webadmin/bpfire
1
0
Fork 0
mirror of https://github.com/vincentmli/bpfire.git synced 2026-04-09 18:45:54 +02:00
Code Issues Packages Projects Releases Wiki Activity

zlib: Update to version 1.2.13

Browse Source 
- Update from version 1.2.12 to 1.2.13
- Update of rootfile
- Patches for CVE-2022-37434 removed as they are now integarted in the source tarball
- Changelog
    Changes in 1.2.13 (13 Oct 2022)
	- Fix configure issue that discarded provided CC definition
	- Correct incorrect inputs provided to the CRC functions
	- Repair prototypes and exporting of new CRC functions
	- Fix inflateBack to detect invalid input with distances too far
	- Have infback() deliver all of the available output up to any error
	- Fix a bug when getting a gzip header extra field with inflate(CVE-2022-37434)
	- Fix bug in block type selection when Z_FIXED used
	- Tighten deflateBound bounds
	- Remove deleted assembler code references
	- Various portability and appearance improvements

Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Reviewed-by: Michael Tremer <michael.tremer@ipfire.org>
This commit is contained in:
Adolf Belka
2022-11-07 22:14:28 +01:00
committed by Peter Müller
parent a2a695be02
commit 634f46dc34
4 changed files with 4 additions and 63 deletions
Download Patch File Download Diff File Expand all files Collapse all files

26
src/patches/zlib-CVE-2022-37434-fix.patch
View File

@@ -1,26 +0,0 @@
commit 1eb7682f845ac9e9bf9ae35bbfb3bad5dacbd91d
Author: Mark Adler <fork@madler.net>
Date: Mon Aug 8 10:50:09 2022 -0700
Fix extra field processing bug that dereferences NULL state->head.
The recent commit to fix a gzip header extra field processing bug
introduced the new bug fixed here.
diff --git a/inflate.c b/inflate.c
index 7a72897..2a3c4fe 100644
--- a/inflate.c
+++ b/inflate.c
@@ -763,10 +763,10 @@ int flush;
copy = state->length;
if (copy > have) copy = have;
if (copy) {
- len = state->head->extra_len - state->length;
if (state->head != Z_NULL &&
state->head->extra != Z_NULL &&
- len < state->head->extra_max) {
+ (len = state->head->extra_len - state->length) <
+ state->head->extra_max) {
zmemcpy(state->head->extra + len, next,
len + copy > state->head->extra_max ?
state->head->extra_max - len : copy);

29
src/patches/zlib-CVE-2022-37434.patch
View File

@@ -1,29 +0,0 @@
commit eff308af425b67093bab25f80f1ae950166bece1
Author: Mark Adler <fork@madler.net>
Date: Sat Jul 30 15:51:11 2022 -0700
Fix a bug when getting a gzip header extra field with inflate().
If the extra field was larger than the space the user provided with
inflateGetHeader(), and if multiple calls of inflate() delivered
the extra header data, then there could be a buffer overflow of the
provided space. This commit assures that provided space is not
exceeded.
diff --git a/inflate.c b/inflate.c
index 7be8c63..7a72897 100644
--- a/inflate.c
+++ b/inflate.c
@@ -763,9 +763,10 @@ int flush;
copy = state->length;
if (copy > have) copy = have;
if (copy) {
+ len = state->head->extra_len - state->length;
if (state->head != Z_NULL &&
- state->head->extra != Z_NULL) {
- len = state->head->extra_len - state->length;
+ state->head->extra != Z_NULL &&
+ len < state->head->extra_max) {
zmemcpy(state->head->extra + len, next,
len + copy > state->head->extra_max ?
state->head->extra_max - len : copy);