Closed
Bug 248644
Opened 21 years ago
Closed 20 years ago
Upgrade to zlib 1.2.2
Categories
(SeaMonkey :: General, defect)
SeaMonkey
General
Tracking
(Not tracked)
VERIFIED
FIXED
People
(Reporter: tor, Assigned: tor)
References
Details
Attachments
(1 file)
|
25.80 KB,
patch
|
tor
:
review+
|
Details | Diff | Splinter Review |
It appears that so soon after the zlib-1.2.1 fun, we need to upgrade
to zlib-1.2.1.1. "What is that?", you might ask after looking at the
zlib homepage and zlib-announce archives and not seeing any mention of
such a beast.
Apparently it's a stealth release, as the only place I've found
tarballs of it are in source packages from various linux
distributions. Extracted from the Red Hat FC2 srpm, the ChangeLog
states:
Changes in 1.2.1.1 (9 January 2004)
- Updated email address in README
- Several FAQ updates
- Fixed a big fat bug in inftrees.c that prevented decoding valid
dynamic blocks with only literals and no distance codes.
- Add a note to puff.c on no distance codes case.
While this appears to be a somewhat serious update, I'm somewhat
reluctant to apply it to the mozilla tree until I can find an official
source. The source URL in the fc2 spec points to ftp.info-zip.org,
which isn't updated anymore.
|
||
Comment 1•20 years ago
|
||
I received this from Mark Adler, zlib developer. I'm changing the
summary of this bug to say 1.2.2 instead of 1.2.1.1:
zlib 1.2.2 is complete. You can download either of these (signatures
below):
http://www.zlib.net/zlib-1.2.2.tar.gz
http://www.zlib.net/zlib-1.2.2.tar.bz2
Summary: Upgrade to zlib 1.2.1.1 → Upgrade to zlib 1.2.2
|
|
||
Comment 2•20 years ago
|
||
zlib signatures:
MD5(zlib-1.2.2.tar.gz)= 68bd51aaa6558c3bc3fd4890e53413de
SHA1(zlib-1.2.2.tar.gz)= e6ec67108bfd1f321eb4f1bd192b648725219595
|
|
||
Comment 3•20 years ago
|
||
I've tested the patch on a FreeBSD/gcc-3.4.2 platform using a fresh checkout of
mozilla from CVS this morning (1) only replacing zlib (2) also using libmng
instead of libpng to support PNG, via the latest patch from bug #18574. Both
configurations worked fine.
|
|
||
Comment 4•20 years ago
|
||
Comment on attachment 161386 [details] [diff] [review]
Upgrade zlib to zlib-1.2.2
tor: r? Mark Adler says 1.2.2 has been "released":
On Nov 1, 2004, at 6:48 AM, Glenn Randers-Pehrson wrote:
> Is zlib-1.2.2 considered to be "released" now, despite www.zlib.org
> still showing zlib-1.2.1?
Yes. Unfortunately, we have not been able to get Jean-loup's attention
to update www.zlib.org.
mark
Attachment #161386 -
Flags: review?(tor)
Are the changes important enough that the minimum version in configure.in
should be bumped too?
|
|
||
Comment 6•20 years ago
|
||
The upgrade fixes CERT VU#238678 CAN-2004-0797 which reports a Denial of
Service vulnerability. So, yes, the minimum "system" version should be 1.2.2.
Checked in.
Status: NEW → RESOLVED
Closed: 20 years ago
Resolution: --- → FIXED
|
||
Updated•20 years ago
|
Product: Browser → Seamonkey
Attachment #161386 -
Flags: review?(tor) → review+
|
|
||
Updated•19 years ago
|
Status: RESOLVED → VERIFIED
|
||
Updated•9 years ago
|
You need to log in
before you can comment on or make changes to this bug.
Description
•