zlib-1.2.12

[Bruce Dubbs]

New point version.

[Bruce Dubbs]

Changes in 1.2.12 (27 Mar 2022)

• Cygwin does not have _wopen(), so do not create gzopen_w() there
• Permit a deflateParams() parameter change as soon as possible
• Limit hash table inserts after switch from stored deflate
• Fix bug when window full in deflate_stored()
• Fix CLEAR_HASH macro to be usable as a single statement
• Avoid a conversion error in gzseek when off_t type too small
• Have Makefile return non-zero error code on test failure
• Avoid some conversion warnings in gzread.c and gzwrite.c
• Update use of errno for newer Windows CE versions
• Small speedup to inflate [psumbera]
• Return an error if the gzputs string length can't fit in an int
• Add address checking in clang to -w option of configure
• Don't compute check value for raw inflate if asked to validate
• Handle case where inflateSync used when header never processed
• Avoid the use of ptrdiff_t
• Avoid an undefined behavior of memcpy() in gzappend()
• Avoid undefined behaviors of memcpy() in gz*printf()
• Avoid an undefined behavior of memcpy() in _tr_stored_block()
• Make the names in functions declarations identical to definitions
• Remove old assembler code in which bugs have manifested
• Fix deflateEnd() to not report an error at start of raw deflate
• Add legal disclaimer to README
• Emphasize the need to continue decompressing gzip members
• Correct the initialization requirements for deflateInit2()
• Fix a bug that can crash deflate on some input when using Z_FIXED
• Assure that the number of bits for deflatePrime() is valid
• Use a structure to make globals in enough.c evident
• Use a macro for the printf format of big_t in enough.c
• Clean up code style in enough.c, update version
• Use inline function instead of macro for index in enough.c
• Clarify that prefix codes are counted in enough.c
• Show all the codes for the maximum tables size in enough.c
• Add gznorm.c example, which normalizes gzip files
• Fix the zran.c example to work on a multiple-member gzip file
• Add tables for crc32_combine(), to speed it up by a factor of 200
• Add crc32_combine_gen() and crc32_combine_op() for fast combines
• Speed up software CRC-32 computation by a factor of 1.5 to 3
• Use atomic test and set, if available, for dynamic CRC tables
• Don't bother computing check value after successful inflateSync()
• Correct comment in crc32.c
• Add use of the ARMv8 crc32 instructions when requested
• Use ARM crc32 instructions if the ARM architecture has them
• Explicitly note that the 32-bit check values are 32 bits
• Avoid adding empty gzip member after gzflush with Z_FINISH
• Fix memory leak on error in gzlog.c
• Fix error in comment on the polynomial representation of a byte
• Clarify gz* function interfaces, referring to parameter names
• Change macro name in inflate.c to avoid collision in VxWorks
• Correct typo in blast.c
• Improve portability of contrib/minizip
• Fix indentation in minizip's zip.c
• Replace black/white with allow/block. (theresa-m)
• minizip warning fix if MAXU32 already defined. (gvollant)
• Fix unztell64() in minizip to work past 4GB. (Daniël Hörchner)
• Clean up minizip to reduce warnings for testing
• Add fallthrough comments for gcc
• Eliminate use of ULL constants
• Separate out address sanitizing from warnings in configure
• Remove destructive aspects of make distclean
• Check for cc masquerading as gcc or clang in configure
• Fix crc32.c to compile local functions only if used

[ken@…]

CVE-2018-25032 (memory corruption on deflate, i.e. compressing, if the input has many distant matches). Current status at NVD is 'undergoing analysis'.

[Bruce Dubbs]

Fixed at commit 676f0fdcecb3d53217a274db1138ff22005bea9a

Package updates.
    Update to sysvinit-3.02.
    Update to zlib-1.2.12.
    Update to expat-2.4.8.
    Update to Jinja2-3.1.1.
    Update to Python-3.10.4.
    Update to procps-ng-4.0.0.
    Update to iproute2-5.17.0.
    Update to meson-0.62.0.
    Update to linux-5.17.1.
    Update to util-linux-2.38.