2a16479848
- Update to 1.2.12:
* A lot of bug fixes
* Improve speed of crc32 functions
* Use ARM crc32 instructions if the ARM architecture has them
For the complete changes, see ChangeLog
- Fixes CVE-2022-37434, heap-based buffer over-read or buffer overflow in
inflate.c via a large gzip header extra field
(CVE-2022-37434, bsc#1202175)
- Added patches:
* zlib-1.2.11-covscan-issues-rhel9.patch
* zlib-1.2.11-covscan-issues.patch
* zlib-1.2.12-s390-vectorize-crc32.patch
* zlib-1.2.12-optimized-crc32-power8.patch
* zlib-1.2.12-IBM-Z-hw-accelerated-deflate-s390x.patch
* zlib-1.2.12-fix-configure.patch
* zlib-1.2.12-correct-inputs-provided-to-crc-func.patch
* zlib-1.2.12-fix-CVE-2022-37434.patch
- Removed patches:
* bsc1197459.patch (upstreamed)
* zlib-power8-fate325307.patch
(replaced by zlib-1.2.12-optimized-crc32-power8.patch)
* bsc1174736-DFLTCC_LEVEL_MASK-set-to-0x1ff.patch
(replaced by zlib-1.2.12-IBM-Z-hw-accelrated-deflate-s390x.patch)
* 410.patch
(replaced by zlib-1.2.12-IBM-Z-hw-accelrated-deflate-s390x.patch)
- Refreshed patches:
* zlib-format.patch
* zlib-no-version-check.patch
- Disable profiling since it breaks tests
- Update zlib-rpmlintrc
OBS-URL: https://build.opensuse.org/request/show/1000394
OBS-URL: https://build.opensuse.org/package/show/devel:libraries:c_c++/zlib?expand=0&rev=79
15 lines
782 B
Diff
15 lines
782 B
Diff
--- zlib-1.2.12/inflate.c.old 2022-08-09 10:30:18.831225181 +0000
|
|
+++ zlib-1.2.12/inflate.c 2022-08-09 10:29:33.251225181 +0000
|
|
@@ -792,8 +792,9 @@ int flush;
|
|
if (copy > have) copy = have;
|
|
if (copy) {
|
|
if (state->head != Z_NULL &&
|
|
- state->head->extra != Z_NULL) {
|
|
- len = state->head->extra_len - state->length;
|
|
+ state->head->extra != Z_NULL &&
|
|
+ (len = state->head->extra_len - state->length) <
|
|
+ state->head->extra_max) {
|
|
zmemcpy(state->head->extra + len, next,
|
|
len + copy > state->head->extra_max ?
|
|
state->head->extra_max - len : copy);
|