From: Václav Slavík Date: Fri, 5 Nov 2004 15:55:19 +0000 (+0000) Subject: upgraded to zlib 1.2.2 (replaces patch with CAN-2004-0797 vulnerability fix with... X-Git-Url: https://git.saurik.com/wxWidgets.git/commitdiff_plain/ba0052f3f581636991de6e2a230ab227dac2dd88 upgraded to zlib 1.2.2 (replaces patch with CAN-2004-0797 vulnerability fix with official upstream fix) git-svn-id: https://svn.wxwidgets.org/svn/wx/wxWidgets/trunk@30288 c3d73ce0-8a6f-49c7-b76d-6d57e0e08775 --- diff --git a/src/zlib/ChangeLog b/src/zlib/ChangeLog index 48e465f89f..d60b6d377a 100644 --- a/src/zlib/ChangeLog +++ b/src/zlib/ChangeLog @@ -1,6 +1,48 @@ ChangeLog file for zlib +Changes in 1.2.2 (3 October 2004) +- Update zlib.h comments on gzip in-memory processing +- Set adler to 1 in inflateReset() to support Java test suite [Walles] +- Add contrib/dotzlib [Ravn] +- Update win32/DLL_FAQ.txt [Truta] +- Update contrib/minizip [Vollant] +- Move contrib/visual-basic.txt to old/ [Truta] +- Fix assembler builds in projects/visualc6/ [Truta] + +Changes in 1.2.1.2 (9 September 2004) +- Update INDEX file +- Fix trees.c to update strm->data_type (no one ever noticed!) +- Fix bug in error case in inflate.c, infback.c, and infback9.c [Brown] +- Add "volatile" to crc table flag declaration (for DYNAMIC_CRC_TABLE) +- Add limited multitasking protection to DYNAMIC_CRC_TABLE +- Add NO_vsnprintf for VMS in zutil.h [Mozilla] +- Don't declare strerror() under VMS [Mozilla] +- Add comment to DYNAMIC_CRC_TABLE to use get_crc_table() to initialize +- Update contrib/ada [Anisimkov] +- Update contrib/minizip [Vollant] +- Fix configure to not hardcode directories for Darwin [Peterson] +- Fix gzio.c to not return error on empty files [Brown] +- Fix indentation; update version in contrib/delphi/ZLib.pas and + contrib/pascal/zlibpas.pas [Truta] +- Update mkasm.bat in contrib/masmx86 [Truta] +- Update contrib/untgz [Truta] +- Add projects/README.projects [Truta] +- Add project for MS Visual C++ 6.0 in projects/visualc6 [Cadieux, Truta] +- Update win32/DLL_FAQ.txt [Truta] +- Update list of Z_PREFIX symbols in zconf.h [Randers-Pehrson, Truta] +- Remove an unnecessary assignment to curr in inftrees.c [Truta] +- Add OS/2 to exe builds in configure [Poltorak] +- Remove err dummy parameter in zlib.h [Kientzle] + +Changes in 1.2.1.1 (9 January 2004) +- Update email address in README +- Several FAQ updates +- Fix a big fat bug in inftrees.c that prevented decoding valid + dynamic blocks with only literals and no distance codes -- + Thanks to "Hot Emu" for the bug report and sample file +- Add a note to puff.c on no distance codes case. + Changes in 1.2.1 (17 November 2003) - Remove a tab in contrib/gzappend/gzappend.c - Update some interfaces in contrib for new zlib functions diff --git a/src/zlib/crc32.c b/src/zlib/crc32.c index 689b2883b4..b39c7e1253 100644 --- a/src/zlib/crc32.c +++ b/src/zlib/crc32.c @@ -11,6 +11,14 @@ /* @(#) $Id$ */ +/* + Note on the use of DYNAMIC_CRC_TABLE: there is no mutex or semaphore + protection on the static variables used to control the first-use generation + of the crc tables. Therefore, if you #define DYNAMIC_CRC_TABLE, you should + first call get_crc_table() to initialize the tables before allowing more than + one thread to use crc32(). + */ + #ifdef MAKECRCH # include # ifndef DYNAMIC_CRC_TABLE @@ -58,7 +66,7 @@ #ifdef DYNAMIC_CRC_TABLE -local int crc_table_empty = 1; +local volatile int crc_table_empty = 1; local unsigned long FAR crc_table[TBLS][256]; local void make_crc_table OF((void)); #ifdef MAKECRCH @@ -95,38 +103,51 @@ local void make_crc_table() { unsigned long c; int n, k; - unsigned long poly; /* polynomial exclusive-or pattern */ + unsigned long poly; /* polynomial exclusive-or pattern */ /* terms of polynomial defining this crc (except x^32): */ + static volatile int first = 1; /* flag to limit concurrent making */ static const unsigned char p[] = {0,1,2,4,5,7,8,10,11,12,16,22,23,26}; - /* make exclusive-or pattern from polynomial (0xedb88320UL) */ - poly = 0UL; - for (n = 0; n < sizeof(p)/sizeof(unsigned char); n++) - poly |= 1UL << (31 - p[n]); - - /* generate a crc for every 8-bit value */ - for (n = 0; n < 256; n++) { - c = (unsigned long)n; - for (k = 0; k < 8; k++) - c = c & 1 ? poly ^ (c >> 1) : c >> 1; - crc_table[0][n] = c; - } + /* See if another task is already doing this (not thread-safe, but better + than nothing -- significantly reduces duration of vulnerability in + case the advice about DYNAMIC_CRC_TABLE is ignored) */ + if (first) { + first = 0; + + /* make exclusive-or pattern from polynomial (0xedb88320UL) */ + poly = 0UL; + for (n = 0; n < sizeof(p)/sizeof(unsigned char); n++) + poly |= 1UL << (31 - p[n]); + + /* generate a crc for every 8-bit value */ + for (n = 0; n < 256; n++) { + c = (unsigned long)n; + for (k = 0; k < 8; k++) + c = c & 1 ? poly ^ (c >> 1) : c >> 1; + crc_table[0][n] = c; + } #ifdef BYFOUR - /* generate crc for each value followed by one, two, and three zeros, and - then the byte reversal of those as well as the first table */ - for (n = 0; n < 256; n++) { - c = crc_table[0][n]; - crc_table[4][n] = REV(c); - for (k = 1; k < 4; k++) { - c = crc_table[0][c & 0xff] ^ (c >> 8); - crc_table[k][n] = c; - crc_table[k + 4][n] = REV(c); + /* generate crc for each value followed by one, two, and three zeros, + and then the byte reversal of those as well as the first table */ + for (n = 0; n < 256; n++) { + c = crc_table[0][n]; + crc_table[4][n] = REV(c); + for (k = 1; k < 4; k++) { + c = crc_table[0][c & 0xff] ^ (c >> 8); + crc_table[k][n] = c; + crc_table[k + 4][n] = REV(c); + } } - } #endif /* BYFOUR */ - crc_table_empty = 0; + crc_table_empty = 0; + } + else { /* not first */ + /* wait for the other guy to finish (not efficient, but rare) */ + while (crc_table_empty) + ; + } #ifdef MAKECRCH /* write out CRC tables to crc32.h */ @@ -180,9 +201,10 @@ local void write_table(out, table) const unsigned long FAR * ZEXPORT get_crc_table() { #ifdef DYNAMIC_CRC_TABLE - if (crc_table_empty) make_crc_table(); + if (crc_table_empty) + make_crc_table(); #endif /* DYNAMIC_CRC_TABLE */ - return (const unsigned long FAR *)crc_table; + return (const unsigned long FAR *)crc_table; } /* ========================================================================= */ diff --git a/src/zlib/deflate.c b/src/zlib/deflate.c index 0525b2f33c..0fc53bc1e8 100644 --- a/src/zlib/deflate.c +++ b/src/zlib/deflate.c @@ -1,5 +1,5 @@ /* deflate.c -- compress data using the deflation algorithm - * Copyright (C) 1995-2003 Jean-loup Gailly. + * Copyright (C) 1995-2004 Jean-loup Gailly. * For conditions of distribution and use, see copyright notice in zlib.h */ @@ -52,7 +52,7 @@ #include "deflate.h" const char deflate_copyright[] = - " deflate 1.2.1 Copyright 1995-2003 Jean-loup Gailly "; + " deflate 1.2.2 Copyright 1995-2004 Jean-loup Gailly "; /* If you use the zlib library in a product, an acknowledgment is welcome in the documentation of your product. If for some reason you cannot diff --git a/src/zlib/deflate.h b/src/zlib/deflate.h index e31f66be52..410681d18a 100644 --- a/src/zlib/deflate.h +++ b/src/zlib/deflate.h @@ -95,7 +95,6 @@ typedef struct internal_state { Bytef *pending_out; /* next pending byte to output to the stream */ int pending; /* nb of bytes in the pending buffer */ int wrap; /* bit 0 true for zlib, bit 1 true for gzip */ - Byte data_type; /* UNKNOWN, BINARY or ASCII */ Byte method; /* STORED (for zip only) or DEFLATED */ int last_flush; /* value of flush param for previous deflate call */ diff --git a/src/zlib/gzio.c b/src/zlib/gzio.c index 4afd102b3f..5e71b0ab3a 100644 --- a/src/zlib/gzio.c +++ b/src/zlib/gzio.c @@ -455,6 +455,10 @@ int ZEXPORT gzread (file, buf, len) s->z_err = Z_ERRNO; break; } + if (feof(s->file)) { /* avoid error for empty file */ + s->z_err = Z_STREAM_END; + break; + } } s->stream.next_in = s->inbuf; } diff --git a/src/zlib/infback.c b/src/zlib/infback.c index e9709984a8..262f97c73a 100644 --- a/src/zlib/infback.c +++ b/src/zlib/infback.c @@ -434,8 +434,8 @@ void FAR *out_desc; } } - if (state->mode == BAD) - break; + /* handle error breaks in while */ + if (state->mode == BAD) break; /* build code tables */ state->next = state->codes; diff --git a/src/zlib/inffast.c b/src/zlib/inffast.c index c716440a92..8c02a178d0 100644 --- a/src/zlib/inffast.c +++ b/src/zlib/inffast.c @@ -1,5 +1,5 @@ /* inffast.c -- fast decoding - * Copyright (C) 1995-2003 Mark Adler + * Copyright (C) 1995-2004 Mark Adler * For conditions of distribution and use, see copyright notice in zlib.h */ @@ -19,7 +19,7 @@ - none No measurable difference: - Pentium III (Anderson) - - 68060 (Nikl) + - M68060 (Nikl) */ #ifdef POSTINC # define OFF 0 diff --git a/src/zlib/inflate.c b/src/zlib/inflate.c index be67fd6920..c6d38266d0 100644 --- a/src/zlib/inflate.c +++ b/src/zlib/inflate.c @@ -109,6 +109,7 @@ z_streamp strm; state = (struct inflate_state FAR *)strm->state; strm->total_in = strm->total_out = state->total = 0; strm->msg = Z_NULL; + strm->adler = 1; /* to support ill-conceived Java test suite */ state->mode = HEAD; state->last = 0; state->havedict = 0; @@ -861,8 +862,8 @@ int flush; } } - if (state->mode == BAD) - break; + /* handle error breaks in while */ + if (state->mode == BAD) break; /* build code tables */ state->next = state->codes; diff --git a/src/zlib/inftrees.c b/src/zlib/inftrees.c index 3bb56398e1..8a896b2879 100644 --- a/src/zlib/inftrees.c +++ b/src/zlib/inftrees.c @@ -1,5 +1,5 @@ /* inftrees.c -- generate Huffman trees for efficient decoding - * Copyright (C) 1995-2003 Mark Adler + * Copyright (C) 1995-2004 Mark Adler * For conditions of distribution and use, see copyright notice in zlib.h */ @@ -9,7 +9,7 @@ #define MAXBITS 15 const char inflate_copyright[] = - " inflate 1.2.1 Copyright 1995-2003 Mark Adler "; + " inflate 1.2.2 Copyright 1995-2004 Mark Adler "; /* If you use the zlib library in a product, an acknowledgment is welcome in the documentation of your product. If for some reason you cannot @@ -62,7 +62,7 @@ unsigned short FAR *work; 35, 43, 51, 59, 67, 83, 99, 115, 131, 163, 195, 227, 258, 0, 0}; static const unsigned short lext[31] = { /* Length codes 257..285 extra */ 16, 16, 16, 16, 16, 16, 16, 16, 17, 17, 17, 17, 18, 18, 18, 18, - 19, 19, 19, 19, 20, 20, 20, 20, 21, 21, 21, 21, 16, 76, 66}; + 19, 19, 19, 19, 20, 20, 20, 20, 21, 21, 21, 21, 16, 199, 198}; static const unsigned short dbase[32] = { /* Distance codes 0..29 base */ 1, 2, 3, 4, 5, 7, 9, 13, 17, 25, 33, 49, 65, 97, 129, 193, 257, 385, 513, 769, 1025, 1537, 2049, 3073, 4097, 6145, @@ -114,7 +114,15 @@ unsigned short FAR *work; for (max = MAXBITS; max >= 1; max--) if (count[max] != 0) break; if (root > max) root = max; - if (max == 0) return -1; /* no codes! */ + if (max == 0) { /* no symbols to code at all */ + this.op = (unsigned char)64; /* invalid code marker */ + this.bits = (unsigned char)1; + this.val = (unsigned short)0; + *(*table)++ = this; /* make a table to force an error */ + *(*table)++ = this; + *bits = 1; + return 0; /* no symbols, but wait for decoding to report error */ + } for (min = 1; min <= MAXBITS; min++) if (count[min] != 0) break; if (root < min) root = min; @@ -295,7 +303,6 @@ unsigned short FAR *work; drop = 0; len = root; next = *table; - curr = root; this.bits = (unsigned char)len; } diff --git a/src/zlib/trees.c b/src/zlib/trees.c index bb09554938..52c820fa2e 100644 --- a/src/zlib/trees.c +++ b/src/zlib/trees.c @@ -931,7 +931,7 @@ void _tr_flush_block(s, buf, stored_len, eof) if (s->level > 0) { /* Check if the file is ascii or binary */ - if (s->data_type == Z_UNKNOWN) set_data_type(s); + if (s->strm->data_type == Z_UNKNOWN) set_data_type(s); /* Construct the literal and distance trees */ build_tree(s, (tree_desc *)(&(s->l_desc))); @@ -1131,7 +1131,7 @@ local void set_data_type(s) while (n < 7) bin_freq += s->dyn_ltree[n++].Freq; while (n < 128) ascii_freq += s->dyn_ltree[n++].Freq; while (n < LITERALS) bin_freq += s->dyn_ltree[n++].Freq; - s->data_type = (Byte)(bin_freq > (ascii_freq >> 2) ? Z_BINARY : Z_ASCII); + s->strm->data_type = bin_freq > (ascii_freq >> 2) ? Z_BINARY : Z_ASCII; } /* =========================================================================== diff --git a/src/zlib/zconf.h b/src/zlib/zconf.h index 3cea897eda..3c21403fce 100644 --- a/src/zlib/zconf.h +++ b/src/zlib/zconf.h @@ -1,5 +1,5 @@ /* zconf.h -- configuration of the zlib compression library - * Copyright (C) 1995-2003 Jean-loup Gailly. + * Copyright (C) 1995-2004 Jean-loup Gailly. * For conditions of distribution and use, see copyright notice in zlib.h */ @@ -13,43 +13,46 @@ * compile with -DZ_PREFIX. The "standard" zlib should be compiled without it. */ #ifdef Z_PREFIX -# define deflateInit_ z_deflateInit_ -# define deflate z_deflate -# define deflateEnd z_deflateEnd -# define inflateInit_ z_inflateInit_ -# define inflate z_inflate -# define inflateEnd z_inflateEnd -# define deflateInit2_ z_deflateInit2_ -# define deflateSetDictionary z_deflateSetDictionary -# define deflateCopy z_deflateCopy -# define deflateReset z_deflateReset -# define deflatePrime z_deflatePrime -# define deflateParams z_deflateParams -# define deflateBound z_deflateBound -# define inflateInit2_ z_inflateInit2_ -# define inflateSetDictionary z_inflateSetDictionary -# define inflateSync z_inflateSync -# define inflateSyncPoint z_inflateSyncPoint -# define inflateCopy z_inflateCopy -# define inflateReset z_inflateReset -# define compress z_compress -# define compress2 z_compress2 -# define compressBound z_compressBound -# define uncompress z_uncompress -# define adler32 z_adler32 -# define crc32 z_crc32 -# define get_crc_table z_get_crc_table +# define deflateInit_ z_deflateInit_ +# define deflate z_deflate +# define deflateEnd z_deflateEnd +# define inflateInit_ z_inflateInit_ +# define inflate z_inflate +# define inflateEnd z_inflateEnd +# define deflateInit2_ z_deflateInit2_ +# define deflateSetDictionary z_deflateSetDictionary +# define deflateCopy z_deflateCopy +# define deflateReset z_deflateReset +# define deflateParams z_deflateParams +# define deflateBound z_deflateBound +# define deflatePrime z_deflatePrime +# define inflateInit2_ z_inflateInit2_ +# define inflateSetDictionary z_inflateSetDictionary +# define inflateSync z_inflateSync +# define inflateSyncPoint z_inflateSyncPoint +# define inflateCopy z_inflateCopy +# define inflateReset z_inflateReset +# define inflateBack z_inflateBack +# define inflateBackEnd z_inflateBackEnd +# define compress z_compress +# define compress2 z_compress2 +# define compressBound z_compressBound +# define uncompress z_uncompress +# define adler32 z_adler32 +# define crc32 z_crc32 +# define get_crc_table z_get_crc_table +# define zError z_zError -# define Byte z_Byte -# define uInt z_uInt -# define uLong z_uLong -# define Bytef z_Bytef -# define charf z_charf -# define intf z_intf -# define uIntf z_uIntf -# define uLongf z_uLongf -# define voidpf z_voidpf -# define voidp z_voidp +# define Byte z_Byte +# define uInt z_uInt +# define uLong z_uLong +# define Bytef z_Bytef +# define charf z_charf +# define intf z_intf +# define uIntf z_uIntf +# define uLongf z_uLongf +# define voidpf z_voidpf +# define voidp z_voidp #endif #if defined(__MSDOS__) && !defined(MSDOS) @@ -281,7 +284,7 @@ typedef uLong FAR uLongf; # ifdef VMS # include /* for off_t */ # endif -# define z_off_t off_t +# define z_off_t off_t #endif #ifndef SEEK_SET # define SEEK_SET 0 /* Seek from beginning of file. */ @@ -289,11 +292,11 @@ typedef uLong FAR uLongf; # define SEEK_END 2 /* Set file pointer to EOF plus "offset" */ #endif #ifndef z_off_t -# define z_off_t long +# define z_off_t long #endif #if defined(__OS400__) -#define NO_vsnprintf +# define NO_vsnprintf #endif #if defined(__MVS__) diff --git a/src/zlib/zlib.3 b/src/zlib/zlib.3 index 890098449d..3139e2467f 100644 --- a/src/zlib/zlib.3 +++ b/src/zlib/zlib.3 @@ -1,4 +1,4 @@ -.TH ZLIB 3 "17 November 2003" +.TH ZLIB 3 "3 October 2004" .SH NAME zlib \- compression/decompression library .SH SYNOPSIS @@ -133,8 +133,8 @@ before asking for help. Send questions and/or comments to zlib@gzip.org, or (for the Windows DLL version) to Gilles Vollant (info@winimage.com). .SH AUTHORS -Version 1.2.1 -Copyright (C) 1995-2003 Jean-loup Gailly (jloup@gzip.org) +Version 1.2.2 +Copyright (C) 1995-2004 Jean-loup Gailly (jloup@gzip.org) and Mark Adler (madler@alumni.caltech.edu). .LP This software is provided "as-is," diff --git a/src/zlib/zlib.h b/src/zlib/zlib.h index 92edf96ff3..b4ddd34395 100644 --- a/src/zlib/zlib.h +++ b/src/zlib/zlib.h @@ -1,7 +1,7 @@ /* zlib.h -- interface of the 'zlib' general purpose compression library - version 1.2.1, November 17th, 2003 + version 1.2.2, October 3rd, 2004 - Copyright (C) 1995-2003 Jean-loup Gailly and Mark Adler + Copyright (C) 1995-2004 Jean-loup Gailly and Mark Adler This software is provided 'as-is', without any express or implied warranty. In no event will the authors be held liable for any damages @@ -37,8 +37,8 @@ extern "C" { #endif -#define ZLIB_VERSION "1.2.1" -#define ZLIB_VERNUM 0x1210 +#define ZLIB_VERSION "1.2.2" +#define ZLIB_VERNUM 0x1220 /* The 'zlib' compression library provides in-memory compression and @@ -53,24 +53,22 @@ extern "C" { application must provide more input and/or consume the output (providing more output space) before each call. - The compressed data format used by the in-memory functions is the zlib - format, which is a zlib wrapper documented in RFC 1950, wrapped around a - deflate stream, which is itself documented in RFC 1951. + The compressed data format used by default by the in-memory functions is + the zlib format, which is a zlib wrapper documented in RFC 1950, wrapped + around a deflate stream, which is itself documented in RFC 1951. The library also supports reading and writing files in gzip (.gz) format with an interface similar to that of stdio using the functions that start with "gz". The gzip format is different from the zlib format. gzip is a gzip wrapper, documented in RFC 1952, wrapped around a deflate stream. + This library can optionally read and write gzip streams in memory as well. + The zlib format was designed to be compact and fast for use in memory and on communications channels. The gzip format was designed for single- file compression on file systems, has a larger header than zlib to maintain directory information, and uses a different, slower check method than zlib. - This library does not provide any functions to write gzip files in memory. - However such functions could be easily written using zlib's deflate function, - the documentation in the gzip RFC, and the examples in gzio.c. - The library does not install any signal handler. The decoder checks the consistency of the compressed data, so the library should never crash even in case of corrupted input. @@ -401,7 +399,7 @@ ZEXTERN int ZEXPORT inflate OF((z_streamp strm, int flush)); because Z_BLOCK is used. If a preset dictionary is needed after this call (see inflateSetDictionary - below), inflate sets strm-adler to the adler32 checksum of the dictionary + below), inflate sets strm->adler to the adler32 checksum of the dictionary chosen by the compressor and returns Z_NEED_DICT; otherwise it sets strm->adler to the adler32 checksum of all output produced so far (that is, total_out bytes) and returns Z_OK, Z_STREAM_END or an error code as described @@ -478,7 +476,8 @@ ZEXTERN int ZEXPORT deflateInit2 OF((z_streamp strm, 16 to windowBits to write a simple gzip header and trailer around the compressed data instead of a zlib wrapper. The gzip header will have no file name, no extra data, no comment, no modification time (set to zero), - no header crc, and the operating system will be set to 255 (unknown). + no header crc, and the operating system will be set to 255 (unknown). If a + gzip stream is being written, strm->adler is a crc32 instead of an adler32. The memLevel parameter specifies how much memory should be allocated for the internal compression state. memLevel=1 uses minimum memory but @@ -649,7 +648,8 @@ ZEXTERN int ZEXPORT inflateInit2 OF((z_streamp strm, windowBits can also be greater than 15 for optional gzip decoding. Add 32 to windowBits to enable zlib and gzip decoding with automatic header detection, or add 16 to decode only the gzip format (the zlib format will - return a Z_DATA_ERROR). + return a Z_DATA_ERROR. If a gzip stream is being decoded, strm->adler is + a crc32 instead of an adler32. inflateInit2 returns Z_OK if success, Z_MEM_ERROR if there was not enough memory, Z_STREAM_ERROR if a parameter is invalid (such as a negative @@ -1189,7 +1189,7 @@ ZEXTERN int ZEXPORT inflateBackInit_ OF((z_stream FAR *strm, int windowBits, struct internal_state {int dummy;}; /* hack for buggy compilers */ #endif -ZEXTERN const char * ZEXPORT zError OF((int err)); +ZEXTERN const char * ZEXPORT zError OF((int)); ZEXTERN int ZEXPORT inflateSyncPoint OF((z_streamp z)); ZEXTERN const uLongf * ZEXPORT get_crc_table OF((void)); diff --git a/src/zlib/zutil.h b/src/zlib/zutil.h index 87b70acec2..7b42edcaa9 100644 --- a/src/zlib/zutil.h +++ b/src/zlib/zutil.h @@ -189,9 +189,14 @@ extern const char * const z_errmsg[10]; /* indexed by 2-zlib_error */ # define NO_vsnprintf # endif #endif +#ifdef VMS +# define NO_vsnprintf +#endif #ifdef HAVE_STRERROR - extern char *strerror OF((int)); +# ifndef VMS + extern char *strerror OF((int)); +# endif # define zstrerror(errnum) strerror(errnum) #else # define zstrerror(errnum) ""