On Tue, Apr 5, 2022 at 9:05 AM Jeroen Hofstee via lists.openembedded.org <[email protected]> wrote: > > Hello Ross, > > On 3/29/22 15:07, Ross Burton via lists.openembedded.org wrote: > > Signed-off-by: Ross Burton <[email protected]> > > --- > > .../zlib/zlib/CVE-2018-25032.patch | 347 ++++++++++++++++++ > > meta/recipes-core/zlib/zlib_1.2.11.bb | 1 + > > 2 files changed, 348 insertions(+) > > create mode 100644 meta/recipes-core/zlib/zlib/CVE-2018-25032.patch > > > > diff --git a/meta/recipes-core/zlib/zlib/CVE-2018-25032.patch > > b/meta/recipes-core/zlib/zlib/CVE-2018-25032.patch > > new file mode 100644 > > index 00000000000..5cb61836419 > > --- /dev/null > > +++ b/meta/recipes-core/zlib/zlib/CVE-2018-25032.patch > > @@ -0,0 +1,347 @@ > > +CVE: CVE-2018-25032 > > +Upstream-Status: Backport > > +Signed-off-by: Ross Burton <[email protected]> > > + > > > It seems there _might_ be another patch needed. > > https://github.com/madler/zlib/issues/605 > https://github.com/madler/zlib/commit/4346a16853e19b45787ce933666026903fb8f3f8.patch
I did a dunfell autobuilder run with the second patch added, but unfortunately still get the same failures. So until we fix those I can't take this CVE patch :-( Steve > >
-=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#164191): https://lists.openembedded.org/g/openembedded-core/message/164191 Mute This Topic: https://lists.openembedded.org/mt/90107518/21656 Group Owner: [email protected] Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [[email protected]] -=-=-=-=-=-=-=-=-=-=-=-
