packages/zlib
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

modify patch info for CVE-2018-25032

Browse Source
This commit is contained in:
weiwei_tiantian 2022-04-18 15:38:54 +08:00
parent d547cd80fd
commit 3f45522172
3 changed files with 32 additions and 9 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

28
backport-0001-CVE-2018-25032.patch
View File

@ -1,7 +1,27 @@
From cd2717661543a0d2318b2aa99f0044f108dd6705 Mon Sep 17 00:00:00 2001 From 5c44459c3b28a9bd3283aaceab7c615f8020c531 Mon Sep 17 00:00:00 2001
From: root <root@localhost.localdomain> From: Mark Adler <madler@alumni.caltech.edu>
Date: Wed, 13 Apr 2022 17:06:42 +0800 Date: Tue, 17 Apr 2018 22:09:22 -0700
Subject: [PATCH] zlib-1 Subject: [PATCH] Fix a bug that can crash deflate on some input when using
Z_FIXED.
This bug was reported by Danilo Ramos of Eideticom, Inc. It has
lain in wait 13 years before being found! The bug was introduced
in zlib 1.2.2.2, with the addition of the Z_FIXED option. That
option forces the use of fixed Huffman codes. For rare inputs with
a large number of distant matches, the pending buffer into which
the compressed data is written can overwrite the distance symbol
table which it overlays. That results in corrupted output due to
invalid distances, and can result in out-of-bound accesses,
crashing the application.
The fix here combines the distance buffer and literal/length
buffers into a single symbol buffer. Now three bytes of pending
buffer space are opened up for each literal or length/distance
pair consumed, instead of the previous two bytes. This assures
that the pending buffer cannot overwrite the symbol table, since
the maximum fixed code compressed length/distance is 31 bits, and
since there are four bytes of pending space for every three bytes
of symbol space.
--- ---
deflate.c | 74 ++++++++++++++++++++++++++++++++++++++++--------------- deflate.c | 74 ++++++++++++++++++++++++++++++++++++++++---------------

8
backport-0002-CVE-2018-25032.patch
View File

@ -1,7 +1,7 @@
From d33982e6a7e976e743e6d50a6b8b9ca93f31568a Mon Sep 17 00:00:00 2001 From 4346a16853e19b45787ce933666026903fb8f3f8 Mon Sep 17 00:00:00 2001
From: root <root@localhost.localdomain> From: Mark Adler <madler@alumni.caltech.edu>
Date: Wed, 13 Apr 2022 17:08:31 +0800 Date: Tue, 17 Apr 2018 22:44:41 -0700
Subject: [PATCH] zlib-2 Subject: [PATCH] Assure that the number of bits for deflatePrime() is valid.
--- ---
deflate.c | 3 ++- deflate.c | 3 ++-

5
zlib.spec
View File

@ -1,6 +1,6 @@
Name: zlib Name: zlib
Version: 1.2.11 Version: 1.2.11
Release: 20 Release: 21
Summary: A lossless data-compression library Summary: A lossless data-compression library
License: zlib and Boost License: zlib and Boost
URL: http://www.zlib.net URL: http://www.zlib.net
@ -121,6 +121,9 @@ make test
%{_libdir}/pkgconfig/minizip.pc %{_libdir}/pkgconfig/minizip.pc
%changelog %changelog
* Mon Apr 18 2022 tianwei <tianwei12@h-partners.com> - 1.2.11-21
- modify patch info for CVE-2018-25032
* Wed Apr 13 2022 tianwei <tianwei12@h-partners.com> - 1.2.11-20 * Wed Apr 13 2022 tianwei <tianwei12@h-partners.com> - 1.2.11-20
- fix CVE-2018-25032 - fix CVE-2018-25032