From 5071a39bb8bb10baef3296888047995556779d9c Mon Sep 17 00:00:00 2001 From: Nicolas Thill Date: Fri, 8 Jul 2005 19:29:05 +0000 Subject: [PATCH] Fix security issue (http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2096) SVN-Revision: 1382 --- openwrt/package/zlib/Makefile | 2 +- .../patches/zlib-1.2.2-CAN-2005-2096.patch | 26 +++++++++++++++++++ 2 files changed, 27 insertions(+), 1 deletion(-) create mode 100644 openwrt/package/zlib/patches/zlib-1.2.2-CAN-2005-2096.patch diff --git a/openwrt/package/zlib/Makefile b/openwrt/package/zlib/Makefile index 95f6ce997e..3b3f57700a 100644 --- a/openwrt/package/zlib/Makefile +++ b/openwrt/package/zlib/Makefile @@ -4,7 +4,7 @@ include $(TOPDIR)/rules.mk PKG_NAME:=zlib PKG_VERSION:=1.2.2 -PKG_RELEASE:=1 +PKG_RELEASE:=2 PKG_MD5SUM:=1b8aab042d40979e456194c468fd72c5 PKG_SOURCE_URL:=@SF/zlib diff --git a/openwrt/package/zlib/patches/zlib-1.2.2-CAN-2005-2096.patch b/openwrt/package/zlib/patches/zlib-1.2.2-CAN-2005-2096.patch new file mode 100644 index 0000000000..b09ae6bfac --- /dev/null +++ b/openwrt/package/zlib/patches/zlib-1.2.2-CAN-2005-2096.patch @@ -0,0 +1,26 @@ +Name: CAN-2005-2096 (under review) +Description: + Buffer overflow in zlib 1.2 and later versions allows remote attackers + to cause a denial of service (crash) via a crafted compressed stream, as + demonstrated using a crafted PNG file. + +References: + * DEBIAN:DSA-740 + http://www.debian.org/security/2005/dsa-740 + * REDHAT:RHSA-2005:569 + http://www.redhat.com/support/errata/RHSA-2005-569.html + + http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2096 + +diff -ruN zlib-1.2.2-old/inftrees.c zlib-1.2.2-new/inftrees.c +--- zlib-1.2.2-old/inftrees.c 2004-09-15 16:30:06.000000000 +0200 ++++ zlib-1.2.2-new/inftrees.c 2005-07-08 21:18:58.000000000 +0200 +@@ -134,7 +134,7 @@ + left -= count[len]; + if (left < 0) return -1; /* over-subscribed */ + } +- if (left > 0 && (type == CODES || (codes - count[0] != 1))) ++ if (left > 0 && (type == CODES || max != 1)) + return -1; /* incomplete set */ + + /* generate offsets into symbol table for each length for sorting */ -- 2.30.2