head 1.6; access; symbols pkgsrc-2013Q2:1.6.0.40 pkgsrc-2013Q2-base:1.6 pkgsrc-2012Q4:1.6.0.38 pkgsrc-2012Q4-base:1.6 pkgsrc-2011Q4:1.6.0.36 pkgsrc-2011Q4-base:1.6 pkgsrc-2011Q2:1.6.0.34 pkgsrc-2011Q2-base:1.6 pkgsrc-2009Q4:1.6.0.32 pkgsrc-2009Q4-base:1.6 pkgsrc-2008Q4:1.6.0.30 pkgsrc-2008Q4-base:1.6 pkgsrc-2008Q3:1.6.0.28 pkgsrc-2008Q3-base:1.6 cube-native-xorg:1.6.0.26 cube-native-xorg-base:1.6 pkgsrc-2008Q2:1.6.0.24 pkgsrc-2008Q2-base:1.6 pkgsrc-2008Q1:1.6.0.22 pkgsrc-2008Q1-base:1.6 pkgsrc-2007Q4:1.6.0.20 pkgsrc-2007Q4-base:1.6 pkgsrc-2007Q3:1.6.0.18 pkgsrc-2007Q3-base:1.6 pkgsrc-2007Q2:1.6.0.16 pkgsrc-2007Q2-base:1.6 pkgsrc-2007Q1:1.6.0.14 pkgsrc-2007Q1-base:1.6 pkgsrc-2006Q4:1.6.0.12 pkgsrc-2006Q4-base:1.6 pkgsrc-2006Q3:1.6.0.10 pkgsrc-2006Q3-base:1.6 pkgsrc-2006Q2:1.6.0.8 pkgsrc-2006Q2-base:1.6 pkgsrc-2006Q1:1.6.0.6 pkgsrc-2006Q1-base:1.6 pkgsrc-2005Q4:1.6.0.4 pkgsrc-2005Q4-base:1.6 pkgsrc-2005Q3:1.6.0.2 pkgsrc-2005Q3-base:1.6 pkgsrc-2005Q2:1.4.0.6 pkgsrc-2005Q2-base:1.4 pkgsrc-2005Q1:1.4.0.4 pkgsrc-2005Q1-base:1.4 pkgsrc-2004Q4:1.4.0.2 pkgsrc-2004Q4-base:1.4 pkgsrc-2004Q3:1.3.0.2 pkgsrc-2004Q3-base:1.3 pkgsrc-2004Q2:1.2.0.4 pkgsrc-2004Q2-base:1.2 pkgsrc-2004Q1:1.2.0.2 pkgsrc-2004Q1-base:1.2 pkgsrc-2003Q4:1.1.0.10 pkgsrc-2003Q4-base:1.1 netbsd-1-6-1:1.1.0.6 netbsd-1-6-1-base:1.1 netbsd-1-6:1.1.0.8 netbsd-1-6-RELEASE-base:1.1 pkgviews:1.1.0.4 pkgviews-base:1.1 buildlink2:1.1.0.2 buildlink2-base:1.1 netbsd-1-5-PATCH003:1.1 netbsd-1-5-PATCH001:1.1 netbsd-1-5-RELEASE:1.1 netbsd-1-4-PATCH003:1.1 netbsd-1-4-PATCH002:1.1 comdex-fall-1999:1.1; locks; strict; comment @# @; 1.6 date 2005.07.22.16.04.44; author drochner; state dead; branches; next 1.5; 1.5 date 2005.07.07.10.43.19; author drochner; state Exp; branches; next 1.4; 1.4 date 2004.11.04.14.17.55; author adam; state dead; branches 1.4.6.1; next 1.3; 1.3 date 2004.08.31.23.16.23; author reed; state Exp; branches; next 1.2; 1.2 date 2004.01.12.21.19.50; author adam; state dead; branches; next 1.1; 1.1 date 99.09.24.14.37.40; author agc; state Exp; branches; next ; 1.4.6.1 date 2005.07.07.20.52.10; author snj; state Exp; branches; next 1.4.6.2; 1.4.6.2 date 2005.07.27.04.30.25; author snj; state dead; branches; next ; desc @@ 1.6 log @update to 1.2.3 this fixes (at least) another security problem (DoS, CAN-2005-1849) changes: -Eliminate a potential security vulnerability when decoding invalid compressed data -Eliminate a potential security vulnerability when decoding specially crafted compressed data -Fix a bug when decompressing dynamic blocks with no distance codes -Fix crc check bug in gzread() after gzungetc() -Do not return an error when using gzread() on an empty file @ text @$NetBSD: patch-ab,v 1.5 2005/07/07 10:43:19 drochner Exp $ --- inftrees.c.orig 2005-07-07 12:31:09.000000000 +0200 +++ inftrees.c @@@@ -134,7 +134,7 @@@@ unsigned short FAR *work; left -= count[len]; if (left < 0) return -1; /* over-subscribed */ } - if (left > 0 && (type == CODES || (codes - count[0] != 1))) + if (left > 0 && (type == CODES || max != 1)) return -1; /* incomplete set */ /* generate offsets into symbol table for each length for sorting */ @ 1.5 log @add a patch for CAN-2005-2096, from Debian @ text @d1 1 a1 1 $NetBSD$ @ 1.4 log @Changes 1.2.2: * Eliminate a potential security vulnerability when decoding invalid compressed data * Fix bug when decompressing dynamic blocks with no distance codes * Do not return error when using gzread() on an empty file @ text @d1 1 a1 1 $NetBSD: patch-ab,v 1.3 2004/08/31 23:16:23 reed Exp $ d3 9 a11 5 --- infback.c.orig Mon Aug 11 16:48:06 2003 +++ infback.c @@@@ -434,6 +434,9 @@@@ void FAR *out_desc; } } d13 1 a13 6 + if (state->mode == BAD) + break; + /* build code tables */ state->next = state->codes; state->lencode = (code const FAR *)(state->next); @ 1.4.6.1 log @Pullup ticket 590 - requested by Matthias Drochner security fix for zlib Revisions pulled up: - pkgsrc/devel/zlib/Makefile 1.30 - pkgsrc/devel/zlib/distinfo 1.13 - pkgsrc/devel/zlib/patches/patch-ab 1.5 - pkgsrc/devel/zlib/buildlink3.mk 1.19 Module Name: pkgsrc Committed By: drochner Date: Thu Jul 7 10:43:19 UTC 2005 Modified Files: pkgsrc/devel/zlib: Makefile distinfo Added Files: pkgsrc/devel/zlib/patches: patch-ab Log Message: add a patch for CAN-2005-2096, from Debian ---- Module Name: pkgsrc Committed By: tron Date: Thu Jul 7 11:46:55 UTC 2005 Modified Files: pkgsrc/devel/zlib: buildlink3.mk Log Message: Bump recommented version to 1.2.2nb1 because of CAN-2005-2096. @ text @d1 1 a1 1 $NetBSD$ d3 5 a7 9 --- inftrees.c.orig 2005-07-07 12:31:09.000000000 +0200 +++ inftrees.c @@@@ -134,7 +134,7 @@@@ unsigned short FAR *work; left -= count[len]; if (left < 0) return -1; /* over-subscribed */ } - if (left > 0 && (type == CODES || (codes - count[0] != 1))) + if (left > 0 && (type == CODES || max != 1)) return -1; /* incomplete set */ d9 6 a14 1 /* generate offsets into symbol table for each length for sorting */ @ 1.4.6.2 log @Pullup ticket 626 - requested by Matthias Drochner security update for zlib Revisions pulled up: - pkgsrc/devel/zlib/Makefile 1.31 - pkgsrc/devel/zlib/buildlink3.mk 1.20 - pkgsrc/devel/zlib/distinfo 1.14 - pkgsrc/devel/zlib/patches/patch-ab removed Module Name: pkgsrc Committed By: drochner Date: Fri Jul 22 16:04:44 UTC 2005 Modified Files: pkgsrc/devel/zlib: Makefile buildlink3.mk distinfo Removed Files: pkgsrc/devel/zlib/patches: patch-ab Log Message: update to 1.2.3 this fixes (at least) another security problem (DoS, CAN-2005-1849) changes: -Eliminate a potential security vulnerability when decoding invalid compressed data -Eliminate a potential security vulnerability when decoding specially crafted compressed data -Fix a bug when decompressing dynamic blocks with no distance codes -Fix crc check bug in gzread() after gzungetc() -Do not return an error when using gzread() on an empty file @ text @d1 1 a1 1 $NetBSD: patch-ab,v 1.4.6.1 2005/07/07 20:52:10 snj Exp $ @ 1.3 log @Added two patches for fixing possible security issue. The CVS security ID is CAN-2004-0797. The fix is same as used by OpenBSD, Debian and Gentoo. (Didn't see any reference to issue on zlib webpages.) The OpenBSD announcement "zlib reliabilty fix" says: "could allow an attacker to crash programs linked with it." And the Gentoo announcement says "zlib contains a bug in the handling of errors in the inflate() and inflateBack() functions. ... An attacker could exploit this vulnerability to launch a Denial of Service attack on any application using the zlib library." PKGREVISION is bumped and BUILDLINK_RECOMMENDED.zlib added to buildlink3.mk file. @ text @d1 1 a1 1 $NetBSD$ @ 1.2 log @Changes 1.2.1: * inflate is about 20% faster and minimizes memory allocation * crc32 is about 50% faster * new functions and functionality * more supported architectures @ text @d1 1 a1 1 $NetBSD: patch-ab,v 1.1 1999/09/24 14:37:40 agc Exp $ d3 12 a14 34 Use a version of the basesrc Makefile --- /dev/null Fri Sep 24 15:02:44 1999 +++ bsd.mk Fri Sep 24 15:19:26 1999 @@@@ -0,0 +1,29 @@@@ +# Original NetBSD: Makefile,v 1.13 1999/07/09 07:07:13 garbled Exp + +LIB= z +MKMAN= no + +SRCS= adler32.c compress.c crc32.c deflate.c gzio.c infblock.c \ + infcodes.c inffast.c inflate.c inftrees.c infutil.c trees.c uncompr.c \ + zutil.c + +CPPFLAGS+= -I${.CURDIR} + +CLEANFILES+= minigzip + +INCS= zconf.h zlib.h +INCSDIR=${PREFIX}/include +LIBDIR=${PREFIX}/lib + +SHLIB_MAJOR= 0 +SHLIB_MINOR= 1 + +.include + +test: minigzip + echo hello world | ./minigzip | ./minigzip -d + +# Note: CFLAGS ommitted by intention! +# This is to verify that zlib.h works standalone. +minigzip : minigzip.c libz.a + $(CC) -o minigzip ${.CURDIR}/minigzip.c libz.a @ 1.1 log @Simplify this package, and build and install shared libs, by using a version of the libz Makefile from basesrc to build this package. Mark this package as only for Solaris platforms. @ text @d1 1 a1 1 $NetBSD$ @