[Buildroot] [git commit] package/libzlib: security bump version to 1.2.12

Peter Korsgaard peter at korsgaard.com
Thu Mar 31 15:50:28 UTC 2022 

commit: https://git.buildroot.net/buildroot/commit/?id=a7fa40a9c1e93c063bbc5c5d4cac0c67493087a7
branch: https://git.buildroot.net/buildroot/commit/?id=refs/heads/master

Fixes CVE-2018-25032.

Release notes:
http://madler.net/pipermail/zlib-announce_madler.net/2022/000012.html

Changelog: https://github.com/madler/zlib/blob/master/ChangeLog

Added upstream patch to fix build error.

Updated license hash due to version bump, reformatted hashes:
https://github.com/madler/zlib/commit/21767c654d31d2dccdde4330529775c6c5fd5389

Signed-off-by: Bernd Kuhls <bernd.kuhls at t-online.de>
Signed-off-by: Peter Korsgaard <peter at korsgaard.com>
---
 ...sue-that-discarded-provided-CC-definition.patch | 28 ++++++++++++++++++++++
 package/libzlib/libzlib.hash                       |  4 ++--
 package/libzlib/libzlib.mk                         |  2 +-
 3 files changed, 31 insertions(+), 3 deletions(-)

diff --git a/package/libzlib/0001-Fix-configure-issue-that-discarded-provided-CC-definition.patch b/package/libzlib/0001-Fix-configure-issue-that-discarded-provided-CC-definition.patch
new file mode 100644
index 0000000000..398e1c9481
--- /dev/null
+++ b/package/libzlib/0001-Fix-configure-issue-that-discarded-provided-CC-definition.patch
@@ -0,0 +1,28 @@
+From 05796d3d8d5546cf1b4dfe2cd72ab746afae505d Mon Sep 17 00:00:00 2001
+From: Mark Adler <madler at alumni.caltech.edu>
+Date: Mon, 28 Mar 2022 18:34:10 -0700
+Subject: [PATCH] Fix configure issue that discarded provided CC definition.
+
+Downloaded from upstream commit:
+https://github.com/madler/zlib/commit/05796d3d8d5546cf1b4dfe2cd72ab746afae505d
+
+Signed-off-by: Bernd Kuhls <bernd.kuhls at t-online.de>
+---
+ configure | 3 +++
+ 1 file changed, 3 insertions(+)
+
+diff --git a/configure b/configure
+index 52ff4a04e..3fa3e8618 100755
+--- a/configure
++++ b/configure
+@@ -174,7 +174,10 @@ if test -z "$CC"; then
+   else
+     cc=${CROSS_PREFIX}cc
+   fi
++else
++  cc=${CC}
+ fi
++
+ cflags=${CFLAGS-"-O3"}
+ # to force the asm version use: CFLAGS="-O3 -DASMV" ./configure
+ case "$cc" in
diff --git a/package/libzlib/libzlib.hash b/package/libzlib/libzlib.hash
index e3736b1011..e6ca974e2f 100644
--- a/package/libzlib/libzlib.hash
+++ b/package/libzlib/libzlib.hash
@@ -1,4 +1,4 @@
 # From http://www.zlib.net/
-sha256 4ff941449631ace0d4d203e3483be9dbc9da454084111f97ea0a2114e19bf066  zlib-1.2.11.tar.xz
+sha256  7db46b8d7726232a621befaab4a1c870f00a90805511c0e0090441dac57def18  zlib-1.2.12.tar.xz
 # License files, locally calculated
-sha256 7960b6b1cc63e619abb77acaea5427159605afee8c8b362664f4effc7d7f7d15  README
+sha256  fc2c3368901700f0acdeb1d8afeaca5923296768ec6824ecdf627aac396001fd  README
diff --git a/package/libzlib/libzlib.mk b/package/libzlib/libzlib.mk
index a10fc748d1..933732d6ba 100644
--- a/package/libzlib/libzlib.mk
+++ b/package/libzlib/libzlib.mk
@@ -4,7 +4,7 @@
 #
 ################################################################################
 
-LIBZLIB_VERSION = 1.2.11
+LIBZLIB_VERSION = 1.2.12
 LIBZLIB_SOURCE = zlib-$(LIBZLIB_VERSION).tar.xz
 LIBZLIB_SITE = http://www.zlib.net
 LIBZLIB_LICENSE = Zlib

More information about the buildroot mailing list