Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 836370 - sys-libs/zlib-1.2.12-r1 causes java.util.zip.ZipException
Summary: sys-libs/zlib-1.2.12-r1 causes java.util.zip.ZipException
Status: RESOLVED FIXED
Alias: None
Product: Gentoo Linux
Classification: Unclassified
Component: Current packages (show other bugs)
Hardware: All Linux
: Normal normal (vote)
Assignee: Gentoo's Team for Core System packages
URL:
Whiteboard:
Keywords:
Depends on:
Blocks: 836303
  Show dependency tree
 
Reported: 2022-03-29 13:44 UTC by rx80
Modified: 2022-03-31 00:21 UTC (History)
1 user (show)

See Also:
Package list:
Runtime testing required: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description rx80 2022-03-29 13:44:29 UTC 
The one way i can reliably reproduce this is as follows:

npm install google-closure-compiler
npm exec google-closure-compiler

With previous (working) version of sys-libs/zlib-1.2.11-r5 it runs fine.

Upgrading to sys-libs/zlib-1.2.12-r1 causes this error:
java.util.zip.ZipException: invalid entry CRC (expected 0x4e1f14a4 but got 0xb1e0eb5b)
        at java.util.zip.ZipInputStream.readEnd(ZipInputStream.java:410)
        at java.util.zip.ZipInputStream.read(ZipInputStream.java:199)
        at java.util.zip.ZipInputStream.closeEntry(ZipInputStream.java:143)
        at java.util.zip.ZipInputStream.getNextEntry(ZipInputStream.java:121)
        at com.google.javascript.jscomp.AbstractCommandLineRunner.getBuiltinExterns(AbstractCommandLineRunner.java:481)
        at com.google.javascript.jscomp.CommandLineRunner.createExterns(CommandLineRunner.java:2083)
        at com.google.javascript.jscomp.AbstractCommandLineRunner.doRun(AbstractCommandLineRunner.java:1168)
        at com.google.javascript.jscomp.AbstractCommandLineRunner.run(AbstractCommandLineRunner.java:532)
        at com.google.javascript.jscomp.CommandLineRunner.main(CommandLineRunner.java:2241)


Downgrading to 1.2.11-r5 fixes it.

Reproducible: Always
Comment 1 Sam James archtester Gentoo Infrastructure gentoo-dev Security 2022-03-29 13:59:56 UTC 
Could you report this upstream please?

https://github.com/madler/zlib/issues
Comment 2 rx80 2022-03-29 14:04:29 UTC 
(In reply to Sam James from comment #1)
> Could you report this upstream please?
> 
> https://github.com/madler/zlib/issues

Done: https://github.com/madler/zlib/issues/613
Comment 3 Sam James archtester Gentoo Infrastructure gentoo-dev Security 2022-03-29 14:07:59 UTC 
Thanks!
Comment 4 Larry the Git Cow gentoo-dev 2022-03-31 00:21:02 UTC 
The bug has been closed via the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=37f4162df7f95c4c101ac94792d50894560b994a

commit 37f4162df7f95c4c101ac94792d50894560b994a
Author:     Sam James <sam@gentoo.org>
AuthorDate: 2022-03-31 00:18:55 +0000
Commit:     Sam James <sam@gentoo.org>
CommitDate: 2022-03-31 00:19:08 +0000

    sys-libs/zlib: backport CRC fix
    
    Would return bad results on bad input.
    
    Closes: https://bugs.gentoo.org/836370
    Signed-off-by: Sam James <sam@gentoo.org>

 .../zlib/files/zlib-1.2.12-CRC-buggy-input.patch   |  50 ++++++
 .../zlib-1.2.12-use-LDFLAGS-in-configure.patch     |  71 ++++++++
 sys-libs/zlib/zlib-1.2.12-r2.ebuild                | 194 +++++++++++++++++++++
 3 files changed, 315 insertions(+)