Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Catch up master to base zlib repo master #1

Open
wants to merge 323 commits into
base: master
Choose a base branch
from
Open

Catch up master to base zlib repo master #1

wants to merge 323 commits into from

Conversation

Yurmusp
Copy link

@Yurmusp Yurmusp commented Oct 1, 2020

No description provided.

madler added 30 commits December 30, 2016 14:30
@madler
No need to check for NULL argument to free().
feafcfa
@madler
Add deflateGetDictionary() function.
ee7d7b5 
Per request, but its utility is likely to be very limited. See the
comments in zlib.h.
@madler
Use snprintf() for later versions of Microsoft C.
79b5c5a
@madler
Fix character encoding and link in contrib README.
d6f0da2
@madler
Fix init macros to use z_ prefix when requested.
50dca6d
@madler
Detect clang in cc version.
f12d3dc
@madler
Replace as400 with os400 for OS/400 support (Monnerat).
d465465
@madler
Allow minigzip to compile when testing with ./configure --solo.
fb26fc4
@madler
Avoid some random compiler warnings on various platforms.
8f147c3
@madler
Use intptr_t for z_ssize_t on MSVC.
f3fcb92
@madler
Use a uniform approach for the largest value of an unsigned type.
b7fbee2
@madler
Avoid the need for ssize_t.
cca27e9 
Limit read() and write() requests to sizes that fit in an int.
This allows storing the return value in an int, and avoiding the
need to use or construct an ssize_t type. This is required for
Microsoft C, whose _read and _write functions take an unsigned
request and return an int.
@madler
Make z_size_t unsigned long for non-standard C.
61b91f2 
Also declare z_size_t when compiling solo.
@madler
Add crc32_z() and adler32_z() functions with size_t lengths.
b9ae6f0
@madler
Update Visual Studio project files (AraHaan).
14e3194
@madler
zlib 1.2.9
2fa463b
@madler
Fix some stray 1.2.8.1 version numbers.
6bdca50
@madler
Change version number to zlib 1.2.9.1.
20e4725
@madler
Avoid warnings on snprintf() return value.
7358ef2
@madler
Minor edits and clarifications of comments.
52aa550
@madler
Fix bug in deflate_stored() for zero-length input.
bc5503b
@madler
Fix bug in gzwrite.c that produced corrupt gzip files.
0b5c158
@madler
Remove files to be installed before copying them in Makefile.in.
c7d7775
@madler
Add warnings when compiling with assembler code.
1e3bccd 
There have been many reports of bugs in the assembler codes
intended to speed up deflate and inflate. They are third-party
contributions in contrib, and so are not supported by the zlib
maintainers.
@madler
Fix compilation with --solo and --debug combined.
e13def0 
However this ends up not really being solo, since it has to
include external libraries.
@madler
zlib 1.2.10
4a090ad
@madler
Change version number to 1.2.10.1.
11ceaed
@madler
Delete user-specific Visual Studio project files.
c38a260
@madler
Update location of Visual Studio project files.
74d2696
@madler
Fix deflate stored bug when pulling last block from window.
4c7c907 
And some cosmetic cleanups.
delphij and others added 30 commits September 3, 2023 21:50
@delphij @madler
Make internal functions static in the test code.
bd9c329 
To avoid warnings when building with -Wmissing-prototypes.
@madler
Add LIT_MEM define to use more memory for a small deflate speedup.
ac8f12c 
A bug fix in zlib 1.2.12 resulted in a slight slowdown (1-2%) of
deflate. This commit provides the option to #define LIT_MEM, which
uses more memory to reverse most of that slowdown. The memory for
the pending buffer and symbol buffers is increased by 25%, which
increases the total memory usage with the default parameters by
about 6%.
@madler
Fix decision on the emission of Zip64 end records in minizip.
15c45ad 
The appnote says that if the number of entries in the end record
is 0xffff, then the actual number of entries will be found in the
Zip64 end record. Therefore if the number of entries is equal to
0xffff, it can't be in the end record by itself, since that is an
instruction to get the number from the Zip64 end record. This code
would just store 0xffff in the end record in that case, not making
a Zip64 end record. This commit fixes that.
@ivanov @madler
Correct repeated words in source file comments and a readme.
643e17b
@madler
Add bounds checking to ERR_MSG() macro, used by zError().
431a9b6
@madler
Remove fdopen #defines in zutil.h.
4bd9a71 
fdopen() is not used by zlib anymore. The #defines are vestigial.
@zmodem @madler
Fix pending buffer overflow assert with LIT_MEM allocation.
ee474ff 
Since each element in s->d_buf is 2 bytes, the sx index should be
multiplied by 2 in the assert.

Fixes #897
@zmodem @madler
Fix the copy of pending_buf in deflateCopy() for the LIT_MEM case.
60c3198
@madler
Note that the len2 argument of crc_combine*() must be non-negative.
36e369e 
If it is negative, then the code will enter an infinite loop.
@WilliamLeara @madler
Refer to correct function in contrib/minizip/unzip.c comment.
762cf49
@WilliamLeara @madler
Correct case of MSDOS in contrib/minizip/miniunz.c.
190168c
@WilliamLeara @madler
Fix "the the" in examples/gzlog.c.
16799d0
@THE-Spellchecker @madler
Fix random typos over several source and text files.
01155cc
@tbeu @madler
Add a CMake option to link the C runtime statically.
44dc43a
@mswilson @madler
Neutralize zip file traversal attacks in miniunz.
14a5f8f 
Archive formats such as .zip files are generally susceptible to
so-called "traversal attacks". This allows an attacker to craft
an archive that writes to unexpected locations of the file system
(e.g., /etc/shadow) if an unspecting root user were to unpack a
malicious archive.

This patch neutralizes absolute paths such as /tmp/moo and deeply
relative paths such as dummy/../../../../../../../../../../tmp/moo

The Debian project requested CVE-2014-9485 be allocated for the
first identified weakness. The fix was incomplete, resulting in a
revised patch applied here. Since there wasn't an updated version
released by Debian with the incomplete fix, I suggest we use this
CVE to identify both issues.

Link: https://security.snyk.io/research/zip-slip-vulnerability
Link: https://bugs.debian.org/774321
Link: https://bugs.debian.org/776831
Link: https://nvd.nist.gov/vuln/detail/CVE-2014-9485
Reported-by: Jakub Wilk <[email protected]>
Fixed-by: Michael Gilbert <[email protected]>
@madler
Add cmake option to control the build of the example executables.
6201f89
@speedym @madler
Make the existence of gz_intmax() unconditional.
01253ec 
gz_intmax() is noted in zlib.map. This assures it's always there.
@DimitriPapadopoulos @madler
Correct typos in source code.
fe41d18
@madler
Remove mentions of an official zlib DLL distribution.
2526346 
There used to be one, but no more. It is up to the user or vendor
to compile zlib.
@gastush @madler
Fix cmake build on AIX.
ade6825 
The --version-script linker option is not supported by the linker on AIX systems
@madler
Remove unused Z_ARG macro.
3f635df
@madler
Revert "Add a CMake option to link the C runtime statically."
7b632b4 
This reverts commit 44dc43a.
@madler
Fix a bug in ZLIB_DEBUG compiles in check_match().
7af6320 
This avoids trying to compare a match starting one byte before the
current window. Thanks to @zmodem (Hans) for discovering this.
@madler
Remove carriage returns from zlib.map.
84f0baf
@dankegel @madler
Use updated zconf.h when building out of directory with configure.
9404df5
@madler
Remove -w compile option in configure test.
88ec246 
Not all C compilers have a -w option.
@madler
Use Makefile compiler for minizip-test target.
c06dfec
@madler
Add target include directories to CMakeLists.txt.
2e3d86c 
This enables the addition of zlib to other projects.
@madler
Move the load flags before the object files in Makefile tests.
1a8db63
@madler
zlib 1.3.1
51b7f2a
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.