Fix a few low severity security bugs

- An off-by-one overflow when reading compressed integers from a
   malicious zchunk file
 - Error handling being skipped when the number of bytes read doesn't
   match what's expected
 - Not freeing memory when attempting to reallocate to size 0

Signed-off-by: Jonathan Dieter <jdieter@gmail.com>

.gitignore

@@ -36,3 +36,4 @@
 /zchunk-1.2.3.tar.gz
 /zchunk-1.2.4.tar.gz
 /zchunk-1.3.0.tar.gz
+/zchunk-1.3.1.tar.gz

sources

@@ -1 +1 @@
-SHA512 (zchunk-1.3.0.tar.gz) = abfe9a6f8693ad649962e8b524aa3373561fbe4b932cb7ba3f58abbf91b648f5f61ad3ecadf415bb5d46e8e8283cb4a314d6cb6184f35f491f4478eac0da7075
+SHA512 (zchunk-1.3.1.tar.gz) = 5eec3ee084f3192291f5956dc797275986ebaa004df580be73de18ff22a781b6c5362bedc6263c9ae3569e5fa12cf5225d87aed7ec4ddfa6210f5c92763566e5

zchunk.spec

@@ -1,5 +1,5 @@
 Name:           zchunk
-Version:        1.3.0
+Version:        1.3.1
 Release:        1%{?dist}
 Summary:        Compressed file format that allows easy deltas
 License:        BSD and MIT
@@ -84,6 +84,14 @@ install contrib/gen_xml_dictionary %{buildroot}%{_libexecdir}/zck_gen_xml_dictio
 %{_includedir}/zck.h
 
 %changelog
+* Tue Apr  4 2023 Jonathan Dieter <jdieter@gmail.com> - 1.3.1-1
+- Fix a few low severity security bugs including
+  - An off-by-one overflow when reading compressed integers from a
+    malicious zchunk file
+  - Error handling being skipped when the number of bytes read doesn't
+    match what's expected
+  - Not freeing memory when attempting to reallocate to size 0
+
 * Sat Feb 25 2023 Jonathan Dieter <jdieter@gmail.com> - 1.3.0-1
 - Add option to generate a zchunk header from an uncompressed file without
   actually creating a zchunk file