diff options
| author | salo <salo> | 2003-03-05 13:05:44 +0000 |
|---|---|---|
| committer | salo <salo> | 2003-03-05 13:05:44 +0000 |
| commit | ba5b165afe9a856afb23d426bb3e282dc234bb48 (patch) | |
| tree | 33934c79a856f65cfec143c7e8402016ad429535 /devel | |
| parent | 4b9307eaa2e1925fc0d3d377969bcf3b92ae1c85 (diff) | |
| download | pkgsrc-ba5b165afe9a856afb23d426bb3e282dc234bb48.tar.gz | |
Added fix for CAN-2003-0107 -
Buffer overflow in the gzprintf function in zlib 1.1.4, when zlib is compiled
without vsnprintf or when long inputs are truncated using vsnprintf, allows
attackers to cause a denial of service or possibly execute arbitrary code.
From OpenBSD.
Restore configure target and add check for [v]snprintf.
Bump PKGREVISION.
Diffstat (limited to 'devel')
| -rw-r--r-- | devel/zlib/Makefile | 5 | ||||
| -rw-r--r-- | devel/zlib/buildlink2.mk | 4 | ||||
| -rw-r--r-- | devel/zlib/distinfo | 5 | ||||
| -rw-r--r-- | devel/zlib/patches/patch-aa | 21 | ||||
| -rw-r--r-- | devel/zlib/patches/patch-ac | 46 | ||||
| -rw-r--r-- | devel/zlib/patches/patch-ad | 44 |
6 files changed, 120 insertions, 5 deletions
diff --git a/devel/zlib/Makefile b/devel/zlib/Makefile index fc6b695253d..f6123227f13 100644 --- a/devel/zlib/Makefile +++ b/devel/zlib/Makefile @@ -1,6 +1,7 @@ -# $NetBSD: Makefile,v 1.16 2003/02/28 23:25:21 grant Exp $ +# $NetBSD: Makefile,v 1.17 2003/03/05 13:05:44 salo Exp $ DISTNAME= zlib-1.1.4 +PKGREVISION= 1 CATEGORIES= devel MASTER_SITES= ${MASTER_SITE_SOURCEFORGE:=libpng/} \ http://www.libpng.org/pub/png/src/ \ @@ -14,6 +15,7 @@ COMMENT= General purpose data compression library BUILD_DEPENDS+= libtool-base>=${LIBTOOL_REQD}:../../devel/libtool-base USE_BUILDLINK2= # defined +HAS_CONFIGURE= # defined #NOT_FOR_PLATFORM= NetBSD-1.[4-9]*-* # in base NetBSD system # To avoid circular dependences we must not use "USE_LIBTOOL" but @@ -23,7 +25,6 @@ LIBTOOL= ${LOCALBASE}/bin/libtool PKGLIBTOOL= ${BUILDLINK_LIBTOOL} CONFIGURE_ENV+= LIBTOOL="${PKGLIBTOOL} ${LIBTOOL_FLAGS}" MAKE_ENV+= LIBTOOL="${PKGLIBTOOL} ${LIBTOOL_FLAGS}" -MAKEFILE= lt.mk post-extract: ${CP} ${FILESDIR}/lt.mk ${WRKSRC} diff --git a/devel/zlib/buildlink2.mk b/devel/zlib/buildlink2.mk index de2182a6966..58dc86696dc 100644 --- a/devel/zlib/buildlink2.mk +++ b/devel/zlib/buildlink2.mk @@ -1,11 +1,11 @@ -# $NetBSD: buildlink2.mk,v 1.6 2003/02/28 23:29:34 grant Exp $ +# $NetBSD: buildlink2.mk,v 1.7 2003/03/05 13:05:44 salo Exp $ .if !defined(ZLIB_BUILDLINK2_MK) ZLIB_BUILDLINK2_MK= # defined .include "../../mk/bsd.prefs.mk" -BUILDLINK_DEPENDS.zlib?= zlib>=1.1.3 +BUILDLINK_DEPENDS.zlib?= zlib>=1.1.4nb1 BUILDLINK_PKGSRCDIR.zlib?= ../../devel/zlib .if defined(USE_ZLIB) diff --git a/devel/zlib/distinfo b/devel/zlib/distinfo index fe409f75588..8c1eedbd57f 100644 --- a/devel/zlib/distinfo +++ b/devel/zlib/distinfo @@ -1,5 +1,8 @@ -$NetBSD: distinfo,v 1.3 2002/03/12 00:25:03 wiz Exp $ +$NetBSD: distinfo,v 1.4 2003/03/05 13:05:44 salo Exp $ SHA1 (zlib-1.1.4.tar.gz) = a9d8553979956b54e887d0f090267bcec2856423 Size (zlib-1.1.4.tar.gz) = 181144 bytes +SHA1 (patch-aa) = 126697f6731e3a8e00442baea09f58a7bf70a475 SHA1 (patch-ab) = f154bd3cc566a35e4fcf28d0af849b715631f6dc +SHA1 (patch-ac) = 33449b9e949ea756627e5898f06fd39bb3355c3c +SHA1 (patch-ad) = b188a3d4cfee5899853e129bb89b3905b056fa80 diff --git a/devel/zlib/patches/patch-aa b/devel/zlib/patches/patch-aa new file mode 100644 index 00000000000..4b4731a9206 --- /dev/null +++ b/devel/zlib/patches/patch-aa @@ -0,0 +1,21 @@ +$NetBSD: patch-aa,v 1.3 2003/03/05 13:05:45 salo Exp $ + +--- lt.mk.orig 2003-03-05 04:17:05.000000000 +0100 ++++ lt.mk 2003-03-05 04:18:44.000000000 +0100 +@@ -10,6 +10,7 @@ + zutil.c + + CPPFLAGS+= -I${.CURDIR} ++CFLAGS= + + CLEANFILES+= minigzip + +@@ -34,7 +35,7 @@ + + .SUFFIXES: .lo .c + .c.lo: +- ${LIBTOOL} ${CC} -c $*.c ++ ${LIBTOOL} ${CC} ${CFLAGS} -c $*.c + lib${LIB}.la: ${SRCS:.c=.lo} + ${LIBTOOL} ${CC} -o lib${LIB}.la ${SRCS:.c=.lo} \ + -rpath ${LIBDIR} \ diff --git a/devel/zlib/patches/patch-ac b/devel/zlib/patches/patch-ac new file mode 100644 index 00000000000..ce1abdedf96 --- /dev/null +++ b/devel/zlib/patches/patch-ac @@ -0,0 +1,46 @@ +$NetBSD: patch-ac,v 1.1 2003/03/05 13:05:45 salo Exp $ + +--- configure.orig 1998-07-08 20:19:35.000000000 +0200 ++++ configure 2003-03-05 04:04:33.000000000 +0100 +@@ -181,6 +181,32 @@ + echo Checking for mmap support... No. + fi + ++cat > $test.c <<EOF ++#include <stdio.h> ++char *p; ++int main() { return snprintf(p, 10, "1234567890"); } ++EOF ++if test "`($CC -c $CFLAGS $test.c) 2>&1`" = ""; then ++ echo "Checking for snprintf... Yes." ++ CFLAGS="$CFLAGS -DHAS_snprintf" ++else ++ echo "Checking for snprintf... No." ++fi ++ ++cat > $test.c <<EOF ++#include <stdio.h> ++#include <stdarg.h> ++char *p; ++va_list ap; ++int main() { return vsnprintf(p, 10, "1234567890", ap); } ++EOF ++if test "`($CC -c $CFLAGS $test.c) 2>&1`" = ""; then ++ echo "Checking for vsnprintf... Yes." ++ CFLAGS="$CFLAGS -DHAS_vsnprintf" ++else ++ echo "Checking for vsnprintf... No." ++fi ++ + CPP=${CPP-"$CC -E"} + case $CFLAGS in + *ASMV*) +@@ -195,7 +221,7 @@ + rm -f $test.[co] $test$shared_ext + + # udpate Makefile +-sed < Makefile.in " ++sed < lt.mk " + /^CC *=/s%=.*%=$CC% + /^CFLAGS *=/s%=.*%=$CFLAGS% + /^CPP *=/s%=.*%=$CPP% diff --git a/devel/zlib/patches/patch-ad b/devel/zlib/patches/patch-ad new file mode 100644 index 00000000000..6ad801f87c8 --- /dev/null +++ b/devel/zlib/patches/patch-ad @@ -0,0 +1,44 @@ +$NetBSD: patch-ad,v 1.1 2003/03/05 13:05:45 salo Exp $ + +CAN-2003-0107 - Buffer overflow in the gzprintf function in zlib 1.1.4, when + zlib is compiled without vsnprintf or when long inputs are + truncated using vsnprintf, allows attackers to cause a denial + of service or possibly execute arbitrary code. + +--- gzio.c.orig 2002-03-11 14:16:01.000000000 +0100 ++++ gzio.c 2003-03-05 02:27:14.000000000 +0100 +@@ -530,13 +530,13 @@ + + va_start(va, format); + #ifdef HAS_vsnprintf +- (void)vsnprintf(buf, sizeof(buf), format, va); ++ len = vsnprintf(buf, sizeof(buf), format, va); + #else + (void)vsprintf(buf, format, va); ++ len = strlen(buf); /* some *sprintf don't return the nb of bytes written */ + #endif + va_end(va); +- len = strlen(buf); /* some *sprintf don't return the nb of bytes written */ +- if (len <= 0) return 0; ++ if (len <= 0 || len >= sizeof(buf)) return 0; + + return gzwrite(file, buf, (unsigned)len); + } +@@ -553,14 +553,14 @@ + int len; + + #ifdef HAS_snprintf +- snprintf(buf, sizeof(buf), format, a1, a2, a3, a4, a5, a6, a7, a8, ++ len = snprintf(buf, sizeof(buf), format, a1, a2, a3, a4, a5, a6, a7, a8, + a9, a10, a11, a12, a13, a14, a15, a16, a17, a18, a19, a20); + #else + sprintf(buf, format, a1, a2, a3, a4, a5, a6, a7, a8, + a9, a10, a11, a12, a13, a14, a15, a16, a17, a18, a19, a20); +-#endif + len = strlen(buf); /* old sprintf doesn't return the nb of bytes written */ +- if (len <= 0) return 0; ++#endif ++ if (len <= 0 || len >= sizeof(buf)) return 0; + + return gzwrite(file, buf, len); + } |