On 01/12/2017 02:26 PM, Matthias Klose wrote:
On 12.01.2017 22:17, Jeff Law wrote:
On 01/05/2017 07:45 AM, Matthias Klose wrote:
These are the changes updating zlib from 1.2.8 to 1.2.10. It is only used when
building without a system zlib. The new release includes fixes for security
issues CVE-2016-9840, CVE-2016-9841, CVE-2016-9842, CVE-2016-9843.
Checked with a build with disabled system-zlib. Ok for the trunk?
Were there any changes that we needed to carry forward or any changes you needed
to make to the upstream sources?
I backed out the changes to the configure* and Makefile* changes (and only
these), which are completely different to zlib upstream. There are no
additions/deletions to zlib source files, so these build changes still work with
the updated zlib.
One more note. I think that, in general, backing out local changes
which don't have a strong need to be carried forward is absolutely the
right thing to do. The less hacking we do on these libraries we pull
from other sources, the better, IMHO.
jeff
