From: "Yoann Congal" <yoann.congal@smile.fr>
To: <Jinfeng.Wang.CN@windriver.com>,
<openembedded-core@lists.openembedded.org>
Subject: Re: [OE-core] [scarthgap][PATCH 11/12] zlib: upgrade 1.3.1 -> 1.3.2
Date: Fri, 24 Apr 2026 10:10:08 +0200 [thread overview]
Message-ID: <DI18DRADT7SL.3INF79V2ES995@smile.fr> (raw)
In-Reply-To: <20260409061639.1688205-12-jinfeng.wang.cn@windriver.com>
On Thu Apr 9, 2026 at 8:16 AM CEST, Jinfeng (CN) via lists.openembedded.org Wang wrote:
> From: Liyin Zhang <liyin.zhang.cn@windriver.com>
>
> Upgrade zlib from 1.3.1 to 1.3.2 to fix CVE-2026-27171.
> And delete patches included in this version.
>
> Reference:
> [https://nvd.nist.gov/vuln/detail/CVE-2026-27171]
> [https://git.openembedded.org/openembedded-core/commit/meta/recipes-core/zlib?id=af357536104e918aefbb2a2cb835c45eed690e88]
>
> Signed-off-by: Liyin Zhang <liyin.zhang.cn@windriver.com>
> Signed-off-by: Jinfeng Wang <jinfeng.wang.cn@windriver.com>
> ---
Please add the changelog (either by URL or spelt out) to commit message
when sending an upgrade: I need to review it for stability.
If this is a cherry-pick from master, keep the original commit message
and add the backporting comments at the end.
In this case, there are changes in this upgrade that do not look
compatible with our stable policy:
* Complete rewrite of cmake support.
* Remove untgz from contrib.
* Add zipAlreadyThere() to minizip zip.c to help avoid duplicates.
* Add deflateUsed() function to get the used bits in the last byte.
* Add a "G" option to force gzip, disabling transparency in gzread().
* Return all available uncompressed data on error in gzread.c.
* Support non-blocking devices in the gz* routines.
Either justify that none of the upgrade changes break anything or only
backport the CVE patches.
Regards,
> ...configure-Pass-LDFLAGS-to-link-tests.patch | 78 -------------------
> .../zlib/zlib/CVE-2026-27171.patch | 63 ---------------
> .../zlib/{zlib_1.3.1.bb => zlib_1.3.2.bb} | 4 +-
> 3 files changed, 1 insertion(+), 144 deletions(-)
> delete mode 100644 meta/recipes-core/zlib/zlib/0001-configure-Pass-LDFLAGS-to-link-tests.patch
> delete mode 100644 meta/recipes-core/zlib/zlib/CVE-2026-27171.patch
> rename meta/recipes-core/zlib/{zlib_1.3.1.bb => zlib_1.3.2.bb} (87%)
>
> diff --git a/meta/recipes-core/zlib/zlib/0001-configure-Pass-LDFLAGS-to-link-tests.patch b/meta/recipes-core/zlib/zlib/0001-configure-Pass-LDFLAGS-to-link-tests.patch
> deleted file mode 100644
> index 07b2cd3879..0000000000
> --- a/meta/recipes-core/zlib/zlib/0001-configure-Pass-LDFLAGS-to-link-tests.patch
> +++ /dev/null
> @@ -1,78 +0,0 @@
> -Upstream-Status: Submitted [https://github.com/madler/zlib/pull/599]
> -Signed-off-by: Ross Burton <ross.burton@arm.com>
> -
> -From ea77f1f003a4d18b23cca703f3c824942863a1b4 Mon Sep 17 00:00:00 2001
> -From: Khem Raj <raj.khem@gmail.com>
> -Date: Tue, 8 Mar 2022 22:38:47 -0800
> -Subject: [PATCH] configure: Pass LDFLAGS to link tests
> -
> -LDFLAGS can contain critical flags without which linking wont succeed
> -therefore ensure that all configure tests involving link time checks are
> -using LDFLAGS on compiler commandline along with CFLAGS to ensure the
> -tests perform correctly. Without this some tests may fail resulting in
> -wrong confgure result, ending in miscompiling the package
> -
> -Signed-off-by: Khem Raj <raj.khem@gmail.com>
> -
> ----
> - configure | 12 ++++++------
> - 1 file changed, 6 insertions(+), 6 deletions(-)
> -
> -diff --git a/configure b/configure
> -index c55098a..a7c6d72 100755
> ---- a/configure
> -+++ b/configure
> -@@ -443,7 +443,7 @@ if test $shared -eq 1; then
> - echo Checking for shared library support... | tee -a configure.log
> - # we must test in two steps (cc then ld), required at least on SunOS 4.x
> - if try $CC -c $SFLAGS $test.c &&
> -- try $LDSHARED $SFLAGS -o $test$shared_ext $test.o; then
> -+ try $LDSHARED $SFLAGS $LDFLAGS -o $test$shared_ext $test.o; then
> - echo Building shared library $SHAREDLIBV with $CC. | tee -a configure.log
> - elif test -z "$old_cc" -a -z "$old_cflags"; then
> - echo No shared library support. | tee -a configure.log
> -@@ -505,7 +505,7 @@ int main(void) {
> - }
> - EOF
> - fi
> -- if try $CC $CFLAGS -o $test $test.c; then
> -+ if try $CC $CFLAGS $LDFLAGS -o $test $test.c; then
> - sizet=`./$test`
> - echo "Checking for a pointer-size integer type..." $sizet"." | tee -a configure.log
> - CFLAGS="${CFLAGS} -DNO_SIZE_T=${sizet}"
> -@@ -539,7 +539,7 @@ int main(void) {
> - return 0;
> - }
> - EOF
> -- if try $CC $CFLAGS -o $test $test.c; then
> -+ if try $CC $CFLAGS $LDFLAGS -o $test $test.c; then
> - echo "Checking for fseeko... Yes." | tee -a configure.log
> - else
> - CFLAGS="${CFLAGS} -DNO_FSEEKO"
> -@@ -556,7 +556,7 @@ cat > $test.c <<EOF
> - #include <errno.h>
> - int main() { return strlen(strerror(errno)); }
> - EOF
> --if try $CC $CFLAGS -o $test $test.c; then
> -+if try $CC $CFLAGS $LDFLAGS -o $test $test.c; then
> - echo "Checking for strerror... Yes." | tee -a configure.log
> - else
> - CFLAGS="${CFLAGS} -DNO_STRERROR"
> -@@ -663,7 +663,7 @@ int main()
> - return (mytest("Hello%d\n", 1));
> - }
> - EOF
> -- if try $CC $CFLAGS -o $test $test.c; then
> -+ if try $CC $CFLAGS $LDFLAGS -o $test $test.c; then
> - echo "Checking for vsnprintf() in stdio.h... Yes." | tee -a configure.log
> -
> - echo >> configure.log
> -@@ -753,7 +753,7 @@ int main()
> - }
> - EOF
> -
> -- if try $CC $CFLAGS -o $test $test.c; then
> -+ if try $CC $CFLAGS $LDFLAGS -o $test $test.c; then
> - echo "Checking for snprintf() in stdio.h... Yes." | tee -a configure.log
> -
> - echo >> configure.log
> diff --git a/meta/recipes-core/zlib/zlib/CVE-2026-27171.patch b/meta/recipes-core/zlib/zlib/CVE-2026-27171.patch
> deleted file mode 100644
> index e6a8a3eac5..0000000000
> --- a/meta/recipes-core/zlib/zlib/CVE-2026-27171.patch
> +++ /dev/null
> @@ -1,63 +0,0 @@
> -From f234bdf5c0f94b681312452fcd5e36968221fa04 Mon Sep 17 00:00:00 2001
> -From: Mark Adler <git@madler.net>
> -Date: Sun, 21 Dec 2025 18:17:56 -0800
> -Subject: [PATCH] Check for negative lengths in crc32_combine functions.
> -
> -Though zlib.h says that len2 must be non-negative, this avoids the
> -possibility of an accidental infinite loop.
> -
> -Upstream-Status: Backport [https://github.com/madler/zlib/commit/ba829a458576d1ff0f26fc7230c6de816d1f6a77]
> -CVE: CVE-2026-27171
> -
> -Signed-off-by: Hugo SIMELIERE <hsimeliere.opensource@witekio.com>
> ----
> - crc32.c | 4 ++++
> - zlib.h | 4 ++--
> - 2 files changed, 6 insertions(+), 2 deletions(-)
> -
> -diff --git a/crc32.c b/crc32.c
> -index 6c38f5c..33d8c79 100644
> ---- a/crc32.c
> -+++ b/crc32.c
> -@@ -1019,6 +1019,8 @@ unsigned long ZEXPORT crc32(unsigned long crc, const unsigned char FAR *buf,
> -
> - /* ========================================================================= */
> - uLong ZEXPORT crc32_combine64(uLong crc1, uLong crc2, z_off64_t len2) {
> -+ if (len2 < 0)
> -+ return 0;
> - #ifdef DYNAMIC_CRC_TABLE
> - once(&made, make_crc_table);
> - #endif /* DYNAMIC_CRC_TABLE */
> -@@ -1032,6 +1034,8 @@ uLong ZEXPORT crc32_combine(uLong crc1, uLong crc2, z_off_t len2) {
> -
> - /* ========================================================================= */
> - uLong ZEXPORT crc32_combine_gen64(z_off64_t len2) {
> -+ if (len2 < 0)
> -+ return 0;
> - #ifdef DYNAMIC_CRC_TABLE
> - once(&made, make_crc_table);
> - #endif /* DYNAMIC_CRC_TABLE */
> -diff --git a/zlib.h b/zlib.h
> -index 8d4b932..8c7f8ac 100644
> ---- a/zlib.h
> -+++ b/zlib.h
> -@@ -1758,14 +1758,14 @@ ZEXTERN uLong ZEXPORT crc32_combine(uLong crc1, uLong crc2, z_off_t len2);
> - seq1 and seq2 with lengths len1 and len2, CRC-32 check values were
> - calculated for each, crc1 and crc2. crc32_combine() returns the CRC-32
> - check value of seq1 and seq2 concatenated, requiring only crc1, crc2, and
> -- len2. len2 must be non-negative.
> -+ len2. len2 must be non-negative, otherwise zero is returned.
> - */
> -
> - /*
> - ZEXTERN uLong ZEXPORT crc32_combine_gen(z_off_t len2);
> -
> - Return the operator corresponding to length len2, to be used with
> -- crc32_combine_op(). len2 must be non-negative.
> -+ crc32_combine_op(). len2 must be non-negative, otherwise zero is returned.
> - */
> -
> - ZEXTERN uLong ZEXPORT crc32_combine_op(uLong crc1, uLong crc2, uLong op);
> ---
> -2.43.0
> -
> diff --git a/meta/recipes-core/zlib/zlib_1.3.1.bb b/meta/recipes-core/zlib/zlib_1.3.2.bb
> similarity index 87%
> rename from meta/recipes-core/zlib/zlib_1.3.1.bb
> rename to meta/recipes-core/zlib/zlib_1.3.2.bb
> index e42578fd7e..c7d59fdf78 100644
> --- a/meta/recipes-core/zlib/zlib_1.3.1.bb
> +++ b/meta/recipes-core/zlib/zlib_1.3.2.bb
> @@ -8,13 +8,11 @@ LIC_FILES_CHKSUM = "file://zlib.h;beginline=6;endline=23;md5=5377232268e952e9ef6
>
> # The source tarball needs to be .gz as only the .gz ends up in fossils/
> SRC_URI = "https://zlib.net/${BP}.tar.gz \
> - file://0001-configure-Pass-LDFLAGS-to-link-tests.patch \
> file://run-ptest \
> - file://CVE-2026-27171.patch \
> "
> UPSTREAM_CHECK_URI = "http://zlib.net/"
>
> -SRC_URI[sha256sum] = "9a93b2b7dfdac77ceba5a558a580e74667dd6fede4585b91eefb60f03b72df23"
> +SRC_URI[sha256sum] = "bb329a0a2cd0274d05519d61c667c062e06990d72e125ee2dfa8de64f0119d16"
>
> # When a new release is made the previous release is moved to fossils/, so add this
> # to PREMIRRORS so it is also searched automatically.
--
Yoann Congal
Smile ECS
next prev parent reply other threads:[~2026-04-24 8:10 UTC|newest]
Thread overview: 23+ messages / expand[flat|nested] mbox.gz Atom feed top
2026-04-09 6:16 [scarthgap][PATCH 00/12] Fix multiple CVEs jinfeng.wang.cn
2026-04-09 6:16 ` [scarthgap][PATCH 01/12] gi-docgen: fix CVE-2025-11687 jinfeng.wang.cn
2026-04-09 6:16 ` [scarthgap][PATCH 02/12] libsoup: fix CVE-2025-14523/CVE-2025-32049 jinfeng.wang.cn
2026-04-23 17:09 ` [OE-core] " Yoann Congal
2026-04-24 7:16 ` Li, Changqing
2026-04-09 6:16 ` [scarthgap][PATCH 03/12] libsoup-2.4: " jinfeng.wang.cn
2026-04-23 17:13 ` [OE-core] " Yoann Congal
2026-04-24 7:37 ` Li, Changqing
2026-04-09 6:16 ` [scarthgap][PATCH 04/12] python3-ply: fix CVE-2025-56005 jinfeng.wang.cn
2026-04-24 6:45 ` [OE-core] " Yoann Congal
2026-04-27 6:20 ` Chen, Libo (CN)
2026-04-09 6:16 ` [scarthgap][PATCH 05/12] python3-pyasn1: fix CVE-2026-23490 jinfeng.wang.cn
2026-04-09 6:16 ` [scarthgap][PATCH 06/12] python3-wheel: fix CVE-2026-24049 jinfeng.wang.cn
2026-04-09 6:16 ` [scarthgap][PATCH 07/12] gnupg: fix CVE-2026-24882 jinfeng.wang.cn
2026-04-09 6:16 ` [scarthgap][PATCH 08/12] libxml2: Fix CVE-2026-1757 jinfeng.wang.cn
2026-04-09 6:16 ` [scarthgap][PATCH 09/12] python3-pyasn1: fix CVE-2026-30922 jinfeng.wang.cn
2026-04-24 7:36 ` [OE-core] " Yoann Congal
2026-04-27 6:04 ` Song, Jiaying (CN)
2026-04-09 6:16 ` [scarthgap][PATCH 10/12] busybox: fix CVE-2026-26157 and CVE-2026-26158 jinfeng.wang.cn
2026-04-09 6:16 ` [scarthgap][PATCH 11/12] zlib: upgrade 1.3.1 -> 1.3.2 jinfeng.wang.cn
2026-04-24 8:10 ` Yoann Congal [this message]
2026-04-09 6:16 ` [scarthgap][PATCH 12/12] libpcap: 1.10.4 -> 1.10.6 jinfeng.wang.cn
2026-04-24 8:21 ` [OE-core] " Yoann Congal
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=DI18DRADT7SL.3INF79V2ES995@smile.fr \
--to=yoann.congal@smile.fr \
--cc=Jinfeng.Wang.CN@windriver.com \
--cc=openembedded-core@lists.openembedded.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox