pkgsrc-Changes-HG archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
[pkgsrc/trunk]: pkgsrc/devel/zlib Added two patches for fixing possible secur...
details: https://anonhg.NetBSD.org/pkgsrc/rev/c74314850ae9
branches: trunk
changeset: 480177:c74314850ae9
user: reed <reed%pkgsrc.org@localhost>
date: Tue Aug 31 23:16:23 2004 +0000
description:
Added two patches for fixing possible security issue.
The CVS security ID is CAN-2004-0797.
The fix is same as used by OpenBSD, Debian and Gentoo.
(Didn't see any reference to issue on zlib webpages.)
The OpenBSD announcement "zlib reliabilty fix" says:
"could allow an attacker to crash programs linked
with it."
And the Gentoo announcement says "zlib contains a bug in the handling
of errors in the inflate() and inflateBack() functions. ... An
attacker could exploit this vulnerability to launch a Denial of
Service attack on any application using the zlib library."
PKGREVISION is bumped and BUILDLINK_RECOMMENDED.zlib added to
buildlink3.mk file.
diffstat:
devel/zlib/Makefile | 4 ++--
devel/zlib/buildlink3.mk | 3 ++-
devel/zlib/distinfo | 4 +++-
devel/zlib/patches/patch-ab | 14 ++++++++++++++
devel/zlib/patches/patch-ac | 14 ++++++++++++++
5 files changed, 35 insertions(+), 4 deletions(-)
diffs (78 lines):
diff -r e46c9e9efbc7 -r c74314850ae9 devel/zlib/Makefile
--- a/devel/zlib/Makefile Tue Aug 31 21:48:55 2004 +0000
+++ b/devel/zlib/Makefile Tue Aug 31 23:16:23 2004 +0000
@@ -1,7 +1,7 @@
-# $NetBSD: Makefile,v 1.25 2004/05/08 01:06:26 tv Exp $
+# $NetBSD: Makefile,v 1.26 2004/08/31 23:16:23 reed Exp $
DISTNAME= zlib-1.2.1
-PKGREVISION= 1
+PKGREVISION= 2
CATEGORIES= devel
MASTER_SITES= ${MASTER_SITE_SOURCEFORGE:=libpng/} \
http://www.libpng.org/pub/png/src/ \
diff -r e46c9e9efbc7 -r c74314850ae9 devel/zlib/buildlink3.mk
--- a/devel/zlib/buildlink3.mk Tue Aug 31 21:48:55 2004 +0000
+++ b/devel/zlib/buildlink3.mk Tue Aug 31 23:16:23 2004 +0000
@@ -1,4 +1,4 @@
-# $NetBSD: buildlink3.mk,v 1.16 2004/03/10 17:57:14 jlam Exp $
+# $NetBSD: buildlink3.mk,v 1.17 2004/08/31 23:16:23 reed Exp $
BUILDLINK_DEPTH:= ${BUILDLINK_DEPTH}+
ZLIB_BUILDLINK3_MK:= ${ZLIB_BUILDLINK3_MK}+
@@ -12,6 +12,7 @@
.if !empty(ZLIB_BUILDLINK3_MK:M+)
BUILDLINK_DEPENDS.zlib+= zlib>=1.1.4nb1
+BUILDLINK_RECOMMENDED.zlib+= zlib>=1.2.1nb2
BUILDLINK_PKGSRCDIR.zlib?= ../../devel/zlib
.endif # ZLIB_BUILDLINK3_MK
diff -r e46c9e9efbc7 -r c74314850ae9 devel/zlib/distinfo
--- a/devel/zlib/distinfo Tue Aug 31 21:48:55 2004 +0000
+++ b/devel/zlib/distinfo Tue Aug 31 23:16:23 2004 +0000
@@ -1,5 +1,7 @@
-$NetBSD: distinfo,v 1.8 2004/05/26 03:20:38 jschauma Exp $
+$NetBSD: distinfo,v 1.9 2004/08/31 23:16:23 reed Exp $
SHA1 (zlib-1.2.1.tar.gz) = a3d51efc98b87b9ebd1a528d726007b0cb08a612
Size (zlib-1.2.1.tar.gz) = 345833 bytes
SHA1 (patch-aa) = 98ad332ebd33ab7eaa4fc8ee9a4b9269ba823b49
+SHA1 (patch-ab) = 1632590ca7c324d895686bab9c32cf104e9aa058
+SHA1 (patch-ac) = a345342e69d09c1172ac5c968511f4657fdd80cb
diff -r e46c9e9efbc7 -r c74314850ae9 devel/zlib/patches/patch-ab
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/devel/zlib/patches/patch-ab Tue Aug 31 23:16:23 2004 +0000
@@ -0,0 +1,14 @@
+$NetBSD: patch-ab,v 1.3 2004/08/31 23:16:23 reed Exp $
+
+--- infback.c.orig Mon Aug 11 16:48:06 2003
++++ infback.c
+@@ -434,6 +434,9 @@ void FAR *out_desc;
+ }
+ }
+
++ if (state->mode == BAD)
++ break;
++
+ /* build code tables */
+ state->next = state->codes;
+ state->lencode = (code const FAR *)(state->next);
diff -r e46c9e9efbc7 -r c74314850ae9 devel/zlib/patches/patch-ac
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/devel/zlib/patches/patch-ac Tue Aug 31 23:16:23 2004 +0000
@@ -0,0 +1,14 @@
+$NetBSD: patch-ac,v 1.3 2004/08/31 23:16:23 reed Exp $
+
+--- inflate.c.orig Sat Oct 25 23:15:36 2003
++++ inflate.c
+@@ -861,6 +861,9 @@ int flush;
+ }
+ }
+
++ if (state->mode == BAD)
++ break;
++
+ /* build code tables */
+ state->next = state->codes;
+ state->lencode = (code const FAR *)(state->next);
Home |
Main Index |
Thread Index |
Old Index