aboutsummaryrefslogtreecommitdiff
Commit message (Collapse)AuthorAgeFilesLines
* Make the existence of gz_intmax() unconditional.Milan Bulat2024-01-172-10/+6
| | | | gz_intmax() is noted in zlib.map. This assures it's always there.
* Add cmake option to control the build of the example executables.Peter Taylor2024-01-171-17/+19
|
* Neutralize zip file traversal attacks in miniunz.Matt Wilson2024-01-171-0/+14
| | | | | | | | | | | | | | | | | | | | | | | | Archive formats such as .zip files are generally susceptible to so-called "traversal attacks". This allows an attacker to craft an archive that writes to unexpected locations of the file system (e.g., /etc/shadow) if an unspecting root user were to unpack a malicious archive. This patch neutralizes absolute paths such as /tmp/moo and deeply relative paths such as dummy/../../../../../../../../../../tmp/moo The Debian project requested CVE-2014-9485 be allocated for the first identified weakness. The fix was incomplete, resulting in a revised patch applied here. Since there wasn't an updated version released by Debian with the incomplete fix, I suggest we use this CVE to identify both issues. Link: https://security.snyk.io/research/zip-slip-vulnerability Link: https://bugs.debian.org/774321 Link: https://bugs.debian.org/776831 Link: https://nvd.nist.gov/vuln/detail/CVE-2014-9485 Reported-by: Jakub Wilk <jwilk@debian.org> Fixed-by: Michael Gilbert <mgilbert@debian.org>
* Add a CMake option to link the C runtime statically.tbeu2024-01-171-4/+22
|
* Fix random typos over several source and text files.THE-Spellchecker2024-01-178-11/+11
|
* Fix "the the" in examples/gzlog.c.William Leara2024-01-171-2/+2
|
* Correct case of MSDOS in contrib/minizip/miniunz.c.William Leara2024-01-171-1/+1
|
* Refer to correct function in contrib/minizip/unzip.c comment.William Leara2024-01-171-1/+1
|
* Note that the len2 argument of crc_combine*() must be non-negative.Mark Adler2024-01-131-2/+2
| | | | If it is negative, then the code will enter an infinite loop.
* Fix the copy of pending_buf in deflateCopy() for the LIT_MEM case.Hans Wennborg2024-01-132-7/+5
|
* Fix pending buffer overflow assert with LIT_MEM allocation.Hans Wennborg2024-01-131-1/+1
| | | | | | | Since each element in s->d_buf is 2 bytes, the sx index should be multiplied by 2 in the assert. Fixes #897
* Remove fdopen #defines in zutil.h.Mark Adler2024-01-131-22/+1
| | | | fdopen() is not used by zlib anymore. The #defines are vestigial.
* Add bounds checking to ERR_MSG() macro, used by zError().Mark Adler2024-01-131-1/+1
|
* Correct repeated words in source file comments and a readme.Paul Ivanov2023-11-147-15/+15
|
* Fix decision on the emission of Zip64 end records in minizip.Mark Adler2023-11-071-1/+1
| | | | | | | | | | The appnote says that if the number of entries in the end record is 0xffff, then the actual number of entries will be found in the Zip64 end record. Therefore if the number of entries is equal to 0xffff, it can't be in the end record by itself, since that is an instruction to get the number from the Zip64 end record. This code would just store 0xffff in the end record in that case, not making a Zip64 end record. This commit fixes that.
* Add LIT_MEM define to use more memory for a small deflate speedup.Mark Adler2023-09-213-3/+67
| | | | | | | | | A bug fix in zlib 1.2.12 resulted in a slight slowdown (1-2%) of deflate. This commit provides the option to #define LIT_MEM, which uses more memory to reverse most of that slowdown. The memory for the pending buffer and symbol buffers is increased by 25%, which increases the total memory usage with the default parameters by about 6%.
* Make internal functions static in the test code.Xin LI2023-09-032-27/+28
| | | | To avoid warnings when building with -Wmissing-prototypes.
* Fix bug in inflateSync() for data held in bit buffer.Mark Adler2023-08-241-1/+1
|
* Update miniunz version.tbeu2023-08-201-1/+1
|
* Update version and date in contrib/nuget.Mark Adler2023-08-191-2/+2
|
* Update version numbers and year in contrib/vstudio/vc17.Mark Adler2023-08-192-5/+5
|
* Update vc directory in contrib/nuget.Mark Adler2023-08-191-8/+8
|
* Rename contrib/vstudio/vc143 to vc17.Mark Adler2023-08-199-0/+0
| | | | | This makes it consistent with the other vstudio projects, which use the version number.
* Reject overflows of zip header fields in minizip.Hans Wennborg2023-08-191-0/+11
| | | | | | | | This checks the lengths of the file name, extra field, and comment that would be put in the zip headers, and rejects them if they are too long. They are each limited to 65535 bytes in length by the zip format. This also avoids possible buffer overflows if the provided fields are too long.
* Remove Windows ARM and ARM64 builds from cmake workflow.Mark Adler2023-08-191-10/+0
| | | | They were added in the VS2022 commit, but failed when run.
* Add project and solution files for building a nuget package.AraHaan2023-08-193-1/+76
|
* Add VS2022 project files.AraHaan2023-08-1911-1/+3559
| | | | Also replaced Itanium with ARM and ARM64 configurations.
* Remove carriage returns from contrib/vstudio/readme.txt.Mark Adler2023-08-191-75/+75
|
* Limit the length of Darwin shared library version number.Mark Adler2023-08-181-2/+2
|
* Fix version numbering for Darwin shared library.Mark Adler2023-08-181-2/+3
|
* Change version number on develop branch to 1.3.0.1.Mark Adler2023-08-1822-46/+49
|
* zlib 1.3v1.3Mark Adler2023-08-1831-74/+87
|
* Use original make and options when Makefile runs make.Mark Adler2023-08-171-2/+2
| | | | Also avoid the use of the -C option for non-GNU make.
* Avoid uninitialized and unused warnings in contrib/minizip.Mark Adler2023-08-172-2/+8
|
* Fix typo in preceding reversion commit.Mark Adler2023-08-171-1/+1
|
* Revert flipping of load flags in Makefile.in for z/OS.Mark Adler2023-08-171-6/+6
| | | | | It looked innocuous enough and worked on macOS, but failed on Ubuntu.
* Look for a cross-compile libtool first in configure.OldWorldOrdr2023-08-171-1/+3
| | | | Permit cross-compilation for Darwin.
* Avoid cmake deprecation warning.Bruno S Marques2023-08-171-1/+1
|
* Clarify requirement in zlib.h to avoid multiple flush markers.Mark Adler2023-08-171-2/+2
|
* Move load flags before object file in Makefile.in for Z/OS.Mark Adler2023-08-171-6/+6
|
* Add license to contrib/untgz.Bastian Germann2023-08-171-0/+16
| | | | A zlib license was agreed to by the authors.
* zlib now uses ANSI C function prototypes, so zlib2ansi not needed.Mark Adler2023-08-171-152/+0
|
* Fix bug when using gzflush() with a very small buffer.Mark Adler2023-08-141-2/+2
|
* Fix typos in contrib/ada.Dimitri Papadopoulos2023-08-142-3/+3
|
* Remove redundant includes in minizip.Mark Adler2023-08-132-4/+0
|
* Remove TRYFREE macro from minizip.Mark Adler2023-08-132-25/+19
|
* Replace gcc-9 with gcc-11 for macOS testing.Dimitri Papadopoulos2023-08-132-2/+2
| | | | | At some point, macos-latest stopped supporting gcc-9, and moved to gcc-11 and gcc-12.
* Suppress MSAN detections in deflate's slide_hash().Andrzej Hunt2023-08-121-0/+5
| | | | | | slide_hash() knowingly reads potentially uninitialized memory, see comment lower down about prev[n] potentially being garbage. In this case, the result is never used.
* Add memory sanitizer to configure (--memory).Mark Adler2023-08-121-5/+11
| | | | | | This also adds --address for the address sanitizer, in addition to the existing --sanitizer. -fno-omit-frame-pointer has been added for both sanitizers to improve the error reporting.
* Fix bug when gzungetc() is used immediately after gzopen().Mark Adler2023-08-111-0/+4
|
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-03-21 19:05:44 +0000