| Age | Commit message (Collapse) | Author | Files | Lines |
|---|
|
developer is officially maintaining the package.
The rationale for changing this from "tech-pkg" to "pkgsrc-users" is
that it implies that any user can try to maintain the package (by
submitting patches to the mailing list). Since the folks most likely
to care about the package are the folks that want to use it or are
already using it, this would leverage the energy of users who aren't
developers.
|
|
|
|
this fixes (at least) another security problem (DoS, CAN-2005-1849)
changes:
-Eliminate a potential security vulnerability when decoding invalid
compressed data
-Eliminate a potential security vulnerability when decoding specially
crafted compressed data
-Fix a bug when decompressing dynamic blocks with no distance codes
-Fix crc check bug in gzread() after gzungetc()
-Do not return an error when using gzread() on an empty file
|
|
|
|
|
|
* Eliminate a potential security vulnerability when decoding invalid compressed data
* Fix bug when decompressing dynamic blocks with no distance codes
* Do not return error when using gzread() on an empty file
|
|
in the process. (More information on tech-pkg.)
Bump PKGREVISION and BUILDLINK_DEPENDS of all packages using libtool and
installing .la files.
Bump PKGREVISION (only) of all packages depending directly on the above
via a buildlink3 include.
|
|
The CVS security ID is CAN-2004-0797.
The fix is same as used by OpenBSD, Debian and Gentoo.
(Didn't see any reference to issue on zlib webpages.)
The OpenBSD announcement "zlib reliabilty fix" says:
"could allow an attacker to crash programs linked
with it."
And the Gentoo announcement says "zlib contains a bug in the handling
of errors in the inflate() and inflateBack() functions. ... An
attacker could exploit this vulnerability to launch a Denial of
Service attack on any application using the zlib library."
PKGREVISION is bumped and BUILDLINK_RECOMMENDED.zlib added to
buildlink3.mk file.
|
|
|
|
|
|
pkgviews. Closes PR pkg/24081 by Min Sik Kim.
|
|
* inflate is about 20% faster and minimizes memory allocation
* crc32 is about 50% faster
* new functions and functionality
* more supported architectures
|
|
|
|
|
|
Should anybody feel like they could be the maintainer for any of thewe packages,
please adjust.
|
|
|
|
Buffer overflow in the gzprintf function in zlib 1.1.4, when zlib is compiled
without vsnprintf or when long inputs are truncated using vsnprintf, allows
attackers to cause a denial of service or possibly execute arbitrary code.
From OpenBSD.
Restore configure target and add check for [v]snprintf.
Bump PKGREVISION.
|
|
|
|
|
|
buildlink2.mk files back into the main trunk. This provides sufficient
buildlink2 infrastructure to start merging other packages from the
buildlink2 branch that have already been converted to use the buildlink2
framework.
|
|
NetBSD releases that need it. Closes pkg/14782.
|
|
Changes since 1.1.3:
- ZFREE was repeated on same allocation on some error conditions.
This creates a security problem described in
http://www.zlib.org/advisory-2002-03-11.txt
- Returned incorrect error (Z_MEM_ERROR) on some invalid data
- Avoid accesses before window for invalid distances with inflate window
less than 32K.
- force windowBits > 8 to avoid a bug in the encoder for a window size
of 256 bytes. (A complete fix will be available in 1.1.5).
|
|
This package works fine under RedHat 5.0 (I'm still trying to work out
what karma I broke in order to be in a position to know this...)
|
|
|
|
|
|
under Solaris to avoid circular dependence.
|
|
|
|
(Use libtool to build this if it's installed; does not require port of
NetBSD's share/mk for bootstrapping; old BSD-mk based build is still
available as fallback if no libtool is found)
|
|
|
|
Addresses pkg/10795.
|
|
version of the libz Makefile from basesrc to build this package.
Mark this package as only for Solaris platforms.
|
|
|
|
|
