Update Zlib library dependency for PureLib #4654
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
51b7f2ab zlib 1.3.1 1a8db637 Move the load flags before the object files in Makefile tests. 2e3d86c4 Add target include directories to CMakeLists.txt. c06dfecb Use Makefile compiler for minizip-test target. 88ec2467 Remove -w compile option in configure test. 9404df5a Use updated zconf.h when building out of directory with configure. 84f0bafd Remove carriage returns from zlib.map. 7af6320a Fix a bug in ZLIB_DEBUG compiles in check_match(). 7b632b48 Revert "Add a CMake option to link the C runtime statically." 3f635df9 Remove unused Z_ARG macro. ade6825c Fix cmake build on AIX. 25263462 Remove mentions of an official zlib DLL distribution. fe41d189 Correct typos in source code. 01253ecd Make the existence of gz_intmax() unconditional. 6201f893 Add cmake option to control the build of the example executables. 14a5f8f2 Neutralize zip file traversal attacks in miniunz. 44dc43ab Add a CMake option to link the C runtime statically. 01155ccc Fix random typos over several source and text files. 16799d06 Fix "the the" in examples/gzlog.c. 190168cc Correct case of MSDOS in contrib/minizip/miniunz.c. 762cf49e Refer to correct function in contrib/minizip/unzip.c comment. 36e369e1 Note that the len2 argument of crc_combine*() must be non-negative. 60c31985 Fix the copy of pending_buf in deflateCopy() for the LIT_MEM case. ee474ff2 Fix pending buffer overflow assert with LIT_MEM allocation. 4bd9a71f Remove fdopen #defines in zutil.h. 431a9b65 Add bounds checking to ERR_MSG() macro, used by zError(). 643e17b7 Correct repeated words in source file comments and a readme. 15c45adb Fix decision on the emission of Zip64 end records in minizip. ac8f12c9 Add LIT_MEM define to use more memory for a small deflate speedup. bd9c329c Make internal functions static in the test code. 5af7cef4 Fix bug in inflateSync() for data held in bit buffer. 88e50f17 Update miniunz version. 79a0e447 Update version and date in contrib/nuget. 8988e032 Update version numbers and year in contrib/vstudio/vc17. 7192d692 Update vc directory in contrib/nuget. 60bfe641 Rename contrib/vstudio/vc143 to vc17. 73331a6a Reject overflows of zip header fields in minizip. 726e1894 Remove Windows ARM and ARM64 builds from cmake workflow. 4a47c1bf Add project and solution files for building a nuget package. d7de5971 Add VS2022 project files. 4c5a81c2 Remove carriage returns from contrib/vstudio/readme.txt. 0f68a0d8 Limit the length of Darwin shared library version number. 5dc7681f Fix version numbering for Darwin shared library. 3a98b57e Change version number on develop branch to 1.3.0.1. 09155eaa zlib 1.3 899ffefb Use original make and options when Makefile runs make. 25bbd7f5 Avoid uninitialized and unused warnings in contrib/minizip. e13289e3 Fix typo in preceding reversion commit. f5ae600c Revert flipping of load flags in Makefile.in for z/OS. daf27aed Look for a cross-compile libtool first in configure. 9889e988 Avoid cmake deprecation warning. 22fc2089 Clarify requirement in zlib.h to avoid multiple flush markers. 5f52b250 Move load flags before object file in Makefile.in for Z/OS. efc9c7b8 Add license to contrib/untgz. d524e2a8 zlib now uses ANSI C function prototypes, so zlib2ansi not needed. d9825147 Fix bug when using gzflush() with a very small buffer. 6951bc60 Fix typos in contrib/ada. 89ef46ba Remove redundant includes in minizip. 384e50ee Remove TRYFREE macro from minizip. c97a8f1e Replace gcc-9 with gcc-11 for macOS testing. 981ee757 Suppress MSAN detections in deflate's slide_hash(). 1411ccaf Add memory sanitizer to configure (--memory). 7dd6aa72 Fix bug when gzungetc() is used immediately after gzopen(). c7ddcc2e Fix some spelling errors. 2bcc7487 Add minizip testing to Makefile. be7aa115 Read multiple bytes instead of byte-by-byte in minizip unzip.c. aa154e3d Support Haiku in minizip. f679a939 Correct dummy filetime() prototype in minizip.c. b3f23f7f Match sign of printf directive to sign of argument in testzlib. dcd0d86b Match sign of printf directive to sign of argument in minizip. 3061e501 Fix logic error in minizip argument processing. 379bbda3 Fix typos found by codespell in minizip e0bd0ad6 Fix reading disk number start on zip64 files in minizip. 7b28ecc8 Remove duplicated code microsoft#806 f209ca7b minizip: Fix being unable to open empty zip file a566e156 Avoid compiler complaints if _TIME_BITS defined when building zlib. a88f727d Document in zlib.h the initialization of stream fields by the Init and Reset functions. 263a9828 Correct comment in zlib.h on os setting in gzip header. 48c37410 Remove duplicate "the" in zlib.h. 904016e8 Update Java and Perl links in README. b8a8373e Fix test/example.c to work with FORCE_STORED. 33654648 Fix warnings on test/infcover.c. 05527a1b Fix cast in minizip's ioapi.c for Windows. 9b962a45 No include file is needed for __int64 type on Windows. 66588683 Remove use of OF() from contrib/untgz and render it compilable. bf2578be Remove K&R function definitions from contrib/minizip. c4aa3567 Remove K&R function definitions from infback9. e9d5486e Remove K&R function definitions from zlib. 5799c14c Turn off C2X warning about deprecated K&R function syntax. 7e6dc429 Add a NOPRIME #define to zran.c to not use inflatePrime(). eb0e038b Rewrite of zran in examples. See version history in zran.c. 12b345c4 Assure that inflatePrime() can't shift a 32-bit integer by 32 bits. fa8cd50a Make z_size_t 64 bits when compiling on Windows with Z_SOLO. a9b4c1de Update zlib_how.html to match the web page, and add a license. 02a6049e Fix crash when gzsetparams() attempted for transparent write. e5546956 Fix bug in deflateBound() for level 0 and memLevel 9. 76820e41 Update broken article link in README. 41fda48f Change version number on develop branch to 1.2.13.1. git-subtree-dir: src/PureLib/pure/zlib git-subtree-split: 51b7f2abdade71cd9bb0e7a373ef2610ec6f9daf
florelis
previously approved these changes
Jul 19, 2024
florelis
approved these changes
Jul 19, 2024
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This PR addresses the component governance issue: https://nvd.nist.gov/vuln/detail/CVE-2023-45853
The fix applied was pulling in the latest release commit into the zlib subtree of the Pure library.
I also updated the READMEs to reflect the accurate commit along with the command I used to update the library for future guidance.
Git subtree command I ran from root folder:
git subtree pull -P src/PureLib/pure/zlib https://github.com/madler/zlib 51b7f2abdade71cd9bb0e7a373ef2610ec6f9daf --squashRelated Links:
The actual fix
Zlib 1.3.1 Release used for the update
Microsoft Reviewers: Open in CodeFlow