Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

zlib upgrade for CVE-2018-25032 #106

Merged
merged 1 commit into from
Jun 28, 2022
Merged

zlib upgrade for CVE-2018-25032 #106

merged 1 commit into from
Jun 28, 2022

Conversation

oxelson
Copy link
Member

@oxelson oxelson commented Jun 27, 2022

Upgrade to 1.2.12

@oxelson oxelson requested a review from akrherz June 27, 2022 22:30
@akrherz
Copy link
Collaborator

akrherz commented Jun 27, 2022

Thanks @oxelson , but doesn't the actual zlib 1.2.12 source need included as well?

@oxelson
Copy link
Member Author

oxelson commented Jun 27, 2022

le sigh Sorry @akrherz! It's been a day. I'll get that added. 🤪

@akrherz
Copy link
Collaborator

akrherz commented Jun 28, 2022

Whelp, CI is green here, but is 1) not good and 2) makes me realize what the docker images were doing with extlibs. Ufff

@oxelson
Copy link
Member Author

oxelson commented Jun 28, 2022

I double checked and did grab the source code for the latest zlib and put in the symlink -- but the v1.2.12 directory & contents were not pushed to the repo...? Sorry about that. I'll correct it.

Whelp, CI is green here, but is 1) not good and 2) makes me realize what the docker images were doing with extlibs. Ufff

How did you want to proceed?

@akrherz
Copy link
Collaborator

akrherz commented Jun 28, 2022

@oxelson I am unsure. It would certainly be nice just to jettison zlib from extlibs and let the OS provide the library, but that may be a bridge too far.

@oxelson
Copy link
Member Author

oxelson commented Jun 28, 2022

I had to comment of the extlibs/ in .gitignore to get the libz source code added.

It would certainly be nice just to jettison zlib from extlibs and let the OS provide the library, but that may be a bridge too far.

I'll defer to you on this. Either way, we should probably rebuild gempak with the new/safe version of zlib and make that available. :-)

akrherz
akrherz reviewed Jun 28, 2022
View reviewed changes
.gitignore Outdated Show resolved Hide resolved
@akrherz
Copy link
Collaborator

akrherz commented Jun 28, 2022

we should probably rebuild gempak

We are not distributing binaries at this time, I am still boggling this.

@oxelson
Copy link
Member Author

oxelson commented Jun 28, 2022

We are not distributing binaries at this time, I am still boggling this.

Sounds good. 👍

@akrherz
Copy link
Collaborator

akrherz commented Jun 28, 2022

Thanks again @oxelson , will take this once CI passes.

@akrherz akrherz added this to the 7.15.0.1 milestone Jun 28, 2022
@akrherz akrherz merged commit e6315c2 into Unidata:main Jun 28, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@akrherz akrherz akrherz left review comments

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
7.15.0.1
Development

Successfully merging this pull request may close these issues.
2 participants
@oxelson @akrherz