head 1.4; access; symbols pkgsrc-2013Q2:1.4.0.46 pkgsrc-2013Q2-base:1.4 pkgsrc-2012Q4:1.4.0.44 pkgsrc-2012Q4-base:1.4 pkgsrc-2011Q4:1.4.0.42 pkgsrc-2011Q4-base:1.4 pkgsrc-2011Q2:1.4.0.40 pkgsrc-2011Q2-base:1.4 pkgsrc-2009Q4:1.4.0.38 pkgsrc-2009Q4-base:1.4 pkgsrc-2008Q4:1.4.0.36 pkgsrc-2008Q4-base:1.4 pkgsrc-2008Q3:1.4.0.34 pkgsrc-2008Q3-base:1.4 cube-native-xorg:1.4.0.32 cube-native-xorg-base:1.4 pkgsrc-2008Q2:1.4.0.30 pkgsrc-2008Q2-base:1.4 pkgsrc-2008Q1:1.4.0.28 pkgsrc-2008Q1-base:1.4 pkgsrc-2007Q4:1.4.0.26 pkgsrc-2007Q4-base:1.4 pkgsrc-2007Q3:1.4.0.24 pkgsrc-2007Q3-base:1.4 pkgsrc-2007Q2:1.4.0.22 pkgsrc-2007Q2-base:1.4 pkgsrc-2007Q1:1.4.0.20 pkgsrc-2007Q1-base:1.4 pkgsrc-2006Q4:1.4.0.18 pkgsrc-2006Q4-base:1.4 pkgsrc-2006Q3:1.4.0.16 pkgsrc-2006Q3-base:1.4 pkgsrc-2006Q2:1.4.0.14 pkgsrc-2006Q2-base:1.4 pkgsrc-2006Q1:1.4.0.12 pkgsrc-2006Q1-base:1.4 pkgsrc-2005Q4:1.4.0.10 pkgsrc-2005Q4-base:1.4 pkgsrc-2005Q3:1.4.0.8 pkgsrc-2005Q3-base:1.4 pkgsrc-2005Q2:1.4.0.6 pkgsrc-2005Q2-base:1.4 pkgsrc-2005Q1:1.4.0.4 pkgsrc-2005Q1-base:1.4 pkgsrc-2004Q4:1.4.0.2 pkgsrc-2004Q4-base:1.4 pkgsrc-2004Q3:1.3.0.2 pkgsrc-2004Q3-base:1.3 pkgsrc-2004Q2:1.2.0.4 pkgsrc-2004Q2-base:1.2 pkgsrc-2004Q1:1.2.0.2 pkgsrc-2004Q1-base:1.2 pkgsrc-2003Q4:1.1.0.4 pkgsrc-2003Q4-base:1.1 netbsd-1-6-1:1.1.0.2; locks; strict; comment @# @; 1.4 date 2004.11.04.14.17.55; author adam; state dead; branches; next 1.3; 1.3 date 2004.08.31.23.16.23; author reed; state Exp; branches; next 1.2; 1.2 date 2004.01.12.21.19.50; author adam; state dead; branches; next 1.1; 1.1 date 2003.03.05.13.05.45; author salo; state Exp; branches 1.1.2.1; next ; 1.1.2.1 date 2003.03.05.13.05.45; author grant; state dead; branches; next 1.1.2.2; 1.1.2.2 date 2003.06.19.00.51.33; author grant; state Exp; branches; next ; desc @@ 1.4 log @Changes 1.2.2: * Eliminate a potential security vulnerability when decoding invalid compressed data * Fix bug when decompressing dynamic blocks with no distance codes * Do not return error when using gzread() on an empty file @ text @$NetBSD: patch-ac,v 1.3 2004/08/31 23:16:23 reed Exp $ --- inflate.c.orig Sat Oct 25 23:15:36 2003 +++ inflate.c @@@@ -861,6 +861,9 @@@@ int flush; } } + if (state->mode == BAD) + break; + /* build code tables */ state->next = state->codes; state->lencode = (code const FAR *)(state->next); @ 1.3 log @Added two patches for fixing possible security issue. The CVS security ID is CAN-2004-0797. The fix is same as used by OpenBSD, Debian and Gentoo. (Didn't see any reference to issue on zlib webpages.) The OpenBSD announcement "zlib reliabilty fix" says: "could allow an attacker to crash programs linked with it." And the Gentoo announcement says "zlib contains a bug in the handling of errors in the inflate() and inflateBack() functions. ... An attacker could exploit this vulnerability to launch a Denial of Service attack on any application using the zlib library." PKGREVISION is bumped and BUILDLINK_RECOMMENDED.zlib added to buildlink3.mk file. @ text @d1 1 a1 1 $NetBSD$ @ 1.2 log @Changes 1.2.1: * inflate is about 20% faster and minimizes memory allocation * crc32 is about 50% faster * new functions and functionality * more supported architectures @ text @d1 1 a1 1 $NetBSD: patch-ac,v 1.1 2003/03/05 13:05:45 salo Exp $ d3 5 a7 5 --- configure.orig 1998-07-08 20:19:35.000000000 +0200 +++ configure 2003-03-05 04:04:33.000000000 +0100 @@@@ -181,6 +181,32 @@@@ echo Checking for mmap support... No. fi d9 2 a10 11 +cat > $test.c < +char *p; +int main() { return snprintf(p, 10, "1234567890"); } +EOF +if test "`($CC -c $CFLAGS $test.c) 2>&1`" = ""; then + echo "Checking for snprintf... Yes." + CFLAGS="$CFLAGS -DHAS_snprintf" +else + echo "Checking for snprintf... No." +fi d12 3 a14 26 +cat > $test.c < +#include +char *p; +va_list ap; +int main() { return vsnprintf(p, 10, "1234567890", ap); } +EOF +if test "`($CC -c $CFLAGS $test.c) 2>&1`" = ""; then + echo "Checking for vsnprintf... Yes." + CFLAGS="$CFLAGS -DHAS_vsnprintf" +else + echo "Checking for vsnprintf... No." +fi + CPP=${CPP-"$CC -E"} case $CFLAGS in *ASMV*) @@@@ -195,7 +221,7 @@@@ rm -f $test.[co] $test$shared_ext # udpate Makefile -sed < Makefile.in " +sed < lt.mk " /^CC *=/s%=.*%=$CC% /^CFLAGS *=/s%=.*%=$CFLAGS% /^CPP *=/s%=.*%=$CPP% @ 1.1 log @Added fix for CAN-2003-0107 - Buffer overflow in the gzprintf function in zlib 1.1.4, when zlib is compiled without vsnprintf or when long inputs are truncated using vsnprintf, allows attackers to cause a denial of service or possibly execute arbitrary code. From OpenBSD. Restore configure target and add check for [v]snprintf. Bump PKGREVISION. @ text @d1 1 a1 1 $NetBSD$ @ 1.1.2.1 log @file patch-ac was added on branch netbsd-1-6-1 on 2003-06-19 00:51:33 +0000 @ text @d1 46 @ 1.1.2.2 log @Create new file from rev 1.1 (requested by salo in ticket #1291): Darwin has no static libz, mark it incompatible. mark Linux zlib as incompatible to avoid using base zlib which can cause problems with pkgsrc libtool, eg. libtool: link: AGE `4' is greater than the current interface number `1' libtool: link: `1:1:4' is not valid version information libtool: install: `libz.la' is not a valid libtool archive Added fix for CAN-2003-0107 - Buffer overflow in the gzprintf function in zlib 1.1.4, when zlib is compiled without vsnprintf or when long inputs are truncated using vsnprintf, allows attackers to cause a denial of service or possibly execute arbitrary code. From OpenBSD. Restore configure target and add check for [v]snprintf. Bump PKGREVISION. @ text @a0 46 $NetBSD: patch-ac,v 1.1.2.1 2003/06/19 00:51:33 grant Exp $ --- configure.orig 1998-07-08 20:19:35.000000000 +0200 +++ configure 2003-03-05 04:04:33.000000000 +0100 @@@@ -181,6 +181,32 @@@@ echo Checking for mmap support... No. fi +cat > $test.c < +char *p; +int main() { return snprintf(p, 10, "1234567890"); } +EOF +if test "`($CC -c $CFLAGS $test.c) 2>&1`" = ""; then + echo "Checking for snprintf... Yes." + CFLAGS="$CFLAGS -DHAS_snprintf" +else + echo "Checking for snprintf... No." +fi + +cat > $test.c < +#include +char *p; +va_list ap; +int main() { return vsnprintf(p, 10, "1234567890", ap); } +EOF +if test "`($CC -c $CFLAGS $test.c) 2>&1`" = ""; then + echo "Checking for vsnprintf... Yes." + CFLAGS="$CFLAGS -DHAS_vsnprintf" +else + echo "Checking for vsnprintf... No." +fi + CPP=${CPP-"$CC -E"} case $CFLAGS in *ASMV*) @@@@ -195,7 +221,7 @@@@ rm -f $test.[co] $test$shared_ext # udpate Makefile -sed < Makefile.in " +sed < lt.mk " /^CC *=/s%=.*%=$CC% /^CFLAGS *=/s%=.*%=$CFLAGS% /^CPP *=/s%=.*%=$CPP% @