From 3f455221723901e29b429fcb0abe668688049343 Mon Sep 17 00:00:00 2001
From: weiwei_tiantian <tianwei12@huawei.com>
Date: Mon, 18 Apr 2022 15:38:54 +0800
Subject: [PATCH] modify patch info for CVE-2018-25032

---
 backport-0001-CVE-2018-25032.patch | 28 ++++++++++++++++++++++++----
 backport-0002-CVE-2018-25032.patch |  8 ++++----
 zlib.spec                          |  5 ++++-
 3 files changed, 32 insertions(+), 9 deletions(-)

diff --git a/backport-0001-CVE-2018-25032.patch b/backport-0001-CVE-2018-25032.patch
index d4bbca2..74eb73f 100644
--- a/backport-0001-CVE-2018-25032.patch
+++ b/backport-0001-CVE-2018-25032.patch
@@ -1,7 +1,27 @@
-From cd2717661543a0d2318b2aa99f0044f108dd6705 Mon Sep 17 00:00:00 2001
-From: root <root@localhost.localdomain>
-Date: Wed, 13 Apr 2022 17:06:42 +0800
-Subject: [PATCH] zlib-1
+From 5c44459c3b28a9bd3283aaceab7c615f8020c531 Mon Sep 17 00:00:00 2001
+From: Mark Adler <madler@alumni.caltech.edu>
+Date: Tue, 17 Apr 2018 22:09:22 -0700
+Subject: [PATCH] Fix a bug that can crash deflate on some input when using
+ Z_FIXED.
+
+This bug was reported by Danilo Ramos of Eideticom, Inc. It has
+lain in wait 13 years before being found! The bug was introduced
+in zlib 1.2.2.2, with the addition of the Z_FIXED option. That
+option forces the use of fixed Huffman codes. For rare inputs with
+a large number of distant matches, the pending buffer into which
+the compressed data is written can overwrite the distance symbol
+table which it overlays. That results in corrupted output due to
+invalid distances, and can result in out-of-bound accesses,
+crashing the application.
+
+The fix here combines the distance buffer and literal/length
+buffers into a single symbol buffer. Now three bytes of pending
+buffer space are opened up for each literal or length/distance
+pair consumed, instead of the previous two bytes. This assures
+that the pending buffer cannot overwrite the symbol table, since
+the maximum fixed code compressed length/distance is 31 bits, and
+since there are four bytes of pending space for every three bytes
+of symbol space.
 
 ---
  deflate.c | 74 ++++++++++++++++++++++++++++++++++++++++---------------
diff --git a/backport-0002-CVE-2018-25032.patch b/backport-0002-CVE-2018-25032.patch
index 4fa5769..20b69d0 100644
--- a/backport-0002-CVE-2018-25032.patch
+++ b/backport-0002-CVE-2018-25032.patch
@@ -1,7 +1,7 @@
-From d33982e6a7e976e743e6d50a6b8b9ca93f31568a Mon Sep 17 00:00:00 2001
-From: root <root@localhost.localdomain>
-Date: Wed, 13 Apr 2022 17:08:31 +0800
-Subject: [PATCH] zlib-2
+From 4346a16853e19b45787ce933666026903fb8f3f8 Mon Sep 17 00:00:00 2001
+From: Mark Adler <madler@alumni.caltech.edu>
+Date: Tue, 17 Apr 2018 22:44:41 -0700
+Subject: [PATCH] Assure that the number of bits for deflatePrime() is valid.
 
 ---
  deflate.c | 3 ++-
diff --git a/zlib.spec b/zlib.spec
index c2a06b9..85f4094 100644
--- a/zlib.spec
+++ b/zlib.spec
@@ -1,6 +1,6 @@
 Name:             zlib
 Version:          1.2.11
-Release:          20
+Release:          21
 Summary:          A lossless data-compression library
 License:          zlib and Boost
 URL:              http://www.zlib.net
@@ -121,6 +121,9 @@ make test
 %{_libdir}/pkgconfig/minizip.pc
 
 %changelog
+* Mon Apr 18 2022 tianwei <tianwei12@h-partners.com> - 1.2.11-21
+- modify patch info for CVE-2018-25032
+
 * Wed Apr 13 2022 tianwei <tianwei12@h-partners.com> - 1.2.11-20
 - fix CVE-2018-25032