Release version 1.2.1200+2v1.2.1200+2

Apply patches which fix CVE-2022-37434 Rewrite testscript not to use files Update TODO file Update libz/README-DEV file
author: Karen Arutyunov <karen@codesynthesis.com> 2022-08-29 20:49:20 +0300
committer: Karen Arutyunov <karen@codesynthesis.com> 2022-08-29 20:49:20 +0300
commit: 039cbaca07a03305d85e915f4047ce04ca801482 (patch)
tree: 29ed524558cecb08da0fa5afc9cb4f7653f077cc /libz/README-DEV
parent: 9fe3f828463e7902cfe85111ce7ed22ab6a9b24f (diff)
1 files changed, 11 insertions, 0 deletions
diff --git a/libz/README-DEV b/libz/README-DEV
index 42a8ae1..aa7874f 100644
--- a/libz/README-DEV
+++ b/libz/README-DEV
@@ -20,6 +20,17 @@ $ touch zconf.h
 $ patch -p0 <zconf.h.in.patch
 $ patch -p0 <zlib.h.patch
 
+Apply patches to fix CVE-2022-37434:
+
+$ rm inflate.c
+$ cp ../../upstream/inflate.c .
+$ patch -p0 <CVE-2022-37434-eff308a.patch
+$ patch -p0 <CVE-2022-37434-1eb7682.patch
+
+@@ TMP Remove the CVE-2022-37434-* patches, the above notes, and turn libz.c
+   back into symlink to ../../upstream/inflate.c when upgrade to upstream
+   version > 1.2.12.
+
 Note that there is no LICENSE/COPYING file in the upstream project as the
 copyright notice is provided at the end of its README file. We extract it into
 a separate (installable) LICENSE file.
author	Karen Arutyunov <karen@codesynthesis.com>	2022-08-29 20:49:20 +0300
committer	Karen Arutyunov <karen@codesynthesis.com>	2022-08-29 20:49:20 +0300
commit	039cbaca07a03305d85e915f4047ce04ca801482 (patch)
tree	29ed524558cecb08da0fa5afc9cb4f7653f077cc /libz/README-DEV
parent	9fe3f828463e7902cfe85111ce7ed22ab6a9b24f (diff)