- Sponsor
-
Notifications
You must be signed in to change notification settings - Fork 5.5k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[Zlib_jll] Update to v1.2.12+3 #44810
Conversation
Note: this is the first build of the real upstream version 1.2.12 which was released a few days ago.
0ac14b0
to
87b5db3
Compare
This is a security update for zlib. It would make sense to backport these changes. |
How is backporting handled? Do people scan closed PRs for |
I believe @KristofferC has a script which does that automatically |
Note: this is the first build of the real upstream version 1.2.12 which was released a few days ago. (cherry picked from commit 81e7cfc)
Note: this is the first build of the real upstream version 1.2.12 which was released a few days ago. (cherry picked from commit 81e7cfc)
Please add the security label. Edit: @KristofferC I suggested this based on Discourse discussion where you mentioned that this could be considered a security update. I guess you're referring to the out-of-bounds fix, although I can't find a CVE for it. Edit: Found it. I think it's CVE-2018-25032 [High]. |
@giordano quick question: why is |
That's a good question to which I don't have a definitive answer. Line 5 in dea9805
deps/zlib.version and uses the variables defined there: julia/deps/tools/git-external.mk Lines 24 to 26 in dea9805
deps/Versions.make is not really used, but judging by the comments at the top of the file the variable still needs to be defined?
|
Note: this is the first build of the real upstream version 1.2.12 which was released a few days ago. (cherry picked from commit 81e7cfc)
Note: this is the first build of the real upstream version 1.2.12 which was released a few days ago. (cherry picked from commit 81e7cfc)
Note: this is the first build of the real upstream version 1.2.12 which was released a few days ago. (cherry picked from commit 81e7cfc)
Note: this is the first build of the real upstream version 1.2.12 which was released a few days ago. (cherry picked from commit 81e7cfc)
Follow up to JuliaPackaging/Yggdrasil#4692.
Note: this is the first build of the real upstream version 1.2.12 which was
released a few days ago.
Usual memo to self:
stdlib/Zlib_jll/Project.toml
deps/zlib.version
make -f contrib/refresh_checksums.mk -j zlib
CC: @eschnett