parent 7598c27dca
commit fbc541705e
8 changed files with 377 additions and 777 deletions

View File

@ -14,13 +14,13 @@ overflow on subsequent writes to zi->ci.central_header.
contrib/minizip/zip.c | 11 +++++++++++
1 file changed, 11 insertions(+)
diff --git a/contrib/minizip/zip.c b/contrib/minizip/zip.c
index 3d3d4cadd..0446109b2 100644
--- a/contrib/minizip/zip.c
+++ b/contrib/minizip/zip.c
@@ -1043,6 +1043,17 @@ extern int ZEXPORT zipOpenNewFileInZip4_64(zipFile file, const char* filename, c
Index: zlib-1.3.1/contrib/minizip/zip.c
===================================================================
--- zlib-1.3.1.orig/contrib/minizip/zip.c
+++ zlib-1.3.1/contrib/minizip/zip.c
@@ -1054,6 +1054,17 @@ extern int ZEXPORT zipOpenNewFileInZip4_
if ((size_extrafield_local>0xffff) || (size_extrafield_global>0xffff))
return ZIP_PARAMERROR;
#endif
+ // The filename and comment length must fit in 16 bits.
+ if ((filename!=NULL) && (strlen(filename)>0xffff))

File diff suppressed because it is too large Load Diff

3
zlib-1.3.1.tar.gz Normal file
View File

@ -0,0 +1,3 @@
version https://git-lfs.github.com/spec/v1
oid sha256:9a93b2b7dfdac77ceba5a558a580e74667dd6fede4585b91eefb60f03b72df23
size 1512791

7
zlib-1.3.1.tar.gz.asc Normal file
View File

@ -0,0 +1,7 @@
-----BEGIN PGP SIGNATURE-----
Comment: GPGTools - http://gpgtools.org
iF0EABECAB0WIQRe1GpnIdNlWHeR4qp4P82OWLyvugUCZa7ENwAKCRB4P82OWLyv
untOAKCWHAR69MZ1xGZZ6h267NtYuRVq5wCfe24DfJii/TvcNxt5XTNgn+bufoc=
=KZjh
-----END PGP SIGNATURE-----

View File

@ -1,3 +0,0 @@
version https://git-lfs.github.com/spec/v1
oid sha256:ff0ba4c292013dbc27530b3a81e1f9a813cd39de01ca5e0f8bf355702efa593e
size 1495873

View File

@ -1,7 +0,0 @@
-----BEGIN PGP SIGNATURE-----
Comment: GPGTools - http://gpgtools.org
iF0EABECAB0WIQRe1GpnIdNlWHeR4qp4P82OWLyvugUCZN8+EgAKCRB4P82OWLyv
usBmAKC6ixPJLSVYgQivrqK4KBw4gTGFGwCgxJ9SfDFGqI3uqjyR99/13L7vn3o=
=TwN5
-----END PGP SIGNATURE-----

View File

@ -1,3 +1,18 @@
-------------------------------------------------------------------
Fri Feb 23 14:17:22 UTC 2024 - Danilo Spinella <danilo.spinella@suse.com>
- Update to 1.3.1:
* Reject overflows of zip header fields in minizip
* Fix bug in inflateSync() for data held in bit buffer
* Add LIT_MEM define to use more memory for a small deflate speedup
* Fix decision on the emission of Zip64 end records in minizip
* Add bounds checking to ERR_MSG() macro, used by zError()
* Neutralize zip file traversal attacks in miniunz
* Fix a bug in ZLIB_DEBUG compiles in check_match()
- Update pacthes:
* CVE-2023-45853.patch
* zlib-1.3-IBM-Z-hw-accelerated-deflate-s390x.patch
-------------------------------------------------------------------
Tue Feb 20 12:10:46 UTC 2024 - Dominique Leuenberger <dimstar@opensuse.org>

View File

@ -1,7 +1,7 @@
#
# spec file for package zlib
#
# Copyright (c) 2023 SUSE LLC
# Copyright (c) 2024 SUSE LLC
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
@ -17,7 +17,7 @@
Name: zlib
Version: 1.3
Version: 1.3.1
Release: 0
Summary: Library implementing the DEFLATE compression algorithm
License: Zlib
@ -207,7 +207,7 @@ find %{buildroot} -type f -name "*.la" -delete -print
%files -n libz1
%license LICENSE
%{_libdir}/libz.so.1.3
%{_libdir}/libz.so.1.3.1
%{_libdir}/libz.so.1
%files devel