From mboxrd@z Thu Jan 1 00:00:00 1970 From: Michael Tremer To: development@lists.ipfire.org Subject: Re: [PATCH] zlib: Update to version 1.2.13 Date: Tue, 08 Nov 2022 11:06:57 +0000 Message-ID: <2E09B928-B6DF-44EF-9921-A947F44E0014@ipfire.org> In-Reply-To: <20221107211428.3219507-1-adolf.belka@ipfire.org> MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="===============5547316676503558306==" List-Id: --===============5547316676503558306== Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable Reviewed-by: Michael Tremer > On 7 Nov 2022, at 21:14, Adolf Belka wrote: >=20 > - Update from version 1.2.12 to 1.2.13 > - Update of rootfile > - Patches for CVE-2022-37434 removed as they are now integarted in the sour= ce tarball > - Changelog > Changes in 1.2.13 (13 Oct 2022) > - Fix configure issue that discarded provided CC definition > - Correct incorrect inputs provided to the CRC functions > - Repair prototypes and exporting of new CRC functions > - Fix inflateBack to detect invalid input with distances too far > - Have infback() deliver all of the available output up to any error > - Fix a bug when getting a gzip header extra field with inflate(CVE-2022-37= 434) > - Fix bug in block type selection when Z_FIXED used > - Tighten deflateBound bounds > - Remove deleted assembler code references > - Various portability and appearance improvements >=20 > Signed-off-by: Adolf Belka > --- > config/rootfiles/common/zlib | 2 +- > lfs/zlib | 10 +++----- > src/patches/zlib-CVE-2022-37434-fix.patch | 26 -------------------- > src/patches/zlib-CVE-2022-37434.patch | 29 ----------------------- > 4 files changed, 4 insertions(+), 63 deletions(-) > delete mode 100644 src/patches/zlib-CVE-2022-37434-fix.patch > delete mode 100644 src/patches/zlib-CVE-2022-37434.patch >=20 > diff --git a/config/rootfiles/common/zlib b/config/rootfiles/common/zlib > index 0e01dc00e..c1f23ab8a 100644 > --- a/config/rootfiles/common/zlib > +++ b/config/rootfiles/common/zlib > @@ -1,6 +1,6 @@ > lib/libz.so > lib/libz.so.1 > -lib/libz.so.1.2.12 > +lib/libz.so.1.2.13 > #usr/include/zconf.h > #usr/include/zlib.h > #usr/lib/libz.a > diff --git a/lfs/zlib b/lfs/zlib > index f24489677..858abd0cd 100644 > --- a/lfs/zlib > +++ b/lfs/zlib > @@ -24,10 +24,10 @@ >=20 > include Config >=20 > -VER =3D 1.2.12 > +VER =3D 1.2.13 >=20 > THISAPP =3D zlib-$(VER) > -DL_FILE =3D $(THISAPP).tar.gz > +DL_FILE =3D $(THISAPP).tar.xz > DL_FROM =3D $(URL_IPFIRE) > DIR_APP =3D $(DIR_SRC)/$(THISAPP) >=20 > @@ -47,7 +47,7 @@ objects =3D $(DL_FILE) >=20 > $(DL_FILE) =3D $(DL_FROM)/$(DL_FILE) >=20 > -$(DL_FILE)_BLAKE2 =3D 76e7b26f8dc761b0eae6276cc32bc36fa74a88197699c95d158c= 1548f97b80db5e39d21144ecd6ee3eb90c42730aa5f387f9952d9a3f0930b56e9dfcd12f1e67 > +$(DL_FILE)_BLAKE2 =3D cefcd25989ce27e7d339af2a88455fcf64f6f5e647bedb0f05a4= 5e4370a885fe45a60c023aa63e79b8ecf20ed3254d0052245f33f5769aca2838b42242be14a8 >=20 > install : $(TARGET) >=20 > @@ -78,10 +78,6 @@ $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects)) > @$(PREBUILD) > @rm -rf $(DIR_APP) && cd $(DIR_SRC) && tar axf $(DIR_DL)/$(DL_FILE) >=20 > - # Apply fix for CVE-2022-37434 (and a fix for the fix) > - cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/zlib-CVE-2022-37434.= patch > - cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/zlib-CVE-2022-37434-= fix.patch > - > cd $(DIR_APP) && CROSS_PREFIX=3D$(CROSS_PREFIX) ./configure --prefix=3D$(PR= EFIX) --shared > cd $(DIR_APP) && make $(MAKETUNING) > cd $(DIR_APP) && make install > diff --git a/src/patches/zlib-CVE-2022-37434-fix.patch b/src/patches/zlib-C= VE-2022-37434-fix.patch > deleted file mode 100644 > index ba8e39535..000000000 > --- a/src/patches/zlib-CVE-2022-37434-fix.patch > +++ /dev/null > @@ -1,26 +0,0 @@ > -commit 1eb7682f845ac9e9bf9ae35bbfb3bad5dacbd91d > -Author: Mark Adler > -Date: Mon Aug 8 10:50:09 2022 -0700 > - > - Fix extra field processing bug that dereferences NULL state->head. > - =20 > - The recent commit to fix a gzip header extra field processing bug > - introduced the new bug fixed here. > - > -diff --git a/inflate.c b/inflate.c > -index 7a72897..2a3c4fe 100644 > ---- a/inflate.c > -+++ b/inflate.c > -@@ -763,10 +763,10 @@ int flush; > - copy =3D state->length; > - if (copy > have) copy =3D have; > - if (copy) { > -- len =3D state->head->extra_len - state->length; > - if (state->head !=3D Z_NULL && > - state->head->extra !=3D Z_NULL && > -- len < state->head->extra_max) { > -+ (len =3D state->head->extra_len - state->length) < > -+ state->head->extra_max) { > - zmemcpy(state->head->extra + len, next, > - len + copy > state->head->extra_max ? > - state->head->extra_max - len : copy); > diff --git a/src/patches/zlib-CVE-2022-37434.patch b/src/patches/zlib-CVE-2= 022-37434.patch > deleted file mode 100644 > index 95e9f173f..000000000 > --- a/src/patches/zlib-CVE-2022-37434.patch > +++ /dev/null > @@ -1,29 +0,0 @@ > -commit eff308af425b67093bab25f80f1ae950166bece1 > -Author: Mark Adler > -Date: Sat Jul 30 15:51:11 2022 -0700 > - > - Fix a bug when getting a gzip header extra field with inflate(). > - =20 > - If the extra field was larger than the space the user provided with > - inflateGetHeader(), and if multiple calls of inflate() delivered > - the extra header data, then there could be a buffer overflow of the > - provided space. This commit assures that provided space is not > - exceeded. > - > -diff --git a/inflate.c b/inflate.c > -index 7be8c63..7a72897 100644 > ---- a/inflate.c > -+++ b/inflate.c > -@@ -763,9 +763,10 @@ int flush; > - copy =3D state->length; > - if (copy > have) copy =3D have; > - if (copy) { > -+ len =3D state->head->extra_len - state->length; > - if (state->head !=3D Z_NULL && > -- state->head->extra !=3D Z_NULL) { > -- len =3D state->head->extra_len - state->length; > -+ state->head->extra !=3D Z_NULL && > -+ len < state->head->extra_max) { > - zmemcpy(state->head->extra + len, next, > - len + copy > state->head->extra_max ? > - state->head->extra_max - len : copy); > --=20 > 2.38.1 >=20 --===============5547316676503558306==--