Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

build: failure to build rocksdbjavastatic due to the pulling of zlib 1.12.2 #206

Closed
isaac-io opened this issue Oct 26, 2022 · 0 comments · Fixed by #207
Closed

build: failure to build rocksdbjavastatic due to the pulling of zlib 1.12.2 #206

isaac-io opened this issue Oct 26, 2022 · 0 comments · Fixed by #207
Assignees
@isaac-io
Labels
build Build related
Milestone
v2.1.0

Comments

@isaac-io
Copy link
Contributor

Trying to build the rocksdbjavastatic target results in the following error output and build failure:

curl --fail --output zlib-1.2.12.tar.gz --location http://zlib.net/zlib-1.2.12.tar.gz
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
  0     0    0     0    0     0      0      0 --:--:-- --:--:-- --:--:--     0
curl: (22) The requested URL returned error: 404 Not Found

This is caused by the pulling of version 1.12.2 due to a CVE that was discovered (https://nvd.nist.gov/vuln/detail/CVE-2022-37434). Long term we need to vendor our dependencies for reproducible builds, as Meta does, but for now let's update to 1.12.3 in order to allow the release of v2.1.0.

To Reproduce

Run make rocksdbjavastatic.

Expected behavior

The build succeeds.

Additional context

N/A
@isaac-io isaac-io added the build Build related label Oct 26, 2022
@isaac-io isaac-io added this to the v2.1.0 milestone Oct 26, 2022
@isaac-io isaac-io self-assigned this Oct 26, 2022
isaac-io added a commit that referenced this issue Oct 26, 2022
@isaac-io
build: update zlib to 1.12.3 (#206)
814bd7e 
zlib 1.12.2 was pulled due to https://nvd.nist.gov/vuln/detail/CVE-2022-37434
and is no longer available. This breaks the build, and prevents version
release. Update to 1.12.3 to allow the build to work.
@isaac-io isaac-io linked a pull request Oct 26, 2022 that will close this issue
build: update zlib to 1.12.3 (#206) #207
Merged
isaac-io added a commit that referenced this issue Oct 26, 2022
@isaac-io
build: update zlib to 1.12.3 (#206)
a772e84 
zlib 1.12.2 was pulled due to https://nvd.nist.gov/vuln/detail/CVE-2022-37434
and is no longer available. This breaks the build, and prevents version
release. Update to 1.12.3 to allow the build to work.
isaac-io added a commit that referenced this issue Oct 26, 2022
@isaac-io
build: update zlib to 1.12.3 (#206)
553c23c 
zlib 1.12.2 was pulled due to https://nvd.nist.gov/vuln/detail/CVE-2022-37434
and is no longer available. This breaks the build, and prevents version
release. Update to 1.12.3 to allow the build to work.
Yuval-Ariel pushed a commit that referenced this issue Nov 24, 2022
@isaac-io @Yuval-Ariel
build: update zlib to 1.2.13 (#206)
f1f5681 
zlib 1.2.12 was pulled due to https://nvd.nist.gov/vuln/detail/CVE-2022-37434
and is no longer available. This breaks the build, and prevents version
release. Update to 1.2.13 to allow the build to work.
Yuval-Ariel pushed a commit that referenced this issue Nov 25, 2022
@isaac-io @Yuval-Ariel
build: update zlib to 1.2.13 (#206)
bc766ae 
zlib 1.2.12 was pulled due to https://nvd.nist.gov/vuln/detail/CVE-2022-37434
and is no longer available. This breaks the build, and prevents version
release. Update to 1.2.13 to allow the build to work.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@isaac-io isaac-io

Labels
build Build related
Projects
None yet
Milestone
v2.1.0
Development

Successfully merging a pull request may close this issue.

build: update zlib to 1.12.3 (#206) speedb-io/speedb
1 participant
@isaac-io