On 12.01.2017 22:39, Jeff Law wrote:
> On 01/12/2017 02:26 PM, Matthias Klose wrote:
>> On 12.01.2017 22:17, Jeff Law wrote:
>>> On 01/05/2017 07:45 AM, Matthias Klose wrote:
>>>> These are the changes updating zlib from 1.2.8 to 1.2.10. It is only used when
>>>> building without a system zlib.  The new release includes fixes for security
>>>> issues CVE-2016-9840, CVE-2016-9841, CVE-2016-9842, CVE-2016-9843.
>>>>
>>>> Checked with a build with disabled system-zlib. Ok for the trunk?
>>> Were there any changes that we needed to carry forward or any changes you needed
>>> to make to the upstream sources?
>>
>> I backed out the changes to the configure* and Makefile* changes (and only
>> these), which are completely different to zlib upstream. There are no
>> additions/deletions to zlib source files, so these build changes still work with
>> the updated zlib.
> One more note.  I think that, in general, backing out local changes which don't
> have a strong need to be carried forward is absolutely the right thing to do. 
> The less hacking we do on these libraries we pull from other sources, the
> better, IMHO.

Committed the 1.2.10 changes on Jan 13.  1.2.11 was released a few days ago.
Updating the trunk with the new version, checked with a build without using a
system zlib.

NightStrike proposed to revert to the 1.2.8 release until zlib stabilizes again;
I'm open for that, but didn't want to stay with the 1.2.10 release.

Matthias

2017-01-22  Matthias Klose  <doko@ubuntu.com>

        * Import zlib 1.2.11.
        * configure: Regenerate.

Changes in 1.2.11 (15 Jan 2017)
- Fix deflate stored bug when pulling last block from window
- Permit immediate deflateParams changes before any deflate input