zlib (1:1.2.11.dfsg-2ubuntu9.2) jammy-security; urgency=medium
* SECURITY UPDATE: heap-based buffer over-read (LP: #1988548)
- debian/patches/CVE-2022-37434-1.patch: in inflate.c, add an extra
condition to check if state->head->extra_max is greater than len
before copying, and move the len assignment to be placed before the
check.
- debian/patches/CVE-2022-37434-2.patch: in the previous patch, in
inflate.c, the place of the len assignment was causing issues so it
was moved to be placed within the check.
- CVE-2022-37434
-- Rodrigo Figueiredo Zaiden <rodrigo.zaiden@canonical.com> Fri, 14 Oct 2022 18:33:00 -0300
zlib (1:1.2.11.dfsg-2ubuntu9.1) jammy; urgency=medium
* d/p/410-lp1961427.patch ported from zlib #410, fixing
compressBound() with hw acceleration. LP: #1961427
Thanks to Ilya Leoshkevich <iii@linux.ibm.com>.
In addition a patch is needed for bedtools.
-- Frank Heimes <frank.heimes@canonical.com> Thu, 21 Jul 2022 10:30:05 +0100
zlib (1:1.2.11.dfsg-2ubuntu9) jammy; urgency=medium
* SECURITY UPDATE: memory corruption when deflating
- debian/patches/CVE-2018-25032-1.patch: fix a bug that can crash
deflate on some input when using Z_FIXED in deflate.c, deflate.h.
- debian/patches/CVE-2018-25032-2.patch: assure that the number of bits
for deflatePrime() is valid in deflate.c.
- CVE-2018-25032
-- Marc Deslauriers <marc.deslauriers@ubuntu.com> Fri, 25 Mar 2022 08:06:31 -0400
zlib (1:1.2.11.dfsg-2ubuntu7) impish; urgency=medium
[ Simon Chopin ]
* d/rules: use configure options for dfltcc instead of hardcoding
the CFLAGS
* d/p/lp1932010-ibm-z-add-vectorized-crc32-implementation.patch
ported from zlib-ng #912, adding a vectorized implementation
of CRC32 on s390x architectures based on kernel code. LP: #1932010
[ Michael Hudson-Doyle ]
* d/p/lp1932010-ibm-z-add-vectorized-crc32-implementation.patch: adjust to
not make a PLT call in an ifunc on s390/s390x.
-- Simon Chopin <simon.chopin@canonical.com> Thu, 12 Aug 2021 15:45:49 +1200
zlib (1:1.2.11.dfsg-2ubuntu6) hirsute; urgency=medium
* No-change rebuild to build with lto.
-- Matthias Klose <doko@ubuntu.com> Sun, 28 Mar 2021 09:10:07 +0200
zlib (1:1.2.11.dfsg-2ubuntu5) hirsute; urgency=medium
* No-change rebuild to drop the udeb package.
-- Matthias Klose <doko@ubuntu.com> Mon, 22 Feb 2021 10:36:58 +0100
zlib (1:1.2.11.dfsg-2ubuntu4) groovy; urgency=medium
* Cherrypick update of s390x hw acceleration #410 pull request patch,
which corrects inflateSyncPoint() return value to always gracefully
fail when hw acceleration is in use. This fixes rsync failure with
zlib compression on hw accelerated s390x. LP: #1899621
-- Dimitri John Ledkov <xnox@ubuntu.com> Thu, 15 Oct 2020 11:01:38 +0100
zlib (1:1.2.11.dfsg-2ubuntu3) groovy; urgency=medium
* Enable hardware compression on s390x at level 6. LP: #1884514
-- Michael Hudson-Doyle <michael.hudson@ubuntu.com> Thu, 24 Sep 2020 08:44:35 +1200
zlib (1:1.2.11.dfsg-2ubuntu2) groovy; urgency=medium
* Update d/patches/410.patch to current state. LP: #1882494, #1889059, #1893170
-- Michael Hudson-Doyle <michael.hudson@ubuntu.com> Thu, 20 Aug 2020 11:52:59 +1200
zlib (1:1.2.11.dfsg-2ubuntu1) focal; urgency=medium
* Merge with Debian; remaining changes:
- Build x32 packages
- debian/zlib-core.symbols: Drop dfsg suffix from version
- Add watch file, with GPG tarball checking, and version mangling
- Drop unused patches
- Cherry-pick Permit-a-deflateParams-parameter-change-asap.patch:
(LP: #1692870)
- Cherrypick PR#410 to enable hardware-accelerated deflate.
- Copmile with DFLTCC enabled on s390x. LP: #1823157
- Improve crc32 performance on P8, proposed upstream patch. LP: #1742941.
-- Matthias Klose <doko@ubuntu.com> Tue, 25 Feb 2020 16:59:52 +0100
# For older changelog entries, run 'apt-get changelog zlib1g'
Generated by dwww version 1.14 on Sat Aug 30 17:19:29 CEST 2025.