git: vendor/ZLIB vendor/ZLIB: Upgrade from 1.2.11 to 1.2.13
Aaron LI
aly at crater.dragonflybsd.org
Wed Mar 19 17:36:47 PDT 2025
commit f4d4bc82ad279b10124935460f1478e541a32da0
Author: Aaron LI <aly at aaronly.me>
Date: Thu Mar 16 09:33:31 2023 +0800
vendor/ZLIB: Upgrade from 1.2.11 to 1.2.13
* Version 1.2.12 fixed CVE-2018-25032: zlib before 1.2.12 allows memory
corruption when deflating (i.e., when compressing) if the input has
many distant matches.
- Fix commit:
https://github.com/madler/zlib/commit/5c44459c3b28a9bd3283aaceab7c615f8020c531
(Fix a bug that can crash deflate on some input when using Z_FIXED)
- FreeBSD Security Advisory:
https://www.freebsd.org/security/advisories/FreeBSD-SA-22:08.zlib.asc
- NIST NVD: https://nvd.nist.gov/vuln/detail/CVE-2018-25032
- Openwall oss-security: https://www.openwall.com/lists/oss-security/2022/03/24/1
* Version 1.2.13 fixed CVE-2022-37434: zlib through 1.2.12 has a
heap-based buffer over-read or buffer overflow in inflate in inflate.c
via a large gzip header extra field. NOTE: only applications that call
inflateGetHeader are affected.
- Fix commits:
https://github.com/madler/zlib/commit/eff308af425b67093bab25f80f1ae950166bece1
(Fix a bug when getting a gzip header extra field with inflate())
https://github.com/madler/zlib/commit/1eb7682f845ac9e9bf9ae35bbfb3bad5dacbd91d
(Fix extra field processing bug that dereferences NULL state->head)
- FreeBSD Security Advisory:
https://www.freebsd.org/security/advisories/FreeBSD-SA-22:13.zlib.asc
- NIST NVD: https://nvd.nist.gov/vuln/detail/CVE-2022-37434
- Openwall oss-security: https://www.openwall.com/lists/oss-security/2022/08/09/1
See the ChangeLog file for a detailed list of changes.
Summary of changes:
contrib/zlib-1.2/ChangeLog | 185 +-
contrib/zlib-1.2/README | 11 +-
contrib/zlib-1.2/compress.c | 6 +-
contrib/zlib-1.2/crc32.c | 1267 ++++--
contrib/zlib-1.2/crc32.h | 9877 +++++++++++++++++++++++++++++++++++++++++--
contrib/zlib-1.2/deflate.c | 312 +-
contrib/zlib-1.2/deflate.h | 27 +-
contrib/zlib-1.2/gzguts.h | 5 +-
contrib/zlib-1.2/gzlib.c | 10 +-
contrib/zlib-1.2/gzread.c | 20 +-
contrib/zlib-1.2/gzwrite.c | 40 +-
contrib/zlib-1.2/infback.c | 20 +-
contrib/zlib-1.2/inffast.c | 28 +-
contrib/zlib-1.2/inflate.c | 54 +-
contrib/zlib-1.2/inflate.h | 5 +-
contrib/zlib-1.2/inftrees.c | 6 +-
contrib/zlib-1.2/inftrees.h | 2 +-
contrib/zlib-1.2/trees.c | 192 +-
contrib/zlib-1.2/uncompr.c | 4 +-
contrib/zlib-1.2/zlib.3 | 6 +-
contrib/zlib-1.2/zlib.h | 235 +-
contrib/zlib-1.2/zutil.c | 20 +-
contrib/zlib-1.2/zutil.h | 22 +-
23 files changed, 11114 insertions(+), 1240 deletions(-)
http://gitweb.dragonflybsd.org/dragonfly.git/commitdiff/f4d4bc82ad279b10124935460f1478e541a32da0
--
DragonFly BSD source repository
More information about the Commits
mailing list