Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Update to zlib 1.2.13 #16305

Merged
merged 1 commit into from Nov 10, 2022
Merged

Update to zlib 1.2.13 #16305

merged 1 commit into from Nov 10, 2022

Conversation

pshipton
Copy link
Member

Version 1.2.13 has these key updates from 1.2.12:

  • Fix a bug when getting a gzip header extra field with
    inflateGetHeader(). This remedies
    CVE-2022-37434.
  • Fix a bug in block type selection when Z_FIXED used. Now the
    smallest block type is selected, for better compression.
  • Fix a configure issue that discarded the provided CC definition.
  • Correct incorrect inputs provided to the CRC functions. This
    mitigates a bug in Java.
  • Repair prototypes and exporting of the new CRC functions.
  • Fix inflateBack to detect invalid input with distances too far.

The CVE is already fixed in 0.35 via [1]. The bug fix for Java is
already fixed in 0.33 via the extensions, example [2].

[1] #15834
[2] ibmruntimes/openj9-openjdk-jdk8#569

@pshipton
Update to zlib 1.2.13
d0c89c4 
Version 1.2.13 has these key updates from 1.2.12:

-    Fix a bug when getting a gzip header extra field with
inflateGetHeader(). This remedies
[CVE-2022-37434](https://nvd.nist.gov/vuln/detail/CVE-2022-37434).
-    Fix a bug in block type selection when Z_FIXED used. Now the
smallest block type is selected, for better compression.
-    Fix a configure issue that discarded the provided CC definition.
-    Correct incorrect inputs provided to the CRC functions. This
mitigates a bug in Java.
-    Repair prototypes and exporting of the new CRC functions.
-    Fix inflateBack to detect invalid input with distances too far.

The CVE is already fixed in 0.35 via [1]. The bug fix for Java is
already fixed in 0.33 via the extensions,  example [2].

[1] eclipse-openj9#15834
[2] ibmruntimes/openj9-openjdk-jdk8#569

Signed-off-by: Peter Shipton <Peter_Shipton@ca.ibm.com>
@pshipton
Copy link
Member Author

jenkins compile all jdk8,jdk11,jdk17

@pshipton
Copy link
Member Author

Tested in internal build

@keithc-ca keithc-ca merged commit 4327004 into eclipse-openj9:master Nov 10, 2022
@pshipton pshipton mentioned this pull request Dec 7, 2022
Merged
pshipton added a commit to pshipton/openj9 that referenced this pull request Dec 7, 2022
@pshipton
Update LICENSE and about files for zlib 1.2.13, libffi
0e76640 
This should have been done with previous changes
eclipse-openj9#16305
eclipse-openj9#14835

Signed-off-by: Peter Shipton <Peter_Shipton@ca.ibm.com>
pshipton added a commit to pshipton/openj9 that referenced this pull request Dec 7, 2022
@pshipton
Update LICENSE and about files for zlib 1.2.13, libffi
094f65e 
This should have been done with previous changes
eclipse-openj9#16305
eclipse-openj9#14835

Signed-off-by: Peter Shipton <Peter_Shipton@ca.ibm.com>
@pshipton pshipton mentioned this pull request Dec 7, 2022
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@keithc-ca keithc-ca keithc-ca approved these changes

Assignees
No one assigned
Labels
comp:vm
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
2 participants
@pshipton @keithc-ca