diff options
| author | Petr Štetiar <ynezz@true.cz> | 2022-03-28 08:38:26 +0200 |
|---|---|---|
| committer | Petr Štetiar <ynezz@true.cz> | 2022-03-28 09:27:56 +0200 |
| commit | 8839a939ee7681f8ca42846d05ce19b3df1e55d5 (patch) | |
| tree | 087e686fdc73356ca23f53b68da46904a7058ab1 /package/libs/zlib/Makefile | |
| parent | 09f620019867365ed82a4b3d1d264f7a282f0941 (diff) | |
| download | upstream-8839a939ee7681f8ca42846d05ce19b3df1e55d5.tar.gz upstream-8839a939ee7681f8ca42846d05ce19b3df1e55d5.tar.bz2 upstream-8839a939ee7681f8ca42846d05ce19b3df1e55d5.zip | |
libs/zlib: bump to latest stable release 1.2.12 (CVE-2018-25032)
List of changes since previous release from 2018 is quite long:
* Fix crc32.c to compile local functions only if used.
* Check for cc masquerading as gcc or clang in configure.
* Remove destructive aspects of make distclean.
* Separate out address sanitizing from warnings in configure.
* Eliminate use of ULL constants.
* Add fallthrough comments for gcc.
* Clean up minizip to reduce warnings for testing.
* Fix unztell64() in minizip to work past 4GB. (Daniël Hörchner)
* minizip warning fix if MAXU32 already defined. (gvollant)
* Replace black/white with allow/block. (theresa-m)
* Fix indentation in minizip's zip.c.
* Improve portability of contrib/minizip.
* Correct typo in blast.c.
* Change macro name in inflate.c to avoid collision in VxWorks.
* Clarify gz* function interfaces, referring to parameter names.
* Fix error in comment on the polynomial representation of a byte.
* Fix memory leak on error in gzlog.c.
* Avoid adding empty gzip member after gzflush with Z_FINISH.
* Explicitly note that the 32-bit check values are 32 bits.
* Use ARM crc32 instructions if the ARM architecture has them.
* Add use of the ARMv8 crc32 instructions when requested.
* Correct comment in crc32.c.
* Don't bother computing check value after successful inflateSync().
* Use atomic test and set, if available, for dynamic CRC tables.
* Speed up software CRC-32 computation by a factor of 1.5 to 3.
* Add crc32_combine_gen() and crc32_combine_op() for fast combines.
* Add tables for crc32_combine(), to speed it up by a factor of 200.
* Fix the zran.c example to work on a multiple-member gzip file.
* Add gznorm.c example, which normalizes gzip files.
* Show all the codes for the maximum tables size in enough.c.
* Clarify that prefix codes are counted in enough.c.
* Use inline function instead of macro for index in enough.c.
* Clean up code style in enough.c, update version.
* Use a macro for the printf format of big_t in enough.c.
* Use a structure to make globals in enough.c evident.
* Assure that the number of bits for deflatePrime() is valid.
* Fix a bug that can crash deflate on some input when using Z_FIXED.
* Correct the initialization requirements for deflateInit2().
* Emphasize the need to continue decompressing gzip members.
* Add legal disclaimer to README.
* Fix deflateEnd() to not report an error at start of raw deflate.
* Remove old assembler code in which bugs have manifested.
* Make the names in functions declarations identical to definitions.
* Avoid an undefined behavior of memcpy() in _tr_stored_block().
* Avoid undefined behaviors of memcpy() in gz*printf().
* Avoid an undefined behavior of memcpy() in gzappend().
* Avoid the use of ptrdiff_t.
* Handle case where inflateSync used when header never processed.
* Don't compute check value for raw inflate if asked to validate.
* Add address checking in clang to -w option of configure.
* Return an error if the gzputs string length can't fit in an int.
* Small speedup to inflate [psumbera].
* Update use of errno for newer Windows CE versions.
* Avoid some conversion warnings in gzread.c and gzwrite.c.
* Have Makefile return non-zero error code on test failure.
* Avoid a conversion error in gzseek when off_t type too small.
* Fix CLEAR_HASH macro to be usable as a single statement.
* Fix bug when window full in deflate_stored().
* Limit hash table inserts after switch from stored deflate.
* Permit a deflateParams() parameter change as soon as possible.
* Cygwin does not have _wopen(), so do not create gzopen_w() there.
Removed 006-fix-compressor-crash-on-certain-inputs.patch which was
hotfix for CVE-2018-25032 and is now included in this release.
This release is not available on @SF (yet?) so the sources are now
pulled from GitHub.
Fixes: CVE-2018-25032
Signed-off-by: Petr Štetiar <ynezz@true.cz>
Diffstat (limited to 'package/libs/zlib/Makefile')
| -rw-r--r-- | package/libs/zlib/Makefile | 11 |
1 files changed, 6 insertions, 5 deletions
diff --git a/package/libs/zlib/Makefile b/package/libs/zlib/Makefile index 7321ec51c5..8512394ff4 100644 --- a/package/libs/zlib/Makefile +++ b/package/libs/zlib/Makefile @@ -8,12 +8,13 @@ include $(TOPDIR)/rules.mk PKG_NAME:=zlib -PKG_VERSION:=1.2.11 -PKG_RELEASE:=4 +PKG_VERSION:=1.2.12 +PKG_RELEASE:=$(AUTORELEASE) -PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.xz -PKG_SOURCE_URL:=@SF/libpng http://www.zlib.net -PKG_HASH:=4ff941449631ace0d4d203e3483be9dbc9da454084111f97ea0a2114e19bf066 +PKG_SOURCE_PROTO:=git +PKG_SOURCE_URL:=https://github.com/madler/zlib +PKG_MIRROR_HASH:=a162fc219763635f0c1591ec515d4b08684e4b0bfb4b1c8e65e4eab18d597c27 +PKG_SOURCE_VERSION:=21767c654d31d2dccdde4330529775c6c5fd5389 PKG_LICENSE:=Zlib PKG_LICENSE_FILES:=README |