[Announce] GnuPG fix for included zlib
Werner Koch
wk@gnupg.org
Fri Mar 15 15:56:01 2002
--=-=-=
Hi!
As you probably all know, a security problem with the compress library
zlib has been found which affects a lot of software. For details see:
http://www.zlib.org/advisory-2002-03-11.txt
and the security announcements for your OS.
GnuPG does also use zlib; however in most environments the system
provided zlib is used. So an update to this system library is
sufficient to fix the problem in GnuPG.
On systems without a installed zlib, the GnuPG build process
automatically includes the zlib copy which come with it. This may
also be forced by using the --with-included-zlib configure option.
On those systems, GnuPG needs to be updated! A patch with
instructions is attached to this mail.
Note, that the MS-Windows version is also affected by this bug; an
updated binary package will be available soon.
Werner
--=-=-=
Content-Type: text/x-patch
Content-Disposition: attachment; filename=gnupg-zlib.patch
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
NotDashEscaped: You need GnuPG to verify this message
This is a patch against gnupg 1.0.6 to fix the security bug in the
zlib code. Please note that on most systems the zlib code which comes
with GnuPG is not used because usually the zlib provided by the system
is used. This is in almost all cases a shared library, so it is
sufficient to upgrade this one. If the system does only provide a
static library, you have to build GnuPG again.
Apply this patch if your system does not provide a usable zlib or you
configured GnuPG using the option --with-included-zlib.
The patch file is GnuPG signed; you might want to check the signature
after visual inspection that the patch file itself is not a
compressed one (which might trigger the bug).
gpg --verify gnupg-zlib.patch
Change to the source directory (cd gnupg-1.0.6) and enter:
patch -p2 <gnupg-zlib.patch
Then do a make and make install as usual.
2002-03-12 Werner Koch <wk@gnupg.org>
Merged changes from zlib 1.1.4.
diff -u orig/gnupg-1.0.6/zlib/deflate.c gnupg-stable/zlib/deflate.c
--- orig/gnupg-1.0.6/zlib/deflate.c Wed Jan 13 14:12:48 1999
+++ gnupg-stable/zlib/deflate.c Tue Mar 12 10:34:29 2002
@@ -1,5 +1,5 @@
/* deflate.c -- compress data using the deflation algorithm
- * Copyright (C) 1995-1998 Jean-loup Gailly.
+ * Copyright (C) 1995-2002 Jean-loup Gailly.
* For conditions of distribution and use, see copyright notice in zlib.h
*/
@@ -47,12 +47,12 @@
*
*/
-/* @(#) $Id: deflate.c,v 1.2 1999/01/13 13:12:48 koch Exp $ */
+/* @(#) $Id: deflate.c,v 1.2.2.1 2002/03/12 09:34:29 werner Exp $ */
#include "deflate.h"
const char deflate_copyright[] =
- " deflate 1.1.3 Copyright 1995-1998 Jean-loup Gailly ";
+ " deflate 1.1.4 Copyright 1995-2002 Jean-loup Gailly ";
/*
If you use the zlib library in a product, an acknowledgment is welcome
in the documentation of your product. If for some reason you cannot
@@ -242,7 +242,7 @@
windowBits = -windowBits;
}
if (memLevel < 1 || memLevel > MAX_MEM_LEVEL || method != Z_DEFLATED ||
- windowBits < 8 || windowBits > 15 || level < 0 || level > 9 ||
+ windowBits < 9 || windowBits > 15 || level < 0 || level > 9 ||
strategy < 0 || strategy > Z_HUFFMAN_ONLY) {
return Z_STREAM_ERROR;
}
diff -u orig/gnupg-1.0.6/zlib/infblock.c gnupg-stable/zlib/infblock.c
--- orig/gnupg-1.0.6/zlib/infblock.c Wed Jan 13 14:12:48 1999
+++ gnupg-stable/zlib/infblock.c Tue Mar 12 10:19:38 2002
@@ -1,5 +1,5 @@
/* infblock.c -- interpret and process block types to last block
- * Copyright (C) 1995-1998 Mark Adler
+ * Copyright (C) 1995-2002 Mark Adler
* For conditions of distribution and use, see copyright notice in zlib.h
*/
@@ -249,10 +249,12 @@
&s->sub.trees.tb, s->hufts, z);
if (t != Z_OK)
{
- ZFREE(z, s->sub.trees.blens);
r = t;
if (r == Z_DATA_ERROR)
+ {
+ ZFREE(z, s->sub.trees.blens);
s->mode = BAD;
+ }
LEAVE
}
s->sub.trees.index = 0;
@@ -313,11 +315,13 @@
t = inflate_trees_dynamic(257 + (t & 0x1f), 1 + ((t >> 5) & 0x1f),
s->sub.trees.blens, &bl, &bd, &tl, &td,
s->hufts, z);
- ZFREE(z, s->sub.trees.blens);
if (t != Z_OK)
{
if (t == (uInt)Z_DATA_ERROR)
+ {
+ ZFREE(z, s->sub.trees.blens);
s->mode = BAD;
+ }
r = t;
LEAVE
}
@@ -329,6 +333,7 @@
}
s->sub.decode.codes = c;
}
+ ZFREE(z, s->sub.trees.blens);
s->mode = CODES;
case CODES:
UPDATE
diff -u orig/gnupg-1.0.6/zlib/infcodes.c gnupg-stable/zlib/infcodes.c
--- orig/gnupg-1.0.6/zlib/infcodes.c Wed Jan 13 14:12:48 1999
+++ gnupg-stable/zlib/infcodes.c Tue Mar 12 10:19:38 2002
@@ -1,5 +1,5 @@
/* infcodes.c -- process literals and length/distance pairs
- * Copyright (C) 1995-1998 Mark Adler
+ * Copyright (C) 1995-2002 Mark Adler
* For conditions of distribution and use, see copyright notice in zlib.h
*/
@@ -196,15 +196,9 @@
Tracevv((stderr, "inflate: distance %u\n", c->sub.copy.dist));
c->mode = COPY;
case COPY: /* o: copying bytes in window, waiting for space */
-#ifndef __TURBOC__ /* Turbo C bug for following expression */
- f = (uInt)(q - s->window) < c->sub.copy.dist ?
- s->end - (c->sub.copy.dist - (q - s->window)) :
- q - c->sub.copy.dist;
-#else
f = q - c->sub.copy.dist;
- if ((uInt)(q - s->window) < c->sub.copy.dist)
- f = s->end - (c->sub.copy.dist - (uInt)(q - s->window));
-#endif
+ while (f < s->window) /* modulo window size-"while" instead */
+ f += s->end - s->window; /* of "if" handles invalid distances */
while (c->len)
{
NEEDOUT
diff -u orig/gnupg-1.0.6/zlib/inffast.c gnupg-stable/zlib/inffast.c
--- orig/gnupg-1.0.6/zlib/inffast.c Wed Jan 13 14:12:48 1999
+++ gnupg-stable/zlib/inffast.c Tue Mar 12 10:19:38 2002
@@ -1,5 +1,5 @@
/* inffast.c -- process literals and length/distance pairs fast
- * Copyright (C) 1995-1998 Mark Adler
+ * Copyright (C) 1995-2002 Mark Adler
* For conditions of distribution and use, see copyright notice in zlib.h
*/
@@ -93,28 +93,41 @@
/* do the copy */
m -= c;
- if ((uInt)(q - s->window) >= d) /* offset before dest */
- { /* just copy */
- r = q - d;
- *q++ = *r++; c--; /* minimum count is three, */
- *q++ = *r++; c--; /* so unroll loop a little */
- }
- else /* else offset after destination */
+ r = q - d;
+ if (r < s->window) /* wrap if needed */
{
- e = d - (uInt)(q - s->window); /* bytes from offset to end */
- r = s->end - e; /* pointer to offset */
- if (c > e) /* if source crosses, */
+ do {
+ r += s->end - s->window; /* force pointer in window */
+ } while (r < s->window); /* covers invalid distances */
+ e = s->end - r;
+ if (c > e)
{
- c -= e; /* copy to end of window */
+ c -= e; /* wrapped copy */
do {
- *q++ = *r++;
+ *q++ = *r++;
} while (--e);
- r = s->window; /* copy rest from start of window */
+ r = s->window;
+ do {
+ *q++ = *r++;
+ } while (--c);
}
+ else /* normal copy */
+ {
+ *q++ = *r++; c--;
+ *q++ = *r++; c--;
+ do {
+ *q++ = *r++;
+ } while (--c);
+ }
+ }
+ else /* normal copy */
+ {
+ *q++ = *r++; c--;
+ *q++ = *r++; c--;
+ do {
+ *q++ = *r++;
+ } while (--c);
}
- do { /* copy all or what's left */
- *q++ = *r++;
- } while (--c);
break;
}
else if ((e & 64) == 0)
diff -u orig/gnupg-1.0.6/zlib/inftrees.c gnupg-stable/zlib/inftrees.c
--- orig/gnupg-1.0.6/zlib/inftrees.c Wed Jan 13 14:12:49 1999
+++ gnupg-stable/zlib/inftrees.c Tue Mar 12 10:19:38 2002
@@ -1,5 +1,5 @@
/* inftrees.c -- generate Huffman trees for efficient decoding
- * Copyright (C) 1995-1998 Mark Adler
+ * Copyright (C) 1995-2002 Mark Adler
* For conditions of distribution and use, see copyright notice in zlib.h
*/
@@ -11,7 +11,7 @@
#endif
const char inflate_copyright[] =
- " inflate 1.1.3 Copyright 1995-1998 Mark Adler ";
+ " inflate 1.1.4 Copyright 1995-2002 Mark Adler ";
/*
If you use the zlib library in a product, an acknowledgment is welcome
in the documentation of your product. If for some reason you cannot
@@ -104,8 +104,7 @@
/* Given a list of code lengths and a maximum table size, make a set of
tables to decode that set of codes. Return Z_OK on success, Z_BUF_ERROR
if the given code set is incomplete (the tables are still built in this
- case), Z_DATA_ERROR if the input is invalid (an over-subscribed set of
- lengths), or Z_MEM_ERROR if not enough memory. */
+ case), or Z_DATA_ERROR if the input is invalid. */
{
uInt a; /* counter for codes of length k */
@@ -231,7 +230,7 @@
/* allocate new table */
if (*hn + z > MANY) /* (note: doesn't matter for fixed) */
- return Z_MEM_ERROR; /* not enough memory */
+ return Z_DATA_ERROR; /* overflow of MANY */
u[h] = q = hp + *hn;
*hn += z;
diff -u orig/gnupg-1.0.6/zlib/zlib.h gnupg-stable/zlib/zlib.h
--- orig/gnupg-1.0.6/zlib/zlib.h Wed Jan 13 14:12:49 1999
+++ gnupg-stable/zlib/zlib.h Tue Mar 12 10:19:41 2002
@@ -1,7 +1,7 @@
/* zlib.h -- interface of the 'zlib' general purpose compression library
- version 1.1.3, July 9th, 1998
+ version 1.1.4, March 11th, 2002
- Copyright (C) 1995-1998 Jean-loup Gailly and Mark Adler
+ Copyright (C) 1995-2002 Jean-loup Gailly and Mark Adler
This software is provided 'as-is', without any express or implied
warranty. In no event will the authors be held liable for any damages
@@ -37,7 +37,7 @@
extern "C" {
#endif
-#define ZLIB_VERSION "1.1.3"
+#define ZLIB_VERSION "1.1.4"
/*
The 'zlib' compression library provides in-memory compression and
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6d-cvs (GNU/Linux)
iD8DBQE8keynaLeriVdUjc0RAnZaAJ0Q5AX4oAWCkkE5Yqxb4mOcY8rhDQCfTd7D
TR5ke8FWP2dRrl/EP5AU6i4=
=uKF5
-----END PGP SIGNATURE-----
--=-=-=--
_______________________________________________
Gnupg-announce mailing list
Gnupg-announce@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-announce