From 5ec616e6a8f22cbf1e0613c6a0eae3107ede4d3a Mon Sep 17 00:00:00 2001 From: Mikhail Lappo Date: Fri, 21 Oct 2022 22:14:43 +0200 Subject: [PATCH] Update zlib (#31356) (#31357) To mitigate CVE-2022-37434 --- bazel/grpc_deps.bzl | 8 ++++---- third_party/zlib | 2 +- tools/run_tests/sanity/check_submodules.sh | 2 +- 3 files changed, 6 insertions(+), 6 deletions(-) diff --git a/bazel/grpc_deps.bzl b/bazel/grpc_deps.bzl index 58693ebf230..dceeace99b6 100644 --- a/bazel/grpc_deps.bzl +++ b/bazel/grpc_deps.bzl @@ -217,11 +217,11 @@ def grpc_deps(): http_archive( name = "zlib", build_file = "@com_github_grpc_grpc//third_party:zlib.BUILD", - sha256 = "ef47b0fbe646d69a2fc5ba012cb278de8e8946a8e9649f83a807cc05559f0eff", - strip_prefix = "zlib-21767c654d31d2dccdde4330529775c6c5fd5389", + sha256 = "90f43a9c998740e8a0db24b0af0147033db2aaaa99423129abbd76640757cac9", + strip_prefix = "zlib-04f42ceca40f73e2978b50e93806c2a18c1281fc", urls = [ - "https://storage.googleapis.com/grpc-bazel-mirror/github.com/madler/zlib/archive/21767c654d31d2dccdde4330529775c6c5fd5389.tar.gz", - "https://github.com/madler/zlib/archive/21767c654d31d2dccdde4330529775c6c5fd5389.tar.gz", + "https://storage.googleapis.com/grpc-bazel-mirror/github.com/madler/zlib/archive/04f42ceca40f73e2978b50e93806c2a18c1281fc.tar.gz", + "https://github.com/madler/zlib/archive/04f42ceca40f73e2978b50e93806c2a18c1281fc.tar.gz", ], ) diff --git a/third_party/zlib b/third_party/zlib index 21767c654d3..04f42ceca40 160000 --- a/third_party/zlib +++ b/third_party/zlib @@ -1 +1 @@ -Subproject commit 21767c654d31d2dccdde4330529775c6c5fd5389 +Subproject commit 04f42ceca40f73e2978b50e93806c2a18c1281fc diff --git a/tools/run_tests/sanity/check_submodules.sh b/tools/run_tests/sanity/check_submodules.sh index b4fd2b3c053..a535a91bc8f 100755 --- a/tools/run_tests/sanity/check_submodules.sh +++ b/tools/run_tests/sanity/check_submodules.sh @@ -39,7 +39,7 @@ third_party/opentelemetry 60fa8754d890b5c55949a8c68dcfd7ab5c2395df third_party/protobuf 24487dd1045c7f3d64a21f38a3f0c06cc4cf2edb third_party/re2 8e08f47b11b413302749c0d8b17a1c94777495d5 third_party/xds cb28da3451f158a947dfc45090fe92b07b243bc1 -third_party/zlib 21767c654d31d2dccdde4330529775c6c5fd5389 +third_party/zlib 04f42ceca40f73e2978b50e93806c2a18c1281fc EOF diff -u "$submodules" "$want_submodules"