[Zlib-devel] #ifdef out strerror prototype for VMS
Cosmin Truta
cosmin at cs.toronto.edu
Fri Jun 25 17:43:35 EDT 2004
On Thu, 24 Jun 2004, Tim Rowley wrote:
> On Thu, Jun 24, 2004 at 10:02:44PM -0400, Cosmin Truta wrote:
> > I probably should point out that, by using zlib-1.2.1, Mozilla is
> > susceptible to the latest inflate bug. If you already started using
> > 1.2.1, you should either backport the latest 1.2.1.1 fix into your zlib
> > branch, or upgrade as soon as 1.2.2 gets out.
>
> I see no reference to 1.2.1.1 or any official patches on the zlib
> homepage or in the zlib-announce archives - where can I find
> information about this bug?
I am forwarding you the original message from Mark Adler. zlib-1.2.1
incorrectly rejects valid zlib streams. Apparently, this is not a very
big problem, because there was only one report of this bug so far.
Neither gzip nor zlib produce such streams (which are, however, spec
compliant).
This bug raises no security issues.
Caution: 1.2.1.1 is a beta release, so if you don't want to wait until
1.2.2, perhaps it's best to put a prominent notice about that. It has no
known bugs according to our testing, yet we would like to discourage the
distribution of betas.
I also noticed that someone mentioned in the Mozilla bug #248616, the
extra size of the compiled 1.2.1 binary, compared to 1.1.4. Here is a
tip: if you don't use zlib to handle gzip headers (which I presume it's
true if 1.1.4 works for you as well as 1.2.1), you may #define NO_GZIP
and NO_GZCOMPRESS when making your custom zlib build.
Best regards,
Cosmin
** Begin forwarded message **
Date: Fri, 9 Jan 2004
From: Mark Adler <email not shown>
A zip file was found that zlib 1.2.1 could not properly inflate, but
previous versions could (as well as various other versions of my
inflate code). Oops. I have fixed the bug, and a new version is now
available here:
http://www.alumni.caltech.edu/~madler/zlib-1.2.1.1.tar.gz
Please test this version. The only source change is in inftrees.c,
which fixes a problem with dynamic blocks that have no distance codes.
mark
MD5(zlib-1.2.1.1.tar.gz)= e30f85eed4ecb32841cafe12673c6590
SHA1(zlib-1.2.1.1.tar.gz)= 1fe170e4c0e603c59ca4c1e853ba45c812889574
More information about the Zlib-devel
mailing list