Closed jayaddison closed 1 year ago
Thank you for this fix! Reviewed, tested with both built-in tests and manually downloading.
PASS: 00_runnable.test
PASS: 01_engine-charset.test
PASS: 01_engine-entities.test
PASS: 01_engine-hashtable.test
PASS: 01_engine-idna.test
PASS: 01_engine-simplify.test
PASS: 10_crawl-simple.test
PASS: 11_crawl-cookies.test
PASS: 11_crawl-idna.test
PASS: 11_crawl-international.test
PASS: 11_crawl-longurl.test
PASS: 11_crawl-parsing.test
PASS: 12_crawl_https.test
I already cherry-picked https://github.com/madler/zlib/commit/73331a6a0481067628f065ffe87bb1d8f787d10c as advised, but updating this code seems a good idea!
Thanks again for your help,
You're welcome - thank you!
@jayaddison: Thanks for your PR!
@xroche: Thanks for the CVE-2023-45853 patch because it is not included in Zlib 1.3...
@xroche a note that zlib
v1.3.1 is now available including the previously-cherry-picked fix, and hopefully is a straightforward upgrade - let me know whether I should open a pull request for that, or if you'd prefer to apply the upgrade yourself.
@jayaddison: Thanks for your comment :)
@xroche: There are 2 CVE fixes in latest Zlib 1.3.1 for minizip. Have you received my emails? I try to contact you in private.
Resolves #240.
After updating
minizip
to matchzlib
v1.3 and manually re-applying the.diff
files, I ran the following checks:httrack
binary is runnable.--store-all-in-cache
option, and confirmed that a valid.zip
cache file was created.tests
directory (output:all tests passed
).Applying the
.diff
files was definitely the most difficult part of the process, and likely the most difficult to review, also.