From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <Luis.Machado@arm.com>
Received: from EUR04-HE1-obe.outbound.protection.outlook.com
 (mail-eopbgr70055.outbound.protection.outlook.com [40.107.7.55])
 by sourceware.org (Postfix) with ESMTPS id 03BFD3858C52
 for <gcc@gcc.gnu.org>; Tue, 12 Apr 2022 07:30:27 +0000 (GMT)
DMARC-Filter: OpenDMARC Filter v1.4.1 sourceware.org 03BFD3858C52
Received: from AM5PR0402CA0016.eurprd04.prod.outlook.com
 (2603:10a6:203:90::26) by DB7PR08MB3772.eurprd08.prod.outlook.com
 (2603:10a6:10:73::15) with Microsoft SMTP Server (version=TLS1_2,
 cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.5144.28; Tue, 12 Apr
 2022 07:30:23 +0000
Received: from VE1EUR03FT015.eop-EUR03.prod.protection.outlook.com
 (2603:10a6:203:90:cafe::7e) by AM5PR0402CA0016.outlook.office365.com
 (2603:10a6:203:90::26) with Microsoft SMTP Server (version=TLS1_2,
 cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.5144.30 via Frontend
 Transport; Tue, 12 Apr 2022 07:30:22 +0000
X-MS-Exchange-Authentication-Results: spf=pass (sender IP is 63.35.35.123)
 smtp.mailfrom=arm.com; dkim=pass (signature was verified)
 header.d=armh.onmicrosoft.com;dmarc=pass action=none header.from=arm.com;
Received-SPF: Pass (protection.outlook.com: domain of arm.com designates
 63.35.35.123 as permitted sender) receiver=protection.outlook.com;
 client-ip=63.35.35.123; helo=64aa7808-outbound-1.mta.getcheckrecipient.com;
Received: from 64aa7808-outbound-1.mta.getcheckrecipient.com (63.35.35.123) by
 VE1EUR03FT015.mail.protection.outlook.com (10.152.18.176) with
 Microsoft SMTP
 Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id
 15.20.5144.21 via Frontend Transport; Tue, 12 Apr 2022 07:30:22 +0000
Received: ("Tessian outbound 62985e3c34b6:v118");
 Tue, 12 Apr 2022 07:30:22 +0000
X-CheckRecipientChecked: true
X-CR-MTA-CID: b0a968607b44c649
X-CR-MTA-TID: 64aa7808
Received: from fc13c29d7e4c.1
 by 64aa7808-outbound-1.mta.getcheckrecipient.com id
 5A636E94-1343-4F0E-9006-A102631899C2.1; 
 Tue, 12 Apr 2022 07:30:16 +0000
Received: from EUR02-HE1-obe.outbound.protection.outlook.com
 by 64aa7808-outbound-1.mta.getcheckrecipient.com with ESMTPS id fc13c29d7e4c.1
 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384);
 Tue, 12 Apr 2022 07:30:16 +0000
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none;
 b=hssN7wuDLbcxNDpqBWFvBrpKZBZI5bnTdA+kOmlmJOGLbgtIioIP8ktRJk2a7DU9zmCvZoj1HpGuOV/ir42t7qDlSXEjjogZ6CJeWE9m0tHNZgsTqC6Pn9LN7lXZXsEkrY44nAIQwp3GmZ+z1ifEww/LMZD65WyXlUlvUGnPVSHWWkHIz6/Y+cun0GluYp8HCo+WNRvdiaQLbYRcBgX1fjDDMDHbuNSi9fIyI4rLZsOWQ4gqbdNNYv7I/6PJGCv5uIGT6xP4RzDBBWxjG54VJ8/Ktz8omNkrsIt9lxfBtxRZ61l7oE0+vvBIQI/kq0KxYLJYp4iqFjvxpF4GuJy1tA==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; 
 s=arcselector9901;
 h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1;
 bh=n98M9JKOh55vnRv31q/ru5Tu11FZhdsuM0COOfvzHa8=;
 b=OX8Lwr3RkhTY1QPJVXWDItzX/YAMEtW9O/RL5pxFyIyBq4yjM+zwO3P/LFl9IuJgTv4wZxUodQBxxT0m3nz7wz2r0S5Lttu7CfzLcwE8nKTSNCgc0DJhEbYv+KhENieGXSkwr4hZNunqFsr0canjo+vi7r3I5EZg9fgWg2F4qfbGSXYpBewbu+jj2NTSzbX3kwST7tqrBOSQppPYqE9tP+K+yjVgld2PSGhiYAgP9EfGz2UFCyjawuRdq3fvFVLCJE5b+kW94AzgO/e68T0TnD+plBWFqvILm+21sZL3iqU3teNldNZajy/iFGwu+HoXOpLGTW7Eyb+2+j7wKPlSRA==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass
 smtp.mailfrom=arm.com; dmarc=pass action=none header.from=arm.com; dkim=pass
 header.d=arm.com; arc=none
Authentication-Results-Original: dkim=none (message not signed)
 header.d=none;dmarc=none action=none header.from=arm.com;
Received: from VI1PR08MB3919.eurprd08.prod.outlook.com (2603:10a6:803:c4::31)
 by AS8PR08MB6709.eurprd08.prod.outlook.com (2603:10a6:20b:395::17)
 with Microsoft SMTP Server (version=TLS1_2,
 cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.5144.29; Tue, 12 Apr
 2022 07:30:12 +0000
Received: from VI1PR08MB3919.eurprd08.prod.outlook.com
 ([fe80::1d77:d9e:16a8:75d5]) by VI1PR08MB3919.eurprd08.prod.outlook.com
 ([fe80::1d77:d9e:16a8:75d5%7]) with mapi id 15.20.5144.030; Tue, 12 Apr 2022
 07:30:12 +0000
Message-ID: <f6a0932b-8573-1fdf-56c7-a3a34c86ca9c@arm.com>
Date: Tue, 12 Apr 2022 08:30:04 +0100
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:91.0) Gecko/20100101
 Thunderbird/91.7.0
Subject: Re: [CVE] zlib (< 1.2.12) memory corruption
Content-Language: en-US
To: Nick Clifton <nickc@redhat.com>, binutils@sourceware.org,
 "gdb@sourceware.org" <gdb@sourceware.org>, gcc@gcc.gnu.org
References: <aeecafc4-da37-240f-8f3e-ca2ca58f364f@arm.com>
 <3a271c96-047b-1cd3-54c9-e103421602d3@redhat.com>
From: Luis Machado <luis.machado@arm.com>
In-Reply-To: <3a271c96-047b-1cd3-54c9-e103421602d3@redhat.com>
Content-Type: text/plain; charset=UTF-8; format=flowed
Content-Transfer-Encoding: 8bit
X-ClientProxiedBy: SA0PR11CA0031.namprd11.prod.outlook.com
 (2603:10b6:806:d0::6) To VI1PR08MB3919.eurprd08.prod.outlook.com
 (2603:10a6:803:c4::31)
MIME-Version: 1.0
X-MS-Office365-Filtering-Correlation-Id: f72cc821-5159-4b3d-a004-08da1c564df0
X-MS-TrafficTypeDiagnostic: AS8PR08MB6709:EE_|VE1EUR03FT015:EE_|DB7PR08MB3772:EE_
X-LD-Processed: f34e5979-57d9-4aaa-ad4d-b122a662184d,ExtAddr
X-Microsoft-Antispam-PRVS: <DB7PR08MB37727325A7E45E9659BB7BE28BED9@DB7PR08MB3772.eurprd08.prod.outlook.com>
x-checkrecipientrouted: true
NoDisclaimer: true
X-MS-Exchange-SenderADCheck: 1
X-MS-Exchange-AntiSpam-Relay: 0
X-Microsoft-Antispam-Untrusted: BCL:0;
X-Microsoft-Antispam-Message-Info-Original: 7tWpdLLoXk1eMBsa3Spfgcf2JzmGgxG+Q5+MS4FYsYKNyiom1CAHKymifzwY5ihiQD0YeZ3w8lrROWtRYa5JF4n1JD4cCTfK88kdnKE+gCRgKyY6AEIzMLCwzw/cVoy0VU+uVis0NOUmpb2g2zedIi7d8zSvMOXuWA1TOkxHvoWA/rDiQ083PvfLNA0XzGZCTpdd9l4UCtWiHyUyUtkbzTxiqT5PRqlWhZD0RBya5UoY/XxltXC31o25s/01McK7a5pmMeykRafaXrTbHxuwdsUE6dt9LT1Y0ihQMpO8K9VgxsXfTMk/6UvdgYampu+JPSs9Kz4taRG100ViDRbJXKbE7KFDGkn9zTZuvf1AZgPthsC67zVFkwO9gZbktJCcN2MDKaXVRTstlK2/mxnzTOh3lnRqMYDKEPfcwhce2QrzC/kleDnLN0+NXSLJ0mIXcS1nuWXyfG70czTncB8rSq+xlsnJ+S5GiQouvCqhRFj4eS0EIrDFdrC+Rj/FzFHNya6DF3RkjXs9clB1XNdD2mvrueYj/f90byW0kp/UkuzTpzU5+itIgEFmnN9lfGYY1dtPvo4kz5ELa0Z7imDG9mic0W3hXF1QxyXqjNUeM40SpLIjTEwv3yY3s6FQe8ABurpIi4qDlKN+1vkGw/2O0G53taLO3oJJ4JP2HhH1cayjYcSt64worEmRX5o7tAIsVnMwGjwMf3Pk1Ef4AU9UgknmVxLcoUNSsUazN/GYxBE=
X-Forefront-Antispam-Report-Untrusted: CIP:255.255.255.255; CTRY:; LANG:en;
 SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:VI1PR08MB3919.eurprd08.prod.outlook.com;
 PTR:; CAT:NONE;
 SFS:(13230001)(4636009)(366004)(26005)(2616005)(110136005)(316002)(8676002)(4744005)(66946007)(2906002)(38100700002)(66476007)(66556008)(31686004)(186003)(36756003)(508600001)(6486002)(44832011)(31696002)(5660300002)(8936002)(6506007)(6512007)(83380400001)(53546011)(6666004)(86362001)(43740500002)(45980500001);
 DIR:OUT; SFP:1101; 
X-MS-Exchange-Transport-CrossTenantHeadersStamped: AS8PR08MB6709
Original-Authentication-Results: dkim=none (message not signed)
 header.d=none;dmarc=none action=none header.from=arm.com;
X-EOPAttributedMessage: 0
X-MS-Exchange-Transport-CrossTenantHeadersStripped: VE1EUR03FT015.eop-EUR03.prod.protection.outlook.com
X-MS-PublicTrafficType: Email
X-MS-Office365-Filtering-Correlation-Id-Prvs: f68a57ca-02e8-43ad-67d0-08da1c56473a
X-Microsoft-Antispam: BCL:0;
X-Microsoft-Antispam-Message-Info: ThU/HbNs/SUKVXTdkoGStNDolJSauuND2KQUYkUqT/KwEkhxlyDkq2K0+wo4fSh2TGW7ZFN0GRR6m02lxC0I+Q1Saj+DLqGkjrvgpuAoGeUlfRSPILX2ZJhJcjea3+T2Io+pBpb2hs5iRAAQiCC+y8KSWu0Ua8ZpEst402fJ+wlliyXKYtVyRFrgtHMzPSLWqrTCszc8H4rGvxw95dWSKahvucP6LVBtGRUKYwJSrzC4dOBAuYXcx68x/ICJKmQk/wTAuCD+wV9ONHPYxnqZrndeMex6LZ6XSt/ZDm4Msf6hjmzSzVysvzmX+BrdYtSiOxhrQDN9M1rVti8qs+i5P7BPFtOYzZUrDonEW1WSd93kJLbWH9U+MibtCcmKCMCju6ohXUGvC6nU8lbLAlCPVySVobD6nFlTkrbLc1+U22UtNC0AqrfSfXW5Dxow8GFg9LL1Z7yh7EUjY3GylBGTpBiQq7VB2POiJoalFNb6w2dXoFbDSSUNXZVN+faQZiAPJyAcMXKIOwTbdddlH6iH9DdgeF0aq227gkwVvDLQxYBWGkI3P6dogccclbvaOB41D0UxAkImShlz2CYI5SC/buxEqScAr1zIbJyVPcNNK/w2b6DPw+9Lxep7X5F8Gv4zid3FkR4Ya6jsWaauoPvITD6s1S99IOLLZmPw5RZm/okSMp8sqrsZ+B9T3Vg/uJRgGgSY21P5rrGtyejHcBzv8Q==
X-Forefront-Antispam-Report: CIP:63.35.35.123; CTRY:IE; LANG:en; SCL:1; SRV:;
 IPV:CAL; SFV:NSPM; H:64aa7808-outbound-1.mta.getcheckrecipient.com;
 PTR:ec2-63-35-35-123.eu-west-1.compute.amazonaws.com; CAT:NONE;
 SFS:(13230001)(4636009)(36840700001)(46966006)(40470700004)(2906002)(70206006)(8676002)(86362001)(31696002)(81166007)(4744005)(110136005)(8936002)(44832011)(5660300002)(70586007)(356005)(316002)(40460700003)(508600001)(31686004)(6512007)(83380400001)(36860700001)(36756003)(53546011)(6506007)(26005)(2616005)(186003)(82310400005)(47076005)(336012)(6666004)(6486002)(43740500002);
 DIR:OUT; SFP:1101; 
X-OriginatorOrg: arm.com
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 12 Apr 2022 07:30:22.5603 (UTC)
X-MS-Exchange-CrossTenant-Network-Message-Id: f72cc821-5159-4b3d-a004-08da1c564df0
X-MS-Exchange-CrossTenant-Id: f34e5979-57d9-4aaa-ad4d-b122a662184d
X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=f34e5979-57d9-4aaa-ad4d-b122a662184d; Ip=[63.35.35.123];
 Helo=[64aa7808-outbound-1.mta.getcheckrecipient.com]
X-MS-Exchange-CrossTenant-AuthSource: VE1EUR03FT015.eop-EUR03.prod.protection.outlook.com
X-MS-Exchange-CrossTenant-AuthAs: Anonymous
X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem
X-MS-Exchange-Transport-CrossTenantHeadersStamped: DB7PR08MB3772
X-Spam-Status: No, score=-7.5 required=5.0 tests=BAYES_00, DKIM_SIGNED,
 DKIM_VALID, NICE_REPLY_A, RCVD_IN_DNSWL_NONE, RCVD_IN_MSPIKE_H2, SPF_HELO_PASS,
 SPF_PASS, TXREP, T_SCC_BODY_TEXT_LINE,
 UNPARSEABLE_RELAY autolearn=ham autolearn_force=no version=3.4.4
X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on
 server2.sourceware.org
X-BeenThere: gcc@gcc.gnu.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Gcc mailing list <gcc.gcc.gnu.org>
List-Unsubscribe: <https://gcc.gnu.org/mailman/options/gcc>,
 <mailto:gcc-request@gcc.gnu.org?subject=unsubscribe>
List-Archive: <https://gcc.gnu.org/pipermail/gcc/>
List-Post: <mailto:gcc@gcc.gnu.org>
List-Help: <mailto:gcc-request@gcc.gnu.org?subject=help>
List-Subscribe: <https://gcc.gnu.org/mailman/listinfo/gcc>,
 <mailto:gcc-request@gcc.gnu.org?subject=subscribe>
X-List-Received-Date: Tue, 12 Apr 2022 07:30:30 -0000

Hi Nick,

On 4/8/22 14:36, Nick Clifton wrote:
> Hi Luis,
> 
>> There is a CVE [1] for zlib < 1.2.12 (released march 27th).
>>
>> GCC currently uses zlib 1.2.11, and binutils-gdb imports the zlib 
>> directory from GCC. The recommendation is to get it updated to 1.2.12, 
>> which contains the proper fix [2].
> 
> I am all for updating the binutils-gdb copy of zlib.  I will wait a 
> couple of
> days to see if anyone else has any comments or concerns, but if not, then I
> will apply the patches myself.

I did a quick check and there seems to be some differences between gcc's 
zlib subdir and binutils-gdb's zlib subdir. I think there has been some 
fixes that we may have to port over from our current zlib subdir. I 
tried simply replacing the subdir, but that didn't work right.