zlib: 1.2.12 -> 1.2.13

This commit is contained in:
Artturin 2022-10-15 20:12:24 +03:00
parent 00e5a55909
commit 017b667099
4 changed files with 2 additions and 150 deletions

View File

@ -1,62 +0,0 @@
From eff308af425b67093bab25f80f1ae950166bece1 Mon Sep 17 00:00:00 2001
From: Mark Adler <fork@madler.net>
Date: Sat, 30 Jul 2022 15:51:11 -0700
Subject: [PATCH] Fix a bug when getting a gzip header extra field with
inflate().
If the extra field was larger than the space the user provided with
inflateGetHeader(), and if multiple calls of inflate() delivered
the extra header data, then there could be a buffer overflow of the
provided space. This commit assures that provided space is not
exceeded.
---
inflate.c | 5 +++--
1 file changed, 3 insertions(+), 2 deletions(-)
diff --git a/inflate.c b/inflate.c
index 7be8c6366..7a7289749 100644
--- a/inflate.c
+++ b/inflate.c
@@ -763,9 +763,10 @@ int flush;
copy = state->length;
if (copy > have) copy = have;
if (copy) {
+ len = state->head->extra_len - state->length;
if (state->head != Z_NULL &&
- state->head->extra != Z_NULL) {
- len = state->head->extra_len - state->length;
+ state->head->extra != Z_NULL &&
+ len < state->head->extra_max) {
zmemcpy(state->head->extra + len, next,
len + copy > state->head->extra_max ?
state->head->extra_max - len : copy);
From 1eb7682f845ac9e9bf9ae35bbfb3bad5dacbd91d Mon Sep 17 00:00:00 2001
From: Mark Adler <fork@madler.net>
Date: Mon, 8 Aug 2022 10:50:09 -0700
Subject: [PATCH] Fix extra field processing bug that dereferences NULL
state->head.
The recent commit to fix a gzip header extra field processing bug
introduced the new bug fixed here.
---
inflate.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/inflate.c b/inflate.c
index 7a7289749..2a3c4fe98 100644
--- a/inflate.c
+++ b/inflate.c
@@ -763,10 +763,10 @@ int flush;
copy = state->length;
if (copy > have) copy = have;
if (copy) {
- len = state->head->extra_len - state->length;
if (state->head != Z_NULL &&
state->head->extra != Z_NULL &&
- len < state->head->extra_max) {
+ (len = state->head->extra_len - state->length) <
+ state->head->extra_max) {
zmemcpy(state->head->extra + len, next,
len + copy > state->head->extra_max ?
state->head->extra_max - len : copy);

View File

@ -1,51 +0,0 @@
From ec3df00224d4b396e2ac6586ab5d25f673caa4c2 Mon Sep 17 00:00:00 2001
From: Mark Adler <madler@alumni.caltech.edu>
Date: Wed, 30 Mar 2022 11:14:53 -0700
Subject: [PATCH] Correct incorrect inputs provided to the CRC functions.
The previous releases of zlib were not sensitive to incorrect CRC
inputs with bits set above the low 32. This commit restores that
behavior, so that applications with such bugs will continue to
operate as before.
---
crc32.c | 8 ++++----
1 file changed, 4 insertions(+), 4 deletions(-)
diff --git a/crc32.c b/crc32.c
index a1bdce5c2..451887bc7 100644
--- a/crc32.c
+++ b/crc32.c
@@ -630,7 +630,7 @@ unsigned long ZEXPORT crc32_z(crc, buf, len)
#endif /* DYNAMIC_CRC_TABLE */
/* Pre-condition the CRC */
- crc ^= 0xffffffff;
+ crc = (~crc) & 0xffffffff;
/* Compute the CRC up to a word boundary. */
while (len && ((z_size_t)buf & 7) != 0) {
@@ -749,7 +749,7 @@ unsigned long ZEXPORT crc32_z(crc, buf, len)
#endif /* DYNAMIC_CRC_TABLE */
/* Pre-condition the CRC */
- crc ^= 0xffffffff;
+ crc = (~crc) & 0xffffffff;
#ifdef W
@@ -1077,7 +1077,7 @@ uLong ZEXPORT crc32_combine64(crc1, crc2, len2)
#ifdef DYNAMIC_CRC_TABLE
once(&made, make_crc_table);
#endif /* DYNAMIC_CRC_TABLE */
- return multmodp(x2nmodp(len2, 3), crc1) ^ crc2;
+ return multmodp(x2nmodp(len2, 3), crc1) ^ (crc2 & 0xffffffff);
}
/* ========================================================================= */
@@ -1112,5 +1112,5 @@ uLong crc32_combine_op(crc1, crc2, op)
uLong crc2;
uLong op;
{
- return multmodp(op, crc1) ^ crc2;
+ return multmodp(op, crc1) ^ (crc2 & 0xffffffff);
}

View File

@ -23,14 +23,14 @@ assert splitStaticOutput -> static;
stdenv.mkDerivation (rec {
pname = "zlib";
version = "1.2.12";
version = "1.2.13";
src = fetchurl {
urls =
[ "https://www.zlib.net/fossils/zlib-${version}.tar.gz" # stable archive path
"mirror://sourceforge/libpng/zlib/${version}/zlib-${version}.tar.gz"
];
sha256 = "91844808532e5ce316b3c010929493c0244f3d37593afd6de04f71821d5136d9";
hash = "sha256-s6JN6XqP28g1uYMxaVAQMLiXcDG8tUs7OsE3QPhGqzA=";
};
postPatch = lib.optionalString stdenv.hostPlatform.isDarwin ''
@ -40,17 +40,6 @@ stdenv.mkDerivation (rec {
--replace 'ARFLAGS="-o"' 'ARFLAGS="-r"'
'';
patches = [
./fix-configure-issue-cross.patch
# Starting zlib 1.2.12, zlib is stricter to incorrect CRC inputs
# with bits set above the low 32.
# see https://github.com/madler/zlib/issues/618
# TODO: remove the patch if upstream releases https://github.com/madler/zlib/commit/ec3df00224d4b396e2ac6586ab5d25f673caa4c2
# see https://github.com/NixOS/nixpkgs/issues/170539 for history.
./comprehensive-crc-validation-for-wrong-implementations.patch
./CVE-2022-37434.patch
];
strictDeps = true;
outputs = [ "out" "dev" ]
++ lib.optional splitStaticOutput "static";

View File

@ -1,24 +0,0 @@
From 05796d3d8d5546cf1b4dfe2cd72ab746afae505d Mon Sep 17 00:00:00 2001
From: Mark Adler <madler@alumni.caltech.edu>
Date: Mon, 28 Mar 2022 18:34:10 -0700
Subject: [PATCH] Fix configure issue that discarded provided CC definition.
---
configure | 3 +++
1 file changed, 3 insertions(+)
diff --git a/configure b/configure
index 52ff4a04e..3fa3e8618 100755
--- a/configure
+++ b/configure
@@ -174,7 +174,10 @@ if test -z "$CC"; then
else
cc=${CROSS_PREFIX}cc
fi
+else
+ cc=${CC}
fi
+
cflags=${CFLAGS-"-O3"}
# to force the asm version use: CFLAGS="-O3 -DASMV" ./configure
case "$cc" in