security update

SVN-Revision: 2951

openwrt/package/zlib/Makefile

@@ -3,11 +3,12 @@
 include $(TOPDIR)/rules.mk
 
 PKG_NAME:=zlib
-PKG_VERSION:=1.2.2
-PKG_RELEASE:=2
-PKG_MD5SUM:=1b8aab042d40979e456194c468fd72c5
+PKG_VERSION:=1.2.3
+PKG_RELEASE:=3
+PKG_MD5SUM:=dee233bf288ee795ac96a98cc2e369b6
 
-PKG_SOURCE_URL:=@SF/zlib
+PKG_SOURCE_URL:=http://www.zlib.net \
+	@SF/zlib
 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.bz2
 PKG_CAT:=bzcat
 

openwrt/package/zlib/patches/zlib-1.2.2-CAN-2005-2096.patch

@@ -1,26 +0,0 @@
-Name: CAN-2005-2096 (under review)
-Description:
-  Buffer overflow in zlib 1.2 and later versions allows remote attackers 
-  to cause a denial of service (crash) via a crafted compressed stream, as 
-  demonstrated using a crafted PNG file.
-  
-References:
-  * DEBIAN:DSA-740
-    http://www.debian.org/security/2005/dsa-740
-  * REDHAT:RHSA-2005:569
-    http://www.redhat.com/support/errata/RHSA-2005-569.html 
-
-  http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2096
-
-diff -ruN zlib-1.2.2-old/inftrees.c zlib-1.2.2-new/inftrees.c
---- zlib-1.2.2-old/inftrees.c	2004-09-15 16:30:06.000000000 +0200
-+++ zlib-1.2.2-new/inftrees.c	2005-07-08 21:18:58.000000000 +0200
-@@ -134,7 +134,7 @@
-         left -= count[len];
-         if (left < 0) return -1;        /* over-subscribed */
-     }
--    if (left > 0 && (type == CODES || (codes - count[0] != 1)))
-+    if (left > 0 && (type == CODES || max != 1))
-         return -1;                      /* incomplete set */
- 
-     /* generate offsets into symbol table for each length for sorting */

openwrt/package/zlib/patches/zlib.patch

@@ -1,6 +1,5 @@
-diff -ruN zlib-1.2.2-orig/Makefile.in zlib-1.2.2-2/Makefile.in
---- zlib-1.2.2-orig/Makefile.in	2004-09-15 16:27:20.000000000 +0200
-+++ zlib-1.2.2-2/Makefile.in	2004-11-13 13:38:12.000000000 +0100
+--- zlib-1.2.3-orig/Makefile.in	2005-07-18 04:25:21.000000000 +0200
++++ zlib-1.2.3/Makefile.in	2006-01-13 15:31:04.000000000 +0100
 @@ -25,20 +25,23 @@
  #           -Wstrict-prototypes -Wmissing-prototypes
  
@@ -13,11 +12,11 @@ diff -ruN zlib-1.2.2-orig/Makefile.in zlib-1.2.2-2/Makefile.in
 +LIBS=
 +STATICLIB=libz.a
  SHAREDLIB=libz.so
- SHAREDLIBV=libz.so.1.2.2
+ SHAREDLIBV=libz.so.1.2.3
  SHAREDLIBM=libz.so.1
  
 -AR=ar rc
-+AR=ar 
++AR=ar
  RANLIB=ranlib
  TAR=tar
  SHELL=/bin/sh
@@ -87,120 +86,3 @@ diff -ruN zlib-1.2.2-orig/Makefile.in zlib-1.2.2-2/Makefile.in
  # The ranlib in install is needed on NeXTSTEP which checks file times
  # ldconfig is for Linux
  
-diff -ruN zlib-1.2.2-orig/configure zlib-1.2.2-2/configure
---- zlib-1.2.2-orig/configure	2004-09-07 07:50:06.000000000 +0200
-+++ zlib-1.2.2-2/configure	2004-11-13 12:37:43.000000000 +0100
-@@ -23,7 +23,7 @@
- VER=`sed -n -e '/VERSION "/s/.*"\(.*\)".*/\1/p' < zlib.h`
- VER2=`sed -n -e '/VERSION "/s/.*"\([0-9]*\\.[0-9]*\)\\..*/\1/p' < zlib.h`
- VER1=`sed -n -e '/VERSION "/s/.*"\([0-9]*\)\\..*/\1/p' < zlib.h`
--AR=${AR-"ar rc"}
-+AR=${AR-"ar"}
- RANLIB=${RANLIB-"ranlib"}
- prefix=${prefix-/usr/local}
- exec_prefix=${exec_prefix-'${prefix}'}
-@@ -73,7 +73,7 @@
- 
- if test "$gcc" -eq 1 && ($cc -c $cflags $test.c) 2>/dev/null; then
-   CC="$cc"
--  SFLAGS=${CFLAGS-"-fPIC -O3"}
-+  SFLAGS=${CFLAGS-"-D_REENTRANT -fPIC -O3"}
-   CFLAGS="$cflags"
-   case `(uname -s || echo unknown) 2>/dev/null` in
-   Linux | linux | GNU | GNU/*) LDSHARED=${LDSHARED-"$cc -shared -Wl,-soname,libz.so.1"};;
-@@ -408,6 +408,29 @@
-   echo Checking for mmap support... No.
- fi
- 
-+cat > $test.c <<EOF
-+#include <stdio.h>
-+int main() { char buf[10]; snprintf(buf, sizeof(buf), "%s", "F"); return 0; }
-+EOF
-+if test "`($CC -c $CFLAGS $test.c) 2>&1`" = ""; then
-+  echo "Checking for snprintf...	 Yes."
-+  CFLAGS="$CFLAGS -DHAS_snprintf"
-+else
-+  echo "Checking for snprintf..	 No."
-+fi
-+
-+cat > $test.c <<EOF
-+#include <stdio.h>
-+#include <stdarg.h>
-+int main(void) { va_list a; vsnprintf(0, 0, "", a); return 0; }
-+EOF
-+if test "`($CC -c $CFLAGS $test.c) 2>&1`" = ""; then
-+  echo "Checking for vsnprintf...	 Yes."
-+  CFLAGS="$CFLAGS -DHAS_vsnprintf"
-+else
-+  echo "Checking for vsnprintf..	 No."
-+fi
-+
- CPP=${CPP-"$CC -E"}
- case $CFLAGS in
-   *ASMV*)
-@@ -424,20 +447,21 @@
- # udpate Makefile
- sed < Makefile.in "
- /^CC *=/s#=.*#=$CC#
--/^CFLAGS *=/s#=.*#=$CFLAGS#
--/^CPP *=/s#=.*#=$CPP#
--/^LDSHARED *=/s#=.*#=$LDSHARED#
--/^LIBS *=/s#=.*#=$LIBS#
--/^SHAREDLIB *=/s#=.*#=$SHAREDLIB#
--/^SHAREDLIBV *=/s#=.*#=$SHAREDLIBV#
--/^SHAREDLIBM *=/s#=.*#=$SHAREDLIBM#
--/^AR *=/s#=.*#=$AR#
--/^RANLIB *=/s#=.*#=$RANLIB#
--/^EXE *=/s#=.*#=$EXE#
--/^prefix *=/s#=.*#=$prefix#
--/^exec_prefix *=/s#=.*#=$exec_prefix#
--/^libdir *=/s#=.*#=$libdir#
--/^includedir *=/s#=.*#=$includedir#
--/^mandir *=/s#=.*#=$mandir#
--/^LDFLAGS *=/s#=.*#=$LDFLAGS#
-+/^CC *=/s%=.*%= $CC%
-+/^CFLAGS *=/s%=.*%= $CFLAGS%
-+/^CPP *=/s%=.*%= $CPP%
-+/^LDSHARED *=/s%=.*%= $LDSHARED%
-+/^LIBS *=/s%=.*%= $LIBS%
-+/^SHAREDLIB *=/s%=.*%= $SHAREDLIB%
-+/^SHAREDLIBV *=/s%=.*%= $SHAREDLIBV%
-+/^SHAREDLIBM *=/s%=.*%= $SHAREDLIBM%
-+/^AR *=/s%=.*%= $AR%
-+/^RANLIB *=/s%=.*%= $RANLIB%
-+/^EXE *=/s%=.*%= $EXE%
-+/^prefix *=/s%=.*%= $prefix%
-+/^exec_prefix *=/s%=.*%= $exec_prefix%
-+/^libdir *=/s%=.*%= $libdir%
-+/^includedir *=/s%=.*%= $includedir%
-+/^mandir *=/s%=.*%= $mandir%
-+/^LDFLAGS *=/s%=.*%= $LDFLAGS%
- " > Makefile
-diff -ruN zlib-1.2.2-orig/contrib/minizip/Makefile zlib-1.2.2-2/contrib/minizip/Makefile
---- zlib-1.2.2-orig/contrib/minizip/Makefile	2003-09-10 20:00:16.000000000 +0200
-+++ zlib-1.2.2-2/contrib/minizip/Makefile	2004-11-13 12:37:43.000000000 +0100
-@@ -1,8 +1,8 @@
- CC=cc
--CFLAGS=-O -I../..
-+CFLAGS=-O2 -g -I../.. -Dunix
- 
--UNZ_OBJS = miniunz.o unzip.o ioapi.o ../../libz.a
--ZIP_OBJS = minizip.o zip.o   ioapi.o ../../libz.a
-+UNZ_OBJS = miniunz.o unzip.o ioapi.o
-+ZIP_OBJS = minizip.o zip.o   ioapi.o
- 
- .c.o:
- 	$(CC) -c $(CFLAGS) $*.c
-@@ -10,10 +10,10 @@
- all: miniunz minizip
- 
- miniunz:  $(UNZ_OBJS)
--	$(CC) $(CFLAGS) -o $@ $(UNZ_OBJS)
-+	$(CC) $(CFLAGS) -o $@ $(UNZ_OBJS) -L ../.. -lz
- 
- minizip:  $(ZIP_OBJS)
--	$(CC) $(CFLAGS) -o $@ $(ZIP_OBJS)
-+	$(CC) $(CFLAGS) -o $@ $(ZIP_OBJS) -L ../.. -lz
- 
- test:	miniunz minizip
- 	./minizip test readme.txt