[zlib] Fix CVE-2022-37434 (#26792)

* [zlib] Fix CVE-2022-37434 * [zlib] Merge actual patch * Update ports/zlib/CVE-2022-37434.patch Co-authored-by: Frank <65999885+FrankXie05@users.noreply.github.com> * [zlib] Update version SHA Co-authored-by: Chris Brammer <brammer@extend3d.de> Co-authored-by: Frank <65999885+FrankXie05@users.noreply.github.com>
2024-12-28 03:10:57 +08:00 · 2022-09-26 23:46:54 +02:00 · 2022-09-26 23:46:54 +02:00 · 143bc76cc7
commit 143bc76cc7
parent 86cab7438f
5 changed files with 25 additions and 2 deletions
--- a/ports/zlib/CVE-2022-37434.patch
+++ b/ports/zlib/CVE-2022-37434.patch
@ -0,0 +1,17 @@
+diff --git a/inflate.c b/inflate.c
+index 7be8c6366..7a7289749 100644
+--- a/inflate.c
+++ b/inflate.c
+@@ -763,9 +763,10 @@ int flush;
+                 copy = state->length;
+                 if (copy > have) copy = have;
+                 if (copy) {
+                     if (state->head != Z_NULL &&
+-                        state->head->extra != Z_NULL) {
+-                        len = state->head->extra_len - state->length;
+                        state->head->extra != Z_NULL &&
+                        (len = state->head->extra_len - state->length) <
+                            state->head->extra_max) {
+                         zmemcpy(state->head->extra + len, next,
+                                 len + copy > state->head->extra_max ?
+                                 state->head->extra_max - len : copy);
--- a/ports/zlib/portfile.cmake
+++ b/ports/zlib/portfile.cmake
@ -9,6 +9,7 @@ vcpkg_from_github(
        0001-Prevent-invalid-inclusions-when-HAVE_-is-set-to-0.patch
        debug-postfix-mingw.patch
        0002-android-build-mingw.patch
+        CVE-2022-37434.patch
 )

 # This is generated during the cmake build
--- a/ports/zlib/vcpkg.json
+++ b/ports/zlib/vcpkg.json
@ -1,7 +1,7 @@
 {
  "name": "zlib",
  "version": "1.2.12",
-  "port-version": 1,
+  "port-version": 2,
  "description": "A compression library",
  "homepage": "https://www.zlib.net/",
  "license": "Zlib",
--- a/versions/baseline.json
+++ b/versions/baseline.json
@ -8054,7 +8054,7 @@
    },
    "zlib": {
      "baseline": "1.2.12",
-      "port-version": 1
+      "port-version": 2
    },
    "zlib-ng": {
      "baseline": "2.0.6",
--- a/versions/z-/zlib.json
+++ b/versions/z-/zlib.json
@ -1,5 +1,10 @@
 {
  "versions": [
+    {
+      "git-tree": "d40d86865ecbcc5b54d21f840dd2212556aeadd5",
+      "version": "1.2.12",
+      "port-version": 2
+    },
    {
      "git-tree": "ecc4c064d4911faf12d8bf5fd6bcd5c556d89774",
      "version": "1.2.12",