public inbox for git-commits@fedoraproject.org
help / color / mirror / Atom feed
From: Jonathan Dieter <jdieter@gmail.com>
To: git-commits@fedoraproject.org
Subject: [rpms/zchunk] epel10.2: Fix a few low severity security bugs
Date: Thu, 11 Jun 2026 15:22:59 GMT [thread overview]
Message-ID: <178119137920.1.13565739262093788868.rpms-zchunk-5950ea2a8e77@fedoraproject.org> (raw)
A new commit has been pushed.
Repo : rpms/zchunk
Branch : epel10.2
Commit : 5950ea2a8e775a33f2c595cb4ca13034fec4b660
Author : Jonathan Dieter <jdieter@gmail.com>
Date : 2023-04-04T21:35:44+01:00
Stats : +11/-2 in 3 file(s)
URL : https://src.fedoraproject.org/rpms/zchunk/c/5950ea2a8e775a33f2c595cb4ca13034fec4b660?branch=epel10.2
Log:
Fix a few low severity security bugs
- An off-by-one overflow when reading compressed integers from a
malicious zchunk file
- Error handling being skipped when the number of bytes read doesn't
match what's expected
- Not freeing memory when attempting to reallocate to size 0
Signed-off-by: Jonathan Dieter <jdieter@gmail.com>
---
diff --git a/.gitignore b/.gitignore
index 9011db5..e978ff2 100644
--- a/.gitignore
+++ b/.gitignore
@@ -36,3 +36,4 @@
/zchunk-1.2.3.tar.gz
/zchunk-1.2.4.tar.gz
/zchunk-1.3.0.tar.gz
+/zchunk-1.3.1.tar.gz
diff --git a/sources b/sources
index 2c857a7..9ea5fb2 100644
--- a/sources
+++ b/sources
@@ -1 +1 @@
-SHA512 (zchunk-1.3.0.tar.gz) = abfe9a6f8693ad649962e8b524aa3373561fbe4b932cb7ba3f58abbf91b648f5f61ad3ecadf415bb5d46e8e8283cb4a314d6cb6184f35f491f4478eac0da7075
+SHA512 (zchunk-1.3.1.tar.gz) = 5eec3ee084f3192291f5956dc797275986ebaa004df580be73de18ff22a781b6c5362bedc6263c9ae3569e5fa12cf5225d87aed7ec4ddfa6210f5c92763566e5
diff --git a/zchunk.spec b/zchunk.spec
index ec81816..b6724ba 100644
--- a/zchunk.spec
+++ b/zchunk.spec
@@ -1,5 +1,5 @@
Name: zchunk
-Version: 1.3.0
+Version: 1.3.1
Release: 1%{?dist}
Summary: Compressed file format that allows easy deltas
License: BSD and MIT
@@ -84,6 +84,14 @@ install contrib/gen_xml_dictionary %{buildroot}%{_libexecdir}/zck_gen_xml_dictio
%{_includedir}/zck.h
%changelog
+* Tue Apr 4 2023 Jonathan Dieter <jdieter@gmail.com> - 1.3.1-1
+- Fix a few low severity security bugs including
+ - An off-by-one overflow when reading compressed integers from a
+ malicious zchunk file
+ - Error handling being skipped when the number of bytes read doesn't
+ match what's expected
+ - Not freeing memory when attempting to reallocate to size 0
+
* Sat Feb 25 2023 Jonathan Dieter <jdieter@gmail.com> - 1.3.0-1
- Add option to generate a zchunk header from an uncompressed file without
actually creating a zchunk file
reply other threads:[~2026-06-11 15:22 UTC|newest]
Thread overview: [no followups] expand[flat|nested] mbox.gz Atom feed
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=178119137920.1.13565739262093788868.rpms-zchunk-5950ea2a8e77@fedoraproject.org \
--to=jdieter@gmail.com \
--cc=git-commits@fedoraproject.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox