Accepting request 1149966 from home:dspinella:branches:devel:libraries:c_c++
- Update to 1.3.1: * Reject overflows of zip header fields in minizip * Fix bug in inflateSync() for data held in bit buffer * Add LIT_MEM define to use more memory for a small deflate speedup * Fix decision on the emission of Zip64 end records in minizip * Add bounds checking to ERR_MSG() macro, used by zError() * Neutralize zip file traversal attacks in miniunz * Fix a bug in ZLIB_DEBUG compiles in check_match() - Update pacthes: * CVE-2023-45853.patch * zlib-1.3-IBM-Z-hw-accelerated-deflate-s390x.patch OBS-URL: https://build.opensuse.org/request/show/1149966 OBS-URL: https://build.opensuse.org/package/show/devel:libraries:c_c++/zlib?expand=0&rev=99
This commit is contained in:
parent
7598c27dca
commit
fbc541705e
@ -14,13 +14,13 @@ overflow on subsequent writes to zi->ci.central_header.
|
||||
contrib/minizip/zip.c | 11 +++++++++++
|
||||
1 file changed, 11 insertions(+)
|
||||
|
||||
diff --git a/contrib/minizip/zip.c b/contrib/minizip/zip.c
|
||||
index 3d3d4cadd..0446109b2 100644
|
||||
--- a/contrib/minizip/zip.c
|
||||
+++ b/contrib/minizip/zip.c
|
||||
@@ -1043,6 +1043,17 @@ extern int ZEXPORT zipOpenNewFileInZip4_64(zipFile file, const char* filename, c
|
||||
Index: zlib-1.3.1/contrib/minizip/zip.c
|
||||
===================================================================
|
||||
--- zlib-1.3.1.orig/contrib/minizip/zip.c
|
||||
+++ zlib-1.3.1/contrib/minizip/zip.c
|
||||
@@ -1054,6 +1054,17 @@ extern int ZEXPORT zipOpenNewFileInZip4_
|
||||
if ((size_extrafield_local>0xffff) || (size_extrafield_global>0xffff))
|
||||
return ZIP_PARAMERROR;
|
||||
#endif
|
||||
|
||||
+ // The filename and comment length must fit in 16 bits.
|
||||
+ if ((filename!=NULL) && (strlen(filename)>0xffff))
|
||||
|
File diff suppressed because it is too large
Load Diff
3
zlib-1.3.1.tar.gz
Normal file
3
zlib-1.3.1.tar.gz
Normal file
@ -0,0 +1,3 @@
|
||||
version https://git-lfs.github.com/spec/v1
|
||||
oid sha256:9a93b2b7dfdac77ceba5a558a580e74667dd6fede4585b91eefb60f03b72df23
|
||||
size 1512791
|
7
zlib-1.3.1.tar.gz.asc
Normal file
7
zlib-1.3.1.tar.gz.asc
Normal file
@ -0,0 +1,7 @@
|
||||
-----BEGIN PGP SIGNATURE-----
|
||||
Comment: GPGTools - http://gpgtools.org
|
||||
|
||||
iF0EABECAB0WIQRe1GpnIdNlWHeR4qp4P82OWLyvugUCZa7ENwAKCRB4P82OWLyv
|
||||
untOAKCWHAR69MZ1xGZZ6h267NtYuRVq5wCfe24DfJii/TvcNxt5XTNgn+bufoc=
|
||||
=KZjh
|
||||
-----END PGP SIGNATURE-----
|
@ -1,3 +0,0 @@
|
||||
version https://git-lfs.github.com/spec/v1
|
||||
oid sha256:ff0ba4c292013dbc27530b3a81e1f9a813cd39de01ca5e0f8bf355702efa593e
|
||||
size 1495873
|
@ -1,7 +0,0 @@
|
||||
-----BEGIN PGP SIGNATURE-----
|
||||
Comment: GPGTools - http://gpgtools.org
|
||||
|
||||
iF0EABECAB0WIQRe1GpnIdNlWHeR4qp4P82OWLyvugUCZN8+EgAKCRB4P82OWLyv
|
||||
usBmAKC6ixPJLSVYgQivrqK4KBw4gTGFGwCgxJ9SfDFGqI3uqjyR99/13L7vn3o=
|
||||
=TwN5
|
||||
-----END PGP SIGNATURE-----
|
15
zlib.changes
15
zlib.changes
@ -1,3 +1,18 @@
|
||||
-------------------------------------------------------------------
|
||||
Fri Feb 23 14:17:22 UTC 2024 - Danilo Spinella <danilo.spinella@suse.com>
|
||||
|
||||
- Update to 1.3.1:
|
||||
* Reject overflows of zip header fields in minizip
|
||||
* Fix bug in inflateSync() for data held in bit buffer
|
||||
* Add LIT_MEM define to use more memory for a small deflate speedup
|
||||
* Fix decision on the emission of Zip64 end records in minizip
|
||||
* Add bounds checking to ERR_MSG() macro, used by zError()
|
||||
* Neutralize zip file traversal attacks in miniunz
|
||||
* Fix a bug in ZLIB_DEBUG compiles in check_match()
|
||||
- Update pacthes:
|
||||
* CVE-2023-45853.patch
|
||||
* zlib-1.3-IBM-Z-hw-accelerated-deflate-s390x.patch
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Tue Feb 20 12:10:46 UTC 2024 - Dominique Leuenberger <dimstar@opensuse.org>
|
||||
|
||||
|
@ -1,7 +1,7 @@
|
||||
#
|
||||
# spec file for package zlib
|
||||
#
|
||||
# Copyright (c) 2023 SUSE LLC
|
||||
# Copyright (c) 2024 SUSE LLC
|
||||
#
|
||||
# All modifications and additions to the file contributed by third parties
|
||||
# remain the property of their copyright owners, unless otherwise agreed
|
||||
@ -17,7 +17,7 @@
|
||||
|
||||
|
||||
Name: zlib
|
||||
Version: 1.3
|
||||
Version: 1.3.1
|
||||
Release: 0
|
||||
Summary: Library implementing the DEFLATE compression algorithm
|
||||
License: Zlib
|
||||
@ -207,7 +207,7 @@ find %{buildroot} -type f -name "*.la" -delete -print
|
||||
|
||||
%files -n libz1
|
||||
%license LICENSE
|
||||
%{_libdir}/libz.so.1.3
|
||||
%{_libdir}/libz.so.1.3.1
|
||||
%{_libdir}/libz.so.1
|
||||
|
||||
%files devel
|
||||
|
Loading…
Reference in New Issue
Block a user