#5040 closed enhancement (fixed)


Reported by: Bruce Dubbs Owned by: lfs-book
Priority: high Milestone: 11.2
Component: Book Version: git
Severity: normal Keywords:


New point version.

Change History (3)

comment:1 by Bruce Dubbs, 18 months ago

Changes in 1.2.12 (27 Mar 2022)

  • Cygwin does not have _wopen(), so do not create gzopen_w() there
  • Permit a deflateParams() parameter change as soon as possible
  • Limit hash table inserts after switch from stored deflate
  • Fix bug when window full in deflate_stored()
  • Fix CLEAR_HASH macro to be usable as a single statement
  • Avoid a conversion error in gzseek when off_t type too small
  • Have Makefile return non-zero error code on test failure
  • Avoid some conversion warnings in gzread.c and gzwrite.c
  • Update use of errno for newer Windows CE versions
  • Small speedup to inflate [psumbera]
  • Return an error if the gzputs string length can't fit in an int
  • Add address checking in clang to -w option of configure
  • Don't compute check value for raw inflate if asked to validate
  • Handle case where inflateSync used when header never processed
  • Avoid the use of ptrdiff_t
  • Avoid an undefined behavior of memcpy() in gzappend()
  • Avoid undefined behaviors of memcpy() in gz*printf()
  • Avoid an undefined behavior of memcpy() in _tr_stored_block()
  • Make the names in functions declarations identical to definitions
  • Remove old assembler code in which bugs have manifested
  • Fix deflateEnd() to not report an error at start of raw deflate
  • Add legal disclaimer to README
  • Emphasize the need to continue decompressing gzip members
  • Correct the initialization requirements for deflateInit2()
  • Fix a bug that can crash deflate on some input when using Z_FIXED
  • Assure that the number of bits for deflatePrime() is valid
  • Use a structure to make globals in enough.c evident
  • Use a macro for the printf format of big_t in enough.c
  • Clean up code style in enough.c, update version
  • Use inline function instead of macro for index in enough.c
  • Clarify that prefix codes are counted in enough.c
  • Show all the codes for the maximum tables size in enough.c
  • Add gznorm.c example, which normalizes gzip files
  • Fix the zran.c example to work on a multiple-member gzip file
  • Add tables for crc32_combine(), to speed it up by a factor of 200
  • Add crc32_combine_gen() and crc32_combine_op() for fast combines
  • Speed up software CRC-32 computation by a factor of 1.5 to 3
  • Use atomic test and set, if available, for dynamic CRC tables
  • Don't bother computing check value after successful inflateSync()
  • Correct comment in crc32.c
  • Add use of the ARMv8 crc32 instructions when requested
  • Use ARM crc32 instructions if the ARM architecture has them
  • Explicitly note that the 32-bit check values are 32 bits
  • Avoid adding empty gzip member after gzflush with Z_FINISH
  • Fix memory leak on error in gzlog.c
  • Fix error in comment on the polynomial representation of a byte
  • Clarify gz* function interfaces, referring to parameter names
  • Change macro name in inflate.c to avoid collision in VxWorks
  • Correct typo in blast.c
  • Improve portability of contrib/minizip
  • Fix indentation in minizip's zip.c
  • Replace black/white with allow/block. (theresa-m)
  • minizip warning fix if MAXU32 already defined. (gvollant)
  • Fix unztell64() in minizip to work past 4GB. (Daniël Hörchner)
  • Clean up minizip to reduce warnings for testing
  • Add fallthrough comments for gcc
  • Eliminate use of ULL constants
  • Separate out address sanitizing from warnings in configure
  • Remove destructive aspects of make distclean
  • Check for cc masquerading as gcc or clang in configure
  • Fix crc32.c to compile local functions only if used

comment:2 by ken@…, 18 months ago

Priority: normalhigh

CVE-2018-25032 (memory corruption on deflate, i.e. compressing, if the input has many distant matches). Current status at NVD is 'undergoing analysis'.

comment:3 by Bruce Dubbs, 18 months ago

Resolution: fixed
Status: newclosed

Fixed at commit 676f0fdcecb3d53217a274db1138ff22005bea9a

Package updates.
    Update to sysvinit-3.02.
    Update to zlib-1.2.12.
    Update to expat-2.4.8.
    Update to Jinja2-3.1.1.
    Update to Python-3.10.4.
    Update to procps-ng-4.0.0.
    Update to iproute2-5.17.0.
    Update to meson-0.62.0.
    Update to linux-5.17.1.
    Update to util-linux-2.38.
Note: See TracTickets for help on using tickets.