What is the UnixWare 7D zlib 1.3.1a Package? The zlib 1.3.1 package is an updated zlib for UnixWare 7D and OpenServer 6D that addresses the following problems or new features. Problems Fixed -------------- Changes from 1.3.1 to 1.3.1a: * Corrected a packaging issue for OpenServer 6 causing OpenServer 5 compatability libs to be missing. Version 1.3.1 has these key updates from 1.2.13: * Reject overflows of zip header fields in minizip. * Fix bug in inflateSync() for data held in bit buffer. * Add LIT_MEM define to use more memory for a small deflate speedup. * Fix decision on the emission of Zip64 end records in minizip. * Add bounds checking to ERR_MSG() macro, used by zError(). * Neutralize zip file traversal attacks in miniunz. * Fix a bug in ZLIB_DEBUG compiles in check_match(). * Building using K&R (pre-ANSI) function definitions is no longer supported. * Fixed a bug in deflateBound() for level 0 and memLevel 9. * Fixed a bug when gzungetc() is used immediately after gzopen(). * Fixed a bug when using gzflush() with a very small buffer. * Fixed a crash when gzsetparams() is attempted for a transparent write. * Fixed test/example.c to work with FORCE_STORED. * Fixed minizip to allow it to open an empty zip file. * Fixed reading disk number start on zip64 files in minizip. * Fixed a logic error in minizip argument processing. Version 1.2.13 has these key updates from 1.2.12: * Fix a bug when getting a gzip header extra field with inflateGetHeader(). This remedies CVE-2022-37434. * Fix a bug in block type selection when Z_FIXED used. Now the smallest block type is selected, for better compression. * Fix a configure issue that discarded the provided CC definition. * Correct incorrect inputs provided to the CRC functions. This mitigates a bug in Java. * Repair prototypes and exporting of the new CRC functions. * Fix inflateBack to detect invalid input with distances too far. Major changes between zlib 1.2.11 and zlib 1.2.12 * Fix a deflate bug when using the Z_FIXED strategy that can result in out-of-bound accesses. * Fix a deflate bug when the window is full in deflate_stored(). * Speed up CRC-32 computations by a factor of 1.5 to 3. * Use the hardware CRC-32 instruction on ARMv8 processors. * Speed up crc32_combine() with powers of x tables. * Add crc32_combine_gen() and crc32_combine_op() for fast combines. (CVE-2018-25032) Contents -------- zlib-1.3.1a-UnixWare-i386.pkg.gz zlib-dev-1.3.1a-UnixWare-i386.pkg.gz MD5 (zlib-1.3.1a-UnixWare-i386.pkg.gz) = 6d7797dc47f2c56d8054c4c37afe6a98 MD5 (zlib-dev-1.3.1a-UnixWare-i386.pkg.gz) = 1ba7e503ac5cc4d81ff3e3e59a180039 SHA256 (zlib-1.3.1a-UnixWare-i386.pkg.gz) = 28e40354e08460e09cae45d675232f5d57ff51e56176ce5324e61f0c88b171a8 SHA256 (zlib-dev-1.3.1a-UnixWare-i386.pkg.gz) = 152aa6039f135b8e880418ba71ab7dd6529b9ae7bb329e76c307884694b7607f Software Notes and Recommendations ---------------------------------- The zlib 1.3.1a package is intended for installation on UnixWare 7 Definitive 2018 (also known as 7D2M1) OpenServer 6 Definitive 2018 with MP1 (also known as 6D2M2) Installation Instructions ------------------------- 1. Download zlib-1.3.1a-UnixWare-i386.pkg.gz and zlib-dev-1.3.1a-UnixWare-i386.pkg.gz files to the /tmp directory on your machine. 2. As root, add the package to your system using these commands: $ su - Password: # gzcat /tmp/zlib-1.3.1a-UnixWare-i386.pkg.gz | pkgadd -qd - all If you develop software using the zlib library, install the development package. # gzcat /tmp/zlib-dev-1.3.1a-UnixWare-i386.pkg.gz | pkgadd -qd - all 3. The system should be rebooted after installing this package to insure all the services using the /usr/lib/libz.so.1 library are restarted. Removal Instructions -------------------- 1. Your system will not contain a zlib after removal of this package. Note: removing zlib will break OpenSSH, OpenSSL and any other software linked against the zlib library. 2. If you are sure you want to do this, as root, remove the package using these commands: $ su - Password: # pkginfo -q zlib-dev && pkgrm zlib-dev # pkgrm zlib If you have questions regarding this supplement, or the product on which it is installed, please contact your Xinuos software supplier.