bump zlib to 1.2.13 - Githubissues

sagemathinc / cowasm

CoWasm: Collaborative WebAssembly for Servers and Browsers. Built using Zig. Supports Python with extension modules, including numpy.

https://cowasm.org

BSD 3-Clause "New" or "Revised" License

482 stars 23 forks source link

bump zlib to 1.2.13 #36

Closed bobuk closed 1 year ago

bobuk commented 1 year ago

feel free to remove my not-so-smart comment but @williamstein was (as always) right. Zlib maintainers just silently removed 1.2.12 sources right after 1.2.13 was released. But anyway this update is needed because it remedies CVE-2022-37434.

williamstein commented 1 year ago

Agreed! Note that I've been "furiously" working on a major new branch "dev" of Zython, which I haven't merged into main in a while. It's going to be amazing... but it's not quite ready yet.

I did do this same update to 1.2.13 there, along with just vendoring zlib here (https://github.com/sagemathinc/zlib):

https://github.com/sagemathinc/zython/blob/dev/packages/zlib/Makefile

I'm going to merge your PR right now anyways, since I realize that building main is impossible without merging this.