Projects
Mega:23.09
zlib
Sign Up
Log In
Username
Password
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
Expand all
Collapse all
Changes of Revision 3
View file
_service:tar_scm:zlib.spec
Changed
@@ -1,6 +1,3 @@ -%global ENABLE_RELOC 1 -%define _find_debuginfo_opts -strip_a - Name: zlib Version: 1.2.13 Release: 2 @@ -12,6 +9,7 @@ # Patch0 get from fedora Patch6000: backport-zlib-1.2.5-minizip-fixuncrypt.patch Patch6001: backport-fix-undefined-buffer-detected-by-oss-fuzz.patch +Patch6002: backport-CVE-2023-45853.patch Patch9000: zlib-Optimize-CRC32.patch Patch9001: zlib-1.2.11-SIMD.patch @@ -56,16 +54,6 @@ %description -n minizip-devel This package contains the development-related content related to minizip. -%if %{?ENABLE_RELOC} -%package relocation -Summary: Relocation for %{name} -Requires: %{name} = %{version}-%{release} -BuildRequires: native-turbo-tools - -%description relocation -This package contains relocations for %{name}. -%endif - %prep %setup -n %{name}-%{version} %autosetup -b 0 -n %{name}-%{version} -p1 @@ -76,21 +64,13 @@ CFLAGS+=" -march=armv8-a+crc" %endif -mkdir rloc -(cd rloc && ln -s ../* ./ - ./configure --libdir=%{_libdir} --includedir=%{_includedir} --prefix=%{_prefix} -%make_build LDFLAGS="$LDFLAGS -Wl,-z,relro -Wl,-z,now -Wl,--emit-relocs" - objreloc $(readlink -f libz.so) -) ./configure --libdir=%{_libdir} --includedir=%{_includedir} --prefix=%{_prefix} %make_build LDFLAGS="$LDFLAGS -Wl,-z,relro -Wl,-z,now" -(cd contrib/minizip +cd contrib/minizip autoreconf --install %configure --enable-static=no %make_build -) - %install %make_install @@ -100,11 +80,6 @@ find $RPM_BUILD_ROOT -name '*.la' | xargs rm -f -%if %{?ENABLE_RELOC} -mkdir -p ${RPM_BUILD_ROOT}/usr/lib/relocation/%{_libdir} -install -pD $RPM_BUILD_DIR/%{name}-%{version}/rloc/*.relocation ${RPM_BUILD_ROOT}/usr/lib/relocation/%{_libdir} -%endif - %check make test @@ -137,15 +112,9 @@ %{_libdir}/libminizip.so %{_libdir}/pkgconfig/minizip.pc -%if %{?ENABLE_RELOC} -%files relocation -%defattr(400,root,root,-) -%attr(400, root, root) /usr/lib/relocation%{_libdir}/*.relocation -%endif - %changelog -* Thu Sep 14 2023 taoyuxiang<taoyuxiang2@huawei.com> - 1.2.13-2 -- add sub rpm zlib-relocation +* Tue Oct 17 2023 liningjie <liningjie@xfusion.com> - 1.2.13-2 +- DESC:Fix CVE-2023-45853 * Thu Dec 29 2022 zhoupengcheng <zhoupengcheng11@huawei.com> - 1.2.13-1 - update to zlib-1.2.13
View file
_service:tar_scm:backport-CVE-2023-45853.patch
Added
@@ -0,0 +1,39 @@ +From 73331a6a0481067628f065ffe87bb1d8f787d10c Mon Sep 17 00:00:00 2001 +From: Hans Wennborg <hans@chromium.org> +Date: Fri, 18 Aug 2023 11:05:33 +0200 +Subject: PATCH Reject overflows of zip header fields in minizip. + +This checks the lengths of the file name, extra field, and comment +that would be put in the zip headers, and rejects them if they are +too long. They are each limited to 65535 bytes in length by the zip +format. This also avoids possible buffer overflows if the provided +fields are too long. +--- + contrib/minizip/zip.c | 11 +++++++++++ + 1 file changed, 11 insertions(+) + +diff --git a/contrib/minizip/zip.c b/contrib/minizip/zip.c +index 3d3d4ca..0446109 100644 +--- a/contrib/minizip/zip.c ++++ b/contrib/minizip/zip.c +@@ -1043,6 +1043,17 @@ extern int ZEXPORT zipOpenNewFileInZip4_64(zipFile file, const char* filename, c + return ZIP_PARAMERROR; + #endif + ++ // The filename and comment length must fit in 16 bits. ++ if ((filename!=NULL) && (strlen(filename)>0xffff)) ++ return ZIP_PARAMERROR; ++ if ((comment!=NULL) && (strlen(comment)>0xffff)) ++ return ZIP_PARAMERROR; ++ // The extra field length must fit in 16 bits. If the member also requires ++ // a Zip64 extra block, that will also need to fit within that 16-bit ++ // length, but that will be checked for later. ++ if ((size_extrafield_local>0xffff) || (size_extrafield_global>0xffff)) ++ return ZIP_PARAMERROR; ++ + zi = (zip64_internal*)file; + + if (zi->in_opened_file_inzip == 1) +-- +2.41.0.windows.3 +
View file
_service
Changed
@@ -2,7 +2,7 @@ <service name="tar_scm"> <param name="url">git@gitee.com:src-openeuler/zlib.git</param> <param name="scm">git</param> - <param name="revision">openEuler-23.09</param> + <param name="revision">master</param> <param name="exclude">*</param> <param name="extract">*</param> </service>
Locations
Projects
Search
Status Monitor
Help
Open Build Service
OBS Manuals
API Documentation
OBS Portal
Reporting a Bug
Contact
Mailing List
Forums
Chat (IRC)
Twitter
Open Build Service (OBS)
is an
openSUSE project
.
浙ICP备2022010568号-2