From 97092234e7799ad847b3770405e51d775fac8f33 Mon Sep 17 00:00:00 2001 From: CentOS Sources Date: Nov 11 2022 04:16:26 +0000 Subject: import zlib-1.2.11-21.el8_7 --- diff --git a/SOURCES/zlib-1.2.11-IBM-Z-hw-accelrated-deflate-strm-adler-fix.patch b/SOURCES/zlib-1.2.11-IBM-Z-hw-accelrated-deflate-strm-adler-fix.patch new file mode 100644 index 0000000..8f70f9b --- /dev/null +++ b/SOURCES/zlib-1.2.11-IBM-Z-hw-accelrated-deflate-strm-adler-fix.patch @@ -0,0 +1,11 @@ +--- a/contrib/s390/dfltcc.c ++++ b/contrib/s390/dfltcc.c +@@ -623,7 +623,7 @@ + state->bits = param->sbb; + state->whave = param->hl; + state->wnext = (param->ho + param->hl) & ((1 << HB_BITS) - 1); +- state->check = state->flags ? ZSWAP32(param->cv) : param->cv; ++ strm->adler = state->check = state->flags ? ZSWAP32(param->cv) : param->cv; + if (cc == DFLTCC_CC_OP2_CORRUPT && param->oesc != 0) { + /* Report an error if stream is corrupted */ + state->mode = BAD; diff --git a/SPECS/zlib.spec b/SPECS/zlib.spec index 07877f7..acf66c0 100644 --- a/SPECS/zlib.spec +++ b/SPECS/zlib.spec @@ -3,7 +3,7 @@ Name: zlib Version: 1.2.11 -Release: 20%{?dist} +Release: 21%{?dist} Summary: The compression and decompression library # /contrib/dotzlib/ have Boost license License: zlib and Boost @@ -39,6 +39,9 @@ Patch11: zlib-1.2.11-IBM-Z-hw-accelrated-deflate-compressBound-fix.patch Patch12: zlib-1.2.11-cve-2022-37434.patch Patch13: zlib-1.2.11-cve-2022-37434_2.patch +# Fix setting strm.adler on z15 +Patch14: zlib-1.2.11-IBM-Z-hw-accelrated-deflate-strm-adler-fix.patch + BuildRequires: automake, autoconf, libtool %description @@ -104,6 +107,7 @@ developing applications which use minizip. %patch11 -p1 %patch12 -p1 %patch13 -p1 +%patch14 -p1 iconv -f iso-8859-2 -t utf-8 < ChangeLog > ChangeLog.tmp @@ -184,6 +188,9 @@ find $RPM_BUILD_ROOT -name '*.la' -delete %changelog +* Wed Oct 12 2022 Ilya Leoshkevich - 1.2.11-21 +- Fix for IBM strm.adler rhbz#2134074 + * Tue Aug 09 2022 Matej Mužila - 1.2.11-20 - Fix heap-based buffer over-read or buffer overflow in inflate in inflate.c - Resolves: CVE-2022-37434