aboutsummaryrefslogtreecommitdiff
path: root/pkgs/development/libraries/zlib
diff options
context:
space:
mode:
authorVladimír Čunát <vcunat@gmail.com>2017-01-06 21:45:20 +0100
committerVladimír Čunát <vcunat@gmail.com>2017-01-06 21:45:20 +0100
commit948e9edce6902c6b9dfc67b0c53ccc96101ed299 (patch)
tree3555c5dde4449db6d1ff690fdac85ca8765676d1 /pkgs/development/libraries/zlib
parent5ab9e23561265d5262c86833b09ff9b06af36249 (diff)
zlib: maintenance 1.2.8 -> 1.2.10
The removed CVEs should be fixed in the release.
Diffstat (limited to 'pkgs/development/libraries/zlib')
-rw-r--r--pkgs/development/libraries/zlib/CVE-2016-9840.patch71
-rw-r--r--pkgs/development/libraries/zlib/CVE-2016-9841.patch224
-rw-r--r--pkgs/development/libraries/zlib/CVE-2016-9842.patch29
-rw-r--r--pkgs/development/libraries/zlib/CVE-2016-9843.patch49
-rw-r--r--pkgs/development/libraries/zlib/default.nix12
5 files changed, 2 insertions, 383 deletions
diff --git a/pkgs/development/libraries/zlib/CVE-2016-9840.patch b/pkgs/development/libraries/zlib/CVE-2016-9840.patch
deleted file mode 100644
index a8b84ff84132..000000000000
--- a/pkgs/development/libraries/zlib/CVE-2016-9840.patch
+++ /dev/null
@@ -1,71 +0,0 @@
-From 6a043145ca6e9c55184013841a67b2fef87e44c0 Mon Sep 17 00:00:00 2001
-From: Mark Adler <madler@alumni.caltech.edu>
-Date: Wed, 21 Sep 2016 23:35:50 -0700
-Subject: [PATCH] Remove offset pointer optimization in inftrees.c.
-
-inftrees.c was subtracting an offset from a pointer to an array,
-in order to provide a pointer that allowed indexing starting at
-the offset. This is not compliant with the C standard, for which
-the behavior of a pointer decremented before its allocated memory
-is undefined. Per the recommendation of a security audit of the
-zlib code by Trail of Bits and TrustInSoft, in support of the
-Mozilla Foundation, this tiny optimization was removed, in order
-to avoid the possibility of undefined behavior.
----
- inftrees.c | 18 ++++++++----------
- 1 file changed, 8 insertions(+), 10 deletions(-)
-
-diff --git a/inftrees.c b/inftrees.c
-index 22fcd66..0d2670d 100644
---- a/inftrees.c
-+++ b/inftrees.c
-@@ -54,7 +54,7 @@ unsigned short FAR *work;
- code FAR *next; /* next available space in table */
- const unsigned short FAR *base; /* base value table to use */
- const unsigned short FAR *extra; /* extra bits table to use */
-- int end; /* use base and extra for symbol > end */
-+ unsigned match; /* use base and extra for symbol >= match */
- unsigned short count[MAXBITS+1]; /* number of codes of each length */
- unsigned short offs[MAXBITS+1]; /* offsets in table for each length */
- static const unsigned short lbase[31] = { /* Length codes 257..285 base */
-@@ -181,19 +181,17 @@ unsigned short FAR *work;
- switch (type) {
- case CODES:
- base = extra = work; /* dummy value--not used */
-- end = 19;
-+ match = 20;
- break;
- case LENS:
- base = lbase;
-- base -= 257;
- extra = lext;
-- extra -= 257;
-- end = 256;
-+ match = 257;
- break;
- default: /* DISTS */
- base = dbase;
- extra = dext;
-- end = -1;
-+ match = 0;
- }
-
- /* initialize state for loop */
-@@ -216,13 +214,13 @@ unsigned short FAR *work;
- for (;;) {
- /* create table entry */
- here.bits = (unsigned char)(len - drop);
-- if ((int)(work[sym]) < end) {
-+ if (work[sym] + 1 < match) {
- here.op = (unsigned char)0;
- here.val = work[sym];
- }
-- else if ((int)(work[sym]) > end) {
-- here.op = (unsigned char)(extra[work[sym]]);
-- here.val = base[work[sym]];
-+ else if (work[sym] >= match) {
-+ here.op = (unsigned char)(extra[work[sym] - match]);
-+ here.val = base[work[sym] - match];
- }
- else {
- here.op = (unsigned char)(32 + 64); /* end of block */
diff --git a/pkgs/development/libraries/zlib/CVE-2016-9841.patch b/pkgs/development/libraries/zlib/CVE-2016-9841.patch
deleted file mode 100644
index e350b3d96423..000000000000
--- a/pkgs/development/libraries/zlib/CVE-2016-9841.patch
+++ /dev/null
@@ -1,224 +0,0 @@
-From 9aaec95e82117c1cb0f9624264c3618fc380cecb Mon Sep 17 00:00:00 2001
-From: Mark Adler <madler@alumni.caltech.edu>
-Date: Wed, 21 Sep 2016 22:25:21 -0700
-Subject: [PATCH] Use post-increment only in inffast.c.
-
-An old inffast.c optimization turns out to not be optimal anymore
-with modern compilers, and furthermore was not compliant with the
-C standard, for which decrementing a pointer before its allocated
-memory is undefined. Per the recommendation of a security audit of
-the zlib code by Trail of Bits and TrustInSoft, in support of the
-Mozilla Foundation, this "optimization" was removed, in order to
-avoid the possibility of undefined behavior.
----
- inffast.c | 81 ++++++++++++++++++++++++---------------------------------------
- 1 file changed, 31 insertions(+), 50 deletions(-)
-
-diff --git a/inffast.c b/inffast.c
-index bda59ce..f0d163d 100644
---- a/inffast.c
-+++ b/inffast.c
-@@ -10,25 +10,6 @@
-
- #ifndef ASMINF
-
--/* Allow machine dependent optimization for post-increment or pre-increment.
-- Based on testing to date,
-- Pre-increment preferred for:
-- - PowerPC G3 (Adler)
-- - MIPS R5000 (Randers-Pehrson)
-- Post-increment preferred for:
-- - none
-- No measurable difference:
-- - Pentium III (Anderson)
-- - M68060 (Nikl)
-- */
--#ifdef POSTINC
--# define OFF 0
--# define PUP(a) *(a)++
--#else
--# define OFF 1
--# define PUP(a) *++(a)
--#endif
--
- /*
- Decode literal, length, and distance codes and write out the resulting
- literal and match bytes until either not enough input or output is
-@@ -96,9 +77,9 @@ unsigned start; /* inflate()'s starting value for strm->avail_out */
-
- /* copy state to local variables */
- state = (struct inflate_state FAR *)strm->state;
-- in = strm->next_in - OFF;
-+ in = strm->next_in;
- last = in + (strm->avail_in - 5);
-- out = strm->next_out - OFF;
-+ out = strm->next_out;
- beg = out - (start - strm->avail_out);
- end = out + (strm->avail_out - 257);
- #ifdef INFLATE_STRICT
-@@ -119,9 +100,9 @@ unsigned start; /* inflate()'s starting value for strm->avail_out */
- input data or output space */
- do {
- if (bits < 15) {
-- hold += (unsigned long)(PUP(in)) << bits;
-+ hold += (unsigned long)(*in++) << bits;
- bits += 8;
-- hold += (unsigned long)(PUP(in)) << bits;
-+ hold += (unsigned long)(*in++) << bits;
- bits += 8;
- }
- here = lcode[hold & lmask];
-@@ -134,14 +115,14 @@ unsigned start; /* inflate()'s starting value for strm->avail_out */
- Tracevv((stderr, here.val >= 0x20 && here.val < 0x7f ?
- "inflate: literal '%c'\n" :
- "inflate: literal 0x%02x\n", here.val));
-- PUP(out) = (unsigned char)(here.val);
-+ *out++ = (unsigned char)(here.val);
- }
- else if (op & 16) { /* length base */
- len = (unsigned)(here.val);
- op &= 15; /* number of extra bits */
- if (op) {
- if (bits < op) {
-- hold += (unsigned long)(PUP(in)) << bits;
-+ hold += (unsigned long)(*in++) << bits;
- bits += 8;
- }
- len += (unsigned)hold & ((1U << op) - 1);
-@@ -150,9 +131,9 @@ unsigned start; /* inflate()'s starting value for strm->avail_out */
- }
- Tracevv((stderr, "inflate: length %u\n", len));
- if (bits < 15) {
-- hold += (unsigned long)(PUP(in)) << bits;
-+ hold += (unsigned long)(*in++) << bits;
- bits += 8;
-- hold += (unsigned long)(PUP(in)) << bits;
-+ hold += (unsigned long)(*in++) << bits;
- bits += 8;
- }
- here = dcode[hold & dmask];
-@@ -165,10 +146,10 @@ unsigned start; /* inflate()'s starting value for strm->avail_out */
- dist = (unsigned)(here.val);
- op &= 15; /* number of extra bits */
- if (bits < op) {
-- hold += (unsigned long)(PUP(in)) << bits;
-+ hold += (unsigned long)(*in++) << bits;
- bits += 8;
- if (bits < op) {
-- hold += (unsigned long)(PUP(in)) << bits;
-+ hold += (unsigned long)(*in++) << bits;
- bits += 8;
- }
- }
-@@ -196,30 +177,30 @@ unsigned start; /* inflate()'s starting value for strm->avail_out */
- #ifdef INFLATE_ALLOW_INVALID_DISTANCE_TOOFAR_ARRR
- if (len <= op - whave) {
- do {
-- PUP(out) = 0;
-+ *out++ = 0;
- } while (--len);
- continue;
- }
- len -= op - whave;
- do {
-- PUP(out) = 0;
-+ *out++ = 0;
- } while (--op > whave);
- if (op == 0) {
- from = out - dist;
- do {
-- PUP(out) = PUP(from);
-+ *out++ = *from++;
- } while (--len);
- continue;
- }
- #endif
- }
-- from = window - OFF;
-+ from = window;
- if (wnext == 0) { /* very common case */
- from += wsize - op;
- if (op < len) { /* some from window */
- len -= op;
- do {
-- PUP(out) = PUP(from);
-+ *out++ = *from++;
- } while (--op);
- from = out - dist; /* rest from output */
- }
-@@ -230,14 +211,14 @@ unsigned start; /* inflate()'s starting value for strm->avail_out */
- if (op < len) { /* some from end of window */
- len -= op;
- do {
-- PUP(out) = PUP(from);
-+ *out++ = *from++;
- } while (--op);
-- from = window - OFF;
-+ from = window;
- if (wnext < len) { /* some from start of window */
- op = wnext;
- len -= op;
- do {
-- PUP(out) = PUP(from);
-+ *out++ = *from++;
- } while (--op);
- from = out - dist; /* rest from output */
- }
-@@ -248,35 +229,35 @@ unsigned start; /* inflate()'s starting value for strm->avail_out */
- if (op < len) { /* some from window */
- len -= op;
- do {
-- PUP(out) = PUP(from);
-+ *out++ = *from++;
- } while (--op);
- from = out - dist; /* rest from output */
- }
- }
- while (len > 2) {
-- PUP(out) = PUP(from);
-- PUP(out) = PUP(from);
-- PUP(out) = PUP(from);
-+ *out++ = *from++;
-+ *out++ = *from++;
-+ *out++ = *from++;
- len -= 3;
- }
- if (len) {
-- PUP(out) = PUP(from);
-+ *out++ = *from++;
- if (len > 1)
-- PUP(out) = PUP(from);
-+ *out++ = *from++;
- }
- }
- else {
- from = out - dist; /* copy direct from output */
- do { /* minimum length is three */
-- PUP(out) = PUP(from);
-- PUP(out) = PUP(from);
-- PUP(out) = PUP(from);
-+ *out++ = *from++;
-+ *out++ = *from++;
-+ *out++ = *from++;
- len -= 3;
- } while (len > 2);
- if (len) {
-- PUP(out) = PUP(from);
-+ *out++ = *from++;
- if (len > 1)
-- PUP(out) = PUP(from);
-+ *out++ = *from++;
- }
- }
- }
-@@ -313,8 +294,8 @@ unsigned start; /* inflate()'s starting value for strm->avail_out */
- hold &= (1U << bits) - 1;
-
- /* update state and return */
-- strm->next_in = in + OFF;
-- strm->next_out = out + OFF;
-+ strm->next_in = in;
-+ strm->next_out = out;
- strm->avail_in = (unsigned)(in < last ? 5 + (last - in) : 5 - (in - last));
- strm->avail_out = (unsigned)(out < end ?
- 257 + (end - out) : 257 - (out - end));
diff --git a/pkgs/development/libraries/zlib/CVE-2016-9842.patch b/pkgs/development/libraries/zlib/CVE-2016-9842.patch
deleted file mode 100644
index e729f7e162cb..000000000000
--- a/pkgs/development/libraries/zlib/CVE-2016-9842.patch
+++ /dev/null
@@ -1,29 +0,0 @@
-From e54e1299404101a5a9d0cf5e45512b543967f958 Mon Sep 17 00:00:00 2001
-From: Mark Adler <madler@alumni.caltech.edu>
-Date: Sat, 5 Sep 2015 17:45:55 -0700
-Subject: [PATCH] Avoid shifts of negative values inflateMark().
-
-The C standard says that bit shifts of negative integers is
-undefined. This casts to unsigned values to assure a known
-result.
----
- inflate.c | 5 +++--
- 1 file changed, 3 insertions(+), 2 deletions(-)
-
-diff --git a/inflate.c b/inflate.c
-index 2889e3a..a718416 100644
---- a/inflate.c
-+++ b/inflate.c
-@@ -1506,9 +1506,10 @@ z_streamp strm;
- {
- struct inflate_state FAR *state;
-
-- if (strm == Z_NULL || strm->state == Z_NULL) return -1L << 16;
-+ if (strm == Z_NULL || strm->state == Z_NULL)
-+ return (long)(((unsigned long)0 - 1) << 16);
- state = (struct inflate_state FAR *)strm->state;
-- return ((long)(state->back) << 16) +
-+ return (long)(((unsigned long)((long)state->back)) << 16) +
- (state->mode == COPY ? state->length :
- (state->mode == MATCH ? state->was - state->length : 0));
- }
diff --git a/pkgs/development/libraries/zlib/CVE-2016-9843.patch b/pkgs/development/libraries/zlib/CVE-2016-9843.patch
deleted file mode 100644
index 1fe4c4daa03c..000000000000
--- a/pkgs/development/libraries/zlib/CVE-2016-9843.patch
+++ /dev/null
@@ -1,49 +0,0 @@
-From d1d577490c15a0c6862473d7576352a9f18ef811 Mon Sep 17 00:00:00 2001
-From: Mark Adler <madler@alumni.caltech.edu>
-Date: Wed, 28 Sep 2016 20:20:25 -0700
-Subject: [PATCH] Avoid pre-decrement of pointer in big-endian CRC calculation.
-
-There was a small optimization for PowerPCs to pre-increment a
-pointer when accessing a word, instead of post-incrementing. This
-required prefacing the loop with a decrement of the pointer,
-possibly pointing before the object passed. This is not compliant
-with the C standard, for which decrementing a pointer before its
-allocated memory is undefined. When tested on a modern PowerPC
-with a modern compiler, the optimization no longer has any effect.
-Due to all that, and per the recommendation of a security audit of
-the zlib code by Trail of Bits and TrustInSoft, in support of the
-Mozilla Foundation, this "optimization" was removed, in order to
-avoid the possibility of undefined behavior.
----
- crc32.c | 4 +---
- 1 file changed, 1 insertion(+), 3 deletions(-)
-
-diff --git a/crc32.c b/crc32.c
-index 979a719..05733f4 100644
---- a/crc32.c
-+++ b/crc32.c
-@@ -278,7 +278,7 @@ local unsigned long crc32_little(crc, buf, len)
- }
-
- /* ========================================================================= */
--#define DOBIG4 c ^= *++buf4; \
-+#define DOBIG4 c ^= *buf4++; \
- c = crc_table[4][c & 0xff] ^ crc_table[5][(c >> 8) & 0xff] ^ \
- crc_table[6][(c >> 16) & 0xff] ^ crc_table[7][c >> 24]
- #define DOBIG32 DOBIG4; DOBIG4; DOBIG4; DOBIG4; DOBIG4; DOBIG4; DOBIG4; DOBIG4
-@@ -300,7 +300,6 @@ local unsigned long crc32_big(crc, buf, len)
- }
-
- buf4 = (const z_crc_t FAR *)(const void FAR *)buf;
-- buf4--;
- while (len >= 32) {
- DOBIG32;
- len -= 32;
-@@ -309,7 +308,6 @@ local unsigned long crc32_big(crc, buf, len)
- DOBIG4;
- len -= 4;
- }
-- buf4++;
- buf = (const unsigned char FAR *)buf4;
-
- if (len) do {
diff --git a/pkgs/development/libraries/zlib/default.nix b/pkgs/development/libraries/zlib/default.nix
index 21a7e81ce3ed..75f872ef35a7 100644
--- a/pkgs/development/libraries/zlib/default.nix
+++ b/pkgs/development/libraries/zlib/default.nix
@@ -1,6 +1,6 @@
{ stdenv, fetchurl, static ? false }:
-let version = "1.2.8"; in
+let version = "1.2.10"; in
stdenv.mkDerivation rec {
name = "zlib-${version}";
@@ -10,16 +10,9 @@ stdenv.mkDerivation rec {
[ "http://www.zlib.net/${name}.tar.gz" # old versions vanish from here
"mirror://sourceforge/libpng/zlib/${version}/${name}.tar.gz"
];
- sha256 = "039agw5rqvqny92cpkrfn243x2gd4xn13hs3xi6isk55d2vqqr9n";
+ sha256 = "05w0jwsqib44jz5jazh7cqz311z4g7znnzn6w6v8g1z4iilryzld";
};
- patches = [
- ./CVE-2016-9840.patch
- ./CVE-2016-9841.patch
- ./CVE-2016-9842.patch
- ./CVE-2016-9843.patch
- ];
-
postPatch = stdenv.lib.optionalString stdenv.isDarwin ''
substituteInPlace configure \
--replace '/usr/bin/libtool' 'ar' \
@@ -31,7 +24,6 @@ stdenv.mkDerivation rec {
setOutputFlags = false;
outputDoc = "dev"; # single tiny man3 page
-
preConfigure = ''
if test -n "$crossConfig"; then
export CC=$crossConfig-gcc
generated by cgit v1.2.3 (git 2.25.1) at 2024-06-29 23:46:19 +0000