[rpms/zchunk] epel10: Fix a few low severity security bugs

public inbox for git-commits@fedoraproject.org
help / color / mirror / Atom feed

* [rpms/zchunk] epel10: Fix a few low severity security bugs
@ 2026-06-11 15:21 Jonathan Dieter
  0 siblings, 0 replies; only message in thread
From: Jonathan Dieter @ 2026-06-11 15:21 UTC (permalink / raw)
  To: git-commits

            A new commit has been pushed.

            Repo   : rpms/zchunk
            Branch : epel10
            Commit : 5950ea2a8e775a33f2c595cb4ca13034fec4b660
            Author : Jonathan Dieter <jdieter@gmail.com>
            Date   : 2023-04-04T21:35:44+01:00
            Stats  : +11/-2 in 3 file(s)
            URL    : https://src.fedoraproject.org/rpms/zchunk/c/5950ea2a8e775a33f2c595cb4ca13034fec4b660?branch=epel10

            Log:
            Fix a few low severity security bugs

 - An off-by-one overflow when reading compressed integers from a
   malicious zchunk file
 - Error handling being skipped when the number of bytes read doesn't
   match what's expected
 - Not freeing memory when attempting to reallocate to size 0

Signed-off-by: Jonathan Dieter <jdieter@gmail.com>

---
diff --git a/.gitignore b/.gitignore
index 9011db5..e978ff2 100644
--- a/.gitignore
+++ b/.gitignore
@@ -36,3 +36,4 @@
 /zchunk-1.2.3.tar.gz
 /zchunk-1.2.4.tar.gz
 /zchunk-1.3.0.tar.gz
+/zchunk-1.3.1.tar.gz

diff --git a/sources b/sources
index 2c857a7..9ea5fb2 100644
--- a/sources
+++ b/sources
@@ -1 +1 @@
-SHA512 (zchunk-1.3.0.tar.gz) = abfe9a6f8693ad649962e8b524aa3373561fbe4b932cb7ba3f58abbf91b648f5f61ad3ecadf415bb5d46e8e8283cb4a314d6cb6184f35f491f4478eac0da7075
+SHA512 (zchunk-1.3.1.tar.gz) = 5eec3ee084f3192291f5956dc797275986ebaa004df580be73de18ff22a781b6c5362bedc6263c9ae3569e5fa12cf5225d87aed7ec4ddfa6210f5c92763566e5

diff --git a/zchunk.spec b/zchunk.spec
index ec81816..b6724ba 100644
--- a/zchunk.spec
+++ b/zchunk.spec
@@ -1,5 +1,5 @@
 Name:           zchunk
-Version:        1.3.0
+Version:        1.3.1
 Release:        1%{?dist}
 Summary:        Compressed file format that allows easy deltas
 License:        BSD and MIT
@@ -84,6 +84,14 @@ install contrib/gen_xml_dictionary %{buildroot}%{_libexecdir}/zck_gen_xml_dictio
 %{_includedir}/zck.h
 
 %changelog
+* Tue Apr  4 2023 Jonathan Dieter <jdieter@gmail.com> - 1.3.1-1
+- Fix a few low severity security bugs including
+  - An off-by-one overflow when reading compressed integers from a
+    malicious zchunk file
+  - Error handling being skipped when the number of bytes read doesn't
+    match what's expected
+  - Not freeing memory when attempting to reallocate to size 0
+
 * Sat Feb 25 2023 Jonathan Dieter <jdieter@gmail.com> - 1.3.0-1
 - Add option to generate a zchunk header from an uncompressed file without
   actually creating a zchunk file

^ permalink raw reply related	[flat|nested] only message in thread

only message in thread, other threads:[~2026-06-11 15:21 UTC | newest]

Thread overview: (only message) (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2026-06-11 15:21 [rpms/zchunk] epel10: Fix a few low severity security bugs Jonathan Dieter

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox