Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[zlib] Fix CVE-2022-37434 #26792

Merged
merged 4 commits into from
Sep 26, 2022
Merged

[zlib] Fix CVE-2022-37434 #26792

merged 4 commits into from
Sep 26, 2022

Conversation

Faaux
Copy link
Contributor

@Faaux Faaux commented Sep 14, 2022

Describe the pull request

  • What does your PR fix?

    Fixes CVE-2022-37434 for zlib through 1.2.12

  • Which triplets are supported/not supported? Have you updated the [CI baseline]

Same as before

  • Does your PR follow the maintainer guide?

    Yes

  • If you have added/updated a port: Have you run ./vcpkg x-add-version --all and committed the result?

    Yes

@ghost
Copy link

ghost commented Sep 14, 2022
edited by ghost
Loading

CLA assistant check
All CLA requirements met.

@Faaux
Copy link
Contributor Author

Faaux commented Sep 14, 2022

Hope this all works out (first time contributing), corresponding issue: #26790

github-actions[bot]
github-actions bot previously approved these changes Sep 15, 2022
View reviewed changes
@FrankXie05 FrankXie05 added the category:port-bug The issue is with a library, which is something the port should already support label Sep 15, 2022
FrankXie05
FrankXie05 requested changes Sep 15, 2022
View reviewed changes
ports/zlib/portfile.cmake Outdated Show resolved Hide resolved
github-actions[bot]
github-actions bot previously approved these changes Sep 15, 2022
View reviewed changes
FrankXie05
FrankXie05 requested changes Sep 15, 2022
View reviewed changes
ports/zlib/CVE-2022-37434.patch Outdated Show resolved Hide resolved
ports/zlib/CVE-2022-37434.patch Outdated Show resolved Hide resolved
github-actions[bot]
github-actions bot previously approved these changes Sep 16, 2022
View reviewed changes
@FrankXie05 FrankXie05 linked an issue Sep 16, 2022 that may be closed by this pull request
[zlib] patch CVE-2022-37434 #26790
Closed
@dg0yt dg0yt mentioned this pull request Sep 20, 2022
Closed
@FrankXie05 FrankXie05 added the info:reviewed Pull Request changes follow basic guidelines label Sep 20, 2022
FrankXie05
FrankXie05 requested changes Sep 20, 2022
View reviewed changes
ports/zlib/CVE-2022-37434.patch Outdated Show resolved Hide resolved
@FrankXie05 FrankXie05 added requires:author-response and removed info:reviewed Pull Request changes follow basic guidelines labels Sep 20, 2022
github-actions[bot]
github-actions bot requested changes Sep 21, 2022
View reviewed changes
Copy link

@github-actions github-actions bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This is a new experimental fast check for PR issues. Please let us know if this bot is helpful!

PRs must add only one version and must not modify any published versions

When making any changes to a library, the version or port-version in vcpkg.json or CONTROL must be modified.

error: checked-in files for zlib have changed but the version was not updated
version: 1.2.12#2
old SHA: 026d6d9651ff45fd010acbc952c303d7069f2be8
new SHA: d40d86865ecbcc5b54d21f840dd2212556aeadd5
Did you remember to update the version or port version?
Use --overwrite-version to bypass this check
***No files were updated***

@FrankXie05
Copy link
Contributor

/azp run

@azure-pipelines
Copy link

Azure Pipelines successfully started running 1 pipeline(s).

@FrankXie05 FrankXie05 added the info:reviewed Pull Request changes follow basic guidelines label Sep 23, 2022
@dan-shaw dan-shaw added the requires:vcpkg-team-review This PR or issue requires someone on the vcpkg team to take a further look. label Sep 26, 2022
@vicroms vicroms removed the requires:vcpkg-team-review This PR or issue requires someone on the vcpkg team to take a further look. label Sep 26, 2022
@vicroms vicroms merged commit 143bc76 into microsoft:master Sep 26, 2022
@Neustradamus
Copy link

@madler has done the new build, the 1.2.13 has been released with the CVE-2022-37434 fix.

@FrankXie05
Copy link
Contributor

@Neustradamus You can submit a new issue to update zlib and remove the patch.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@dg0yt dg0yt dg0yt left review comments

@Neumann-A Neumann-A Neumann-A left review comments

@github-actions github-actions[bot] github-actions[bot] approved these changes

@FrankXie05 FrankXie05 FrankXie05 approved these changes

Assignees

@FrankXie05 FrankXie05

Labels
category:port-bug The issue is with a library, which is something the port should already support info:reviewed Pull Request changes follow basic guidelines
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

[zlib] patch CVE-2022-37434
7 participants
@Faaux @FrankXie05 @Neustradamus @dg0yt @Neumann-A @vicroms @dan-shaw