What is the UnixWare 7D zlib 1.3.1 Package? The zlib 1.3.1 package is an updated zlib for UnixWare 7D and OpenServer 6D that addresses the following problems or new features. Problems Fixed -------------- Version 1.3.1 has these key updates from 1.2.13: * Reject overflows of zip header fields in minizip. * Fix bug in inflateSync() for data held in bit buffer. * Add LIT_MEM define to use more memory for a small deflate speedup. * Fix decision on the emission of Zip64 end records in minizip. * Add bounds checking to ERR_MSG() macro, used by zError(). * Neutralize zip file traversal attacks in miniunz. * Fix a bug in ZLIB_DEBUG compiles in check_match(). * Building using K&R (pre-ANSI) function definitions is no longer supported. * Fixed a bug in deflateBound() for level 0 and memLevel 9. * Fixed a bug when gzungetc() is used immediately after gzopen(). * Fixed a bug when using gzflush() with a very small buffer. * Fixed a crash when gzsetparams() is attempted for a transparent write. * Fixed test/example.c to work with FORCE_STORED. * Fixed minizip to allow it to open an empty zip file. * Fixed reading disk number start on zip64 files in minizip. * Fixed a logic error in minizip argument processing. Version 1.2.13 has these key updates from 1.2.12: * Fix a bug when getting a gzip header extra field with inflateGetHeader(). This remedies CVE-2022-37434. * Fix a bug in block type selection when Z_FIXED used. Now the smallest block type is selected, for better compression. * Fix a configure issue that discarded the provided CC definition. * Correct incorrect inputs provided to the CRC functions. This mitigates a bug in Java. * Repair prototypes and exporting of the new CRC functions. * Fix inflateBack to detect invalid input with distances too far. Major changes between zlib 1.2.11 and zlib 1.2.12 * Fix a deflate bug when using the Z_FIXED strategy that can result in out-of-bound accesses. * Fix a deflate bug when the window is full in deflate_stored(). * Speed up CRC-32 computations by a factor of 1.5 to 3. * Use the hardware CRC-32 instruction on ARMv8 processors. * Speed up crc32_combine() with powers of x tables. * Add crc32_combine_gen() and crc32_combine_op() for fast combines. (CVE-2018-25032) Contents -------- zlib-1.3.1-UnixWare-i386.pkg.gz zlib-dev-1.3.1-UnixWare-i386.pkg.gz MD5 (zlib-1.3.1-UnixWare-i386.pkg.gz) = 1a57d2382f2d1ece4a2b29de98cdbeb5 MD5 (zlib-dev-1.3.1-UnixWare-i386.pkg.gz) = c8b78bd14fbb445215c76eb368e84460 SHA256 (zlib-1.3.1-UnixWare-i386.pkg.gz) = 8048bf82bf9b008b603203bd385e88c69df4612e620d70a06a55881291567045 SHA256 (zlib-dev-1.3.1-UnixWare-i386.pkg.gz) = 49df9653713bcbcfbb40479c1b70a04367ead32b746e7af72b6f5e14667b9908 Software Notes and Recommendations ---------------------------------- The zlib 1.3.1 package is intended for installation on UnixWare 7 Definitive 2018 (also known as 7D2M1) OpenServer 6 Definitive 2018 (also known as 6D2M1) Installation Instructions ------------------------- 1. Download zlib-1.3.1-UnixWare-i386.pkg.gz and zlib-dev-1.3.1-UnixWare-i386.pkg.gz files to the /tmp directory on your machine. 2. As root, add the package to your system using these commands: $ su - Password: # gzcat /tmp/zlib-1.3.1-UnixWare-i386.pkg.gz | pkgadd -qd - all If you develop software using the zlib library, install the development package. # gzcat /tmp/zlib-dev-1.3.1-UnixWare-i386.pkg.gz | pkgadd -qd - all 3. The system should be rebooted after installing this package to insure all the services using the /usr/lib/libz.so.1 library are restarted. Removal Instructions -------------------- 1. Your system will not contain a zlib after removal of this package. Note: removing zlib will break OpenSSH, OpenSSL and any other software linked against the zlib library. 2. If you are sure you want to do this, as root, remove the package using these commands: $ su - Password: # pkginfo -q zlib-dev && pkgrm zlib-dev # pkgrm zlib If you have questions regarding this supplement, or the product on which it is installed, please contact your Xinuos software supplier.