Re: [OE-core] [PATCH][dunfell] zlib: backport the fix for CVE-2018-25032

Sun, 10 Apr 2022 14:21:57 -0700 

Hello Steve,

On 4/9/22 20:14, Steve Sakoman wrote:

On Tue, Apr 5, 2022 at 9:05 AM Jeroen Hofstee via
lists.openembedded.org
<[email protected]> wrote:

Hello Ross,

On 3/29/22 15:07, Ross Burton via lists.openembedded.org wrote:

Signed-off-by: Ross Burton <[email protected]>
---
   .../zlib/zlib/CVE-2018-25032.patch            | 347 ++++++++++++++++++
   meta/recipes-core/zlib/zlib_1.2.11.bb         |   1 +
   2 files changed, 348 insertions(+)
   create mode 100644 meta/recipes-core/zlib/zlib/CVE-2018-25032.patch

diff --git a/meta/recipes-core/zlib/zlib/CVE-2018-25032.patch 
b/meta/recipes-core/zlib/zlib/CVE-2018-25032.patch
new file mode 100644
index 00000000000..5cb61836419
--- /dev/null
+++ b/meta/recipes-core/zlib/zlib/CVE-2018-25032.patch
@@ -0,0 +1,347 @@
+CVE: CVE-2018-25032
+Upstream-Status: Backport
+Signed-off-by: Ross Burton <[email protected]>
+


It seems there _might_ be another patch needed.

https://github.com/madler/zlib/issues/605
https://github.com/madler/zlib/commit/4346a16853e19b45787ce933666026903fb8f3f8.patch

I did a dunfell autobuilder run with the second patch added, but
unfortunately still get the same failures.

So until we fix those I can't take this CVE patch :-(
Sorry if it wasn't clear, I mentioned it because another patch might be needed to properly fix the CVE. I can't jugde that, simply because I am not familiar with the 
code in question. It won't magically solve the builder failure...

I tried to reproduce that failure, but I get:
Task do_testimage does not exist for target core-image-sato-sdk (/home/jeroen/software/venus/sources/openembedded-core/meta/recipes-sato/images/core-image-sato-sdk.bb:do_testimage). Close matches: 0:00:01 
  do_image

With kind regards,

Jeroen



-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#164207): 
https://lists.openembedded.org/g/openembedded-core/message/164207
Mute This Topic: https://lists.openembedded.org/mt/90107518/21656
Group Owner: [email protected]
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[[email protected]]
-=-=-=-=-=-=-=-=-=-=-=-

Reply via email to