import zlib-1.2.11-20.el8

c8 imports/c8/zlib-1.2.11-20.el8
CentOS Sources 3 months ago committed by Stepan Oksanichenko
parent df61269f49
commit 8740912cf6
  1. 93
      SOURCES/zlib-1.2.11-IBM-Z-hw-accelrated-deflate-compressBound-fix.patch
  2. 15
      SPECS/zlib.spec

@ -0,0 +1,93 @@
Source from https://gitlab.com/redhat/centos-stream/rpms/zlib/-/merge_requests/9
Author: Ilya Leoshkevich
--- a/compress.c
+++ b/compress.c
@@ -5,9 +5,15 @@
/* @(#) $Id$ */
-#define ZLIB_INTERNAL
+#include "zutil.h"
#include "zlib.h"
+#ifdef DFLTCC
+# include "contrib/s390/dfltcc.h"
+#else
+#define DEFLATE_BOUND_COMPLEN(source_len) 0
+#endif
+
/* ===========================================================================
Compresses the source buffer into the destination buffer. The level
parameter has the same meaning as in deflateInit. sourceLen is the byte
@@ -81,6 +87,12 @@ int ZEXPORT compress (dest, destLen, source, sourceLen)
uLong ZEXPORT compressBound (sourceLen)
uLong sourceLen;
{
+ uLong complen = DEFLATE_BOUND_COMPLEN(sourceLen);
+
+ if (complen > 0)
+ /* Architecture-specific code provided an upper bound. */
+ return complen + ZLIB_WRAPLEN;
+
return sourceLen + (sourceLen >> 12) + (sourceLen >> 14) +
(sourceLen >> 25) + 13;
}
--- a/contrib/s390/dfltcc.h
+++ b/contrib/s390/dfltcc.h
@@ -12,6 +12,28 @@ void ZLIB_INTERNAL dfltcc_reset OF((z_streamp strm, uInt size));
voidpf ZLIB_INTERNAL dfltcc_alloc_window OF((z_streamp strm, uInt items,
uInt size));
void ZLIB_INTERNAL dfltcc_free_window OF((z_streamp strm, voidpf w));
+#define DFLTCC_BLOCK_HEADER_BITS 3
+#define DFLTCC_HLITS_COUNT_BITS 5
+#define DFLTCC_HDISTS_COUNT_BITS 5
+#define DFLTCC_HCLENS_COUNT_BITS 4
+#define DFLTCC_MAX_HCLENS 19
+#define DFLTCC_HCLEN_BITS 3
+#define DFLTCC_MAX_HLITS 286
+#define DFLTCC_MAX_HDISTS 30
+#define DFLTCC_MAX_HLIT_HDIST_BITS 7
+#define DFLTCC_MAX_SYMBOL_BITS 16
+#define DFLTCC_MAX_EOBS_BITS 15
+#define DFLTCC_MAX_PADDING_BITS 7
+#define DEFLATE_BOUND_COMPLEN(source_len) \
+ ((DFLTCC_BLOCK_HEADER_BITS + \
+ DFLTCC_HLITS_COUNT_BITS + \
+ DFLTCC_HDISTS_COUNT_BITS + \
+ DFLTCC_HCLENS_COUNT_BITS + \
+ DFLTCC_MAX_HCLENS * DFLTCC_HCLEN_BITS + \
+ (DFLTCC_MAX_HLITS + DFLTCC_MAX_HDISTS) * DFLTCC_MAX_HLIT_HDIST_BITS + \
+ (source_len) * DFLTCC_MAX_SYMBOL_BITS + \
+ DFLTCC_MAX_EOBS_BITS + \
+ DFLTCC_MAX_PADDING_BITS) >> 3)
int ZLIB_INTERNAL dfltcc_can_inflate OF((z_streamp strm));
typedef enum {
DFLTCC_INFLATE_CONTINUE,
diff --git a/contrib/s390/dfltcc_deflate.h b/contrib/s390/dfltcc_deflate.h
index 03f7f53..46acfc5 100644
--- a/contrib/s390/dfltcc_deflate.h
+++ b/contrib/s390/dfltcc_deflate.h
@@ -46,8 +46,7 @@ int ZLIB_INTERNAL dfltcc_deflate_get_dictionary OF((z_streamp strm,
#define DEFLATE_BOUND_ADJUST_COMPLEN(strm, complen, source_len) \
do { \
if (dfltcc_can_deflate((strm))) \
- (complen) = (3 + 5 + 5 + 4 + 19 * 3 + (286 + 30) * 7 + \
- (source_len) * 16 + 15 + 7) >> 3; \
+ (complen) = DEFLATE_BOUND_COMPLEN(source_len); \
} while (0)
#define DEFLATE_NEED_CONSERVATIVE_BOUND(strm) (dfltcc_can_deflate((strm)))
#define DEFLATE_HOOK dfltcc_deflate
diff --git a/zutil.h b/zutil.h
index 14277bc..cf90e49 100644
--- a/zutil.h
+++ b/zutil.h
@@ -87,6 +87,8 @@ extern z_const char * const z_errmsg[10]; /* indexed by 2-zlib_error */
#define PRESET_DICT 0x20 /* preset dictionary flag in zlib header */
+#define ZLIB_WRAPLEN 6 /* zlib format overhead */
+
/* target dependencies */
#if defined(MSDOS) || (defined(WINDOWS) && !defined(WIN32))

@ -3,7 +3,7 @@
Name: zlib
Version: 1.2.11
Release: 19%{?dist}
Release: 20%{?dist}
Summary: The compression and decompression library
# /contrib/dotzlib/ have Boost license
License: zlib and Boost
@ -32,8 +32,10 @@ Patch8: zlib-1.2.11-IBM-DFLTCC-compression-level-switching-issues.patch
# fixed inflateSyncPoint() bad return value on z15
Patch9: zlib-1.2.11-inflateSyncPoint-return-value-fix.patch
Patch10: zlib-1.2.11-CVE-2018-25032.patch
# Fix the compressBound() on z15
Patch11: zlib-1.2.11-IBM-Z-hw-accelrated-deflate-compressBound-fix.patch
# Patches for CVE-2022-37434
# Fix CVE-2022-37434
Patch12: zlib-1.2.11-cve-2022-37434.patch
Patch13: zlib-1.2.11-cve-2022-37434_2.patch
@ -99,9 +101,11 @@ developing applications which use minizip.
%patch8 -p1
%patch9 -p1
%patch10 -p1
%patch11 -p1
%patch12 -p1
%patch13 -p1
iconv -f iso-8859-2 -t utf-8 < ChangeLog > ChangeLog.tmp
mv ChangeLog.tmp ChangeLog
@ -180,10 +184,15 @@ find $RPM_BUILD_ROOT -name '*.la' -delete
%changelog
* Tue Aug 09 2022 Matej Mužila <mmuzila@redhat.com> - 1.2.11.19
* Tue Aug 09 2022 Matej Mužila <mmuzila@redhat.com> - 1.2.11-20
- Fix heap-based buffer over-read or buffer overflow in inflate in inflate.c
- Resolves: CVE-2022-37434
* Mon May 16 2022 Lukas Javorsky <ljavorsk@redhat.com> - 1.2.11-19
- Apply IBM patch for compressBound() function
- Source from https://github.com/madler/zlib/issues/410#issuecomment-947212824
- Resolves: #2056900
* Tue Mar 29 2022 Matej Mužila <mmuzila@redhat.com> - 1.2.11-18
- Resolves: CVE-2018-25032

Loading…
Cancel
Save