Movatterモバイル変換


[0]ホーム

URL:


homepage

Issue29169

This issue trackerhas been migrated toGitHub, and is currentlyread-only.
For more information, see the GitHub FAQs in the Python's Developer Guide.

classification
Title:update zlib to 1.2.11
Type:Stage:resolved
Components:Extension ModulesVersions:Python 3.7, Python 3.6, Python 3.4, Python 3.5, Python 2.7
process
Status:closedResolution:fixed
Dependencies:Superseder:
Assigned To: dokoNosy List: doko, larry, martin.panter, ned.deily, python-dev, rhettinger
Priority:normalKeywords:patch

Created on2017-01-05 15:11 bydoko, last changed2022-04-11 14:58 byadmin. This issue is nowclosed.

Files
File nameUploadedDescriptionEdit
zlib-1.2.10.diffdoko,2017-01-05 15:11
zlib-1.2.11.diffdoko,2017-01-31 12:30review
Pull Requests
URLStatusLinkedEdit
PR 3107mergedvstinner,2017-08-16 15:37
PR 3108closedvstinner,2017-08-16 15:42
Messages (15)
msg284749 -(view)Author: Matthias Klose (doko)*(Python committer)Date: 2017-01-05 15:11
These are the changes updating zlib from 1.2.8 to 1.2.10. It is only used when building without a system zlib.  The new release includes fixes for security issues CVE-2016-9840, CVE-2016-9841, CVE-2016-9842, CVE-2016-9843.Intending to update all active branches. Larry, is it ok to add this before the upcoming 3.4 and 3.5 releases, or should it wait?Changes in 1.2.10 (2 Jan 2017)- Avoid warnings on snprintf() return value- Fix bug in deflate_stored() for zero-length input- Fix bug in gzwrite.c that produced corrupt gzip files- Remove files to be installed before copying them in Makefile.in- Add warnings when compiling with assembler codeChanges in 1.2.9 (31 Dec 2016)- Fix contrib/minizip to permit unzipping with desktop API [Zouzou]- Improve contrib/blast to return unused bytes- Assure that gzoffset() is correct when appending- Improve compress() and uncompress() to support large lengths- Fix bug in test/example.c where error code not saved- Remedy Coverity warning [Randers-Pehrson]- Improve speed of gzprintf() in transparent mode- Fix inflateInit2() bug when windowBits is 16 or 32- Change DEBUG macro to ZLIB_DEBUG- Avoid uninitialized access by gzclose_w()- Allow building zlib outside of the source directory- Fix bug that accepted invalid zlib header when windowBits is zero- Fix gzseek() problem on MinGW due to buggy _lseeki64 there- Loop on write() calls in gzwrite.c in case of non-blocking I/O- Add --warn (-w) option to ./configure for more compiler warnings- Reject a window size of 256 bytes if not using the zlib wrapper- Fix bug when level 0 used with Z_HUFFMAN or Z_RLE- Add --debug (-d) option to ./configure to define ZLIB_DEBUG- Fix bugs in creating a very large gzip header- Add uncompress2() function, which returns the input size used- Assure that deflateParams() will not switch functions mid-block- Dramatically speed up deflation for level 0 (storing)- Add gzfread(), duplicating the interface of fread()- Add gzfwrite(), duplicating the interface of fwrite()- Add deflateGetDictionary() function- Use snprintf() for later versions of Microsoft C- Fix *Init macros to use z_ prefix when requested- Replace as400 with os400 for OS/400 support [Monnerat]- Add crc32_z() and adler32_z() functions with size_t lengths- Update Visual Studio project files [AraHaan]
msg284760 -(view)Author: Roundup Robot (python-dev)(Python triager)Date: 2017-01-05 16:26
New changeseted172054a812 by doko in branch '2.7':- Issue#29169: Update zlib to 1.2.10.https://hg.python.org/cpython/rev/ed172054a812
msg284769 -(view)Author: Larry Hastings (larry)*(Python committer)Date: 2017-01-05 19:53
I cut 3.4.6rc1 and 3.5.3rc1 a couple of days ago.  Do you think the CVEs are bad enough to warrant cherry-picking this?  A quick google suggests they were all low severity:http://www.openwall.com/lists/oss-security/2016/12/05/21I'm inclined to not cherry-pick this, which means it'd ship in 3.5.4 and 3.4.7, probably in six months.
msg284780 -(view)Author: Raymond Hettinger (rhettinger)*(Python committer)Date: 2017-01-05 22:37
> I'm inclined to not cherry-pick this, which means it'd > ship in 3.5.4 and 3.4.7, probably in six months.I concur.  Looking at the CVEs, these all seem minor and not exploitable through the Python interface.
msg284797 -(view)Author: Matthias Klose (doko)*(Python committer)Date: 2017-01-06 06:23
ok, will wait with the commits until after the releases.
msg286523 -(view)Author: Matthias Klose (doko)*(Python committer)Date: 2017-01-31 12:30
plus the update to 1.2.11
msg286524 -(view)Author: Roundup Robot (python-dev)(Python triager)Date: 2017-01-31 12:31
New changeset0136c99a9795 by doko in branch '2.7':- Issue#29169: Update zlib to 1.2.11.https://hg.python.org/cpython/rev/0136c99a9795
msg286527 -(view)Author: Roundup Robot (python-dev)(Python triager)Date: 2017-01-31 12:53
New changesetc8c1f08428cb by doko in branch '3.5':- Issue#29169: Update zlib to 1.2.10.https://hg.python.org/cpython/rev/c8c1f08428cb
msg286529 -(view)Author: Matthias Klose (doko)*(Python committer)Date: 2017-01-31 12:57
now updated all active branches to 1.2.11
msg286550 -(view)Author: Martin Panter (martin.panter)*(Python committer)Date: 2017-01-31 20:32
Misc/NEWS (and the commit message) say 1.2.10. Perhaps you meant 1.2.11?
msg286616 -(view)Author: Roundup Robot (python-dev)(Python triager)Date: 2017-02-01 12:02
New changeset7b279c263708 by doko in branch '3.5':Issue#29169: Fix NEWS entry.https://hg.python.org/cpython/rev/7b279c263708
msg286625 -(view)Author: Roundup Robot (python-dev)(Python triager)Date:
New changeset7c1f136e83fe9a145f509b27417a8dd2a37ac27c by doko in branch '3.6':Issue#29169: Fix NEWS entry.https://github.com/python/cpython/commit/7c1f136e83fe9a145f509b27417a8dd2a37ac27c
msg286626 -(view)Author: Roundup Robot (python-dev)(Python triager)Date:
New changeset7c1f136e83fe9a145f509b27417a8dd2a37ac27c by doko in branch '3.5':Issue#29169: Fix NEWS entry.https://github.com/python/cpython/commit/7c1f136e83fe9a145f509b27417a8dd2a37ac27c
msg286627 -(view)Author: Roundup Robot (python-dev)(Python triager)Date:
New changeset7c1f136e83fe9a145f509b27417a8dd2a37ac27c by doko in branch 'master':Issue#29169: Fix NEWS entry.https://github.com/python/cpython/commit/7c1f136e83fe9a145f509b27417a8dd2a37ac27c
msg300373 -(view)Author: Larry Hastings (larry)*(Python committer)Date: 2017-08-16 16:05
New changesetd0e61bded5256e775e470e2c0da22367a1a81970 by larryhastings (Victor Stinner) in branch '3.4':bpo-29169: Update zlib to 1.2.11 (#3107)https://github.com/python/cpython/commit/d0e61bded5256e775e470e2c0da22367a1a81970
History
DateUserActionArgs
2022-04-11 14:58:41adminsetgithub: 73355
2019-05-10 18:00:41ned.deilysetmessages: -msg342113
2019-05-10 17:36:41ned.deilysetnosy: +ned.deily
messages: +msg342113
2017-08-16 16:06:00larrysetmessages: +msg300373
2017-08-16 15:42:09vstinnersetpull_requests: +pull_request3147
2017-08-16 15:37:47vstinnersetpull_requests: +pull_request3146
2017-04-02 12:57:40serhiy.storchakasetpull_requests: -pull_request1029
2017-03-31 16:36:30dstufftsetpull_requests: +pull_request1029
2017-02-01 13:00:33python-devsetmessages: +msg286627
2017-02-01 13:00:31python-devsetmessages: +msg286626
2017-02-01 13:00:30python-devsetstage: resolved
2017-02-01 13:00:29python-devsetmessages: +msg286625
2017-02-01 12:02:29python-devsetmessages: +msg286616
2017-01-31 20:32:30martin.pantersetnosy: +martin.panter
messages: +msg286550
2017-01-31 12:57:27dokosetstatus: open -> closed
resolution: fixed
messages: +msg286529
2017-01-31 12:53:52python-devsetmessages: +msg286527
2017-01-31 12:31:08python-devsetmessages: +msg286524
2017-01-31 12:30:07dokosetfiles: +zlib-1.2.11.diff

messages: +msg286523
title: update zlib to 1.2.10 -> update zlib to 1.2.11
2017-01-06 06:23:36dokosetmessages: +msg284797
2017-01-05 22:37:59rhettingersetnosy: +rhettinger
messages: +msg284780
2017-01-05 19:53:43larrysetmessages: +msg284769
2017-01-05 16:26:47python-devsetnosy: +python-dev
messages: +msg284760
2017-01-05 15:11:47dokocreate
Supported byThe Python Software Foundation,
Powered byRoundup
Copyright © 1990-2022,Python Software Foundation
Legal Statements

[8]ページ先頭

©2009-2026 Movatter.jp