packages/zlib
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

!61 backport patches from upstream

Browse Source 
From: @markeryang 
Reviewed-by: @znzjugod, @zhoupengcheng11 
Signed-off-by: @znzjugod
This commit is contained in:
openeuler-ci-bot 2024-08-14 03:51:14 +00:00 committed by Gitee
commit 84b6d11e59
No known key found for this signature in database
GPG Key ID: 173E9B9CA92EEF8F
15 changed files with 728 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

27
backport-Add-bounds-checking-to-ERR_MSG-macro-used-by-zError.patch Normal file
View File

@ -0,0 +1,27 @@
From 431a9b65eacab7efabf2230ba97ff426c0e07f9d Mon Sep 17 00:00:00 2001
From: Mark Adler <madler@alumni.caltech.edu>
Date: Thu, 7 Dec 2023 06:38:10 -0800
Subject: [PATCH] Add bounds checking to ERR_MSG() macro, used by zError().
Reference: https://github.com/madler/zlib/commit/431a9b65eacab7efabf2230ba97ff426c0e07f9d
Conflict: no
---
zutil.h | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/zutil.h b/zutil.h
index 902a304..0bd2dbc 100644
--- a/zutil.h
+++ b/zutil.h
@@ -56,7 +56,7 @@ typedef unsigned long ulg;
extern z_const char * const z_errmsg[10]; /* indexed by 2-zlib_error */
/* (size given to avoid silly warnings with Visual C++) */
-#define ERR_MSG(err) z_errmsg[Z_NEED_DICT-(err)]
+#define ERR_MSG(err) z_errmsg[(err) < -6 || (err) > 2 ? 9 : 2 - (err)]
#define ERR_RETURN(strm,err) \
return (strm->msg = ERR_MSG(err), (err))
--
2.33.0

50
backport-Fix-a-bug-in-ZLIB_DEBUG-compiles-in-check_match.patch Normal file
View File

@ -0,0 +1,50 @@
From 7af6320ad78b390de42f414fabdc64dc6d67a5ea Mon Sep 17 00:00:00 2001
From: Mark Adler <madler@alumni.caltech.edu>
Date: Fri, 19 Jan 2024 12:19:53 -0800
Subject: [PATCH] Fix a bug in ZLIB_DEBUG compiles in check_match().
This avoids trying to compare a match starting one byte before the
current window. Thanks to @zmodem (Hans) for discovering this.
Reference:https://github.com/madler/zlib/commit/7af6320ad78b390de42f414fabdc64dc6d67a5ea
Conflict: Patch context adaptation
---
deflate.c | 20 ++++++++++++++------
1 file changed, 14 insertions(+), 6 deletions(-)
diff --git a/deflate.c b/deflate.c
index 8088083..396ab12 100644
--- a/deflate.c
+++ b/deflate.c
@@ -1510,13 +1510,21 @@ local void check_match(s, start, match, length)
int length;
{
/* check that the match is indeed a match */
- if (zmemcmp(s->window + match,
- s->window + start, length) != EQUAL) {
- fprintf(stderr, " start %u, match %u, length %d\n",
- start, match, length);
+ Bytef *back = s->window + (int)match, *here = s->window + start;
+ IPos len = length;
+ if (match == (IPos)-1) {
+ /* match starts one byte before the current window -- just compare the
+ subsequent length-1 bytes */
+ back++;
+ here++;
+ len--;
+ }
+ if (zmemcmp(back, here, len) != EQUAL) {
+ fprintf(stderr, " start %u, match %d, length %d\n",
+ start, (int)match, length);
do {
- fprintf(stderr, "%c%c", s->window[match++], s->window[start++]);
- } while (--length != 0);
+ fprintf(stderr, "(%02x %02x)", *back++, *here++);
+ } while (--len != 0);
z_error("invalid match");
}
if (z_verbose > 1) {
--
2.33.0

27
backport-Fix-bug-in-inflateSync-for-data-held-in-bit-buffer.patch Normal file
View File

@ -0,0 +1,27 @@
From 5af7cef45eeef86ddf6ab00b4e363c1eecaf47b6 Mon Sep 17 00:00:00 2001
From: Mark Adler <madler@alumni.caltech.edu>
Date: Thu, 24 Aug 2023 02:14:23 -0400
Subject: [PATCH] Fix bug in inflateSync() for data held in bit buffer.
Reference: https://github.com/madler/zlib/commit/5af7cef45eeef86ddf6ab00b4e363c1eecaf47b6
Conflict: no
---
inflate.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/inflate.c b/inflate.c
index b0757a9..94ecff0 100644
--- a/inflate.c
+++ b/inflate.c
@@ -1387,7 +1387,7 @@ int ZEXPORT inflateSync(z_streamp strm) {
/* if first time, start search in bit buffer */
if (state->mode != SYNC) {
state->mode = SYNC;
- state->hold <<= state->bits & 7;
+ state->hold >>= state->bits & 7;
state->bits -= state->bits & 7;
len = 0;
while (state->bits >= 8) {
--
2.33.0

26
backport-Fix-bug-when-gzungetc-is-used-immediately-after-gzopen.patch Normal file
View File

@ -0,0 +1,26 @@
From 7dd6aa72455ef1f2aacdc28a00d1eaf632d59593 Mon Sep 17 00:00:00 2001
From: Mark Adler <madler@alumni.caltech.edu>
Date: Fri, 11 Aug 2023 10:59:03 -0700
Subject: [PATCH] Fix bug when gzungetc() is used immediately after gzopen().
Reference:https://github.com/madler/zlib/commit/7dd6aa72455ef1f2aacdc28a00d1eaf632d59593
Conflict:NA
---
gzread.c | 4 ++++
1 file changed, 4 insertions(+)
diff --git a/gzread.c b/gzread.c
index 6034a2823..4168cbc88 100644
--- a/gzread.c
+++ b/gzread.c
@@ -443,6 +443,10 @@ int ZEXPORT gzungetc(int c, gzFile file) {
return -1;
state = (gz_statep)file;
+ /* in case this was just opened, set up the input buffer */
+ if (state->mode == GZ_READ && state->how == LOOK && state->x.have == 0)
+ (void)gz_look(state);
+
/* check that we're reading and that there's no (serious) error */
if (state->mode != GZ_READ ||
(state->err != Z_OK && state->err != Z_BUF_ERROR))

26
backport-Fix-bug-when-using-gzflush-with-a-very-small-buffer.patch Normal file
View File

@ -0,0 +1,26 @@
From d98251478246c8ef2f405d76e4ef1678c14d7eda Mon Sep 17 00:00:00 2001
From: Mark Adler <madler@alumni.caltech.edu>
Date: Mon, 14 Aug 2023 17:01:54 -0700
Subject: [PATCH] Fix bug when using gzflush() with a very small buffer.
Reference:https://github.com/madler/zlib/commit/d98251478246c8ef2f405d76e4ef1678c14d7eda
Conflict:NA
---
gzlib.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/gzlib.c b/gzlib.c
index 2b446c448..29fc4486f 100644
--- a/gzlib.c
+++ b/gzlib.c
@@ -308,8 +308,8 @@ int ZEXPORT gzbuffer(gzFile file, unsigned size) {
/* check and set requested size */
if ((size << 1) < size)
return -1; /* need to be able to double it */
- if (size < 2)
- size = 2; /* need two bytes to check magic header */
+ if (size < 8)
+ size = 8; /* needed to behave well with flushing */
state->want = size;
return 0;
}

26
backport-Fix-crash-when-gzsetparams-attempted-for-transparent-write.patch Normal file
View File

@ -0,0 +1,26 @@
From 02a6049eb3884c430268bb0fe3296d597a03174c Mon Sep 17 00:00:00 2001
From: Mark Adler <madler@alumni.caltech.edu>
Date: Mon, 26 Dec 2022 23:36:01 -0800
Subject: [PATCH] Fix crash when gzsetparams() attempted for transparent write.
gzsetparams() now returns a Z_STREAM_ERROR in this case.i
Reference:https://github.com/madler/zlib/commit/02a6049eb3884c430268bb0fe3296d597a03174c
Conflict:NA
---
gzwrite.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/gzwrite.c b/gzwrite.c
index eb8a0e589..3030d74d6 100644
--- a/gzwrite.c
+++ b/gzwrite.c
@@ -609,7 +609,7 @@ int ZEXPORT gzsetparams(file, level, strategy)
strm = &(state->strm);
/* check that we're writing and that there's no error */
- if (state->mode != GZ_WRITE || state->err != Z_OK)
+ if (state->mode != GZ_WRITE || state->err != Z_OK || state->direct)
return Z_STREAM_ERROR;
/* if no change is requested, then do nothing */

35
backport-Fix-decision-on-the-emission-of-Zip64-end-records-in.patch Normal file
View File

@ -0,0 +1,35 @@
From 15c45adb76e81a7e3a8a9e17b2a56eb90f668f44 Mon Sep 17 00:00:00 2001
From: Mark Adler <madler@alumni.caltech.edu>
Date: Tue, 7 Nov 2023 15:46:41 -0800
Subject: [PATCH] Fix decision on the emission of Zip64 end records in minizip.
The appnote says that if the number of entries in the end record
is 0xffff, then the actual number of entries will be found in the
Zip64 end record. Therefore if the number of entries is equal to
0xffff, it can't be in the end record by itself, since that is an
instruction to get the number from the Zip64 end record. This code
would just store 0xffff in the end record in that case, not making
a Zip64 end record. This commit fixes that.
Reference: https://github.com/madler/zlib/commit/15c45adb76e81a7e3a8a9e17b2a56eb90f668f44
Conflict: no
---
contrib/minizip/zip.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/contrib/minizip/zip.c b/contrib/minizip/zip.c
index 0446109..86be90b 100644
--- a/contrib/minizip/zip.c
+++ b/contrib/minizip/zip.c
@@ -1872,7 +1872,7 @@ extern int ZEXPORT zipClose(zipFile file, const char* global_comment) {
free_linkedlist(&(zi->central_dir));
pos = centraldir_pos_inzip - zi->add_position_when_writing_offset;
- if(pos >= 0xffffffff || zi->number_entry > 0xFFFF)
+ if(pos >= 0xffffffff || zi->number_entry >= 0xFFFF)
{
ZPOS64_T Zip64EOCDpos = ZTELL64(zi->z_filefunc,zi->filestream);
Write_Zip64EndOfCentralDirectoryRecord(zi, size_centraldir, centraldir_pos_inzip);
--
2.33.0

24
backport-Fix-logic-error-in-minizip-argument-processing.patch Normal file
View File

@ -0,0 +1,24 @@
From 3061e5013c2569974fd7d830f2776b38da4e2691 Mon Sep 17 00:00:00 2001
From: Mark Adler <madler@alumni.caltech.edu>
Date: Sat, 29 Jul 2023 23:51:22 -0700
Subject: [PATCH] Fix logic error in minizip argument processing.
Reference:https://github.com/madler/zlib/commit/3061e5013c2569974fd7d830f2776b38da4e2691
Conflict:NA
---
contrib/minizip/minizip.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/contrib/minizip/minizip.c b/contrib/minizip/minizip.c
index f458c85ef..61a9d4c7d 100644
--- a/contrib/minizip/minizip.c
+++ b/contrib/minizip/minizip.c
@@ -381,7 +381,7 @@ int main(int argc, char *argv[]) {
((argv[i][1]=='o') || (argv[i][1]=='O') ||
(argv[i][1]=='a') || (argv[i][1]=='A') ||
(argv[i][1]=='p') || (argv[i][1]=='P') ||
- ((argv[i][1]>='0') || (argv[i][1]<='9'))) &&
+ ((argv[i][1]>='0') && (argv[i][1]<='9'))) &&
(strlen(argv[i]) == 2)))
{
FILE * fin;

40
backport-Fix-reading-disk-number-start-on-zip64-files-in-minizip.patch Normal file
View File

@ -0,0 +1,40 @@
From e0bd0ad6e4d8afd2bc3d55d84d459a0e2c0e2890 Mon Sep 17 00:00:00 2001
From: Mark Adler <madler@alumni.caltech.edu>
Date: Sat, 29 Jul 2023 23:34:26 -0700
Subject: [PATCH] Fix reading disk number start on zip64 files in minizip.
Reference:https://github.com/madler/zlib/commit/e0bd0ad6e4d8afd2bc3d55d84d459a0e2c0e2890
Conflict:NA
---
contrib/minizip/unzip.c | 6 ++----
1 file changed, 2 insertions(+), 4 deletions(-)
diff --git a/contrib/minizip/unzip.c b/contrib/minizip/unzip.c
index 1da51a9..9329732 100644
--- a/contrib/minizip/unzip.c
+++ b/contrib/minizip/unzip.c
@@ -1038,8 +1038,6 @@ local int unz64local_GetCurrentFileInfoInternal (unzFile file,
/* ZIP64 extra fields */
if (headerId == 0x0001)
{
- uLong uL;
-
if(file_info.uncompressed_size == MAXU32)
{
if (unz64local_getLong64(&s->z_filefunc, s->filestream,&file_info.uncompressed_size) != UNZ_OK)
@@ -1059,10 +1057,10 @@ local int unz64local_GetCurrentFileInfoInternal (unzFile file,
err=UNZ_ERRNO;
}
- if(file_info.disk_num_start == MAXU32)
+ if(file_info.disk_num_start == 0xffff)
{
/* Disk Start Number */
- if (unz64local_getLong(&s->z_filefunc, s->filestream,&uL) != UNZ_OK)
+ if (unz64local_getLong(&s->z_filefunc, s->filestream,&file_info.disk_num_start) != UNZ_OK)
err=UNZ_ERRNO;
}
--
2.27.0

61
backport-Neutralize-zip-file-traversal-attacks-in-miniunz.patch Normal file
View File

@ -0,0 +1,61 @@
From 14a5f8f266c16c87ab6c086fc52b770b27701e01 Mon Sep 17 00:00:00 2001
From: Matt Wilson <msw@amazon.com>
Date: Wed, 17 Jan 2024 14:46:18 -0800
Subject: [PATCH] Neutralize zip file traversal attacks in miniunz.
Archive formats such as .zip files are generally susceptible to
so-called "traversal attacks". This allows an attacker to craft
an archive that writes to unexpected locations of the file system
(e.g., /etc/shadow) if an unspecting root user were to unpack a
malicious archive.
This patch neutralizes absolute paths such as /tmp/moo and deeply
relative paths such as dummy/../../../../../../../../../../tmp/moo
The Debian project requested CVE-2014-9485 be allocated for the
first identified weakness. The fix was incomplete, resulting in a
revised patch applied here. Since there wasn't an updated version
released by Debian with the incomplete fix, I suggest we use this
CVE to identify both issues.
Link: https://security.snyk.io/research/zip-slip-vulnerability
Link: https://bugs.debian.org/774321
Link: https://bugs.debian.org/776831
Link: https://nvd.nist.gov/vuln/detail/CVE-2014-9485
Reported-by: Jakub Wilk <jwilk@debian.org>
Fixed-by: Michael Gilbert <mgilbert@debian.org>
Reference: https://github.com/madler/zlib/commit/14a5f8f266c16c87ab6c086fc52b770b27701e01
Conflict: no
---
contrib/minizip/miniunz.c | 14 ++++++++++++++
1 file changed, 14 insertions(+)
diff --git a/contrib/minizip/miniunz.c b/contrib/minizip/miniunz.c
index 0c2fb0d..d627c42 100644
--- a/contrib/minizip/miniunz.c
+++ b/contrib/minizip/miniunz.c
@@ -356,6 +356,20 @@ static int do_extract_currentfile(unzFile uf, const int* popt_extract_without_pa
else
write_filename = filename_withoutpath;
+ if (write_filename[0]!='\0')
+ {
+ const char* relative_check = write_filename;
+ while (relative_check[1]!='\0')
+ {
+ if (relative_check[0]=='.' && relative_check[1]=='.')
+ write_filename = relative_check;
+ relative_check++;
+ }
+ }
+
+ while (write_filename[0]=='/' || write_filename[0]=='.')
+ write_filename++;
+
err = unzOpenCurrentFilePassword(uf,password);
if (err!=UNZ_OK)
{
--
2.33.0

109
backport-Remove-use-of-OF-from-contrib-untgz-and-render-it-compilable.patch Normal file
View File

@ -0,0 +1,109 @@
From 66588683b36042154ad35140bf9fcbb60c5d573c Mon Sep 17 00:00:00 2001
From: Mark Adler <madler@alumni.caltech.edu>
Date: Sat, 15 Apr 2023 11:27:12 -0700
Subject: [PATCH] Remove use of OF() from contrib/untgz and render it
compilable.
Reference:https://github.com/madler/zlib/commit/66588683b36042154ad35140bf9fcbb60c5d573c
Conflict:NA
---
contrib/untgz/untgz.c | 47 +++++++++++--------------------------------
1 file changed, 12 insertions(+), 35 deletions(-)
diff --git a/contrib/untgz/untgz.c b/contrib/untgz/untgz.c
index 2c391e598..3e530971c 100644
--- a/contrib/untgz/untgz.c
+++ b/contrib/untgz/untgz.c
@@ -14,15 +14,10 @@
#include "zlib.h"
-#ifdef unix
-# include <unistd.h>
-#else
+#ifdef _WIN32
# include <direct.h>
# include <io.h>
-#endif
-
-#ifdef WIN32
-#include <windows.h>
+# include <windows.h>
# ifndef F_OK
# define F_OK 0
# endif
@@ -33,6 +28,8 @@
# define strdup(str) _strdup(str)
# endif
#else
+# include <sys/stat.h>
+# include <unistd.h>
# include <utime.h>
#endif
@@ -102,28 +99,14 @@ struct attr_item
enum { TGZ_EXTRACT, TGZ_LIST, TGZ_INVALID };
-char *TGZfname OF((const char *));
-void TGZnotfound OF((const char *));
-
-int getoct OF((char *, int));
-char *strtime OF((time_t *));
-int setfiletime OF((char *, time_t));
-void push_attr OF((struct attr_item **, char *, int, time_t));
-void restore_attr OF((struct attr_item **));
-
-int ExprMatch OF((char *, char *));
-
-int makedir OF((char *));
-int matchname OF((int, int, char **, char *));
-
-void error OF((const char *));
-int tar OF((gzFile, int, int, int, char **));
-
-void help OF((int));
-int main OF((int, char **));
-
char *prog;
+void error(const char *msg)
+{
+ fprintf(stderr, "%s: %s\n", prog, msg);
+ exit(1);
+}
+
const char *TGZsuffix[] = { "\0", ".tar", ".tar.gz", ".taz", ".tgz", NULL };
/* return the file name of the TGZ archive */
@@ -205,7 +188,7 @@ char *strtime (time_t *t)
int setfiletime (char *fname,time_t ftime)
{
-#ifdef WIN32
+#ifdef _WIN32
static int isWinNT = -1;
SYSTEMTIME st;
FILETIME locft, modft;
@@ -590,12 +573,6 @@ void help(int exitval)
exit(exitval);
}
-void error(const char *msg)
-{
- fprintf(stderr, "%s: %s\n", prog, msg);
- exit(1);
-}
-
/* ============================================================ */
@@ -608,7 +585,7 @@ int main(int argc,char **argv)
int action = TGZ_EXTRACT;
int arg = 1;
char *TGZfile;
- gzFile *f;
+ gzFile f;
prog = strrchr(argv[0],'\\');
if (prog == NULL)

36
backport-Suppress-MSAN-detections-in-deflate-slide_hash.patch Normal file
View File

@ -0,0 +1,36 @@
From 981ee7570ad98a3cf1ae74d737e2ee619ed79171 Mon Sep 17 00:00:00 2001
From: Andrzej Hunt <andrzej@ahunt.org>
Date: Fri, 4 Jun 2021 18:25:19 +0200
Subject: [PATCH] Suppress MSAN detections in deflate's slide_hash().
slide_hash() knowingly reads potentially uninitialized memory, see
comment lower down about prev[n] potentially being garbage. In
this case, the result is never used.
Reference:https://github.com/madler/zlib/commit/981ee7570ad98a3cf1ae74d737e2ee619ed79171
Conflict:NA
---
deflate.c | 7 +++++++
1 file changed, 7 insertions(+)
diff --git a/deflate.c b/deflate.c
index 5410497..8088083 100644
--- a/deflate.c
+++ b/deflate.c
@@ -209,6 +209,13 @@ local const config configuration_table[10] = {
* bit values at the expense of memory usage). We slide even when level == 0 to
* keep the hash table consistent if we switch back to level > 0 later.
*/
+
+#if defined(__has_feature)
+# if __has_feature(memory_sanitizer)
+ __attribute__((no_sanitize("memory")))
+# endif
+#endif
+
local void slide_hash(s)
deflate_state *s;
{
--
2.27.0

63
backport-avoid-uninitialized-and-unused-warnings-in-contrib-minizip.patch Normal file
View File

@ -0,0 +1,63 @@
From 25bbd7f5a6a172b83b59fab7a80c55d1533dd100 Mon Sep 17 00:00:00 2001
From: Mark Adler <madler@alumni.caltech.edu>
Date: Thu, 17 Aug 2023 21:40:28 -0700
Subject: [PATCH] Avoid uninitialized and unused warnings in contrib/minizip.
Reference:https://github.com/madler/zlib/commit/25bbd7f5a6a172b83b59fab7a80c55d1533dd100
Conflict:NA
---
contrib/minizip/miniunz.c | 10 ++++++++--
contrib/minizip/minizip.c | 2 +-
2 files changed, 9 insertions(+), 3 deletions(-)
diff --git a/contrib/minizip/miniunz.c b/contrib/minizip/miniunz.c
index 3d65401..507820d 100644
--- a/contrib/minizip/miniunz.c
+++ b/contrib/minizip/miniunz.c
@@ -113,7 +113,11 @@ void change_file_date(filename,dosdate,tmu_date)
ut.actime=ut.modtime=mktime(&newdate);
utime(filename,&ut);
-#endif
+#else
+ (void)filename;
+ (void)dosdate;
+ (void)tmu_date;
+#endif
#endif
}
@@ -131,6 +135,8 @@ int mymkdir(dirname)
ret = mkdir (dirname,0775);
#elif __APPLE__
ret = mkdir (dirname,0775);
+#else
+ (void)dirname;
#endif
return ret;
}
@@ -248,7 +254,7 @@ int do_list(uf)
char filename_inzip[256];
unz_file_info64 file_info;
uLong ratio=0;
- const char *string_method;
+ const char *string_method = "";
char charCrypt=' ';
err = unzGetCurrentFileInfo64(uf,&file_info,filename_inzip,sizeof(filename_inzip),NULL,0,NULL,0);
if (err!=UNZ_OK)
diff --git a/contrib/minizip/minizip.c b/contrib/minizip/minizip.c
index c5d9cc6..5dde38f 100644
--- a/contrib/minizip/minizip.c
+++ b/contrib/minizip/minizip.c
@@ -395,7 +395,7 @@ int main(argc,argv)
((argv[i][1]>='0') && (argv[i][1]<='9'))) &&
(strlen(argv[i]) == 2)))
{
- FILE * fin;
+ FILE * fin = NULL;
size_t size_read;
const char* filenameinzip = argv[i];
const char *savefilenameinzip;
--
2.27.0

160
backport-minizip-Fix-being-unable-to-open-empty-zip-file.patch Normal file
View File

@ -0,0 +1,160 @@
From f209ca7be7981dc8fca79428706057e4ebc929ee Mon Sep 17 00:00:00 2001
From: RedworkDE <10944644+RedworkDE@users.noreply.github.com>
Date: Wed, 15 Feb 2023 12:25:33 +0100
Subject: [PATCH] minizip: Fix being unable to open empty zip file
Reference:https://github.com/madler/zlib/commit/f209ca7be7981dc8fca79428706057e4ebc929ee
Conflict:NA
---
contrib/minizip/unzip.c | 48 ++++++++++++++++++++++-------------------
1 file changed, 26 insertions(+), 22 deletions(-)
diff --git a/contrib/minizip/unzip.c b/contrib/minizip/unzip.c
index ad2eb3bc9..3adc692f3 100644
--- a/contrib/minizip/unzip.c
+++ b/contrib/minizip/unzip.c
@@ -379,6 +379,10 @@ extern int ZEXPORT unzStringFileNameCompare (const char* fileName1,
#define BUFREADCOMMENT (0x400)
#endif
+#ifndef CENTRALDIRINVALID
+#define CENTRALDIRINVALID ((ZPOS64_T)(-1))
+#endif
+
/*
Locate the Central directory of a zipfile (at the end, just before
the global comment)
@@ -388,10 +392,10 @@ local ZPOS64_T unz64local_SearchCentralDir(const zlib_filefunc64_32_def* pzlib_f
ZPOS64_T uSizeFile;
ZPOS64_T uBackRead;
ZPOS64_T uMaxBack=0xffff; /* maximum size of global comment */
- ZPOS64_T uPosFound=0;
+ ZPOS64_T uPosFound=CENTRALDIRINVALID;
if (ZSEEK64(*pzlib_filefunc_def,filestream,0,ZLIB_FILEFUNC_SEEK_END) != 0)
- return 0;
+ return CENTRALDIRINVALID;
uSizeFile = ZTELL64(*pzlib_filefunc_def,filestream);
@@ -401,7 +405,7 @@ local ZPOS64_T unz64local_SearchCentralDir(const zlib_filefunc64_32_def* pzlib_f
buf = (unsigned char*)ALLOC(BUFREADCOMMENT+4);
if (buf==NULL)
- return 0;
+ return CENTRALDIRINVALID;
uBackRead = 4;
while (uBackRead<uMaxBack)
@@ -431,7 +435,7 @@ local ZPOS64_T unz64local_SearchCentralDir(const zlib_filefunc64_32_def* pzlib_f
break;
}
- if (uPosFound!=0)
+ if (uPosFound!=CENTRALDIRINVALID)
break;
}
TRYFREE(buf);
@@ -449,12 +453,12 @@ local ZPOS64_T unz64local_SearchCentralDir64(const zlib_filefunc64_32_def* pzlib
ZPOS64_T uSizeFile;
ZPOS64_T uBackRead;
ZPOS64_T uMaxBack=0xffff; /* maximum size of global comment */
- ZPOS64_T uPosFound=0;
+ ZPOS64_T uPosFound=CENTRALDIRINVALID;
uLong uL;
ZPOS64_T relativeOffset;
if (ZSEEK64(*pzlib_filefunc_def,filestream,0,ZLIB_FILEFUNC_SEEK_END) != 0)
- return 0;
+ return CENTRALDIRINVALID;
uSizeFile = ZTELL64(*pzlib_filefunc_def,filestream);
@@ -464,7 +468,7 @@ local ZPOS64_T unz64local_SearchCentralDir64(const zlib_filefunc64_32_def* pzlib
buf = (unsigned char*)ALLOC(BUFREADCOMMENT+4);
if (buf==NULL)
- return 0;
+ return CENTRALDIRINVALID;
uBackRead = 4;
while (uBackRead<uMaxBack)
@@ -494,47 +498,47 @@ local ZPOS64_T unz64local_SearchCentralDir64(const zlib_filefunc64_32_def* pzlib
break;
}
- if (uPosFound!=0)
+ if (uPosFound!=CENTRALDIRINVALID)
break;
}
TRYFREE(buf);
- if (uPosFound == 0)
- return 0;
+ if (uPosFound == CENTRALDIRINVALID)
+ return CENTRALDIRINVALID;
/* Zip64 end of central directory locator */
if (ZSEEK64(*pzlib_filefunc_def,filestream, uPosFound,ZLIB_FILEFUNC_SEEK_SET)!=0)
- return 0;
+ return CENTRALDIRINVALID;
/* the signature, already checked */
if (unz64local_getLong(pzlib_filefunc_def,filestream,&uL)!=UNZ_OK)
- return 0;
+ return CENTRALDIRINVALID;
/* number of the disk with the start of the zip64 end of central directory */
if (unz64local_getLong(pzlib_filefunc_def,filestream,&uL)!=UNZ_OK)
- return 0;
+ return CENTRALDIRINVALID;
if (uL != 0)
- return 0;
+ return CENTRALDIRINVALID;
/* relative offset of the zip64 end of central directory record */
if (unz64local_getLong64(pzlib_filefunc_def,filestream,&relativeOffset)!=UNZ_OK)
- return 0;
+ return CENTRALDIRINVALID;
/* total number of disks */
if (unz64local_getLong(pzlib_filefunc_def,filestream,&uL)!=UNZ_OK)
- return 0;
+ return CENTRALDIRINVALID;
if (uL != 1)
- return 0;
+ return CENTRALDIRINVALID;
/* Goto end of central directory record */
if (ZSEEK64(*pzlib_filefunc_def,filestream, relativeOffset,ZLIB_FILEFUNC_SEEK_SET)!=0)
- return 0;
+ return CENTRALDIRINVALID;
/* the signature */
if (unz64local_getLong(pzlib_filefunc_def,filestream,&uL)!=UNZ_OK)
- return 0;
+ return CENTRALDIRINVALID;
if (uL != 0x06064b50)
- return 0;
+ return CENTRALDIRINVALID;
return relativeOffset;
}
@@ -587,7 +591,7 @@ local unzFile unzOpenInternal(const void *path,
return NULL;
central_pos = unz64local_SearchCentralDir64(&us.z_filefunc,us.filestream);
- if (central_pos)
+ if (central_pos!=CENTRALDIRINVALID)
{
uLong uS;
ZPOS64_T uL64;
@@ -649,7 +653,7 @@ local unzFile unzOpenInternal(const void *path,
else
{
central_pos = unz64local_SearchCentralDir(&us.z_filefunc,us.filestream);
- if (central_pos==0)
+ if (central_pos==CENTRALDIRINVALID)
err=UNZ_ERRNO;
us.isZip64 = 0;

19
zlib.spec
View File

@ -1,6 +1,6 @@
Name: zlib Name: zlib
Version: 1.2.13 Version: 1.2.13
Release: 3 Release: 4
Summary: A lossless data-compression library Summary: A lossless data-compression library
License: zlib and Boost License: zlib and Boost
URL: http://www.zlib.net URL: http://www.zlib.net
@ -9,6 +9,20 @@ Source0: http://www.zlib.net/zlib-%{version}.tar.xz
# Patch0 get from fedora # Patch0 get from fedora
Patch6000: backport-zlib-1.2.5-minizip-fixuncrypt.patch Patch6000: backport-zlib-1.2.5-minizip-fixuncrypt.patch
Patch6001: backport-CVE-2023-45853.patch Patch6001: backport-CVE-2023-45853.patch
Patch6002: backport-Fix-crash-when-gzsetparams-attempted-for-transparent-write.patch
Patch6003: backport-Remove-use-of-OF-from-contrib-untgz-and-render-it-compilable.patch
Patch6004: backport-minizip-Fix-being-unable-to-open-empty-zip-file.patch
Patch6005: backport-Fix-reading-disk-number-start-on-zip64-files-in-minizip.patch
Patch6006: backport-Fix-logic-error-in-minizip-argument-processing.patch
Patch6007: backport-Fix-bug-when-gzungetc-is-used-immediately-after-gzopen.patch
Patch6008: backport-Suppress-MSAN-detections-in-deflate-slide_hash.patch
Patch6009: backport-Fix-bug-when-using-gzflush-with-a-very-small-buffer.patch
Patch6010: backport-avoid-uninitialized-and-unused-warnings-in-contrib-minizip.patch
Patch6011: backport-Add-bounds-checking-to-ERR_MSG-macro-used-by-zError.patch
Patch6012: backport-Fix-bug-in-inflateSync-for-data-held-in-bit-buffer.patch
Patch6013: backport-Fix-decision-on-the-emission-of-Zip64-end-records-in.patch
Patch6014: backport-Neutralize-zip-file-traversal-attacks-in-miniunz.patch
Patch6015: backport-Fix-a-bug-in-ZLIB_DEBUG-compiles-in-check_match.patch
Patch9000: zlib-Optimize-CRC32.patch Patch9000: zlib-Optimize-CRC32.patch
Patch9001: zlib-1.2.11-SIMD.patch Patch9001: zlib-1.2.11-SIMD.patch
@ -112,6 +126,9 @@ make test
%{_libdir}/pkgconfig/minizip.pc %{_libdir}/pkgconfig/minizip.pc
%changelog %changelog
* Tue Aug 13 2024 yanglongkang <yanglongkang@h-partners.com> - 1.2.13-4
- backport patches from upstream
* Tue Jun 18 2024 zhoupengcheng <zhoupengcheng11@huawei.com> - 1.2.13-3 * Tue Jun 18 2024 zhoupengcheng <zhoupengcheng11@huawei.com> - 1.2.13-3
- delete redundant patch - delete redundant patch