From 8839a939ee7681f8ca42846d05ce19b3df1e55d5 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Petr=20=C5=A0tetiar?= Date: Mon, 28 Mar 2022 08:38:26 +0200 Subject: libs/zlib: bump to latest stable release 1.2.12 (CVE-2018-25032) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit List of changes since previous release from 2018 is quite long: * Fix crc32.c to compile local functions only if used. * Check for cc masquerading as gcc or clang in configure. * Remove destructive aspects of make distclean. * Separate out address sanitizing from warnings in configure. * Eliminate use of ULL constants. * Add fallthrough comments for gcc. * Clean up minizip to reduce warnings for testing. * Fix unztell64() in minizip to work past 4GB. (Daniël Hörchner) * minizip warning fix if MAXU32 already defined. (gvollant) * Replace black/white with allow/block. (theresa-m) * Fix indentation in minizip's zip.c. * Improve portability of contrib/minizip. * Correct typo in blast.c. * Change macro name in inflate.c to avoid collision in VxWorks. * Clarify gz* function interfaces, referring to parameter names. * Fix error in comment on the polynomial representation of a byte. * Fix memory leak on error in gzlog.c. * Avoid adding empty gzip member after gzflush with Z_FINISH. * Explicitly note that the 32-bit check values are 32 bits. * Use ARM crc32 instructions if the ARM architecture has them. * Add use of the ARMv8 crc32 instructions when requested. * Correct comment in crc32.c. * Don't bother computing check value after successful inflateSync(). * Use atomic test and set, if available, for dynamic CRC tables. * Speed up software CRC-32 computation by a factor of 1.5 to 3. * Add crc32_combine_gen() and crc32_combine_op() for fast combines. * Add tables for crc32_combine(), to speed it up by a factor of 200. * Fix the zran.c example to work on a multiple-member gzip file. * Add gznorm.c example, which normalizes gzip files. * Show all the codes for the maximum tables size in enough.c. * Clarify that prefix codes are counted in enough.c. * Use inline function instead of macro for index in enough.c. * Clean up code style in enough.c, update version. * Use a macro for the printf format of big_t in enough.c. * Use a structure to make globals in enough.c evident. * Assure that the number of bits for deflatePrime() is valid. * Fix a bug that can crash deflate on some input when using Z_FIXED. * Correct the initialization requirements for deflateInit2(). * Emphasize the need to continue decompressing gzip members. * Add legal disclaimer to README. * Fix deflateEnd() to not report an error at start of raw deflate. * Remove old assembler code in which bugs have manifested. * Make the names in functions declarations identical to definitions. * Avoid an undefined behavior of memcpy() in _tr_stored_block(). * Avoid undefined behaviors of memcpy() in gz*printf(). * Avoid an undefined behavior of memcpy() in gzappend(). * Avoid the use of ptrdiff_t. * Handle case where inflateSync used when header never processed. * Don't compute check value for raw inflate if asked to validate. * Add address checking in clang to -w option of configure. * Return an error if the gzputs string length can't fit in an int. * Small speedup to inflate [psumbera]. * Update use of errno for newer Windows CE versions. * Avoid some conversion warnings in gzread.c and gzwrite.c. * Have Makefile return non-zero error code on test failure. * Avoid a conversion error in gzseek when off_t type too small. * Fix CLEAR_HASH macro to be usable as a single statement. * Fix bug when window full in deflate_stored(). * Limit hash table inserts after switch from stored deflate. * Permit a deflateParams() parameter change as soon as possible. * Cygwin does not have _wopen(), so do not create gzopen_w() there. Removed 006-fix-compressor-crash-on-certain-inputs.patch which was hotfix for CVE-2018-25032 and is now included in this release. This release is not available on @SF (yet?) so the sources are now pulled from GitHub. Fixes: CVE-2018-25032 Signed-off-by: Petr Štetiar --- .../001-neon-implementation-of-adler32.patch | 21 +++++++-------------- 1 file changed, 7 insertions(+), 14 deletions(-) (limited to 'package/libs/zlib/patches/001-neon-implementation-of-adler32.patch') diff --git a/package/libs/zlib/patches/001-neon-implementation-of-adler32.patch b/package/libs/zlib/patches/001-neon-implementation-of-adler32.patch index 843ef45c7d..9ed784e3d3 100644 --- a/package/libs/zlib/patches/001-neon-implementation-of-adler32.patch +++ b/package/libs/zlib/patches/001-neon-implementation-of-adler32.patch @@ -21,11 +21,9 @@ https://bugs.chromium.org/p/chromium/issues/detail?id=688601 4 files changed, 166 insertions(+), 8 deletions(-) create mode 100644 contrib/arm/neon_adler32.c -diff --git a/CMakeLists.txt b/CMakeLists.txt -index 0fe939df..8e75f664 100644 --- a/CMakeLists.txt +++ b/CMakeLists.txt -@@ -7,6 +7,7 @@ set(VERSION "1.2.11") +@@ -7,6 +7,7 @@ set(VERSION "1.2.12") option(ASM686 "Enable building i686 assembly implementation") option(AMD64 "Enable building amd64 assembly implementation") @@ -94,23 +92,18 @@ index d0be4380..45ebaa4b 100644 } /* ========================================================================= */ -diff --git a/contrib/README.contrib b/contrib/README.contrib -index a411d5c3..3fd1d202 100644 --- a/contrib/README.contrib +++ b/contrib/README.contrib -@@ -12,6 +12,9 @@ amd64/ by Mikhail Teterin - asm code for AMD64 - See patch at http://www.freebsd.org/cgi/query-pr.cgi?pr=bin/96393 +@@ -8,6 +8,9 @@ ada/ by Dmitriy Anisimkov + ARM optimizations (NEON and ARMv8 code). + - asm686/ by Brian Raiter - asm code for Pentium and PPro/PII, using the AT&T (GNU as) syntax - See http://www.muppetlabs.com/~breadbox/software/assembly.html -diff --git a/contrib/arm/neon_adler32.c b/contrib/arm/neon_adler32.c -new file mode 100644 -index 00000000..f173a74f + blast/ by Mark Adler + Decompressor for output of PKWare Data Compression Library (DCL) + --- /dev/null +++ b/contrib/arm/neon_adler32.c @@ -0,0 +1,137 @@ -- cgit v1.2.3