GNU bug report logs - #54604
[PATCH] gnu: zlib: Update to 1.2.12 [fixes CVE-2018-25032].

Previous Next

Package: guix-patches;

Reported by: Leo Famulari <leo <at> famulari.name>

Date: Mon, 28 Mar 2022 04:08:02 UTC

Severity: normal

Tags: patch

Done: Leo Famulari <leo <at> famulari.name>

Bug is archived. No further changes may be made.

Full log

View this message in rfc822 format

From: help-debbugs <at> gnu.org (GNU bug Tracking System)
To: Leo Famulari <leo <at> famulari.name>
Cc: tracker <at> debbugs.gnu.org
Subject: bug#54604: closed ([PATCH] gnu: zlib: Update to 1.2.12 [fixes
 CVE-2018-25032].)
Date: Wed, 04 Jan 2023 18:02:02 +0000

[Message part 1 (text/plain, inline)]
Your message dated Wed, 4 Jan 2023 13:01:30 -0500
with message-id <Y7W++q4TRRsWWioj <at> jasmine.lan>
and subject line Re: bug#54604: [PATCH] gnu: zlib: Update to 1.2.12 [fixes CVE-2018-25032].
has caused the debbugs.gnu.org bug report #54604,
regarding [PATCH] gnu: zlib: Update to 1.2.12 [fixes CVE-2018-25032].
to be marked as done.

(If you believe you have received this mail in error, please contact
help-debbugs <at> gnu.org.)


-- 
54604: https://debbugs.gnu.org/cgi/bugreport.cgi?bug=54604
GNU Bug Tracking System
Contact help-debbugs <at> gnu.org with problems

[Message part 2 (message/rfc822, inline)]
From: Leo Famulari <leo <at> famulari.name>
To: guix-patches <at> gnu.org
Subject: [PATCH] gnu: zlib: Update to 1.2.12 [fixes CVE-2018-25032].
Date: Mon, 28 Mar 2022 00:06:59 -0400

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-25032
https://seclists.org/oss-sec/2022/q1/191

* gnu/packages/compression.scm (zlib)[replacement]: New field.
(zlib-1.2.12): New variable.
---
 gnu/packages/compression.scm | 16 ++++++++++++++++
 1 file changed, 16 insertions(+)

diff --git a/gnu/packages/compression.scm b/gnu/packages/compression.scm
index 3edaecd951..2287c755b4 100644
--- a/gnu/packages/compression.scm
+++ b/gnu/packages/compression.scm
@@ -98,6 +98,7 @@ (define-module (gnu packages compression)
 (define-public zlib
   (package
     (name "zlib")
+    (replacement zlib-1.2.12)
     (version "1.2.11")
     (source
      (origin
@@ -148,6 +149,21 @@ (define-public zlib
 in compression.")
     (license license:zlib)))
 
+(define-public zlib-1.2.12
+  (package
+    (inherit zlib)
+    (version "1.2.12")
+    (source
+     (origin
+      (method url-fetch)
+      (uri (list (string-append "http://zlib.net/zlib-"
+                                 version ".tar.gz")
+                 (string-append "mirror://sourceforge/libpng/zlib/"
+                                version "/zlib-" version ".tar.gz")))
+      (sha256
+       (base32
+        "1n9na4fq4wagw1nzsfjr6wyly960jfa94460ncbf6p1fac44i14i"))))))
+
 (define-public minizip
   (package
     (name "minizip")
-- 
2.34.0




[Message part 3 (message/rfc822, inline)]
From: Leo Famulari <leo <at> famulari.name>
To: Maxim Cournoyer <maxim.cournoyer <at> gmail.com>
Cc: Ludovic Courtès <ludo <at> gnu.org>,
 54604-done <at> debbugs.gnu.org
Subject: Re: bug#54604: [PATCH] gnu: zlib: Update to 1.2.12 [fixes
 CVE-2018-25032].
Date: Wed, 4 Jan 2023 13:01:30 -0500

On Tue, Jan 03, 2023 at 05:31:04PM -0500, Maxim Cournoyer wrote:
> Ping!  Feel free to apply it.

Pushed as c2c93abd18c37f438006cded8124ff0a32a0e4a7

I forgot about it, sorry!
This bug report was last modified 2 years and 134 days ago.

Previous Next

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.