Correct incorrect inputs provided to the CRC functions

This issue was reported to us by ruby package: https://github.com/ruby/spec/issues/932

Patch source: ec3df00224

zlib-1.2.12-correct-inputs-provided-to-crc-func.patch

@@ -0,0 +1,54 @@
+From ec3df00224d4b396e2ac6586ab5d25f673caa4c2 Mon Sep 17 00:00:00 2001
+From: Mark Adler <madler@alumni.caltech.edu>
+Date: Wed, 30 Mar 2022 11:14:53 -0700
+Subject: [PATCH] Correct incorrect inputs provided to the CRC functions.
+
+The previous releases of zlib were not sensitive to incorrect CRC
+inputs with bits set above the low 32. This commit restores that
+behavior, so that applications with such bugs will continue to
+operate as before.
+---
+ crc32.c | 8 ++++----
+ 1 file changed, 4 insertions(+), 4 deletions(-)
+
+diff --git a/crc32.c b/crc32.c
+index a1bdce5..451887b 100644
+--- a/crc32.c
++++ b/crc32.c
+@@ -630,7 +630,7 @@ unsigned long ZEXPORT crc32_z(crc, buf, len)
+ #endif /* DYNAMIC_CRC_TABLE */
+ 
+     /* Pre-condition the CRC */
+-    crc ^= 0xffffffff;
++    crc = (~crc) & 0xffffffff;
+ 
+     /* Compute the CRC up to a word boundary. */
+     while (len && ((z_size_t)buf & 7) != 0) {
+@@ -749,7 +749,7 @@ unsigned long ZEXPORT crc32_z(crc, buf, len)
+ #endif /* DYNAMIC_CRC_TABLE */
+ 
+     /* Pre-condition the CRC */
+-    crc ^= 0xffffffff;
++    crc = (~crc) & 0xffffffff;
+ 
+ #ifdef W
+ 
+@@ -1077,7 +1077,7 @@ uLong ZEXPORT crc32_combine64(crc1, crc2, len2)
+ #ifdef DYNAMIC_CRC_TABLE
+     once(&made, make_crc_table);
+ #endif /* DYNAMIC_CRC_TABLE */
+-    return multmodp(x2nmodp(len2, 3), crc1) ^ crc2;
++    return multmodp(x2nmodp(len2, 3), crc1) ^ (crc2 & 0xffffffff);
+ }
+ 
+ /* ========================================================================= */
+@@ -1112,5 +1112,5 @@ uLong crc32_combine_op(crc1, crc2, op)
+     uLong crc2;
+     uLong op;
+ {
+-    return multmodp(op, crc1) ^ crc2;
++    return multmodp(op, crc1) ^ (crc2 & 0xffffffff);
+ }
+-- 
+2.34.3
+

zlib.spec

@@ -2,7 +2,7 @@
 
 Name:    zlib
 Version: 1.2.12
-Release: 2%{?dist}
+Release: 3%{?dist}
 Summary: Compression and decompression library
 # /contrib/dotzlib/ have Boost license
 License: zlib and Boost
@@ -30,6 +30,9 @@ Patch22: zlib-1.2.11-covscan-issues.patch
 # fixed issues found by covscan for rhel-9
 # ref: https://github.com/madler/zlib/pull/554
 Patch23: zlib-1.2.11-covscan-issues-rhel9.patch
+# Correct incorrect inputs provided to the CRC functions.
+# ref: https://github.com/madler/zlib/commit/ec3df00224d4b396e2ac6586ab5d25f673caa4c2
+Patch24: zlib-1.2.12-correct-inputs-provided-to-crc-func.patch
 
 
 BuildRequires: make
@@ -92,6 +95,7 @@ developing applications which use minizip.
 %patch21 -p1
 %patch22 -p1
 %patch23 -p1
+%patch24 -p1
 # Patch19 conflicts with Patch1, so the Patch1 has to be applied after,
 # because it is arch specific
 %ifarch s390 s390x
@@ -174,6 +178,9 @@ find $RPM_BUILD_ROOT -name '*.la' -delete
 
 
 %changelog
+* Mon Jul 04 2022 Lukas Javorsky <ljavorsk@redhat.com> - 1.2.12-3
+- Upstream patch: Correct incorrect inputs provided to the CRC functions
+
 * Tue Jun 28 2022 Lukas Javorsky <ljavorsk@redhat.com> - 1.2.12-2
 - Fix covscan patch that caused compiler warnings