SOURCES/zlib-1.2.11-IBM-Z-hw-accelrated-deflate-compressBound-fix.patch

@@ -1,6 +1,3 @@
-Source from https://gitlab.com/redhat/centos-stream/rpms/zlib/-/merge_requests/9
-Author: Ilya Leoshkevich
-
 --- a/compress.c
 +++ b/compress.c
 @@ -5,9 +5,15 @@

SOURCES/zlib-1.2.11-covscan-issues-rhel9.patch

@@ -0,0 +1,65 @@
+From 1e56dd1e7285d3026092ba794078edb290b4c1b1 Mon Sep 17 00:00:00 2001
+From: Ondrej Dubaj <odubaj@redhat.com>
+Date: Mon, 15 Mar 2021 13:06:35 +0100
+Subject: [PATCH] fixed isues found by covscan
+
+---
+ contrib/minizip/mztools.c | 8 ++++++++
+ contrib/minizip/zip.c     | 4 ++--
+ deflate.c                 | 5 +++--
+ 3 files changed, 13 insertions(+), 4 deletions(-)
+
+diff --git a/contrib/minizip/mztools.c b/contrib/minizip/mztools.c
+index 96891c2..1197928 100644
+--- a/contrib/minizip/mztools.c
++++ b/contrib/minizip/mztools.c
+@@ -286,6 +286,14 @@ uLong* bytesRecovered;
+     }
+   } else {
+     err = Z_STREAM_ERROR;
++    if(fpZip != NULL)
++      fclose(fpZip);
++
++    if(fpOut != NULL)
++      fclose(fpOut);
++
++    if(fpOutCD != NULL)
++      fclose(fpOutCD);
+   }
+   return err;
+ }
+diff --git a/contrib/minizip/zip.c b/contrib/minizip/zip.c
+index 44e88a9..a753c17 100644
+--- a/contrib/minizip/zip.c
++++ b/contrib/minizip/zip.c
+@@ -526,8 +526,8 @@ local ZPOS64_T zip64local_SearchCentralDir(const zlib_filefunc64_32_def* pzlib_f
+         break;
+       }
+ 
+-      if (uPosFound!=0)
+-        break;
++    if (uPosFound!=0)
++      break;
+   }
+   TRYFREE(buf);
+   return uPosFound;
+diff --git a/deflate.c b/deflate.c
+index 085abbe..3963e79 100644
+--- a/deflate.c
++++ b/deflate.c
+@@ -203,9 +203,10 @@ local const config configuration_table[10] = {
+  * Initialize the hash table (avoiding 64K overflow for 16 bit systems).
+  * prev[] will be initialized on the fly.
+  */
+-#define CLEAR_HASH(s) \
++#define CLEAR_HASH(s) do { \
+     s->head[s->hash_size-1] = NIL; \
+-    zmemzero((Bytef *)s->head, (unsigned)(s->hash_size-1)*sizeof(*s->head));
++    zmemzero((Bytef *)s->head, (unsigned)(s->hash_size-1)*sizeof(*s->head)); \
++} while (0)
+ 
+ /* ===========================================================================
+  * Slide the hash table when sliding the window down (could be avoided with 32
+-- 
+2.26.0
+

SPECS/zlib.spec

@@ -1,68 +1,74 @@
-# disabled, per rhbz#1609830 and rhbz#1602742
+%bcond_without minizip
-%bcond_with minizip
 
 Name:    zlib
 Version: 1.2.11
-Release: 25%{?dist}
+Release: 40%{?dist}
-Summary: The compression and decompression library
+Summary: Compression and decompression library
 # /contrib/dotzlib/ have Boost license
 License: zlib and Boost
-URL: http://www.zlib.net/
+URL: https://www.zlib.net/
 
-Source: http://www.zlib.net/zlib-%{version}.tar.xz
+Source: https://www.zlib.net/zlib-%{version}.tar.xz
 # https://github.com/madler/zlib/pull/210
 Patch0: zlib-1.2.5-minizip-fixuncrypt.patch
 # resolves: #805113
 Patch1: zlib-1.2.11-optimized-s390.patch
 # Backport upstream commit 2d80d3f6b52f9fa454c26c89d2d6a1790e1cecb0
 # Reason: Fuzzer founds issues with unknown memory access
-Patch2: zlib-1.2.11-Limit-hash-table-inserts.patch
+Patch5: zlib-1.2.11-Limit-hash-table-inserts.patch
 # IBM Z optimalizations
-Patch3: zlib-1.2.11-IBM-Z-hw-accelrated-deflate-s390x.patch
+Patch7: zlib-1.2.11-IBM-Z-hw-accelrated-deflate-s390x.patch
 # fix for IBM Z optimalizations
-Patch6: zlib-1.2.11-IBM-Z-hw-accelrated-deflate-fix.patch
+Patch11: zlib-1.2.11-IBM-Z-hw-accelrated-deflate-fix.patch
 # permit a deflateParams() parameter change
-Patch7: zlib-1.2.11-permit-deflateParams-change.patch
+Patch12: zlib-1.2.11-permit-deflateParams-change.patch
 # fixed DFLTCC compression level switching issues
 # enabled HW compression for compression levels 1 through 6
-Patch8: zlib-1.2.11-IBM-DFLTCC-compression-level-switching-issues.patch
+Patch13: zlib-1.2.11-IBM-DFLTCC-compression-level-switching-issues.patch
 # fixed inflateSyncPoint() bad return value on z15
-Patch9: zlib-1.2.11-inflateSyncPoint-return-value-fix.patch
+Patch14: zlib-1.2.11-inflateSyncPoint-return-value-fix.patch
-Patch10: zlib-1.2.11-CVE-2018-25032.patch
+# fixed issues found by covscan for rhel-9
-# Fix the compressBound() on z15
+# ref: https://github.com/madler/zlib/pull/554
-Patch11: zlib-1.2.11-IBM-Z-hw-accelrated-deflate-compressBound-fix.patch
+Patch15: zlib-1.2.11-covscan-issues-rhel9.patch
-
+# fix for IBM Z optimalizations
-# Fix CVE-2022-37434
+Patch17: zlib-1.2.11-IBM-Z-hw-accelrated-deflate-compressBound-fix.patch
-Patch12: zlib-1.2.11-cve-2022-37434.patch
+# Fix for CVE-2018-25032
-Patch13: zlib-1.2.11-cve-2022-37434_2.patch
+Patch18: zlib-1.2.11-CVE-2018-25032.patch
+# Fix for CVE-2022-37434
+Patch19: zlib-1.2.11-cve-2022-37434.patch
+Patch20: zlib-1.2.11-cve-2022-37434_2.patch
 
 # Fix setting strm.adler on z15
-Patch14: zlib-1.2.11-IBM-Z-hw-accelrated-deflate-strm-adler-fix.patch
+Patch21: zlib-1.2.11-IBM-Z-hw-accelrated-deflate-strm-adler-fix.patch
 
 # Optimization for z15
-Patch15: zlib-1.2.11-IBM-Z-hw-accelrated-inflate-small-window.patch
+Patch22: zlib-1.2.11-IBM-Z-hw-accelrated-inflate-small-window.patch
+
 # Optimized crc32 for Power 8+ processors
 # Source: https://github.com/madler/zlib/pull/750
-Patch16: zlib-1.2.11-Preparation-for-Power-optimizations.patch
+Patch23: zlib-1.2.11-Preparation-for-Power-optimizations.patch
-Patch17: zlib-1.2.11-Add-Power8-optimized-crc32.patch
+Patch24: zlib-1.2.11-Add-Power8-optimized-crc32.patch
-Patch18: zlib-1.2.11-Fix-clang-s-behavior-on-versions-7.patch
+Patch25: zlib-1.2.11-Fix-clang-s-behavior-on-versions-7.patch
 
 # Fix for Unnecessary IFUNC resolver for crc32_z
 # Fix for s390x vectorize CRC32
-Patch19: zlib-1.2.11-s390x-vectorize-crc32.patch
+Patch26: zlib-1.2.11-s390x-vectorize-crc32.patch
 
 # Fix for python3.11 broken libxml2 and lxml on s390x
-Patch20: zlib-1.2.11-Fix-broken-libxml2-for-python311.patch
+Patch27: zlib-1.2.11-Fix-broken-libxml2-for-python311.patch
 
 # fixed covscan issues
-Patch21: zlib-1.2.11-covscan-issues.patch
+Patch28: zlib-1.2.11-covscan-issues.patch
 
 # Fix for Crash in zlib deflateBound() function on s390x
-# Resolves: #2193045
+# Resolves: #2193044
-Patch22: zlib-1.2.11-IBM-Z-hw-accelrated-deflate-fix-crash-deflateBound.patch
+Patch29: zlib-1.2.11-IBM-Z-hw-accelrated-deflate-fix-crash-deflateBound.patch
 
+BuildRequires: make
 BuildRequires: automake, autoconf, libtool
 
+%global __provides_exclude_from ^%{_libdir}/pkgconfig/minizip\\.pc$
+
 %description
 Zlib is a general-purpose, patent-free, lossless data compression
 library which is used by many different programs.
@@ -89,20 +95,21 @@ decompression library.
 
 
 %if %{with minizip}
-%package -n minizip
+%package -n minizip-compat
 Summary: Library for manipulation with .zip archives
 Requires: %{name}%{?_isa} = %{version}-%{release}
 
-%description -n minizip
+%description -n minizip-compat
 Minizip is a library for manipulation with files from .zip archives.
 
 
-%package -n minizip-devel
+%package -n minizip-compat-devel
 Summary: Development files for the minizip library
-Requires: minizip%{?_isa} = %{version}-%{release}
+Requires: minizip-compat%{?_isa} = %{version}-%{release}
 Requires: %{name}-devel%{?_isa} = %{version}-%{release}
+Conflicts: minizip-devel
 
-%description -n minizip-devel
+%description -n minizip-compat-devel
 This package contains the libraries and header files needed for
 developing applications which use minizip.
 %endif
@@ -114,25 +121,26 @@ developing applications which use minizip.
 %ifarch s390 s390x
 %patch1 -p1 -b .optimized-deflate
 %endif
-%patch2 -p1
+%patch5 -p1
-%patch3 -p1
-%patch6 -p1
 %patch7 -p1
-%patch8 -p1
-%patch9 -p1
-%patch10 -p1
 %patch11 -p1
 %patch12 -p1
 %patch13 -p1
 %patch14 -p1
 %patch15 -p1
-%patch16 -p1
 %patch17 -p1
 %patch18 -p1
 %patch19 -p1
 %patch20 -p1
 %patch21 -p1
 %patch22 -p1
+%patch23 -p1
+%patch24 -p1
+%patch25 -p1
+%patch26 -p1
+%patch27 -p1
+%patch28 -p1
+%patch29 -p1
 
 
 iconv -f iso-8859-2 -t utf-8 < ChangeLog > ChangeLog.tmp
@@ -141,16 +149,13 @@ mv ChangeLog.tmp ChangeLog
 
 %build
 export CFLAGS="$RPM_OPT_FLAGS"
-%ifarch ppc64
-CFLAGS+=" -O3"
-%endif
 
 export LDFLAGS="$LDFLAGS -Wl,-z,relro -Wl,-z,now"
 # no-autotools, %%configure is not compatible
 %ifarch s390 s390x
-./configure --libdir=%{_libdir} --includedir=%{_includedir} --prefix=%{_prefix} --dfltcc
+  ./configure --libdir=%{_libdir} --includedir=%{_includedir} --prefix=%{_prefix} --dfltcc
 %else
-./configure --libdir=%{_libdir} --includedir=%{_includedir} --prefix=%{_prefix}
+  ./configure --libdir=%{_libdir} --includedir=%{_includedir} --prefix=%{_prefix}
 %endif
 %make_build
 
@@ -199,12 +204,12 @@ find $RPM_BUILD_ROOT -name '*.la' -delete
 
 
 %if %{with minizip}
-%files -n minizip
+%files -n minizip-compat
 %doc contrib/minizip/MiniZip64_info.txt contrib/minizip/MiniZip64_Changes.txt
 %{_libdir}/libminizip.so.*
 
 
-%files -n minizip-devel
+%files -n minizip-compat-devel
 %dir %{_includedir}/minizip
 %{_includedir}/minizip/*.h
 %{_libdir}/libminizip.so
@@ -213,70 +218,114 @@ find $RPM_BUILD_ROOT -name '*.la' -delete
 
 
 %changelog
-* Tue May 16 2023 Lukas Javorsky <ljavorsk@redhat.com> - 1.2.11-25
+* Thu May 04 2023 Lukas Javorsky <ljavorsk@redhat.com> - 1.2.11-40
 - Fix the Crash in zlib deflateBound() function on s390x
-- Resolves: BZ#2193045
+- Resolves: BZ#2193044
 
-* Tue May 16 2023 Lukas Javorsky <ljavorsk@redhat.com> - 1.2.11-24
+* Thu Feb 09 2023 Lukas Javorsky <ljavorsk@redhat.com> - 1.2.11-39
+- Fix covscan issue CWE-681
+
+* Tue Feb 07 2023 Lukas Javorsky <ljavorsk@redhat.com> - 1.2.11-38
 - Resolve fuzzing issue for unknown memory access
 
-* Tue May 09 2023 Lukas Javorsky <ljavorsk@redhat.com> - 1.2.11-23
+* Tue Feb 07 2023 Lukas Javorsky <ljavorsk@redhat.com> - 1.2.11-37
 - Rebased Power 8 optimization patches
 - Fix for Unnecessary IFUNC resolver for crc32_z
 - Fix for python3.11 broken libxml2 and lxml on s390x
 
-* Tue May 09 2023 Lukas Javorsky <ljavorsk@redhat.com> - 1.2.11-22
+* Mon Dec 19 2022 Ilya Leoshkevich <iii@linux.ibm.com> - 1.2.11-36
 - Inflate small window optimization for IBM z15 rhbz#2154775
 
-* Wed Oct 12 2022 Ilya Leoshkevich <iii@linux.ibm.com> - 1.2.11-21
+* Wed Oct 12 2022 Ilya Leoshkevich <iii@linux.ibm.com> - 1.2.11-35
 - Fix for IBM strm.adler rhbz#2134074
 
-* Tue Aug 09 2022 Matej Mužila <mmuzila@redhat.com> - 1.2.11-20
+* Wed Aug 10 2022 Matej Mužila <mmuzila@redhat.com> - 1.2.11-34
 - Fix heap-based buffer over-read or buffer overflow in inflate in inflate.c
 - Resolves: CVE-2022-37434
 
-* Mon May 16 2022 Lukas Javorsky <ljavorsk@redhat.com> - 1.2.11-19
+* Mon Apr 25 2022 Matej Mužila <mmuzila@redhat.com> - 1.2.11-33
-- Apply IBM patch for compressBound() function
+- Fix CVE-2018-25032
-- Source from https://github.com/madler/zlib/issues/410#issuecomment-947212824
+  Resolves: CVE-2018-25032
-- Resolves: #2056900
 
-* Tue Mar 29 2022 Matej Mužila <mmuzila@redhat.com> - 1.2.11-18
+* Tue Mar 01 2022 Ilya Leoshkevich <iii@linux.ibm.com> - 1.2.11-32
-- Resolves: CVE-2018-25032
+- Fix for IBM compressBound() rhbz#2056899
 
-* Mon Jun 15 2020 Ondrej Dubaj <odubaj@redhat.com> - 1.2.11-17
+* Tue Aug 10 2021 Mohan Boddu <mboddu@redhat.com> - 1.2.11-31
-- Fixed DFLTCC compression level switching issues (#1875492)
+- Rebuilt for IMA sigs, glibc 2.34, aarch64 flags
-- Enabled HW compression for compression levels 1 through 6 (#1847438)
+  Related: rhbz#1991688
-- Fixed inflateSyncPoint() bad return value on z15 (#1888930)
 
-* Mon Jun 15 2020 Ondrej Dubaj <odubaj@redhat.com> - 1.2.11-16
+* Tue Jul 20 2021 Ondrej Dubaj <odubaj@redhat.com> - 1.2.11-30
-- Permit a deflateParams() parameter change
+- Fix for IBM CRC32 optimalization rhbz#1959423
-- Another fix for Z hardware-accelerated deflate for s390x architectures
-- according to previous change by upstream
 
-* Mon Jun 15 2020 Ondrej Dubaj <odubaj@redhat.com> - 1.2.11-15
+* Thu Jul 15 2021 Ondrej Dubaj <odubaj@redhat.com> - 1.2.11-29
-- Another fix for Z hardware-accelerated deflate for s390x architectures
+- Missing RPM_OPT_FLAGS in CFLAGS (#1972057)
 
-* Mon May 25 2020 Ondrej Dubaj <odubaj@redhat.com> - 1.2.11-14
+* Thu Jun 03 2021 Patrik Novotný <panovotn@redhat.com> - 1.2.11-28
-- Fix for Z hardware-accelerated deflate for s390x architectures
+- IBM CRC32 optimalization rhbz#1959423
+- Enabled Z hardware-accelerated deflate for compression levels 1 through 6 (#1972057)
 
-* Tue Oct 29 2019 Ondrej Dubaj <odubaj@redhat.com> - 1.2.11-13
+* Fri Apr 16 2021 Mohan Boddu <mboddu@redhat.com> - 1.2.11-27
+- Rebuilt for RHEL 9 BETA on Apr 15th 2021. Related: rhbz#1947937
+
+* Wed Mar 31 2021 Ondrej Dubaj <odubaj@redhat.com> - 1.2.11-26
+- fixed covscan issues for rhel-9
+
+* Fri Feb 12 2021 Michal Schorm <mschorm@redhat.com> - 1.2.11-25
+- Remove ancient PPC64 hack
+- Remove aarch64 optimalizations (#1936823)
+
+* Thu Jan 28 2021 Fedora Release Engineering <releng@fedoraproject.org> - 1.2.11-24
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild
+
+* Wed Nov 18 2020 Ondrej Dubaj <odubaj@redhat.com> - 1.2.11-23
+- backport IBM Z updates to fedora
+
+* Wed Jul 29 2020 Fedora Release Engineering <releng@fedoraproject.org> - 1.2.11-22
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild
+
+* Fri Jan 31 2020 Fedora Release Engineering <releng@fedoraproject.org> - 1.2.11-21
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild
+
+* Tue Oct 29 2019 Ondrej Dubaj <odubaj@redhat.com> - 1.2.11-20
 - Added -DDFLTCC parameter to configure to enable 
 - Z hardware-accelerated deflate for s390x architectures (#1659433)
 
-* Tue Oct 15 2019 Ondrej Dubaj <odubaj@redhat.com> - 1.2.11-12
+* Thu Sep 05 2019 Ondrej Dubaj <odubaj@redhat.com> - 1.2.11-19
-- fixed covscan issues
+- IBM CRC32 optimalization for POWER 8+ architectures re-add
+- fixed firefox crash duer to zlib (#1741266)
+- added test for crc32
 
-* Mon Oct 14 2019 Ondrej Dubaj <odubaj@redhat.com> - 1.2.11-11
+* Thu Aug 15 2019 Ondrej Dubaj <odubaj@redhat.com> - 1.2.11-18
+- IBM CRC32 optimalization for POWER 8+ architectures revert
+
+* Thu Aug 01 2019 Ondrej Dubaj <odubaj@redhat.com> - 1.2.11-17
 - IBM Z hardware-accelerated deflate for s390x architectures
 - IBM CRC32 optimalization for POWER 8+ architectures
-- fixed firefox crash due to zlib (#1741266)
+
-- added test for crc32 
+* Sat Jul 27 2019 Fedora Release Engineering <releng@fedoraproject.org> - 1.2.11-16
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild
+
+* Sun Feb 03 2019 Fedora Release Engineering <releng@fedoraproject.org> - 1.2.11-15
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild
+
+* Tue Oct  2 2018 Peter Robinson <pbrobinson@fedoraproject.org> 1.2.11-14
+- Bump build
+
+* Tue Sep 18 2018 Peter Robinson <pbrobinson@fedoraproject.org> 1.2.11-13
+- Revert aarch64 neon inflate optimisation
+
+* Wed Aug 29 2018 Patrik Novotný <panovotn@redhat.com> - 1.2.11-12
+- Rename minizip and minizip-devel to minizip-compat and minizip-compat-devel respectively
+
+* Thu Aug 23 2018 Patrik Novotný <panovotn@redhat.com> - 1.2.11-11
+- Provides minizip-compat and minizip-compat-devel
 
 * Fri Aug 03 2018 Pavel Raiskup <praiskup@redhat.com> - 1.2.11-10
-- sync with fedora rawhide
+- add %%bcond for minizip
+- use %%make_* macros
 
-* Fri May 25 2018 Pavel Raiskup <praiskup@redhat.com> - 1.2.11-9
+* Sat Jul 14 2018 Fedora Release Engineering <releng@fedoraproject.org> - 1.2.11-9
-- revert previous aarch64 changes (rhbz#1582444, rhbz#1578798)
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild
 
 * Mon Apr 30 2018 Peter Robinson <pbrobinson@fedoraproject.org> 1.2.11-8
 - Optimisations for aarch64