-
Notifications
You must be signed in to change notification settings - Fork 6.5k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[zlib, minizip] Update to 1.2.13, and embed the ZLIB_DLL setting. #27226
Conversation
This picks up the official fix for CVE-2022-37434.
Please integrate #26885. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I agree that we should include #26885 if possible.
-add_library(zlib SHARED ${ZLIB_SRCS} ${ZLIB_DLL_SRCS} ${ZLIB_PUBLIC_HDRS} ${ZLIB_PRIVATE_HDRS}) | ||
-add_library(zlibstatic STATIC ${ZLIB_SRCS} ${ZLIB_PUBLIC_HDRS} ${ZLIB_PRIVATE_HDRS}) | ||
+add_library(zlib ${ZLIB_SRCS} ${ZLIB_ASMS} ${ZLIB_DLL_SRCS} ${ZLIB_PUBLIC_HDRS} ${ZLIB_PRIVATE_HDRS}) | ||
set_target_properties(zlib PROPERTIES DEFINE_SYMBOL ZLIB_DLL) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Does this line need to be guarded with if(BUILD_SHARED_LIBS)
as well?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I admit I didn't pay that close attention to what the patch was doing, this is just cmake-dont-build-more-than-needed.patch retargeted for this base commit. Will consider with the other PR...
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Agreed, also guarded SOVERSION.
93e0378
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This is a new experimental fast check for PR issues. Please let us know if this bot is helpful!
PRs must add only one version and must not modify any published versions
When making any changes to a library, the version or port-version in vcpkg.json
or CONTROL
must be modified.
error: checked-in files for zlib have changed but the version was not updated
version: 1.2.13
old SHA: 07912b97a86d765f8a526ff4c65c9a3a68c574ef
new SHA: 73fdbd56717778d1927c978dbbc2d5d3af1e28c6
Did you remember to update the version or port version?
Use --overwrite-version to bypass this check
***No files were updated***
I cancelled the PR build because I'm ensuring I understand
I do love that change. |
# Conflicts: # ports/zlib/vcpkg.json # versions/baseline.json # versions/z-/zlib.json
@Neumann-A It looks like the minizip patch added in #25960 is effectively already present in 1.2.13 so I have removed it. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This is a new experimental fast check for PR issues. Please let us know if this bot is helpful!
PRs must add only one version and must not modify any published versions
When making any changes to a library, the version or port-version in vcpkg.json
or CONTROL
must be modified.
error: checked-in files for zlib have changed but the version was not updated
version: 1.2.13
old SHA: 589021dc60e14a9f729cf88a12ab984b5f97513c
new SHA: ad5a49006f73b45b715299515f31164131b51982
Did you remember to update the version or port version?
Use --overwrite-version to bypass this check
***No files were updated***
IB-7569, microsoft/vcpkg#27226 Signed-off-by: Raul Metsma <raul@metsma.ee>
IB-7569, microsoft/vcpkg#27226 Signed-off-by: Raul Metsma <raul@metsma.ee>
IB-7569, microsoft/vcpkg#27226 Signed-off-by: Raul Metsma <raul@metsma.ee> Signed-off-by: Raul Metsma <raul@metsma.ee>
…0-17, he started applying use of the "embedded VERSION" feature microsoft/vcpkg-tool#717 to PRs on merge. @dg0yt points out that this use should be accompanied by a call to vcpkg_minimum_required, in https://github.com/microsoft/vcpkg/pull/27594/files#r1010641672 This is an audit of everything merged in that time and whether it needs to gain that. microsoft#27561 No VERSION microsoft#27525 No VERSION microsoft#27554 Already has vcpkg_minimum_required microsoft#27536 No VERSION microsoft#27562 No VERSION microsoft#24914 Fixed here microsoft#27547 No VERSION microsoft#27502 No VERSION microsoft#27497 No VERSION microsoft#27317 No VERSION microsoft#27288 No VERSION microsoft#27509 No VERSION microsoft#27504 No VERSION microsoft#27514 No VERSION microsoft#27501 No VERSION microsoft#27495 No VERSION microsoft#27488 No VERSION microsoft#27499 No VERSION microsoft#27378 No VERSION microsoft#27376 Fixed here microsoft#27373 No VERSION microsoft#27045 No VERSION microsoft#27521 No VERSION microsoft#27453 No VERSION microsoft#27481 No VERSION microsoft#27511 No VERSION microsoft#27490 No VERSION microsoft#27510 No VERSION microsoft#27496 No VERSION microsoft#27503 No VERSION microsoft#27485 No VERSION microsoft#27484 No VERSION microsoft#27483 No VERSION microsoft#27459 No VERSION microsoft#27369 No VERSION microsoft#27489 No VERSION microsoft#26594 No VERSION microsoft#27465 No VERSION microsoft#27456 No VERSION microsoft#27425 No VERSION microsoft#27464 Fixed here microsoft#27406 No VERSION microsoft#27398 No VERSION microsoft#27240 No VERSION microsoft#27450 No VERSION microsoft#27463 No VERSION microsoft#27462 No VERSION microsoft#27448 No VERSION microsoft#27440 No VERSION microsoft#27435 No VERSION microsoft#27424 No VERSION microsoft#27414 No VERSION microsoft#27412 No VERSION microsoft#27380 No VERSION microsoft#27343 No VERSION microsoft#27342 No VERSION microsoft#27367 No VERSION microsoft#27226 No VERSION microsoft#27320 No VERSION microsoft#26923 No VERSION microsoft#27284 No VERSION microsoft#27433 No VERSION microsoft#27314 VERSION got *removed* microsoft#27335 No VERSION microsoft#27370 No VERSION microsoft#27324 No VERSION microsoft#27391 No VERSION microsoft#27388 No VERSION microsoft#27396 No VERSION microsoft#27404 No VERSION microsoft#27413 No VERSION microsoft#27417 No VERSION microsoft#27427 No VERSION microsoft#27428 No VERSION microsoft#27368 No VERSION microsoft#27307 No VERSION microsoft#27415 Fixed here. microsoft#27371 Fixed here. microsoft#27323 No VERSION microsoft#27352 No VERSION microsoft#27347 No VERSION microsoft#27366 No VERSION microsoft#27361 No VERSION microsoft#27359 No VERSION microsoft#27358 No VERSION microsoft#27355 No VERSION microsoft#27331 No VERSION microsoft#24615 No VERSION microsoft#27325 No VERSION microsoft#24861 No VERSION microsoft#27354 No VERSION microsoft#27346 No VERSION microsoft#27345 No VERSION microsoft#27218 No VERSION microsoft#27329 No VERSION microsoft#27326 No VERSION microsoft#27321 No VERSION microsoft#27312 No VERSION microsoft#27297 No VERSION microsoft#27336 No VERSION microsoft#27225 No VERSION microsoft#27339 No VERSION microsoft#27302 No VERSION microsoft#27295 No VERSION microsoft#27233 No VERSION microsoft#27313 No VERSION microsoft#27237 No VERSION microsoft#27250 No VERSION microsoft#27263 No VERSION microsoft#27266 No VERSION microsoft#27272 No VERSION microsoft#27287 No VERSION microsoft#27282 No VERSION microsoft#27294 No VERSION microsoft#27228 No VERSION microsoft#27163 No VERSION microsoft#26817 No VERSION microsoft#27286 No VERSION microsoft#27274 No VERSION microsoft#27276 No VERSION microsoft#27232 No VERSION microsoft#27221 No VERSION microsoft#27215 No VERSION microsoft#27166 No VERSION microsoft#27239 No VERSION microsoft#27246 No VERSION microsoft#27268 No VERSION microsoft#27259 No VERSION microsoft#27238 No VERSION microsoft#27224 No VERSION microsoft#27203 No VERSION microsoft#27124 No VERSION
In order to mitigate any potential issues resulting from the vulnerability documented under: https://nvd.nist.gov/vuln/detail/CVE-2022-37434 This MR upgrades the version of Zlib to 1.2.13 from 1.2.12. The git commit hash in the "preferred-ports-sdk.txt" file comes from: microsoft/vcpkg@e0a9559 which was merged recently as a part of this PR/MR: microsoft/vcpkg#27226 Issue(s): None
* When @BillyONeal started being the on-call vcpkg maintainer on 2022-10-17, he started applying use of the "embedded VERSION" feature microsoft/vcpkg-tool#717 to PRs on merge. @dg0yt points out that this use should be accompanied by a call to vcpkg_minimum_required, in https://github.com/microsoft/vcpkg/pull/27594/files#r1010641672 This is an audit of everything merged in that time and whether it needs to gain that. #27561 No VERSION #27525 No VERSION #27554 Already has vcpkg_minimum_required #27536 No VERSION #27562 No VERSION #24914 Fixed here #27547 No VERSION #27502 No VERSION #27497 No VERSION #27317 No VERSION #27288 No VERSION #27509 No VERSION #27504 No VERSION #27514 No VERSION #27501 No VERSION #27495 No VERSION #27488 No VERSION #27499 No VERSION #27378 No VERSION #27376 Fixed here #27373 No VERSION #27045 No VERSION #27521 No VERSION #27453 No VERSION #27481 No VERSION #27511 No VERSION #27490 No VERSION #27510 No VERSION #27496 No VERSION #27503 No VERSION #27485 No VERSION #27484 No VERSION #27483 No VERSION #27459 No VERSION #27369 No VERSION #27489 No VERSION #26594 No VERSION #27465 No VERSION #27456 No VERSION #27425 No VERSION #27464 Fixed here #27406 No VERSION #27398 No VERSION #27240 No VERSION #27450 No VERSION #27463 No VERSION #27462 No VERSION #27448 No VERSION #27440 No VERSION #27435 No VERSION #27424 No VERSION #27414 No VERSION #27412 No VERSION #27380 No VERSION #27343 No VERSION #27342 No VERSION #27367 No VERSION #27226 No VERSION #27320 No VERSION #26923 No VERSION #27284 No VERSION #27433 No VERSION #27314 VERSION got *removed* #27335 No VERSION #27370 No VERSION #27324 No VERSION #27391 No VERSION #27388 No VERSION #27396 No VERSION #27404 No VERSION #27413 No VERSION #27417 No VERSION #27427 No VERSION #27428 No VERSION #27368 No VERSION #27307 No VERSION #27415 Fixed here. #27371 Fixed here. #27323 No VERSION #27352 No VERSION #27347 No VERSION #27366 No VERSION #27361 No VERSION #27359 No VERSION #27358 No VERSION #27355 No VERSION #27331 No VERSION #24615 No VERSION #27325 No VERSION #24861 No VERSION #27354 No VERSION #27346 No VERSION #27345 No VERSION #27218 No VERSION #27329 No VERSION #27326 No VERSION #27321 No VERSION #27312 No VERSION #27297 No VERSION #27336 No VERSION #27225 No VERSION #27339 No VERSION #27302 No VERSION #27295 No VERSION #27233 No VERSION #27313 No VERSION #27237 No VERSION #27250 No VERSION #27263 No VERSION #27266 No VERSION #27272 No VERSION #27287 No VERSION #27282 No VERSION #27294 No VERSION #27228 No VERSION #27163 No VERSION #26817 No VERSION #27286 No VERSION #27274 No VERSION #27276 No VERSION #27232 No VERSION #27221 No VERSION #27215 No VERSION #27166 No VERSION #27239 No VERSION #27246 No VERSION #27268 No VERSION #27259 No VERSION #27238 No VERSION #27224 No VERSION #27203 No VERSION #27124 No VERSION * Also add libcanberra
In order to mitigate any potential issues resulting from the vulnerability documented under: https://nvd.nist.gov/vuln/detail/CVE-2022-37434 This MR upgrades the version of Zlib to 1.2.13 from 1.2.12. The git commit hash in the "preferred-ports-sdk.txt" file comes from: microsoft/vcpkg@e0a9559 which was merged recently as a part of this PR/MR: microsoft/vcpkg#27226 Issue(s): None
…crosoft#27226) * Don't use external ZLIB_DLL * Update versions * [minizip] Bump to zlib version * Update versions * [libkml] Fix mingw build * [libkml] Modernize * [libkml] Fix minizip dependency * [libkml] No DLL * Update versions * [libkml] Update mingw patch * Update versions * Update versions * [zlib] Update to 1.2.13 This picks up the official fix for CVE-2022-37434. * Cherry pick installing the correct license from microsoft#27242 * Update version database. * More version database. * Also update minizip. * Also guard ZLIB_DLL properties for BUILD_SHARED_LIBS. * Version database. * Fix minizip usage. Co-authored-by: Kai Pastor <dg0yt@darc.de>
This picks up the official fix for CVE-2022-37434.