]> git.ipfire.org Git - thirdparty/openembedded/openembedded-core-contrib.git/commit
zlib: upgrade 1.3.1 -> 1.3.2
authorPeter Marko <peter.marko@siemens.com>
Tue, 17 Feb 2026 17:41:44 +0000 (18:41 +0100)
committerRichard Purdie <richard.purdie@linuxfoundation.org>
Thu, 19 Feb 2026 10:24:12 +0000 (10:24 +0000)
commitaf357536104e918aefbb2a2cb835c45eed690e88
treee49bfa7d2729f8aa505745a7868dc3b4898af10e
parent755e805801a4a9ae3dd324978440e58db0d157d2
zlib: upgrade 1.3.1 -> 1.3.2

Delete patch included in this version.
Remove CVE_STATUS for CVE resolved in this release.

Release information: [1]
More details on homepage: [2]
Audit details: [3]

Version 1.3.2 has these key updates from 1.3.1:
* Address findings of the 7ASecurity audit of zlib.
  * Check for negative lengths in crc32_combine functions.
  * Copy only the initialized window contents in inflateCopy.
  * Prevent the use of insecure functions without an explicit request.
  * Add compressBound_z and deflateBound_z functions for large values.
  * Use atomics to build inflate fixed tables once.
  * Add --undefined option to ./configure for UBSan checker.
  * Copy only the initialized deflate state in deflateCopy.
  * Zero inflate state on allocation.
  * Add compress_z and uncompress_z functions.
* Complete rewrite of cmake support.
* Remove untgz from contrib.
* Vectorize the CRC-32 calculation on the s390x.
* Remove vstudio projects in lieu of cmake-generated projects.
* Add zipAlreadyThere() to minizip zip.c to help avoid duplicates.
* Add deflateUsed() function to get the used bits in the last byte.
* Fix bug in inflatePrime() for 16-bit ints.
* Add a "G" option to force gzip, disabling transparency in gzread().
* Return all available uncompressed data on error in gzread.c.
* Support non-blocking devices in the gz* routines.

[1] https://github.com/madler/zlib/releases/tag/v1.3.2
[2] https://zlib.net/
[3] https://7asecurity.com/blog/2026/02/zlib-7asecurity-audit/

Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
meta/recipes-core/zlib/zlib/0001-configure-Pass-LDFLAGS-to-link-tests.patch [deleted file]
meta/recipes-core/zlib/zlib_1.3.2.bb [moved from meta/recipes-core/zlib/zlib_1.3.1.bb with 85% similarity]