[PATCH 0/6] Resubmit series "zlib: Address CVE-2016-9841"

Christophe Leroy christophe.leroy at csgroup.eu
Tue Jul 9 12:31:12 CEST 2024


This series reapplies the series that was merged by commit 4914263c9a14
("Merge patch series "zlib: Address CVE-2016-9841"") but then reverted
by commit bbacdd3ef776 ("Revert "Merge patch series "zlib: Address
CVE-2016-9841""") due to boot failure on powerpc/8xx platform induced
by the removal of the necessary optimatisation brought by
commit cd514aeb996e ("zlib: Optimize decompression").

In addition to the previous version, this series adds patch 3 to fix
inflate_fast() with post incremendation and removes the deletion of
commit cd514aeb996e ("zlib: Optimize decompression") by patch 4.
It also adds patch 5 which contains changes split out of patch 4 because
they are unrelated to the description of the patch.

CI passed on https://source.denx.de/u-boot/custodians/u-boot-mpc8xx/-/pipelines/21518

Christophe Leroy (1):
  zlib: Fix inflate_fast() when POSTINC macro is set

Michal Simek (5):
  zlib: Rename this variable to here (current decoding table entry)
  zlib: Rename write variable to wnext (window write index)
  zlib: Port fix for CVE-2016-9841 to U-Boot
  zlib: Misc unrelated updates
  zlib: Remove incorrect ZLIB_VERSION

 include/u-boot/zlib.h |  16 ++---
 lib/gzip.c            |   2 +-
 lib/zlib/deflate.c    |  13 +---
 lib/zlib/inffast.c    | 147 +++++++++++++++++++-----------------------
 lib/zlib/inflate.c    |  31 ++++-----
 lib/zlib/inflate.h    |   2 +-
 lib/zlib/zlib.h       |   1 -
 lib/zlib/zutil.c      |   1 -
 8 files changed, 90 insertions(+), 123 deletions(-)

-- 
2.44.0



More information about the U-Boot mailing list