Closed Bug 1795709 Opened 3 years ago Closed 3 years ago

Update comm/third_party/zlib to 1.2.13

Categories

(Thunderbird :: Build Config, task)

Product:
Thunderbird
Component:
Build Config
Type:
task

Tracking

(thunderbird_esr102 fixed, thunderbird107 fixed)

Status:
RESOLVED FIXED
Milestone:
108 Branch
Tracking Flags:
Tracking Status
thunderbird_esr102 --- fixed
thunderbird107 --- fixed

People

(Reporter: rjl, Assigned: rjl)

Details

(Whiteboard: [TM:102.5.0])

Attachments

(2 files)

Bug 1795709 - Use mach vendor to update zlib sources. r=#thunderbird-reviewers
48 bytes, text/x-phabricator-request
rjl
: approval-comm-beta+
wsmwk
: approval-comm-esr102+
Details | Review
Bug 1795709 - Update zlib source to v1.2.13. r=#thunderbird-reviewers
48 bytes, text/x-phabricator-request
wsmwk
: approval-comm-esr102+
Details | Review

Version 1.2.13 has these key updates from 1.2.12:

  • Fix a bug when getting a gzip header extra field with inflateGetHeader(). This remedies CVE-2022-37434.
  • Fix a bug in block type selection when Z_FIXED used. Now the smallest block type is selected, for better compression.
  • Fix a configure issue that discarded the provided CC definition.
  • Correct incorrect inputs provided to the CRC functions. This mitigates a bug in Java.
  • Repair prototypes and exporting of the new CRC functions.
  • Fix inflateBack to detect invalid input with distances too far.

Due to the first bug fix, any installations of 1.2.12 or earlier should be replaced with 1.2.13.

Thunderbird's use of zlib in librnp appears unaffected; should update nevertheless.

moz.yaml drives mach vendor, it requires a LICENSE file (grabbed from zlib
v1.2.13). Updated README.zlib so mach vendor can update it. Removing zlib.def
as it's not needed.

Assignee: nobody → rob
Status: NEW → ASSIGNED

Result of running:
../mach vendor -r v1.2.13 third_party/zlib/moz.yaml

Depends on D159550

Keywords: checkin-needed-tb
Target Milestone: --- → 108 Branch

Pushed by alessandro@thunderbird.net:
https://hg.mozilla.org/comm-central/rev/a985e381040d
Use mach vendor to update zlib sources. r=mkmelin
https://hg.mozilla.org/comm-central/rev/a1a50418d546
Update zlib source to v1.2.13. r=mkmelin

Status: ASSIGNED → RESOLVED
Closed: 3 years ago
Keywords: checkin-needed-tb
Resolution: --- → FIXED

Comment on attachment 9298927 [details]
Bug 1795709 - Use mach vendor to update zlib sources. r=#thunderbird-reviewers

[Triage Comment]
Approved for beta as this should go on c-esr102 in 102.5.0. Note to uplifter: 2 patches to uplift

[Approval Request Comment]
Regression caused by (bug #): N/A
User impact if declined: its an internal library used by librnp. little impact to zero
Testing completed (on c-c, etc.): Daily
Risk to taking this patch (and alternatives if risky): The zlib change itself will have little to no risk. The mach vendor piece may not work so well on c-esr102, but that's for for users anyway and should only run on c-central.

Attachment #9298927 - Flags: approval-comm-esr102?
Attachment #9298927 - Flags: approval-comm-beta+
Whiteboard: [TM:102.5.0]

Comment on attachment 9298927 [details]
Bug 1795709 - Use mach vendor to update zlib sources. r=#thunderbird-reviewers

[Triage Comment]
Approved for esr102

Attachment #9298927 - Flags: approval-comm-esr102? → approval-comm-esr102+

Comment on attachment 9298928 [details]
Bug 1795709 - Update zlib source to v1.2.13. r=#thunderbird-reviewers

[Triage Comment]
Approved for esr102

Attachment #9298928 - Flags: approval-comm-esr102+
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: