Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[Zlib_jll] Update to v1.2.12+3 #44810

Merged
merged 1 commit into from
Apr 4, 2022
Merged

Conversation

giordano
Copy link
Contributor

@giordano giordano commented Mar 31, 2022

Follow up to JuliaPackaging/Yggdrasil#4692.

Note: this is the first build of the real upstream version 1.2.12 which was
released a few days ago.

Usual memo to self:

  • update the version number in stdlib/Zlib_jll/Project.toml
  • update the version number in deps/zlib.version
  • refresh checksums with make -f contrib/refresh_checksums.mk -j zlib

CC: @eschnett

@giordano giordano added external dependencies Involves LLVM, OpenBLAS, or other linked libraries JLLs labels Mar 31, 2022
@giordano giordano requested a review from staticfloat March 31, 2022 16:03
Note: this is the first build of the real upstream version 1.2.12 which was
released a few days ago.
@eschnett
Copy link
Contributor

This is a security update for zlib. It would make sense to backport these changes.

@giordano giordano added backport 1.6 Change should be backported to release-1.6 backport 1.7 backport 1.8 Change should be backported to release-1.8 labels Mar 31, 2022
@giordano giordano merged commit 81e7cfc into JuliaLang:master Apr 4, 2022
@giordano giordano deleted the mg/update-zlib branch April 4, 2022 20:11
@eschnett
Copy link
Contributor

eschnett commented Apr 6, 2022

How is backporting handled? Do people scan closed PRs for backport tags?

@giordano
Copy link
Contributor Author

giordano commented Apr 6, 2022

I believe @KristofferC has a script which does that automatically

@KristofferC KristofferC mentioned this pull request Apr 19, 2022
40 tasks
KristofferC pushed a commit that referenced this pull request Apr 19, 2022
Note: this is the first build of the real upstream version 1.2.12 which was
released a few days ago.

(cherry picked from commit 81e7cfc)
KristofferC pushed a commit that referenced this pull request Apr 19, 2022
Note: this is the first build of the real upstream version 1.2.12 which was
released a few days ago.

(cherry picked from commit 81e7cfc)
@KristofferC KristofferC mentioned this pull request Apr 19, 2022
67 tasks
@nsslh
Copy link

nsslh commented May 9, 2022

Please add the security label.

Edit: @KristofferC I suggested this based on Discourse discussion where you mentioned that this could be considered a security update. I guess you're referring to the out-of-bounds fix, although I can't find a CVE for it.

Edit: Found it. I think it's CVE-2018-25032 [High].

@giordano giordano added the security System security concerns and vulnerabilities label May 10, 2022
@fxcoudert
Copy link
Contributor

@giordano quick question: why is ZLIB_VER in deps/Versions.make still 1.2.11? Is that a mistake that should be updated, or should that line be removed entirely? I do not understand the difference between deps/Versions.make and deps/zlib.version?

@giordano
Copy link
Contributor Author

That's a good question to which I don't have a definitive answer. deps/zlib.mk fetches the source with the function git-external:

$(eval $(call git-external,zlib,ZLIB,,,$(SRCCACHE)))
which reads deps/zlib.version and uses the variables defined there:
include $$(SRCDIR)/$1.version
$2_SHA1 := $$(strip $$($2_SHA1))
$2_BRANCH := $$(strip $$($2_BRANCH))
So I think that the version number in deps/Versions.make is not really used, but judging by the comments at the top of the file the variable still needs to be defined?

KristofferC pushed a commit that referenced this pull request May 23, 2022
Note: this is the first build of the real upstream version 1.2.12 which was
released a few days ago.

(cherry picked from commit 81e7cfc)
KristofferC pushed a commit that referenced this pull request May 23, 2022
Note: this is the first build of the real upstream version 1.2.12 which was
released a few days ago.

(cherry picked from commit 81e7cfc)
@KristofferC KristofferC removed backport 1.8 Change should be backported to release-1.8 backport 1.7 labels May 26, 2022
@KristofferC KristofferC removed the backport 1.6 Change should be backported to release-1.6 label Jul 6, 2022
KristofferC pushed a commit that referenced this pull request Dec 21, 2022
Note: this is the first build of the real upstream version 1.2.12 which was
released a few days ago.

(cherry picked from commit 81e7cfc)
staticfloat pushed a commit that referenced this pull request Dec 23, 2022
Note: this is the first build of the real upstream version 1.2.12 which was
released a few days ago.

(cherry picked from commit 81e7cfc)
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
external dependencies Involves LLVM, OpenBLAS, or other linked libraries JLLs security System security concerns and vulnerabilities
Projects
None yet
Development

Successfully merging this pull request may close these issues.

6 participants