vcunat
commented
2 years ago Consider fixing the bad CRC usage? The commit suggests that it's just a workaround for bugs in users of zlib.
Closed fniephaus closed 2 years ago
vcunat
commented
2 years ago Consider fixing the bad CRC usage? The commit suggests that it's just a workaround for bugs in users of zlib.
fniephaus
commented
2 years ago @borkdude: I know you're not using GHA, but would @vcunat's suggestion work for you if you did?
borkdude
commented
2 years ago @fniephaus It's not clear to me what you are asking: do what?
fniephaus
commented
2 years ago @borkdude would zlib 1.2.12 work for you? Are you upgrading your Circle CI config with it? It seems you'd need to fix your test?
borkdude
commented
2 years ago @fniephaus I already tried 1.2.12 which caused the CRC problems, reported in this issue: https://github.com/oracle/graal/issues/4439
According to https://github.com/oracle/graal/issues/4439#issuecomment-1086617119, zlib 1.2.11 suffers from https://nvd.nist.gov/vuln/detail/CVE-2018-25032. zlib 1.2.12, however, seems to have CRC errors (see https://github.com/madler/zlib/commit/ec3df00224d4b396e2ac6586ab5d25f673caa4c2).
Maybe we need to wait for the next zlib release? What do you suggest, @thiagokokada, @vcunat, and @gradinac?