pkgsrc-changes: CVS commit: pkgsrc/devel/zlib

Subject: CVS commit: pkgsrc/devel/zlib
To: None <pkgsrc-changes@NetBSD.org>
From: Jeremy C. Reed <reed@netbsd.org>
List: pkgsrc-changes
Date: 08/31/2004 23:16:23

Module Name:	pkgsrc
Committed By:	reed
Date:		Tue Aug 31 23:16:23 UTC 2004

Modified Files:
	pkgsrc/devel/zlib: Makefile buildlink3.mk distinfo
Added Files:
	pkgsrc/devel/zlib/patches: patch-ab patch-ac

Log Message:
Added two patches for fixing possible security issue.
The CVS security ID is CAN-2004-0797.

The fix is same as used by OpenBSD, Debian and Gentoo.
(Didn't see any reference to issue on zlib webpages.)

The OpenBSD announcement "zlib reliabilty fix" says:
"could allow an attacker to crash programs linked
with it."

And the Gentoo announcement says "zlib contains a bug in the handling
of errors in the inflate() and inflateBack() functions. ... An
attacker could exploit this vulnerability to launch a Denial of
Service attack on any application using the zlib library."

PKGREVISION is bumped and BUILDLINK_RECOMMENDED.zlib added to
buildlink3.mk file.


To generate a diff of this commit:
cvs rdiff -r1.25 -r1.26 pkgsrc/devel/zlib/Makefile
cvs rdiff -r1.16 -r1.17 pkgsrc/devel/zlib/buildlink3.mk
cvs rdiff -r1.8 -r1.9 pkgsrc/devel/zlib/distinfo
cvs rdiff -r0 -r1.3 pkgsrc/devel/zlib/patches/patch-ab \
    pkgsrc/devel/zlib/patches/patch-ac

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.