OpenPKG CVS Repository
http://cvs.openpkg.org/
____________________________________________________________________________
Server: cvs.openpkg.org Name: Ralf S. Engelschall
Root: /e/openpkg/cvs Email: [EMAIL PROTECTED]
Module: openpkg-src Date: 04-Mar-2003 12:56:06
Branch: OPENPKG_1_STABLE Handle: 2003030411560400
Added files: (Branch: OPENPKG_1_STABLE)
openpkg-src/zlib zlib.patch
Modified files: (Branch: OPENPKG_1_STABLE)
openpkg-src/zlib zlib.spec
Log:
MFC: security patch (related to OpenPKG-SA-2003.015-zlib)
Summary:
Revision Changes Path
1.1.2.1 +294 -0 openpkg-src/zlib/zlib.patch
1.21.2.2 +2 -0 openpkg-src/zlib/zlib.spec
____________________________________________________________________________
patch -p0 <<'@@ .'
Index: openpkg-src/zlib/zlib.patch
============================================================================
$ cvs diff -u -r0 -r1.1.2.1 zlib.patch
--- /dev/null 2003-03-04 12:56:06.000000000 +0100
+++ zlib.patch 2003-03-04 12:56:06.000000000 +0100
@@ -0,0 +1,294 @@
+This patch fixes security holes caused by potential buffer overflows
+in the implementation of the gzprintf() function in zlib 1.1.4. The
+security holes are fixed for platforms providing vsnprintf(3) and
+snprintf(3) only. This patch is derived from a prepared security patch,
+originally created by Kelledin <[EMAIL PROTECTED]>. The
+OpenPKG project reduced the patch in size and fixed the configuration
+checks.
+
+diff -ru3 zlib-1.1.4.orig/configure zlib-1.1.4/configure
+--- zlib-1.1.4.orig/configure Wed Jul 8 20:19:35 1998
++++ zlib-1.1.4/configure Thu Feb 27 15:14:54 2003
+@@ -155,7 +155,212 @@
+ echo "Checking for unistd.h... No."
+ fi
+
+-cat > $test.c <<EOF
++cat >$test.c <<EOF
++#include <stdio.h>
++#include <stdlib.h>
++
++#if (defined(__MSDOS__) || defined(_WINDOWS) || defined(_WIN32) ||
defined(__WIN32__) || defined(WIN32) || defined(__STDC__) || defined(__cplusplus) ||
defined(__OS2__)) && !defined(STDC)
++# define STDC
++#endif
++
++int main()
++{
++#ifndef STDC
++ choke me
++#endif
++
++ return 0;
++}
++EOF
++
++if test "`($CC -c $CFLAGS $test.c) 2>&1`" = ""; then
++ echo "Checking whether to use vsnprintf() or snprintf()... using vsnprintf()"
++
++ cat >$test.c <<EOF
++#include <stdio.h>
++#include <stdarg.h>
++
++int mytest(char *fmt, ...)
++{
++ char buf[20];
++ va_list ap;
++
++ va_start(ap, fmt);
++ vsnprintf(buf, sizeof(buf), fmt, ap);
++ va_end(ap);
++ return 0;
++}
++
++int main()
++{
++ return (mytest("Hello%d\n", 1));
++}
++EOF
++
++ if test "`($CC -c $CFLAGS $test.c) 2>&1`" = ""; then
++ CFLAGS="$CFLAGS -DHAS_vsnprintf"
++ echo "Checking for vsnprintf() in stdio.h... Yes."
++
++ cat >$test.c <<EOF
++#include <stdio.h>
++#include <stdarg.h>
++
++int mytest(char *fmt, ...)
++{
++ int i;
++ char buf[20];
++ va_list ap;
++
++ va_start(ap, fmt);
++ i = vsnprintf(buf, sizeof(buf), fmt, ap);
++ va_end(ap);
++ return 0;
++}
++
++int main()
++{
++ return (mytest("Hello%d\n", 1));
++}
++EOF
++
++ if test "`($CC -c $CFLAGS $test.c) 2>&1`" = ""; then
++ CFLAGS="$CFLAGS -DHAS_vsnprintf_return"
++ echo "Checking for return value of vsnprintf()... Yes."
++ else
++ echo "Checking for return value of vsnprintf()... No."
++ echo " WARNING: apparently vsnprintf() does not return a value. zlib"
++ echo " can build but will be open to possible string-format security"
++ echo " vulnerabilities."
++ fi
++ else
++ echo "Checking for vsnprintf() in stdio.h... No."
++ echo " WARNING: vsnprintf() not found, falling back to vsprintf(). zlib"
++ echo " can build but will be open to possible buffer-overflow security"
++ echo " vulnerabilities."
++
++ cat >$test.c <<EOF
++#include <stdio.h>
++#include <stdarg.h>
++
++int mytest(char *fmt, ...)
++{
++ int i;
++ char buf[20];
++ va_list ap;
++
++ va_start(ap, fmt);
++ i = vsprintf(buf, fmt, ap);
++ va_end(ap);
++ return 0;
++}
++
++int main()
++{
++ return (mytest("Hello%d\n", 1));
++}
++EOF
++
++ if test "`($CC -c $CFLAGS $test.c) 2>&1`" = ""; then
++ CFLAGS="$CFLAGS -DHAS_vsprintf_return"
++ echo "Checking for return value of vsprintf()... Yes."
++ else
++ echo "Checking for return value of vsprintf()... No."
++ echo " WARNING: apparently vsprintf() does not return a value. zlib"
++ echo " can build but will be open to possible string-format security"
++ echo " vulnerabilities."
++ fi
++ fi
++else
++ echo "Checking whether to use vsnprintf() or snprintf()... using snprintf()"
++
++ cat >$test.c <<EOF
++#include <stdio.h>
++#include <stdarg.h>
++
++int mytest()
++{
++ char buf[20];
++
++ snprintf(buf, sizeof(buf), "%s", "foo");
++ return 0;
++}
++
++int main()
++{
++ return (mytest());
++}
++EOF
++
++ if test "`($CC -c $CFLAGS $test.c) 2>&1`" = ""; then
++ CFLAGS="$CFLAGS -DHAS_snprintf"
++ echo "Checking for snprintf() in stdio.h... Yes."
++
++ cat >$test.c <<EOF
++#include <stdio.h>
++#include <stdarg.h>
++
++int mytest(char *fmt, ...)
++{
++ int i;
++ char buf[20];
++
++ i = snprintf(buf, sizeof(buf), "%s", "foo");
++ return 0;
++}
++
++int main()
++{
++ return (mytest());
++}
++EOF
++
++ if test "`($CC -c $CFLAGS $test.c) 2>&1`" = ""; then
++ CFLAGS="$CFLAGS -DHAS_snprintf_return"
++ echo "Checking for return value of snprintf()... Yes."
++ else
++ echo "Checking for return value of snprintf()... No."
++ echo " WARNING: apparently snprintf() does not return a value. zlib"
++ echo " can build but will be open to possible string-format security"
++ echo " vulnerabilities."
++ fi
++ else
++ echo "Checking for snprintf() in stdio.h... No."
++ echo " WARNING: snprintf() not found, falling back to sprintf(). zlib"
++ echo " can build but will be open to possible buffer-overflow security"
++ echo " vulnerabilities."
++
++ cat >$test.c <<EOF
++#include <stdio.h>
++#include <stdarg.h>
++
++int mytest(char *fmt, ...)
++{
++ int i;
++ char buf[20];
++
++ i = sprintf(buf, "%s", "foo");
++ return 0;
++}
++
++int main()
++{
++ return (mytest());
++}
++EOF
++
++ if test "`($CC -c $CFLAGS $test.c) 2>&1`" = ""; then
++ CFLAGS="$CFLAGS -DHAS_sprintf_return"
++ echo "Checking for return value of sprintf()... Yes."
++ else
++ echo "Checking for return value of sprintf()... No."
++ echo " WARNING: apparently sprintf() does not return a value. zlib"
++ echo " can build but will be open to possible string-format security"
++ echo " vulnerabilities."
++ fi
++ fi
++fi
++
++cat >$test.c <<EOF
+ #include <errno.h>
+ int main() { return 0; }
+ EOF
+diff -ru3 zlib-1.1.4.orig/gzio.c zlib-1.1.4/gzio.c
+--- zlib-1.1.4.orig/gzio.c Mon Mar 11 14:16:01 2002
++++ zlib-1.1.4/gzio.c Thu Feb 27 14:29:26 2003
+@@ -530,13 +530,31 @@
+
+ va_start(va, format);
+ #ifdef HAS_vsnprintf
++# ifdef HAS_vsnprintf_return
++ len = vsnprintf(buf, sizeof(buf), format, va);
++ va_end(va);
++ if (len <= 0 || len >= sizeof(buf))
++ return 0;
++# else
+ (void)vsnprintf(buf, sizeof(buf), format, va);
++ va_end(va);
++ len = strlen(buf);
++ if (len <= 0)
++ return 0;
++# endif
+ #else
++# ifdef HAS_vsprintf_return
++ len = vsprintf(buf, format, va);
++ va_end(va);
++ if (len <= 0 || len >= sizeof(buf))
++ return 0;
++# else
+ (void)vsprintf(buf, format, va);
+-#endif
+ va_end(va);
+ len = strlen(buf); /* some *sprintf don't return the nb of bytes written */
+ if (len <= 0) return 0;
++# endif
++#endif
+
+ return gzwrite(file, buf, (unsigned)len);
+ }
+@@ -553,14 +571,31 @@
+ int len;
+
+ #ifdef HAS_snprintf
++# ifdef HAS_snprintf_return
++ len = snprintf(buf, sizeof(buf), format, a1, a2, a3, a4, a5, a6, a7, a8,
++ a9, a10, a11, a12, a13, a14, a15, a16, a17, a18, a19, a20);
++ if (len <= 0 || len >= sizeof(buf))
++ return 0;
++# else
+ snprintf(buf, sizeof(buf), format, a1, a2, a3, a4, a5, a6, a7, a8,
+ a9, a10, a11, a12, a13, a14, a15, a16, a17, a18, a19, a20);
++ len = strlen(buf);
++ if (len <= 0)
++ return 0;
++# endif
+ #else
++# ifdef HAS_sprintf_return
++ len = sprintf(buf, format, a1, a2, a3, a4, a5, a6, a7, a8,
++ a9, a10, a11, a12, a13, a14, a15, a16, a17, a18, a19, a20);
++ if (len <= 0 || len >= sizeof(buf))
++ return 0;
++# else
+ sprintf(buf, format, a1, a2, a3, a4, a5, a6, a7, a8,
+ a9, a10, a11, a12, a13, a14, a15, a16, a17, a18, a19, a20);
+-#endif
+ len = strlen(buf); /* old sprintf doesn't return the nb of bytes written */
+ if (len <= 0) return 0;
++# endif
++#endif
+
+ return gzwrite(file, buf, len);
+ }
@@ .
patch -p0 <<'@@ .'
Index: openpkg-src/zlib/zlib.spec
============================================================================
$ cvs diff -u -r1.21.2.1 -r1.21.2.2 zlib.spec
--- openpkg-src/zlib/zlib.spec 18 Jan 2003 14:15:52 -0000 1.21.2.1
+++ openpkg-src/zlib/zlib.spec 4 Mar 2003 11:56:04 -0000 1.21.2.2
@@ -37,6 +37,7 @@
# list of sources
Source0: ftp://ftp.info-zip.org/pub/infozip/zlib/zlib-%{version}.tar.gz
+Patch0: zlib.patch
# build information
Prefix: %{l_prefix}
@@ -60,6 +61,7 @@
%prep
%setup -q
+ %patch -p1
%build
CC="%{l_cc}" \
@@ .
______________________________________________________________________
The OpenPKG Project www.openpkg.org
CVS Repository Commit List [EMAIL PROTECTED]
