Subject: CVS commit: pkgsrc/devel/zlib
From: Jeremy C. Reed
Date: 2004-09-01 01:16:23
Message id: 20040831231623.570A42DA1D@cvs.netbsd.org
Log Message:
Added two patches for fixing possible security issue.
The CVS security ID is CAN-2004-0797.

The fix is same as used by OpenBSD, Debian and Gentoo.
(Didn't see any reference to issue on zlib webpages.)

The OpenBSD announcement "zlib reliabilty fix" says:
"could allow an attacker to crash programs linked
with it."

And the Gentoo announcement says "zlib contains a bug in the handling
of errors in the inflate() and inflateBack() functions. ... An
attacker could exploit this vulnerability to launch a Denial of
Service attack on any application using the zlib library."

PKGREVISION is bumped and BUILDLINK_RECOMMENDED.zlib added to
buildlink3.mk file.
Files:
RevisionActionfile
1.26modifypkgsrc/devel/zlib/Makefile
1.17modifypkgsrc/devel/zlib/buildlink3.mk
1.9modifypkgsrc/devel/zlib/distinfo
1.3addpkgsrc/devel/zlib/patches/patch-ab
1.3addpkgsrc/devel/zlib/patches/patch-ac