Gitiles
Code Review Sign In
gerrit.devboardsforandroid.linaro.org / platform / external / u-boot / 2e2e784de0605081af7c5c9d04a014af69888c2c
commit2e2e784de0605081af7c5c9d04a014af69888c2c[log] [tgz]
authorTom Rini <trini@konsulko.com>Tue May 10 14:36:59 2022 -0400
committerTom Rini <trini@konsulko.com>Mon Jun 06 17:47:17 2022 -0400
treea9adfb4be0c1acfc26554ada9979e62e48d3d798
parent8a1ab5e81126c6ccedaa76376e7206f5c8583aa3 [diff]
zlib: Port fix for CVE-2018-25032 to U-Boot

While our copy of zlib is missing upstream commit 263b1a05b04e ("Allow
deflatePrime() to insert bits in the middle of a stream.") we do have
Z_FIXED support, and so the majority of the code changes in 5c44459c3b28
("Fix a bug that can crash deflate on some input when using Z_FIXED.")
apply here directly and cleanly.  As this has been assigned a CVE, lets
go and apply these changes.

Link: https://github.com/madler/zlib/commit/5c44459c3b28a9bd3283aaceab7c615f8020c531
Reported-by: "Gan, Yau Wai" <yau.wai.gan@intel.com>
Signed-off-by: Tom Rini <trini@konsulko.com>
3 files changed
tree: a9adfb4be0c1acfc26554ada9979e62e48d3d798
  1. .github/
  2. api/
  3. arch/
  4. board/
  5. boot/
  6. cmd/
  7. common/
  8. configs/
  9. disk/
  10. doc/
  11. drivers/
  12. dts/
  13. env/
  14. examples/
  15. fs/
  16. include/
  17. lib/
  18. Licenses/
  19. net/
  20. post/
  21. scripts/
  22. test/
  23. tools/
  24. .azure-pipelines.yml
  25. .checkpatch.conf
  26. .get_maintainer.conf
  27. .gitattributes
  28. .gitignore
  29. .gitlab-ci.yml
  30. .mailmap
  31. .readthedocs.yml
  32. config.mk
  33. Kbuild
  34. Kconfig
  35. MAINTAINERS
  36. Makefile
  37. README