- Update from version 1.2.12 to 1.2.13 - Update of rootfile - Patches for CVE-2022-37434 removed as they are now integarted in the source tarball - Changelog Changes in 1.2.13 (13 Oct 2022) - Fix configure issue that discarded provided CC definition - Correct incorrect inputs provided to the CRC functions - Repair prototypes and exporting of new CRC functions - Fix inflateBack to detect invalid input with distances too far - Have infback() deliver all of the available output up to any error - Fix a bug when getting a gzip header extra field with inflate(CVE-2022-37434) - Fix bug in block type selection when Z_FIXED used - Tighten deflateBound bounds - Remove deleted assembler code references - Various portability and appearance improvements
Signed-off-by: Adolf Belka adolf.belka@ipfire.org --- config/rootfiles/common/zlib | 2 +- lfs/zlib | 10 +++----- src/patches/zlib-CVE-2022-37434-fix.patch | 26 -------------------- src/patches/zlib-CVE-2022-37434.patch | 29 ----------------------- 4 files changed, 4 insertions(+), 63 deletions(-) delete mode 100644 src/patches/zlib-CVE-2022-37434-fix.patch delete mode 100644 src/patches/zlib-CVE-2022-37434.patch
diff --git a/config/rootfiles/common/zlib b/config/rootfiles/common/zlib index 0e01dc00e..c1f23ab8a 100644 --- a/config/rootfiles/common/zlib +++ b/config/rootfiles/common/zlib @@ -1,6 +1,6 @@ lib/libz.so lib/libz.so.1 -lib/libz.so.1.2.12 +lib/libz.so.1.2.13 #usr/include/zconf.h #usr/include/zlib.h #usr/lib/libz.a diff --git a/lfs/zlib b/lfs/zlib index f24489677..858abd0cd 100644 --- a/lfs/zlib +++ b/lfs/zlib @@ -24,10 +24,10 @@
include Config
-VER = 1.2.12 +VER = 1.2.13
THISAPP = zlib-$(VER) -DL_FILE = $(THISAPP).tar.gz +DL_FILE = $(THISAPP).tar.xz DL_FROM = $(URL_IPFIRE) DIR_APP = $(DIR_SRC)/$(THISAPP)
@@ -47,7 +47,7 @@ objects = $(DL_FILE)
$(DL_FILE) = $(DL_FROM)/$(DL_FILE)
-$(DL_FILE)_BLAKE2 = 76e7b26f8dc761b0eae6276cc32bc36fa74a88197699c95d158c1548f97b80db5e39d21144ecd6ee3eb90c42730aa5f387f9952d9a3f0930b56e9dfcd12f1e67 +$(DL_FILE)_BLAKE2 = cefcd25989ce27e7d339af2a88455fcf64f6f5e647bedb0f05a45e4370a885fe45a60c023aa63e79b8ecf20ed3254d0052245f33f5769aca2838b42242be14a8
install : $(TARGET)
@@ -78,10 +78,6 @@ $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects)) @$(PREBUILD) @rm -rf $(DIR_APP) && cd $(DIR_SRC) && tar axf $(DIR_DL)/$(DL_FILE)
- # Apply fix for CVE-2022-37434 (and a fix for the fix) - cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/zlib-CVE-2022-37434.patch - cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/zlib-CVE-2022-37434-fix.patch - cd $(DIR_APP) && CROSS_PREFIX=$(CROSS_PREFIX) ./configure --prefix=$(PREFIX) --shared cd $(DIR_APP) && make $(MAKETUNING) cd $(DIR_APP) && make install diff --git a/src/patches/zlib-CVE-2022-37434-fix.patch b/src/patches/zlib-CVE-2022-37434-fix.patch deleted file mode 100644 index ba8e39535..000000000 --- a/src/patches/zlib-CVE-2022-37434-fix.patch +++ /dev/null @@ -1,26 +0,0 @@ -commit 1eb7682f845ac9e9bf9ae35bbfb3bad5dacbd91d -Author: Mark Adler fork@madler.net -Date: Mon Aug 8 10:50:09 2022 -0700 - - Fix extra field processing bug that dereferences NULL state->head. - - The recent commit to fix a gzip header extra field processing bug - introduced the new bug fixed here. - -diff --git a/inflate.c b/inflate.c -index 7a72897..2a3c4fe 100644 ---- a/inflate.c -+++ b/inflate.c -@@ -763,10 +763,10 @@ int flush; - copy = state->length; - if (copy > have) copy = have; - if (copy) { -- len = state->head->extra_len - state->length; - if (state->head != Z_NULL && - state->head->extra != Z_NULL && -- len < state->head->extra_max) { -+ (len = state->head->extra_len - state->length) < -+ state->head->extra_max) { - zmemcpy(state->head->extra + len, next, - len + copy > state->head->extra_max ? - state->head->extra_max - len : copy); diff --git a/src/patches/zlib-CVE-2022-37434.patch b/src/patches/zlib-CVE-2022-37434.patch deleted file mode 100644 index 95e9f173f..000000000 --- a/src/patches/zlib-CVE-2022-37434.patch +++ /dev/null @@ -1,29 +0,0 @@ -commit eff308af425b67093bab25f80f1ae950166bece1 -Author: Mark Adler fork@madler.net -Date: Sat Jul 30 15:51:11 2022 -0700 - - Fix a bug when getting a gzip header extra field with inflate(). - - If the extra field was larger than the space the user provided with - inflateGetHeader(), and if multiple calls of inflate() delivered - the extra header data, then there could be a buffer overflow of the - provided space. This commit assures that provided space is not - exceeded. - -diff --git a/inflate.c b/inflate.c -index 7be8c63..7a72897 100644 ---- a/inflate.c -+++ b/inflate.c -@@ -763,9 +763,10 @@ int flush; - copy = state->length; - if (copy > have) copy = have; - if (copy) { -+ len = state->head->extra_len - state->length; - if (state->head != Z_NULL && -- state->head->extra != Z_NULL) { -- len = state->head->extra_len - state->length; -+ state->head->extra != Z_NULL && -+ len < state->head->extra_max) { - zmemcpy(state->head->extra + len, next, - len + copy > state->head->extra_max ? - state->head->extra_max - len : copy);
Reviewed-by: Michael Tremer michael.tremer@ipfire.org
On 7 Nov 2022, at 21:14, Adolf Belka adolf.belka@ipfire.org wrote:
- Update from version 1.2.12 to 1.2.13
- Update of rootfile
- Patches for CVE-2022-37434 removed as they are now integarted in the source tarball
- Changelog Changes in 1.2.13 (13 Oct 2022)
- Fix configure issue that discarded provided CC definition
- Correct incorrect inputs provided to the CRC functions
- Repair prototypes and exporting of new CRC functions
- Fix inflateBack to detect invalid input with distances too far
- Have infback() deliver all of the available output up to any error
- Fix a bug when getting a gzip header extra field with inflate(CVE-2022-37434)
- Fix bug in block type selection when Z_FIXED used
- Tighten deflateBound bounds
- Remove deleted assembler code references
- Various portability and appearance improvements
Signed-off-by: Adolf Belka adolf.belka@ipfire.org
config/rootfiles/common/zlib | 2 +- lfs/zlib | 10 +++----- src/patches/zlib-CVE-2022-37434-fix.patch | 26 -------------------- src/patches/zlib-CVE-2022-37434.patch | 29 ----------------------- 4 files changed, 4 insertions(+), 63 deletions(-) delete mode 100644 src/patches/zlib-CVE-2022-37434-fix.patch delete mode 100644 src/patches/zlib-CVE-2022-37434.patch
diff --git a/config/rootfiles/common/zlib b/config/rootfiles/common/zlib index 0e01dc00e..c1f23ab8a 100644 --- a/config/rootfiles/common/zlib +++ b/config/rootfiles/common/zlib @@ -1,6 +1,6 @@ lib/libz.so lib/libz.so.1 -lib/libz.so.1.2.12 +lib/libz.so.1.2.13 #usr/include/zconf.h #usr/include/zlib.h #usr/lib/libz.a diff --git a/lfs/zlib b/lfs/zlib index f24489677..858abd0cd 100644 --- a/lfs/zlib +++ b/lfs/zlib @@ -24,10 +24,10 @@
include Config
-VER = 1.2.12 +VER = 1.2.13
THISAPP = zlib-$(VER) -DL_FILE = $(THISAPP).tar.gz +DL_FILE = $(THISAPP).tar.xz DL_FROM = $(URL_IPFIRE) DIR_APP = $(DIR_SRC)/$(THISAPP)
@@ -47,7 +47,7 @@ objects = $(DL_FILE)
$(DL_FILE) = $(DL_FROM)/$(DL_FILE)
-$(DL_FILE)_BLAKE2 = 76e7b26f8dc761b0eae6276cc32bc36fa74a88197699c95d158c1548f97b80db5e39d21144ecd6ee3eb90c42730aa5f387f9952d9a3f0930b56e9dfcd12f1e67 +$(DL_FILE)_BLAKE2 = cefcd25989ce27e7d339af2a88455fcf64f6f5e647bedb0f05a45e4370a885fe45a60c023aa63e79b8ecf20ed3254d0052245f33f5769aca2838b42242be14a8
install : $(TARGET)
@@ -78,10 +78,6 @@ $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects)) @$(PREBUILD) @rm -rf $(DIR_APP) && cd $(DIR_SRC) && tar axf $(DIR_DL)/$(DL_FILE)
- # Apply fix for CVE-2022-37434 (and a fix for the fix)
- cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/zlib-CVE-2022-37434.patch
- cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/zlib-CVE-2022-37434-fix.patch
cd $(DIR_APP) && CROSS_PREFIX=$(CROSS_PREFIX) ./configure --prefix=$(PREFIX) --shared cd $(DIR_APP) && make $(MAKETUNING) cd $(DIR_APP) && make install diff --git a/src/patches/zlib-CVE-2022-37434-fix.patch b/src/patches/zlib-CVE-2022-37434-fix.patch deleted file mode 100644 index ba8e39535..000000000 --- a/src/patches/zlib-CVE-2022-37434-fix.patch +++ /dev/null @@ -1,26 +0,0 @@ -commit 1eb7682f845ac9e9bf9ae35bbfb3bad5dacbd91d -Author: Mark Adler fork@madler.net -Date: Mon Aug 8 10:50:09 2022 -0700
- Fix extra field processing bug that dereferences NULL state->head.
- The recent commit to fix a gzip header extra field processing bug
- introduced the new bug fixed here.
-diff --git a/inflate.c b/inflate.c -index 7a72897..2a3c4fe 100644 ---- a/inflate.c -+++ b/inflate.c -@@ -763,10 +763,10 @@ int flush;
copy = state->length;if (copy > have) copy = have;if (copy) {-- len = state->head->extra_len - state->length;
if (state->head != Z_NULL &&state->head->extra != Z_NULL &&-- len < state->head->extra_max) { -+ (len = state->head->extra_len - state->length) < -+ state->head->extra_max) {
zmemcpy(state->head->extra + len, next,len + copy > state->head->extra_max ?state->head->extra_max - len : copy);diff --git a/src/patches/zlib-CVE-2022-37434.patch b/src/patches/zlib-CVE-2022-37434.patch deleted file mode 100644 index 95e9f173f..000000000 --- a/src/patches/zlib-CVE-2022-37434.patch +++ /dev/null @@ -1,29 +0,0 @@ -commit eff308af425b67093bab25f80f1ae950166bece1 -Author: Mark Adler fork@madler.net -Date: Sat Jul 30 15:51:11 2022 -0700
- Fix a bug when getting a gzip header extra field with inflate().
- If the extra field was larger than the space the user provided with
- inflateGetHeader(), and if multiple calls of inflate() delivered
- the extra header data, then there could be a buffer overflow of the
- provided space. This commit assures that provided space is not
- exceeded.
-diff --git a/inflate.c b/inflate.c -index 7be8c63..7a72897 100644 ---- a/inflate.c -+++ b/inflate.c -@@ -763,9 +763,10 @@ int flush;
copy = state->length;if (copy > have) copy = have;if (copy) {-+ len = state->head->extra_len - state->length;
if (state->head != Z_NULL &&-- state->head->extra != Z_NULL) { -- len = state->head->extra_len - state->length; -+ state->head->extra != Z_NULL && -+ len < state->head->extra_max) {
zmemcpy(state->head->extra + len, next,len + copy > state->head->extra_max ?state->head->extra_max - len : copy);-- 2.38.1
-
Adolf Belka -
Michael Tremer