From: Oliver Ertl Date: Fri, 13 Jan 2006 15:36:09 +0000 (+0000) Subject: security update X-Git-Url: http://git.lede-project.org./?a=commitdiff_plain;h=1c30b35c63dede5f127fbf92272affbbf38b329d;p=openwrt%2Fstaging%2Fmans0n.git security update SVN-Revision: 2951 --- diff --git a/openwrt/package/zlib/Makefile b/openwrt/package/zlib/Makefile index 099ac03893..f5a39b2685 100644 --- a/openwrt/package/zlib/Makefile +++ b/openwrt/package/zlib/Makefile @@ -3,11 +3,12 @@ include $(TOPDIR)/rules.mk PKG_NAME:=zlib -PKG_VERSION:=1.2.2 -PKG_RELEASE:=2 -PKG_MD5SUM:=1b8aab042d40979e456194c468fd72c5 +PKG_VERSION:=1.2.3 +PKG_RELEASE:=3 +PKG_MD5SUM:=dee233bf288ee795ac96a98cc2e369b6 -PKG_SOURCE_URL:=@SF/zlib +PKG_SOURCE_URL:=http://www.zlib.net \ + @SF/zlib PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.bz2 PKG_CAT:=bzcat diff --git a/openwrt/package/zlib/patches/zlib-1.2.2-CAN-2005-2096.patch b/openwrt/package/zlib/patches/zlib-1.2.2-CAN-2005-2096.patch deleted file mode 100644 index b09ae6bfac..0000000000 --- a/openwrt/package/zlib/patches/zlib-1.2.2-CAN-2005-2096.patch +++ /dev/null @@ -1,26 +0,0 @@ -Name: CAN-2005-2096 (under review) -Description: - Buffer overflow in zlib 1.2 and later versions allows remote attackers - to cause a denial of service (crash) via a crafted compressed stream, as - demonstrated using a crafted PNG file. - -References: - * DEBIAN:DSA-740 - http://www.debian.org/security/2005/dsa-740 - * REDHAT:RHSA-2005:569 - http://www.redhat.com/support/errata/RHSA-2005-569.html - - http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2096 - -diff -ruN zlib-1.2.2-old/inftrees.c zlib-1.2.2-new/inftrees.c ---- zlib-1.2.2-old/inftrees.c 2004-09-15 16:30:06.000000000 +0200 -+++ zlib-1.2.2-new/inftrees.c 2005-07-08 21:18:58.000000000 +0200 -@@ -134,7 +134,7 @@ - left -= count[len]; - if (left < 0) return -1; /* over-subscribed */ - } -- if (left > 0 && (type == CODES || (codes - count[0] != 1))) -+ if (left > 0 && (type == CODES || max != 1)) - return -1; /* incomplete set */ - - /* generate offsets into symbol table for each length for sorting */ diff --git a/openwrt/package/zlib/patches/zlib.patch b/openwrt/package/zlib/patches/zlib.patch index 8f5a9b5358..504ec2ab87 100644 --- a/openwrt/package/zlib/patches/zlib.patch +++ b/openwrt/package/zlib/patches/zlib.patch @@ -1,6 +1,5 @@ -diff -ruN zlib-1.2.2-orig/Makefile.in zlib-1.2.2-2/Makefile.in ---- zlib-1.2.2-orig/Makefile.in 2004-09-15 16:27:20.000000000 +0200 -+++ zlib-1.2.2-2/Makefile.in 2004-11-13 13:38:12.000000000 +0100 +--- zlib-1.2.3-orig/Makefile.in 2005-07-18 04:25:21.000000000 +0200 ++++ zlib-1.2.3/Makefile.in 2006-01-13 15:31:04.000000000 +0100 @@ -25,20 +25,23 @@ # -Wstrict-prototypes -Wmissing-prototypes @@ -13,11 +12,11 @@ diff -ruN zlib-1.2.2-orig/Makefile.in zlib-1.2.2-2/Makefile.in +LIBS= +STATICLIB=libz.a SHAREDLIB=libz.so - SHAREDLIBV=libz.so.1.2.2 + SHAREDLIBV=libz.so.1.2.3 SHAREDLIBM=libz.so.1 -AR=ar rc -+AR=ar ++AR=ar RANLIB=ranlib TAR=tar SHELL=/bin/sh @@ -87,120 +86,3 @@ diff -ruN zlib-1.2.2-orig/Makefile.in zlib-1.2.2-2/Makefile.in # The ranlib in install is needed on NeXTSTEP which checks file times # ldconfig is for Linux -diff -ruN zlib-1.2.2-orig/configure zlib-1.2.2-2/configure ---- zlib-1.2.2-orig/configure 2004-09-07 07:50:06.000000000 +0200 -+++ zlib-1.2.2-2/configure 2004-11-13 12:37:43.000000000 +0100 -@@ -23,7 +23,7 @@ - VER=`sed -n -e '/VERSION "/s/.*"\(.*\)".*/\1/p' < zlib.h` - VER2=`sed -n -e '/VERSION "/s/.*"\([0-9]*\\.[0-9]*\)\\..*/\1/p' < zlib.h` - VER1=`sed -n -e '/VERSION "/s/.*"\([0-9]*\)\\..*/\1/p' < zlib.h` --AR=${AR-"ar rc"} -+AR=${AR-"ar"} - RANLIB=${RANLIB-"ranlib"} - prefix=${prefix-/usr/local} - exec_prefix=${exec_prefix-'${prefix}'} -@@ -73,7 +73,7 @@ - - if test "$gcc" -eq 1 && ($cc -c $cflags $test.c) 2>/dev/null; then - CC="$cc" -- SFLAGS=${CFLAGS-"-fPIC -O3"} -+ SFLAGS=${CFLAGS-"-D_REENTRANT -fPIC -O3"} - CFLAGS="$cflags" - case `(uname -s || echo unknown) 2>/dev/null` in - Linux | linux | GNU | GNU/*) LDSHARED=${LDSHARED-"$cc -shared -Wl,-soname,libz.so.1"};; -@@ -408,6 +408,29 @@ - echo Checking for mmap support... No. - fi - -+cat > $test.c < -+int main() { char buf[10]; snprintf(buf, sizeof(buf), "%s", "F"); return 0; } -+EOF -+if test "`($CC -c $CFLAGS $test.c) 2>&1`" = ""; then -+ echo "Checking for snprintf... Yes." -+ CFLAGS="$CFLAGS -DHAS_snprintf" -+else -+ echo "Checking for snprintf.. No." -+fi -+ -+cat > $test.c < -+#include -+int main(void) { va_list a; vsnprintf(0, 0, "", a); return 0; } -+EOF -+if test "`($CC -c $CFLAGS $test.c) 2>&1`" = ""; then -+ echo "Checking for vsnprintf... Yes." -+ CFLAGS="$CFLAGS -DHAS_vsnprintf" -+else -+ echo "Checking for vsnprintf.. No." -+fi -+ - CPP=${CPP-"$CC -E"} - case $CFLAGS in - *ASMV*) -@@ -424,20 +447,21 @@ - # udpate Makefile - sed < Makefile.in " - /^CC *=/s#=.*#=$CC# --/^CFLAGS *=/s#=.*#=$CFLAGS# --/^CPP *=/s#=.*#=$CPP# --/^LDSHARED *=/s#=.*#=$LDSHARED# --/^LIBS *=/s#=.*#=$LIBS# --/^SHAREDLIB *=/s#=.*#=$SHAREDLIB# --/^SHAREDLIBV *=/s#=.*#=$SHAREDLIBV# --/^SHAREDLIBM *=/s#=.*#=$SHAREDLIBM# --/^AR *=/s#=.*#=$AR# --/^RANLIB *=/s#=.*#=$RANLIB# --/^EXE *=/s#=.*#=$EXE# --/^prefix *=/s#=.*#=$prefix# --/^exec_prefix *=/s#=.*#=$exec_prefix# --/^libdir *=/s#=.*#=$libdir# --/^includedir *=/s#=.*#=$includedir# --/^mandir *=/s#=.*#=$mandir# --/^LDFLAGS *=/s#=.*#=$LDFLAGS# -+/^CC *=/s%=.*%= $CC% -+/^CFLAGS *=/s%=.*%= $CFLAGS% -+/^CPP *=/s%=.*%= $CPP% -+/^LDSHARED *=/s%=.*%= $LDSHARED% -+/^LIBS *=/s%=.*%= $LIBS% -+/^SHAREDLIB *=/s%=.*%= $SHAREDLIB% -+/^SHAREDLIBV *=/s%=.*%= $SHAREDLIBV% -+/^SHAREDLIBM *=/s%=.*%= $SHAREDLIBM% -+/^AR *=/s%=.*%= $AR% -+/^RANLIB *=/s%=.*%= $RANLIB% -+/^EXE *=/s%=.*%= $EXE% -+/^prefix *=/s%=.*%= $prefix% -+/^exec_prefix *=/s%=.*%= $exec_prefix% -+/^libdir *=/s%=.*%= $libdir% -+/^includedir *=/s%=.*%= $includedir% -+/^mandir *=/s%=.*%= $mandir% -+/^LDFLAGS *=/s%=.*%= $LDFLAGS% - " > Makefile -diff -ruN zlib-1.2.2-orig/contrib/minizip/Makefile zlib-1.2.2-2/contrib/minizip/Makefile ---- zlib-1.2.2-orig/contrib/minizip/Makefile 2003-09-10 20:00:16.000000000 +0200 -+++ zlib-1.2.2-2/contrib/minizip/Makefile 2004-11-13 12:37:43.000000000 +0100 -@@ -1,8 +1,8 @@ - CC=cc --CFLAGS=-O -I../.. -+CFLAGS=-O2 -g -I../.. -Dunix - --UNZ_OBJS = miniunz.o unzip.o ioapi.o ../../libz.a --ZIP_OBJS = minizip.o zip.o ioapi.o ../../libz.a -+UNZ_OBJS = miniunz.o unzip.o ioapi.o -+ZIP_OBJS = minizip.o zip.o ioapi.o - - .c.o: - $(CC) -c $(CFLAGS) $*.c -@@ -10,10 +10,10 @@ - all: miniunz minizip - - miniunz: $(UNZ_OBJS) -- $(CC) $(CFLAGS) -o $@ $(UNZ_OBJS) -+ $(CC) $(CFLAGS) -o $@ $(UNZ_OBJS) -L ../.. -lz - - minizip: $(ZIP_OBJS) -- $(CC) $(CFLAGS) -o $@ $(ZIP_OBJS) -+ $(CC) $(CFLAGS) -o $@ $(ZIP_OBJS) -L ../.. -lz - - test: miniunz minizip - ./minizip test readme.txt