summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorMartin Schlemmer <azarah@gentoo.org>2003-10-29 21:03:20 +0000
committerMartin Schlemmer <azarah@gentoo.org>2003-10-29 21:03:20 +0000
commit9eede8a20f631ae2805b856cf9621aa25edc8a32 (patch)
tree29e19e8bc0eb095800a5670b30fb2a330c1a91d2 /sys-libs
parentAdd patches from Mandrake to add -fPIC rather than append-flags, hopefully (diff)
downloadgentoo-2-9eede8a20f631ae2805b856cf9621aa25edc8a32.tar.gz
gentoo-2-9eede8a20f631ae2805b856cf9621aa25edc8a32.tar.bz2
gentoo-2-9eede8a20f631ae2805b856cf9621aa25edc8a32.zip
Add patches from Mandrake to add -fPIC rather than append-flags, hopefully
this will solve bug #32140. Also add updated security patch.
Diffstat (limited to 'sys-libs')
-rw-r--r--sys-libs/zlib/ChangeLog10
-rw-r--r--sys-libs/zlib/Manifest5
-rw-r--r--sys-libs/zlib/files/digest-zlib-1.1.4-r31
-rw-r--r--sys-libs/zlib/files/zlib-1.1.4-build-fPIC.patch61
-rw-r--r--sys-libs/zlib/files/zlib-1.1.4-glibc.patch11
-rw-r--r--sys-libs/zlib/files/zlib-1.1.4-gzprintf.patch294
-rw-r--r--sys-libs/zlib/zlib-1.1.4-r3.ebuild56
7 files changed, 434 insertions, 4 deletions
diff --git a/sys-libs/zlib/ChangeLog b/sys-libs/zlib/ChangeLog
index 0cb74655da01..53c7aec106d4 100644
--- a/sys-libs/zlib/ChangeLog
+++ b/sys-libs/zlib/ChangeLog
@@ -1,6 +1,14 @@
# ChangeLog for sys-libs/zlib
# Copyright 2002-2003 Gentoo Technologies, Inc.; Distributed under the GPL v2
-# $Header: /var/cvsroot/gentoo-x86/sys-libs/zlib/ChangeLog,v 1.15 2003/10/27 20:14:21 azarah Exp $
+# $Header: /var/cvsroot/gentoo-x86/sys-libs/zlib/ChangeLog,v 1.16 2003/10/29 21:03:09 azarah Exp $
+
+*zlib-1.1.4-r3 (29 Oct 2003)
+
+ 29 Oct 2003; Martin Schlemmer <azarah@gentoo.org> zlib-1.1.4-r3.ebuild,
+ files/zlib-1.1.4-build-fPIC.patch, files/zlib-1.1.4-glibc.patch,
+ files/zlib-1.1.4-gzprintf.patch:
+ Add patches from Mandrake to add -fPIC rather than append-flags, hopefully
+ this will solve bug #32140. Also add updated security patch.
*zlib-1.1.4-r2 (27 Oct 2003)
diff --git a/sys-libs/zlib/Manifest b/sys-libs/zlib/Manifest
index f49ade72c3e6..d2710f75cee3 100644
--- a/sys-libs/zlib/Manifest
+++ b/sys-libs/zlib/Manifest
@@ -1,9 +1,8 @@
MD5 91f6062db2146c9d80cd1d67fa875bde zlib-1.1.4-r2.ebuild 1091
MD5 cad2872215ce5bf03f9a0e39d222d686 zlib-1.1.4.ebuild 970
-MD5 85a8fcc3b235a93368952af90a66b674 zlib-1.1.4-r3.ebuild 1191
+MD5 07c95f20d757666245fb4bc2e779989c zlib-1.1.4-r3.ebuild 1255
MD5 3d4c649e3822c61abee71f21546f115b zlib-1.1.4-r1.ebuild 1111
-MD5 436213c0a7d50ebdf2a2f582c31b0d5b .zlib-1.1.4-r3.ebuild.swp 12288
-MD5 7e0722e523e0dfcb7855294b6099a8f5 ChangeLog 2128
+MD5 cd4b381a57a7292a83a2dc69e5930d8e ChangeLog 2476
MD5 50994a0512095579777c3fcf0382ab87 zlib-1.1.3-r3.ebuild 943
MD5 dd55b8f72a824c16a4d544b624c9eda1 files/digest-zlib-1.1.4-r1 63
MD5 dd55b8f72a824c16a4d544b624c9eda1 files/digest-zlib-1.1.4-r3 63
diff --git a/sys-libs/zlib/files/digest-zlib-1.1.4-r3 b/sys-libs/zlib/files/digest-zlib-1.1.4-r3
new file mode 100644
index 000000000000..ac97e5a21b50
--- /dev/null
+++ b/sys-libs/zlib/files/digest-zlib-1.1.4-r3
@@ -0,0 +1 @@
+MD5 ea16358be41384870acbdc372f9db152 zlib-1.1.4.tar.bz2 147014
diff --git a/sys-libs/zlib/files/zlib-1.1.4-build-fPIC.patch b/sys-libs/zlib/files/zlib-1.1.4-build-fPIC.patch
new file mode 100644
index 000000000000..a29bee225acc
--- /dev/null
+++ b/sys-libs/zlib/files/zlib-1.1.4-build-fPIC.patch
@@ -0,0 +1,61 @@
+--- zlib-1.1.4/Makefile.in.build-fPIC 2003-01-30 01:35:18.000000000 -0500
++++ zlib-1.1.4/Makefile.in 2003-01-30 01:40:49.000000000 -0500
+@@ -41,6 +41,8 @@ includedir = ${prefix}/include
+ OBJS = adler32.o compress.o crc32.o gzio.o uncompr.o deflate.o trees.o \
+ zutil.o inflate.o infblock.o inftrees.o infcodes.o infutil.o inffast.o
+
++PIC_OBJS = $(OBJS:%.o=%.lo)
++
+ OBJA =
+ # to use the asm code: make OBJA=match.o
+
+@@ -80,8 +82,11 @@ match.o: match.S
+ mv _match.o match.o
+ rm -f _match.s
+
+-$(SHAREDLIB).$(VER): $(OBJS)
+- $(LDSHARED) -o $@ $(OBJS) -lc
++%.lo: %.c
++ $(CC) $(CFLAGS) -DPIC -fPIC -c $< -o $@
++
++$(SHAREDLIB).$(VER): $(PIC_OBJS)
++ $(LDSHARED) -o $@ $(PIC_OBJS) -lc
+ rm -f $(SHAREDLIB) $(SHAREDLIB).1
+ ln -s $@ $(SHAREDLIB)
+ ln -s $@ $(SHAREDLIB).1
+@@ -92,11 +97,8 @@ example: example.o $(LIBS)
+ minigzip: minigzip.o $(LIBS)
+ $(CC) $(CFLAGS) -o $@ minigzip.o $(LDFLAGS)
+
+-install: $(LIBS)
+- -@if [ ! -d $(includedir) ]; then mkdir $(includedir); fi
++install-libs: $(LIBS)
+ -@if [ ! -d $(libdir) ]; then mkdir $(libdir); fi
+- cp zlib.h zconf.h $(includedir)
+- chmod 644 $(includedir)/zlib.h $(includedir)/zconf.h
+ cp $(LIBS) $(libdir)
+ cd $(libdir); chmod 755 $(LIBS)
+ -@(cd $(libdir); $(RANLIB) libz.a || true) >/dev/null 2>&1
+@@ -109,6 +111,11 @@ install: $(LIBS)
+ # The ranlib in install is needed on NeXTSTEP which checks file times
+ # ldconfig is for Linux
+
++install: install-libs
++ -@if [ ! -d $(includedir) ]; then mkdir $(includedir); fi
++ cp zlib.h zconf.h $(includedir)
++ chmod 644 $(includedir)/zlib.h $(includedir)/zconf.h
++
+ uninstall:
+ cd $(includedir); \
+ v=$(VER); \
+--- zlib-1.1.4/configure.build-fPIC 2003-01-30 01:35:18.000000000 -0500
++++ zlib-1.1.4/configure 2003-01-30 01:39:59.000000000 -0500
+@@ -130,7 +130,7 @@ if test $shared -eq 1; then
+ if test "`($CC -c $SFLAGS $test.c) 2>&1`" = "" &&
+ test "`($LDSHARED -o $test$shared_ext $test.o) 2>&1`" = ""; then
+ CFLAGS="$SFLAGS"
+- LIBS="$SHAREDLIB.$VER"
++ LIBS="$LIBS $SHAREDLIB.$VER"
+ echo Building shared library $SHAREDLIB.$VER with $CC.
+ elif test -z "$old_cc" -a -z "$old_cflags"; then
+ echo No shared library suppport.
diff --git a/sys-libs/zlib/files/zlib-1.1.4-glibc.patch b/sys-libs/zlib/files/zlib-1.1.4-glibc.patch
new file mode 100644
index 000000000000..49ded8639f8e
--- /dev/null
+++ b/sys-libs/zlib/files/zlib-1.1.4-glibc.patch
@@ -0,0 +1,11 @@
+--- zlib-1.1.3/Makefile.in.glibc Wed Sep 9 11:48:46 1998
++++ zlib-1.1.3/Makefile.in Wed Sep 9 11:49:04 1998
+@@ -80,7 +80,7 @@
+ rm -f _match.s
+
+ $(SHAREDLIB).$(VER): $(OBJS)
+- $(LDSHARED) -o $@ $(OBJS)
++ $(LDSHARED) -o $@ $(OBJS) -lc
+ rm -f $(SHAREDLIB) $(SHAREDLIB).1
+ ln -s $@ $(SHAREDLIB)
+ ln -s $@ $(SHAREDLIB).1
diff --git a/sys-libs/zlib/files/zlib-1.1.4-gzprintf.patch b/sys-libs/zlib/files/zlib-1.1.4-gzprintf.patch
new file mode 100644
index 000000000000..28b610f57a79
--- /dev/null
+++ b/sys-libs/zlib/files/zlib-1.1.4-gzprintf.patch
@@ -0,0 +1,294 @@
+This patch fixes security holes caused by potential buffer overflows
+in the implementation of the gzprintf() function in zlib 1.1.4. The
+security holes are fixed for platforms providing vsnprintf(3) and
+snprintf(3) only. This patch is derived from a prepared security patch,
+originally created by Kelledin <kelledin@users.sourceforge.net>. The
+OpenPKG project reduced the patch in size and fixed the configuration
+checks.
+
+diff -ru3 zlib-1.1.4.orig/configure zlib-1.1.4/configure
+--- zlib-1.1.4.orig/configure Wed Jul 8 20:19:35 1998
++++ zlib-1.1.4/configure Thu Feb 27 15:14:54 2003
+@@ -155,7 +155,212 @@
+ echo "Checking for unistd.h... No."
+ fi
+
+-cat > $test.c <<EOF
++cat >$test.c <<EOF
++#include <stdio.h>
++#include <stdlib.h>
++
++#if (defined(__MSDOS__) || defined(_WINDOWS) || defined(_WIN32) || defined(__WIN32__) || defined(WIN32) || defined(__STDC__) || defined(__cplusplus) || defined(__OS2__)) && !defined(STDC)
++# define STDC
++#endif
++
++int main()
++{
++#ifndef STDC
++ choke me
++#endif
++
++ return 0;
++}
++EOF
++
++if test "`($CC -c $CFLAGS $test.c) 2>&1`" = ""; then
++ echo "Checking whether to use vsnprintf() or snprintf()... using vsnprintf()"
++
++ cat >$test.c <<EOF
++#include <stdio.h>
++#include <stdarg.h>
++
++int mytest(char *fmt, ...)
++{
++ char buf[20];
++ va_list ap;
++
++ va_start(ap, fmt);
++ vsnprintf(buf, sizeof(buf), fmt, ap);
++ va_end(ap);
++ return 0;
++}
++
++int main()
++{
++ return (mytest("Hello%d\n", 1));
++}
++EOF
++
++ if test "`($CC -c $CFLAGS $test.c) 2>&1`" = ""; then
++ CFLAGS="$CFLAGS -DHAS_vsnprintf"
++ echo "Checking for vsnprintf() in stdio.h... Yes."
++
++ cat >$test.c <<EOF
++#include <stdio.h>
++#include <stdarg.h>
++
++int mytest(char *fmt, ...)
++{
++ int i;
++ char buf[20];
++ va_list ap;
++
++ va_start(ap, fmt);
++ i = vsnprintf(buf, sizeof(buf), fmt, ap);
++ va_end(ap);
++ return 0;
++}
++
++int main()
++{
++ return (mytest("Hello%d\n", 1));
++}
++EOF
++
++ if test "`($CC -c $CFLAGS $test.c) 2>&1`" = ""; then
++ CFLAGS="$CFLAGS -DHAS_vsnprintf_return"
++ echo "Checking for return value of vsnprintf()... Yes."
++ else
++ echo "Checking for return value of vsnprintf()... No."
++ echo " WARNING: apparently vsnprintf() does not return a value. zlib"
++ echo " can build but will be open to possible string-format security"
++ echo " vulnerabilities."
++ fi
++ else
++ echo "Checking for vsnprintf() in stdio.h... No."
++ echo " WARNING: vsnprintf() not found, falling back to vsprintf(). zlib"
++ echo " can build but will be open to possible buffer-overflow security"
++ echo " vulnerabilities."
++
++ cat >$test.c <<EOF
++#include <stdio.h>
++#include <stdarg.h>
++
++int mytest(char *fmt, ...)
++{
++ int i;
++ char buf[20];
++ va_list ap;
++
++ va_start(ap, fmt);
++ i = vsprintf(buf, fmt, ap);
++ va_end(ap);
++ return 0;
++}
++
++int main()
++{
++ return (mytest("Hello%d\n", 1));
++}
++EOF
++
++ if test "`($CC -c $CFLAGS $test.c) 2>&1`" = ""; then
++ CFLAGS="$CFLAGS -DHAS_vsprintf_return"
++ echo "Checking for return value of vsprintf()... Yes."
++ else
++ echo "Checking for return value of vsprintf()... No."
++ echo " WARNING: apparently vsprintf() does not return a value. zlib"
++ echo " can build but will be open to possible string-format security"
++ echo " vulnerabilities."
++ fi
++ fi
++else
++ echo "Checking whether to use vsnprintf() or snprintf()... using snprintf()"
++
++ cat >$test.c <<EOF
++#include <stdio.h>
++#include <stdarg.h>
++
++int mytest()
++{
++ char buf[20];
++
++ snprintf(buf, sizeof(buf), "%s", "foo");
++ return 0;
++}
++
++int main()
++{
++ return (mytest());
++}
++EOF
++
++ if test "`($CC -c $CFLAGS $test.c) 2>&1`" = ""; then
++ CFLAGS="$CFLAGS -DHAS_snprintf"
++ echo "Checking for snprintf() in stdio.h... Yes."
++
++ cat >$test.c <<EOF
++#include <stdio.h>
++#include <stdarg.h>
++
++int mytest(char *fmt, ...)
++{
++ int i;
++ char buf[20];
++
++ i = snprintf(buf, sizeof(buf), "%s", "foo");
++ return 0;
++}
++
++int main()
++{
++ return (mytest());
++}
++EOF
++
++ if test "`($CC -c $CFLAGS $test.c) 2>&1`" = ""; then
++ CFLAGS="$CFLAGS -DHAS_snprintf_return"
++ echo "Checking for return value of snprintf()... Yes."
++ else
++ echo "Checking for return value of snprintf()... No."
++ echo " WARNING: apparently snprintf() does not return a value. zlib"
++ echo " can build but will be open to possible string-format security"
++ echo " vulnerabilities."
++ fi
++ else
++ echo "Checking for snprintf() in stdio.h... No."
++ echo " WARNING: snprintf() not found, falling back to sprintf(). zlib"
++ echo " can build but will be open to possible buffer-overflow security"
++ echo " vulnerabilities."
++
++ cat >$test.c <<EOF
++#include <stdio.h>
++#include <stdarg.h>
++
++int mytest(char *fmt, ...)
++{
++ int i;
++ char buf[20];
++
++ i = sprintf(buf, "%s", "foo");
++ return 0;
++}
++
++int main()
++{
++ return (mytest());
++}
++EOF
++
++ if test "`($CC -c $CFLAGS $test.c) 2>&1`" = ""; then
++ CFLAGS="$CFLAGS -DHAS_sprintf_return"
++ echo "Checking for return value of sprintf()... Yes."
++ else
++ echo "Checking for return value of sprintf()... No."
++ echo " WARNING: apparently sprintf() does not return a value. zlib"
++ echo " can build but will be open to possible string-format security"
++ echo " vulnerabilities."
++ fi
++ fi
++fi
++
++cat >$test.c <<EOF
+ #include <errno.h>
+ int main() { return 0; }
+ EOF
+diff -ru3 zlib-1.1.4.orig/gzio.c zlib-1.1.4/gzio.c
+--- zlib-1.1.4.orig/gzio.c Mon Mar 11 14:16:01 2002
++++ zlib-1.1.4/gzio.c Thu Feb 27 14:29:26 2003
+@@ -530,13 +530,31 @@
+
+ va_start(va, format);
+ #ifdef HAS_vsnprintf
++# ifdef HAS_vsnprintf_return
++ len = vsnprintf(buf, sizeof(buf), format, va);
++ va_end(va);
++ if (len <= 0 || len >= sizeof(buf))
++ return 0;
++# else
+ (void)vsnprintf(buf, sizeof(buf), format, va);
++ va_end(va);
++ len = strlen(buf);
++ if (len <= 0)
++ return 0;
++# endif
+ #else
++# ifdef HAS_vsprintf_return
++ len = vsprintf(buf, format, va);
++ va_end(va);
++ if (len <= 0 || len >= sizeof(buf))
++ return 0;
++# else
+ (void)vsprintf(buf, format, va);
+-#endif
+ va_end(va);
+ len = strlen(buf); /* some *sprintf don't return the nb of bytes written */
+ if (len <= 0) return 0;
++# endif
++#endif
+
+ return gzwrite(file, buf, (unsigned)len);
+ }
+@@ -553,14 +571,31 @@
+ int len;
+
+ #ifdef HAS_snprintf
++# ifdef HAS_snprintf_return
++ len = snprintf(buf, sizeof(buf), format, a1, a2, a3, a4, a5, a6, a7, a8,
++ a9, a10, a11, a12, a13, a14, a15, a16, a17, a18, a19, a20);
++ if (len <= 0 || len >= sizeof(buf))
++ return 0;
++# else
+ snprintf(buf, sizeof(buf), format, a1, a2, a3, a4, a5, a6, a7, a8,
+ a9, a10, a11, a12, a13, a14, a15, a16, a17, a18, a19, a20);
++ len = strlen(buf);
++ if (len <= 0)
++ return 0;
++# endif
+ #else
++# ifdef HAS_sprintf_return
++ len = sprintf(buf, format, a1, a2, a3, a4, a5, a6, a7, a8,
++ a9, a10, a11, a12, a13, a14, a15, a16, a17, a18, a19, a20);
++ if (len <= 0 || len >= sizeof(buf))
++ return 0;
++# else
+ sprintf(buf, format, a1, a2, a3, a4, a5, a6, a7, a8,
+ a9, a10, a11, a12, a13, a14, a15, a16, a17, a18, a19, a20);
+-#endif
+ len = strlen(buf); /* old sprintf doesn't return the nb of bytes written */
+ if (len <= 0) return 0;
++# endif
++#endif
+
+ return gzwrite(file, buf, len);
+ }
diff --git a/sys-libs/zlib/zlib-1.1.4-r3.ebuild b/sys-libs/zlib/zlib-1.1.4-r3.ebuild
new file mode 100644
index 000000000000..5226d8f3fbeb
--- /dev/null
+++ b/sys-libs/zlib/zlib-1.1.4-r3.ebuild
@@ -0,0 +1,56 @@
+# Copyright 1999-2003 Gentoo Technologies, Inc.
+# Distributed under the terms of the GNU General Public License v2
+# $Header: /var/cvsroot/gentoo-x86/sys-libs/zlib/zlib-1.1.4-r3.ebuild,v 1.1 2003/10/29 21:03:09 azarah Exp $
+
+inherit eutils flag-o-matic
+
+S="${WORKDIR}/${P}"
+DESCRIPTION="Standard (de)compression library"
+SRC_URI="http://www.gzip.org/zlib/${P}.tar.bz2"
+HOMEPAGE="http://www.gzip.org/zlib"
+
+LICENSE="ZLIB"
+KEYWORDS="~amd64 ~x86 ~ppc ~sparc ~alpha ~mips ~hppa ~arm ~ia64"
+SLOT="0"
+
+DEPEND="virtual/glibc"
+
+src_unpack() {
+ unpack ${A}
+
+ cd ${S}
+ # Updated security patch
+ epatch ${FILESDIR}/${P}-gzprintf.patch
+
+ # Make sure we link with glibc at all times
+ epatch ${FILESDIR}/${P}-glibc.patch
+ # Needed for Alpha and prelink
+ epatch ${FILESDIR}/${P}-build-fPIC.patch
+}
+
+src_compile() {
+ ./configure --shared --prefix=/usr || die
+ emake || die
+ make test || die
+
+ ./configure --prefix=/usr || die
+ emake || die
+}
+
+src_install() {
+ into /usr
+ dodir /usr/include
+ insinto /usr/include
+ doins zconf.h zlib.h
+
+ dolib libz.so.${PV}
+ ( cd ${D}/usr/lib ; chmod 755 libz.so.* )
+ dolib libz.a
+ dosym libz.so.${PV} /usr/lib/libz.so
+ dosym libz.so.${PV} /usr/lib/libz.so.1
+
+ doman zlib.3
+ dodoc FAQ README ChangeLog
+ docinto txt
+ dodoc algorithm.txt
+}