diff --git a/backport-Add-bounds-checking-to-ERR_MSG-macro-used-by-zError.patch b/backport-Add-bounds-checking-to-ERR_MSG-macro-used-by-zError.patch deleted file mode 100644 index e4d75cf35425c1b77b1b0b78490665e080fba2f6..0000000000000000000000000000000000000000 --- a/backport-Add-bounds-checking-to-ERR_MSG-macro-used-by-zError.patch +++ /dev/null @@ -1,27 +0,0 @@ -From 431a9b65eacab7efabf2230ba97ff426c0e07f9d Mon Sep 17 00:00:00 2001 -From: Mark Adler -Date: Thu, 7 Dec 2023 06:38:10 -0800 -Subject: [PATCH] Add bounds checking to ERR_MSG() macro, used by zError(). - -Reference: https://github.com/madler/zlib/commit/431a9b65eacab7efabf2230ba97ff426c0e07f9d -Conflict: no ---- - zutil.h | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/zutil.h b/zutil.h -index 902a304..0bd2dbc 100644 ---- a/zutil.h -+++ b/zutil.h -@@ -56,7 +56,7 @@ typedef unsigned long ulg; - extern z_const char * const z_errmsg[10]; /* indexed by 2-zlib_error */ - /* (size given to avoid silly warnings with Visual C++) */ - --#define ERR_MSG(err) z_errmsg[Z_NEED_DICT-(err)] -+#define ERR_MSG(err) z_errmsg[(err) < -6 || (err) > 2 ? 9 : 2 - (err)] - - #define ERR_RETURN(strm,err) \ - return (strm->msg = ERR_MSG(err), (err)) --- -2.33.0 - diff --git a/backport-CVE-2023-45853.patch b/backport-CVE-2023-45853.patch deleted file mode 100644 index f750e0f31f1006d16deb4114370ea09226072850..0000000000000000000000000000000000000000 --- a/backport-CVE-2023-45853.patch +++ /dev/null @@ -1,39 +0,0 @@ -From 73331a6a0481067628f065ffe87bb1d8f787d10c Mon Sep 17 00:00:00 2001 -From: Hans Wennborg -Date: Fri, 18 Aug 2023 11:05:33 +0200 -Subject: [PATCH] Reject overflows of zip header fields in minizip. - -This checks the lengths of the file name, extra field, and comment -that would be put in the zip headers, and rejects them if they are -too long. They are each limited to 65535 bytes in length by the zip -format. This also avoids possible buffer overflows if the provided -fields are too long. ---- - contrib/minizip/zip.c | 11 +++++++++++ - 1 file changed, 11 insertions(+) - -diff --git a/contrib/minizip/zip.c b/contrib/minizip/zip.c -index 3d3d4ca..0446109 100644 ---- a/contrib/minizip/zip.c -+++ b/contrib/minizip/zip.c -@@ -1043,6 +1043,17 @@ extern int ZEXPORT zipOpenNewFileInZip4_64(zipFile file, const char* filename, c - return ZIP_PARAMERROR; - #endif - -+ // The filename and comment length must fit in 16 bits. -+ if ((filename!=NULL) && (strlen(filename)>0xffff)) -+ return ZIP_PARAMERROR; -+ if ((comment!=NULL) && (strlen(comment)>0xffff)) -+ return ZIP_PARAMERROR; -+ // The extra field length must fit in 16 bits. If the member also requires -+ // a Zip64 extra block, that will also need to fit within that 16-bit -+ // length, but that will be checked for later. -+ if ((size_extrafield_local>0xffff) || (size_extrafield_global>0xffff)) -+ return ZIP_PARAMERROR; -+ - zi = (zip64_internal*)file; - - if (zi->in_opened_file_inzip == 1) --- -2.41.0.windows.3 - diff --git a/backport-Fix-a-bug-in-ZLIB_DEBUG-compiles-in-check_match.patch b/backport-Fix-a-bug-in-ZLIB_DEBUG-compiles-in-check_match.patch deleted file mode 100644 index 18bc6a83f9cc5caa1dfa94e2d1d9b77df350acc2..0000000000000000000000000000000000000000 --- a/backport-Fix-a-bug-in-ZLIB_DEBUG-compiles-in-check_match.patch +++ /dev/null @@ -1,50 +0,0 @@ -From 7af6320ad78b390de42f414fabdc64dc6d67a5ea Mon Sep 17 00:00:00 2001 -From: Mark Adler -Date: Fri, 19 Jan 2024 12:19:53 -0800 -Subject: [PATCH] Fix a bug in ZLIB_DEBUG compiles in check_match(). - -This avoids trying to compare a match starting one byte before the -current window. Thanks to @zmodem (Hans) for discovering this. - -Reference:https://github.com/madler/zlib/commit/7af6320ad78b390de42f414fabdc64dc6d67a5ea -Conflict: Patch context adaptation - ---- - deflate.c | 20 ++++++++++++++------ - 1 file changed, 14 insertions(+), 6 deletions(-) - -diff --git a/deflate.c b/deflate.c -index 8088083..396ab12 100644 ---- a/deflate.c -+++ b/deflate.c -@@ -1510,13 +1510,21 @@ local void check_match(s, start, match, length) - int length; - { - /* check that the match is indeed a match */ -- if (zmemcmp(s->window + match, -- s->window + start, length) != EQUAL) { -- fprintf(stderr, " start %u, match %u, length %d\n", -- start, match, length); -+ Bytef *back = s->window + (int)match, *here = s->window + start; -+ IPos len = length; -+ if (match == (IPos)-1) { -+ /* match starts one byte before the current window -- just compare the -+ subsequent length-1 bytes */ -+ back++; -+ here++; -+ len--; -+ } -+ if (zmemcmp(back, here, len) != EQUAL) { -+ fprintf(stderr, " start %u, match %d, length %d\n", -+ start, (int)match, length); - do { -- fprintf(stderr, "%c%c", s->window[match++], s->window[start++]); -- } while (--length != 0); -+ fprintf(stderr, "(%02x %02x)", *back++, *here++); -+ } while (--len != 0); - z_error("invalid match"); - } - if (z_verbose > 1) { --- -2.33.0 - diff --git a/backport-Fix-bug-in-inflateSync-for-data-held-in-bit-buffer.patch b/backport-Fix-bug-in-inflateSync-for-data-held-in-bit-buffer.patch deleted file mode 100644 index 0bcac9f1eee919c4df6dc81ab27115916d5ec533..0000000000000000000000000000000000000000 --- a/backport-Fix-bug-in-inflateSync-for-data-held-in-bit-buffer.patch +++ /dev/null @@ -1,27 +0,0 @@ -From 5af7cef45eeef86ddf6ab00b4e363c1eecaf47b6 Mon Sep 17 00:00:00 2001 -From: Mark Adler -Date: Thu, 24 Aug 2023 02:14:23 -0400 -Subject: [PATCH] Fix bug in inflateSync() for data held in bit buffer. - -Reference: https://github.com/madler/zlib/commit/5af7cef45eeef86ddf6ab00b4e363c1eecaf47b6 -Conflict: no ---- - inflate.c | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/inflate.c b/inflate.c -index b0757a9..94ecff0 100644 ---- a/inflate.c -+++ b/inflate.c -@@ -1387,7 +1387,7 @@ int ZEXPORT inflateSync(z_streamp strm) { - /* if first time, start search in bit buffer */ - if (state->mode != SYNC) { - state->mode = SYNC; -- state->hold <<= state->bits & 7; -+ state->hold >>= state->bits & 7; - state->bits -= state->bits & 7; - len = 0; - while (state->bits >= 8) { --- -2.33.0 - diff --git a/backport-Fix-bug-when-using-gzflush-with-a-very-small-buffer.patch b/backport-Fix-bug-when-using-gzflush-with-a-very-small-buffer.patch deleted file mode 100644 index 047c17d023fd24e39c6f3225c566b0b095a9142b..0000000000000000000000000000000000000000 --- a/backport-Fix-bug-when-using-gzflush-with-a-very-small-buffer.patch +++ /dev/null @@ -1,26 +0,0 @@ -From d98251478246c8ef2f405d76e4ef1678c14d7eda Mon Sep 17 00:00:00 2001 -From: Mark Adler -Date: Mon, 14 Aug 2023 17:01:54 -0700 -Subject: [PATCH] Fix bug when using gzflush() with a very small buffer. - -Reference:https://github.com/madler/zlib/commit/d98251478246c8ef2f405d76e4ef1678c14d7eda -Conflict:NA ---- - gzlib.c | 4 ++-- - 1 file changed, 2 insertions(+), 2 deletions(-) - -diff --git a/gzlib.c b/gzlib.c -index 2b446c448..29fc4486f 100644 ---- a/gzlib.c -+++ b/gzlib.c -@@ -308,8 +308,8 @@ int ZEXPORT gzbuffer(gzFile file, unsigned size) { - /* check and set requested size */ - if ((size << 1) < size) - return -1; /* need to be able to double it */ -- if (size < 2) -- size = 2; /* need two bytes to check magic header */ -+ if (size < 8) -+ size = 8; /* needed to behave well with flushing */ - state->want = size; - return 0; - } diff --git a/backport-Fix-crash-when-gzsetparams-attempted-for-transparent-write.patch b/backport-Fix-crash-when-gzsetparams-attempted-for-transparent-write.patch deleted file mode 100644 index 1d488ba09434ef1a0c1ee7ed143e6ba7265b1cba..0000000000000000000000000000000000000000 --- a/backport-Fix-crash-when-gzsetparams-attempted-for-transparent-write.patch +++ /dev/null @@ -1,26 +0,0 @@ -From 02a6049eb3884c430268bb0fe3296d597a03174c Mon Sep 17 00:00:00 2001 -From: Mark Adler -Date: Mon, 26 Dec 2022 23:36:01 -0800 -Subject: [PATCH] Fix crash when gzsetparams() attempted for transparent write. - -gzsetparams() now returns a Z_STREAM_ERROR in this case.i - -Reference:https://github.com/madler/zlib/commit/02a6049eb3884c430268bb0fe3296d597a03174c -Conflict:NA ---- - gzwrite.c | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/gzwrite.c b/gzwrite.c -index eb8a0e589..3030d74d6 100644 ---- a/gzwrite.c -+++ b/gzwrite.c -@@ -609,7 +609,7 @@ int ZEXPORT gzsetparams(file, level, strategy) - strm = &(state->strm); - - /* check that we're writing and that there's no error */ -- if (state->mode != GZ_WRITE || state->err != Z_OK) -+ if (state->mode != GZ_WRITE || state->err != Z_OK || state->direct) - return Z_STREAM_ERROR; - - /* if no change is requested, then do nothing */ diff --git a/backport-Fix-decision-on-the-emission-of-Zip64-end-records-in.patch b/backport-Fix-decision-on-the-emission-of-Zip64-end-records-in.patch deleted file mode 100644 index a2a843599697a569d354ce2213e00966a5119fa4..0000000000000000000000000000000000000000 --- a/backport-Fix-decision-on-the-emission-of-Zip64-end-records-in.patch +++ /dev/null @@ -1,35 +0,0 @@ -From 15c45adb76e81a7e3a8a9e17b2a56eb90f668f44 Mon Sep 17 00:00:00 2001 -From: Mark Adler -Date: Tue, 7 Nov 2023 15:46:41 -0800 -Subject: [PATCH] Fix decision on the emission of Zip64 end records in minizip. - -The appnote says that if the number of entries in the end record -is 0xffff, then the actual number of entries will be found in the -Zip64 end record. Therefore if the number of entries is equal to -0xffff, it can't be in the end record by itself, since that is an -instruction to get the number from the Zip64 end record. This code -would just store 0xffff in the end record in that case, not making -a Zip64 end record. This commit fixes that. - -Reference: https://github.com/madler/zlib/commit/15c45adb76e81a7e3a8a9e17b2a56eb90f668f44 -Conflict: no ---- - contrib/minizip/zip.c | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/contrib/minizip/zip.c b/contrib/minizip/zip.c -index 0446109..86be90b 100644 ---- a/contrib/minizip/zip.c -+++ b/contrib/minizip/zip.c -@@ -1872,7 +1872,7 @@ extern int ZEXPORT zipClose(zipFile file, const char* global_comment) { - free_linkedlist(&(zi->central_dir)); - - pos = centraldir_pos_inzip - zi->add_position_when_writing_offset; -- if(pos >= 0xffffffff || zi->number_entry > 0xFFFF) -+ if(pos >= 0xffffffff || zi->number_entry >= 0xFFFF) - { - ZPOS64_T Zip64EOCDpos = ZTELL64(zi->z_filefunc,zi->filestream); - Write_Zip64EndOfCentralDirectoryRecord(zi, size_centraldir, centraldir_pos_inzip); --- -2.33.0 - diff --git a/backport-Fix-logic-error-in-minizip-argument-processing.patch b/backport-Fix-logic-error-in-minizip-argument-processing.patch deleted file mode 100644 index e10da930b4b662f148fcf36a0a0b368f0ad463ea..0000000000000000000000000000000000000000 --- a/backport-Fix-logic-error-in-minizip-argument-processing.patch +++ /dev/null @@ -1,24 +0,0 @@ -From 3061e5013c2569974fd7d830f2776b38da4e2691 Mon Sep 17 00:00:00 2001 -From: Mark Adler -Date: Sat, 29 Jul 2023 23:51:22 -0700 -Subject: [PATCH] Fix logic error in minizip argument processing. - -Reference:https://github.com/madler/zlib/commit/3061e5013c2569974fd7d830f2776b38da4e2691 -Conflict:NA ---- - contrib/minizip/minizip.c | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/contrib/minizip/minizip.c b/contrib/minizip/minizip.c -index f458c85ef..61a9d4c7d 100644 ---- a/contrib/minizip/minizip.c -+++ b/contrib/minizip/minizip.c -@@ -381,7 +381,7 @@ int main(int argc, char *argv[]) { - ((argv[i][1]=='o') || (argv[i][1]=='O') || - (argv[i][1]=='a') || (argv[i][1]=='A') || - (argv[i][1]=='p') || (argv[i][1]=='P') || -- ((argv[i][1]>='0') || (argv[i][1]<='9'))) && -+ ((argv[i][1]>='0') && (argv[i][1]<='9'))) && - (strlen(argv[i]) == 2))) - { - FILE * fin; diff --git a/backport-Fix-reading-disk-number-start-on-zip64-files-in-minizip.patch b/backport-Fix-reading-disk-number-start-on-zip64-files-in-minizip.patch deleted file mode 100644 index f68c8af6e12d0ddf83cd8193ab7751cf2af5c119..0000000000000000000000000000000000000000 --- a/backport-Fix-reading-disk-number-start-on-zip64-files-in-minizip.patch +++ /dev/null @@ -1,40 +0,0 @@ -From e0bd0ad6e4d8afd2bc3d55d84d459a0e2c0e2890 Mon Sep 17 00:00:00 2001 -From: Mark Adler -Date: Sat, 29 Jul 2023 23:34:26 -0700 -Subject: [PATCH] Fix reading disk number start on zip64 files in minizip. - -Reference:https://github.com/madler/zlib/commit/e0bd0ad6e4d8afd2bc3d55d84d459a0e2c0e2890 -Conflict:NA ---- - contrib/minizip/unzip.c | 6 ++---- - 1 file changed, 2 insertions(+), 4 deletions(-) - -diff --git a/contrib/minizip/unzip.c b/contrib/minizip/unzip.c -index 1da51a9..9329732 100644 ---- a/contrib/minizip/unzip.c -+++ b/contrib/minizip/unzip.c -@@ -1038,8 +1038,6 @@ local int unz64local_GetCurrentFileInfoInternal (unzFile file, - /* ZIP64 extra fields */ - if (headerId == 0x0001) - { -- uLong uL; -- - if(file_info.uncompressed_size == MAXU32) - { - if (unz64local_getLong64(&s->z_filefunc, s->filestream,&file_info.uncompressed_size) != UNZ_OK) -@@ -1059,10 +1057,10 @@ local int unz64local_GetCurrentFileInfoInternal (unzFile file, - err=UNZ_ERRNO; - } - -- if(file_info.disk_num_start == MAXU32) -+ if(file_info.disk_num_start == 0xffff) - { - /* Disk Start Number */ -- if (unz64local_getLong(&s->z_filefunc, s->filestream,&uL) != UNZ_OK) -+ if (unz64local_getLong(&s->z_filefunc, s->filestream,&file_info.disk_num_start) != UNZ_OK) - err=UNZ_ERRNO; - } - --- -2.27.0 - diff --git a/backport-Neutralize-zip-file-traversal-attacks-in-miniunz.patch b/backport-Neutralize-zip-file-traversal-attacks-in-miniunz.patch deleted file mode 100644 index 18589f5b580046415914c53e315ca2ab5226d103..0000000000000000000000000000000000000000 --- a/backport-Neutralize-zip-file-traversal-attacks-in-miniunz.patch +++ /dev/null @@ -1,61 +0,0 @@ -From 14a5f8f266c16c87ab6c086fc52b770b27701e01 Mon Sep 17 00:00:00 2001 -From: Matt Wilson -Date: Wed, 17 Jan 2024 14:46:18 -0800 -Subject: [PATCH] Neutralize zip file traversal attacks in miniunz. - -Archive formats such as .zip files are generally susceptible to -so-called "traversal attacks". This allows an attacker to craft -an archive that writes to unexpected locations of the file system -(e.g., /etc/shadow) if an unspecting root user were to unpack a -malicious archive. - -This patch neutralizes absolute paths such as /tmp/moo and deeply -relative paths such as dummy/../../../../../../../../../../tmp/moo - -The Debian project requested CVE-2014-9485 be allocated for the -first identified weakness. The fix was incomplete, resulting in a -revised patch applied here. Since there wasn't an updated version -released by Debian with the incomplete fix, I suggest we use this -CVE to identify both issues. - -Link: https://security.snyk.io/research/zip-slip-vulnerability -Link: https://bugs.debian.org/774321 -Link: https://bugs.debian.org/776831 -Link: https://nvd.nist.gov/vuln/detail/CVE-2014-9485 -Reported-by: Jakub Wilk -Fixed-by: Michael Gilbert - -Reference: https://github.com/madler/zlib/commit/14a5f8f266c16c87ab6c086fc52b770b27701e01 -Conflict: no ---- - contrib/minizip/miniunz.c | 14 ++++++++++++++ - 1 file changed, 14 insertions(+) - -diff --git a/contrib/minizip/miniunz.c b/contrib/minizip/miniunz.c -index 0c2fb0d..d627c42 100644 ---- a/contrib/minizip/miniunz.c -+++ b/contrib/minizip/miniunz.c -@@ -356,6 +356,20 @@ static int do_extract_currentfile(unzFile uf, const int* popt_extract_without_pa - else - write_filename = filename_withoutpath; - -+ if (write_filename[0]!='\0') -+ { -+ const char* relative_check = write_filename; -+ while (relative_check[1]!='\0') -+ { -+ if (relative_check[0]=='.' && relative_check[1]=='.') -+ write_filename = relative_check; -+ relative_check++; -+ } -+ } -+ -+ while (write_filename[0]=='/' || write_filename[0]=='.') -+ write_filename++; -+ - err = unzOpenCurrentFilePassword(uf,password); - if (err!=UNZ_OK) - { --- -2.33.0 - diff --git a/backport-Remove-use-of-OF-from-contrib-untgz-and-render-it-compilable.patch b/backport-Remove-use-of-OF-from-contrib-untgz-and-render-it-compilable.patch deleted file mode 100644 index eabc5ebf09aa4a3d7529c4cadcdbf33638075cd3..0000000000000000000000000000000000000000 --- a/backport-Remove-use-of-OF-from-contrib-untgz-and-render-it-compilable.patch +++ /dev/null @@ -1,109 +0,0 @@ -From 66588683b36042154ad35140bf9fcbb60c5d573c Mon Sep 17 00:00:00 2001 -From: Mark Adler -Date: Sat, 15 Apr 2023 11:27:12 -0700 -Subject: [PATCH] Remove use of OF() from contrib/untgz and render it - compilable. - -Reference:https://github.com/madler/zlib/commit/66588683b36042154ad35140bf9fcbb60c5d573c -Conflict:NA ---- - contrib/untgz/untgz.c | 47 +++++++++++-------------------------------- - 1 file changed, 12 insertions(+), 35 deletions(-) - -diff --git a/contrib/untgz/untgz.c b/contrib/untgz/untgz.c -index 2c391e598..3e530971c 100644 ---- a/contrib/untgz/untgz.c -+++ b/contrib/untgz/untgz.c -@@ -14,15 +14,10 @@ - - #include "zlib.h" - --#ifdef unix --# include --#else -+#ifdef _WIN32 - # include - # include --#endif -- --#ifdef WIN32 --#include -+# include - # ifndef F_OK - # define F_OK 0 - # endif -@@ -33,6 +28,8 @@ - # define strdup(str) _strdup(str) - # endif - #else -+# include -+# include - # include - #endif - -@@ -102,28 +99,14 @@ struct attr_item - - enum { TGZ_EXTRACT, TGZ_LIST, TGZ_INVALID }; - --char *TGZfname OF((const char *)); --void TGZnotfound OF((const char *)); -- --int getoct OF((char *, int)); --char *strtime OF((time_t *)); --int setfiletime OF((char *, time_t)); --void push_attr OF((struct attr_item **, char *, int, time_t)); --void restore_attr OF((struct attr_item **)); -- --int ExprMatch OF((char *, char *)); -- --int makedir OF((char *)); --int matchname OF((int, int, char **, char *)); -- --void error OF((const char *)); --int tar OF((gzFile, int, int, int, char **)); -- --void help OF((int)); --int main OF((int, char **)); -- - char *prog; - -+void error(const char *msg) -+{ -+ fprintf(stderr, "%s: %s\n", prog, msg); -+ exit(1); -+} -+ - const char *TGZsuffix[] = { "\0", ".tar", ".tar.gz", ".taz", ".tgz", NULL }; - - /* return the file name of the TGZ archive */ -@@ -205,7 +188,7 @@ char *strtime (time_t *t) - - int setfiletime (char *fname,time_t ftime) - { --#ifdef WIN32 -+#ifdef _WIN32 - static int isWinNT = -1; - SYSTEMTIME st; - FILETIME locft, modft; -@@ -590,12 +573,6 @@ void help(int exitval) - exit(exitval); - } - --void error(const char *msg) --{ -- fprintf(stderr, "%s: %s\n", prog, msg); -- exit(1); --} -- - - /* ============================================================ */ - -@@ -608,7 +585,7 @@ int main(int argc,char **argv) - int action = TGZ_EXTRACT; - int arg = 1; - char *TGZfile; -- gzFile *f; -+ gzFile f; - - prog = strrchr(argv[0],'\\'); - if (prog == NULL) diff --git a/backport-Suppress-MSAN-detections-in-deflate-slide_hash.patch b/backport-Suppress-MSAN-detections-in-deflate-slide_hash.patch deleted file mode 100644 index 449a9e389a02360bff3df103a8142b3e851c5b90..0000000000000000000000000000000000000000 --- a/backport-Suppress-MSAN-detections-in-deflate-slide_hash.patch +++ /dev/null @@ -1,36 +0,0 @@ -From 981ee7570ad98a3cf1ae74d737e2ee619ed79171 Mon Sep 17 00:00:00 2001 -From: Andrzej Hunt -Date: Fri, 4 Jun 2021 18:25:19 +0200 -Subject: [PATCH] Suppress MSAN detections in deflate's slide_hash(). - -slide_hash() knowingly reads potentially uninitialized memory, see -comment lower down about prev[n] potentially being garbage. In -this case, the result is never used. - -Reference:https://github.com/madler/zlib/commit/981ee7570ad98a3cf1ae74d737e2ee619ed79171 -Conflict:NA ---- - deflate.c | 7 +++++++ - 1 file changed, 7 insertions(+) - -diff --git a/deflate.c b/deflate.c -index 5410497..8088083 100644 ---- a/deflate.c -+++ b/deflate.c -@@ -209,6 +209,13 @@ local const config configuration_table[10] = { - * bit values at the expense of memory usage). We slide even when level == 0 to - * keep the hash table consistent if we switch back to level > 0 later. - */ -+ -+#if defined(__has_feature) -+# if __has_feature(memory_sanitizer) -+ __attribute__((no_sanitize("memory"))) -+# endif -+#endif -+ - local void slide_hash(s) - deflate_state *s; - { --- -2.27.0 - diff --git a/backport-avoid-uninitialized-and-unused-warnings-in-contrib-minizip.patch b/backport-avoid-uninitialized-and-unused-warnings-in-contrib-minizip.patch deleted file mode 100644 index c40bb5569120f1bb4a4c7f233b5f955db830005a..0000000000000000000000000000000000000000 --- a/backport-avoid-uninitialized-and-unused-warnings-in-contrib-minizip.patch +++ /dev/null @@ -1,63 +0,0 @@ -From 25bbd7f5a6a172b83b59fab7a80c55d1533dd100 Mon Sep 17 00:00:00 2001 -From: Mark Adler -Date: Thu, 17 Aug 2023 21:40:28 -0700 -Subject: [PATCH] Avoid uninitialized and unused warnings in contrib/minizip. - -Reference:https://github.com/madler/zlib/commit/25bbd7f5a6a172b83b59fab7a80c55d1533dd100 -Conflict:NA ---- - contrib/minizip/miniunz.c | 10 ++++++++-- - contrib/minizip/minizip.c | 2 +- - 2 files changed, 9 insertions(+), 3 deletions(-) - -diff --git a/contrib/minizip/miniunz.c b/contrib/minizip/miniunz.c -index 3d65401..507820d 100644 ---- a/contrib/minizip/miniunz.c -+++ b/contrib/minizip/miniunz.c -@@ -113,7 +113,11 @@ void change_file_date(filename,dosdate,tmu_date) - - ut.actime=ut.modtime=mktime(&newdate); - utime(filename,&ut); --#endif -+#else -+ (void)filename; -+ (void)dosdate; -+ (void)tmu_date; -+#endif - #endif - } - -@@ -131,6 +135,8 @@ int mymkdir(dirname) - ret = mkdir (dirname,0775); - #elif __APPLE__ - ret = mkdir (dirname,0775); -+#else -+ (void)dirname; - #endif - return ret; - } -@@ -248,7 +254,7 @@ int do_list(uf) - char filename_inzip[256]; - unz_file_info64 file_info; - uLong ratio=0; -- const char *string_method; -+ const char *string_method = ""; - char charCrypt=' '; - err = unzGetCurrentFileInfo64(uf,&file_info,filename_inzip,sizeof(filename_inzip),NULL,0,NULL,0); - if (err!=UNZ_OK) -diff --git a/contrib/minizip/minizip.c b/contrib/minizip/minizip.c -index c5d9cc6..5dde38f 100644 ---- a/contrib/minizip/minizip.c -+++ b/contrib/minizip/minizip.c -@@ -395,7 +395,7 @@ int main(argc,argv) - ((argv[i][1]>='0') && (argv[i][1]<='9'))) && - (strlen(argv[i]) == 2))) - { -- FILE * fin; -+ FILE * fin = NULL; - size_t size_read; - const char* filenameinzip = argv[i]; - const char *savefilenameinzip; --- -2.27.0 - diff --git a/backport-minizip-Fix-being-unable-to-open-empty-zip-file.patch b/backport-minizip-Fix-being-unable-to-open-empty-zip-file.patch deleted file mode 100644 index f574468eb70706ac6454bddceb62aa4df980760e..0000000000000000000000000000000000000000 --- a/backport-minizip-Fix-being-unable-to-open-empty-zip-file.patch +++ /dev/null @@ -1,160 +0,0 @@ -From f209ca7be7981dc8fca79428706057e4ebc929ee Mon Sep 17 00:00:00 2001 -From: RedworkDE <10944644+RedworkDE@users.noreply.github.com> -Date: Wed, 15 Feb 2023 12:25:33 +0100 -Subject: [PATCH] minizip: Fix being unable to open empty zip file - -Reference:https://github.com/madler/zlib/commit/f209ca7be7981dc8fca79428706057e4ebc929ee -Conflict:NA ---- - contrib/minizip/unzip.c | 48 ++++++++++++++++++++++------------------- - 1 file changed, 26 insertions(+), 22 deletions(-) - -diff --git a/contrib/minizip/unzip.c b/contrib/minizip/unzip.c -index ad2eb3bc9..3adc692f3 100644 ---- a/contrib/minizip/unzip.c -+++ b/contrib/minizip/unzip.c -@@ -379,6 +379,10 @@ extern int ZEXPORT unzStringFileNameCompare (const char* fileName1, - #define BUFREADCOMMENT (0x400) - #endif - -+#ifndef CENTRALDIRINVALID -+#define CENTRALDIRINVALID ((ZPOS64_T)(-1)) -+#endif -+ - /* - Locate the Central directory of a zipfile (at the end, just before - the global comment) -@@ -388,10 +392,10 @@ local ZPOS64_T unz64local_SearchCentralDir(const zlib_filefunc64_32_def* pzlib_f - ZPOS64_T uSizeFile; - ZPOS64_T uBackRead; - ZPOS64_T uMaxBack=0xffff; /* maximum size of global comment */ -- ZPOS64_T uPosFound=0; -+ ZPOS64_T uPosFound=CENTRALDIRINVALID; - - if (ZSEEK64(*pzlib_filefunc_def,filestream,0,ZLIB_FILEFUNC_SEEK_END) != 0) -- return 0; -+ return CENTRALDIRINVALID; - - - uSizeFile = ZTELL64(*pzlib_filefunc_def,filestream); -@@ -401,7 +405,7 @@ local ZPOS64_T unz64local_SearchCentralDir(const zlib_filefunc64_32_def* pzlib_f - - buf = (unsigned char*)ALLOC(BUFREADCOMMENT+4); - if (buf==NULL) -- return 0; -+ return CENTRALDIRINVALID; - - uBackRead = 4; - while (uBackRead +#define UPDATE_HASH_CRC_INTERNAL(s, h, c) \ + (h = __crc32w(0, (c) & 0xFFFFFF) & ((deflate_state *)s)->hash_mask) -+ + +#define UPDATE_HASH(s, h, c) \ + UPDATE_HASH_CRC_INTERNAL(s, h, *(unsigned *)((uintptr_t)(&c) - (MIN_MATCH-1))) +#else +#define UPDATE_HASH(s,h,c) (h = (((h)<hash_shift) ^ (c)) & s->hash_mask) +#endif - /* =========================================================================== -@@ -1226,14 +1235,15 @@ local unsigned read_buf(strm, buf, size) + * Insert string str in the dictionary and set match_head to the previous head +@@ -224,14 +232,15 @@ local unsigned read_buf(z_streamp strm, Bytef *buf, unsigned size) { strm->avail_in -= len; zmemcpy(buf, strm->next_in, len); @@ -266,7 +263,7 @@ diff --git a/inffast.c b/inffast.c index 1fec7f3..84c5aba 100644 --- a/inffast.c +++ b/inffast.c -@@ -57,6 +57,9 @@ unsigned start; /* inflate()'s starting value for strm->avail_out */ +@@ -54,6 +54,9 @@ void ZLIB_INTERNAL inflate_fast(z_streamp strm, unsigned start) { unsigned char FAR *out; /* local strm->next_out */ unsigned char FAR *beg; /* inflate()'s initial strm->next_out */ unsigned char FAR *end; /* while out < end, enough space available */ @@ -276,7 +273,7 @@ index 1fec7f3..84c5aba 100644 #ifdef INFLATE_STRICT unsigned dmax; /* maximum distance from zlib header */ #endif -@@ -89,7 +92,12 @@ unsigned start; /* inflate()'s starting value for strm->avail_out */ +@@ -86,7 +89,12 @@ void ZLIB_INTERNAL inflate_fast(z_streamp strm, unsigned start) { #endif wsize = state->wsize; whave = state->whave; @@ -289,7 +286,7 @@ index 1fec7f3..84c5aba 100644 window = state->window; hold = state->hold; bits = state->bits; -@@ -197,6 +205,45 @@ unsigned start; /* inflate()'s starting value for strm->avail_out */ +@@ -194,6 +202,45 @@ void ZLIB_INTERNAL inflate_fast(z_streamp strm, unsigned start) { #endif } from = window; @@ -335,14 +332,13 @@ index 1fec7f3..84c5aba 100644 if (wnext == 0) { /* very common case */ from += wsize - op; if (op < len) { /* some from window */ -@@ -247,8 +294,18 @@ unsigned start; /* inflate()'s starting value for strm->avail_out */ +@@ -244,8 +291,18 @@ void ZLIB_INTERNAL inflate_fast(z_streamp strm, unsigned start) { if (len > 1) *out++ = *from++; } +#endif } -- else { -+ else { + else { +#if defined(INFLATE_CHUNK_SIMD_NEON) + /* Whole reference is in range of current output. No + range checks are necessary because we start with room @@ -355,12 +351,10 @@ index 1fec7f3..84c5aba 100644 from = out - dist; /* copy direct from output */ do { /* minimum length is three */ *out++ = *from++; -@@ -260,7 +317,8 @@ unsigned start; /* inflate()'s starting value for strm->avail_out */ - *out++ = *from++; +@@ -258,6 +315,7 @@ void ZLIB_INTERNAL inflate_fast(z_streamp strm, unsigned start) { if (len > 1) *out++ = *from++; -- } -+ } + } +#endif } } @@ -381,7 +375,7 @@ index e5c1aa4..259882c 100644 + * input data in 64-bit (8 byte) chunks. + */ + - void ZLIB_INTERNAL inflate_fast OF((z_streamp strm, unsigned start)); + void ZLIB_INTERNAL inflate_fast(z_streamp strm, unsigned start); + +#if defined(INFLATE_CHUNK_SIMD_NEON) + @@ -748,7 +742,7 @@ diff --git a/inflate.c b/inflate.c index 8acbef4..4e695b1 100644 --- a/inflate.c +++ b/inflate.c -@@ -408,9 +408,16 @@ unsigned copy; +@@ -373,9 +373,16 @@ local int updatewindow(z_streamp strm, const Bytef *end, unsigned copy) { /* if it hasn't been done already, allocate space for the window */ if (state->window == Z_NULL) { diff --git a/zlib-1.3.1.tar.xz b/zlib-1.3.1.tar.xz new file mode 100644 index 0000000000000000000000000000000000000000..208383702a1aaa90253e11bfa3b5da47c6105f14 Binary files /dev/null and b/zlib-1.3.1.tar.xz differ diff --git a/zlib-Optimize-CRC32.patch b/zlib-Optimize-CRC32.patch index 16d66b48c1ec24209e8065e466dc5ad13380386b..935acd0908a2c9bee268ce02815f200f7fb189e7 100644 --- a/zlib-Optimize-CRC32.patch +++ b/zlib-Optimize-CRC32.patch @@ -28,7 +28,7 @@ index f8357b0..5c53068 100644 /* A CRC of a message is computed on N braids of words in the message, where -@@ -600,6 +603,49 @@ const z_crc_t FAR * ZEXPORT get_crc_table() +@@ -553,6 +556,50 @@ const z_crc_t FAR * ZEXPORT get_crc_table(void) { return (const z_crc_t FAR *)crc_table; } @@ -74,14 +74,15 @@ index f8357b0..5c53068 100644 + return (crc_result ^ 0xffffffffL); +} +#endif ++ + /* ========================================================================= * Use ARM machine instructions if available. This will compute the CRC about * ten times faster than the braided calculation. This code does not check for -@@ -750,6 +794,10 @@ unsigned long ZEXPORT crc32_z(crc, buf, len) - const unsigned char FAR *buf; - z_size_t len; - { +@@ -581,6 +628,10 @@ unsigned long ZEXPORT crc32_z(unsigned long crc, const unsigned char FAR *buf, + z_size_t last, last2, i; + z_size_t num; + + #ifdef __aarch64__ + return crc32_neon(crc, buf, len); + #endif diff --git a/zlib.spec b/zlib.spec index 01e72caba68eae3dbf1b5e5933738d0c3fa84838..19858743bf32c323228a8a319979da27d23b9231 100644 --- a/zlib.spec +++ b/zlib.spec @@ -1,31 +1,17 @@ Name: zlib -Version: 1.2.13 -Release: 4 +Version: 1.3.1 +Release: 1 Summary: A lossless data-compression library License: zlib and Boost -URL: http://www.zlib.net -Source0: http://www.zlib.net/zlib-%{version}.tar.xz +URL: https://www.zlib.net +Source0: https://www.zlib.net/zlib-%{version}.tar.xz # Patch0 get from fedora Patch6000: backport-zlib-1.2.5-minizip-fixuncrypt.patch -Patch6001: backport-CVE-2023-45853.patch -Patch6002: backport-Fix-crash-when-gzsetparams-attempted-for-transparent-write.patch -Patch6003: backport-Remove-use-of-OF-from-contrib-untgz-and-render-it-compilable.patch -Patch6004: backport-minizip-Fix-being-unable-to-open-empty-zip-file.patch -Patch6005: backport-Fix-reading-disk-number-start-on-zip64-files-in-minizip.patch -Patch6006: backport-Fix-logic-error-in-minizip-argument-processing.patch Patch6007: backport-Fix-bug-when-gzungetc-is-used-immediately-after-gzopen.patch -Patch6008: backport-Suppress-MSAN-detections-in-deflate-slide_hash.patch -Patch6009: backport-Fix-bug-when-using-gzflush-with-a-very-small-buffer.patch -Patch6010: backport-avoid-uninitialized-and-unused-warnings-in-contrib-minizip.patch -Patch6011: backport-Add-bounds-checking-to-ERR_MSG-macro-used-by-zError.patch -Patch6012: backport-Fix-bug-in-inflateSync-for-data-held-in-bit-buffer.patch -Patch6013: backport-Fix-decision-on-the-emission-of-Zip64-end-records-in.patch -Patch6014: backport-Neutralize-zip-file-traversal-attacks-in-miniunz.patch -Patch6015: backport-Fix-a-bug-in-ZLIB_DEBUG-compiles-in-check_match.patch Patch9000: zlib-Optimize-CRC32.patch -Patch9001: zlib-1.2.11-SIMD.patch +Patch9001: zlib-1.3.1-SIMD.patch BuildRequires: automake, autoconf, libtool @@ -68,8 +54,7 @@ Requires: %{name}-devel = %{version}-%{release} This package contains the development-related content related to minizip. %prep -%setup -n %{name}-%{version} -%autosetup -b 0 -n %{name}-%{version} -p1 +%autosetup -p1 -n %{name}-%{version} %build export CFLAGS="$RPM_OPT_FLAGS" @@ -126,13 +111,16 @@ make test %{_libdir}/pkgconfig/minizip.pc %changelog +* Mon Oct 28 2024 Funda Wang - 1.3.1-1 +- update to 1.3.1 + * Tue Aug 13 2024 yanglongkang - 1.2.13-4 - backport patches from upstream * Tue Jun 18 2024 zhoupengcheng - 1.2.13-3 - delete redundant patch -* Thu May 14 2024 zhoupengcheng - 1.2.13-2 +* Tue May 14 2024 zhoupengcheng - 1.2.13-2 - downgrade to zlib-1.2.13 * Wed Feb 21 2024 liweigang - 1.3.1-1 diff --git a/zlib.yaml b/zlib.yaml index 7ed1efc1dad633f3d4dcacfd8151c5bd833a6185..03dd318c4c0e77d96a26c4ad63dd1b97486bcdeb 100644 --- a/zlib.yaml +++ b/zlib.yaml @@ -1,4 +1,4 @@ -version_control: github -src_repo: madler/zlib -tag_prefix: ^v -seperator: . \ No newline at end of file +version_control: github +src_repo: madler/zlib +tag_prefix: ^v +separator: .