diff options
author | Karen Arutyunov <karen@codesynthesis.com> | 2022-08-29 20:49:20 +0300 |
---|---|---|
committer | Karen Arutyunov <karen@codesynthesis.com> | 2022-08-29 20:49:20 +0300 |
commit | 039cbaca07a03305d85e915f4047ce04ca801482 (patch) | |
tree | 29ed524558cecb08da0fa5afc9cb4f7653f077cc /libz/README-DEV | |
parent | 9fe3f828463e7902cfe85111ce7ed22ab6a9b24f (diff) |
Release version 1.2.1200+2v1.2.1200+2
Apply patches which fix CVE-2022-37434
Rewrite testscript not to use files
Update TODO file
Update libz/README-DEV file
Diffstat (limited to 'libz/README-DEV')
-rw-r--r-- | libz/README-DEV | 11 |
1 files changed, 11 insertions, 0 deletions
diff --git a/libz/README-DEV b/libz/README-DEV index 42a8ae1..aa7874f 100644 --- a/libz/README-DEV +++ b/libz/README-DEV @@ -20,6 +20,17 @@ $ touch zconf.h $ patch -p0 <zconf.h.in.patch $ patch -p0 <zlib.h.patch +Apply patches to fix CVE-2022-37434: + +$ rm inflate.c +$ cp ../../upstream/inflate.c . +$ patch -p0 <CVE-2022-37434-eff308a.patch +$ patch -p0 <CVE-2022-37434-1eb7682.patch + +@@ TMP Remove the CVE-2022-37434-* patches, the above notes, and turn libz.c + back into symlink to ../../upstream/inflate.c when upgrade to upstream + version > 1.2.12. + Note that there is no LICENSE/COPYING file in the upstream project as the copyright notice is provided at the end of its README file. We extract it into a separate (installable) LICENSE file. |