From 2836f5061e17a6a827847b6f180c9269a448bfb5 Mon Sep 17 00:00:00 2001 From: Zachary Ware Date: Sat, 2 Apr 2022 08:10:23 -0500 Subject: [PATCH] bpo-47194: Update zlib to v1.2.12 on Windows to resolve CVE-2018-25032 (GH-32241) (cherry picked from commit 6066739ff7794e54c98c08b953a699cbc961cd28) Co-authored-by: Zachary Ware --- .../next/Windows/2022-04-01-14-57-40.bpo-47194.IB0XL4.rst | 1 + PCbuild/get_externals.bat | 2 +- PCbuild/python.props | 2 +- 3 files changed, 3 insertions(+), 2 deletions(-) create mode 100644 Misc/NEWS.d/next/Windows/2022-04-01-14-57-40.bpo-47194.IB0XL4.rst diff --git a/Misc/NEWS.d/next/Windows/2022-04-01-14-57-40.bpo-47194.IB0XL4.rst b/Misc/NEWS.d/next/Windows/2022-04-01-14-57-40.bpo-47194.IB0XL4.rst new file mode 100644 index 00000000000000..7e76add45fa953 --- /dev/null +++ b/Misc/NEWS.d/next/Windows/2022-04-01-14-57-40.bpo-47194.IB0XL4.rst @@ -0,0 +1 @@ +Update ``zlib`` to v1.2.12 to resolve CVE-2018-25032. diff --git a/PCbuild/get_externals.bat b/PCbuild/get_externals.bat index 677a6a41ab6119..57628396ed06a1 100644 --- a/PCbuild/get_externals.bat +++ b/PCbuild/get_externals.bat @@ -55,7 +55,7 @@ if NOT "%IncludeTkinterSrc%"=="false" set libraries=%libraries% tcl-core-8.6.9.0 if NOT "%IncludeTkinterSrc%"=="false" set libraries=%libraries% tk-8.6.9.0 if NOT "%IncludeTkinterSrc%"=="false" set libraries=%libraries% tix-8.4.3.6 set libraries=%libraries% xz-5.2.2 -set libraries=%libraries% zlib-1.2.11 +set libraries=%libraries% zlib-1.2.12 for %%e in (%libraries%) do ( if exist "%EXTERNALS_DIR%\%%e" ( diff --git a/PCbuild/python.props b/PCbuild/python.props index 296bfd637bf9e6..1226d623831ba0 100644 --- a/PCbuild/python.props +++ b/PCbuild/python.props @@ -53,7 +53,7 @@ $(ExternalsDir)openssl-bin-1.1.1n\$(ArchName)\ $(opensslOutDir)include $(ExternalsDir)\nasm-2.11.06\ - $(ExternalsDir)\zlib-1.2.11\ + $(ExternalsDir)\zlib-1.2.12\ _d