[Ovmsdev] Update zlib to version 1.2.12

Michael Balzer dexter at expeedo.de
Sat Apr 2 21:16:22 HKT 2022


Everyone,

I've just updated our zlib clone (https://github.com/openvehicles/zlib) 
to version 1.2.12, fixing a serious security issue (out of bounds access 
by extracting malicious ZIP data).

To follow you need to do…

git submodule update --recursive

…after your next pull/fetch.

 From https://www.zlib.net/:
>
> Version 1.2.12 has these key improvements over 1.2.11:
>
>   * Fix a deflate bug when using theZ_FIXEDstrategy that can result in
>     out-of-bound accesses.
>   * Fix a deflate bug when the window is full indeflate_stored().
>   * Speed up CRC-32 computations by a factor of 1.5 to 3.
>   * Use the hardware CRC-32 instruction on ARMv8 processors.
>   * Speed upcrc32_combine()with powers of/x/tables.
>   * Addcrc32_combine_gen()andcrc32_combine_op()for fast combines.
>
> /Due to the bug fixes, any installations of 1.2.11 should be replaced 
> with 1.2.12./

I suggest also checking your other projects for inclusions of zlib.

Regards,
Michael

-- 
Michael Balzer * Helkenberger Weg 9 * D-58256 Ennepetal
Fon 02333 / 833 5735 * Handy 0176 / 206 989 26

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openvehicles.com/pipermail/ovmsdev/attachments/20220402/606e95f8/attachment.htm>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: OpenPGP_signature
Type: application/pgp-signature
Size: 203 bytes
Desc: OpenPGP digital signature
URL: <http://lists.openvehicles.com/pipermail/ovmsdev/attachments/20220402/606e95f8/attachment.sig>


More information about the OvmsDev mailing list