diff --git a/0001-Fix-configure-issue-that-discarded-provided-CC-defin.patch b/0001-Fix-configure-issue-that-discarded-provided-CC-defin.patch deleted file mode 100644 index 9e56c65afa811e8c7ea769928cec9375112fb84d..0000000000000000000000000000000000000000 --- a/0001-Fix-configure-issue-that-discarded-provided-CC-defin.patch +++ /dev/null @@ -1,27 +0,0 @@ -From 05796d3d8d5546cf1b4dfe2cd72ab746afae505d Mon Sep 17 00:00:00 2001 -From: Mark Adler -Date: Mon, 28 Mar 2022 18:34:10 -0700 -Subject: [PATCH] Fix configure issue that discarded provided CC definition. - ---- - configure | 3 +++ - 1 file changed, 3 insertions(+) - -diff --git a/configure b/configure -index 52ff4a0..3fa3e86 100755 ---- a/configure -+++ b/configure -@@ -174,7 +174,10 @@ if test -z "$CC"; then - else - cc=${CROSS_PREFIX}cc - fi -+else -+ cc=${CC} - fi -+ - cflags=${CFLAGS-"-O3"} - # to force the asm version use: CFLAGS="-O3 -DASMV" ./configure - case "$cc" in --- -2.19.1.6.gb485710b - diff --git a/0002-Correct-incorrect-inputs-provided-to-the-CRC-functio.patch b/0002-Correct-incorrect-inputs-provided-to-the-CRC-functio.patch deleted file mode 100644 index d243528ce68234b178be135e1ff6a2909b657b91..0000000000000000000000000000000000000000 --- a/0002-Correct-incorrect-inputs-provided-to-the-CRC-functio.patch +++ /dev/null @@ -1,54 +0,0 @@ -From ec3df00224d4b396e2ac6586ab5d25f673caa4c2 Mon Sep 17 00:00:00 2001 -From: Mark Adler -Date: Wed, 30 Mar 2022 11:14:53 -0700 -Subject: [PATCH] Correct incorrect inputs provided to the CRC functions. - -The previous releases of zlib were not sensitive to incorrect CRC -inputs with bits set above the low 32. This commit restores that -behavior, so that applications with such bugs will continue to -operate as before. ---- - crc32.c | 8 ++++---- - 1 file changed, 4 insertions(+), 4 deletions(-) - -diff --git a/crc32.c b/crc32.c -index a1bdce5..451887b 100644 ---- a/crc32.c -+++ b/crc32.c -@@ -630,7 +630,7 @@ unsigned long ZEXPORT crc32_z(crc, buf, len) - #endif /* DYNAMIC_CRC_TABLE */ - - /* Pre-condition the CRC */ -- crc ^= 0xffffffff; -+ crc = (~crc) & 0xffffffff; - - /* Compute the CRC up to a word boundary. */ - while (len && ((z_size_t)buf & 7) != 0) { -@@ -749,7 +749,7 @@ unsigned long ZEXPORT crc32_z(crc, buf, len) - #endif /* DYNAMIC_CRC_TABLE */ - - /* Pre-condition the CRC */ -- crc ^= 0xffffffff; -+ crc = (~crc) & 0xffffffff; - - #ifdef W - -@@ -1077,7 +1077,7 @@ uLong ZEXPORT crc32_combine64(crc1, crc2, len2) - #ifdef DYNAMIC_CRC_TABLE - once(&made, make_crc_table); - #endif /* DYNAMIC_CRC_TABLE */ -- return multmodp(x2nmodp(len2, 3), crc1) ^ crc2; -+ return multmodp(x2nmodp(len2, 3), crc1) ^ (crc2 & 0xffffffff); - } - - /* ========================================================================= */ -@@ -1112,5 +1112,5 @@ uLong crc32_combine_op(crc1, crc2, op) - uLong crc2; - uLong op; - { -- return multmodp(op, crc1) ^ crc2; -+ return multmodp(op, crc1) ^ (crc2 & 0xffffffff); - } --- -2.19.1.6.gb485710b - diff --git a/0003-Fix-a-bug-when-getting-a-gzip-header-extra-field-wit.patch b/0003-Fix-a-bug-when-getting-a-gzip-header-extra-field-wit.patch deleted file mode 100644 index 26616b3e6e4b24751f69441cc66a48796a0eb446..0000000000000000000000000000000000000000 --- a/0003-Fix-a-bug-when-getting-a-gzip-header-extra-field-wit.patch +++ /dev/null @@ -1,35 +0,0 @@ -From eff308af425b67093bab25f80f1ae950166bece1 Mon Sep 17 00:00:00 2001 -From: Mark Adler -Date: Sat, 30 Jul 2022 15:51:11 -0700 -Subject: [PATCH] Fix a bug when getting a gzip header extra field with - inflate(). - -If the extra field was larger than the space the user provided with -inflateGetHeader(), and if multiple calls of inflate() delivered -the extra header data, then there could be a buffer overflow of the -provided space. This commit assures that provided space is not -exceeded. ---- - inflate.c | 5 +++-- - 1 file changed, 3 insertions(+), 2 deletions(-) - -diff --git a/inflate.c b/inflate.c -index 7be8c63..7a72897 100644 ---- a/inflate.c -+++ b/inflate.c -@@ -763,9 +763,10 @@ int flush; - copy = state->length; - if (copy > have) copy = have; - if (copy) { -+ len = state->head->extra_len - state->length; - if (state->head != Z_NULL && -- state->head->extra != Z_NULL) { -- len = state->head->extra_len - state->length; -+ state->head->extra != Z_NULL && -+ len < state->head->extra_max) { - zmemcpy(state->head->extra + len, next, - len + copy > state->head->extra_max ? - state->head->extra_max - len : copy); --- -2.19.1.6.gb485710b - diff --git a/0004-Fix-extra-field-processing-bug-that-dereferences-NUL.patch b/0004-Fix-extra-field-processing-bug-that-dereferences-NUL.patch deleted file mode 100644 index e7d1b560de86ed4b5aa64ba4246b5cacd299a477..0000000000000000000000000000000000000000 --- a/0004-Fix-extra-field-processing-bug-that-dereferences-NUL.patch +++ /dev/null @@ -1,32 +0,0 @@ -From 1eb7682f845ac9e9bf9ae35bbfb3bad5dacbd91d Mon Sep 17 00:00:00 2001 -From: Mark Adler -Date: Mon, 8 Aug 2022 10:50:09 -0700 -Subject: [PATCH] Fix extra field processing bug that dereferences NULL - state->head. - -The recent commit to fix a gzip header extra field processing bug -introduced the new bug fixed here. ---- - inflate.c | 4 ++-- - 1 file changed, 2 insertions(+), 2 deletions(-) - -diff --git a/inflate.c b/inflate.c -index 7a72897..2a3c4fe 100644 ---- a/inflate.c -+++ b/inflate.c -@@ -763,10 +763,10 @@ int flush; - copy = state->length; - if (copy > have) copy = have; - if (copy) { -- len = state->head->extra_len - state->length; - if (state->head != Z_NULL && - state->head->extra != Z_NULL && -- len < state->head->extra_max) { -+ (len = state->head->extra_len - state->length) < -+ state->head->extra_max) { - zmemcpy(state->head->extra + len, next, - len + copy > state->head->extra_max ? - state->head->extra_max - len : copy); --- -2.19.1.6.gb485710b - diff --git a/zlib-1.2.12.tar.xz b/zlib-1.2.12.tar.xz deleted file mode 100644 index f7b33e79d92d68f9686975bcd424acda5e0cef87..0000000000000000000000000000000000000000 Binary files a/zlib-1.2.12.tar.xz and /dev/null differ diff --git a/zlib-1.2.13.tar.xz b/zlib-1.2.13.tar.xz new file mode 100644 index 0000000000000000000000000000000000000000..c01659e5852d0d97ea690c0149293be33e16f37b Binary files /dev/null and b/zlib-1.2.13.tar.xz differ diff --git a/zlib.spec b/zlib.spec index 79cdc708669b4ec3561eaba58ca1293e96a08afa..ad0d451ea2e23f4b8d0b538f7a2c67adfac88aa7 100644 --- a/zlib.spec +++ b/zlib.spec @@ -1,19 +1,12 @@ -%define anolis_release 3 +%define anolis_release 1 Name: zlib -Version: 1.2.12 +Version: 1.2.13 Release: %{anolis_release}%{?dist} Summary: Compression and decompression library License: zlib and Boost URL: https://www.zlib.net/ Source0: https://zlib.net/zlib-%{version}.tar.xz -# patches from upstream -Patch1: 0001-Fix-configure-issue-that-discarded-provided-CC-defin.patch -Patch2: 0002-Correct-incorrect-inputs-provided-to-the-CRC-functio.patch -# CVE-2022-37434 -Patch3: 0003-Fix-a-bug-when-getting-a-gzip-header-extra-field-wit.patch -Patch4: 0004-Fix-extra-field-processing-bug-that-dereferences-NUL.patch - BuildRequires: make automake autoconf libtool %description @@ -86,7 +79,6 @@ make test %make_install -C contrib/minizip -find $RPM_BUILD_ROOT -name '*.la' -delete %generate_compatibility_deps %files @@ -123,6 +115,9 @@ find $RPM_BUILD_ROOT -name '*.la' -delete %changelog +* Tue Oct 18 2022 Funda Wang - 1.2.13-1 +- New version 1.2.13 + * Fri Oct 14 2022 Chunmei Xu - 1.2.12-3 - optimise spec file