[pkgsrc/pkgsrc-2005Q2]: pkgsrc/devel/zlib Pullup ticket 626 - requested by Ma...

[snj <snj%pkgsrc.org@localhost>]

details:   https://anonhg.NetBSD.org/pkgsrc/rev/26b9fa46fcfa
branches:  pkgsrc-2005Q2
changeset: 495902:26b9fa46fcfa
user:      snj <snj%pkgsrc.org@localhost>
date:      Wed Jul 27 04:30:25 2005 +0000

description:
Pullup ticket 626 - requested by Matthias Drochner
security update for zlib

Revisions pulled up:
- pkgsrc/devel/zlib/Makefile            1.31
- pkgsrc/devel/zlib/buildlink3.mk       1.20
- pkgsrc/devel/zlib/distinfo            1.14
- pkgsrc/devel/zlib/patches/patch-ab    removed

    Module Name:    pkgsrc
    Committed By:   drochner
    Date:           Fri Jul 22 16:04:44 UTC 2005

    Modified Files:
            pkgsrc/devel/zlib: Makefile buildlink3.mk distinfo
    Removed Files:
            pkgsrc/devel/zlib/patches: patch-ab

    Log Message:
    update to 1.2.3
    this fixes (at least) another security problem (DoS, CAN-2005-1849)
    changes:
    -Eliminate a potential security vulnerability when decoding invalid
     compressed data
    -Eliminate a potential security vulnerability when decoding specially
     crafted compressed data
    -Fix a bug when decompressing dynamic blocks with no distance codes
    -Fix crc check bug in gzread() after gzungetc()
    -Do not return an error when using gzread() on an empty file

diffstat:

 devel/zlib/Makefile         |   5 ++---
 devel/zlib/buildlink3.mk    |   4 ++--
 devel/zlib/distinfo         |   9 ++++-----
 devel/zlib/patches/patch-ab |  13 -------------
 4 files changed, 8 insertions(+), 23 deletions(-)

diffs (63 lines):

diff -r fe24f82f08ea -r 26b9fa46fcfa devel/zlib/Makefile
--- a/devel/zlib/Makefile       Sun Jul 24 22:12:30 2005 +0000
+++ b/devel/zlib/Makefile       Wed Jul 27 04:30:25 2005 +0000
@@ -1,7 +1,6 @@
-# $NetBSD: Makefile,v 1.29.2.1 2005/07/07 20:52:10 snj Exp $
+# $NetBSD: Makefile,v 1.29.2.2 2005/07/27 04:30:25 snj Exp $
 
-DISTNAME=      zlib-1.2.2
-PKGREVISION=   1
+DISTNAME=      zlib-1.2.3
 CATEGORIES=    devel
 MASTER_SITES=  ${MASTER_SITE_SOURCEFORGE:=libpng/} \
                http://www.libpng.org/pub/png/src/ \
diff -r fe24f82f08ea -r 26b9fa46fcfa devel/zlib/buildlink3.mk
--- a/devel/zlib/buildlink3.mk  Sun Jul 24 22:12:30 2005 +0000
+++ b/devel/zlib/buildlink3.mk  Wed Jul 27 04:30:25 2005 +0000
@@ -1,4 +1,4 @@
-# $NetBSD: buildlink3.mk,v 1.18.6.1 2005/07/07 20:52:10 snj Exp $
+# $NetBSD: buildlink3.mk,v 1.18.6.2 2005/07/27 04:30:25 snj Exp $
 
 BUILDLINK_DEPTH:=      ${BUILDLINK_DEPTH}+
 ZLIB_BUILDLINK3_MK:=   ${ZLIB_BUILDLINK3_MK}+
@@ -12,7 +12,7 @@
 
 .if !empty(ZLIB_BUILDLINK3_MK:M+)
 BUILDLINK_DEPENDS.zlib+=       zlib>=1.1.4nb1
-BUILDLINK_RECOMMENDED.zlib+=   zlib>=1.2.2nb1
+BUILDLINK_RECOMMENDED.zlib+=   zlib>=1.2.3
 BUILDLINK_PKGSRCDIR.zlib?=     ../../devel/zlib
 .endif # ZLIB_BUILDLINK3_MK
 
diff -r fe24f82f08ea -r 26b9fa46fcfa devel/zlib/distinfo
--- a/devel/zlib/distinfo       Sun Jul 24 22:12:30 2005 +0000
+++ b/devel/zlib/distinfo       Wed Jul 27 04:30:25 2005 +0000
@@ -1,7 +1,6 @@
-$NetBSD: distinfo,v 1.12.2.1 2005/07/07 20:52:10 snj Exp $
+$NetBSD: distinfo,v 1.12.2.2 2005/07/27 04:30:25 snj Exp $
 
-SHA1 (zlib-1.2.2.tar.gz) = e6ec67108bfd1f321eb4f1bd192b648725219595
-RMD160 (zlib-1.2.2.tar.gz) = 374a85839d821c75f5630c7effd7f7e2047f67bb
-Size (zlib-1.2.2.tar.gz) = 430469 bytes
+SHA1 (zlib-1.2.3.tar.gz) = 60faeaaf250642db5c0ea36cd6dcc9f99c8f3902
+RMD160 (zlib-1.2.3.tar.gz) = 89a57e336c24f7f6eebda3a1724e14b71187e117
+Size (zlib-1.2.3.tar.gz) = 496597 bytes
 SHA1 (patch-aa) = d3edeb170bf192ca986b00bc984b0de3487068b9
-SHA1 (patch-ab) = e9980a8dc5de17dffce276c147e4909867a4ef8b
diff -r fe24f82f08ea -r 26b9fa46fcfa devel/zlib/patches/patch-ab
--- a/devel/zlib/patches/patch-ab       Sun Jul 24 22:12:30 2005 +0000
+++ /dev/null   Thu Jan 01 00:00:00 1970 +0000
@@ -1,13 +0,0 @@
-$NetBSD: patch-ab,v 1.4.6.1 2005/07/07 20:52:10 snj Exp $
-
---- inftrees.c.orig    2005-07-07 12:31:09.000000000 +0200
-+++ inftrees.c
-@@ -134,7 +134,7 @@ unsigned short FAR *work;
-         left -= count[len];
-         if (left < 0) return -1;        /* over-subscribed */
-     }
--    if (left > 0 && (type == CODES || (codes - count[0] != 1)))
-+    if (left > 0 && (type == CODES || max != 1))
-         return -1;                      /* incomplete set */
- 
-     /* generate offsets into symbol table for each length for sorting */