88ec24670e
Remove -w compile option in configure test.
...
Not all C compilers have a -w option.
2024-01-20 18:29:31 -08:00
9404df5a1f
Use updated zconf.h when building out of directory with configure.
2024-01-19 16:16:11 -08:00
84f0bafd7c
Remove carriage returns from zlib.map.
2024-01-19 15:26:17 -08:00
7af6320ad7
Fix a bug in ZLIB_DEBUG compiles in check_match().
...
This avoids trying to compare a match starting one byte before the
current window. Thanks to @zmodem (Hans) for discovering this.
2024-01-19 12:19:53 -08:00
7b632b486a
Revert "Add a CMake option to link the C runtime statically."
...
This reverts commit 44dc43ab04
2024-01-19 10:10:42 -08:00
3f635df97e
Remove unused Z_ARG macro.
2024-01-17 18:20:32 -08:00
ade6825c49
Fix cmake build on AIX.
...
The --version-script linker option is not supported by the linker on AIX systems
2024-01-17 17:52:19 -08:00
2526346237
Remove mentions of an official zlib DLL distribution.
...
There used to be one, but no more. It is up to the user or vendor
to compile zlib.
2024-01-17 17:19:03 -08:00
fe41d18921
Correct typos in source code.
2024-01-17 16:43:38 -08:00
01253ecd7e
Make the existence of gz_intmax() unconditional.
...
gz_intmax() is noted in zlib.map. This assures it's always there.
2024-01-17 16:07:14 -08:00
6201f89384
Add cmake option to control the build of the example executables.
2024-01-17 15:34:01 -08:00
14a5f8f266
Neutralize zip file traversal attacks in miniunz.
...
Archive formats such as .zip files are generally susceptible to
so-called "traversal attacks". This allows an attacker to craft
an archive that writes to unexpected locations of the file system
(e.g., /etc/shadow) if an unspecting root user were to unpack a
malicious archive.
This patch neutralizes absolute paths such as /tmp/moo and deeply
relative paths such as dummy/../../../../../../../../../../tmp/moo
The Debian project requested CVE-2014-9485 be allocated for the
first identified weakness. The fix was incomplete, resulting in a
revised patch applied here. Since there wasn't an updated version
released by Debian with the incomplete fix, I suggest we use this
CVE to identify both issues.
Link: https://security.snyk.io/research/zip-slip-vulnerability
Link: https://bugs.debian.org/774321
Link: https://bugs.debian.org/776831
Link: https://nvd.nist.gov/vuln/detail/CVE-2014-9485
Reported-by: Jakub Wilk <jwilk@debian.org>
Fixed-by: Michael Gilbert <mgilbert@debian.org>
2024-01-17 15:08:08 -08:00
44dc43ab04
Add a CMake option to link the C runtime statically.
2024-01-17 14:55:54 -08:00
01155ccc3f
Fix random typos over several source and text files.
2024-01-17 13:49:11 -08:00
16799d064b
Fix "the the" in examples/gzlog.c.
2024-01-17 12:52:01 -08:00
190168cc1c
Correct case of MSDOS in contrib/minizip/miniunz.c.
2024-01-17 12:48:27 -08:00
762cf49e63
Refer to correct function in contrib/minizip/unzip.c comment.
2024-01-17 12:46:14 -08:00
36e369e1a5
Note that the len2 argument of crc_combine*() must be non-negative.
...
If it is negative, then the code will enter an infinite loop.
2024-01-13 22:30:30 -08:00
60c31985ec
Fix the copy of pending_buf in deflateCopy() for the LIT_MEM case.
2024-01-13 22:30:30 -08:00
ee474ff2d1
Fix pending buffer overflow assert with LIT_MEM allocation.
...
Since each element in s->d_buf is 2 bytes, the sx index should be
multiplied by 2 in the assert.
Fixes #897
2024-01-13 22:30:30 -08:00
4bd9a71f35
Remove fdopen #defines in zutil.h.
...
fdopen() is not used by zlib anymore. The #defines are vestigial.
2024-01-13 22:30:30 -08:00
431a9b65ea
Add bounds checking to ERR_MSG() macro, used by zError().
2024-01-13 22:29:58 -08:00
643e17b749
Correct repeated words in source file comments and a readme.
2023-11-14 18:44:32 -08:00
15c45adb76
Fix decision on the emission of Zip64 end records in minizip.
...
The appnote says that if the number of entries in the end record
is 0xffff, then the actual number of entries will be found in the
Zip64 end record. Therefore if the number of entries is equal to
0xffff, it can't be in the end record by itself, since that is an
instruction to get the number from the Zip64 end record. This code
would just store 0xffff in the end record in that case, not making
a Zip64 end record. This commit fixes that.
2023-11-07 15:46:41 -08:00
ac8f12c97d
Add LIT_MEM define to use more memory for a small deflate speedup.
...
A bug fix in zlib 1.2.12 resulted in a slight slowdown (1-2%) of
deflate. This commit provides the option to #define LIT_MEM, which
uses more memory to reverse most of that slowdown. The memory for
the pending buffer and symbol buffers is increased by 25%, which
increases the total memory usage with the default parameters by
about 6%.
2023-09-21 00:14:56 -07:00
bd9c329c10
Make internal functions static in the test code.
...
To avoid warnings when building with -Wmissing-prototypes.
2023-09-03 21:50:07 -07:00
5af7cef45e
Fix bug in inflateSync() for data held in bit buffer.
2023-08-24 02:14:23 -04:00
88e50f1705
Update miniunz version.
2023-08-20 11:38:03 -07:00
79a0e447a0
Update version and date in contrib/nuget.
2023-08-19 23:17:29 -07:00
8988e03256
Update version numbers and year in contrib/vstudio/vc17.
2023-08-19 17:13:12 -07:00
7192d692be
Update vc directory in contrib/nuget.
2023-08-19 17:07:35 -07:00
60bfe641af
Rename contrib/vstudio/vc143 to vc17.
...
This makes it consistent with the other vstudio projects, which
use the version number.
2023-08-19 12:13:00 -07:00
73331a6a04
Reject overflows of zip header fields in minizip.
...
This checks the lengths of the file name, extra field, and comment
that would be put in the zip headers, and rejects them if they are
too long. They are each limited to 65535 bytes in length by the zip
format. This also avoids possible buffer overflows if the provided
fields are too long.
2023-08-19 11:56:12 -07:00
726e18943d
Remove Windows ARM and ARM64 builds from cmake workflow.
...
They were added in the VS2022 commit, but failed when run.
2023-08-19 11:07:39 -07:00
4a47c1bf3d
Add project and solution files for building a nuget package.
2023-08-19 10:57:26 -07:00
d7de5971f4
Add VS2022 project files.
...
Also replaced Itanium with ARM and ARM64 configurations.
2023-08-19 10:54:50 -07:00
4c5a81c2ae
Remove carriage returns from contrib/vstudio/readme.txt.
2023-08-19 10:43:36 -07:00
0f68a0d89d
Limit the length of Darwin shared library version number.
2023-08-18 16:17:33 -07:00
5dc7681ff1
Fix version numbering for Darwin shared library.
2023-08-18 16:01:06 -07:00
3a98b57e55
Change version number on develop branch to 1.3.0.1.
2023-08-18 13:23:07 -07:00
09155eaa2f
zlib 1.3
2023-08-18 01:45:36 -07:00
899ffefb19
Use original make and options when Makefile runs make.
...
Also avoid the use of the -C option for non-GNU make.
2023-08-17 23:52:24 -07:00
25bbd7f5a6
Avoid uninitialized and unused warnings in contrib/minizip.
2023-08-17 22:35:43 -07:00
e13289e307
Fix typo in preceding reversion commit.
2023-08-17 17:40:56 -07:00
f5ae600cc7
Revert flipping of load flags in Makefile.in for z/OS.
...
It looked innocuous enough and worked on macOS, but failed on
Ubuntu.
2023-08-17 17:34:11 -07:00
daf27aed08
Look for a cross-compile libtool first in configure.
...
Permit cross-compilation for Darwin.
2023-08-17 17:12:52 -07:00
9889e98868
Avoid cmake deprecation warning.
2023-08-17 17:11:11 -07:00
22fc20898b
Clarify requirement in zlib.h to avoid multiple flush markers.
2023-08-17 17:11:11 -07:00
5f52b25059
Move load flags before object file in Makefile.in for Z/OS.
2023-08-17 17:10:29 -07:00
efc9c7b801
Add license to contrib/untgz.
...
A zlib license was agreed to by the authors.
2023-08-17 17:10:12 -07:00
Mark Adler