2a16479848
- Update to 1.2.12:
* A lot of bug fixes
* Improve speed of crc32 functions
* Use ARM crc32 instructions if the ARM architecture has them
For the complete changes, see ChangeLog
- Fixes CVE-2022-37434, heap-based buffer over-read or buffer overflow in
inflate.c via a large gzip header extra field
(CVE-2022-37434, bsc#1202175)
- Added patches:
* zlib-1.2.11-covscan-issues-rhel9.patch
* zlib-1.2.11-covscan-issues.patch
* zlib-1.2.12-s390-vectorize-crc32.patch
* zlib-1.2.12-optimized-crc32-power8.patch
* zlib-1.2.12-IBM-Z-hw-accelerated-deflate-s390x.patch
* zlib-1.2.12-fix-configure.patch
* zlib-1.2.12-correct-inputs-provided-to-crc-func.patch
* zlib-1.2.12-fix-CVE-2022-37434.patch
- Removed patches:
* bsc1197459.patch (upstreamed)
* zlib-power8-fate325307.patch
(replaced by zlib-1.2.12-optimized-crc32-power8.patch)
* bsc1174736-DFLTCC_LEVEL_MASK-set-to-0x1ff.patch
(replaced by zlib-1.2.12-IBM-Z-hw-accelrated-deflate-s390x.patch)
* 410.patch
(replaced by zlib-1.2.12-IBM-Z-hw-accelrated-deflate-s390x.patch)
- Refreshed patches:
* zlib-format.patch
* zlib-no-version-check.patch
- Disable profiling since it breaks tests
- Update zlib-rpmlintrc
OBS-URL: https://build.opensuse.org/request/show/1000394
OBS-URL: https://build.opensuse.org/package/show/devel:libraries:c_c++/zlib?expand=0&rev=79
29 lines
708 B
Diff
29 lines
708 B
Diff
From a7d3c3076dc316f1408f56af86a72a17fcfdf5dd Mon Sep 17 00:00:00 2001
|
|
From: Ilya Leoshkevich <iii@linux.ibm.com>
|
|
Date: Wed, 27 Apr 2022 14:37:54 +0200
|
|
Subject: [PATCH] zlib-1.2.11-covscan-issues-rhel9.patch
|
|
|
|
---
|
|
contrib/minizip/mztools.c | 8 ++++++++
|
|
1 file changed, 8 insertions(+)
|
|
|
|
diff --git a/contrib/minizip/mztools.c b/contrib/minizip/mztools.c
|
|
index 96891c2e0..1197928a7 100644
|
|
--- a/contrib/minizip/mztools.c
|
|
+++ b/contrib/minizip/mztools.c
|
|
@@ -286,6 +286,14 @@ uLong* bytesRecovered;
|
|
}
|
|
} else {
|
|
err = Z_STREAM_ERROR;
|
|
+ if(fpZip != NULL)
|
|
+ fclose(fpZip);
|
|
+
|
|
+ if(fpOut != NULL)
|
|
+ fclose(fpOut);
|
|
+
|
|
+ if(fpOutCD != NULL)
|
|
+ fclose(fpOutCD);
|
|
}
|
|
return err;
|
|
}
|