Next | Query returned 102 messages, browsing 1 to 10 | Previous

History of commit frequency

CVS Commit History:

   2024-02-08 22:33:34 by Adam Ciarcinski | Files touched by this commit (28) | Package updated
Log message:
zlib: updated to 1.3.1

Changes in 1.3.1 (22 Jan 2024)
- Reject overflows of zip header fields in minizip
- Fix bug in inflateSync() for data held in bit buffer
- Add LIT_MEM define to use more memory for a small deflate speedup
- Fix decision on the emission of Zip64 end records in minizip
- Add bounds checking to ERR_MSG() macro, used by zError()
- Neutralize zip file traversal attacks in miniunz
- Fix a bug in ZLIB_DEBUG compiles in check_match()
- Various portability and appearance improvements

Changes in 1.3 (18 Aug 2023)
- Remove K&R function definitions and zlib2ansi
- Fix bug in deflateBound() for level 0 and memLevel 9
- Fix bug when gzungetc() is used immediately after gzopen()
- Fix bug when using gzflush() with a very small buffer
- Fix crash when gzsetparams() attempted for transparent write
- Fix test/example.c to work with FORCE_STORED
- Rewrite of zran in examples (see zran.c version history)
- Fix minizip to allow it to open an empty zip file
- Fix reading disk number start on zip64 files in minizip
- Fix logic error in minizip argument processing
- Add minizip testing to Makefile
- Read multiple bytes instead of byte-by-byte in minizip unzip.c
- Add memory sanitizer to configure (--memory)
- Various portability improvements
- Various documentation improvements
- Various spelling and typo corrections
   2024-01-26 13:47:03 by Dr. Thomas Orgis | Files touched by this commit (1)
Log message:
devel/zlib: add missing
   2024-01-25 17:41:20 by Dr. Thomas Orgis | Files touched by this commit (1)
Log message:
devel/zlib: include the version script from upstream

Adding symbol versions to the shared library on Linux.

This brings zlib more in line what distro builds have on Linux, avoiding
lots of complaints in the case that you have to replace native zlib with
an upgraded version from pkgsrc (to build octave on CentOS 7.x, for
   2024-01-13 21:07:34 by Taylor R Campbell | Files touched by this commit (24)
Log message:
*/ Use ${_CROSS_DESTDIR:U} for build-time file checks.

These are questions about the target system, whose files at
build-time are all relative to ${_CROSS_DESTDIR} if it is defined,
i.e., if USE_CROSS_COMPILE is set to yes.

No change to native builds because ${_CROSS_DESTDIR:U} is empty in
them.  (Possible minor change by adding :Q to ${H_FOO} in command
lines, but if this makes a difference it likely fixes problems.)
   2022-11-09 14:14:32 by Joerg Sonnenberger | Files touched by this commit (223)
Log message:
   2022-10-14 09:43:57 by Thomas Klausner | Files touched by this commit (25) | Package updated
Log message:
zlib: update to 1.2.13

Replace the existing files (except files/Makefile) from upstream sources.
Add LICENSE file.
Clean up some pkglint.

Fixes CVE-2022-37434.

Changes in 1.2.13 (13 Oct 2022)
- Fix configure issue that discarded provided CC definition
- Correct incorrect inputs provided to the CRC functions
- Repair prototypes and exporting of new CRC functions
- Fix inflateBack to detect invalid input with distances too far
- Have infback() deliver all of the available output up to any error
- Fix a bug when getting a gzip header extra field with inflate()
- Fix bug in block type selection when Z_FIXED used
- Tighten deflateBound bounds
- Remove deleted assembler code references
- Various portability and appearance improvements
   2022-05-13 09:34:20 by Jonathan Perkin | Files touched by this commit (2)
Log message:
zlib: Apply upstream patch to workaround CRC issue.

Should fix abuse by openjdk and others.  Bump PKGREVISION.

Upstream commit:

  From ec3df00224d4b396e2ac6586ab5d25f673caa4c2 Mon Sep 17 00:00:00 2001
  From: Mark Adler <>
  Date: Wed, 30 Mar 2022 11:14:53 -0700
  Subject: [PATCH] Correct incorrect inputs provided to the CRC functions.

  The previous releases of zlib were not sensitive to incorrect CRC
  inputs with bits set above the low 32. This commit restores that
  behavior, so that applications with such bugs will continue to
  operate as before.
   2022-03-30 00:09:41 by Thomas Klausner | Files touched by this commit (25) | Package updated
Log message:
zlib: update to 1.2.12

pkgsrc change:
Add unistd.h to gzguts.h to fix warning on NetBSD.

Changes in 1.2.12 (27 Mar 2022)
- Cygwin does not have _wopen(), so do not create gzopen_w() there
- Permit a deflateParams() parameter change as soon as possible
- Limit hash table inserts after switch from stored deflate
- Fix bug when window full in deflate_stored()
- Fix CLEAR_HASH macro to be usable as a single statement
- Avoid a conversion error in gzseek when off_t type too small
- Have Makefile return non-zero error code on test failure
- Avoid some conversion warnings in gzread.c and gzwrite.c
- Update use of errno for newer Windows CE versions
- Small speedup to inflate [psumbera]
- Return an error if the gzputs string length can't fit in an int
- Add address checking in clang to -w option of configure
- Don't compute check value for raw inflate if asked to validate
- Handle case where inflateSync used when header never processed
- Avoid the use of ptrdiff_t
- Avoid an undefined behavior of memcpy() in gzappend()
- Avoid undefined behaviors of memcpy() in gz*printf()
- Avoid an undefined behavior of memcpy() in _tr_stored_block()
- Make the names in functions declarations identical to definitions
- Remove old assembler code in which bugs have manifested
- Fix deflateEnd() to not report an error at start of raw deflate
- Add legal disclaimer to README
- Emphasize the need to continue decompressing gzip members
- Correct the initialization requirements for deflateInit2()
- Fix a bug that can crash deflate on some input when using Z_FIXED
- Assure that the number of bits for deflatePrime() is valid
- Use a structure to make globals in enough.c evident
- Use a macro for the printf format of big_t in enough.c
- Clean up code style in enough.c, update version
- Use inline function instead of macro for index in enough.c
- Clarify that prefix codes are counted in enough.c
- Show all the codes for the maximum tables size in enough.c
- Add gznorm.c example, which normalizes gzip files
- Fix the zran.c example to work on a multiple-member gzip file
- Add tables for crc32_combine(), to speed it up by a factor of 200
- Add crc32_combine_gen() and crc32_combine_op() for fast combines
- Speed up software CRC-32 computation by a factor of 1.5 to 3
- Use atomic test and set, if available, for dynamic CRC tables
- Don't bother computing check value after successful inflateSync()
- Correct comment in crc32.c
- Add use of the ARMv8 crc32 instructions when requested
- Use ARM crc32 instructions if the ARM architecture has them
- Explicitly note that the 32-bit check values are 32 bits
- Avoid adding empty gzip member after gzflush with Z_FINISH
- Fix memory leak on error in gzlog.c
- Fix error in comment on the polynomial representation of a byte
- Clarify gz* function interfaces, referring to parameter names
- Change macro name in inflate.c to avoid collision in VxWorks
- Correct typo in blast.c
- Improve portability of contrib/minizip
- Fix indentation in minizip's zip.c
- Replace black/white with allow/block. (theresa-m)
- minizip warning fix if MAXU32 already defined. (gvollant)
- Fix unztell64() in minizip to work past 4GB. (Daniël Hörchner)
- Clean up minizip to reduce warnings for testing
- Add fallthrough comments for gcc
- Eliminate use of ULL constants
- Separate out address sanitizing from warnings in configure
- Remove destructive aspects of make distclean
- Check for cc masquerading as gcc or clang in configure
- Fix crc32.c to compile local functions only if used
   2022-03-24 08:57:48 by Thomas Klausner | Files touched by this commit (6)
Log message:
zlib: apply patches directly on in-tree sources
   2022-03-24 08:56:01 by Thomas Klausner | Files touched by this commit (5)
Log message:
zlib:  Fix a bug that can crash deflate on some input when using Z_FIXED.

Using upstream patch.

This bug was reported by Danilo Ramos of Eideticom, Inc. It has
lain in wait 13 years before being found! The bug was introduced
in zlib, with the addition of the Z_FIXED option. That
option forces the use of fixed Huffman codes. For rare inputs with
a large number of distant matches, the pending buffer into which
the compressed data is written can overwrite the distance symbol
table which it overlays. That results in corrupted output due to
invalid distances, and can result in out-of-bound accesses,
crashing the application.

The fix here combines the distance buffer and literal/length
buffers into a single symbol buffer. Now three bytes of pending
buffer space are opened up for each literal or length/distance
pair consumed, instead of the previous two bytes. This assures
that the pending buffer cannot overwrite the symbol table, since
the maximum fixed code compressed length/distance is 31 bits, and
since there are four bytes of pending space for every three bytes
of symbol space.


Fix some pkglint while here.

Next | Query returned 102 messages, browsing 1 to 10 | Previous