From ee65ab90886d1240dc7ef6b6afc98012d7c18b2a Mon Sep 17 00:00:00 2001 From: zhoupengcheng Date: Fri, 26 Apr 2024 17:24:04 +0800 Subject: [PATCH] zlib:backport upstream patch --- 0001-Neon-Optimized-hash-chain-rebase.patch | 170 ------- 0002-Porting-optimized-longest_match.patch | 218 --------- 0003-arm64-specific-build-patch.patch | 115 ----- ...king-to-ERR_MSG-macro-used-by-zError.patch | 27 ++ ...p-member-after-gzflush-with-Z_FINISH.patch | 67 +++ ...ed-behavior-of-memcpy-in-_tr_stored_.patch | 32 ++ ...fined-behavior-of-memcpy-in-gzappend.patch | 27 ++ ...ined-behaviors-of-memcpy-in-gzprintf.patch | 33 ++ ...negation-behavior-if-windowBits-is-I.patch | 41 ++ ...puting-check-value-after-successful-.patch | 119 +++++ ...acro-to-be-usable-as-a-single-statem.patch | 34 ++ ...n-ZLIB_DEBUG-compiles-in-check_match.patch | 50 ++ ...ock-type-selection-when-Z_FIXED-used.patch | 46 ++ ...lateSync-for-data-held-in-bit-buffer.patch | 27 ++ ...etc-is-used-immediately-after-gzopen.patch | 26 + ...ing-gzflush-with-a-very-small-buffer.patch | 26 + ...g-when-window-full-in-deflate_stored.patch | 27 ++ ...rams-attempted-for-transparent-write.patch | 26 + ...the-emission-of-Zip64-end-records-in.patch | 35 ++ ...o-not-report-an-error-at-start-of-ra.patch | 36 ++ ...to-detect-invalid-input-with-distanc.patch | 27 ++ ...error-in-minizip-argument-processing.patch | 24 + ...-Fix-memory-leak-on-error-in-gzlog.c.patch | 46 ++ ...mber-start-on-zip64-files-in-minizip.patch | 40 ++ ...-minizip-to-work-past-4GB.-Dani-l-H-.patch | 42 ++ ...e-inflateSync-used-when-header-never.patch | 35 ++ ...ip-file-traversal-attacks-in-miniunz.patch | 61 +++ ...ntrib-untgz-and-render-it-compilable.patch | 109 +++++ ...if-the-gzputs-string-length-can-t-fi.patch | 43 ++ ...-warning-fixes-for-minizip.-gvollant.patch | 71 +++ ...SAN-detections-in-deflate-slide_hash.patch | 36 ++ ...d-unused-warnings-in-contrib-minizip.patch | 63 +++ ...-being-unable-to-open-empty-zip-file.patch | 160 +++++++ zlib-1.2.11-SIMD.patch | 447 ++++++++++-------- ...e-CRC32.patch => zlib-Optimize-CRC32.patch | 10 +- zlib.spec | 78 +-- 36 files changed, 1724 insertions(+), 750 deletions(-) delete mode 100644 0001-Neon-Optimized-hash-chain-rebase.patch delete mode 100644 0002-Porting-optimized-longest_match.patch delete mode 100644 0003-arm64-specific-build-patch.patch create mode 100644 backport-Add-bounds-checking-to-ERR_MSG-macro-used-by-zError.patch create mode 100644 backport-Avoid-adding-empty-gzip-member-after-gzflush-with-Z_FINISH.patch create mode 100644 backport-Avoid-an-undefined-behavior-of-memcpy-in-_tr_stored_.patch create mode 100644 backport-Avoid-an-undefined-behavior-of-memcpy-in-gzappend.patch create mode 100644 backport-Avoid-undefined-behaviors-of-memcpy-in-gzprintf.patch create mode 100644 backport-Avoid-undefined-negation-behavior-if-windowBits-is-I.patch create mode 100644 backport-Don-t-bother-computing-check-value-after-successful-.patch create mode 100644 backport-Fix-CLEAR_HASH-macro-to-be-usable-as-a-single-statem.patch create mode 100644 backport-Fix-a-bug-in-ZLIB_DEBUG-compiles-in-check_match.patch create mode 100644 backport-Fix-bug-in-block-type-selection-when-Z_FIXED-used.patch create mode 100644 backport-Fix-bug-in-inflateSync-for-data-held-in-bit-buffer.patch create mode 100644 backport-Fix-bug-when-gzungetc-is-used-immediately-after-gzopen.patch create mode 100644 backport-Fix-bug-when-using-gzflush-with-a-very-small-buffer.patch create mode 100644 backport-Fix-bug-when-window-full-in-deflate_stored.patch create mode 100644 backport-Fix-crash-when-gzsetparams-attempted-for-transparent-write.patch create mode 100644 backport-Fix-decision-on-the-emission-of-Zip64-end-records-in.patch create mode 100644 backport-Fix-deflateEnd-to-not-report-an-error-at-start-of-ra.patch create mode 100644 backport-Fix-inflateBack-to-detect-invalid-input-with-distanc.patch create mode 100644 backport-Fix-logic-error-in-minizip-argument-processing.patch create mode 100644 backport-Fix-memory-leak-on-error-in-gzlog.c.patch create mode 100644 backport-Fix-reading-disk-number-start-on-zip64-files-in-minizip.patch create mode 100644 backport-Fix-unztell64-in-minizip-to-work-past-4GB.-Dani-l-H-.patch create mode 100644 backport-Handle-case-where-inflateSync-used-when-header-never.patch create mode 100644 backport-Neutralize-zip-file-traversal-attacks-in-miniunz.patch create mode 100644 backport-Remove-use-of-OF-from-contrib-untgz-and-render-it-compilable.patch create mode 100644 backport-Return-an-error-if-the-gzputs-string-length-can-t-fi.patch create mode 100644 backport-Security-and-warning-fixes-for-minizip.-gvollant.patch create mode 100644 backport-Suppress-MSAN-detections-in-deflate-slide_hash.patch create mode 100644 backport-avoid-uninitialized-and-unused-warnings-in-contrib-minizip.patch create mode 100644 backport-minizip-Fix-being-unable-to-open-empty-zip-file.patch rename 0004-zlib-Optimize-CRC32.patch => zlib-Optimize-CRC32.patch (92%) diff --git a/0001-Neon-Optimized-hash-chain-rebase.patch b/0001-Neon-Optimized-hash-chain-rebase.patch deleted file mode 100644 index e6f909f..0000000 --- a/0001-Neon-Optimized-hash-chain-rebase.patch +++ /dev/null @@ -1,170 +0,0 @@ -From f0fd8c553fa024c599f4aff65d7c603ceeaa6a58 Mon Sep 17 00:00:00 2001 -From: Adenilson Cavalcanti -Date: Mon, 9 Apr 2018 13:52:17 -0700 -Subject: [PATCH 1/3] Neon-Optimized hash chain rebase - -This should help with compression of data, using NEON instructions -(therefore useful for ARMv7/ARMv8). - -Original patch by Jun He. ---- - CMakeLists.txt | 18 ++++++++ - contrib/arm/neon_slide_hash.h | 84 +++++++++++++++++++++++++++++++++++ - deflate.c | 7 +++ - 3 files changed, 109 insertions(+) - create mode 100644 contrib/arm/neon_slide_hash.h - -diff --git a/CMakeLists.txt b/CMakeLists.txt -index 0fe939d..e9a74e9 100644 ---- a/CMakeLists.txt -+++ b/CMakeLists.txt -@@ -136,6 +136,24 @@ if(CMAKE_COMPILER_IS_GNUCC) - set(ZLIB_ASMS contrib/amd64/amd64-match.S) - endif () - -+ if(ARM_NEON) -+ list(REMOVE_ITEM ZLIB_SRCS inflate.c) -+ set(ZLIB_ARM_NEON_HDRS -+ contrib/arm/chunkcopy.h -+ contrib/arm/inffast_chunk.h -+ contrib/arm/neon_slide_hash.h) -+ set(ZLIB_ARM_NEON contrib/arm/inflate.c contrib/arm/inffast_chunk.c) -+ add_definitions(-DARM_NEON) -+ set(COMPILER ${CMAKE_C_COMPILER}) -+ # NEON is mandatory in ARMv8. -+ if(${COMPILER} MATCHES "aarch64") -+ set_source_files_properties(${ZLIB_ARM_NEON} PROPERTIES LANGUAGE C COMPILE_FLAGS -march=armv8-a) -+ # But it was optional for ARMv7. -+ elseif(${COMPILER} MATCHES "arm") -+ set_source_files_properties(${ZLIB_ARM_NEON} PROPERTIES LANGUAGE C COMPILE_FLAGS -mfpu=neon) -+ endif() -+ endif() -+ - if(ZLIB_ASMS) - add_definitions(-DASMV) - set_source_files_properties(${ZLIB_ASMS} PROPERTIES LANGUAGE C COMPILE_FLAGS -DNO_UNDERLINE) -diff --git a/contrib/arm/neon_slide_hash.h b/contrib/arm/neon_slide_hash.h -new file mode 100644 -index 0000000..0daffa1 ---- /dev/null -+++ b/contrib/arm/neon_slide_hash.h -@@ -0,0 +1,84 @@ -+/* Copyright (C) 1995-2011, 2016 Mark Adler -+ * Copyright (C) 2017 ARM Holdings Inc. -+ * Authors: Adenilson Cavalcanti -+ * Jun He -+ * This software is provided 'as-is', without any express or implied -+ * warranty. In no event will the authors be held liable for any damages -+ * arising from the use of this software. -+ * Permission is granted to anyone to use this software for any purpose, -+ * including commercial applications, and to alter it and redistribute it -+ * freely, subject to the following restrictions: -+ * 1. The origin of this software must not be misrepresented; you must not -+ * claim that you wrote the original software. If you use this software -+ * in a product, an acknowledgment in the product documentation would be -+ * appreciated but is not required. -+ * 2. Altered source versions must be plainly marked as such, and must not be -+ * misrepresented as being the original software. -+ * 3. This notice may not be removed or altered from any source distribution. -+ */ -+#ifndef __NEON_SLIDE_HASH__ -+#define __NEON_SLIDE_HASH__ -+ -+#if (defined(__ARM_NEON__) || defined(__ARM_NEON)) -+#include "deflate.h" -+#include -+ -+inline static void neon_slide_hash(deflate_state *s) -+{ -+ /* -+ * This is ASIMD implementation for hash table rebase -+ * it assumes: -+ * 1. hash chain offset (Pos) is 2 bytes -+ * 2. hash table size is multiple*128 bytes -+ * #1 should be true as Pos is defined as "ush" -+ * #2 should be true as hash_bits are greater that 7 -+ */ -+ unsigned n, m; -+ unsigned short wsize = s->w_size; -+ uint16x8_t v, *p; -+ size_t size; -+ -+ size = s->hash_size*sizeof(s->head[0]); -+ Assert((size % sizeof(uint16x8_t) * 8 == 0), "hash table size err"); -+ -+ Assert(sizeof(Pos) == 2, "Wrong Pos size"); -+ -+ /* slide s->head */ -+ v = vdupq_n_u16(wsize); -+ p = (uint16x8_t *)(s->head); -+ n = size / (sizeof(uint16x8_t) * 8); -+ do { -+ p[0] = vqsubq_u16(p[0], v); -+ p[1] = vqsubq_u16(p[1], v); -+ p[2] = vqsubq_u16(p[2], v); -+ p[3] = vqsubq_u16(p[3], v); -+ p[4] = vqsubq_u16(p[4], v); -+ p[5] = vqsubq_u16(p[5], v); -+ p[6] = vqsubq_u16(p[6], v); -+ p[7] = vqsubq_u16(p[7], v); -+ p += 8; -+ } while (--n); -+#ifndef FASTEST -+ /* slide s->prev */ -+ size = wsize*sizeof(s->prev[0]); -+ -+ Assert((size % sizeof(uint16x8_t) * 8 == 0), "hash table size err"); -+ -+ p = (uint16x8_t *)(s->prev); -+ n = size / (sizeof(uint16x8_t) * 8); -+ do { -+ p[0] = vqsubq_u16(p[0], v); -+ p[1] = vqsubq_u16(p[1], v); -+ p[2] = vqsubq_u16(p[2], v); -+ p[3] = vqsubq_u16(p[3], v); -+ p[4] = vqsubq_u16(p[4], v); -+ p[5] = vqsubq_u16(p[5], v); -+ p[6] = vqsubq_u16(p[6], v); -+ p[7] = vqsubq_u16(p[7], v); -+ p += 8; -+ } while (--n); -+#endif -+} -+ -+#endif -+#endif -diff --git a/deflate.c b/deflate.c -index 1ec7614..36f99ac 100644 ---- a/deflate.c -+++ b/deflate.c -@@ -50,6 +50,9 @@ - /* @(#) $Id$ */ - - #include "deflate.h" -+#if __ARM_NEON -+#include "contrib/arm/neon_slide_hash.h" -+#endif - - const char deflate_copyright[] = - " deflate 1.2.11 Copyright 1995-2017 Jean-loup Gailly and Mark Adler "; -@@ -201,6 +204,9 @@ local const config configuration_table[10] = { - local void slide_hash(s) - deflate_state *s; - { -+#if ARM_NEON -+ return neon_slide_hash(s); -+#else - unsigned n, m; - Posf *p; - uInt wsize = s->w_size; -@@ -222,6 +228,7 @@ local void slide_hash(s) - */ - } while (--n); - #endif -+#endif - } - - /* ========================================================================= */ --- -2.19.0 - diff --git a/0002-Porting-optimized-longest_match.patch b/0002-Porting-optimized-longest_match.patch deleted file mode 100644 index 7fda12e..0000000 --- a/0002-Porting-optimized-longest_match.patch +++ /dev/null @@ -1,218 +0,0 @@ -From 17a154db6774a4acf347cfc5189eaf2cd675e696 Mon Sep 17 00:00:00 2001 -From: Adenilson Cavalcanti -Date: Mon, 9 Apr 2018 15:14:19 -0700 -Subject: [PATCH 2/3] Porting optimized longest_match - -This patch was contributed to zlib-ng and features an improved longest_match -function using the most distant hash code to reduce number of checks -(see: http://www.gildor.org/en/projects/zlib). - -Original patch by Jun He. ---- - CMakeLists.txt | 3 +- - contrib/arm/arm_longest_match.h | 142 ++++++++++++++++++++++++++++++++ - deflate.c | 11 ++- - 3 files changed, 152 insertions(+), 4 deletions(-) - create mode 100644 contrib/arm/arm_longest_match.h - -diff --git a/CMakeLists.txt b/CMakeLists.txt -index e9a74e9..3826eba 100644 ---- a/CMakeLists.txt -+++ b/CMakeLists.txt -@@ -141,7 +141,8 @@ if(CMAKE_COMPILER_IS_GNUCC) - set(ZLIB_ARM_NEON_HDRS - contrib/arm/chunkcopy.h - contrib/arm/inffast_chunk.h -- contrib/arm/neon_slide_hash.h) -+ contrib/arm/neon_slide_hash.h -+ contrib/arm/arm_longest_match.h) - set(ZLIB_ARM_NEON contrib/arm/inflate.c contrib/arm/inffast_chunk.c) - add_definitions(-DARM_NEON) - set(COMPILER ${CMAKE_C_COMPILER}) -diff --git a/contrib/arm/arm_longest_match.h b/contrib/arm/arm_longest_match.h -new file mode 100644 -index 0000000..9e7083f ---- /dev/null -+++ b/contrib/arm/arm_longest_match.h -@@ -0,0 +1,142 @@ -+/* Copyright (C) 1995-2011, 2016 Mark Adler -+ * Copyright (C) 2017 ARM Holdings Inc. -+ * Authors: Adenilson Cavalcanti -+ * Jun He -+ * This software is provided 'as-is', without any express or implied -+ * warranty. In no event will the authors be held liable for any damages -+ * arising from the use of this software. -+ * Permission is granted to anyone to use this software for any purpose, -+ * including commercial applications, and to alter it and redistribute it -+ * freely, subject to the following restrictions: -+ * 1. The origin of this software must not be misrepresented; you must not -+ * claim that you wrote the original software. If you use this software -+ * in a product, an acknowledgment in the product documentation would be -+ * appreciated but is not required. -+ * 2. Altered source versions must be plainly marked as such, and must not be -+ * misrepresented as being the original software. -+ * 3. This notice may not be removed or altered from any source distribution. -+ */ -+#ifndef __ARM_LONGEST__MATCH__ -+#define __ARM_LONGEST__MATCH__ -+ -+#if defined(ARM_NEON) -+#include "deflate.h" -+#include -+static inline long get_match_len(const unsigned char *a, const unsigned char *b, long max) -+{ -+ register int len = 0; -+ register unsigned long xor = 0; -+ register int check_loops = max/sizeof(unsigned long); -+ while(check_loops-- > 0) { -+ xor = (*(unsigned long *)(a+len)) ^ (*(unsigned long *)(b+len)); -+ if (xor) break; -+ len += sizeof(unsigned long); -+ } -+ if (0 == xor) { -+ while (len < max) { -+ if (a[len] != b[len]) break; -+ len++; -+ } -+ return len; -+ } -+ xor = __builtin_ctzl(xor)>>3; -+ return len + xor; -+} -+ -+/* -+ * This implementation is based on algorithm described at: -+ * http://www.gildor.org/en/projects/zlib -+ * It uses the hash chain indexed by the most distant hash code to -+ * reduce number of checks. -+ * This also eliminates the those unnecessary check loops in legacy -+ * longest_match's do..while loop if the "most distant code" is out -+ * of search buffer -+ * -+ */ -+static inline unsigned arm_longest_match(deflate_state *const s, IPos cur_match) { -+ unsigned chain_length = s->max_chain_length;/* max hash chain length */ -+ unsigned char *scan = s->window + s->strstart; /* current string */ -+ unsigned char *match; /* matched string */ -+ unsigned int len; /* length of current match */ -+ unsigned int best_len = s->prev_length; /* best match length so far */ -+ unsigned int nice_match = s->nice_match; /* stop if match long enough */ -+ IPos limit = s->strstart > (IPos)MAX_DIST(s) ? -+ s->strstart - (IPos)MAX_DIST(s) : 0; -+ /* Stop when cur_match becomes <= limit. To simplify the code, -+ * we prevent matches with the string of window index 0. -+ */ -+ int offset = 0; /* offset of the head[most_distant_hash] from IN cur_match */ -+ Pos *prev = s->prev; -+ unsigned int wmask = s->w_mask; -+ unsigned char *scan_buf_base = s->window; -+ -+ /* The code is optimized for HASH_BITS >= 8 and MAX_MATCH-2 multiple of 16. -+ * It is easy to get rid of this optimization if necessary. -+ */ -+ Assert(s->hash_bits >= 8 && MAX_MATCH == 258, "Code too clever"); -+ -+ /* Do not look for matches beyond the end of the input. This is necessary -+ * to make deflate deterministic. -+ */ -+ if ((unsigned int)nice_match > s->lookahead) nice_match = s->lookahead; -+ -+ Assert((unsigned long)s->strstart <= s->window_size-MIN_LOOKAHEAD, "need lookahead"); -+ -+ /* find most distant hash code for lazy_match */ -+ if (best_len > MIN_MATCH) { -+ /* search for most distant hash code */ -+ int i; -+ uint16_t hash = 0; -+ IPos pos; -+ -+ UPDATE_HASH(s, hash, scan[1]); -+ UPDATE_HASH(s, hash, scan[2]); -+ for (i = 3; i <= best_len; i++) { -+ UPDATE_HASH(s, hash, scan[i]); -+ /* get head IPos of hash calced by scan[i-2..i] */ -+ pos = s->head[hash]; -+ /* compare it to current "farthest hash" IPos */ -+ if (pos <= cur_match) { -+ /* we have a new "farthest hash" now */ -+ offset = i - 2; -+ cur_match = pos; -+ } -+ } -+ -+ /* update variables to correspond offset */ -+ limit += offset; -+ /* -+ * check if the most distant code's offset is out of search buffer -+ * if it is true, then this means scan[offset..offset+2] are not -+ * presented in the search buffer. So we just return best_len -+ * we've found. -+ */ -+ if (cur_match < limit) return best_len; -+ -+ scan_buf_base -= offset; -+ /* reduce hash search depth based on best_len */ -+ chain_length /= best_len - MIN_MATCH; -+ } -+ -+ do { -+ Assert(cur_match < s->strstart, "no future"); -+ -+ /* Determine matched length at current pos */ -+ match = scan_buf_base + cur_match; -+ len = get_match_len(match, scan, MAX_MATCH); -+ -+ if (len > best_len) { -+ /* found longer string */ -+ s->match_start = cur_match - offset; -+ best_len = len; -+ /* good enough? */ -+ if (len >= nice_match) break; -+ } -+ /* move to prev pos in this hash chain */ -+ } while ((cur_match = prev[cur_match & wmask]) > limit && --chain_length != 0); -+ -+ return (best_len <= s->lookahead)? best_len : s->lookahead; -+} -+ -+#endif -+#endif -diff --git a/deflate.c b/deflate.c -index 36f99ac..4c42259 100644 ---- a/deflate.c -+++ b/deflate.c -@@ -50,9 +50,6 @@ - /* @(#) $Id$ */ - - #include "deflate.h" --#if __ARM_NEON --#include "contrib/arm/neon_slide_hash.h" --#endif - - const char deflate_copyright[] = - " deflate 1.2.11 Copyright 1995-2017 Jean-loup Gailly and Mark Adler "; -@@ -196,6 +193,11 @@ local const config configuration_table[10] = { - s->head[s->hash_size-1] = NIL; \ - zmemzero((Bytef *)s->head, (unsigned)(s->hash_size-1)*sizeof(*s->head)); - -+#if defined(ARM_NEON) -+#include "contrib/arm/arm_longest_match.h" -+#include "contrib/arm/neon_slide_hash.h" -+#endif -+ - /* =========================================================================== - * Slide the hash table when sliding the window down (could be avoided with 32 - * bit values at the expense of memory usage). We slide even when level == 0 to -@@ -1244,6 +1246,9 @@ local uInt longest_match(s, cur_match) - deflate_state *s; - IPos cur_match; /* current match */ - { -+#if defined(ARM_NEON) -+ return arm_longest_match(s, cur_match); -+#endif - unsigned chain_length = s->max_chain_length;/* max hash chain length */ - register Bytef *scan = s->window + s->strstart; /* current string */ - register Bytef *match; /* matched string */ --- -2.19.0 - diff --git a/0003-arm64-specific-build-patch.patch b/0003-arm64-specific-build-patch.patch deleted file mode 100644 index b8b6b55..0000000 --- a/0003-arm64-specific-build-patch.patch +++ /dev/null @@ -1,115 +0,0 @@ -From e0be75f8dce27a4e32196529df2a08dca791a286 Mon Sep 17 00:00:00 2001 -From: Jeremy Linton -Date: Fri, 6 Apr 2018 11:46:42 -0500 -Subject: [PATCH 3/3] arm64 specific build patch - ---- - Makefile.in | 19 ++++++++++++------- - configure | 2 +- - contrib/minizip/zip.c | 6 ++++-- - 3 files changed, 17 insertions(+), 10 deletions(-) - -diff --git a/Makefile.in b/Makefile.in -index 5a77949..9f088e5 100644 ---- a/Makefile.in -+++ b/Makefile.in -@@ -57,7 +57,7 @@ SRCDIR= - ZINC= - ZINCOUT=-I. - --OBJZ = adler32.o crc32.o deflate.o infback.o inffast.o inflate.o inftrees.o trees.o zutil.o -+OBJZ = adler32.o crc32.o deflate.o infback.o inffast.o inffast.o inflate.o inftrees.o trees.o zutil.o - OBJG = compress.o uncompr.o gzclose.o gzlib.o gzread.o gzwrite.o - OBJC = $(OBJZ) $(OBJG) - -@@ -163,16 +163,16 @@ crc32.o: $(SRCDIR)crc32.c - $(CC) $(CFLAGS) $(ZINC) -c -o $@ $(SRCDIR)crc32.c - - deflate.o: $(SRCDIR)deflate.c -- $(CC) $(CFLAGS) $(ZINC) -c -o $@ $(SRCDIR)deflate.c -+ $(CC) $(CFLAGS) $(ZINC) -I$(SRCDIR) -I$(SRCDIR)contrib/arm -c -o $@ $(SRCDIR)deflate.c - - infback.o: $(SRCDIR)infback.c - $(CC) $(CFLAGS) $(ZINC) -c -o $@ $(SRCDIR)infback.c - - inffast.o: $(SRCDIR)inffast.c -- $(CC) $(CFLAGS) $(ZINC) -c -o $@ $(SRCDIR)inffast.c -+ $(CC) $(CFLAGS) $(ZINC) -I$(SRCDIR) -I$(SRCDIR)contrib/arm -c -o $@ $(SRCDIR)inffast.c - - inflate.o: $(SRCDIR)inflate.c -- $(CC) $(CFLAGS) $(ZINC) -c -o $@ $(SRCDIR)inflate.c -+ $(CC) $(CFLAGS) $(ZINC) -I$(SRCDIR) -I$(SRCDIR)contrib/arm -c -o $@ $(SRCDIR)inflate.c - - inftrees.o: $(SRCDIR)inftrees.c - $(CC) $(CFLAGS) $(ZINC) -c -o $@ $(SRCDIR)inftrees.c -@@ -214,7 +214,7 @@ crc32.lo: $(SRCDIR)crc32.c - - deflate.lo: $(SRCDIR)deflate.c - -@mkdir objs 2>/dev/null || test -d objs -- $(CC) $(SFLAGS) $(ZINC) -DPIC -c -o objs/deflate.o $(SRCDIR)deflate.c -+ $(CC) $(SFLAGS) $(ZINC) -I$(SRCDIR) -I$(SRCDIR)contrib/arm -DPIC -c -o objs/deflate.o $(SRCDIR)deflate.c - -@mv objs/deflate.o $@ - - infback.lo: $(SRCDIR)infback.c -@@ -222,14 +222,19 @@ infback.lo: $(SRCDIR)infback.c - $(CC) $(SFLAGS) $(ZINC) -DPIC -c -o objs/infback.o $(SRCDIR)infback.c - -@mv objs/infback.o $@ - -+arminffast.lo: $(SRCDIR)contrib/arm/inffast_chunk.c $(SRCDIR)inffast.c -+ -@mkdir objs 2>/dev/null || test -d objs -+ $(CC) $(SFLAGS) $(ZINC) -I$(SRCDIR) -I$(SRCDIR)contrib/arm -DPIC -c -o objs/arminffast.o $(SRCDIR)contrib/arm/inffast_chunk.c -+ -@mv objs/arminffast.o $@ -+ - inffast.lo: $(SRCDIR)inffast.c - -@mkdir objs 2>/dev/null || test -d objs -- $(CC) $(SFLAGS) $(ZINC) -DPIC -c -o objs/inffast.o $(SRCDIR)inffast.c -+ $(CC) $(SFLAGS) $(ZINC) -I$(SRCDIR) -I$(SRCDIR)contrib/arm -DPIC -c -o objs/inffast.o $(SRCDIR)inffast.c - -@mv objs/inffast.o $@ - - inflate.lo: $(SRCDIR)inflate.c - -@mkdir objs 2>/dev/null || test -d objs -- $(CC) $(SFLAGS) $(ZINC) -DPIC -c -o objs/inflate.o $(SRCDIR)inflate.c -+ $(CC) $(SFLAGS) $(ZINC) -I$(SRCDIR) -I$(SRCDIR)contrib/arm -DPIC -c -o objs/inflate.o $(SRCDIR)inflate.c - -@mv objs/inflate.o $@ - - inftrees.lo: $(SRCDIR)inftrees.c -diff --git a/configure b/configure -index e974d1f..0c5f837 100755 ---- a/configure -+++ b/configure -@@ -23,7 +23,7 @@ SRCDIR=`dirname $0` - if test $SRCDIR = "."; then - ZINC="" - ZINCOUT="-I." -- SRCDIR="" -+ SRCDIR="./" - else - ZINC='-include zconf.h' - ZINCOUT='-I. -I$(SRCDIR)' -diff --git a/contrib/minizip/zip.c b/contrib/minizip/zip.c -index 44e88a9..0517930 100644 ---- a/contrib/minizip/zip.c -+++ b/contrib/minizip/zip.c -@@ -519,15 +519,17 @@ local ZPOS64_T zip64local_SearchCentralDir(const zlib_filefunc64_32_def* pzlib_f - break; - - for (i=(int)uReadSize-3; (i--)>0;) -+ { - if (((*(buf+i))==0x50) && ((*(buf+i+1))==0x4b) && - ((*(buf+i+2))==0x05) && ((*(buf+i+3))==0x06)) - { - uPosFound = uReadPos+i; - break; - } -+ } - -- if (uPosFound!=0) -- break; -+ if (uPosFound!=0) -+ break; - } - TRYFREE(buf); - return uPosFound; --- -2.19.0 - diff --git a/backport-Add-bounds-checking-to-ERR_MSG-macro-used-by-zError.patch b/backport-Add-bounds-checking-to-ERR_MSG-macro-used-by-zError.patch new file mode 100644 index 0000000..e4d75cf --- /dev/null +++ b/backport-Add-bounds-checking-to-ERR_MSG-macro-used-by-zError.patch @@ -0,0 +1,27 @@ +From 431a9b65eacab7efabf2230ba97ff426c0e07f9d Mon Sep 17 00:00:00 2001 +From: Mark Adler +Date: Thu, 7 Dec 2023 06:38:10 -0800 +Subject: [PATCH] Add bounds checking to ERR_MSG() macro, used by zError(). + +Reference: https://github.com/madler/zlib/commit/431a9b65eacab7efabf2230ba97ff426c0e07f9d +Conflict: no +--- + zutil.h | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/zutil.h b/zutil.h +index 902a304..0bd2dbc 100644 +--- a/zutil.h ++++ b/zutil.h +@@ -56,7 +56,7 @@ typedef unsigned long ulg; + extern z_const char * const z_errmsg[10]; /* indexed by 2-zlib_error */ + /* (size given to avoid silly warnings with Visual C++) */ + +-#define ERR_MSG(err) z_errmsg[Z_NEED_DICT-(err)] ++#define ERR_MSG(err) z_errmsg[(err) < -6 || (err) > 2 ? 9 : 2 - (err)] + + #define ERR_RETURN(strm,err) \ + return (strm->msg = ERR_MSG(err), (err)) +-- +2.33.0 + diff --git a/backport-Avoid-adding-empty-gzip-member-after-gzflush-with-Z_FINISH.patch b/backport-Avoid-adding-empty-gzip-member-after-gzflush-with-Z_FINISH.patch new file mode 100644 index 0000000..ddd0a9f --- /dev/null +++ b/backport-Avoid-adding-empty-gzip-member-after-gzflush-with-Z_FINISH.patch @@ -0,0 +1,67 @@ +From 79baebe50e4d6b73ae1f8b603f0ef41300110aa3 Mon Sep 17 00:00:00 2001 +From: Mark Adler +Date: Sat, 13 Apr 2019 17:05:16 -0700 +Subject: [PATCH] Avoid adding empty gzip member after gzflush with Z_FINISH. + +Reference:https://github.com/madler/zlib/commit/79baebe50e4d6b73ae1f8b603f0ef41300110aa3 +Conflict:NA +--- + gzguts.h | 1 + + gzlib.c | 2 ++ + gzwrite.c | 11 ++++++++++- + 3 files changed, 13 insertions(+), 1 deletion(-) + +diff --git a/gzguts.h b/gzguts.h +index 6378d468a..fc712dc4d 100644 +--- a/gzguts.h ++++ b/gzguts.h +@@ -190,6 +190,7 @@ typedef struct { + /* just for writing */ + int level; /* compression level */ + int strategy; /* compression strategy */ ++ int reset; /* true if a reset is pending after a Z_FINISH */ + /* seek request */ + z_off64_t skip; /* amount to skip (already rewound if backwards) */ + int seek; /* true if seek request pending */ +diff --git a/gzlib.c b/gzlib.c +index 4838bf047..f6b3b406e 100644 +--- a/gzlib.c ++++ b/gzlib.c +@@ -81,6 +81,8 @@ local void gz_reset(state) + state->past = 0; /* have not read past end yet */ + state->how = LOOK; /* look for gzip header */ + } ++ else /* for writing ... */ ++ state->reset = 0; /* no deflateReset pending */ + state->seek = 0; /* no seek request pending */ + gz_error(state, Z_OK, NULL); /* clear error */ + state->x.pos = 0; /* no uncompressed data yet */ +diff --git a/gzwrite.c b/gzwrite.c +index 52381332e..85b576ba3 100644 +--- a/gzwrite.c ++++ b/gzwrite.c +@@ -97,6 +97,15 @@ local int gz_comp(state, flush) + return 0; + } + ++ /* check for a pending reset */ ++ if (state->reset) { ++ /* don't start a new gzip member unless there is data to write */ ++ if (strm->avail_in == 0) ++ return 0; ++ deflateReset(strm); ++ state->reset = 0; ++ } ++ + /* run deflate() on provided input until it produces no more output */ + ret = Z_OK; + do { +@@ -134,7 +143,7 @@ local int gz_comp(state, flush) + + /* if that completed a deflate stream, allow another to start */ + if (flush == Z_FINISH) +- deflateReset(strm); ++ state->reset = 1; + + /* all done, no errors */ + return 0; diff --git a/backport-Avoid-an-undefined-behavior-of-memcpy-in-_tr_stored_.patch b/backport-Avoid-an-undefined-behavior-of-memcpy-in-_tr_stored_.patch new file mode 100644 index 0000000..bb2fe1c --- /dev/null +++ b/backport-Avoid-an-undefined-behavior-of-memcpy-in-_tr_stored_.patch @@ -0,0 +1,32 @@ +From 723e928b84b0adac84cc11ec5c075a45e1a79903 Mon Sep 17 00:00:00 2001 +From: Mark Adler +Date: Thu, 12 Oct 2017 19:44:01 -0700 +Subject: [PATCH] Avoid an undefined behavior of memcpy() in + _tr_stored_block(). + +Allegedly the behavior of memcpy() is undefined if the source +pointer is NULL, even if the number of bytes to copy is zero. + +Reference:https://github.com/madler/zlib/commit/723e928b84b0adac84cc11ec5c075a45e1a79903 +Conflict:NA +--- + trees.c | 3 ++- + 1 file changed, 2 insertions(+), 1 deletion(-) + +diff --git a/trees.c b/trees.c +index 50cf4b4..1321548 100644 +--- a/trees.c ++++ b/trees.c +@@ -870,7 +870,8 @@ void ZLIB_INTERNAL _tr_stored_block(s, buf, stored_len, last) + bi_windup(s); /* align on byte boundary */ + put_short(s, (ush)stored_len); + put_short(s, (ush)~stored_len); +- zmemcpy(s->pending_buf + s->pending, (Bytef *)buf, stored_len); ++ if (stored_len) ++ zmemcpy(s->pending_buf + s->pending, (Bytef *)buf, stored_len); + s->pending += stored_len; + #ifdef ZLIB_DEBUG + s->compressed_len = (s->compressed_len + 3 + 7) & (ulg)~7L; +-- +2.23.0 + diff --git a/backport-Avoid-an-undefined-behavior-of-memcpy-in-gzappend.patch b/backport-Avoid-an-undefined-behavior-of-memcpy-in-gzappend.patch new file mode 100644 index 0000000..c6de270 --- /dev/null +++ b/backport-Avoid-an-undefined-behavior-of-memcpy-in-gzappend.patch @@ -0,0 +1,27 @@ +From ae49d1472ec176ddc53a3a4905f91d46344386e6 Mon Sep 17 00:00:00 2001 +From: Mark Adler +Date: Thu, 12 Oct 2017 19:27:59 -0700 +Subject: [PATCH] Avoid an undefined behavior of memcpy() in gzappend(). + +Reference:https://github.com/madler/zlib/commit/ae49d1472ec176ddc53a3a4905f91d46344386e6 +Conflict:NA +--- + examples/gzappend.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/examples/gzappend.c b/examples/gzappend.c +index 662dec3..d7eea3e 100644 +--- a/examples/gzappend.c ++++ b/examples/gzappend.c +@@ -137,7 +137,7 @@ local void rotate(unsigned char *list, unsigned len, unsigned rot) + /* do simple left shift by one */ + if (rot == 1) { + tmp = *list; +- memcpy(list, list + 1, len - 1); ++ memmove(list, list + 1, len - 1); + *last = tmp; + return; + } +-- +2.23.0 + diff --git a/backport-Avoid-undefined-behaviors-of-memcpy-in-gzprintf.patch b/backport-Avoid-undefined-behaviors-of-memcpy-in-gzprintf.patch new file mode 100644 index 0000000..ac012e6 --- /dev/null +++ b/backport-Avoid-undefined-behaviors-of-memcpy-in-gzprintf.patch @@ -0,0 +1,33 @@ +From b25d5fcdcf4723ca3da8bc69ecc6c52010778f7c Mon Sep 17 00:00:00 2001 +From: Mark Adler +Date: Thu, 12 Oct 2017 19:34:51 -0700 +Subject: [PATCH] Avoid undefined behaviors of memcpy() in gz*printf(). + +Reference:https://github.com/madler/zlib/commit/b25d5fcdcf4723ca3da8bc69ecc6c52010778f7c +Conflict:NA +--- + gzwrite.c | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +diff --git a/gzwrite.c b/gzwrite.c +index 3560193b8..26e89b66a 100644 +--- a/gzwrite.c ++++ b/gzwrite.c +@@ -444,7 +444,7 @@ int ZEXPORTVA gzvprintf(gzFile file, const char *format, va_list va) + strm->avail_in = state->size; + if (gz_comp(state, Z_NO_FLUSH) == -1) + return state->err; +- memcpy(state->in, state->in + state->size, left); ++ memmove(state->in, state->in + state->size, left); + strm->next_in = state->in; + strm->avail_in = left; + } +@@ -543,7 +543,7 @@ int ZEXPORTVA gzprintf (file, format, a1, a2, a3, a4, a5, a6, a7, a8, a9, a10, + strm->avail_in = state->size; + if (gz_comp(state, Z_NO_FLUSH) == -1) + return state->err; +- memcpy(state->in, state->in + state->size, left); ++ memmove(state->in, state->in + state->size, left); + strm->next_in = state->in; + strm->avail_in = left; + } diff --git a/backport-Avoid-undefined-negation-behavior-if-windowBits-is-I.patch b/backport-Avoid-undefined-negation-behavior-if-windowBits-is-I.patch new file mode 100644 index 0000000..16dec76 --- /dev/null +++ b/backport-Avoid-undefined-negation-behavior-if-windowBits-is-I.patch @@ -0,0 +1,41 @@ +From a9e14e85415eb326000f352bce3fcb04a125406d Mon Sep 17 00:00:00 2001 +From: Mark Adler +Date: Thu, 6 Oct 2022 16:33:42 -0700 +Subject: [PATCH] Avoid undefined negation behavior if windowBits is INT_MIN. + +Reference:https://github.com/madler/zlib/commit/a9e14e85415eb326000f352bce3fcb04a125406d +Conflict:NA +--- + deflate.c | 2 ++ + inflate.c | 2 ++ + 2 files changed, 4 insertions(+) + +diff --git a/deflate.c b/deflate.c +index 0345980..a578b1a 100644 +--- a/deflate.c ++++ b/deflate.c +@@ -279,6 +279,8 @@ int ZEXPORT deflateInit2_(strm, level, method, windowBits, memLevel, strategy, + + if (windowBits < 0) { /* suppress zlib wrapper */ + wrap = 0; ++ if (windowBits < -15) ++ return Z_STREAM_ERROR; + windowBits = -windowBits; + } + #ifdef GZIP +diff --git a/inflate.c b/inflate.c +index 2a3c4fe..8acbef4 100644 +--- a/inflate.c ++++ b/inflate.c +@@ -168,6 +168,8 @@ int windowBits; + + /* extract wrap request from windowBits parameter */ + if (windowBits < 0) { ++ if (windowBits < -15) ++ return Z_STREAM_ERROR; + wrap = 0; + windowBits = -windowBits; + } +-- +2.33.0 + diff --git a/backport-Don-t-bother-computing-check-value-after-successful-.patch b/backport-Don-t-bother-computing-check-value-after-successful-.patch new file mode 100644 index 0000000..9303901 --- /dev/null +++ b/backport-Don-t-bother-computing-check-value-after-successful-.patch @@ -0,0 +1,119 @@ +From 0d36ec47f310478549c0864f215ab5c0114c49ba Mon Sep 17 00:00:00 2001 +From: Mark Adler +Date: Wed, 2 Jan 2019 18:10:40 -0800 +Subject: [PATCH] Don't bother computing check value after successful + inflateSync(). + +inflateSync() is used to skip invalid deflate data, which means +that the check value that was being computed is no longer useful. +This commit turns off the check value computation, and furthermore +allows a successful return if the compressed data terminated in a +graceful manner. This commit also fixes a bug in the case that +inflateSync() is used before a header is ever processed. In that +case, there is no knowledge of a trailer, so the remainder is +treated as raw. + +Reference:https://github.com/madler/zlib/commit/add7f08d50747956b6e336f258b7ad48 +Conflict:NA +--- + inflate.c | 14 ++++++++++---- + inflate.h | 3 ++- + test/example.c | 5 ++--- + 3 files changed, 14 insertions(+), 8 deletions(-) + +diff --git a/inflate.c b/inflate.c +index 575fcdf..2c1b17f 100644 +--- a/inflate.c ++++ b/inflate.c +@@ -130,6 +130,7 @@ z_streamp strm; + state->mode = HEAD; + state->last = 0; + state->havedict = 0; ++ state->flags = -1; + state->dmax = 32768U; + state->head = Z_NULL; + state->hold = 0; +@@ -670,7 +671,6 @@ int flush; + state->mode = FLAGS; + break; + } +- state->flags = 0; /* expect zlib header */ + if (state->head != Z_NULL) + state->head->done = -1; + if (!(state->wrap & 1) || /* check if zlib header allowed */ +@@ -697,6 +697,7 @@ int flush; + break; + } + state->dmax = 1U << len; ++ state->flags = 0; /* indicate zlib header */ + Tracev((stderr, "inflate: zlib header ok\n")); + strm->adler = state->check = adler32(0L, Z_NULL, 0); + state->mode = hold & 0x200 ? DICTID : TYPE; +@@ -1221,7 +1222,7 @@ int flush; + case LENGTH: + if (state->wrap && state->flags) { + NEEDBITS(32); +- if (hold != (state->total & 0xffffffffUL)) { ++ if ((state->wrap & 4) && hold != (state->total & 0xffffffff)) { + strm->msg = (char *)"incorrect length check"; + state->mode = BAD; + break; +@@ -1401,6 +1402,7 @@ int ZEXPORT inflateSync(strm) + z_streamp strm; + { + unsigned len; /* number of bytes to look at or looked at */ ++ int flags; /* temporary to save header status */ + unsigned long in, out; /* temporary to save total_in and total_out */ + unsigned char buf[4]; /* to restore bit buffer to byte string */ + struct inflate_state FAR *state; +@@ -1433,11 +1435,15 @@ z_streamp strm; + + /* return no joy or set up to restart inflate() on a new block */ + if (state->have != 4) return Z_DATA_ERROR; +- if (state->mode == HEAD) +- state->wrap = 0; /* never processed header, so assume raw */ ++ if (state->flags == -1) ++ state->wrap = 0; /* if no header yet, treat as raw */ ++ else ++ state->wrap &= ~4; /* no point in computing a check value now */ ++ flags = state->flags; + in = strm->total_in; out = strm->total_out; + inflateReset(strm); + strm->total_in = in; strm->total_out = out; ++ state->flags = flags; + state->mode = TYPE; + return Z_OK; + } +diff --git a/inflate.h b/inflate.h +index a46cce6..98679fa 100644 +--- a/inflate.h ++++ b/inflate.h +@@ -86,7 +86,8 @@ struct inflate_state { + int wrap; /* bit 0 true for zlib, bit 1 true for gzip, + bit 2 true to validate check value */ + int havedict; /* true if dictionary provided */ +- int flags; /* gzip header method and flags (0 if zlib) */ ++ int flags; /* gzip header method and flags, 0 if zlib, or ++ -1 if raw or no header yet */ + unsigned dmax; /* zlib header max distance (INFLATE_STRICT) */ + unsigned long check; /* protected copy of check value */ + unsigned long total; /* protected copy of output count */ +diff --git a/test/example.c b/test/example.c +index eee17ce..949f4f6 100644 +--- a/test/example.c ++++ b/test/example.c +@@ -440,9 +440,8 @@ void test_sync(compr, comprLen, uncompr, uncomprLen) + CHECK_ERR(err, "inflateSync"); + + err = inflate(&d_stream, Z_FINISH); +- if (err != Z_DATA_ERROR) { +- fprintf(stderr, "inflate should report DATA_ERROR\n"); +- /* Because of incorrect adler32 */ ++ if (err != Z_STREAM_END) { ++ fprintf(stderr, "inflate should report Z_STREAM_END\n"); + exit(1); + } + err = inflateEnd(&d_stream); +-- +2.23.0 + diff --git a/backport-Fix-CLEAR_HASH-macro-to-be-usable-as-a-single-statem.patch b/backport-Fix-CLEAR_HASH-macro-to-be-usable-as-a-single-statem.patch new file mode 100644 index 0000000..6b77bcf --- /dev/null +++ b/backport-Fix-CLEAR_HASH-macro-to-be-usable-as-a-single-statem.patch @@ -0,0 +1,34 @@ +From 38e8ce32afbaa82f67d992b9f3056f281fe69259 Mon Sep 17 00:00:00 2001 +From: Mark Adler +Date: Sun, 22 Jan 2017 23:38:52 -0800 +Subject: [PATCH] Fix CLEAR_HASH macro to be usable as a single statement. + +As it is used in deflateParams(). + +Reference:https://github.com/madler/zlib/commit/38e8ce32afbaa82f67d992b9f3056f281fe69259 +Conflict:NA +--- + deflate.c | 7 +++++-- + 1 file changed, 5 insertions(+), 2 deletions(-) + +diff --git a/deflate.c b/deflate.c +index e97bd87..568eadd 100644 +--- a/deflate.c ++++ b/deflate.c +@@ -190,8 +190,11 @@ local const config configuration_table[10] = { + * prev[] will be initialized on the fly. + */ + #define CLEAR_HASH(s) \ +- s->head[s->hash_size-1] = NIL; \ +- zmemzero((Bytef *)s->head, (unsigned)(s->hash_size-1)*sizeof(*s->head)); ++ do { \ ++ s->head[s->hash_size-1] = NIL; \ ++ zmemzero((Bytef *)s->head, \ ++ (unsigned)(s->hash_size-1)*sizeof(*s->head)); \ ++ } while (0) + + /* =========================================================================== + * Slide the hash table when sliding the window down (could be avoided with 32 +-- +2.23.0 + diff --git a/backport-Fix-a-bug-in-ZLIB_DEBUG-compiles-in-check_match.patch b/backport-Fix-a-bug-in-ZLIB_DEBUG-compiles-in-check_match.patch new file mode 100644 index 0000000..18bc6a8 --- /dev/null +++ b/backport-Fix-a-bug-in-ZLIB_DEBUG-compiles-in-check_match.patch @@ -0,0 +1,50 @@ +From 7af6320ad78b390de42f414fabdc64dc6d67a5ea Mon Sep 17 00:00:00 2001 +From: Mark Adler +Date: Fri, 19 Jan 2024 12:19:53 -0800 +Subject: [PATCH] Fix a bug in ZLIB_DEBUG compiles in check_match(). + +This avoids trying to compare a match starting one byte before the +current window. Thanks to @zmodem (Hans) for discovering this. + +Reference:https://github.com/madler/zlib/commit/7af6320ad78b390de42f414fabdc64dc6d67a5ea +Conflict: Patch context adaptation + +--- + deflate.c | 20 ++++++++++++++------ + 1 file changed, 14 insertions(+), 6 deletions(-) + +diff --git a/deflate.c b/deflate.c +index 8088083..396ab12 100644 +--- a/deflate.c ++++ b/deflate.c +@@ -1510,13 +1510,21 @@ local void check_match(s, start, match, length) + int length; + { + /* check that the match is indeed a match */ +- if (zmemcmp(s->window + match, +- s->window + start, length) != EQUAL) { +- fprintf(stderr, " start %u, match %u, length %d\n", +- start, match, length); ++ Bytef *back = s->window + (int)match, *here = s->window + start; ++ IPos len = length; ++ if (match == (IPos)-1) { ++ /* match starts one byte before the current window -- just compare the ++ subsequent length-1 bytes */ ++ back++; ++ here++; ++ len--; ++ } ++ if (zmemcmp(back, here, len) != EQUAL) { ++ fprintf(stderr, " start %u, match %d, length %d\n", ++ start, (int)match, length); + do { +- fprintf(stderr, "%c%c", s->window[match++], s->window[start++]); +- } while (--length != 0); ++ fprintf(stderr, "(%02x %02x)", *back++, *here++); ++ } while (--len != 0); + z_error("invalid match"); + } + if (z_verbose > 1) { +-- +2.33.0 + diff --git a/backport-Fix-bug-in-block-type-selection-when-Z_FIXED-used.patch b/backport-Fix-bug-in-block-type-selection-when-Z_FIXED-used.patch new file mode 100644 index 0000000..c33fd96 --- /dev/null +++ b/backport-Fix-bug-in-block-type-selection-when-Z_FIXED-used.patch @@ -0,0 +1,46 @@ +From 7fabcb53576aca08b8e25174eb7b0df7c585e4e0 Mon Sep 17 00:00:00 2001 +From: Mark Adler +Date: Sat, 1 Oct 2022 19:55:29 -0700 +Subject: [PATCH] Fix bug in block type selection when Z_FIXED used. + +A fixed block could be chosen when a stored block was smaller. Now +the smaller of the two is always chosen. + +Reference:https://github.com/madler/zlib/commit/7fabcb53576aca08b8e25174eb7b0df7c585e4e0 +Conflict:NA +--- + trees.c | 11 +++++------ + 1 file changed, 5 insertions(+), 6 deletions(-) + +diff --git a/trees.c b/trees.c +index 8cd8255..618d30c 100644 +--- a/trees.c ++++ b/trees.c +@@ -950,7 +950,10 @@ void ZLIB_INTERNAL _tr_flush_block(s, buf, stored_len, last) + opt_lenb, s->opt_len, static_lenb, s->static_len, stored_len, + s->sym_next / 3)); + +- if (static_lenb <= opt_lenb) opt_lenb = static_lenb; ++#ifndef FORCE_STATIC ++ if (static_lenb <= opt_lenb || s->strategy == Z_FIXED) ++#endif ++ opt_lenb = static_lenb; + + } else { + Assert(buf != (char*)0, "lost buf"); +@@ -971,11 +974,7 @@ void ZLIB_INTERNAL _tr_flush_block(s, buf, stored_len, last) + */ + _tr_stored_block(s, buf, stored_len, last); + +-#ifdef FORCE_STATIC +- } else if (static_lenb >= 0) { /* force static trees */ +-#else +- } else if (s->strategy == Z_FIXED || static_lenb == opt_lenb) { +-#endif ++ } else if (static_lenb == opt_lenb) { + send_bits(s, (STATIC_TREES<<1)+last, 3); + compress_block(s, (const ct_data *)static_ltree, + (const ct_data *)static_dtree); +-- +2.33.0 + diff --git a/backport-Fix-bug-in-inflateSync-for-data-held-in-bit-buffer.patch b/backport-Fix-bug-in-inflateSync-for-data-held-in-bit-buffer.patch new file mode 100644 index 0000000..0bcac9f --- /dev/null +++ b/backport-Fix-bug-in-inflateSync-for-data-held-in-bit-buffer.patch @@ -0,0 +1,27 @@ +From 5af7cef45eeef86ddf6ab00b4e363c1eecaf47b6 Mon Sep 17 00:00:00 2001 +From: Mark Adler +Date: Thu, 24 Aug 2023 02:14:23 -0400 +Subject: [PATCH] Fix bug in inflateSync() for data held in bit buffer. + +Reference: https://github.com/madler/zlib/commit/5af7cef45eeef86ddf6ab00b4e363c1eecaf47b6 +Conflict: no +--- + inflate.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/inflate.c b/inflate.c +index b0757a9..94ecff0 100644 +--- a/inflate.c ++++ b/inflate.c +@@ -1387,7 +1387,7 @@ int ZEXPORT inflateSync(z_streamp strm) { + /* if first time, start search in bit buffer */ + if (state->mode != SYNC) { + state->mode = SYNC; +- state->hold <<= state->bits & 7; ++ state->hold >>= state->bits & 7; + state->bits -= state->bits & 7; + len = 0; + while (state->bits >= 8) { +-- +2.33.0 + diff --git a/backport-Fix-bug-when-gzungetc-is-used-immediately-after-gzopen.patch b/backport-Fix-bug-when-gzungetc-is-used-immediately-after-gzopen.patch new file mode 100644 index 0000000..a6b892e --- /dev/null +++ b/backport-Fix-bug-when-gzungetc-is-used-immediately-after-gzopen.patch @@ -0,0 +1,26 @@ +From 7dd6aa72455ef1f2aacdc28a00d1eaf632d59593 Mon Sep 17 00:00:00 2001 +From: Mark Adler +Date: Fri, 11 Aug 2023 10:59:03 -0700 +Subject: [PATCH] Fix bug when gzungetc() is used immediately after gzopen(). + +Reference:https://github.com/madler/zlib/commit/7dd6aa72455ef1f2aacdc28a00d1eaf632d59593 +Conflict:NA +--- + gzread.c | 4 ++++ + 1 file changed, 4 insertions(+) + +diff --git a/gzread.c b/gzread.c +index 6034a2823..4168cbc88 100644 +--- a/gzread.c ++++ b/gzread.c +@@ -443,6 +443,10 @@ int ZEXPORT gzungetc(int c, gzFile file) { + return -1; + state = (gz_statep)file; + ++ /* in case this was just opened, set up the input buffer */ ++ if (state->mode == GZ_READ && state->how == LOOK && state->x.have == 0) ++ (void)gz_look(state); ++ + /* check that we're reading and that there's no (serious) error */ + if (state->mode != GZ_READ || + (state->err != Z_OK && state->err != Z_BUF_ERROR)) diff --git a/backport-Fix-bug-when-using-gzflush-with-a-very-small-buffer.patch b/backport-Fix-bug-when-using-gzflush-with-a-very-small-buffer.patch new file mode 100644 index 0000000..047c17d --- /dev/null +++ b/backport-Fix-bug-when-using-gzflush-with-a-very-small-buffer.patch @@ -0,0 +1,26 @@ +From d98251478246c8ef2f405d76e4ef1678c14d7eda Mon Sep 17 00:00:00 2001 +From: Mark Adler +Date: Mon, 14 Aug 2023 17:01:54 -0700 +Subject: [PATCH] Fix bug when using gzflush() with a very small buffer. + +Reference:https://github.com/madler/zlib/commit/d98251478246c8ef2f405d76e4ef1678c14d7eda +Conflict:NA +--- + gzlib.c | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +diff --git a/gzlib.c b/gzlib.c +index 2b446c448..29fc4486f 100644 +--- a/gzlib.c ++++ b/gzlib.c +@@ -308,8 +308,8 @@ int ZEXPORT gzbuffer(gzFile file, unsigned size) { + /* check and set requested size */ + if ((size << 1) < size) + return -1; /* need to be able to double it */ +- if (size < 2) +- size = 2; /* need two bytes to check magic header */ ++ if (size < 8) ++ size = 8; /* needed to behave well with flushing */ + state->want = size; + return 0; + } diff --git a/backport-Fix-bug-when-window-full-in-deflate_stored.patch b/backport-Fix-bug-when-window-full-in-deflate_stored.patch new file mode 100644 index 0000000..e93d41d --- /dev/null +++ b/backport-Fix-bug-when-window-full-in-deflate_stored.patch @@ -0,0 +1,27 @@ +From 8ba393e70d984d902b15b9e6876f4d0d38ae4be8 Mon Sep 17 00:00:00 2001 +From: Mark Adler +Date: Sat, 21 Jan 2017 12:13:25 -0800 +Subject: [PATCH] Fix bug when window full in deflate_stored(). + +Reference:https://github.com/madler/zlib/commit/8ba393e70d984d902b15b9e6876f4d0d38ae4be8 +Conflict:NA +--- + deflate.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/deflate.c b/deflate.c +index d368b25..e97bd87 100644 +--- a/deflate.c ++++ b/deflate.c +@@ -1775,7 +1775,7 @@ local block_state deflate_stored(s, flush) + return block_done; + + /* Fill the window with any remaining input. */ +- have = s->window_size - s->strstart - 1; ++ have = s->window_size - s->strstart; + if (s->strm->avail_in > have && s->block_start >= (long)s->w_size) { + /* Slide the window down. */ + s->block_start -= s->w_size; +-- +2.23.0 + diff --git a/backport-Fix-crash-when-gzsetparams-attempted-for-transparent-write.patch b/backport-Fix-crash-when-gzsetparams-attempted-for-transparent-write.patch new file mode 100644 index 0000000..1d488ba --- /dev/null +++ b/backport-Fix-crash-when-gzsetparams-attempted-for-transparent-write.patch @@ -0,0 +1,26 @@ +From 02a6049eb3884c430268bb0fe3296d597a03174c Mon Sep 17 00:00:00 2001 +From: Mark Adler +Date: Mon, 26 Dec 2022 23:36:01 -0800 +Subject: [PATCH] Fix crash when gzsetparams() attempted for transparent write. + +gzsetparams() now returns a Z_STREAM_ERROR in this case.i + +Reference:https://github.com/madler/zlib/commit/02a6049eb3884c430268bb0fe3296d597a03174c +Conflict:NA +--- + gzwrite.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/gzwrite.c b/gzwrite.c +index eb8a0e589..3030d74d6 100644 +--- a/gzwrite.c ++++ b/gzwrite.c +@@ -609,7 +609,7 @@ int ZEXPORT gzsetparams(file, level, strategy) + strm = &(state->strm); + + /* check that we're writing and that there's no error */ +- if (state->mode != GZ_WRITE || state->err != Z_OK) ++ if (state->mode != GZ_WRITE || state->err != Z_OK || state->direct) + return Z_STREAM_ERROR; + + /* if no change is requested, then do nothing */ diff --git a/backport-Fix-decision-on-the-emission-of-Zip64-end-records-in.patch b/backport-Fix-decision-on-the-emission-of-Zip64-end-records-in.patch new file mode 100644 index 0000000..a2a8435 --- /dev/null +++ b/backport-Fix-decision-on-the-emission-of-Zip64-end-records-in.patch @@ -0,0 +1,35 @@ +From 15c45adb76e81a7e3a8a9e17b2a56eb90f668f44 Mon Sep 17 00:00:00 2001 +From: Mark Adler +Date: Tue, 7 Nov 2023 15:46:41 -0800 +Subject: [PATCH] Fix decision on the emission of Zip64 end records in minizip. + +The appnote says that if the number of entries in the end record +is 0xffff, then the actual number of entries will be found in the +Zip64 end record. Therefore if the number of entries is equal to +0xffff, it can't be in the end record by itself, since that is an +instruction to get the number from the Zip64 end record. This code +would just store 0xffff in the end record in that case, not making +a Zip64 end record. This commit fixes that. + +Reference: https://github.com/madler/zlib/commit/15c45adb76e81a7e3a8a9e17b2a56eb90f668f44 +Conflict: no +--- + contrib/minizip/zip.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/contrib/minizip/zip.c b/contrib/minizip/zip.c +index 0446109..86be90b 100644 +--- a/contrib/minizip/zip.c ++++ b/contrib/minizip/zip.c +@@ -1872,7 +1872,7 @@ extern int ZEXPORT zipClose(zipFile file, const char* global_comment) { + free_linkedlist(&(zi->central_dir)); + + pos = centraldir_pos_inzip - zi->add_position_when_writing_offset; +- if(pos >= 0xffffffff || zi->number_entry > 0xFFFF) ++ if(pos >= 0xffffffff || zi->number_entry >= 0xFFFF) + { + ZPOS64_T Zip64EOCDpos = ZTELL64(zi->z_filefunc,zi->filestream); + Write_Zip64EndOfCentralDirectoryRecord(zi, size_centraldir, centraldir_pos_inzip); +-- +2.33.0 + diff --git a/backport-Fix-deflateEnd-to-not-report-an-error-at-start-of-ra.patch b/backport-Fix-deflateEnd-to-not-report-an-error-at-start-of-ra.patch new file mode 100644 index 0000000..a70eae6 --- /dev/null +++ b/backport-Fix-deflateEnd-to-not-report-an-error-at-start-of-ra.patch @@ -0,0 +1,36 @@ +From c376a417a724c21173f40765bd643388523b16f7 Mon Sep 17 00:00:00 2001 +From: Mark Adler +Date: Thu, 12 Oct 2017 21:07:22 -0700 +Subject: [PATCH] Fix deflateEnd() to not report an error at start of raw deflate. + +Reference:https://github.com/madler/zlib/commit/c376a417a724c21173f40765bd643388523b16f7 +Conflict:NA +--- + deflate.c | 4 +++- + 1 file changed, 3 insertions(+), 1 deletion(-) + +diff --git a/deflate.c b/deflate.c +index 568eadd..425babc 100644 +--- a/deflate.c ++++ b/deflate.c +@@ -491,7 +491,7 @@ int ZEXPORT deflateResetKeep (strm) + #ifdef GZIP + s->wrap == 2 ? GZIP_STATE : + #endif +- s->wrap ? INIT_STATE : BUSY_STATE; ++ INIT_STATE; + strm->adler = + #ifdef GZIP + s->wrap == 2 ? crc32(0L, Z_NULL, 0) : +@@ -814,6 +814,8 @@ int ZEXPORT deflate (strm, flush) + } + + /* Write the header */ ++ if (s->status == INIT_STATE && s->wrap == 0) ++ s->status = BUSY_STATE; + if (s->status == INIT_STATE) { + /* zlib header */ + uInt header = (Z_DEFLATED + ((s->w_bits-8)<<4)) << 8; +-- +2.23.0 + diff --git a/backport-Fix-inflateBack-to-detect-invalid-input-with-distanc.patch b/backport-Fix-inflateBack-to-detect-invalid-input-with-distanc.patch new file mode 100644 index 0000000..10fc042 --- /dev/null +++ b/backport-Fix-inflateBack-to-detect-invalid-input-with-distanc.patch @@ -0,0 +1,27 @@ +From 2333419cd76cb9ae5f15c9b240b16a2052b27691 Mon Sep 17 00:00:00 2001 +From: Mark Adler +Date: Mon, 27 Jun 2022 12:15:36 -0700 +Subject: [PATCH] Fix inflateBack to detect invalid input with distances too + far. + +Reference:https://github.com/madler/zlib/commit/2333419cd76cb9ae5f15c9b240b16a2052b27691 +Conflict:NA +--- + infback.c | 1 + + 1 file changed, 1 insertion(+) + +diff --git a/infback.c b/infback.c +index a390c58..4c712a1 100644 +--- a/infback.c ++++ b/infback.c +@@ -66,6 +66,7 @@ int stream_size; + state->window = window; + state->wnext = 0; + state->whave = 0; ++ state->sane = 1; + return Z_OK; + } + +-- +2.33.0 + diff --git a/backport-Fix-logic-error-in-minizip-argument-processing.patch b/backport-Fix-logic-error-in-minizip-argument-processing.patch new file mode 100644 index 0000000..e10da93 --- /dev/null +++ b/backport-Fix-logic-error-in-minizip-argument-processing.patch @@ -0,0 +1,24 @@ +From 3061e5013c2569974fd7d830f2776b38da4e2691 Mon Sep 17 00:00:00 2001 +From: Mark Adler +Date: Sat, 29 Jul 2023 23:51:22 -0700 +Subject: [PATCH] Fix logic error in minizip argument processing. + +Reference:https://github.com/madler/zlib/commit/3061e5013c2569974fd7d830f2776b38da4e2691 +Conflict:NA +--- + contrib/minizip/minizip.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/contrib/minizip/minizip.c b/contrib/minizip/minizip.c +index f458c85ef..61a9d4c7d 100644 +--- a/contrib/minizip/minizip.c ++++ b/contrib/minizip/minizip.c +@@ -381,7 +381,7 @@ int main(int argc, char *argv[]) { + ((argv[i][1]=='o') || (argv[i][1]=='O') || + (argv[i][1]=='a') || (argv[i][1]=='A') || + (argv[i][1]=='p') || (argv[i][1]=='P') || +- ((argv[i][1]>='0') || (argv[i][1]<='9'))) && ++ ((argv[i][1]>='0') && (argv[i][1]<='9'))) && + (strlen(argv[i]) == 2))) + { + FILE * fin; diff --git a/backport-Fix-memory-leak-on-error-in-gzlog.c.patch b/backport-Fix-memory-leak-on-error-in-gzlog.c.patch new file mode 100644 index 0000000..dba4f04 --- /dev/null +++ b/backport-Fix-memory-leak-on-error-in-gzlog.c.patch @@ -0,0 +1,46 @@ +:From 02064366155215162223417b939deebfe563ded0 Mon Sep 17 00:00:00 2001 +From: Mark Adler +Date: Sat, 25 May 2019 22:23:20 -0700 +Subject: [PATCH] Fix memory leak on error in gzlog.c. + +Thank you Adam Richter. + +Reference:https://github.com/madler/zlib/commit/02064366155215162223417b939deebfe563ded0 +Conflict:NA +--- + examples/gzlog.c | 6 ++++-- + 1 file changed, 4 insertions(+), 2 deletions(-) + +diff --git a/examples/gzlog.c b/examples/gzlog.c +index b8c2927..b977802 100644 +--- a/examples/gzlog.c ++++ b/examples/gzlog.c +@@ -1,8 +1,8 @@ + /* + * gzlog.c +- * Copyright (C) 2004, 2008, 2012, 2016 Mark Adler, all rights reserved ++ * Copyright (C) 2004, 2008, 2012, 2016, 2019 Mark Adler, all rights reserved + * For conditions of distribution and use, see copyright notice in gzlog.h +- * version 2.2, 14 Aug 2012 ++ * version 2.3, 25 May 2019 + */ + + /* +@@ -756,12 +756,14 @@ local int log_recover(struct log *log, int op) + return -2; + } + if ((fd = open(log->path, O_RDONLY, 0)) < 0) { ++ free(data); + log_log(log, op, ".add file read failure"); + return -1; + } + ret = (size_t)read(fd, data, len) != len; + close(fd); + if (ret) { ++ free(data); + log_log(log, op, ".add file read failure"); + return -1; + } +-- +2.23.0 + diff --git a/backport-Fix-reading-disk-number-start-on-zip64-files-in-minizip.patch b/backport-Fix-reading-disk-number-start-on-zip64-files-in-minizip.patch new file mode 100644 index 0000000..f68c8af --- /dev/null +++ b/backport-Fix-reading-disk-number-start-on-zip64-files-in-minizip.patch @@ -0,0 +1,40 @@ +From e0bd0ad6e4d8afd2bc3d55d84d459a0e2c0e2890 Mon Sep 17 00:00:00 2001 +From: Mark Adler +Date: Sat, 29 Jul 2023 23:34:26 -0700 +Subject: [PATCH] Fix reading disk number start on zip64 files in minizip. + +Reference:https://github.com/madler/zlib/commit/e0bd0ad6e4d8afd2bc3d55d84d459a0e2c0e2890 +Conflict:NA +--- + contrib/minizip/unzip.c | 6 ++---- + 1 file changed, 2 insertions(+), 4 deletions(-) + +diff --git a/contrib/minizip/unzip.c b/contrib/minizip/unzip.c +index 1da51a9..9329732 100644 +--- a/contrib/minizip/unzip.c ++++ b/contrib/minizip/unzip.c +@@ -1038,8 +1038,6 @@ local int unz64local_GetCurrentFileInfoInternal (unzFile file, + /* ZIP64 extra fields */ + if (headerId == 0x0001) + { +- uLong uL; +- + if(file_info.uncompressed_size == MAXU32) + { + if (unz64local_getLong64(&s->z_filefunc, s->filestream,&file_info.uncompressed_size) != UNZ_OK) +@@ -1059,10 +1057,10 @@ local int unz64local_GetCurrentFileInfoInternal (unzFile file, + err=UNZ_ERRNO; + } + +- if(file_info.disk_num_start == MAXU32) ++ if(file_info.disk_num_start == 0xffff) + { + /* Disk Start Number */ +- if (unz64local_getLong(&s->z_filefunc, s->filestream,&uL) != UNZ_OK) ++ if (unz64local_getLong(&s->z_filefunc, s->filestream,&file_info.disk_num_start) != UNZ_OK) + err=UNZ_ERRNO; + } + +-- +2.27.0 + diff --git a/backport-Fix-unztell64-in-minizip-to-work-past-4GB.-Dani-l-H-.patch b/backport-Fix-unztell64-in-minizip-to-work-past-4GB.-Dani-l-H-.patch new file mode 100644 index 0000000..a46332c --- /dev/null +++ b/backport-Fix-unztell64-in-minizip-to-work-past-4GB.-Dani-l-H-.patch @@ -0,0 +1,42 @@ +From 58ca4e57ce7d76734d8b5afa03d205f694419b17 Mon Sep 17 00:00:00 2001 +From: Mark Adler +Date: Sat, 1 Jan 2022 12:09:30 -0800 +Subject: [PATCH] =?UTF-8?q?Fix=20unztell64()=20in=20minizip=20to=20work=20?= + =?UTF-8?q?past=204GB.=20(Dani=C3=ABl=20H=C3=B6rchner)?= +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +The issue is that unztell64() does not return the correct value if +the position in the current file (in the ZIP archive) is beyond 4 +GB. The cause is that unzReadCurrentFile() does not account for +pfile_in_zip_read_info->stream.total_out at line 1854 of unzip.c +wrapping around (it is a 32-bit variable). So, on line 1860 +uTotalOutAfter can be *less* than uTotalOutBefore, propagating the +wraparound to uOutThis, which in turn is added to +pfile_in_zip_read_info->total_out_64. That has the effect of +subtracting 4 GB. + +Reference:https://github.com/madler/zlib/commit/c376a417a724c21173f40765bd643388523b16f7 +Conflict:NA +--- + contrib/minizip/unzip.c | 3 +++ + 1 file changed, 3 insertions(+) + +diff --git a/contrib/minizip/unzip.c b/contrib/minizip/unzip.c +index bcfb941..b16a75e 100644 +--- a/contrib/minizip/unzip.c ++++ b/contrib/minizip/unzip.c +@@ -1857,6 +1857,9 @@ extern int ZEXPORT unzReadCurrentFile (unzFile file, voidp buf, unsigned len) + err = Z_DATA_ERROR; + + uTotalOutAfter = pfile_in_zip_read_info->stream.total_out; ++ /* Detect overflow, because z_stream.total_out is uLong (32 bits) */ ++ if (uTotalOutAftertotal_out_64 = pfile_in_zip_read_info->total_out_64 + uOutThis; +-- +2.23.0 + diff --git a/backport-Handle-case-where-inflateSync-used-when-header-never.patch b/backport-Handle-case-where-inflateSync-used-when-header-never.patch new file mode 100644 index 0000000..39f0a0e --- /dev/null +++ b/backport-Handle-case-where-inflateSync-used-when-header-never.patch @@ -0,0 +1,35 @@ +From 44e8ac810d7d50381429a15cdc6e48816beafd2b Mon Sep 17 00:00:00 2001 +From: Mark Adler +Date: Sun, 16 Apr 2017 08:35:33 -0700 +Subject: [PATCH] Handle case where inflateSync used when header never + processed. + +If zlib and/or gzip header processing was requested, but a header +was never provided and inflateSync was used successfully, then the +inflate state would be inconsistent, trying to compute a check +value but with no flags set. This commit sets the inflate mode to +raw in this case, since there is no other assumption that can be +made if a header was requested but never seen. + +Reference:https://github.com/madler/zlib/commit/44e8ac810d7d50381429a15cdc6e48816beafd2b +Conflict:NA +--- + inflate.c | 2 ++ + 1 file changed, 2 insertions(+) + +diff --git a/inflate.c b/inflate.c +index a4b5b68..575fcdf 100644 +--- a/inflate.c ++++ b/inflate.c +@@ -1433,6 +1433,8 @@ z_streamp strm; + + /* return no joy or set up to restart inflate() on a new block */ + if (state->have != 4) return Z_DATA_ERROR; ++ if (state->mode == HEAD) ++ state->wrap = 0; /* never processed header, so assume raw */ + in = strm->total_in; out = strm->total_out; + inflateReset(strm); + strm->total_in = in; strm->total_out = out; +-- +2.23.0 + diff --git a/backport-Neutralize-zip-file-traversal-attacks-in-miniunz.patch b/backport-Neutralize-zip-file-traversal-attacks-in-miniunz.patch new file mode 100644 index 0000000..18589f5 --- /dev/null +++ b/backport-Neutralize-zip-file-traversal-attacks-in-miniunz.patch @@ -0,0 +1,61 @@ +From 14a5f8f266c16c87ab6c086fc52b770b27701e01 Mon Sep 17 00:00:00 2001 +From: Matt Wilson +Date: Wed, 17 Jan 2024 14:46:18 -0800 +Subject: [PATCH] Neutralize zip file traversal attacks in miniunz. + +Archive formats such as .zip files are generally susceptible to +so-called "traversal attacks". This allows an attacker to craft +an archive that writes to unexpected locations of the file system +(e.g., /etc/shadow) if an unspecting root user were to unpack a +malicious archive. + +This patch neutralizes absolute paths such as /tmp/moo and deeply +relative paths such as dummy/../../../../../../../../../../tmp/moo + +The Debian project requested CVE-2014-9485 be allocated for the +first identified weakness. The fix was incomplete, resulting in a +revised patch applied here. Since there wasn't an updated version +released by Debian with the incomplete fix, I suggest we use this +CVE to identify both issues. + +Link: https://security.snyk.io/research/zip-slip-vulnerability +Link: https://bugs.debian.org/774321 +Link: https://bugs.debian.org/776831 +Link: https://nvd.nist.gov/vuln/detail/CVE-2014-9485 +Reported-by: Jakub Wilk +Fixed-by: Michael Gilbert + +Reference: https://github.com/madler/zlib/commit/14a5f8f266c16c87ab6c086fc52b770b27701e01 +Conflict: no +--- + contrib/minizip/miniunz.c | 14 ++++++++++++++ + 1 file changed, 14 insertions(+) + +diff --git a/contrib/minizip/miniunz.c b/contrib/minizip/miniunz.c +index 0c2fb0d..d627c42 100644 +--- a/contrib/minizip/miniunz.c ++++ b/contrib/minizip/miniunz.c +@@ -356,6 +356,20 @@ static int do_extract_currentfile(unzFile uf, const int* popt_extract_without_pa + else + write_filename = filename_withoutpath; + ++ if (write_filename[0]!='\0') ++ { ++ const char* relative_check = write_filename; ++ while (relative_check[1]!='\0') ++ { ++ if (relative_check[0]=='.' && relative_check[1]=='.') ++ write_filename = relative_check; ++ relative_check++; ++ } ++ } ++ ++ while (write_filename[0]=='/' || write_filename[0]=='.') ++ write_filename++; ++ + err = unzOpenCurrentFilePassword(uf,password); + if (err!=UNZ_OK) + { +-- +2.33.0 + diff --git a/backport-Remove-use-of-OF-from-contrib-untgz-and-render-it-compilable.patch b/backport-Remove-use-of-OF-from-contrib-untgz-and-render-it-compilable.patch new file mode 100644 index 0000000..eabc5eb --- /dev/null +++ b/backport-Remove-use-of-OF-from-contrib-untgz-and-render-it-compilable.patch @@ -0,0 +1,109 @@ +From 66588683b36042154ad35140bf9fcbb60c5d573c Mon Sep 17 00:00:00 2001 +From: Mark Adler +Date: Sat, 15 Apr 2023 11:27:12 -0700 +Subject: [PATCH] Remove use of OF() from contrib/untgz and render it + compilable. + +Reference:https://github.com/madler/zlib/commit/66588683b36042154ad35140bf9fcbb60c5d573c +Conflict:NA +--- + contrib/untgz/untgz.c | 47 +++++++++++-------------------------------- + 1 file changed, 12 insertions(+), 35 deletions(-) + +diff --git a/contrib/untgz/untgz.c b/contrib/untgz/untgz.c +index 2c391e598..3e530971c 100644 +--- a/contrib/untgz/untgz.c ++++ b/contrib/untgz/untgz.c +@@ -14,15 +14,10 @@ + + #include "zlib.h" + +-#ifdef unix +-# include +-#else ++#ifdef _WIN32 + # include + # include +-#endif +- +-#ifdef WIN32 +-#include ++# include + # ifndef F_OK + # define F_OK 0 + # endif +@@ -33,6 +28,8 @@ + # define strdup(str) _strdup(str) + # endif + #else ++# include ++# include + # include + #endif + +@@ -102,28 +99,14 @@ struct attr_item + + enum { TGZ_EXTRACT, TGZ_LIST, TGZ_INVALID }; + +-char *TGZfname OF((const char *)); +-void TGZnotfound OF((const char *)); +- +-int getoct OF((char *, int)); +-char *strtime OF((time_t *)); +-int setfiletime OF((char *, time_t)); +-void push_attr OF((struct attr_item **, char *, int, time_t)); +-void restore_attr OF((struct attr_item **)); +- +-int ExprMatch OF((char *, char *)); +- +-int makedir OF((char *)); +-int matchname OF((int, int, char **, char *)); +- +-void error OF((const char *)); +-int tar OF((gzFile, int, int, int, char **)); +- +-void help OF((int)); +-int main OF((int, char **)); +- + char *prog; + ++void error(const char *msg) ++{ ++ fprintf(stderr, "%s: %s\n", prog, msg); ++ exit(1); ++} ++ + const char *TGZsuffix[] = { "\0", ".tar", ".tar.gz", ".taz", ".tgz", NULL }; + + /* return the file name of the TGZ archive */ +@@ -205,7 +188,7 @@ char *strtime (time_t *t) + + int setfiletime (char *fname,time_t ftime) + { +-#ifdef WIN32 ++#ifdef _WIN32 + static int isWinNT = -1; + SYSTEMTIME st; + FILETIME locft, modft; +@@ -590,12 +573,6 @@ void help(int exitval) + exit(exitval); + } + +-void error(const char *msg) +-{ +- fprintf(stderr, "%s: %s\n", prog, msg); +- exit(1); +-} +- + + /* ============================================================ */ + +@@ -608,7 +585,7 @@ int main(int argc,char **argv) + int action = TGZ_EXTRACT; + int arg = 1; + char *TGZfile; +- gzFile *f; ++ gzFile f; + + prog = strrchr(argv[0],'\\'); + if (prog == NULL) diff --git a/backport-Return-an-error-if-the-gzputs-string-length-can-t-fi.patch b/backport-Return-an-error-if-the-gzputs-string-length-can-t-fi.patch new file mode 100644 index 0000000..59dcf67 --- /dev/null +++ b/backport-Return-an-error-if-the-gzputs-string-length-can-t-fi.patch @@ -0,0 +1,43 @@ +From 90287635ef9ae8e51e120483d1b48789239a0577 Mon Sep 17 00:00:00 2001 +From: Mark Adler +Date: Sat, 11 Feb 2017 23:54:17 -0800 +Subject: [PATCH] Return an error if the gzputs string length can't fit in an int. + +Reference:https://github.com/madler/zlib/commit/90287635ef9ae8e51e120483d1b48789239a0577 +Conflict:NA +--- + gzwrite.c | 11 +++++++---- + 1 file changed, 7 insertions(+), 4 deletions(-) + +diff --git a/gzwrite.c b/gzwrite.c +index 35b9aa6..3560193 100644 +--- a/gzwrite.c ++++ b/gzwrite.c +@@ -353,8 +353,7 @@ int ZEXPORT gzputs(file, str) + gzFile file; + const char *str; + { +- int ret; +- z_size_t len; ++ z_size_t len, put; + gz_statep state; + + /* get internal structure */ +@@ -368,8 +367,12 @@ int ZEXPORT gzputs(file, str) + + /* write string */ + len = strlen(str); +- ret = gz_write(state, str, len); +- return ret == 0 && len != 0 ? -1 : ret; ++ if ((int)len < 0 || (unsigned)len != len) { ++ gz_error(state, Z_STREAM_ERROR, "string length does not fit in int"); ++ return -1; ++ } ++ put = gz_write(state, str, len); ++ return put < len ? -1 : (int)len; + } + + #if defined(STDC) || defined(Z_HAVE_STDARG_H) +-- +2.23.0 + diff --git a/backport-Security-and-warning-fixes-for-minizip.-gvollant.patch b/backport-Security-and-warning-fixes-for-minizip.-gvollant.patch new file mode 100644 index 0000000..a85f136 --- /dev/null +++ b/backport-Security-and-warning-fixes-for-minizip.-gvollant.patch @@ -0,0 +1,71 @@ +From 138c93cffb76f5c24e4ae6e81e6210428856f825 Mon Sep 17 00:00:00 2001 +From: Mark Adler +Date: Thu, 6 Oct 2022 15:49:04 -0700 +Subject: [PATCH] Security and warning fixes for minizip. [gvollant] + +Remove unused code and unnecessary test for free(). + +Reference:https://github.com/madler/zlib/commit/138c93cffb76f5c24e4ae6e81e6210428856f825 +Conflict:NA +--- + contrib/minizip/unzip.c | 4 +++- + contrib/minizip/zip.c | 7 +------ + 2 files changed, 4 insertions(+), 7 deletions(-) + +diff --git a/contrib/minizip/unzip.c b/contrib/minizip/unzip.c +index 31e7056..17e668e 100644 +--- a/contrib/minizip/unzip.c ++++ b/contrib/minizip/unzip.c +@@ -108,7 +108,7 @@ + # define ALLOC(size) (malloc(size)) + #endif + #ifndef TRYFREE +-# define TRYFREE(p) {if (p) free(p);} ++# define TRYFREE(p) { free(p);} + #endif + + #define SIZECENTRALDIRITEM (0x2e) +@@ -1562,6 +1562,7 @@ extern int ZEXPORT unzOpenCurrentFile3 (unzFile file, int* method, + pfile_in_zip_read_info->stream_initialised=Z_BZIP2ED; + else + { ++ TRYFREE(pfile_in_zip_read_info->read_buffer); + TRYFREE(pfile_in_zip_read_info); + return err; + } +@@ -1582,6 +1583,7 @@ extern int ZEXPORT unzOpenCurrentFile3 (unzFile file, int* method, + pfile_in_zip_read_info->stream_initialised=Z_DEFLATED; + else + { ++ TRYFREE(pfile_in_zip_read_info->read_buffer); + TRYFREE(pfile_in_zip_read_info); + return err; + } +diff --git a/contrib/minizip/zip.c b/contrib/minizip/zip.c +index 44e88a9..425aaf2 100644 +--- a/contrib/minizip/zip.c ++++ b/contrib/minizip/zip.c +@@ -1471,11 +1471,6 @@ extern int ZEXPORT zipWriteInFileInZip (zipFile file,const void* buf,unsigned in + { + uLong uTotalOutBefore = zi->ci.stream.total_out; + err=deflate(&zi->ci.stream, Z_NO_FLUSH); +- if(uTotalOutBefore > zi->ci.stream.total_out) +- { +- int bBreak = 0; +- bBreak++; +- } + + zi->ci.pos_in_buffered_data += (uInt)(zi->ci.stream.total_out - uTotalOutBefore) ; + } +@@ -1959,7 +1954,7 @@ extern int ZEXPORT zipRemoveExtraInfoBlock (char* pData, int* dataLen, short sHe + + int retVal = ZIP_OK; + +- if(pData == NULL || *dataLen < 4) ++ if(pData == NULL || dataLen == NULL || *dataLen < 4) + return ZIP_PARAMERROR; + + pNewHeader = (char*)ALLOC(*dataLen); +-- +2.33.0 + diff --git a/backport-Suppress-MSAN-detections-in-deflate-slide_hash.patch b/backport-Suppress-MSAN-detections-in-deflate-slide_hash.patch new file mode 100644 index 0000000..449a9e3 --- /dev/null +++ b/backport-Suppress-MSAN-detections-in-deflate-slide_hash.patch @@ -0,0 +1,36 @@ +From 981ee7570ad98a3cf1ae74d737e2ee619ed79171 Mon Sep 17 00:00:00 2001 +From: Andrzej Hunt +Date: Fri, 4 Jun 2021 18:25:19 +0200 +Subject: [PATCH] Suppress MSAN detections in deflate's slide_hash(). + +slide_hash() knowingly reads potentially uninitialized memory, see +comment lower down about prev[n] potentially being garbage. In +this case, the result is never used. + +Reference:https://github.com/madler/zlib/commit/981ee7570ad98a3cf1ae74d737e2ee619ed79171 +Conflict:NA +--- + deflate.c | 7 +++++++ + 1 file changed, 7 insertions(+) + +diff --git a/deflate.c b/deflate.c +index 5410497..8088083 100644 +--- a/deflate.c ++++ b/deflate.c +@@ -209,6 +209,13 @@ local const config configuration_table[10] = { + * bit values at the expense of memory usage). We slide even when level == 0 to + * keep the hash table consistent if we switch back to level > 0 later. + */ ++ ++#if defined(__has_feature) ++# if __has_feature(memory_sanitizer) ++ __attribute__((no_sanitize("memory"))) ++# endif ++#endif ++ + local void slide_hash(s) + deflate_state *s; + { +-- +2.27.0 + diff --git a/backport-avoid-uninitialized-and-unused-warnings-in-contrib-minizip.patch b/backport-avoid-uninitialized-and-unused-warnings-in-contrib-minizip.patch new file mode 100644 index 0000000..3990cec --- /dev/null +++ b/backport-avoid-uninitialized-and-unused-warnings-in-contrib-minizip.patch @@ -0,0 +1,63 @@ +From 25bbd7f5a6a172b83b59fab7a80c55d1533dd100 Mon Sep 17 00:00:00 2001 +From: Mark Adler +Date: Thu, 17 Aug 2023 21:40:28 -0700 +Subject: [PATCH] Avoid uninitialized and unused warnings in contrib/minizip. + +Reference:https://github.com/madler/zlib/commit/25bbd7f5a6a172b83b59fab7a80c55d1533dd100 +Conflict:NA +--- + contrib/minizip/miniunz.c | 10 ++++++++-- + contrib/minizip/minizip.c | 2 +- + 2 files changed, 9 insertions(+), 3 deletions(-) + +diff --git a/contrib/minizip/miniunz.c b/contrib/minizip/miniunz.c +index 3d65401..507820d 100644 +--- a/contrib/minizip/miniunz.c ++++ b/contrib/minizip/miniunz.c +@@ -113,7 +113,11 @@ void change_file_date(filename,dosdate,tmu_date) + + ut.actime=ut.modtime=mktime(&newdate); + utime(filename,&ut); +-#endif ++#else ++ (void)filename; ++ (void)dosdate; ++ (void)tmu_date; ++#endif + #endif + } + +@@ -131,6 +135,8 @@ int mymkdir(dirname) + ret = mkdir (dirname,0775); + #elif __APPLE__ + ret = mkdir (dirname,0775); ++#else ++ (void)dirname; + #endif + return ret; + } +@@ -248,7 +254,7 @@ int do_list(uf) + char filename_inzip[256]; + unz_file_info64 file_info; + uLong ratio=0; +- const char *string_method; ++ const char *string_method = ""; + char charCrypt=' '; + err = unzGetCurrentFileInfo64(uf,&file_info,filename_inzip,sizeof(filename_inzip),NULL,0,NULL,0); + if (err!=UNZ_OK) +diff --git a/contrib/minizip/minizip.c b/contrib/minizip/minizip.c +index c5d9cc6..5dde38f 100644 +--- a/contrib/minizip/minizip.c ++++ b/contrib/minizip/minizip.c +@@ -395,7 +395,7 @@ int main(argc,argv) + ((argv[i][1]>='0') && (argv[i][1]<='9'))) && + (strlen(argv[i]) == 2))) + { +- FILE * fin; ++ FILE * fin = NULL; + int size_read; + const char* filenameinzip = argv[i]; + const char *savefilenameinzip; +-- +2.27.0 + diff --git a/backport-minizip-Fix-being-unable-to-open-empty-zip-file.patch b/backport-minizip-Fix-being-unable-to-open-empty-zip-file.patch new file mode 100644 index 0000000..f574468 --- /dev/null +++ b/backport-minizip-Fix-being-unable-to-open-empty-zip-file.patch @@ -0,0 +1,160 @@ +From f209ca7be7981dc8fca79428706057e4ebc929ee Mon Sep 17 00:00:00 2001 +From: RedworkDE <10944644+RedworkDE@users.noreply.github.com> +Date: Wed, 15 Feb 2023 12:25:33 +0100 +Subject: [PATCH] minizip: Fix being unable to open empty zip file + +Reference:https://github.com/madler/zlib/commit/f209ca7be7981dc8fca79428706057e4ebc929ee +Conflict:NA +--- + contrib/minizip/unzip.c | 48 ++++++++++++++++++++++------------------- + 1 file changed, 26 insertions(+), 22 deletions(-) + +diff --git a/contrib/minizip/unzip.c b/contrib/minizip/unzip.c +index ad2eb3bc9..3adc692f3 100644 +--- a/contrib/minizip/unzip.c ++++ b/contrib/minizip/unzip.c +@@ -379,6 +379,10 @@ extern int ZEXPORT unzStringFileNameCompare (const char* fileName1, + #define BUFREADCOMMENT (0x400) + #endif + ++#ifndef CENTRALDIRINVALID ++#define CENTRALDIRINVALID ((ZPOS64_T)(-1)) ++#endif ++ + /* + Locate the Central directory of a zipfile (at the end, just before + the global comment) +@@ -388,10 +392,10 @@ local ZPOS64_T unz64local_SearchCentralDir(const zlib_filefunc64_32_def* pzlib_f + ZPOS64_T uSizeFile; + ZPOS64_T uBackRead; + ZPOS64_T uMaxBack=0xffff; /* maximum size of global comment */ +- ZPOS64_T uPosFound=0; ++ ZPOS64_T uPosFound=CENTRALDIRINVALID; + + if (ZSEEK64(*pzlib_filefunc_def,filestream,0,ZLIB_FILEFUNC_SEEK_END) != 0) +- return 0; ++ return CENTRALDIRINVALID; + + + uSizeFile = ZTELL64(*pzlib_filefunc_def,filestream); +@@ -401,7 +405,7 @@ local ZPOS64_T unz64local_SearchCentralDir(const zlib_filefunc64_32_def* pzlib_f + + buf = (unsigned char*)ALLOC(BUFREADCOMMENT+4); + if (buf==NULL) +- return 0; ++ return CENTRALDIRINVALID; + + uBackRead = 4; + while (uBackRead +Date: Sun, 14 Sep 2020 15:36:12 +0800 +Subject: [PATCH] zlib-1.2.11-SIMD.patch + +In the sampling of the Hive test program, it is found that inflate occupies a high proportion. +The zlib is optimized through instruction set optimization, hash replacement, and compilation option optimization. +The inflate and deflate processes of the Zlib library provided by the JDK are optimized to shorten the invoking time. +--- + CMakeLists.txt | 6 + + adler32.c | 169 +++++++++++++++++++++- + deflate.c | 21 ++- + inffast.c | 62 ++++++++- + inffast.h | 370 +++++++++++++++++++++++++++++++++++++++++++++++++ + inflate.c | 7 + + 6 files changed, 626 insertions(+), 9 deletions(-) + +diff --git a/CMakeLists.txt b/CMakeLists.txt +index 0fe939d..4326512 100644 +--- a/CMakeLists.txt ++++ b/CMakeLists.txt +@@ -162,6 +162,12 @@ if(MSVC) + endif() + endif() + ++if(CMAKE_COMPILER_IS_GNUCC) ++ if(ARM_NEON) ++ add_definitions(-DHASH_ARMV8_CRC32 -march=armv8-a+crc -DUNALIGNED_OK -DADLER32_SIMD_NEON -DINFLATE_CHUNK_SIMD_NEON -O3) ++ endif() ++endif() ++ + # parse the full version number from zlib.h and include in ZLIB_FULL_VERSION + file(READ ${CMAKE_CURRENT_SOURCE_DIR}/zlib.h _zlib_h_contents) + string(REGEX REPLACE ".*#define[ \t]+ZLIB_VERSION[ \t]+\"([-0-9A-Za-z.]+)\".*" +diff --git a/adler32.c b/adler32.c +index d0be438..6ced75d 100644 +--- a/adler32.c ++++ b/adler32.c +@@ -59,7 +59,169 @@ local uLong adler32_combine_ OF((uLong adler1, uLong adler2, z_off64_t len2)); + # define MOD63(a) a %= BASE + #endif + +-/* ========================================================================= */ ++#if defined(ADLER32_SIMD_NEON) ++#include ++/* ++ * Multiply-add bytes by [ 32, 31, 30, ... ] for s2. ++ */ ++uint32x4_t ZLIB_INTERNAL mul_add_bytes( ++ uint32x4_t v_s2, ++ uint16x8_t v_column_sum_1, ++ uint16x8_t v_column_sum_2, ++ uint16x8_t v_column_sum_3, ++ uint16x8_t v_column_sum_4) ++{ ++ v_s2 = vshlq_n_u32(v_s2, 5); ++ ++ v_s2 = vmlal_u16(v_s2, vget_low_u16 (v_column_sum_1), ++ (uint16x4_t) { 32, 31, 30, 29 }); ++ v_s2 = vmlal_u16(v_s2, vget_high_u16(v_column_sum_1), ++ (uint16x4_t) { 28, 27, 26, 25 }); ++ v_s2 = vmlal_u16(v_s2, vget_low_u16 (v_column_sum_2), ++ (uint16x4_t) { 24, 23, 22, 21 }); ++ v_s2 = vmlal_u16(v_s2, vget_high_u16(v_column_sum_2), ++ (uint16x4_t) { 20, 19, 18, 17 }); ++ v_s2 = vmlal_u16(v_s2, vget_low_u16 (v_column_sum_3), ++ (uint16x4_t) { 16, 15, 14, 13 }); ++ v_s2 = vmlal_u16(v_s2, vget_high_u16(v_column_sum_3), ++ (uint16x4_t) { 12, 11, 10, 9 }); ++ v_s2 = vmlal_u16(v_s2, vget_low_u16 (v_column_sum_4), ++ (uint16x4_t) { 8, 7, 6, 5 }); ++ v_s2 = vmlal_u16(v_s2, vget_high_u16(v_column_sum_4), ++ (uint16x4_t) { 4, 3, 2, 1 }); ++ return v_s2; ++} ++ ++/* ++ * Handle leftover data. ++ */ ++uLong ZLIB_INTERNAL leftover_handler(uint32_t s1, uint32_t s2, const Bytef *buf, z_size_t len) ++{ ++ if (len) { ++ if (len >= 16) { ++ s2 += (s1 += *buf++); ++ s2 += (s1 += *buf++); ++ s2 += (s1 += *buf++); ++ s2 += (s1 += *buf++); ++ ++ s2 += (s1 += *buf++); ++ s2 += (s1 += *buf++); ++ s2 += (s1 += *buf++); ++ s2 += (s1 += *buf++); ++ ++ s2 += (s1 += *buf++); ++ s2 += (s1 += *buf++); ++ s2 += (s1 += *buf++); ++ s2 += (s1 += *buf++); ++ ++ s2 += (s1 += *buf++); ++ s2 += (s1 += *buf++); ++ s2 += (s1 += *buf++); ++ s2 += (s1 += *buf++); ++ ++ len -= 16; ++ } ++ ++ while (len--) { ++ s2 += (s1 += *buf++); ++ } ++ ++ if (s1 >= BASE) ++ s1 -= BASE; ++ s2 %= BASE; ++ } ++ ++ /* ++ * Return the recombined sums. ++ */ ++ return s1 | (s2 << 16); ++} ++ ++uLong ZLIB_INTERNAL adler32_simd_(uLong adler, const Bytef *buf, z_size_t len) ++{ ++ /* ++ * Split Adler-32 into component sums. ++ */ ++ uint32_t s1 = adler & 0xffff; ++ uint32_t s2 = adler >> 16; ++ /* ++ * Serially compute s1 & s2, until the data is 16-byte aligned. ++ */ ++ if ((uintptr_t)buf & 0xf) { ++ while ((uintptr_t)buf & 0xf) { ++ s2 += (s1 += *buf++); ++ --len; ++ } ++ if (s1 >= BASE) ++ s1 -= BASE; ++ s2 %= BASE; ++ } ++ /* ++ * Process the data in blocks. ++ */ ++ const unsigned BLOCK_SIZE = 1 << 5; ++ z_size_t blocks = len / BLOCK_SIZE; ++ len -= blocks * BLOCK_SIZE; ++ while (blocks) { ++ unsigned n = NMAX / BLOCK_SIZE; /* The NMAX constraint. */ ++ if (n > blocks) ++ n = (unsigned) blocks; ++ blocks -= n; ++ /* ++ * Process n blocks of data. At most NMAX data bytes can be ++ * processed before s2 must be reduced modulo BASE. ++ */ ++ uint32x4_t v_s2 = (uint32x4_t) { 0, 0, 0, s1 * n }; ++ uint32x4_t v_s1 = (uint32x4_t) { 0, 0, 0, 0 }; ++ ++ uint16x8_t v_column_sum_1 = vdupq_n_u16(0); ++ uint16x8_t v_column_sum_2 = vdupq_n_u16(0); ++ uint16x8_t v_column_sum_3 = vdupq_n_u16(0); ++ uint16x8_t v_column_sum_4 = vdupq_n_u16(0); ++ do { ++ /* ++ * Load 32 input bytes. ++ */ ++ const uint8x16_t bytes1 = vld1q_u8((uint8_t*)(buf)); ++ const uint8x16_t bytes2 = vld1q_u8((uint8_t*)(buf + 16)); ++ /* ++ * Add previous block byte sum to v_s2. ++ */ ++ v_s2 = vaddq_u32(v_s2, v_s1); ++ /* ++ * Horizontally add the bytes for s1. ++ */ ++ v_s1 = vpadalq_u16(v_s1, vpadalq_u8(vpaddlq_u8(bytes1), bytes2)); ++ /* ++ * Vertically add the bytes for s2. ++ */ ++ v_column_sum_1 = vaddw_u8(v_column_sum_1, vget_low_u8 (bytes1)); ++ v_column_sum_2 = vaddw_u8(v_column_sum_2, vget_high_u8(bytes1)); ++ v_column_sum_3 = vaddw_u8(v_column_sum_3, vget_low_u8 (bytes2)); ++ v_column_sum_4 = vaddw_u8(v_column_sum_4, vget_high_u8(bytes2)); ++ buf += BLOCK_SIZE; ++ } while (--n); ++ v_s2 = mul_add_bytes(v_s2, v_column_sum_1, v_column_sum_2, v_column_sum_3, v_column_sum_4); ++ /* ++ * Sum epi32 ints v_s1(s2) and accumulate in s1(s2). ++ */ ++ uint32x2_t sum1 = vpadd_u32(vget_low_u32(v_s1), vget_high_u32(v_s1)); ++ uint32x2_t sum2 = vpadd_u32(vget_low_u32(v_s2), vget_high_u32(v_s2)); ++ uint32x2_t s1s2 = vpadd_u32(sum1, sum2); ++ ++ s1 += vget_lane_u32(s1s2, 0); ++ s2 += vget_lane_u32(s1s2, 1); ++ /* ++ * Reduce. ++ */ ++ s1 %= BASE; ++ s2 %= BASE; ++ } ++ return leftover_handler(s1, s2, buf, len); ++ ++} ++#endif ++ + uLong ZEXPORT adler32_z(adler, buf, len) + uLong adler; + const Bytef *buf; +@@ -68,6 +230,11 @@ uLong ZEXPORT adler32_z(adler, buf, len) + unsigned long sum2; + unsigned n; + ++#if defined(ADLER32_SIMD_NEON) ++ if (buf && len >= 64) ++ return adler32_simd_(adler, buf, len); ++#endif ++ + /* split Adler-32 into component sums */ + sum2 = (adler >> 16) & 0xffff; + adler &= 0xffff; diff --git a/deflate.c b/deflate.c -index f30f71b..c018064 100644 +index e6b7e93..5410497 100644 --- a/deflate.c +++ b/deflate.c -@@ -184,8 +184,16 @@ local const config configuration_table[10] = { +@@ -160,8 +160,16 @@ local const config configuration_table[10] = { * characters, so that a running hash key can be computed from the previous * key instead of complete recalculation each time. */ @@ -20,7 +241,7 @@ index f30f71b..c018064 100644 /* =========================================================================== * Insert string str in the dictionary and set match_head to the previous head -@@ -1198,14 +1247,15 @@ local unsigned read_buf(strm, buf, size) +@@ -1217,14 +1225,15 @@ local unsigned read_buf(strm, buf, size) strm->avail_in -= len; zmemcpy(buf, strm->next_in, len); @@ -42,10 +263,10 @@ index f30f71b..c018064 100644 strm->total_in += len; diff --git a/inffast.c b/inffast.c -index 4bfc995..2084739 100644 +index 0dbd1db..e1249d2 100644 --- a/inffast.c +++ b/inffast.c -@@ -81,6 +81,9 @@ unsigned start; /* inflate()'s starting value for strm->avail_out */ +@@ -57,6 +57,9 @@ unsigned start; /* inflate()'s starting value for strm->avail_out */ unsigned char FAR *out; /* local strm->next_out */ unsigned char FAR *beg; /* inflate()'s initial strm->next_out */ unsigned char FAR *end; /* while out < end, enough space available */ @@ -55,7 +276,7 @@ index 4bfc995..2084739 100644 #ifdef INFLATE_STRICT unsigned dmax; /* maximum distance from zlib header */ #endif -@@ -113,7 +116,12 @@ unsigned start; /* inflate()'s starting value for strm->avail_out */ +@@ -89,7 +92,12 @@ unsigned start; /* inflate()'s starting value for strm->avail_out */ #endif wsize = state->wsize; whave = state->whave; @@ -68,7 +289,7 @@ index 4bfc995..2084739 100644 window = state->window; hold = state->hold; bits = state->bits; -@@ -221,6 +229,45 @@ unsigned start; /* inflate()'s starting value for strm->avail_out */ +@@ -197,6 +205,45 @@ unsigned start; /* inflate()'s starting value for strm->avail_out */ #endif } from = window; @@ -114,7 +335,7 @@ index 4bfc995..2084739 100644 if (wnext == 0) { /* very common case */ from += wsize - op; if (op < len) { /* some from window */ -@@ -271,8 +318,18 @@ unsigned start; /* inflate()'s starting value for strm->avail_out */ +@@ -247,8 +294,18 @@ unsigned start; /* inflate()'s starting value for strm->avail_out */ if (len > 1) *out++ = *from++; } @@ -134,7 +355,7 @@ index 4bfc995..2084739 100644 from = out - dist; /* copy direct from output */ do { /* minimum length is three */ *out++ = *from++; -@@ -284,7 +341,8 @@ unsigned start; /* inflate()'s starting value for strm->avail_out */ +@@ -260,7 +317,8 @@ unsigned start; /* inflate()'s starting value for strm->avail_out */ *out++ = *from++; if (len > 1) *out++ = *from++; @@ -145,10 +366,10 @@ index 4bfc995..2084739 100644 } else if ((op & 64) == 0) { /* 2nd level distance code */ diff --git a/inffast.h b/inffast.h -index b8da8bb..0def2e3 100644 +index e5c1aa4..259882c 100644 --- a/inffast.h +++ b/inffast.h -@@ -32,4 +32,374 @@ +@@ -8,4 +8,374 @@ subject to change. Applications should only use zlib.h. */ @@ -524,10 +745,10 @@ index b8da8bb..0def2e3 100644 + +#endif //defined(INFLATE_CHUNK_SIMD_NEON) diff --git a/inflate.c b/inflate.c -index ca904e7..c78e05b 100644 +index f9a01e4..4eaf4f1 100644 --- a/inflate.c +++ b/inflate.c -@@ -429,9 +429,16 @@ unsigned copy; +@@ -408,9 +408,16 @@ unsigned copy; /* if it hasn't been done already, allocate space for the window */ if (state->window == Z_NULL) { @@ -544,200 +765,6 @@ index ca904e7..c78e05b 100644 if (state->window == Z_NULL) return 1; } -diff --git a/adler32.c b/adler32.c -index e148022..e024a15 100644 ---- a/adler32.c -+++ b/adler32.c -@@ -83,7 +83,169 @@ local uLong adler32_combine_ OF((uLong adler1, uLong adler2, z_off64_t len2)); - # define MOD63(a) a %= BASE - #endif - --/* ========================================================================= */ -+#if defined(ADLER32_SIMD_NEON) -+#include -+/* -+ * Multiply-add bytes by [ 32, 31, 30, ... ] for s2. -+ */ -+uint32x4_t ZLIB_INTERNAL mul_add_bytes( -+ uint32x4_t v_s2, -+ uint16x8_t v_column_sum_1, -+ uint16x8_t v_column_sum_2, -+ uint16x8_t v_column_sum_3, -+ uint16x8_t v_column_sum_4) -+{ -+ v_s2 = vshlq_n_u32(v_s2, 5); -+ -+ v_s2 = vmlal_u16(v_s2, vget_low_u16 (v_column_sum_1), -+ (uint16x4_t) { 32, 31, 30, 29 }); -+ v_s2 = vmlal_u16(v_s2, vget_high_u16(v_column_sum_1), -+ (uint16x4_t) { 28, 27, 26, 25 }); -+ v_s2 = vmlal_u16(v_s2, vget_low_u16 (v_column_sum_2), -+ (uint16x4_t) { 24, 23, 22, 21 }); -+ v_s2 = vmlal_u16(v_s2, vget_high_u16(v_column_sum_2), -+ (uint16x4_t) { 20, 19, 18, 17 }); -+ v_s2 = vmlal_u16(v_s2, vget_low_u16 (v_column_sum_3), -+ (uint16x4_t) { 16, 15, 14, 13 }); -+ v_s2 = vmlal_u16(v_s2, vget_high_u16(v_column_sum_3), -+ (uint16x4_t) { 12, 11, 10, 9 }); -+ v_s2 = vmlal_u16(v_s2, vget_low_u16 (v_column_sum_4), -+ (uint16x4_t) { 8, 7, 6, 5 }); -+ v_s2 = vmlal_u16(v_s2, vget_high_u16(v_column_sum_4), -+ (uint16x4_t) { 4, 3, 2, 1 }); -+ return v_s2; -+} -+ -+/* -+ * Handle leftover data. -+ */ -+uLong ZLIB_INTERNAL leftover_handler(uint32_t s1, uint32_t s2, const Bytef *buf, z_size_t len) -+{ -+ if (len) { -+ if (len >= 16) { -+ s2 += (s1 += *buf++); -+ s2 += (s1 += *buf++); -+ s2 += (s1 += *buf++); -+ s2 += (s1 += *buf++); -+ -+ s2 += (s1 += *buf++); -+ s2 += (s1 += *buf++); -+ s2 += (s1 += *buf++); -+ s2 += (s1 += *buf++); -+ -+ s2 += (s1 += *buf++); -+ s2 += (s1 += *buf++); -+ s2 += (s1 += *buf++); -+ s2 += (s1 += *buf++); -+ -+ s2 += (s1 += *buf++); -+ s2 += (s1 += *buf++); -+ s2 += (s1 += *buf++); -+ s2 += (s1 += *buf++); -+ -+ len -= 16; -+ } -+ -+ while (len--) { -+ s2 += (s1 += *buf++); -+ } -+ -+ if (s1 >= BASE) -+ s1 -= BASE; -+ s2 %= BASE; -+ } -+ -+ /* -+ * Return the recombined sums. -+ */ -+ return s1 | (s2 << 16); -+} -+ -+uLong ZLIB_INTERNAL adler32_simd_(uLong adler, const Bytef *buf, z_size_t len) -+{ -+ /* -+ * Split Adler-32 into component sums. -+ */ -+ uint32_t s1 = adler & 0xffff; -+ uint32_t s2 = adler >> 16; -+ /* -+ * Serially compute s1 & s2, until the data is 16-byte aligned. -+ */ -+ if ((uintptr_t)buf & 0xf) { -+ while ((uintptr_t)buf & 0xf) { -+ s2 += (s1 += *buf++); -+ --len; -+ } -+ if (s1 >= BASE) -+ s1 -= BASE; -+ s2 %= BASE; -+ } -+ /* -+ * Process the data in blocks. -+ */ -+ const unsigned BLOCK_SIZE = 1 << 5; -+ z_size_t blocks = len / BLOCK_SIZE; -+ len -= blocks * BLOCK_SIZE; -+ while (blocks) { -+ unsigned n = NMAX / BLOCK_SIZE; /* The NMAX constraint. */ -+ if (n > blocks) -+ n = (unsigned) blocks; -+ blocks -= n; -+ /* -+ * Process n blocks of data. At most NMAX data bytes can be -+ * processed before s2 must be reduced modulo BASE. -+ */ -+ uint32x4_t v_s2 = (uint32x4_t) { 0, 0, 0, s1 * n }; -+ uint32x4_t v_s1 = (uint32x4_t) { 0, 0, 0, 0 }; -+ -+ uint16x8_t v_column_sum_1 = vdupq_n_u16(0); -+ uint16x8_t v_column_sum_2 = vdupq_n_u16(0); -+ uint16x8_t v_column_sum_3 = vdupq_n_u16(0); -+ uint16x8_t v_column_sum_4 = vdupq_n_u16(0); -+ do { -+ /* -+ * Load 32 input bytes. -+ */ -+ const uint8x16_t bytes1 = vld1q_u8((uint8_t*)(buf)); -+ const uint8x16_t bytes2 = vld1q_u8((uint8_t*)(buf + 16)); -+ /* -+ * Add previous block byte sum to v_s2. -+ */ -+ v_s2 = vaddq_u32(v_s2, v_s1); -+ /* -+ * Horizontally add the bytes for s1. -+ */ -+ v_s1 = vpadalq_u16(v_s1, vpadalq_u8(vpaddlq_u8(bytes1), bytes2)); -+ /* -+ * Vertically add the bytes for s2. -+ */ -+ v_column_sum_1 = vaddw_u8(v_column_sum_1, vget_low_u8 (bytes1)); -+ v_column_sum_2 = vaddw_u8(v_column_sum_2, vget_high_u8(bytes1)); -+ v_column_sum_3 = vaddw_u8(v_column_sum_3, vget_low_u8 (bytes2)); -+ v_column_sum_4 = vaddw_u8(v_column_sum_4, vget_high_u8(bytes2)); -+ buf += BLOCK_SIZE; -+ } while (--n); -+ v_s2 = mul_add_bytes(v_s2, v_column_sum_1, v_column_sum_2, v_column_sum_3, v_column_sum_4); -+ /* -+ * Sum epi32 ints v_s1(s2) and accumulate in s1(s2). -+ */ -+ uint32x2_t sum1 = vpadd_u32(vget_low_u32(v_s1), vget_high_u32(v_s1)); -+ uint32x2_t sum2 = vpadd_u32(vget_low_u32(v_s2), vget_high_u32(v_s2)); -+ uint32x2_t s1s2 = vpadd_u32(sum1, sum2); -+ -+ s1 += vget_lane_u32(s1s2, 0); -+ s2 += vget_lane_u32(s1s2, 1); -+ /* -+ * Reduce. -+ */ -+ s1 %= BASE; -+ s2 %= BASE; -+ } -+ return leftover_handler(s1, s2, buf, len); -+ -+} -+#endif -+ - uLong ZEXPORT adler32_z(adler, buf, len) - uLong adler; - const Bytef *buf; -@@ -92,6 +254,11 @@ uLong ZEXPORT adler32_z(adler, buf, len) - unsigned long sum2; - unsigned n; - -+#if defined(ADLER32_SIMD_NEON) -+ if (buf && len >= 64) -+ return adler32_simd_(adler, buf, len); -+#endif -+ - /* split Adler-32 into component sums */ - sum2 = (adler >> 16) & 0xffff; - adler &= 0xffff; ---- zlib-1.2.11/CMakeLists.txt 2020-08-04 14:35:44.023579477 +0800 -+++ CMakeLists.txt 2020-08-04 14:39:38.937798725 +0800 -@@ -145,6 +145,7 @@ if(CMAKE_COMPILER_IS_GNUCC) - contrib/arm/arm_longest_match.h) - set(ZLIB_ARM_NEON contrib/arm/inflate.c contrib/arm/inffast_chunk.c) - add_definitions(-DARM_NEON) -+ add_definitions(-DHASH_ARMV8_CRC32 -march=armv8-a+crc -DUNALIGNED_OK -DADLER32_SIMD_NEON -DINFLATE_CHUNK_SIMD_NEON -O3) - set(COMPILER ${CMAKE_C_COMPILER}) - # NEON is mandatory in ARMv8. - if(${COMPILER} MATCHES "aarch64") +-- +2.33.0 + diff --git a/0004-zlib-Optimize-CRC32.patch b/zlib-Optimize-CRC32.patch similarity index 92% rename from 0004-zlib-Optimize-CRC32.patch rename to zlib-Optimize-CRC32.patch index 1068625..aa215ae 100644 --- a/0004-zlib-Optimize-CRC32.patch +++ b/zlib-Optimize-CRC32.patch @@ -11,8 +11,8 @@ crc32 through the interface provided by the neon instruction set. Modify by Li Qiang. --- - crc32.c | 47 +++++++++++++++++++++++++++++++++++++++++++++++ - 1 file changed, 47 insertions(+) + crc32.c | 49 +++++++++++++++++++++++++++++++++++++++++++++++ + 1 file changed, 49 insertions(+) diff --git a/crc32.c b/crc32.c index 9580440..79ebdbd 100644 @@ -28,10 +28,11 @@ index 9580440..79ebdbd 100644 /* Definitions for doing the crc four data bytes at a time. */ #if !defined(NOBYFOUR) && defined(Z_U4) -@@ -194,6 +197,47 @@ const z_crc_t FAR * ZEXPORT get_crc_table() +@@ -194,6 +197,49 @@ const z_crc_t FAR * ZEXPORT get_crc_table() return (const z_crc_t FAR *)crc_table; } - + ++#ifdef __aarch64__ +ulg crc32_neon(crc, buf, len) + unsigned long crc; + const unsigned char FAR *buf; @@ -72,6 +73,7 @@ index 9580440..79ebdbd 100644 + + return (crc_result ^ 0xffffffffL); +} ++#endif + /* ========================================================================= */ #define DO1 crc = crc_table[0][((int)crc ^ (*buf++)) & 0xff] ^ (crc >> 8) diff --git a/zlib.spec b/zlib.spec index b6d8467..e7306aa 100644 --- a/zlib.spec +++ b/zlib.spec @@ -1,28 +1,52 @@ Name: zlib Version: 1.2.11 -Release: 24 +Release: 25 Summary: A lossless data-compression library License: zlib and Boost URL: http://www.zlib.net Source0: http://www.zlib.net/zlib-%{version}.tar.xz # Patch0 get from fedora -Patch0: zlib-1.2.5-minizip-fixuncrypt.patch - -# Patches for aarch64 only -# Patch1 to Patch3 get from http://www.gildor.org/en/projects/zlib -Patch1: 0001-Neon-Optimized-hash-chain-rebase.patch -Patch2: 0002-Porting-optimized-longest_match.patch -Patch3: 0003-arm64-specific-build-patch.patch -Patch4: 0004-zlib-Optimize-CRC32.patch -Patch5: zlib-1.2.11-SIMD.patch - -Patch6000: fix-undefined-buffer-detected-by-oss-fuzz.patch -Patch6001: backport-0001-CVE-2018-25032.patch -Patch6002: backport-0002-CVE-2018-25032.patch -Patch6003: backport-0001-CVE-2022-37434.patch -Patch6004: backport-0002-CVE-2022-37434.patch -Patch6005: backport-CVE-2023-45853.patch +Patch6000: zlib-1.2.5-minizip-fixuncrypt.patch +Patch6001: fix-undefined-buffer-detected-by-oss-fuzz.patch +Patch6002: backport-0001-CVE-2018-25032.patch +Patch6003: backport-0002-CVE-2018-25032.patch +Patch6004: backport-0001-CVE-2022-37434.patch +Patch6005: backport-0002-CVE-2022-37434.patch +Patch6006: backport-Fix-unztell64-in-minizip-to-work-past-4GB.-Dani-l-H-.patch +Patch6007: backport-Fix-memory-leak-on-error-in-gzlog.c.patch +Patch6008: backport-Fix-deflateEnd-to-not-report-an-error-at-start-of-ra.patch +Patch6009: backport-Avoid-an-undefined-behavior-of-memcpy-in-_tr_stored_.patch +Patch6010: backport-Avoid-an-undefined-behavior-of-memcpy-in-gzappend.patch +Patch6012: backport-Handle-case-where-inflateSync-used-when-header-never.patch +Patch6013: backport-Return-an-error-if-the-gzputs-string-length-can-t-fi.patch +Patch6014: backport-Fix-bug-when-window-full-in-deflate_stored.patch +Patch6015: backport-Fix-CLEAR_HASH-macro-to-be-usable-as-a-single-statem.patch +Patch6016: backport-Don-t-bother-computing-check-value-after-successful-.patch +Patch6017: backport-Avoid-undefined-negation-behavior-if-windowBits-is-I.patch +Patch6018: backport-Fix-bug-in-block-type-selection-when-Z_FIXED-used.patch +Patch6019: backport-Fix-inflateBack-to-detect-invalid-input-with-distanc.patch +Patch6020: backport-Security-and-warning-fixes-for-minizip.-gvollant.patch +Patch6021: backport-Avoid-adding-empty-gzip-member-after-gzflush-with-Z_FINISH.patch +Patch6022: backport-Avoid-undefined-behaviors-of-memcpy-in-gzprintf.patch +Patch6023: backport-Fix-crash-when-gzsetparams-attempted-for-transparent-write.patch +Patch6024: backport-Remove-use-of-OF-from-contrib-untgz-and-render-it-compilable.patch +Patch6025: backport-minizip-Fix-being-unable-to-open-empty-zip-file.patch +Patch6026: backport-Fix-reading-disk-number-start-on-zip64-files-in-minizip.patch +Patch6027: backport-Fix-logic-error-in-minizip-argument-processing.patch +Patch6028: backport-Fix-bug-when-gzungetc-is-used-immediately-after-gzopen.patch +Patch6029: backport-Suppress-MSAN-detections-in-deflate-slide_hash.patch +Patch6030: backport-Fix-bug-when-using-gzflush-with-a-very-small-buffer.patch +Patch6031: backport-avoid-uninitialized-and-unused-warnings-in-contrib-minizip.patch +Patch6032: backport-CVE-2023-45853.patch +Patch6033: backport-Add-bounds-checking-to-ERR_MSG-macro-used-by-zError.patch +Patch6034: backport-Fix-bug-in-inflateSync-for-data-held-in-bit-buffer.patch +Patch6035: backport-Fix-decision-on-the-emission-of-Zip64-end-records-in.patch +Patch6036: backport-Neutralize-zip-file-traversal-attacks-in-miniunz.patch +Patch6037: backport-Fix-a-bug-in-ZLIB_DEBUG-compiles-in-check_match.patch + +Patch9000: zlib-Optimize-CRC32.patch +Patch9001: zlib-1.2.11-SIMD.patch BuildRequires: automake, autoconf, libtool @@ -65,26 +89,11 @@ Requires: %{name}-devel = %{version}-%{release} This package contains the development-related content related to minizip. %prep -%setup -%patch0 -p1 -%ifarch aarch64 -%patch1 -p1 -%patch2 -p1 -%patch3 -p1 -%patch4 -p1 -%patch5 -p1 -%endif -%patch6000 -p1 -%patch6001 -p1 -%patch6002 -p1 -%patch6003 -p1 -%patch6004 -p1 -%patch6005 -p1 +%autosetup -b 0 -n %{name}-%{version} -p1 %build export CFLAGS="$RPM_OPT_FLAGS" %ifarch aarch64 -CFLAGS+=" -DARM_NEON -O3" CFLAGS+=" -march=armv8-a+crc" %endif @@ -137,6 +146,9 @@ make test %{_libdir}/pkgconfig/minizip.pc %changelog +* Fri Apr 26 2024 zhoupengcheng - 1.2.11-25 +- DESC:apply patches regardless of architecture in zlib.spec and backport patches from upstream + * Tue Oct 17 2023 liningjie - 1.2.11-24 - DESC:Fix CVE-2023-45853 -- Gitee