diff options
author | Martin Schlemmer <azarah@gentoo.org> | 2003-10-29 21:03:20 +0000 |
---|---|---|
committer | Martin Schlemmer <azarah@gentoo.org> | 2003-10-29 21:03:20 +0000 |
commit | 9eede8a20f631ae2805b856cf9621aa25edc8a32 (patch) | |
tree | 29e19e8bc0eb095800a5670b30fb2a330c1a91d2 /sys-libs | |
parent | Add patches from Mandrake to add -fPIC rather than append-flags, hopefully (diff) | |
download | gentoo-2-9eede8a20f631ae2805b856cf9621aa25edc8a32.tar.gz gentoo-2-9eede8a20f631ae2805b856cf9621aa25edc8a32.tar.bz2 gentoo-2-9eede8a20f631ae2805b856cf9621aa25edc8a32.zip |
Add patches from Mandrake to add -fPIC rather than append-flags, hopefully
this will solve bug #32140. Also add updated security patch.
Diffstat (limited to 'sys-libs')
-rw-r--r-- | sys-libs/zlib/ChangeLog | 10 | ||||
-rw-r--r-- | sys-libs/zlib/Manifest | 5 | ||||
-rw-r--r-- | sys-libs/zlib/files/digest-zlib-1.1.4-r3 | 1 | ||||
-rw-r--r-- | sys-libs/zlib/files/zlib-1.1.4-build-fPIC.patch | 61 | ||||
-rw-r--r-- | sys-libs/zlib/files/zlib-1.1.4-glibc.patch | 11 | ||||
-rw-r--r-- | sys-libs/zlib/files/zlib-1.1.4-gzprintf.patch | 294 | ||||
-rw-r--r-- | sys-libs/zlib/zlib-1.1.4-r3.ebuild | 56 |
7 files changed, 434 insertions, 4 deletions
diff --git a/sys-libs/zlib/ChangeLog b/sys-libs/zlib/ChangeLog index 0cb74655da01..53c7aec106d4 100644 --- a/sys-libs/zlib/ChangeLog +++ b/sys-libs/zlib/ChangeLog @@ -1,6 +1,14 @@ # ChangeLog for sys-libs/zlib # Copyright 2002-2003 Gentoo Technologies, Inc.; Distributed under the GPL v2 -# $Header: /var/cvsroot/gentoo-x86/sys-libs/zlib/ChangeLog,v 1.15 2003/10/27 20:14:21 azarah Exp $ +# $Header: /var/cvsroot/gentoo-x86/sys-libs/zlib/ChangeLog,v 1.16 2003/10/29 21:03:09 azarah Exp $ + +*zlib-1.1.4-r3 (29 Oct 2003) + + 29 Oct 2003; Martin Schlemmer <azarah@gentoo.org> zlib-1.1.4-r3.ebuild, + files/zlib-1.1.4-build-fPIC.patch, files/zlib-1.1.4-glibc.patch, + files/zlib-1.1.4-gzprintf.patch: + Add patches from Mandrake to add -fPIC rather than append-flags, hopefully + this will solve bug #32140. Also add updated security patch. *zlib-1.1.4-r2 (27 Oct 2003) diff --git a/sys-libs/zlib/Manifest b/sys-libs/zlib/Manifest index f49ade72c3e6..d2710f75cee3 100644 --- a/sys-libs/zlib/Manifest +++ b/sys-libs/zlib/Manifest @@ -1,9 +1,8 @@ MD5 91f6062db2146c9d80cd1d67fa875bde zlib-1.1.4-r2.ebuild 1091 MD5 cad2872215ce5bf03f9a0e39d222d686 zlib-1.1.4.ebuild 970 -MD5 85a8fcc3b235a93368952af90a66b674 zlib-1.1.4-r3.ebuild 1191 +MD5 07c95f20d757666245fb4bc2e779989c zlib-1.1.4-r3.ebuild 1255 MD5 3d4c649e3822c61abee71f21546f115b zlib-1.1.4-r1.ebuild 1111 -MD5 436213c0a7d50ebdf2a2f582c31b0d5b .zlib-1.1.4-r3.ebuild.swp 12288 -MD5 7e0722e523e0dfcb7855294b6099a8f5 ChangeLog 2128 +MD5 cd4b381a57a7292a83a2dc69e5930d8e ChangeLog 2476 MD5 50994a0512095579777c3fcf0382ab87 zlib-1.1.3-r3.ebuild 943 MD5 dd55b8f72a824c16a4d544b624c9eda1 files/digest-zlib-1.1.4-r1 63 MD5 dd55b8f72a824c16a4d544b624c9eda1 files/digest-zlib-1.1.4-r3 63 diff --git a/sys-libs/zlib/files/digest-zlib-1.1.4-r3 b/sys-libs/zlib/files/digest-zlib-1.1.4-r3 new file mode 100644 index 000000000000..ac97e5a21b50 --- /dev/null +++ b/sys-libs/zlib/files/digest-zlib-1.1.4-r3 @@ -0,0 +1 @@ +MD5 ea16358be41384870acbdc372f9db152 zlib-1.1.4.tar.bz2 147014 diff --git a/sys-libs/zlib/files/zlib-1.1.4-build-fPIC.patch b/sys-libs/zlib/files/zlib-1.1.4-build-fPIC.patch new file mode 100644 index 000000000000..a29bee225acc --- /dev/null +++ b/sys-libs/zlib/files/zlib-1.1.4-build-fPIC.patch @@ -0,0 +1,61 @@ +--- zlib-1.1.4/Makefile.in.build-fPIC 2003-01-30 01:35:18.000000000 -0500 ++++ zlib-1.1.4/Makefile.in 2003-01-30 01:40:49.000000000 -0500 +@@ -41,6 +41,8 @@ includedir = ${prefix}/include + OBJS = adler32.o compress.o crc32.o gzio.o uncompr.o deflate.o trees.o \ + zutil.o inflate.o infblock.o inftrees.o infcodes.o infutil.o inffast.o + ++PIC_OBJS = $(OBJS:%.o=%.lo) ++ + OBJA = + # to use the asm code: make OBJA=match.o + +@@ -80,8 +82,11 @@ match.o: match.S + mv _match.o match.o + rm -f _match.s + +-$(SHAREDLIB).$(VER): $(OBJS) +- $(LDSHARED) -o $@ $(OBJS) -lc ++%.lo: %.c ++ $(CC) $(CFLAGS) -DPIC -fPIC -c $< -o $@ ++ ++$(SHAREDLIB).$(VER): $(PIC_OBJS) ++ $(LDSHARED) -o $@ $(PIC_OBJS) -lc + rm -f $(SHAREDLIB) $(SHAREDLIB).1 + ln -s $@ $(SHAREDLIB) + ln -s $@ $(SHAREDLIB).1 +@@ -92,11 +97,8 @@ example: example.o $(LIBS) + minigzip: minigzip.o $(LIBS) + $(CC) $(CFLAGS) -o $@ minigzip.o $(LDFLAGS) + +-install: $(LIBS) +- -@if [ ! -d $(includedir) ]; then mkdir $(includedir); fi ++install-libs: $(LIBS) + -@if [ ! -d $(libdir) ]; then mkdir $(libdir); fi +- cp zlib.h zconf.h $(includedir) +- chmod 644 $(includedir)/zlib.h $(includedir)/zconf.h + cp $(LIBS) $(libdir) + cd $(libdir); chmod 755 $(LIBS) + -@(cd $(libdir); $(RANLIB) libz.a || true) >/dev/null 2>&1 +@@ -109,6 +111,11 @@ install: $(LIBS) + # The ranlib in install is needed on NeXTSTEP which checks file times + # ldconfig is for Linux + ++install: install-libs ++ -@if [ ! -d $(includedir) ]; then mkdir $(includedir); fi ++ cp zlib.h zconf.h $(includedir) ++ chmod 644 $(includedir)/zlib.h $(includedir)/zconf.h ++ + uninstall: + cd $(includedir); \ + v=$(VER); \ +--- zlib-1.1.4/configure.build-fPIC 2003-01-30 01:35:18.000000000 -0500 ++++ zlib-1.1.4/configure 2003-01-30 01:39:59.000000000 -0500 +@@ -130,7 +130,7 @@ if test $shared -eq 1; then + if test "`($CC -c $SFLAGS $test.c) 2>&1`" = "" && + test "`($LDSHARED -o $test$shared_ext $test.o) 2>&1`" = ""; then + CFLAGS="$SFLAGS" +- LIBS="$SHAREDLIB.$VER" ++ LIBS="$LIBS $SHAREDLIB.$VER" + echo Building shared library $SHAREDLIB.$VER with $CC. + elif test -z "$old_cc" -a -z "$old_cflags"; then + echo No shared library suppport. diff --git a/sys-libs/zlib/files/zlib-1.1.4-glibc.patch b/sys-libs/zlib/files/zlib-1.1.4-glibc.patch new file mode 100644 index 000000000000..49ded8639f8e --- /dev/null +++ b/sys-libs/zlib/files/zlib-1.1.4-glibc.patch @@ -0,0 +1,11 @@ +--- zlib-1.1.3/Makefile.in.glibc Wed Sep 9 11:48:46 1998 ++++ zlib-1.1.3/Makefile.in Wed Sep 9 11:49:04 1998 +@@ -80,7 +80,7 @@ + rm -f _match.s + + $(SHAREDLIB).$(VER): $(OBJS) +- $(LDSHARED) -o $@ $(OBJS) ++ $(LDSHARED) -o $@ $(OBJS) -lc + rm -f $(SHAREDLIB) $(SHAREDLIB).1 + ln -s $@ $(SHAREDLIB) + ln -s $@ $(SHAREDLIB).1 diff --git a/sys-libs/zlib/files/zlib-1.1.4-gzprintf.patch b/sys-libs/zlib/files/zlib-1.1.4-gzprintf.patch new file mode 100644 index 000000000000..28b610f57a79 --- /dev/null +++ b/sys-libs/zlib/files/zlib-1.1.4-gzprintf.patch @@ -0,0 +1,294 @@ +This patch fixes security holes caused by potential buffer overflows +in the implementation of the gzprintf() function in zlib 1.1.4. The +security holes are fixed for platforms providing vsnprintf(3) and +snprintf(3) only. This patch is derived from a prepared security patch, +originally created by Kelledin <kelledin@users.sourceforge.net>. The +OpenPKG project reduced the patch in size and fixed the configuration +checks. + +diff -ru3 zlib-1.1.4.orig/configure zlib-1.1.4/configure +--- zlib-1.1.4.orig/configure Wed Jul 8 20:19:35 1998 ++++ zlib-1.1.4/configure Thu Feb 27 15:14:54 2003 +@@ -155,7 +155,212 @@ + echo "Checking for unistd.h... No." + fi + +-cat > $test.c <<EOF ++cat >$test.c <<EOF ++#include <stdio.h> ++#include <stdlib.h> ++ ++#if (defined(__MSDOS__) || defined(_WINDOWS) || defined(_WIN32) || defined(__WIN32__) || defined(WIN32) || defined(__STDC__) || defined(__cplusplus) || defined(__OS2__)) && !defined(STDC) ++# define STDC ++#endif ++ ++int main() ++{ ++#ifndef STDC ++ choke me ++#endif ++ ++ return 0; ++} ++EOF ++ ++if test "`($CC -c $CFLAGS $test.c) 2>&1`" = ""; then ++ echo "Checking whether to use vsnprintf() or snprintf()... using vsnprintf()" ++ ++ cat >$test.c <<EOF ++#include <stdio.h> ++#include <stdarg.h> ++ ++int mytest(char *fmt, ...) ++{ ++ char buf[20]; ++ va_list ap; ++ ++ va_start(ap, fmt); ++ vsnprintf(buf, sizeof(buf), fmt, ap); ++ va_end(ap); ++ return 0; ++} ++ ++int main() ++{ ++ return (mytest("Hello%d\n", 1)); ++} ++EOF ++ ++ if test "`($CC -c $CFLAGS $test.c) 2>&1`" = ""; then ++ CFLAGS="$CFLAGS -DHAS_vsnprintf" ++ echo "Checking for vsnprintf() in stdio.h... Yes." ++ ++ cat >$test.c <<EOF ++#include <stdio.h> ++#include <stdarg.h> ++ ++int mytest(char *fmt, ...) ++{ ++ int i; ++ char buf[20]; ++ va_list ap; ++ ++ va_start(ap, fmt); ++ i = vsnprintf(buf, sizeof(buf), fmt, ap); ++ va_end(ap); ++ return 0; ++} ++ ++int main() ++{ ++ return (mytest("Hello%d\n", 1)); ++} ++EOF ++ ++ if test "`($CC -c $CFLAGS $test.c) 2>&1`" = ""; then ++ CFLAGS="$CFLAGS -DHAS_vsnprintf_return" ++ echo "Checking for return value of vsnprintf()... Yes." ++ else ++ echo "Checking for return value of vsnprintf()... No." ++ echo " WARNING: apparently vsnprintf() does not return a value. zlib" ++ echo " can build but will be open to possible string-format security" ++ echo " vulnerabilities." ++ fi ++ else ++ echo "Checking for vsnprintf() in stdio.h... No." ++ echo " WARNING: vsnprintf() not found, falling back to vsprintf(). zlib" ++ echo " can build but will be open to possible buffer-overflow security" ++ echo " vulnerabilities." ++ ++ cat >$test.c <<EOF ++#include <stdio.h> ++#include <stdarg.h> ++ ++int mytest(char *fmt, ...) ++{ ++ int i; ++ char buf[20]; ++ va_list ap; ++ ++ va_start(ap, fmt); ++ i = vsprintf(buf, fmt, ap); ++ va_end(ap); ++ return 0; ++} ++ ++int main() ++{ ++ return (mytest("Hello%d\n", 1)); ++} ++EOF ++ ++ if test "`($CC -c $CFLAGS $test.c) 2>&1`" = ""; then ++ CFLAGS="$CFLAGS -DHAS_vsprintf_return" ++ echo "Checking for return value of vsprintf()... Yes." ++ else ++ echo "Checking for return value of vsprintf()... No." ++ echo " WARNING: apparently vsprintf() does not return a value. zlib" ++ echo " can build but will be open to possible string-format security" ++ echo " vulnerabilities." ++ fi ++ fi ++else ++ echo "Checking whether to use vsnprintf() or snprintf()... using snprintf()" ++ ++ cat >$test.c <<EOF ++#include <stdio.h> ++#include <stdarg.h> ++ ++int mytest() ++{ ++ char buf[20]; ++ ++ snprintf(buf, sizeof(buf), "%s", "foo"); ++ return 0; ++} ++ ++int main() ++{ ++ return (mytest()); ++} ++EOF ++ ++ if test "`($CC -c $CFLAGS $test.c) 2>&1`" = ""; then ++ CFLAGS="$CFLAGS -DHAS_snprintf" ++ echo "Checking for snprintf() in stdio.h... Yes." ++ ++ cat >$test.c <<EOF ++#include <stdio.h> ++#include <stdarg.h> ++ ++int mytest(char *fmt, ...) ++{ ++ int i; ++ char buf[20]; ++ ++ i = snprintf(buf, sizeof(buf), "%s", "foo"); ++ return 0; ++} ++ ++int main() ++{ ++ return (mytest()); ++} ++EOF ++ ++ if test "`($CC -c $CFLAGS $test.c) 2>&1`" = ""; then ++ CFLAGS="$CFLAGS -DHAS_snprintf_return" ++ echo "Checking for return value of snprintf()... Yes." ++ else ++ echo "Checking for return value of snprintf()... No." ++ echo " WARNING: apparently snprintf() does not return a value. zlib" ++ echo " can build but will be open to possible string-format security" ++ echo " vulnerabilities." ++ fi ++ else ++ echo "Checking for snprintf() in stdio.h... No." ++ echo " WARNING: snprintf() not found, falling back to sprintf(). zlib" ++ echo " can build but will be open to possible buffer-overflow security" ++ echo " vulnerabilities." ++ ++ cat >$test.c <<EOF ++#include <stdio.h> ++#include <stdarg.h> ++ ++int mytest(char *fmt, ...) ++{ ++ int i; ++ char buf[20]; ++ ++ i = sprintf(buf, "%s", "foo"); ++ return 0; ++} ++ ++int main() ++{ ++ return (mytest()); ++} ++EOF ++ ++ if test "`($CC -c $CFLAGS $test.c) 2>&1`" = ""; then ++ CFLAGS="$CFLAGS -DHAS_sprintf_return" ++ echo "Checking for return value of sprintf()... Yes." ++ else ++ echo "Checking for return value of sprintf()... No." ++ echo " WARNING: apparently sprintf() does not return a value. zlib" ++ echo " can build but will be open to possible string-format security" ++ echo " vulnerabilities." ++ fi ++ fi ++fi ++ ++cat >$test.c <<EOF + #include <errno.h> + int main() { return 0; } + EOF +diff -ru3 zlib-1.1.4.orig/gzio.c zlib-1.1.4/gzio.c +--- zlib-1.1.4.orig/gzio.c Mon Mar 11 14:16:01 2002 ++++ zlib-1.1.4/gzio.c Thu Feb 27 14:29:26 2003 +@@ -530,13 +530,31 @@ + + va_start(va, format); + #ifdef HAS_vsnprintf ++# ifdef HAS_vsnprintf_return ++ len = vsnprintf(buf, sizeof(buf), format, va); ++ va_end(va); ++ if (len <= 0 || len >= sizeof(buf)) ++ return 0; ++# else + (void)vsnprintf(buf, sizeof(buf), format, va); ++ va_end(va); ++ len = strlen(buf); ++ if (len <= 0) ++ return 0; ++# endif + #else ++# ifdef HAS_vsprintf_return ++ len = vsprintf(buf, format, va); ++ va_end(va); ++ if (len <= 0 || len >= sizeof(buf)) ++ return 0; ++# else + (void)vsprintf(buf, format, va); +-#endif + va_end(va); + len = strlen(buf); /* some *sprintf don't return the nb of bytes written */ + if (len <= 0) return 0; ++# endif ++#endif + + return gzwrite(file, buf, (unsigned)len); + } +@@ -553,14 +571,31 @@ + int len; + + #ifdef HAS_snprintf ++# ifdef HAS_snprintf_return ++ len = snprintf(buf, sizeof(buf), format, a1, a2, a3, a4, a5, a6, a7, a8, ++ a9, a10, a11, a12, a13, a14, a15, a16, a17, a18, a19, a20); ++ if (len <= 0 || len >= sizeof(buf)) ++ return 0; ++# else + snprintf(buf, sizeof(buf), format, a1, a2, a3, a4, a5, a6, a7, a8, + a9, a10, a11, a12, a13, a14, a15, a16, a17, a18, a19, a20); ++ len = strlen(buf); ++ if (len <= 0) ++ return 0; ++# endif + #else ++# ifdef HAS_sprintf_return ++ len = sprintf(buf, format, a1, a2, a3, a4, a5, a6, a7, a8, ++ a9, a10, a11, a12, a13, a14, a15, a16, a17, a18, a19, a20); ++ if (len <= 0 || len >= sizeof(buf)) ++ return 0; ++# else + sprintf(buf, format, a1, a2, a3, a4, a5, a6, a7, a8, + a9, a10, a11, a12, a13, a14, a15, a16, a17, a18, a19, a20); +-#endif + len = strlen(buf); /* old sprintf doesn't return the nb of bytes written */ + if (len <= 0) return 0; ++# endif ++#endif + + return gzwrite(file, buf, len); + } diff --git a/sys-libs/zlib/zlib-1.1.4-r3.ebuild b/sys-libs/zlib/zlib-1.1.4-r3.ebuild new file mode 100644 index 000000000000..5226d8f3fbeb --- /dev/null +++ b/sys-libs/zlib/zlib-1.1.4-r3.ebuild @@ -0,0 +1,56 @@ +# Copyright 1999-2003 Gentoo Technologies, Inc. +# Distributed under the terms of the GNU General Public License v2 +# $Header: /var/cvsroot/gentoo-x86/sys-libs/zlib/zlib-1.1.4-r3.ebuild,v 1.1 2003/10/29 21:03:09 azarah Exp $ + +inherit eutils flag-o-matic + +S="${WORKDIR}/${P}" +DESCRIPTION="Standard (de)compression library" +SRC_URI="http://www.gzip.org/zlib/${P}.tar.bz2" +HOMEPAGE="http://www.gzip.org/zlib" + +LICENSE="ZLIB" +KEYWORDS="~amd64 ~x86 ~ppc ~sparc ~alpha ~mips ~hppa ~arm ~ia64" +SLOT="0" + +DEPEND="virtual/glibc" + +src_unpack() { + unpack ${A} + + cd ${S} + # Updated security patch + epatch ${FILESDIR}/${P}-gzprintf.patch + + # Make sure we link with glibc at all times + epatch ${FILESDIR}/${P}-glibc.patch + # Needed for Alpha and prelink + epatch ${FILESDIR}/${P}-build-fPIC.patch +} + +src_compile() { + ./configure --shared --prefix=/usr || die + emake || die + make test || die + + ./configure --prefix=/usr || die + emake || die +} + +src_install() { + into /usr + dodir /usr/include + insinto /usr/include + doins zconf.h zlib.h + + dolib libz.so.${PV} + ( cd ${D}/usr/lib ; chmod 755 libz.so.* ) + dolib libz.a + dosym libz.so.${PV} /usr/lib/libz.so + dosym libz.so.${PV} /usr/lib/libz.so.1 + + doman zlib.3 + dodoc FAQ README ChangeLog + docinto txt + dodoc algorithm.txt +} |