mirrors/zlib
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
708 Commits 2 Branches 76 Tags 8 MiB
ef24c4c750
Commit Graph

708 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Mark Adler
81e7c38608 Correct printf formats in test/infcover.c to %zu. 2024-02-07 14:38:57 -08:00
Mark Adler
96d3e9e3dd Expand on the deflate strategy parameter in zlib.h. 2024-02-07 10:48:55 -08:00
Mark Adler
e342bb3dae Assume no snprintf() or vsnprintf() if C89/90 in gzguts.h. 
Those functions were introduced in C99. However it is assumed that
they are there if under Windows, since Visual C claims C89/90, but
does have those functions, or variants.
 2024-02-06 18:27:44 -08:00
Mark Adler
915a3d5b7b Avoid use of snprintf() in test/minigzip.c. 
It was being used only as a safe version of strcpy(). Instead, use
a safe alternative to strcpy().
 2024-02-06 18:27:31 -08:00
Mark Adler
1382e66114 Use _POSIX_C_SOURCE in gzguts.h, instead of _POSIX_SOURCE. 2024-02-06 18:27:24 -08:00
Paul Marquess
4b98fd39c8 Enable fileno() for POSIX system in minigzip.c. 2024-02-05 23:51:31 -08:00
Mark Adler
abd3d1a289 Update zran version. 2024-02-04 18:51:31 -08:00
Mark Adler
037bca67fd Allocate the dictionaries in examples/zran.c. 
This reduces the memory needed for dictionaries, and avoids the
need to reallocate the index at the end to return unused memory.
 2024-02-04 18:51:14 -08:00
Mark Adler
6378d33478 Provide a reusable inflate engine in the index in example/zran.c. 
Avoids the overhead of creating a new inflate engine for each
random access extraction.
 2024-02-04 18:49:40 -08:00
Mark Adler
bb054d95d0 Stop decoding in zran.c once request is satisfied. 2024-02-04 18:49:40 -08:00
Mark Adler
be4db0a79a Set returned index to NULL on an index build error in zran.c. 
An attempt to use the returned pointer in deflate_index_extract()
will now return cleanly with an error. The returned pointer can
now also be used with deflate_index_free() even on error.
 2024-02-04 18:48:30 -08:00
Mark Adler
f1f503da85 Fix cmake build directory interference issue. 2024-01-28 21:50:26 -08:00
Mark Adler
b14484997a Fix version numbers in vstudio definition files. 
They can only have a major and a minor version.
 2024-01-28 12:54:11 -08:00
Mark Adler
31d3dd4306 Update copyright years in LICENSE file. 2024-01-24 14:46:09 -08:00
Aleksei Shpakovskii
04ca30003f Enable build of shared library on AIX. 2024-01-23 18:21:05 -08:00
Mark Adler
f56ad0aafa Note termination of returned strings in contrib/minizip/unzip.h. 2024-01-23 12:00:26 -08:00
Mark Adler
b289a50fc5 Ignore unknown options in configure. 2024-01-23 10:59:41 -08:00
Levi Broderick
8a76f02e0e Avoid implicit conversion warnings in deflate.c and trees.c. 2024-01-23 08:45:00 -08:00
Tomas Berger
df3b265064 Add option to CMakeLists.txt to disable renaming of zconf.h. 2024-01-23 08:39:24 -08:00
Mark Adler
d4eaa1d939 Avoid unterminated file name in contrib/minizip/miniunz.c. 2024-01-23 08:19:24 -08:00
Mark Adler
da5937705d Permit compiling contrib/minizip/unzip.c with decryption. 2024-01-23 08:02:38 -08:00
Cameron Cawley
4de0b054a5 Improve portability to RISC OS. 2024-01-23 06:27:49 -08:00
Mark Adler
9f0f2d4f9f Change version number on develop branch to 1.3.1.1. 2024-01-22 13:07:41 -08:00
Mark Adler
51b7f2abda zlib 1.3.1 2024-01-22 10:32:37 -08:00
Mark Adler
1a8db63788 Move the load flags before the object files in Makefile tests. 2024-01-22 05:54:21 -08:00
tr1cks
2e3d86c4e1 Add target include directories to CMakeLists.txt. 
This enables the addition of zlib to other projects.
 2024-01-22 05:43:21 -08:00
Mark Adler
c06dfecb8a Use Makefile compiler for minizip-test target. 2024-01-21 09:25:44 -08:00
Mark Adler
88ec24670e Remove -w compile option in configure test. 
Not all C compilers have a -w option.
 2024-01-20 18:29:31 -08:00
Dan Kegel
9404df5a1f Use updated zconf.h when building out of directory with configure. 2024-01-19 16:16:11 -08:00
Mark Adler
84f0bafd7c Remove carriage returns from zlib.map. 2024-01-19 15:26:17 -08:00
Mark Adler
7af6320ad7 Fix a bug in ZLIB_DEBUG compiles in check_match(). 
This avoids trying to compare a match starting one byte before the
current window. Thanks to @zmodem (Hans) for discovering this.
 2024-01-19 12:19:53 -08:00
Mark Adler
7b632b486a Revert "Add a CMake option to link the C runtime statically." 
This reverts commit 44dc43ab04.
 2024-01-19 10:10:42 -08:00
Mark Adler
3f635df97e Remove unused Z_ARG macro. 2024-01-17 18:20:32 -08:00
gastush
ade6825c49 Fix cmake build on AIX. 
The --version-script linker option is not supported by the linker on AIX systems
 2024-01-17 17:52:19 -08:00
Mark Adler
2526346237 Remove mentions of an official zlib DLL distribution. 
There used to be one, but no more. It is up to the user or vendor
to compile zlib.
 2024-01-17 17:19:03 -08:00
Dimitri Papadopoulos
fe41d18921 Correct typos in source code. 2024-01-17 16:43:38 -08:00
Milan Bulat
01253ecd7e Make the existence of gz_intmax() unconditional. 
gz_intmax() is noted in zlib.map. This assures it's always there.
 2024-01-17 16:07:14 -08:00
Peter Taylor
6201f89384 Add cmake option to control the build of the example executables. 2024-01-17 15:34:01 -08:00
Matt Wilson
14a5f8f266 Neutralize zip file traversal attacks in miniunz. 
Archive formats such as .zip files are generally susceptible to
so-called "traversal attacks". This allows an attacker to craft
an archive that writes to unexpected locations of the file system
(e.g., /etc/shadow) if an unspecting root user were to unpack a
malicious archive.

This patch neutralizes absolute paths such as /tmp/moo and deeply
relative paths such as dummy/../../../../../../../../../../tmp/moo

The Debian project requested CVE-2014-9485 be allocated for the
first identified weakness. The fix was incomplete, resulting in a
revised patch applied here. Since there wasn't an updated version
released by Debian with the incomplete fix, I suggest we use this
CVE to identify both issues.

Link: https://security.snyk.io/research/zip-slip-vulnerability
Link: https://bugs.debian.org/774321
Link: https://bugs.debian.org/776831
Link: https://nvd.nist.gov/vuln/detail/CVE-2014-9485
Reported-by: Jakub Wilk <jwilk@debian.org>
Fixed-by: Michael Gilbert <mgilbert@debian.org>
 2024-01-17 15:08:08 -08:00
tbeu
44dc43ab04 Add a CMake option to link the C runtime statically. 2024-01-17 14:55:54 -08:00
THE-Spellchecker
01155ccc3f Fix random typos over several source and text files. 2024-01-17 13:49:11 -08:00
William Leara
16799d064b Fix "the the" in examples/gzlog.c. 2024-01-17 12:52:01 -08:00
William Leara
190168cc1c Correct case of MSDOS in contrib/minizip/miniunz.c. 2024-01-17 12:48:27 -08:00
William Leara
762cf49e63 Refer to correct function in contrib/minizip/unzip.c comment. 2024-01-17 12:46:14 -08:00
Mark Adler
36e369e1a5 Note that the len2 argument of crc_combine*() must be non-negative. 
If it is negative, then the code will enter an infinite loop.
 2024-01-13 22:30:30 -08:00
Hans Wennborg
60c31985ec Fix the copy of pending_buf in deflateCopy() for the LIT_MEM case. 2024-01-13 22:30:30 -08:00
Hans Wennborg
ee474ff2d1 Fix pending buffer overflow assert with LIT_MEM allocation. 
Since each element in s->d_buf is 2 bytes, the sx index should be
multiplied by 2 in the assert.

Fixes #897
 2024-01-13 22:30:30 -08:00
Mark Adler
4bd9a71f35 Remove fdopen #defines in zutil.h. 
fdopen() is not used by zlib anymore. The #defines are vestigial.
 2024-01-13 22:30:30 -08:00
Mark Adler
431a9b65ea Add bounds checking to ERR_MSG() macro, used by zError(). 2024-01-13 22:29:58 -08:00
Paul Ivanov
643e17b749 Correct repeated words in source file comments and a readme. 2023-11-14 18:44:32 -08:00