From d5e7bdb5d2199eaba29067b75c68142b04886c7d Mon Sep 17 00:00:00 2001 From: tb Date: Tue, 23 Jan 2024 14:46:27 +0000 Subject: [PATCH] Update to zlib 1.3.1 Since we already pulled in all fixes, this only bumps version/magic numbers and copyright years. The fixes relevant to OpenBSD are: - Fix bug in inflateSync() for data held in bit buffer - Add LIT_MEM define to use more memory for a small deflate speedup - Add bounds checking to ERR_MSG() macro, used by zError() - Various portability and appearance improvements --- lib/libz/ChangeLog | 12 +++++++++++- lib/libz/README | 6 +++--- lib/libz/deflate.c | 2 +- lib/libz/deflate.h | 2 +- lib/libz/gzguts.h | 2 +- lib/libz/gzlib.c | 2 +- lib/libz/inftrees.c | 4 ++-- lib/libz/trees.c | 2 +- lib/libz/zconf.h | 2 +- lib/libz/zlib.h | 10 +++++----- lib/libz/zutil.h | 2 +- 11 files changed, 28 insertions(+), 18 deletions(-) diff --git a/lib/libz/ChangeLog b/lib/libz/ChangeLog index 49de6135d10..e41043e72e6 100644 --- a/lib/libz/ChangeLog +++ b/lib/libz/ChangeLog @@ -1,9 +1,19 @@ ChangeLog file for zlib -Changes in 1.3.0.1 (xx Aug 2023) +Changes in 1.3.1.1 (xx Jan 2024) - +Changes in 1.3.1 (22 Jan 2024) +- Reject overflows of zip header fields in minizip +- Fix bug in inflateSync() for data held in bit buffer +- Add LIT_MEM define to use more memory for a small deflate speedup +- Fix decision on the emission of Zip64 end records in minizip +- Add bounds checking to ERR_MSG() macro, used by zError() +- Neutralize zip file traversal attacks in miniunz +- Fix a bug in ZLIB_DEBUG compiles in check_match() +- Various portability and appearance improvements + Changes in 1.3 (18 Aug 2023) - Remove K&R function definitions and zlib2ansi - Fix bug in deflateBound() for level 0 and memLevel 9 diff --git a/lib/libz/README b/lib/libz/README index 20f7064a5fd..43913686d6f 100644 --- a/lib/libz/README +++ b/lib/libz/README @@ -1,6 +1,6 @@ ZLIB DATA COMPRESSION LIBRARY -zlib 1.3.0.1 is a general purpose data compression library. All the code is +zlib 1.3.1.1 is a general purpose data compression library. All the code is thread safe. The data format used by the zlib library is described by RFCs (Request for Comments) 1950 to 1952 in the files http://tools.ietf.org/html/rfc1950 (zlib format), rfc1951 (deflate format) and @@ -31,7 +31,7 @@ Mark Nelson wrote an article about zlib for the Jan. 1997 issue of Dr. Dobb's Journal; a copy of the article is available at https://marknelson.us/posts/1997/01/01/zlib-engine.html . -The changes made in version 1.3.0.1 are documented in the file ChangeLog. +The changes made in version 1.3.1.1 are documented in the file ChangeLog. Unsupported third party contributions are provided in directory contrib/ . @@ -83,7 +83,7 @@ Acknowledgments: Copyright notice: - (C) 1995-2023 Jean-loup Gailly and Mark Adler + (C) 1995-2024 Jean-loup Gailly and Mark Adler This software is provided 'as-is', without any express or implied warranty. In no event will the authors be held liable for any damages diff --git a/lib/libz/deflate.c b/lib/libz/deflate.c index a29653e6b67..00e24eebf57 100644 --- a/lib/libz/deflate.c +++ b/lib/libz/deflate.c @@ -1,5 +1,5 @@ /* deflate.c -- compress data using the deflation algorithm - * Copyright (C) 1995-2023 Jean-loup Gailly and Mark Adler + * Copyright (C) 1995-2024 Jean-loup Gailly and Mark Adler * For conditions of distribution and use, see copyright notice in zlib.h */ diff --git a/lib/libz/deflate.h b/lib/libz/deflate.h index 0c95a0a3386..8182a260418 100644 --- a/lib/libz/deflate.h +++ b/lib/libz/deflate.h @@ -1,5 +1,5 @@ /* deflate.h -- internal compression state - * Copyright (C) 1995-2018 Jean-loup Gailly + * Copyright (C) 1995-2024 Jean-loup Gailly * For conditions of distribution and use, see copyright notice in zlib.h */ diff --git a/lib/libz/gzguts.h b/lib/libz/gzguts.h index adc2b34fe5b..eba72085bb7 100644 --- a/lib/libz/gzguts.h +++ b/lib/libz/gzguts.h @@ -1,5 +1,5 @@ /* gzguts.h -- zlib internal header definitions for gz* operations - * Copyright (C) 2004-2019 Mark Adler + * Copyright (C) 2004-2024 Mark Adler * For conditions of distribution and use, see copyright notice in zlib.h */ diff --git a/lib/libz/gzlib.c b/lib/libz/gzlib.c index 9c103dbd1c7..983153cc8e4 100644 --- a/lib/libz/gzlib.c +++ b/lib/libz/gzlib.c @@ -1,5 +1,5 @@ /* gzlib.c -- zlib functions common to reading and writing gzip files - * Copyright (C) 2004-2019 Mark Adler + * Copyright (C) 2004-2024 Mark Adler * For conditions of distribution and use, see copyright notice in zlib.h */ diff --git a/lib/libz/inftrees.c b/lib/libz/inftrees.c index 719e20d527f..9ce427ffc31 100644 --- a/lib/libz/inftrees.c +++ b/lib/libz/inftrees.c @@ -1,5 +1,5 @@ /* inftrees.c -- generate Huffman trees for efficient decoding - * Copyright (C) 1995-2023 Mark Adler + * Copyright (C) 1995-2024 Mark Adler * For conditions of distribution and use, see copyright notice in zlib.h */ @@ -55,7 +55,7 @@ int ZLIB_INTERNAL inflate_table(codetype type, unsigned short FAR *lens, 35, 43, 51, 59, 67, 83, 99, 115, 131, 163, 195, 227, 258, 0, 0}; static const unsigned short lext[31] = { /* Length codes 257..285 extra */ 16, 16, 16, 16, 16, 16, 16, 16, 17, 17, 17, 17, 18, 18, 18, 18, - 19, 19, 19, 19, 20, 20, 20, 20, 21, 21, 21, 21, 16, 70, 200}; + 19, 19, 19, 19, 20, 20, 20, 20, 21, 21, 21, 21, 16, 73, 200}; static const unsigned short dbase[32] = { /* Distance codes 0..29 base */ 1, 2, 3, 4, 5, 7, 9, 13, 17, 25, 33, 49, 65, 97, 129, 193, 257, 385, 513, 769, 1025, 1537, 2049, 3073, 4097, 6145, diff --git a/lib/libz/trees.c b/lib/libz/trees.c index 670316689a1..b486030ccf9 100644 --- a/lib/libz/trees.c +++ b/lib/libz/trees.c @@ -1,5 +1,5 @@ /* trees.c -- output deflated data using Huffman coding - * Copyright (C) 1995-2021 Jean-loup Gailly + * Copyright (C) 1995-2024 Jean-loup Gailly * detect_data_type() function provided freely by Cosmin Truta, 2006 * For conditions of distribution and use, see copyright notice in zlib.h */ diff --git a/lib/libz/zconf.h b/lib/libz/zconf.h index 5b8331ab89b..41bb55f30dd 100644 --- a/lib/libz/zconf.h +++ b/lib/libz/zconf.h @@ -1,5 +1,5 @@ /* zconf.h -- configuration of the zlib compression library - * Copyright (C) 1995-2016 Jean-loup Gailly, Mark Adler + * Copyright (C) 1995-2024 Jean-loup Gailly, Mark Adler * For conditions of distribution and use, see copyright notice in zlib.h */ diff --git a/lib/libz/zlib.h b/lib/libz/zlib.h index 39991a41817..a4e83a59d53 100644 --- a/lib/libz/zlib.h +++ b/lib/libz/zlib.h @@ -1,7 +1,7 @@ /* zlib.h -- interface of the 'zlib' general purpose compression library - version 1.3.0.1, August xxth, 2023 + version 1.3.1.1, January xxth, 2024 - Copyright (C) 1995-2023 Jean-loup Gailly and Mark Adler + Copyright (C) 1995-2024 Jean-loup Gailly and Mark Adler This software is provided 'as-is', without any express or implied warranty. In no event will the authors be held liable for any damages @@ -37,11 +37,11 @@ extern "C" { #endif -#define ZLIB_VERSION "1.3.0.1-motley" -#define ZLIB_VERNUM 0x1301 +#define ZLIB_VERSION "1.3.1.1-motley" +#define ZLIB_VERNUM 0x1311 #define ZLIB_VER_MAJOR 1 #define ZLIB_VER_MINOR 3 -#define ZLIB_VER_REVISION 0 +#define ZLIB_VER_REVISION 1 #define ZLIB_VER_SUBREVISION 1 /* diff --git a/lib/libz/zutil.h b/lib/libz/zutil.h index 9b288c653bb..37351c67415 100644 --- a/lib/libz/zutil.h +++ b/lib/libz/zutil.h @@ -1,5 +1,5 @@ /* zutil.h -- internal interface and configuration of the compression library - * Copyright (C) 1995-2022 Jean-loup Gailly, Mark Adler + * Copyright (C) 1995-2024 Jean-loup Gailly, Mark Adler * For conditions of distribution and use, see copyright notice in zlib.h */ -- 2.20.1