packages/zlib
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

delete redundant patch

Browse Source 
(cherry picked from commit 0b44a7ed2d2aedc1b99166e112cb23fa114ed428)
This commit is contained in:
zhoupengcheng 2024-06-18 17:39:49 +08:00 committed by openeuler-sync-bot
parent e9e8e63fc7
commit 51df9f345d
2 changed files with 5 additions and 33 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

30
backport-fix-undefined-buffer-detected-by-oss-fuzz.patch
View File

@ -1,30 +0,0 @@
From fbc28a919107bb6fbdceb2d3dfe610ddcbc5ac89 Mon Sep 17 00:00:00 2001
From: fangyufa <fangyufa1@huawei.com>
Date: Tue, 3 Dec 2019 15:42:06 +0800
Subject: [PATCH] zlib: fix undefined buffer detected by oss-fuzz
this patch fixes a use of uninitialized value discovered by one of the
fuzzers of the oss-fuzz project:
https://github.com/google/oss-fuzz/blob/master/projects/zlib/example_dict_fuzzer.c
clear out s->prev buffer to avoid undefined behavior
signed-off-by: fangyufa <fangyufa1@huawei.com>
---
zlib-1.2.11/deflate.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/deflate.c b/deflate.c
index 4c42259..a03bef2 100644
--- a/deflate.c
+++ b/deflate.c
@@ -329,6 +329,7 @@ int ZEXPORT deflateInit2_(strm, level, method, windowBits, memLevel, strategy,
s->window = (Bytef *) ZALLOC(strm, s->w_size, 2*sizeof(Byte));
s->prev = (Posf *) ZALLOC(strm, s->w_size, sizeof(Pos));
+ memset(s->prev, 0, s->w_size*sizeof(Pos));
s->head = (Posf *) ZALLOC(strm, s->hash_size, sizeof(Pos));
s->high_water = 0; /* nothing written to s->window yet */
--
2.19.1

8
zlib.spec
View File

@ -1,6 +1,6 @@
Name: zlib Name: zlib
Version: 1.2.13 Version: 1.2.13
Release: 2 Release: 3
Summary: A lossless data-compression library Summary: A lossless data-compression library
License: zlib and Boost License: zlib and Boost
URL: http://www.zlib.net URL: http://www.zlib.net
@ -8,8 +8,7 @@ Source0: http://www.zlib.net/zlib-%{version}.tar.xz
# Patch0 get from fedora # Patch0 get from fedora
Patch6000: backport-zlib-1.2.5-minizip-fixuncrypt.patch Patch6000: backport-zlib-1.2.5-minizip-fixuncrypt.patch
Patch6001: backport-fix-undefined-buffer-detected-by-oss-fuzz.patch Patch6001: backport-CVE-2023-45853.patch
Patch6002: backport-CVE-2023-45853.patch
Patch9000: zlib-Optimize-CRC32.patch Patch9000: zlib-Optimize-CRC32.patch
Patch9001: zlib-1.2.11-SIMD.patch Patch9001: zlib-1.2.11-SIMD.patch
@ -113,6 +112,9 @@ make test
%{_libdir}/pkgconfig/minizip.pc %{_libdir}/pkgconfig/minizip.pc
%changelog %changelog
* Tue Jun 18 2024 zhoupengcheng <zhoupengcheng11@huawei.com> - 1.2.13-3
- delete redundant patch
* Thu May 14 2024 zhoupengcheng <zhoupengcheng11@huawei.com> - 1.2.13-2 * Thu May 14 2024 zhoupengcheng <zhoupengcheng11@huawei.com> - 1.2.13-2
- downgrade to zlib-1.2.13 - downgrade to zlib-1.2.13