<html>
<head>
<meta http-equiv="content-type" content="text/html; charset=UTF-8">
</head>
<body>
Everyone,<br>
<br>
I've just updated our zlib clone
(<a class="moz-txt-link-freetext" href="https://github.com/openvehicles/zlib">https://github.com/openvehicles/zlib</a>) to version 1.2.12, fixing a
serious security issue (out of bounds access by extracting malicious
ZIP data).<br>
<br>
To follow you need to do…<br>
<br>
<font face="monospace">git submodule update --recursive</font><br>
<br>
…after your next pull/fetch.<br>
<br>
From <a class="moz-txt-link-freetext" href="https://www.zlib.net/">https://www.zlib.net/</a>:<br>
<blockquote type="cite">
<p style="margin-bottom: 0em; color: rgb(0, 0, 0); font-family:
"Times New Roman"; font-size: medium; font-style:
normal; font-variant-ligatures: normal; font-variant-caps:
normal; font-weight: 400; letter-spacing: normal; orphans: 2;
text-align: start; text-indent: 0px; text-transform: none;
white-space: normal; widows: 2; word-spacing: 0px;
-webkit-text-stroke-width: 0px; text-decoration-thickness:
initial; text-decoration-style: initial; text-decoration-color:
initial;">Version 1.2.12 has these key improvements over 1.2.11:</p>
<ul style="color: rgb(0, 0, 0); font-family: "Times New
Roman"; font-size: medium; font-style: normal;
font-variant-ligatures: normal; font-variant-caps: normal;
font-weight: 400; letter-spacing: normal; orphans: 2;
text-align: start; text-indent: 0px; text-transform: none;
white-space: normal; widows: 2; word-spacing: 0px;
-webkit-text-stroke-width: 0px; text-decoration-thickness:
initial; text-decoration-style: initial; text-decoration-color:
initial;">
<li>Fix a deflate bug when using the<span> </span><tt>Z_FIXED</tt><span> </span>strategy
that can result in out-of-bound accesses.</li>
<li>Fix a deflate bug when the window is full in<span> </span><tt>deflate_stored()</tt>.</li>
<li>Speed up CRC-32 computations by a factor of 1.5 to 3.</li>
<li>Use the hardware CRC-32 instruction on ARMv8 processors.</li>
<li>Speed up<span> </span><tt>crc32_combine()</tt><span> </span>with
powers of<span> </span><em>x</em><span> </span>tables.</li>
<li>Add<span> </span><tt>crc32_combine_gen()</tt><span> </span>and<span> </span><tt>crc32_combine_op()</tt><span> </span>for
fast combines.</li>
</ul>
<em style="color: rgb(0, 0, 0); font-family: "Times New
Roman"; font-size: medium; font-variant-ligatures: normal;
font-variant-caps: normal; font-weight: 400; letter-spacing:
normal; orphans: 2; text-align: start; text-indent: 0px;
text-transform: none; white-space: normal; widows: 2;
word-spacing: 0px; -webkit-text-stroke-width: 0px;
text-decoration-thickness: initial; text-decoration-style:
initial; text-decoration-color: initial;">Due to the bug fixes,
any installations of 1.2.11 should be replaced with 1.2.12.</em><span
style="color: rgb(0, 0, 0); font-family: "Times New
Roman"; font-size: medium; font-style: normal;
font-variant-ligatures: normal; font-variant-caps: normal;
font-weight: 400; letter-spacing: normal; orphans: 2;
text-align: start; text-indent: 0px; text-transform: none;
white-space: normal; widows: 2; word-spacing: 0px;
-webkit-text-stroke-width: 0px; background-color: rgb(255, 255,
255); text-decoration-thickness: initial; text-decoration-style:
initial; text-decoration-color: initial; display: inline
!important; float: none;"></span><br
class="Apple-interchange-newline">
</blockquote>
<br>
I suggest also checking your other projects for inclusions of zlib.<br>
<br>
Regards,<br>
Michael<br>
<br>
<pre class="moz-signature" cols="72">--
Michael Balzer * Helkenberger Weg 9 * D-58256 Ennepetal
Fon 02333 / 833 5735 * Handy 0176 / 206 989 26</pre>
</body>
</html>