From: Peter Marko <[email protected]> Delete patch included in this version. Remove CVE_STATUS for CVE resolved in this release.
Release information: [1] More details on homepage: [2] Audit details: [3] Version 1.3.2 has these key updates from 1.3.1: * Address findings of the 7ASecurity audit of zlib. * Check for negative lengths in crc32_combine functions. * Copy only the initialized window contents in inflateCopy. * Prevent the use of insecure functions without an explicit request. * Add compressBound_z and deflateBound_z functions for large values. * Use atomics to build inflate fixed tables once. * Add --undefined option to ./configure for UBSan checker. * Copy only the initialized deflate state in deflateCopy. * Zero inflate state on allocation. * Add compress_z and uncompress_z functions. * Complete rewrite of cmake support. * Remove untgz from contrib. * Vectorize the CRC-32 calculation on the s390x. * Remove vstudio projects in lieu of cmake-generated projects. * Add zipAlreadyThere() to minizip zip.c to help avoid duplicates. * Add deflateUsed() function to get the used bits in the last byte. * Fix bug in inflatePrime() for 16-bit ints. * Add a "G" option to force gzip, disabling transparency in gzread(). * Return all available uncompressed data on error in gzread.c. * Support non-blocking devices in the gz* routines. [1] https://github.com/madler/zlib/releases/tag/v1.3.2 [2] https://zlib.net/ [3] https://7asecurity.com/blog/2026/02/zlib-7asecurity-audit/ Signed-off-by: Peter Marko <[email protected]> --- ...configure-Pass-LDFLAGS-to-link-tests.patch | 78 ------------------- .../zlib/{zlib_1.3.1.bb => zlib_1.3.2.bb} | 5 +- 2 files changed, 1 insertion(+), 82 deletions(-) delete mode 100644 meta/recipes-core/zlib/zlib/0001-configure-Pass-LDFLAGS-to-link-tests.patch rename meta/recipes-core/zlib/{zlib_1.3.1.bb => zlib_1.3.2.bb} (85%) diff --git a/meta/recipes-core/zlib/zlib/0001-configure-Pass-LDFLAGS-to-link-tests.patch b/meta/recipes-core/zlib/zlib/0001-configure-Pass-LDFLAGS-to-link-tests.patch deleted file mode 100644 index 07b2cd3879..0000000000 --- a/meta/recipes-core/zlib/zlib/0001-configure-Pass-LDFLAGS-to-link-tests.patch +++ /dev/null @@ -1,78 +0,0 @@ -Upstream-Status: Submitted [https://github.com/madler/zlib/pull/599] -Signed-off-by: Ross Burton <[email protected]> - -From ea77f1f003a4d18b23cca703f3c824942863a1b4 Mon Sep 17 00:00:00 2001 -From: Khem Raj <[email protected]> -Date: Tue, 8 Mar 2022 22:38:47 -0800 -Subject: [PATCH] configure: Pass LDFLAGS to link tests - -LDFLAGS can contain critical flags without which linking wont succeed -therefore ensure that all configure tests involving link time checks are -using LDFLAGS on compiler commandline along with CFLAGS to ensure the -tests perform correctly. Without this some tests may fail resulting in -wrong confgure result, ending in miscompiling the package - -Signed-off-by: Khem Raj <[email protected]> - ---- - configure | 12 ++++++------ - 1 file changed, 6 insertions(+), 6 deletions(-) - -diff --git a/configure b/configure -index c55098a..a7c6d72 100755 ---- a/configure -+++ b/configure -@@ -443,7 +443,7 @@ if test $shared -eq 1; then - echo Checking for shared library support... | tee -a configure.log - # we must test in two steps (cc then ld), required at least on SunOS 4.x - if try $CC -c $SFLAGS $test.c && -- try $LDSHARED $SFLAGS -o $test$shared_ext $test.o; then -+ try $LDSHARED $SFLAGS $LDFLAGS -o $test$shared_ext $test.o; then - echo Building shared library $SHAREDLIBV with $CC. | tee -a configure.log - elif test -z "$old_cc" -a -z "$old_cflags"; then - echo No shared library support. | tee -a configure.log -@@ -505,7 +505,7 @@ int main(void) { - } - EOF - fi -- if try $CC $CFLAGS -o $test $test.c; then -+ if try $CC $CFLAGS $LDFLAGS -o $test $test.c; then - sizet=`./$test` - echo "Checking for a pointer-size integer type..." $sizet"." | tee -a configure.log - CFLAGS="${CFLAGS} -DNO_SIZE_T=${sizet}" -@@ -539,7 +539,7 @@ int main(void) { - return 0; - } - EOF -- if try $CC $CFLAGS -o $test $test.c; then -+ if try $CC $CFLAGS $LDFLAGS -o $test $test.c; then - echo "Checking for fseeko... Yes." | tee -a configure.log - else - CFLAGS="${CFLAGS} -DNO_FSEEKO" -@@ -556,7 +556,7 @@ cat > $test.c <<EOF - #include <errno.h> - int main() { return strlen(strerror(errno)); } - EOF --if try $CC $CFLAGS -o $test $test.c; then -+if try $CC $CFLAGS $LDFLAGS -o $test $test.c; then - echo "Checking for strerror... Yes." | tee -a configure.log - else - CFLAGS="${CFLAGS} -DNO_STRERROR" -@@ -663,7 +663,7 @@ int main() - return (mytest("Hello%d\n", 1)); - } - EOF -- if try $CC $CFLAGS -o $test $test.c; then -+ if try $CC $CFLAGS $LDFLAGS -o $test $test.c; then - echo "Checking for vsnprintf() in stdio.h... Yes." | tee -a configure.log - - echo >> configure.log -@@ -753,7 +753,7 @@ int main() - } - EOF - -- if try $CC $CFLAGS -o $test $test.c; then -+ if try $CC $CFLAGS $LDFLAGS -o $test $test.c; then - echo "Checking for snprintf() in stdio.h... Yes." | tee -a configure.log - - echo >> configure.log diff --git a/meta/recipes-core/zlib/zlib_1.3.1.bb b/meta/recipes-core/zlib/zlib_1.3.2.bb similarity index 85% rename from meta/recipes-core/zlib/zlib_1.3.1.bb rename to meta/recipes-core/zlib/zlib_1.3.2.bb index ef83142121..8a23d98cd3 100644 --- a/meta/recipes-core/zlib/zlib_1.3.1.bb +++ b/meta/recipes-core/zlib/zlib_1.3.2.bb @@ -8,12 +8,11 @@ LIC_FILES_CHKSUM = "file://zlib.h;beginline=6;endline=23;md5=5377232268e952e9ef6 # The source tarball needs to be .gz as only the .gz ends up in fossils/ SRC_URI = "https://zlib.net/${BP}.tar.gz \ - file://0001-configure-Pass-LDFLAGS-to-link-tests.patch \ file://run-ptest \ " UPSTREAM_CHECK_URI = "http://zlib.net/"; -SRC_URI[sha256sum] = "9a93b2b7dfdac77ceba5a558a580e74667dd6fede4585b91eefb60f03b72df23" +SRC_URI[sha256sum] = "bb329a0a2cd0274d05519d61c667c062e06990d72e125ee2dfa8de64f0119d16" # When a new release is made the previous release is moved to fossils/, so add this # to PREMIRRORS so it is also searched automatically. @@ -51,5 +50,3 @@ BBCLASSEXTEND = "native nativesdk" # Adding 'CVE_PRODUCT' to avoid false detection of CVEs CVE_PRODUCT = "zlib:zlib gnu:zlib" - -CVE_STATUS[CVE-2026-22184] = "not-applicable-config: vulnerable file is not compiled"
-=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#231266): https://lists.openembedded.org/g/openembedded-core/message/231266 Mute This Topic: https://lists.openembedded.org/mt/117860775/21656 Group Owner: [email protected] Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [[email protected]] -=-=-=-=-=-=-=-=-=-=-=-
