rpms/zlib
5
0
Fork 0
Code Issues Pull Requests Releases Activity

Correct incorrect inputs provided to the CRC functions

Browse Source 
This issue was reported to us by ruby package: https://github.com/ruby/spec/issues/932

Patch source: ec3df00224
This commit is contained in:
Lukas Javorsky 2022-07-08 08:29:44 +00:00
parent 7a6d1b10bf
commit 59c603eb22
2 changed files with 62 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

54
zlib-1.2.12-correct-inputs-provided-to-crc-func.patch Normal file
View File

@ -0,0 +1,54 @@
From ec3df00224d4b396e2ac6586ab5d25f673caa4c2 Mon Sep 17 00:00:00 2001
From: Mark Adler <madler@alumni.caltech.edu>
Date: Wed, 30 Mar 2022 11:14:53 -0700
Subject: [PATCH] Correct incorrect inputs provided to the CRC functions.
The previous releases of zlib were not sensitive to incorrect CRC
inputs with bits set above the low 32. This commit restores that
behavior, so that applications with such bugs will continue to
operate as before.
---
crc32.c | 8 ++++----
1 file changed, 4 insertions(+), 4 deletions(-)
diff --git a/crc32.c b/crc32.c
index a1bdce5..451887b 100644
--- a/crc32.c
+++ b/crc32.c
@@ -630,7 +630,7 @@ unsigned long ZEXPORT crc32_z(crc, buf, len)
#endif /* DYNAMIC_CRC_TABLE */
/* Pre-condition the CRC */
- crc ^= 0xffffffff;
+ crc = (~crc) & 0xffffffff;
/* Compute the CRC up to a word boundary. */
while (len && ((z_size_t)buf & 7) != 0) {
@@ -749,7 +749,7 @@ unsigned long ZEXPORT crc32_z(crc, buf, len)
#endif /* DYNAMIC_CRC_TABLE */
/* Pre-condition the CRC */
- crc ^= 0xffffffff;
+ crc = (~crc) & 0xffffffff;
#ifdef W
@@ -1077,7 +1077,7 @@ uLong ZEXPORT crc32_combine64(crc1, crc2, len2)
#ifdef DYNAMIC_CRC_TABLE
once(&made, make_crc_table);
#endif /* DYNAMIC_CRC_TABLE */
- return multmodp(x2nmodp(len2, 3), crc1) ^ crc2;
+ return multmodp(x2nmodp(len2, 3), crc1) ^ (crc2 & 0xffffffff);
}
/* ========================================================================= */
@@ -1112,5 +1112,5 @@ uLong crc32_combine_op(crc1, crc2, op)
uLong crc2;
uLong op;
{
- return multmodp(op, crc1) ^ crc2;
+ return multmodp(op, crc1) ^ (crc2 & 0xffffffff);
}
--
2.34.3

9
zlib.spec
View File

@ -2,7 +2,7 @@
Name: zlib Name: zlib
Version: 1.2.12 Version: 1.2.12
Release: 2%{?dist} Release: 3%{?dist}
Summary: Compression and decompression library Summary: Compression and decompression library
# /contrib/dotzlib/ have Boost license # /contrib/dotzlib/ have Boost license
License: zlib and Boost License: zlib and Boost
@ -30,6 +30,9 @@ Patch22: zlib-1.2.11-covscan-issues.patch
# fixed issues found by covscan for rhel-9 # fixed issues found by covscan for rhel-9
# ref: https://github.com/madler/zlib/pull/554 # ref: https://github.com/madler/zlib/pull/554
Patch23: zlib-1.2.11-covscan-issues-rhel9.patch Patch23: zlib-1.2.11-covscan-issues-rhel9.patch
# Correct incorrect inputs provided to the CRC functions.
# ref: https://github.com/madler/zlib/commit/ec3df00224d4b396e2ac6586ab5d25f673caa4c2
Patch24: zlib-1.2.12-correct-inputs-provided-to-crc-func.patch
BuildRequires: make BuildRequires: make
@ -92,6 +95,7 @@ developing applications which use minizip.
%patch21 -p1 %patch21 -p1
%patch22 -p1 %patch22 -p1
%patch23 -p1 %patch23 -p1
%patch24 -p1
# Patch19 conflicts with Patch1, so the Patch1 has to be applied after, # Patch19 conflicts with Patch1, so the Patch1 has to be applied after,
# because it is arch specific # because it is arch specific
%ifarch s390 s390x %ifarch s390 s390x
@ -174,6 +178,9 @@ find $RPM_BUILD_ROOT -name '*.la' -delete
%changelog %changelog
* Mon Jul 04 2022 Lukas Javorsky <ljavorsk@redhat.com> - 1.2.12-3
- Upstream patch: Correct incorrect inputs provided to the CRC functions
* Tue Jun 28 2022 Lukas Javorsky <ljavorsk@redhat.com> - 1.2.12-2 * Tue Jun 28 2022 Lukas Javorsky <ljavorsk@redhat.com> - 1.2.12-2
- Fix covscan patch that caused compiler warnings - Fix covscan patch that caused compiler warnings