Skip to content

[Backport staging-22.05] zlib: add patch for CVE-2022-37434#185578

Closed
github-actions[bot] wants to merge 1 commit intostaging-22.05from
backport-185554-to-staging-22.05
Closed

[Backport staging-22.05] zlib: add patch for CVE-2022-37434#185578
github-actions[bot] wants to merge 1 commit intostaging-22.05from
backport-185554-to-staging-22.05

Conversation

@github-actions
Copy link
Copy Markdown
Contributor

@github-actions github-actions bot commented Aug 7, 2022
edited by risicle
Loading

Bot-based backport to staging-22.05, triggered by a label in #185554.

  • Before merging, ensure that this backport complies with the Criteria for Backporting.
    • Even as a non-commiter, if you find that it does not comply, leave a comment.

@risicle @github-actions
zlib: add patch for CVE-2022-37434
4560957 
(cherry picked from commit c8f7a21)
@github-actions github-actions bot mentioned this pull request Aug 7, 2022
Merged
13 tasks
@risicle risicle added the 1.severity: security Issues which raise a security issue, or PRs that fix one label Aug 7, 2022
@risicle
Copy link
Copy Markdown
Contributor

risicle commented Aug 7, 2022

@ofborg eval

Builds for me, macos 10.15 & nixos x86_64.

@winterqt
Copy link
Copy Markdown
Member

winterqt commented Aug 7, 2022

I can't even tell which case failed based on that log (all I can see is that only one case failed)... can you @risicle?

@risicle
Copy link
Copy Markdown
Contributor

risicle commented Aug 7, 2022

No. I was confused so I just re-eval'd.

@winterqt
Copy link
Copy Markdown
Member

winterqt commented Aug 7, 2022

It seems like this has happened before, specifically thinking of the latest kernel bump... OfBorg was using some weird source tree that nobody else could replicate :(

@winterqt
Copy link
Copy Markdown
Member

winterqt commented Aug 7, 2022

Failed again.

Found the failing test:

test 0224...core dumped

This test deals with compressed data... so it would make sense that zlib would be causing this.

@risicle
Copy link
Copy Markdown
Contributor

risicle commented Aug 7, 2022

Curious 🤔

Ah - and why did it not fail on unstable? Because we disabled curl's tests in #178869 except as passthru.tests

@risicle risicle mentioned this pull request Aug 7, 2022
Merged
@winterqt winterqt mentioned this pull request Aug 8, 2022
Merged
13 tasks
@risicle risicle closed this Aug 8, 2022
@Artturin Artturin deleted the backport-185554-to-staging-22.05 branch October 12, 2022 17:25
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

1.severity: security Issues which raise a security issue, or PRs that fix one

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@risicle @winterqt