[Python-checkins] gh-98689: Update Windows builds to zlib v1.2.13 (GH-98968)

miss-islington webhook-mailer at python.org
Tue Nov 1 14:30:47 EDT 2022 

https://github.com/python/cpython/commit/a2d45372022bccd6a151afc1701771d47d9450a3
commit: a2d45372022bccd6a151afc1701771d47d9450a3
branch: 3.10
author: Miss Islington (bot) <31488909+miss-islington at users.noreply.github.com>
committer: miss-islington <31488909+miss-islington at users.noreply.github.com>
date: 2022-11-01T11:30:40-07:00
summary:

gh-98689: Update Windows builds to zlib v1.2.13 (GH-98968)

(cherry picked from commit c0859743d9ad3bbd4c021200f4162cfeadc0c17a)

Co-authored-by: Zachary Ware <zach at python.org>

files:
A Misc/NEWS.d/next/Windows/2022-11-01-11-07-33.gh-issue-98689.0f6e_N.rst
M PCbuild/get_externals.bat
M PCbuild/python.props

diff --git a/Misc/NEWS.d/next/Windows/2022-11-01-11-07-33.gh-issue-98689.0f6e_N.rst b/Misc/NEWS.d/next/Windows/2022-11-01-11-07-33.gh-issue-98689.0f6e_N.rst
new file mode 100644
index 000000000000..295debb81369
--- /dev/null
+++ b/Misc/NEWS.d/next/Windows/2022-11-01-11-07-33.gh-issue-98689.0f6e_N.rst
@@ -0,0 +1,2 @@
+Update Windows builds to zlib v1.2.13.  v1.2.12 has CVE-2022-37434, but
+the vulnerable ``inflateGetHeader`` API is not used by Python.
diff --git a/PCbuild/get_externals.bat b/PCbuild/get_externals.bat
index f72c8f6acb4a..57761342ab66 100644
--- a/PCbuild/get_externals.bat
+++ b/PCbuild/get_externals.bat
@@ -59,7 +59,7 @@ if NOT "%IncludeTkinterSrc%"=="false" set libraries=%libraries% tcl-core-8.6.12.
 if NOT "%IncludeTkinterSrc%"=="false" set libraries=%libraries% tk-8.6.12.0
 if NOT "%IncludeTkinterSrc%"=="false" set libraries=%libraries% tix-8.4.3.6
 set libraries=%libraries%                                       xz-5.2.5
-set libraries=%libraries%                                       zlib-1.2.12
+set libraries=%libraries%                                       zlib-1.2.13
 
 for %%e in (%libraries%) do (
     if exist "%EXTERNALS_DIR%\%%e" (
diff --git a/PCbuild/python.props b/PCbuild/python.props
index 1db13d46a7ad..56060f798e19 100644
--- a/PCbuild/python.props
+++ b/PCbuild/python.props
@@ -67,7 +67,7 @@
     <opensslOutDir>$(ExternalsDir)openssl-bin-1.1.1q\$(ArchName)\</opensslOutDir>
     <opensslIncludeDir>$(opensslOutDir)include</opensslIncludeDir>
     <nasmDir>$(ExternalsDir)\nasm-2.11.06\</nasmDir>
-    <zlibDir>$(ExternalsDir)\zlib-1.2.12\</zlibDir>
+    <zlibDir>$(ExternalsDir)\zlib-1.2.13\</zlibDir>
     
     <!-- Suffix for all binaries when building for debug -->
     <PyDebugExt Condition="'$(PyDebugExt)' == '' and $(Configuration) == 'Debug'">_d</PyDebugExt>

More information about the Python-checkins mailing list