OpenPKG CVS Repository
http://cvs.openpkg.org/
____________________________________________________________________________
Server: cvs.openpkg.org Name: Ralf S. Engelschall
Root: /v/openpkg/cvs Email: [EMAIL PROTECTED]
Module: openpkg-src Date: 06-Jul-2005 19:51:21
Branch: OPENPKG_2_3_SOLID Handle: 2005070618512000
Added files: (Branch: OPENPKG_2_3_SOLID)
openpkg-src/openpkg zlib.patch
Modified files: (Branch: OPENPKG_2_3_SOLID)
openpkg-src/openpkg HISTORY openpkg.spec
Log:
Fix zlib security issue (OpenPKG-SA-2005.013, CAN-2005-2096)
Summary:
Revision Changes Path
1.244.2.7 +3 -0 openpkg-src/openpkg/HISTORY
1.397.2.8 +5 -1 openpkg-src/openpkg/openpkg.spec
1.1.8.2 +14 -0 openpkg-src/openpkg/zlib.patch
____________________________________________________________________________
patch -p0 <<'@@ .'
Index: openpkg-src/openpkg/HISTORY
============================================================================
$ cvs diff -u -r1.244.2.6 -r1.244.2.7 HISTORY
--- openpkg-src/openpkg/HISTORY 10 Jun 2005 16:22:25 -0000
1.244.2.6
+++ openpkg-src/openpkg/HISTORY 6 Jul 2005 17:51:20 -0000
1.244.2.7
@@ -2,6 +2,9 @@
2005
====
+20050706 **** RELEASE AS PART OF OPENPKG 2.3.2 ***
+20050706 Fix zlib security issue (OpenPKG-SA-2005.013, CAN-2005-2096)
+
20050610 **** RELEASE AS PART OF OPENPKG 2.3.2 ***
20050610 patch GNU bzip2, gzip, OpenPKG-SA-2005.010 (CAN-2005-0953,
CAN-2005-1260, CAN-2005-1228)
@@ .
patch -p0 <<'@@ .'
Index: openpkg-src/openpkg/openpkg.spec
============================================================================
$ cvs diff -u -r1.397.2.7 -r1.397.2.8 openpkg.spec
--- openpkg-src/openpkg/openpkg.spec 15 Jun 2005 11:32:26 -0000
1.397.2.7
+++ openpkg-src/openpkg/openpkg.spec 6 Jul 2005 17:51:20 -0000
1.397.2.8
@@ -39,7 +39,7 @@
# o any cc(1)
# the package version/release
-%define V_openpkg 2.3.3
+%define V_openpkg 2.3.4
# the used software versions
%define V_rpm 4.2.1
@@ -133,6 +133,7 @@
Source61: uuid.pod
Source62: uuid.sh
Source63: gzip.c
+Source64: zlib.patch
# build information
Prefix: %{l_prefix}
@@ -527,6 +528,9 @@
sed -e "s;@l_prefix@;%{l_prefix};g" <`SOURCE rpm.patch.regen` |
${l_patch} -p0
rm -rf db/docs # just reduce disk size of source tree
) || exit $?
+ ( cd zlib-%{V_zlib}
+ ${l_patch} -p0 <`SOURCE zlib.patch`
+ ) || exit $?
( cd make-%{V_make}
${l_patch} -p0 <`SOURCE make.patch`
) || exit $?
@@ .
patch -p0 <<'@@ .'
Index: openpkg-src/openpkg/zlib.patch
============================================================================
$ cvs diff -u -r0 -r1.1.8.2 zlib.patch
--- /dev/null 2005-07-06 19:51:04 +0200
+++ zlib.patch 2005-07-06 19:51:21 +0200
@@ -0,0 +1,14 @@
+Fix Security Issue (OpenPKG-SA-2005.013, CAN-2005-2096)
+
+Index: inftrees.c
+--- inftrees.c.orig 2004-09-15 16:30:06 +0200
++++ inftrees.c 2005-07-06 18:31:14 +0200
+@@ -134,7 +134,7 @@
+ left -= count[len];
+ if (left < 0) return -1; /* over-subscribed */
+ }
+- if (left > 0 && (type == CODES || (codes - count[0] != 1)))
++ if (left > 0 && (type == CODES || max != 1))
+ return -1; /* incomplete set */
+
+ /* generate offsets into symbol table for each length for sorting */
@@ .
______________________________________________________________________
The OpenPKG Project www.openpkg.org
CVS Repository Commit List [email protected]
