[PATCH] Revert "zlib: Port fix for CVE-2016-9841 to U-Boot"
Michal Simek
michal.simek at amd.com
Mon Jul 8 09:58:33 CEST 2024
On 6/27/24 17:49, Tom Rini wrote:
> In commit 340fdf1303dc ("zlib: Port fix for CVE-2016-9841 to U-Boot")
> Michal brings in (correctly) the upstream fix for CVE-2016-9841.
> However, when upstream was fixing this issue they also removed a
> necessary optimization for some CPU classes as part of simplifying the
> code. This in turn leads to boot failures on the platforms as they now
> take too long to decompress images and so the watchdog sees the system
> as stuck.
>
> The long term fix here is as Christophe has posted, which is to restore
> the optimization. Given the nearness of the release, what I do here is
> very similar, result wise, but less so, code wise. This is a revert of
> Michal's commit _except_ we only allow for post-increment in the code,
> thus keeping the CVE resolved. For the next release this commit shall be
> reverted and then Christophe's patch applied.
Sorry I was out and sorry for problems. Good to see this patch.
I pretty much think that long term goal should be to use upstream zlib
and sync it up regularly.
Thanks,
Michal
More information about the U-Boot
mailing list