packages/zlib
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

!58 [sync] PR-55: delete redundant patch

Browse Source 
From: @openeuler-sync-bot 
Reviewed-by: @dillon_chen 
Signed-off-by: @dillon_chen
This commit is contained in:
openeuler-ci-bot 2024-06-19 04:11:20 +00:00 committed by Gitee
commit a10229f415
No known key found for this signature in database
GPG Key ID: 173E9B9CA92EEF8F
2 changed files with 4 additions and 32 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

30
fix-undefined-buffer-detected-by-oss-fuzz.patch
View File

@ -1,30 +0,0 @@
From fbc28a919107bb6fbdceb2d3dfe610ddcbc5ac89 Mon Sep 17 00:00:00 2001
From: fangyufa <fangyufa1@huawei.com>
Date: Tue, 3 Dec 2019 15:42:06 +0800
Subject: [PATCH] zlib: fix undefined buffer detected by oss-fuzz
this patch fixes a use of uninitialized value discovered by one of the
fuzzers of the oss-fuzz project:
https://github.com/google/oss-fuzz/blob/master/projects/zlib/example_dict_fuzzer.c
clear out s->prev buffer to avoid undefined behavior
signed-off-by: fangyufa <fangyufa1@huawei.com>
---
zlib-1.2.11/deflate.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/deflate.c b/deflate.c
index 4c42259..a03bef2 100644
--- a/deflate.c
+++ b/deflate.c
@@ -329,6 +329,7 @@ int ZEXPORT deflateInit2_(strm, level, method, windowBits, memLevel, strategy,
s->window = (Bytef *) ZALLOC(strm, s->w_size, 2*sizeof(Byte));
s->prev = (Posf *) ZALLOC(strm, s->w_size, sizeof(Pos));
+ memset(s->prev, 0, s->w_size*sizeof(Pos));
s->head = (Posf *) ZALLOC(strm, s->hash_size, sizeof(Pos));
s->high_water = 0; /* nothing written to s->window yet */
--
2.19.1

6
zlib.spec
View File

@ -1,6 +1,6 @@
Name: zlib Name: zlib
Version: 1.2.11 Version: 1.2.11
Release: 25 Release: 26
Summary: A lossless data-compression library Summary: A lossless data-compression library
License: zlib and Boost License: zlib and Boost
URL: http://www.zlib.net URL: http://www.zlib.net
@ -8,7 +8,6 @@ Source0: http://www.zlib.net/zlib-%{version}.tar.xz
# Patch0 get from fedora # Patch0 get from fedora
Patch6000: zlib-1.2.5-minizip-fixuncrypt.patch Patch6000: zlib-1.2.5-minizip-fixuncrypt.patch
Patch6001: fix-undefined-buffer-detected-by-oss-fuzz.patch
Patch6002: backport-0001-CVE-2018-25032.patch Patch6002: backport-0001-CVE-2018-25032.patch
Patch6003: backport-0002-CVE-2018-25032.patch Patch6003: backport-0002-CVE-2018-25032.patch
Patch6004: backport-0001-CVE-2022-37434.patch Patch6004: backport-0001-CVE-2022-37434.patch
@ -146,6 +145,9 @@ make test
%{_libdir}/pkgconfig/minizip.pc %{_libdir}/pkgconfig/minizip.pc
%changelog %changelog
* Tue Jun 18 2024 zhoupengcheng <zhoupengcheng11@huawei.com> - 1.2.11-26
- delete redundant patch
* Fri Apr 26 2024 zhoupengcheng <zhoupengcheng11@huawei.com> - 1.2.11-25 * Fri Apr 26 2024 zhoupengcheng <zhoupengcheng11@huawei.com> - 1.2.11-25
- DESC:apply patches regardless of architecture in zlib.spec and backport patches from upstream - DESC:apply patches regardless of architecture in zlib.spec and backport patches from upstream