diff --git a/backport-Add-bounds-checking-to-ERR_MSG-macro-used-by-zError.patch b/backport-Add-bounds-checking-to-ERR_MSG-macro-used-by-zError.patch new file mode 100644 index 0000000000000000000000000000000000000000..e4d75cf35425c1b77b1b0b78490665e080fba2f6 --- /dev/null +++ b/backport-Add-bounds-checking-to-ERR_MSG-macro-used-by-zError.patch @@ -0,0 +1,27 @@ +From 431a9b65eacab7efabf2230ba97ff426c0e07f9d Mon Sep 17 00:00:00 2001 +From: Mark Adler +Date: Thu, 7 Dec 2023 06:38:10 -0800 +Subject: [PATCH] Add bounds checking to ERR_MSG() macro, used by zError(). + +Reference: https://github.com/madler/zlib/commit/431a9b65eacab7efabf2230ba97ff426c0e07f9d +Conflict: no +--- + zutil.h | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/zutil.h b/zutil.h +index 902a304..0bd2dbc 100644 +--- a/zutil.h ++++ b/zutil.h +@@ -56,7 +56,7 @@ typedef unsigned long ulg; + extern z_const char * const z_errmsg[10]; /* indexed by 2-zlib_error */ + /* (size given to avoid silly warnings with Visual C++) */ + +-#define ERR_MSG(err) z_errmsg[Z_NEED_DICT-(err)] ++#define ERR_MSG(err) z_errmsg[(err) < -6 || (err) > 2 ? 9 : 2 - (err)] + + #define ERR_RETURN(strm,err) \ + return (strm->msg = ERR_MSG(err), (err)) +-- +2.33.0 + diff --git a/backport-Fix-a-bug-in-ZLIB_DEBUG-compiles-in-check_match.patch b/backport-Fix-a-bug-in-ZLIB_DEBUG-compiles-in-check_match.patch new file mode 100644 index 0000000000000000000000000000000000000000..18bc6a83f9cc5caa1dfa94e2d1d9b77df350acc2 --- /dev/null +++ b/backport-Fix-a-bug-in-ZLIB_DEBUG-compiles-in-check_match.patch @@ -0,0 +1,50 @@ +From 7af6320ad78b390de42f414fabdc64dc6d67a5ea Mon Sep 17 00:00:00 2001 +From: Mark Adler +Date: Fri, 19 Jan 2024 12:19:53 -0800 +Subject: [PATCH] Fix a bug in ZLIB_DEBUG compiles in check_match(). + +This avoids trying to compare a match starting one byte before the +current window. Thanks to @zmodem (Hans) for discovering this. + +Reference:https://github.com/madler/zlib/commit/7af6320ad78b390de42f414fabdc64dc6d67a5ea +Conflict: Patch context adaptation + +--- + deflate.c | 20 ++++++++++++++------ + 1 file changed, 14 insertions(+), 6 deletions(-) + +diff --git a/deflate.c b/deflate.c +index 8088083..396ab12 100644 +--- a/deflate.c ++++ b/deflate.c +@@ -1510,13 +1510,21 @@ local void check_match(s, start, match, length) + int length; + { + /* check that the match is indeed a match */ +- if (zmemcmp(s->window + match, +- s->window + start, length) != EQUAL) { +- fprintf(stderr, " start %u, match %u, length %d\n", +- start, match, length); ++ Bytef *back = s->window + (int)match, *here = s->window + start; ++ IPos len = length; ++ if (match == (IPos)-1) { ++ /* match starts one byte before the current window -- just compare the ++ subsequent length-1 bytes */ ++ back++; ++ here++; ++ len--; ++ } ++ if (zmemcmp(back, here, len) != EQUAL) { ++ fprintf(stderr, " start %u, match %d, length %d\n", ++ start, (int)match, length); + do { +- fprintf(stderr, "%c%c", s->window[match++], s->window[start++]); +- } while (--length != 0); ++ fprintf(stderr, "(%02x %02x)", *back++, *here++); ++ } while (--len != 0); + z_error("invalid match"); + } + if (z_verbose > 1) { +-- +2.33.0 + diff --git a/backport-Fix-bug-in-inflateSync-for-data-held-in-bit-buffer.patch b/backport-Fix-bug-in-inflateSync-for-data-held-in-bit-buffer.patch new file mode 100644 index 0000000000000000000000000000000000000000..0bcac9f1eee919c4df6dc81ab27115916d5ec533 --- /dev/null +++ b/backport-Fix-bug-in-inflateSync-for-data-held-in-bit-buffer.patch @@ -0,0 +1,27 @@ +From 5af7cef45eeef86ddf6ab00b4e363c1eecaf47b6 Mon Sep 17 00:00:00 2001 +From: Mark Adler +Date: Thu, 24 Aug 2023 02:14:23 -0400 +Subject: [PATCH] Fix bug in inflateSync() for data held in bit buffer. + +Reference: https://github.com/madler/zlib/commit/5af7cef45eeef86ddf6ab00b4e363c1eecaf47b6 +Conflict: no +--- + inflate.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/inflate.c b/inflate.c +index b0757a9..94ecff0 100644 +--- a/inflate.c ++++ b/inflate.c +@@ -1387,7 +1387,7 @@ int ZEXPORT inflateSync(z_streamp strm) { + /* if first time, start search in bit buffer */ + if (state->mode != SYNC) { + state->mode = SYNC; +- state->hold <<= state->bits & 7; ++ state->hold >>= state->bits & 7; + state->bits -= state->bits & 7; + len = 0; + while (state->bits >= 8) { +-- +2.33.0 + diff --git a/backport-Fix-bug-when-gzungetc-is-used-immediately-after-gzopen.patch b/backport-Fix-bug-when-gzungetc-is-used-immediately-after-gzopen.patch new file mode 100644 index 0000000000000000000000000000000000000000..a6b892ee1572c293eb3a9674fd465ad64346f0fb --- /dev/null +++ b/backport-Fix-bug-when-gzungetc-is-used-immediately-after-gzopen.patch @@ -0,0 +1,26 @@ +From 7dd6aa72455ef1f2aacdc28a00d1eaf632d59593 Mon Sep 17 00:00:00 2001 +From: Mark Adler +Date: Fri, 11 Aug 2023 10:59:03 -0700 +Subject: [PATCH] Fix bug when gzungetc() is used immediately after gzopen(). + +Reference:https://github.com/madler/zlib/commit/7dd6aa72455ef1f2aacdc28a00d1eaf632d59593 +Conflict:NA +--- + gzread.c | 4 ++++ + 1 file changed, 4 insertions(+) + +diff --git a/gzread.c b/gzread.c +index 6034a2823..4168cbc88 100644 +--- a/gzread.c ++++ b/gzread.c +@@ -443,6 +443,10 @@ int ZEXPORT gzungetc(int c, gzFile file) { + return -1; + state = (gz_statep)file; + ++ /* in case this was just opened, set up the input buffer */ ++ if (state->mode == GZ_READ && state->how == LOOK && state->x.have == 0) ++ (void)gz_look(state); ++ + /* check that we're reading and that there's no (serious) error */ + if (state->mode != GZ_READ || + (state->err != Z_OK && state->err != Z_BUF_ERROR)) diff --git a/backport-Fix-bug-when-using-gzflush-with-a-very-small-buffer.patch b/backport-Fix-bug-when-using-gzflush-with-a-very-small-buffer.patch new file mode 100644 index 0000000000000000000000000000000000000000..047c17d023fd24e39c6f3225c566b0b095a9142b --- /dev/null +++ b/backport-Fix-bug-when-using-gzflush-with-a-very-small-buffer.patch @@ -0,0 +1,26 @@ +From d98251478246c8ef2f405d76e4ef1678c14d7eda Mon Sep 17 00:00:00 2001 +From: Mark Adler +Date: Mon, 14 Aug 2023 17:01:54 -0700 +Subject: [PATCH] Fix bug when using gzflush() with a very small buffer. + +Reference:https://github.com/madler/zlib/commit/d98251478246c8ef2f405d76e4ef1678c14d7eda +Conflict:NA +--- + gzlib.c | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +diff --git a/gzlib.c b/gzlib.c +index 2b446c448..29fc4486f 100644 +--- a/gzlib.c ++++ b/gzlib.c +@@ -308,8 +308,8 @@ int ZEXPORT gzbuffer(gzFile file, unsigned size) { + /* check and set requested size */ + if ((size << 1) < size) + return -1; /* need to be able to double it */ +- if (size < 2) +- size = 2; /* need two bytes to check magic header */ ++ if (size < 8) ++ size = 8; /* needed to behave well with flushing */ + state->want = size; + return 0; + } diff --git a/backport-Fix-crash-when-gzsetparams-attempted-for-transparent-write.patch b/backport-Fix-crash-when-gzsetparams-attempted-for-transparent-write.patch new file mode 100644 index 0000000000000000000000000000000000000000..1d488ba09434ef1a0c1ee7ed143e6ba7265b1cba --- /dev/null +++ b/backport-Fix-crash-when-gzsetparams-attempted-for-transparent-write.patch @@ -0,0 +1,26 @@ +From 02a6049eb3884c430268bb0fe3296d597a03174c Mon Sep 17 00:00:00 2001 +From: Mark Adler +Date: Mon, 26 Dec 2022 23:36:01 -0800 +Subject: [PATCH] Fix crash when gzsetparams() attempted for transparent write. + +gzsetparams() now returns a Z_STREAM_ERROR in this case.i + +Reference:https://github.com/madler/zlib/commit/02a6049eb3884c430268bb0fe3296d597a03174c +Conflict:NA +--- + gzwrite.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/gzwrite.c b/gzwrite.c +index eb8a0e589..3030d74d6 100644 +--- a/gzwrite.c ++++ b/gzwrite.c +@@ -609,7 +609,7 @@ int ZEXPORT gzsetparams(file, level, strategy) + strm = &(state->strm); + + /* check that we're writing and that there's no error */ +- if (state->mode != GZ_WRITE || state->err != Z_OK) ++ if (state->mode != GZ_WRITE || state->err != Z_OK || state->direct) + return Z_STREAM_ERROR; + + /* if no change is requested, then do nothing */ diff --git a/backport-Fix-decision-on-the-emission-of-Zip64-end-records-in.patch b/backport-Fix-decision-on-the-emission-of-Zip64-end-records-in.patch new file mode 100644 index 0000000000000000000000000000000000000000..a2a843599697a569d354ce2213e00966a5119fa4 --- /dev/null +++ b/backport-Fix-decision-on-the-emission-of-Zip64-end-records-in.patch @@ -0,0 +1,35 @@ +From 15c45adb76e81a7e3a8a9e17b2a56eb90f668f44 Mon Sep 17 00:00:00 2001 +From: Mark Adler +Date: Tue, 7 Nov 2023 15:46:41 -0800 +Subject: [PATCH] Fix decision on the emission of Zip64 end records in minizip. + +The appnote says that if the number of entries in the end record +is 0xffff, then the actual number of entries will be found in the +Zip64 end record. Therefore if the number of entries is equal to +0xffff, it can't be in the end record by itself, since that is an +instruction to get the number from the Zip64 end record. This code +would just store 0xffff in the end record in that case, not making +a Zip64 end record. This commit fixes that. + +Reference: https://github.com/madler/zlib/commit/15c45adb76e81a7e3a8a9e17b2a56eb90f668f44 +Conflict: no +--- + contrib/minizip/zip.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/contrib/minizip/zip.c b/contrib/minizip/zip.c +index 0446109..86be90b 100644 +--- a/contrib/minizip/zip.c ++++ b/contrib/minizip/zip.c +@@ -1872,7 +1872,7 @@ extern int ZEXPORT zipClose(zipFile file, const char* global_comment) { + free_linkedlist(&(zi->central_dir)); + + pos = centraldir_pos_inzip - zi->add_position_when_writing_offset; +- if(pos >= 0xffffffff || zi->number_entry > 0xFFFF) ++ if(pos >= 0xffffffff || zi->number_entry >= 0xFFFF) + { + ZPOS64_T Zip64EOCDpos = ZTELL64(zi->z_filefunc,zi->filestream); + Write_Zip64EndOfCentralDirectoryRecord(zi, size_centraldir, centraldir_pos_inzip); +-- +2.33.0 + diff --git a/backport-Fix-logic-error-in-minizip-argument-processing.patch b/backport-Fix-logic-error-in-minizip-argument-processing.patch new file mode 100644 index 0000000000000000000000000000000000000000..e10da930b4b662f148fcf36a0a0b368f0ad463ea --- /dev/null +++ b/backport-Fix-logic-error-in-minizip-argument-processing.patch @@ -0,0 +1,24 @@ +From 3061e5013c2569974fd7d830f2776b38da4e2691 Mon Sep 17 00:00:00 2001 +From: Mark Adler +Date: Sat, 29 Jul 2023 23:51:22 -0700 +Subject: [PATCH] Fix logic error in minizip argument processing. + +Reference:https://github.com/madler/zlib/commit/3061e5013c2569974fd7d830f2776b38da4e2691 +Conflict:NA +--- + contrib/minizip/minizip.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/contrib/minizip/minizip.c b/contrib/minizip/minizip.c +index f458c85ef..61a9d4c7d 100644 +--- a/contrib/minizip/minizip.c ++++ b/contrib/minizip/minizip.c +@@ -381,7 +381,7 @@ int main(int argc, char *argv[]) { + ((argv[i][1]=='o') || (argv[i][1]=='O') || + (argv[i][1]=='a') || (argv[i][1]=='A') || + (argv[i][1]=='p') || (argv[i][1]=='P') || +- ((argv[i][1]>='0') || (argv[i][1]<='9'))) && ++ ((argv[i][1]>='0') && (argv[i][1]<='9'))) && + (strlen(argv[i]) == 2))) + { + FILE * fin; diff --git a/backport-Fix-reading-disk-number-start-on-zip64-files-in-minizip.patch b/backport-Fix-reading-disk-number-start-on-zip64-files-in-minizip.patch new file mode 100644 index 0000000000000000000000000000000000000000..f68c8af6e12d0ddf83cd8193ab7751cf2af5c119 --- /dev/null +++ b/backport-Fix-reading-disk-number-start-on-zip64-files-in-minizip.patch @@ -0,0 +1,40 @@ +From e0bd0ad6e4d8afd2bc3d55d84d459a0e2c0e2890 Mon Sep 17 00:00:00 2001 +From: Mark Adler +Date: Sat, 29 Jul 2023 23:34:26 -0700 +Subject: [PATCH] Fix reading disk number start on zip64 files in minizip. + +Reference:https://github.com/madler/zlib/commit/e0bd0ad6e4d8afd2bc3d55d84d459a0e2c0e2890 +Conflict:NA +--- + contrib/minizip/unzip.c | 6 ++---- + 1 file changed, 2 insertions(+), 4 deletions(-) + +diff --git a/contrib/minizip/unzip.c b/contrib/minizip/unzip.c +index 1da51a9..9329732 100644 +--- a/contrib/minizip/unzip.c ++++ b/contrib/minizip/unzip.c +@@ -1038,8 +1038,6 @@ local int unz64local_GetCurrentFileInfoInternal (unzFile file, + /* ZIP64 extra fields */ + if (headerId == 0x0001) + { +- uLong uL; +- + if(file_info.uncompressed_size == MAXU32) + { + if (unz64local_getLong64(&s->z_filefunc, s->filestream,&file_info.uncompressed_size) != UNZ_OK) +@@ -1059,10 +1057,10 @@ local int unz64local_GetCurrentFileInfoInternal (unzFile file, + err=UNZ_ERRNO; + } + +- if(file_info.disk_num_start == MAXU32) ++ if(file_info.disk_num_start == 0xffff) + { + /* Disk Start Number */ +- if (unz64local_getLong(&s->z_filefunc, s->filestream,&uL) != UNZ_OK) ++ if (unz64local_getLong(&s->z_filefunc, s->filestream,&file_info.disk_num_start) != UNZ_OK) + err=UNZ_ERRNO; + } + +-- +2.27.0 + diff --git a/backport-Neutralize-zip-file-traversal-attacks-in-miniunz.patch b/backport-Neutralize-zip-file-traversal-attacks-in-miniunz.patch new file mode 100644 index 0000000000000000000000000000000000000000..18589f5b580046415914c53e315ca2ab5226d103 --- /dev/null +++ b/backport-Neutralize-zip-file-traversal-attacks-in-miniunz.patch @@ -0,0 +1,61 @@ +From 14a5f8f266c16c87ab6c086fc52b770b27701e01 Mon Sep 17 00:00:00 2001 +From: Matt Wilson +Date: Wed, 17 Jan 2024 14:46:18 -0800 +Subject: [PATCH] Neutralize zip file traversal attacks in miniunz. + +Archive formats such as .zip files are generally susceptible to +so-called "traversal attacks". This allows an attacker to craft +an archive that writes to unexpected locations of the file system +(e.g., /etc/shadow) if an unspecting root user were to unpack a +malicious archive. + +This patch neutralizes absolute paths such as /tmp/moo and deeply +relative paths such as dummy/../../../../../../../../../../tmp/moo + +The Debian project requested CVE-2014-9485 be allocated for the +first identified weakness. The fix was incomplete, resulting in a +revised patch applied here. Since there wasn't an updated version +released by Debian with the incomplete fix, I suggest we use this +CVE to identify both issues. + +Link: https://security.snyk.io/research/zip-slip-vulnerability +Link: https://bugs.debian.org/774321 +Link: https://bugs.debian.org/776831 +Link: https://nvd.nist.gov/vuln/detail/CVE-2014-9485 +Reported-by: Jakub Wilk +Fixed-by: Michael Gilbert + +Reference: https://github.com/madler/zlib/commit/14a5f8f266c16c87ab6c086fc52b770b27701e01 +Conflict: no +--- + contrib/minizip/miniunz.c | 14 ++++++++++++++ + 1 file changed, 14 insertions(+) + +diff --git a/contrib/minizip/miniunz.c b/contrib/minizip/miniunz.c +index 0c2fb0d..d627c42 100644 +--- a/contrib/minizip/miniunz.c ++++ b/contrib/minizip/miniunz.c +@@ -356,6 +356,20 @@ static int do_extract_currentfile(unzFile uf, const int* popt_extract_without_pa + else + write_filename = filename_withoutpath; + ++ if (write_filename[0]!='\0') ++ { ++ const char* relative_check = write_filename; ++ while (relative_check[1]!='\0') ++ { ++ if (relative_check[0]=='.' && relative_check[1]=='.') ++ write_filename = relative_check; ++ relative_check++; ++ } ++ } ++ ++ while (write_filename[0]=='/' || write_filename[0]=='.') ++ write_filename++; ++ + err = unzOpenCurrentFilePassword(uf,password); + if (err!=UNZ_OK) + { +-- +2.33.0 + diff --git a/backport-Remove-use-of-OF-from-contrib-untgz-and-render-it-compilable.patch b/backport-Remove-use-of-OF-from-contrib-untgz-and-render-it-compilable.patch new file mode 100644 index 0000000000000000000000000000000000000000..eabc5ebf09aa4a3d7529c4cadcdbf33638075cd3 --- /dev/null +++ b/backport-Remove-use-of-OF-from-contrib-untgz-and-render-it-compilable.patch @@ -0,0 +1,109 @@ +From 66588683b36042154ad35140bf9fcbb60c5d573c Mon Sep 17 00:00:00 2001 +From: Mark Adler +Date: Sat, 15 Apr 2023 11:27:12 -0700 +Subject: [PATCH] Remove use of OF() from contrib/untgz and render it + compilable. + +Reference:https://github.com/madler/zlib/commit/66588683b36042154ad35140bf9fcbb60c5d573c +Conflict:NA +--- + contrib/untgz/untgz.c | 47 +++++++++++-------------------------------- + 1 file changed, 12 insertions(+), 35 deletions(-) + +diff --git a/contrib/untgz/untgz.c b/contrib/untgz/untgz.c +index 2c391e598..3e530971c 100644 +--- a/contrib/untgz/untgz.c ++++ b/contrib/untgz/untgz.c +@@ -14,15 +14,10 @@ + + #include "zlib.h" + +-#ifdef unix +-# include +-#else ++#ifdef _WIN32 + # include + # include +-#endif +- +-#ifdef WIN32 +-#include ++# include + # ifndef F_OK + # define F_OK 0 + # endif +@@ -33,6 +28,8 @@ + # define strdup(str) _strdup(str) + # endif + #else ++# include ++# include + # include + #endif + +@@ -102,28 +99,14 @@ struct attr_item + + enum { TGZ_EXTRACT, TGZ_LIST, TGZ_INVALID }; + +-char *TGZfname OF((const char *)); +-void TGZnotfound OF((const char *)); +- +-int getoct OF((char *, int)); +-char *strtime OF((time_t *)); +-int setfiletime OF((char *, time_t)); +-void push_attr OF((struct attr_item **, char *, int, time_t)); +-void restore_attr OF((struct attr_item **)); +- +-int ExprMatch OF((char *, char *)); +- +-int makedir OF((char *)); +-int matchname OF((int, int, char **, char *)); +- +-void error OF((const char *)); +-int tar OF((gzFile, int, int, int, char **)); +- +-void help OF((int)); +-int main OF((int, char **)); +- + char *prog; + ++void error(const char *msg) ++{ ++ fprintf(stderr, "%s: %s\n", prog, msg); ++ exit(1); ++} ++ + const char *TGZsuffix[] = { "\0", ".tar", ".tar.gz", ".taz", ".tgz", NULL }; + + /* return the file name of the TGZ archive */ +@@ -205,7 +188,7 @@ char *strtime (time_t *t) + + int setfiletime (char *fname,time_t ftime) + { +-#ifdef WIN32 ++#ifdef _WIN32 + static int isWinNT = -1; + SYSTEMTIME st; + FILETIME locft, modft; +@@ -590,12 +573,6 @@ void help(int exitval) + exit(exitval); + } + +-void error(const char *msg) +-{ +- fprintf(stderr, "%s: %s\n", prog, msg); +- exit(1); +-} +- + + /* ============================================================ */ + +@@ -608,7 +585,7 @@ int main(int argc,char **argv) + int action = TGZ_EXTRACT; + int arg = 1; + char *TGZfile; +- gzFile *f; ++ gzFile f; + + prog = strrchr(argv[0],'\\'); + if (prog == NULL) diff --git a/backport-Suppress-MSAN-detections-in-deflate-slide_hash.patch b/backport-Suppress-MSAN-detections-in-deflate-slide_hash.patch new file mode 100644 index 0000000000000000000000000000000000000000..449a9e389a02360bff3df103a8142b3e851c5b90 --- /dev/null +++ b/backport-Suppress-MSAN-detections-in-deflate-slide_hash.patch @@ -0,0 +1,36 @@ +From 981ee7570ad98a3cf1ae74d737e2ee619ed79171 Mon Sep 17 00:00:00 2001 +From: Andrzej Hunt +Date: Fri, 4 Jun 2021 18:25:19 +0200 +Subject: [PATCH] Suppress MSAN detections in deflate's slide_hash(). + +slide_hash() knowingly reads potentially uninitialized memory, see +comment lower down about prev[n] potentially being garbage. In +this case, the result is never used. + +Reference:https://github.com/madler/zlib/commit/981ee7570ad98a3cf1ae74d737e2ee619ed79171 +Conflict:NA +--- + deflate.c | 7 +++++++ + 1 file changed, 7 insertions(+) + +diff --git a/deflate.c b/deflate.c +index 5410497..8088083 100644 +--- a/deflate.c ++++ b/deflate.c +@@ -209,6 +209,13 @@ local const config configuration_table[10] = { + * bit values at the expense of memory usage). We slide even when level == 0 to + * keep the hash table consistent if we switch back to level > 0 later. + */ ++ ++#if defined(__has_feature) ++# if __has_feature(memory_sanitizer) ++ __attribute__((no_sanitize("memory"))) ++# endif ++#endif ++ + local void slide_hash(s) + deflate_state *s; + { +-- +2.27.0 + diff --git a/backport-avoid-uninitialized-and-unused-warnings-in-contrib-minizip.patch b/backport-avoid-uninitialized-and-unused-warnings-in-contrib-minizip.patch new file mode 100644 index 0000000000000000000000000000000000000000..c40bb5569120f1bb4a4c7f233b5f955db830005a --- /dev/null +++ b/backport-avoid-uninitialized-and-unused-warnings-in-contrib-minizip.patch @@ -0,0 +1,63 @@ +From 25bbd7f5a6a172b83b59fab7a80c55d1533dd100 Mon Sep 17 00:00:00 2001 +From: Mark Adler +Date: Thu, 17 Aug 2023 21:40:28 -0700 +Subject: [PATCH] Avoid uninitialized and unused warnings in contrib/minizip. + +Reference:https://github.com/madler/zlib/commit/25bbd7f5a6a172b83b59fab7a80c55d1533dd100 +Conflict:NA +--- + contrib/minizip/miniunz.c | 10 ++++++++-- + contrib/minizip/minizip.c | 2 +- + 2 files changed, 9 insertions(+), 3 deletions(-) + +diff --git a/contrib/minizip/miniunz.c b/contrib/minizip/miniunz.c +index 3d65401..507820d 100644 +--- a/contrib/minizip/miniunz.c ++++ b/contrib/minizip/miniunz.c +@@ -113,7 +113,11 @@ void change_file_date(filename,dosdate,tmu_date) + + ut.actime=ut.modtime=mktime(&newdate); + utime(filename,&ut); +-#endif ++#else ++ (void)filename; ++ (void)dosdate; ++ (void)tmu_date; ++#endif + #endif + } + +@@ -131,6 +135,8 @@ int mymkdir(dirname) + ret = mkdir (dirname,0775); + #elif __APPLE__ + ret = mkdir (dirname,0775); ++#else ++ (void)dirname; + #endif + return ret; + } +@@ -248,7 +254,7 @@ int do_list(uf) + char filename_inzip[256]; + unz_file_info64 file_info; + uLong ratio=0; +- const char *string_method; ++ const char *string_method = ""; + char charCrypt=' '; + err = unzGetCurrentFileInfo64(uf,&file_info,filename_inzip,sizeof(filename_inzip),NULL,0,NULL,0); + if (err!=UNZ_OK) +diff --git a/contrib/minizip/minizip.c b/contrib/minizip/minizip.c +index c5d9cc6..5dde38f 100644 +--- a/contrib/minizip/minizip.c ++++ b/contrib/minizip/minizip.c +@@ -395,7 +395,7 @@ int main(argc,argv) + ((argv[i][1]>='0') && (argv[i][1]<='9'))) && + (strlen(argv[i]) == 2))) + { +- FILE * fin; ++ FILE * fin = NULL; + size_t size_read; + const char* filenameinzip = argv[i]; + const char *savefilenameinzip; +-- +2.27.0 + diff --git a/backport-minizip-Fix-being-unable-to-open-empty-zip-file.patch b/backport-minizip-Fix-being-unable-to-open-empty-zip-file.patch new file mode 100644 index 0000000000000000000000000000000000000000..f574468eb70706ac6454bddceb62aa4df980760e --- /dev/null +++ b/backport-minizip-Fix-being-unable-to-open-empty-zip-file.patch @@ -0,0 +1,160 @@ +From f209ca7be7981dc8fca79428706057e4ebc929ee Mon Sep 17 00:00:00 2001 +From: RedworkDE <10944644+RedworkDE@users.noreply.github.com> +Date: Wed, 15 Feb 2023 12:25:33 +0100 +Subject: [PATCH] minizip: Fix being unable to open empty zip file + +Reference:https://github.com/madler/zlib/commit/f209ca7be7981dc8fca79428706057e4ebc929ee +Conflict:NA +--- + contrib/minizip/unzip.c | 48 ++++++++++++++++++++++------------------- + 1 file changed, 26 insertions(+), 22 deletions(-) + +diff --git a/contrib/minizip/unzip.c b/contrib/minizip/unzip.c +index ad2eb3bc9..3adc692f3 100644 +--- a/contrib/minizip/unzip.c ++++ b/contrib/minizip/unzip.c +@@ -379,6 +379,10 @@ extern int ZEXPORT unzStringFileNameCompare (const char* fileName1, + #define BUFREADCOMMENT (0x400) + #endif + ++#ifndef CENTRALDIRINVALID ++#define CENTRALDIRINVALID ((ZPOS64_T)(-1)) ++#endif ++ + /* + Locate the Central directory of a zipfile (at the end, just before + the global comment) +@@ -388,10 +392,10 @@ local ZPOS64_T unz64local_SearchCentralDir(const zlib_filefunc64_32_def* pzlib_f + ZPOS64_T uSizeFile; + ZPOS64_T uBackRead; + ZPOS64_T uMaxBack=0xffff; /* maximum size of global comment */ +- ZPOS64_T uPosFound=0; ++ ZPOS64_T uPosFound=CENTRALDIRINVALID; + + if (ZSEEK64(*pzlib_filefunc_def,filestream,0,ZLIB_FILEFUNC_SEEK_END) != 0) +- return 0; ++ return CENTRALDIRINVALID; + + + uSizeFile = ZTELL64(*pzlib_filefunc_def,filestream); +@@ -401,7 +405,7 @@ local ZPOS64_T unz64local_SearchCentralDir(const zlib_filefunc64_32_def* pzlib_f + + buf = (unsigned char*)ALLOC(BUFREADCOMMENT+4); + if (buf==NULL) +- return 0; ++ return CENTRALDIRINVALID; + + uBackRead = 4; + while (uBackRead - 1.2.13-4 +- backport patches from upstream + * Tue Jun 18 2024 zhoupengcheng - 1.2.13-3 - delete redundant patch