[Lunar-commits] CVS: moonbase/archive/zlib BUILD, 1.7, 1.8 DETAILS, 1.3, 1.4

Florin Braescu florin at lunar-linux.org
Fri Sep 10 20:04:46 UTC 2004 

Update of /var/cvs/lunar/moonbase/archive/zlib
In directory espresso.lunar-linux.org:/tmp/cvs-serv32491/archive/zlib

Modified Files:
	BUILD DETAILS 
Log Message:
Due to a Debian bug report, a DOS vulnerability was discovered in the zlib compression library versions 1.2.x, in the
 inflate() and inflateBack() functions. Added the needed patch.

Index: BUILD
===================================================================
RCS file: /var/cvs/lunar/moonbase/archive/zlib/BUILD,v
retrieving revision 1.7
retrieving revision 1.8
diff -u -d -r1.7 -r1.8
--- BUILD	10 Aug 2004 07:49:05 -0000	1.7
+++ BUILD	10 Sep 2004 20:04:44 -0000	1.8
@@ -1,4 +1,7 @@
 (
+
+  patch_it $SOURCE_CACHE/$SOURCE2 1 &&
+
   ./configure  --prefix=/usr  &&
   make                        &&
 
@@ -9,12 +12,10 @@
   # CFLAGS properly when CFLAGS is passed to it and --shared is set
   if [ "`arch`" = "alpha" ]; then
       sedit 's/^CFLAGS *=/CFLAGS=-fPIC /' Makefile
-  fi                          &&
+  fi                  &&
 
-  make                        &&
-  prepare_install             &&
-  make    install             &&
-  cp libz.a /usr/lib          &&
+  default_make        &&  
+  cp libz.a /usr/lib  &&
   chmod 755 /usr/lib/libz.a
 
 ) > $C_FIFO 2>&1

Index: DETAILS
===================================================================
RCS file: /var/cvs/lunar/moonbase/archive/zlib/DETAILS,v
retrieving revision 1.3
retrieving revision 1.4
diff -u -d -r1.3 -r1.4
--- DETAILS	5 Dec 2003 17:32:58 -0000	1.3
+++ DETAILS	10 Sep 2004 20:04:44 -0000	1.4
@@ -1,16 +1,18 @@
           MODULE=zlib
          VERSION=1.2.1
-        #VERSION=1.1.4
           SOURCE=$MODULE-$VERSION.tar.bz2
-SOURCE_DIRECTORY=$BUILD_DIRECTORY/$MODULE-$VERSION
-   SOURCE_URL[0]=http://www.gzip.org/$MODULE/$SOURCE
-      SOURCE_VFY=md5:8106069990476a3c5187301465bd7a60
+         SOURCE2=$MODULE-$VERSION-alt-inflate.patch.bz2
+	 SOURCE_DIRECTORY=$BUILD_DIRECTORY/$MODULE-$VERSION
+   SOURCE_URL=http://www.gzip.org/$MODULE/$SOURCE
+  SOURCE2_URL=$PATCH_URL/$SOURCE2
+      SOURCE_VFY=sha1:13bd164df955911c25342adfad805c1cad5e398e
+     SOURCE2_VFY=sha1:00f53af5c8602f5040bf76e54fd24dcd94f63ed6
         WEB_SITE=http://www.gzip.org/$MODULE
          ENTERED=20010922
-         UPDATED=20031205
-           SHORT="zlib is a legally unencumbered lossless data compression library."
+         UPDATED=20040910
+           SHORT="zlib is a lossless data compression library."
+
 cat << EOF
-zlib
 zlib is designed to be a free, general-purpose, legally unencumbered --
 that is, not covered by any patents -- lossless data-compression library
 for use on virtually any computer hardware and operating system. The

More information about the Lunar-commits mailing list