diff --git a/3.6.3.tar.gz b/3.6.3.tar.gz deleted file mode 100644 index 6aea7a799408f87cce89ace9eb0b9f026accab5f..0000000000000000000000000000000000000000 Binary files a/3.6.3.tar.gz and /dev/null differ diff --git a/3.6.5.tar.gz b/3.6.5.tar.gz new file mode 100644 index 0000000000000000000000000000000000000000..93f8ac644f977133eaf91b06e1783d4306f0b03b Binary files /dev/null and b/3.6.5.tar.gz differ diff --git a/backport-fix-CVE-2005-1849.patch b/backport-fix-CVE-2005-1849.patch deleted file mode 100644 index 694cc5053438bc267433e378d9616b6cbdecc8e3..0000000000000000000000000000000000000000 --- a/backport-fix-CVE-2005-1849.patch +++ /dev/null @@ -1,29 +0,0 @@ -From 24a4a6969dd304e3496746732461abfbd2262cf4 Mon Sep 17 00:00:00 2001 -From: Mark Adler -Date: Tue, 30 Aug 2022 18:39:10 +0800 -Subject: [PATCH] test - -Conflict:NA -Reference:https://sources.debian.org/src/zlib/1%3A1.2.2-4.sarge.2/debian/patches/021-enough/ ---- - inftrees.h | 4 ++-- - 1 file changed, 2 insertions(+), 2 deletions(-) - -diff --git a/inftrees.h b/inftrees.h -index 82d365a..5cdcf8f 100644 ---- a/inftrees.h -+++ b/inftrees.h -@@ -40,8 +40,8 @@ typedef struct { - and 154 for distances, the latter actually the result of an - exhaustive search). The true maximum is not known, but the value - below is more than safe. */ --#define ENOUGH 1440 --#define MAXD 154 -+#define ENOUGH 2048 -+#define MAXD 592 - - /* Type of code to build for inftable() */ - typedef enum { --- -2.27.0 - diff --git a/backport-fix-CVE-2016-9840.patch b/backport-fix-CVE-2016-9840.patch deleted file mode 100644 index cd9f65a415db1d57a95c9421cabf45afe1361895..0000000000000000000000000000000000000000 --- a/backport-fix-CVE-2016-9840.patch +++ /dev/null @@ -1,78 +0,0 @@ -From 6a043145ca6e9c55184013841a67b2fef87e44c0 Mon Sep 17 00:00:00 2001 -From: Mark Adler -Date: Wed, 21 Sep 2016 23:35:50 -0700 -Subject: [PATCH] Remove offset pointer optimization in inftrees.c. - -inftrees.c was subtracting an offset from a pointer to an array, -in order to provide a pointer that allowed indexing starting at -the offset. This is not compliant with the C standard, for which -the behavior of a pointer decremented before its allocated memory -is undefined. Per the recommendation of a security audit of the -zlib code by Trail of Bits and TrustInSoft, in support of the -Mozilla Foundation, this tiny optimization was removed, in order -to avoid the possibility of undefined behavior. - -Conflict: Keep the variable name "this" unchanged, and the community - version uses "here" to be compatible with C++ -Reference:https://github.com/madler/zlib/commit/6a043145ca6e9c55184013841a67b2fef87e44c0 ---- - inftrees.c | 18 ++++++++---------- - 1 file changed, 8 insertions(+), 10 deletions(-) - -diff --git a/inftrees.c b/inftrees.c -index 22fcd66..0d2670d 100644 ---- a/inftrees.c -+++ b/inftrees.c -@@ -54,7 +54,7 @@ unsigned short FAR *work; - code FAR *next; /* next available space in table */ - const unsigned short FAR *base; /* base value table to use */ - const unsigned short FAR *extra; /* extra bits table to use */ -- int end; /* use base and extra for symbol > end */ -+ unsigned match; /* use base and extra for symbol >= match */ - unsigned short count[MAXBITS+1]; /* number of codes of each length */ - unsigned short offs[MAXBITS+1]; /* offsets in table for each length */ - static const unsigned short lbase[31] = { /* Length codes 257..285 base */ -@@ -181,19 +181,17 @@ unsigned short FAR *work; - switch (type) { - case CODES: - base = extra = work; /* dummy value--not used */ -- end = 19; -+ match = 20; - break; - case LENS: - base = lbase; -- base -= 257; - extra = lext; -- extra -= 257; -- end = 256; -+ match = 257; - break; - default: /* DISTS */ - base = dbase; - extra = dext; -- end = -1; -+ match = 0; - } - - /* initialize state for loop */ -@@ -216,13 +214,13 @@ unsigned short FAR *work; - for (;;) { - /* create table entry */ - this.bits = (unsigned char)(len - drop); -- if ((int)(work[sym]) < end) { -+ if (work[sym] + 1 < match) { - this.op = (unsigned char)0; - this.val = work[sym]; - } -- else if ((int)(work[sym]) > end) { -- this.op = (unsigned char)(extra[work[sym]]); -- this.val = base[work[sym]]; -+ else if (work[sym] >= match) { -+ this.op = (unsigned char)(extra[work[sym] - match]); -+ this.val = base[work[sym] - match]; - } - else { - this.op = (unsigned char)(32 + 64); /* end of block */ --- -2.27.0 - diff --git a/backport-fix-CVE-2016-9841.patch b/backport-fix-CVE-2016-9841.patch deleted file mode 100644 index 213af1489f22b6f7fb7a3b56a809f3e927cd82b9..0000000000000000000000000000000000000000 --- a/backport-fix-CVE-2016-9841.patch +++ /dev/null @@ -1,212 +0,0 @@ -From 9aaec95e82117c1cb0f9624264c3618fc380cecb Mon Sep 17 00:00:00 2001 -From: Mark Adler -Date: Wed, 21 Sep 2016 22:25:21 -0700 -Subject: [PATCH] Use post-increment only in inffast.c. - -An old inffast.c optimization turns out to not be optimal anymore -with modern compilers, and furthermore was not compliant with the -C standard, for which decrementing a pointer before its allocated -memory is undefined. Per the recommendation of a security audit of -the zlib code by Trail of Bits and TrustInSoft, in support of the -Mozilla Foundation, this "optimization" was removed, in order to -avoid the possibility of undefined behavior. - -Conflict:1.adjust context - 2.delete code contained by macro INFLATE_ALLOW_INVALID_DISTANCE_TOOFAR_ARRR - which is added by the new version -Reference:https://github.com/madler/zlib/commit/9aaec95e82117c1cb0f9624264c3618fc380cecb ---- - inffast.c | 75 +++++++++++++++++++++---------------------------------- - 1 file changed, 28 insertions(+), 47 deletions(-) - -diff --git a/inffast.c b/inffast.c -index bbee92e..1fd6467 100644 ---- a/inffast.c -+++ b/inffast.c -@@ -10,25 +10,6 @@ - - #ifndef ASMINF - --/* Allow machine dependent optimization for post-increment or pre-increment. -- Based on testing to date, -- Pre-increment preferred for: -- - PowerPC G3 (Adler) -- - MIPS R5000 (Randers-Pehrson) -- Post-increment preferred for: -- - none -- No measurable difference: -- - Pentium III (Anderson) -- - M68060 (Nikl) -- */ --#ifdef POSTINC --# define OFF 0 --# define PUP(a) *(a)++ --#else --# define OFF 1 --# define PUP(a) *++(a) --#endif -- - /* - Decode literal, length, and distance codes and write out the resulting - literal and match bytes until either not enough input or output is -@@ -96,9 +77,9 @@ unsigned start; /* inflate()'s starting value for strm->avail_out */ - - /* copy state to local variables */ - state = (struct inflate_state FAR *)strm->state; -- in = strm->next_in - OFF; -+ in = strm->next_in; - last = in + (strm->avail_in - 5); -- out = strm->next_out - OFF; -+ out = strm->next_out; - beg = out - (start - strm->avail_out); - end = out + (strm->avail_out - 257); - #ifdef INFLATE_STRICT -@@ -119,9 +100,9 @@ unsigned start; /* inflate()'s starting value for strm->avail_out */ - input data or output space */ - do { - if (bits < 15) { -- hold += (unsigned long)(PUP(in)) << bits; -+ hold += (unsigned long)(*in++) << bits; - bits += 8; -- hold += (unsigned long)(PUP(in)) << bits; -+ hold += (unsigned long)(*in++) << bits; - bits += 8; - } - this = lcode[hold & lmask]; -@@ -134,14 +115,14 @@ unsigned start; /* inflate()'s starting value for strm->avail_out */ - Tracevv((stderr, this.val >= 0x20 && this.val < 0x7f ? - "inflate: literal '%c'\n" : - "inflate: literal 0x%02x\n", this.val)); -- PUP(out) = (unsigned char)(this.val); -+ *out++ = (unsigned char)(this.val); - } - else if (op & 16) { /* length base */ - len = (unsigned)(this.val); - op &= 15; /* number of extra bits */ - if (op) { - if (bits < op) { -- hold += (unsigned long)(PUP(in)) << bits; -+ hold += (unsigned long)(*in++) << bits; - bits += 8; - } - len += (unsigned)hold & ((1U << op) - 1); -@@ -150,9 +131,9 @@ unsigned start; /* inflate()'s starting value for strm->avail_out */ - } - Tracevv((stderr, "inflate: length %u\n", len)); - if (bits < 15) { -- hold += (unsigned long)(PUP(in)) << bits; -+ hold += (unsigned long)(*in++) << bits; - bits += 8; -- hold += (unsigned long)(PUP(in)) << bits; -+ hold += (unsigned long)(*in++) << bits; - bits += 8; - } - this = dcode[hold & dmask]; -@@ -165,10 +146,10 @@ unsigned start; /* inflate()'s starting value for strm->avail_out */ - dist = (unsigned)(this.val); - op &= 15; /* number of extra bits */ - if (bits < op) { -- hold += (unsigned long)(PUP(in)) << bits; -+ hold += (unsigned long)(*in++) << bits; - bits += 8; - if (bits < op) { -- hold += (unsigned long)(PUP(in)) << bits; -+ hold += (unsigned long)(*in++) << bits; - bits += 8; - } - } -@@ -191,13 +172,13 @@ unsigned start; /* inflate()'s starting value for strm->avail_out */ - state->mode = BAD; - break; - } -- from = window - OFF; -+ from = window; - if (write == 0) { /* very common case */ - from += wsize - op; - if (op < len) { /* some from window */ - len -= op; - do { -- PUP(out) = PUP(from); -+ *out++ = *from++; - } while (--op); - from = out - dist; /* rest from output */ - } -@@ -208,14 +189,14 @@ unsigned start; /* inflate()'s starting value for strm->avail_out */ - if (op < len) { /* some from end of window */ - len -= op; - do { -- PUP(out) = PUP(from); -+ *out++ = *from++; - } while (--op); -- from = window - OFF; -+ from = window; - if (write < len) { /* some from start of window */ - op = write; - len -= op; - do { -- PUP(out) = PUP(from); -+ *out++ = *from++; - } while (--op); - from = out - dist; /* rest from output */ - } -@@ -226,35 +207,35 @@ unsigned start; /* inflate()'s starting value for strm->avail_out */ - if (op < len) { /* some from window */ - len -= op; - do { -- PUP(out) = PUP(from); -+ *out++ = *from++; - } while (--op); - from = out - dist; /* rest from output */ - } - } - while (len > 2) { -- PUP(out) = PUP(from); -- PUP(out) = PUP(from); -- PUP(out) = PUP(from); -+ *out++ = *from++; -+ *out++ = *from++; -+ *out++ = *from++; - len -= 3; - } - if (len) { -- PUP(out) = PUP(from); -+ *out++ = *from++; - if (len > 1) -- PUP(out) = PUP(from); -+ *out++ = *from++; - } - } - else { - from = out - dist; /* copy direct from output */ - do { /* minimum length is three */ -- PUP(out) = PUP(from); -- PUP(out) = PUP(from); -- PUP(out) = PUP(from); -+ *out++ = *from++; -+ *out++ = *from++; -+ *out++ = *from++; - len -= 3; - } while (len > 2); - if (len) { -- PUP(out) = PUP(from); -+ *out++ = *from++; - if (len > 1) -- PUP(out) = PUP(from); -+ *out++ = *from++; - } - } - } -@@ -291,8 +272,8 @@ unsigned start; /* inflate()'s starting value for strm->avail_out */ - hold &= (1U << bits) - 1; - - /* update state and return */ -- strm->next_in = in + OFF; -- strm->next_out = out + OFF; -+ strm->next_in = in; -+ strm->next_out = out; - strm->avail_in = (unsigned)(in < last ? 5 + (last - in) : 5 - (in - last)); - strm->avail_out = (unsigned)(out < end ? - 257 + (end - out) : 257 - (out - end)); --- -2.27.0 - diff --git a/backport-fix-CVE-2016-9843.patch b/backport-fix-CVE-2016-9843.patch deleted file mode 100644 index e8cc6567d099399998a04054961935dc9a3b733e..0000000000000000000000000000000000000000 --- a/backport-fix-CVE-2016-9843.patch +++ /dev/null @@ -1,55 +0,0 @@ -From d1d577490c15a0c6862473d7576352a9f18ef811 Mon Sep 17 00:00:00 2001 -From: Mark Adler -Date: Wed, 28 Sep 2016 20:20:25 -0700 -Subject: [PATCH] Avoid pre-decrement of pointer in big-endian CRC calculation. - -There was a small optimization for PowerPCs to pre-increment a -pointer when accessing a word, instead of post-incrementing. This -required prefacing the loop with a decrement of the pointer, -possibly pointing before the object passed. This is not compliant -with the C standard, for which decrementing a pointer before its -allocated memory is undefined. When tested on a modern PowerPC -with a modern compiler, the optimization no longer has any effect. -Due to all that, and per the recommendation of a security audit of -the zlib code by Trail of Bits and TrustInSoft, in support of the -Mozilla Foundation, this "optimization" was removed, in order to -avoid the possibility of undefined behavior. - -Conflict:adjust context -Reference:https://github.com/madler/zlib/commit/d1d577490c15a0c6862473d7576352a9f18ef811 ---- - crc32.c | 4 +--- - 1 file changed, 1 insertion(+), 3 deletions(-) - -diff --git a/crc32.c b/crc32.c -index 979a719..05733f4 100644 ---- a/crc32.c -+++ b/crc32.c -@@ -278,7 +278,7 @@ local unsigned long crc32_little(crc, buf, len) - } - - /* ========================================================================= */ --#define DOBIG4 c ^= *++buf4; \ -+#define DOBIG4 c ^= *buf4++; \ - c = crc_table[4][c & 0xff] ^ crc_table[5][(c >> 8) & 0xff] ^ \ - crc_table[6][(c >> 16) & 0xff] ^ crc_table[7][c >> 24] - #define DOBIG32 DOBIG4; DOBIG4; DOBIG4; DOBIG4; DOBIG4; DOBIG4; DOBIG4; DOBIG4 -@@ -300,7 +300,6 @@ local unsigned long crc32_big(crc, buf, len) - } - - buf4 = (const u4 FAR *)buf; -- buf4--; - while (len >= 32) { - DOBIG32; - len -= 32; -@@ -309,7 +308,6 @@ local unsigned long crc32_big(crc, buf, len) - DOBIG4; - len -= 4; - } -- buf4++; - buf = (const unsigned char FAR *)buf4; - - if (len) do { --- -2.27.0 - diff --git a/backport-fix-CVE-2018-25032.patch b/backport-fix-CVE-2018-25032.patch deleted file mode 100644 index f49c43fba591c358f64e134dcde3b387071b9072..0000000000000000000000000000000000000000 --- a/backport-fix-CVE-2018-25032.patch +++ /dev/null @@ -1,307 +0,0 @@ -From 5c44459c3b28a9bd3283aaceab7c615f8020c531 Mon Sep 17 00:00:00 2001 -From: Mark Adler -Date: Tue, 17 Apr 2018 22:09:22 -0700 -Subject: [PATCH] Fix a bug that can crash deflate on some input when using - Z_FIXED. - -This bug was reported by Danilo Ramos of Eideticom, Inc. It has -lain in wait 13 years before being found! The bug was introduced -in zlib 1.2.2.2, with the addition of the Z_FIXED option. That -option forces the use of fixed Huffman codes. For rare inputs with -a large number of distant matches, the pending buffer into which -the compressed data is written can overwrite the distance symbol -table which it overlays. That results in corrupted output due to -invalid distances, and can result in out-of-bound accesses, -crashing the application. - -The fix here combines the distance buffer and literal/length -buffers into a single symbol buffer. Now three bytes of pending -buffer space are opened up for each literal or length/distance -pair consumed, instead of the previous two bytes. This assures -that the pending buffer cannot overwrite the symbol table, since -the maximum fixed code compressed length/distance is 31 bits, and -since there are four bytes of pending space for every three bytes -of symbol space. - -Conflict:1.Delete modification of deflateprime function, which is not available - in the version 1.2.2.f - 2.Delete the modification involving "FLUSH-BLOCK". It relies on the pre - patch and has nothing to do with repairing CVE -Reference:https://github.com/madler/zlib/commit/5c44459c3b28a9bd3283aaceab7c615f8020c531 ---- - deflate.c | 64 ++++++++++++++++++++++++++++++++++++++++++------------- - deflate.h | 25 ++++++++++------------ - trees.c | 50 ++++++++++++------------------------------- - 3 files changed, 74 insertions(+), 65 deletions(-) - -diff --git a/deflate.c b/deflate.c -index c46aea6..6d4c582 100644 ---- a/deflate.c -+++ b/deflate.c -@@ -237,11 +237,6 @@ int ZEXPORT deflateInit2_(strm, level, method, windowBits, memLevel, strategy, - int rsyncable = 0; - static const char my_version[] = ZLIB_VERSION; - -- ushf *overlay; -- /* We overlay pending_buf and d_buf+l_buf. This works since the average -- * output size for (length,distance) codes is <= 24 bits. -- */ -- - if (version == Z_NULL || version[0] != my_version[0] || - stream_size != sizeof(z_stream)) { - return Z_VERSION_ERROR; -@@ -303,9 +298,47 @@ int ZEXPORT deflateInit2_(strm, level, method, windowBits, memLevel, strategy, - - s->lit_bufsize = 1 << (memLevel + 6); /* 16K elements by default */ - -- overlay = (ushf *) ZALLOC(strm, s->lit_bufsize, sizeof(ush)+2); -- s->pending_buf = (uchf *) overlay; -- s->pending_buf_size = (ulg)s->lit_bufsize * (sizeof(ush)+2L); -+ /* We overlay pending_buf and sym_buf. This works since the average size -+ * for length/distance pairs over any compressed block is assured to be 31 -+ * bits or less. -+ * -+ * Analysis: The longest fixed codes are a length code of 8 bits plus 5 -+ * extra bits, for lengths 131 to 257. The longest fixed distance codes are -+ * 5 bits plus 13 extra bits, for distances 16385 to 32768. The longest -+ * possible fixed-codes length/distance pair is then 31 bits total. -+ * -+ * sym_buf starts one-fourth of the way into pending_buf. So there are -+ * three bytes in sym_buf for every four bytes in pending_buf. Each symbol -+ * in sym_buf is three bytes -- two for the distance and one for the -+ * literal/length. As each symbol is consumed, the pointer to the next -+ * sym_buf value to read moves forward three bytes. From that symbol, up to -+ * 31 bits are written to pending_buf. The closest the written pending_buf -+ * bits gets to the next sym_buf symbol to read is just before the last -+ * code is written. At that time, 31*(n-2) bits have been written, just -+ * after 24*(n-2) bits have been consumed from sym_buf. sym_buf starts at -+ * 8*n bits into pending_buf. (Note that the symbol buffer fills when n-1 -+ * symbols are written.) The closest the writing gets to what is unread is -+ * then n+14 bits. Here n is lit_bufsize, which is 16384 by default, and -+ * can range from 128 to 32768. -+ * -+ * Therefore, at a minimum, there are 142 bits of space between what is -+ * written and what is read in the overlain buffers, so the symbols cannot -+ * be overwritten by the compressed data. That space is actually 139 bits, -+ * due to the three-bit fixed-code block header. -+ * -+ * That covers the case where either Z_FIXED is specified, forcing fixed -+ * codes, or when the use of fixed codes is chosen, because that choice -+ * results in a smaller compressed block than dynamic codes. That latter -+ * condition then assures that the above analysis also covers all dynamic -+ * blocks. A dynamic-code block will only be chosen to be emitted if it has -+ * fewer bits than a fixed-code block would for the same set of symbols. -+ * Therefore its average symbol length is assured to be less than 31. So -+ * the compressed data for a dynamic block also cannot overwrite the -+ * symbols from which it is being constructed. -+ */ -+ -+ s->pending_buf = (uchf *) ZALLOC(strm, s->lit_bufsize, 4); -+ s->pending_buf_size = (ulg)s->lit_bufsize * 4; - - if (s->window == Z_NULL || s->prev == Z_NULL || s->head == Z_NULL || - s->pending_buf == Z_NULL) { -@@ -314,8 +347,12 @@ int ZEXPORT deflateInit2_(strm, level, method, windowBits, memLevel, strategy, - deflateEnd (strm); - return Z_MEM_ERROR; - } -- s->d_buf = overlay + s->lit_bufsize/sizeof(ush); -- s->l_buf = s->pending_buf + (1+sizeof(ush))*s->lit_bufsize; -+ s->sym_buf = s->pending_buf + s->lit_bufsize; -+ s->sym_end = (s->lit_bufsize - 1) * 3; -+ /* We avoid equality with lit_bufsize*3 because of wraparound at 64K -+ * on 16 bit machines and because stored blocks are restricted to -+ * 64K-1 bytes. -+ */ - - s->level = level; - s->strategy = strategy; -@@ -897,7 +934,6 @@ int ZEXPORT deflateCopy (dest, source) - #else - deflate_state *ds; - deflate_state *ss; -- ushf *overlay; - - - if (source == Z_NULL || dest == Z_NULL || source->state == Z_NULL) { -@@ -917,8 +953,7 @@ int ZEXPORT deflateCopy (dest, source) - ds->window = (Bytef *) ZALLOC(dest, ds->w_size, 2*sizeof(Byte)); - ds->prev = (Posf *) ZALLOC(dest, ds->w_size, sizeof(Pos)); - ds->head = (Posf *) ZALLOC(dest, ds->hash_size, sizeof(Pos)); -- overlay = (ushf *) ZALLOC(dest, ds->lit_bufsize, sizeof(ush)+2); -- ds->pending_buf = (uchf *) overlay; -+ ds->pending_buf = (uchf *) ZALLOC(dest, ds->lit_bufsize, 4); - - if (ds->window == Z_NULL || ds->prev == Z_NULL || ds->head == Z_NULL || - ds->pending_buf == Z_NULL) { -@@ -932,8 +967,7 @@ int ZEXPORT deflateCopy (dest, source) - zmemcpy(ds->pending_buf, ss->pending_buf, (uInt)ds->pending_buf_size); - - ds->pending_out = ds->pending_buf + (ss->pending_out - ss->pending_buf); -- ds->d_buf = overlay + ds->lit_bufsize/sizeof(ush); -- ds->l_buf = ds->pending_buf + (1+sizeof(ush))*ds->lit_bufsize; -+ ds->sym_buf = ds->pending_buf + ds->lit_bufsize; - - ds->l_desc.dyn_tree = ds->dyn_ltree; - ds->d_desc.dyn_tree = ds->dyn_dtree; -diff --git a/deflate.h b/deflate.h -index 35363bb..1ec0e2c 100644 ---- a/deflate.h -+++ b/deflate.h -@@ -212,7 +212,7 @@ typedef struct internal_state { - /* Depth of each subtree used as tie breaker for trees of equal frequency - */ - -- uchf *l_buf; /* buffer for literals or lengths */ -+ uchf *sym_buf; /* buffer for distances and literals/lengths */ - - uInt lit_bufsize; - /* Size of match buffer for literals/lengths. There are 4 reasons for -@@ -234,13 +234,8 @@ typedef struct internal_state { - * - I can't count above 4 - */ - -- uInt last_lit; /* running index in l_buf */ -- -- ushf *d_buf; -- /* Buffer for distances. To simplify the code, d_buf and l_buf have -- * the same number of elements. To use different lengths, an extra flag -- * array would be necessary. -- */ -+ uInt sym_next; /* running index in sym_buf */ -+ uInt sym_end; /* symbol table full when sym_next reaches this */ - - ulg opt_len; /* bit length of current block with optimal trees */ - ulg static_len; /* bit length of current block with static trees */ -@@ -311,20 +306,22 @@ void _tr_stored_block OF((deflate_state *s, charf *buf, ulg stored_len, - - # define _tr_tally_lit(s, c, flush) \ - { uch cc = (c); \ -- s->d_buf[s->last_lit] = 0; \ -- s->l_buf[s->last_lit++] = cc; \ -+ s->sym_buf[s->sym_next++] = 0; \ -+ s->sym_buf[s->sym_next++] = 0; \ -+ s->sym_buf[s->sym_next++] = cc; \ - s->dyn_ltree[cc].Freq++; \ -- flush = (s->last_lit == s->lit_bufsize-1); \ -+ flush = (s->sym_next == s->sym_end); \ - } - # define _tr_tally_dist(s, distance, length, flush) \ - { uch len = (length); \ - ush dist = (distance); \ -- s->d_buf[s->last_lit] = dist; \ -- s->l_buf[s->last_lit++] = len; \ -+ s->sym_buf[s->sym_next++] = dist; \ -+ s->sym_buf[s->sym_next++] = dist >> 8; \ -+ s->sym_buf[s->sym_next++] = len; \ - dist--; \ - s->dyn_ltree[_length_code[len]+LITERALS+1].Freq++; \ - s->dyn_dtree[d_code(dist)].Freq++; \ -- flush = (s->last_lit == s->lit_bufsize-1); \ -+ flush = (s->sym_next == s->sym_end); \ - } - #else - # define _tr_tally_lit(s, c, flush) flush = _tr_tally(s, 0, c) -diff --git a/trees.c b/trees.c -index c160b07..0f2aae7 100644 ---- a/trees.c -+++ b/trees.c -@@ -420,7 +420,7 @@ local void init_block(s) - - s->dyn_ltree[END_BLOCK].Freq = 1; - s->opt_len = s->static_len = 0L; -- s->last_lit = s->matches = 0; -+ s->sym_next = s->matches = 0; - } - - #define SMALLEST 1 -@@ -958,7 +958,7 @@ void _tr_flush_block(s, buf, stored_len, pad, eof) - - Tracev((stderr, "\nopt %lu(%lu) stat %lu(%lu) stored %lu lit %u ", - opt_lenb, s->opt_len, static_lenb, s->static_len, stored_len, -- s->last_lit)); -+ s->sym_next / 3)); - - if (static_lenb <= opt_lenb) opt_lenb = static_lenb; - -@@ -1031,8 +1031,9 @@ int _tr_tally (s, dist, lc) - unsigned dist; /* distance of matched string */ - unsigned lc; /* match length-MIN_MATCH or unmatched char (if dist==0) */ - { -- s->d_buf[s->last_lit] = (ush)dist; -- s->l_buf[s->last_lit++] = (uch)lc; -+ s->sym_buf[s->sym_next++] = dist; -+ s->sym_buf[s->sym_next++] = dist >> 8; -+ s->sym_buf[s->sym_next++] = lc; - if (dist == 0) { - /* lc is the unmatched char */ - s->dyn_ltree[lc].Freq++; -@@ -1047,30 +1048,7 @@ int _tr_tally (s, dist, lc) - s->dyn_ltree[_length_code[lc]+LITERALS+1].Freq++; - s->dyn_dtree[d_code(dist)].Freq++; - } -- --#ifdef TRUNCATE_BLOCK -- /* Try to guess if it is profitable to stop the current block here */ -- if ((s->last_lit & 0x1fff) == 0 && s->level > 2) { -- /* Compute an upper bound for the compressed length */ -- ulg out_length = (ulg)s->last_lit*8L; -- ulg in_length = (ulg)((long)s->strstart - s->block_start); -- int dcode; -- for (dcode = 0; dcode < D_CODES; dcode++) { -- out_length += (ulg)s->dyn_dtree[dcode].Freq * -- (5L+extra_dbits[dcode]); -- } -- out_length >>= 3; -- Tracev((stderr,"\nlast_lit %u, in %ld, out ~%ld(%ld%%) ", -- s->last_lit, in_length, out_length, -- 100L - out_length*100L/in_length)); -- if (s->matches < s->last_lit/2 && out_length < in_length/2) return 1; -- } --#endif -- return (s->last_lit == s->lit_bufsize-1); -- /* We avoid equality with lit_bufsize because of wraparound at 64K -- * on 16 bit machines and because stored blocks are restricted to -- * 64K-1 bytes. -- */ -+ return (s->sym_next == s->sym_end); - } - - /* =========================================================================== -@@ -1083,13 +1061,14 @@ local void compress_block(s, ltree, dtree) - { - unsigned dist; /* distance of matched string */ - int lc; /* match length or unmatched char (if dist == 0) */ -- unsigned lx = 0; /* running index in l_buf */ -+ unsigned sx = 0; /* running index in sym_buf */ - unsigned code; /* the code to send */ - int extra; /* number of extra bits to send */ - -- if (s->last_lit != 0) do { -- dist = s->d_buf[lx]; -- lc = s->l_buf[lx++]; -+ if (s->sym_next != 0) do { -+ dist = s->sym_buf[sx++] & 0xff; -+ dist += (unsigned)(s->sym_buf[sx++] & 0xff) << 8; -+ lc = s->sym_buf[sx++]; - if (dist == 0) { - send_code(s, lc, ltree); /* send a literal byte */ - Tracecv(isgraph(lc), (stderr," '%c' ", lc)); -@@ -1114,11 +1093,10 @@ local void compress_block(s, ltree, dtree) - } - } /* literal or match pair ? */ - -- /* Check that the overlay between pending_buf and d_buf+l_buf is ok: */ -- Assert((uInt)(s->pending) < s->lit_bufsize + 2*lx, -- "pendingBuf overflow"); -+ /* Check that the overlay between pending_buf and sym_buf is ok: */ -+ Assert(s->pending < s->lit_bufsize + sx, "pendingBuf overflow"); - -- } while (lx < s->last_lit); -+ } while (sx < s->sym_next); - - send_code(s, END_BLOCK, ltree); - s->last_eob_len = ltree[END_BLOCK].Len; --- -2.27.0 - diff --git a/backport-fix-CVE-2022-37434-1.patch b/backport-fix-CVE-2022-37434-1.patch deleted file mode 100644 index 16b9dd88f283f0d4823d7fc5a7165df9ef7ebb06..0000000000000000000000000000000000000000 --- a/backport-fix-CVE-2022-37434-1.patch +++ /dev/null @@ -1,38 +0,0 @@ -From eff308af425b67093bab25f80f1ae950166bece1 Mon Sep 17 00:00:00 2001 -From: Mark Adler -Date: Sat, 30 Jul 2022 15:51:11 -0700 -Subject: [PATCH] Fix a bug when getting a gzip header extra field with - inflate(). - -If the extra field was larger than the space the user provided with -inflateGetHeader(), and if multiple calls of inflate() delivered -the extra header data, then there could be a buffer overflow of the -provided space. This commit assures that provided space is not -exceeded. - -Conflict:NA -Reference:https://github.com/madler/zlib/commit/eff308af425b67093bab25f80f1ae950166bece1 ---- - inflate.c | 5 +++-- - 1 file changed, 3 insertions(+), 2 deletions(-) - -diff --git a/inflate.c b/inflate.c -index 7be8c63..7a72897 100644 ---- a/inflate.c -+++ b/inflate.c -@@ -763,9 +763,10 @@ int flush; - copy = state->length; - if (copy > have) copy = have; - if (copy) { -+ len = state->head->extra_len - state->length; - if (state->head != Z_NULL && -- state->head->extra != Z_NULL) { -- len = state->head->extra_len - state->length; -+ state->head->extra != Z_NULL && -+ len < state->head->extra_max) { - zmemcpy(state->head->extra + len, next, - len + copy > state->head->extra_max ? - state->head->extra_max - len : copy); --- -2.27.0 - diff --git a/backport-fix-CVE-2022-37434-2.patch b/backport-fix-CVE-2022-37434-2.patch deleted file mode 100644 index d35267af1a48c1891914a688b73d5bbec33dd87b..0000000000000000000000000000000000000000 --- a/backport-fix-CVE-2022-37434-2.patch +++ /dev/null @@ -1,35 +0,0 @@ -From 1eb7682f845ac9e9bf9ae35bbfb3bad5dacbd91d Mon Sep 17 00:00:00 2001 -From: Mark Adler -Date: Mon, 8 Aug 2022 10:50:09 -0700 -Subject: [PATCH] Fix extra field processing bug that dereferences NULL - state->head. - -The recent commit to fix a gzip header extra field processing bug -introduced the new bug fixed here. - -Conflict:NA -Reference:https://github.com/madler/zlib/commit/1eb7682f845ac9e9bf9ae35bbfb3bad5dacbd91d ---- - inflate.c | 4 ++-- - 1 file changed, 2 insertions(+), 2 deletions(-) - -diff --git a/inflate.c b/inflate.c -index 7a72897..2a3c4fe 100644 ---- a/inflate.c -+++ b/inflate.c -@@ -763,10 +763,10 @@ int flush; - copy = state->length; - if (copy > have) copy = have; - if (copy) { -- len = state->head->extra_len - state->length; - if (state->head != Z_NULL && - state->head->extra != Z_NULL && -- len < state->head->extra_max) { -+ (len = state->head->extra_len - state->length) < -+ state->head->extra_max) { - zmemcpy(state->head->extra + len, next, - len + copy > state->head->extra_max ? - state->head->extra_max - len : copy); --- -2.27.0 - diff --git a/deltarpm.spec b/deltarpm.spec index e110f3159b7e2e73f4c0b428b1596136d2a56fc1..e430c5637676e9d34df342fc61f0e08946800d87 100644 --- a/deltarpm.spec +++ b/deltarpm.spec @@ -1,24 +1,16 @@ %bcond_without python3 Name: deltarpm -Version: 3.6.3 -Release: 2 +Version: 3.6.5 +Release: 1 Summary: deltarpm contains the difference between an old and a new version of an RPM package. -License: BSD +License: BSD-3-Clause URL: https://github.com/rpm-software-management/deltarpm -Source0: https://github.com/rpm-software-management/deltarpm/archive/3.6.3.tar.gz +Source0: https://github.com/rpm-software-management/deltarpm/archive/%{version}.tar.gz -BuildRequires: gcc bzip2-devel perl-generators xz-devel rpm-devel popt-devel zlib-devel +BuildRequires: gcc bzip2-devel perl-generators xz-devel rpm-devel popt-devel zlib-devel zstd-devel BuildRequires: %{_vendor}-rpm-config BuildRequires: python3-devel -Patch6000: backport-fix-CVE-2005-1849.patch -Patch6001: backport-fix-CVE-2016-9840.patch -Patch6002: backport-fix-CVE-2016-9841.patch -Patch6003: backport-fix-CVE-2016-9843.patch -Patch6004: backport-fix-CVE-2018-25032.patch -Patch6005: backport-fix-CVE-2022-37434-1.patch -Patch6006: backport-fix-CVE-2022-37434-2.patch - %description Delta RPM packages contain the difference between an old and a new version of an RPM package. Applying a delta RPM on an old RPM results @@ -50,42 +42,35 @@ deltarpms. %prep %setup -q -n %{name}-%{version} -#patch for zlib -cd zlib-1.2.2.f-rsyncable -%patch6000 -p1 -%patch6001 -p1 -%patch6002 -p1 -%patch6003 -p1 -%patch6004 -p1 -%patch6005 -p1 -%patch6006 -p1 -cd - -#patch for zlib end +rm -fr zlib-1.2.2.f-rsyncable %build -%make_build CFLAGS="$RPM_OPT_FLAGS" LDFLAGS="%__global_ldflags" \ +%set_build_flags +%make_build CC="%{__cc}" CFLAGS="%build_cflags -DWITH_ZSTD=1" LDFLAGS="%build_ldflags" \ bindir=%{_bindir} libdir=%{_libdir} mandir=%{_mandir} prefix=%{_prefix} \ zlibbundled='' zlibldflags='-lz' zlibcppflags='' -%make_build CFLAGS="$RPM_OPT_FLAGS" LDFLAGS="%__global_ldflags" \ +%make_build CC="%{__cc}" CFLAGS="%build_cflags -DWITH_ZSTD=1" LDFLAGS="%build_ldflags" \ bindir=%{_bindir} libdir=%{_libdir} mandir=%{_mandir} prefix=%{_prefix} \ zlibbundled='' zlibldflags='-lz' zlibcppflags='' python %install -%makeinstall pylibprefix=%{buildroot} +%make_build pylibprefix=%{buildroot} mandir=%{buildroot}%{_mandir} prefix=%{buildroot}%{_prefix} install %files -%defattr(-,root,root) %license LICENSE.BSD -%{_bindir}/* -%exclude %{_bindir}/drpmsync +%{_bindir}/applydeltarpm +%{_bindir}/combinedeltarpm +%{_bindir}/makedeltarpm +%{_bindir}/rpmdumpheader +%{_bindir}/applydeltaiso +%{_bindir}/fragiso +%{_bindir}/makedeltaiso %files help -%defattr(-,root,root) %doc README NEWS %{_mandir}/man8/* %files -n python3-%{name} -%defattr(-,root,root) %{python3_sitearch}/%{name}.py %{python3_sitearch}/__pycache__/%{name}*.pyc %{python3_sitearch}/_%{name}module.so @@ -94,6 +79,10 @@ cd - %{_bindir}/drpmsync %changelog +* Sun Jul 20 2025 Funda Wang - 3.6.5-1 +- update to 3.6.5 +- drop unused zlib patches as we do not build bundled zlib + * Tue Sep 20 2022 zhoushuiqing - 3.6.3-2 - Type:CVE - CVE:CVE-2005-1849,CVE-2016-9840,CVE-2016-9841,CVE-2016-9843,CVE-2018-25032,CVE-2022-37434