Skip to content
New issue

Have a question about this project? # for a free GitHub account to open an issue and contact its maintainers and the community.

#

By clicking “#”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? # to your account

Jump to bottom

Pull request - update contrib libraries #1368

Closed
wants to merge 3 commits into from
Closed

Pull request - update contrib libraries #1368

wants to merge 3 commits into from

Conversation

mal359
Copy link

@mal359 mal359 commented Jan 7, 2025
edited
Loading

The bundled older versions of bzip2, tinyxml-1, libzip, and zlib all had some particularly nasty vulnerabilities that have since been patched upstream or by vendors.

libzip's API was changed around release 0.11, so I've added libzip-0.10.1 with patches from Debian, SUSE, and RedHat.

tinyxml-1 is discontinued, but still in production. I've updated the bundled version to 2.6.2, and added patches for CVE-2021-42260 and CVE-2023-34194.

mal359 added 3 commits January 6, 2025 22:00
@mal359
Pull request - update contrib libraries
c546562 
The bundled older versions of bzip2, libxml-1, libzip, and zlib all had some particularly nasty vulnerabilities that have sine been patched upstream or by vendors.

libzip's API was changed around release 0.11, so I've added libzip-0.10.1 with patches from Debian, SUSE, and RedHat.

libxml-1 is discontinued, but still in production. I've updated the bundled version to 2.6.2, and added patches for CVE-2021-42260 and CVE-2023-34194.
@mal359
Try this
eb8a5f3
@mal359
Or this
3d824e8
@mal359 mal359 closed this by deleting the head repository Jan 7, 2025
# for free to join this conversation on GitHub. Already have an account? # to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant
@mal359