summaryrefslogtreecommitdiff
path: root/devel/zlib
diff options
context:
space:
mode:
authorreed <reed>2004-08-31 23:16:23 +0000
committerreed <reed>2004-08-31 23:16:23 +0000
commit8f219c0344164cef8ba6c71a40ca108ad9e71dd5 (patch)
tree1dbd2b1fe164d7d22638e14ffbbe946064feeda3 /devel/zlib
parent77036c007d82f528ca273b56a60a743b0265879e (diff)
downloadpkgsrc-8f219c0344164cef8ba6c71a40ca108ad9e71dd5.tar.gz
Added two patches for fixing possible security issue.
The CVS security ID is CAN-2004-0797. The fix is same as used by OpenBSD, Debian and Gentoo. (Didn't see any reference to issue on zlib webpages.) The OpenBSD announcement "zlib reliabilty fix" says: "could allow an attacker to crash programs linked with it." And the Gentoo announcement says "zlib contains a bug in the handling of errors in the inflate() and inflateBack() functions. ... An attacker could exploit this vulnerability to launch a Denial of Service attack on any application using the zlib library." PKGREVISION is bumped and BUILDLINK_RECOMMENDED.zlib added to buildlink3.mk file.
Diffstat (limited to 'devel/zlib')
-rw-r--r--devel/zlib/Makefile4
-rw-r--r--devel/zlib/buildlink3.mk3
-rw-r--r--devel/zlib/distinfo4
-rw-r--r--devel/zlib/patches/patch-ab14
-rw-r--r--devel/zlib/patches/patch-ac14
5 files changed, 35 insertions, 4 deletions
diff --git a/devel/zlib/Makefile b/devel/zlib/Makefile
index 686e9ae85f5..1b283cd29e6 100644
--- a/devel/zlib/Makefile
+++ b/devel/zlib/Makefile
@@ -1,7 +1,7 @@
-# $NetBSD: Makefile,v 1.25 2004/05/08 01:06:26 tv Exp $
+# $NetBSD: Makefile,v 1.26 2004/08/31 23:16:23 reed Exp $
DISTNAME= zlib-1.2.1
-PKGREVISION= 1
+PKGREVISION= 2
CATEGORIES= devel
MASTER_SITES= ${MASTER_SITE_SOURCEFORGE:=libpng/} \
http://www.libpng.org/pub/png/src/ \
diff --git a/devel/zlib/buildlink3.mk b/devel/zlib/buildlink3.mk
index 05772b6bf27..d578467b69f 100644
--- a/devel/zlib/buildlink3.mk
+++ b/devel/zlib/buildlink3.mk
@@ -1,4 +1,4 @@
-# $NetBSD: buildlink3.mk,v 1.16 2004/03/10 17:57:14 jlam Exp $
+# $NetBSD: buildlink3.mk,v 1.17 2004/08/31 23:16:23 reed Exp $
BUILDLINK_DEPTH:= ${BUILDLINK_DEPTH}+
ZLIB_BUILDLINK3_MK:= ${ZLIB_BUILDLINK3_MK}+
@@ -12,6 +12,7 @@ BUILDLINK_PACKAGES+= zlib
.if !empty(ZLIB_BUILDLINK3_MK:M+)
BUILDLINK_DEPENDS.zlib+= zlib>=1.1.4nb1
+BUILDLINK_RECOMMENDED.zlib+= zlib>=1.2.1nb2
BUILDLINK_PKGSRCDIR.zlib?= ../../devel/zlib
.endif # ZLIB_BUILDLINK3_MK
diff --git a/devel/zlib/distinfo b/devel/zlib/distinfo
index 0c8c8d473e7..18c6f2fa6e5 100644
--- a/devel/zlib/distinfo
+++ b/devel/zlib/distinfo
@@ -1,5 +1,7 @@
-$NetBSD: distinfo,v 1.8 2004/05/26 03:20:38 jschauma Exp $
+$NetBSD: distinfo,v 1.9 2004/08/31 23:16:23 reed Exp $
SHA1 (zlib-1.2.1.tar.gz) = a3d51efc98b87b9ebd1a528d726007b0cb08a612
Size (zlib-1.2.1.tar.gz) = 345833 bytes
SHA1 (patch-aa) = 98ad332ebd33ab7eaa4fc8ee9a4b9269ba823b49
+SHA1 (patch-ab) = 1632590ca7c324d895686bab9c32cf104e9aa058
+SHA1 (patch-ac) = a345342e69d09c1172ac5c968511f4657fdd80cb
diff --git a/devel/zlib/patches/patch-ab b/devel/zlib/patches/patch-ab
new file mode 100644
index 00000000000..4041c7fac03
--- /dev/null
+++ b/devel/zlib/patches/patch-ab
@@ -0,0 +1,14 @@
+$NetBSD: patch-ab,v 1.3 2004/08/31 23:16:23 reed Exp $
+
+--- infback.c.orig Mon Aug 11 16:48:06 2003
++++ infback.c
+@@ -434,6 +434,9 @@ void FAR *out_desc;
+ }
+ }
+
++ if (state->mode == BAD)
++ break;
++
+ /* build code tables */
+ state->next = state->codes;
+ state->lencode = (code const FAR *)(state->next);
diff --git a/devel/zlib/patches/patch-ac b/devel/zlib/patches/patch-ac
new file mode 100644
index 00000000000..a4bd596709b
--- /dev/null
+++ b/devel/zlib/patches/patch-ac
@@ -0,0 +1,14 @@
+$NetBSD: patch-ac,v 1.3 2004/08/31 23:16:23 reed Exp $
+
+--- inflate.c.orig Sat Oct 25 23:15:36 2003
++++ inflate.c
+@@ -861,6 +861,9 @@ int flush;
+ }
+ }
+
++ if (state->mode == BAD)
++ break;
++
+ /* build code tables */
+ state->next = state->codes;
+ state->lencode = (code const FAR *)(state->next);