![[BACK]](/icons/back.gif){kind=icon}
Up to [cvs.NetBSD.org] / pkgsrc / devel / zlib
Request diff between arbitrary revisions
Keyword substitution: kv
Default branch: MAIN
zlib: always include unistd.h on Linux Newer compilers, such as gcc14 in Fedora 40, make calling undeclared functions an error. zlib uses lseek, which is in unistd.h. The existing zconf.h has complex logic to include unistd.h in some cases, when it should probably just include it unconditionally. Set -DZ_HAVE_UNISTD_H in CFLAGS.Linux. This should probably just be added unconditionally, but I was hesitant to do so without asking.
zlib: updated to 1.3.1 Changes in 1.3.1 (22 Jan 2024) - Reject overflows of zip header fields in minizip - Fix bug in inflateSync() for data held in bit buffer - Add LIT_MEM define to use more memory for a small deflate speedup - Fix decision on the emission of Zip64 end records in minizip - Add bounds checking to ERR_MSG() macro, used by zError() - Neutralize zip file traversal attacks in miniunz - Fix a bug in ZLIB_DEBUG compiles in check_match() - Various portability and appearance improvements Changes in 1.3 (18 Aug 2023) - Remove K&R function definitions and zlib2ansi - Fix bug in deflateBound() for level 0 and memLevel 9 - Fix bug when gzungetc() is used immediately after gzopen() - Fix bug when using gzflush() with a very small buffer - Fix crash when gzsetparams() attempted for transparent write - Fix test/example.c to work with FORCE_STORED - Rewrite of zran in examples (see zran.c version history) - Fix minizip to allow it to open an empty zip file - Fix reading disk number start on zip64 files in minizip - Fix logic error in minizip argument processing - Add minizip testing to Makefile - Read multiple bytes instead of byte-by-byte in minizip unzip.c - Add memory sanitizer to configure (--memory) - Various portability improvements - Various documentation improvements - Various spelling and typo corrections
devel/zlib: include the version script from upstream Adding symbol versions to the shared library on Linux. This brings zlib more in line what distro builds have on Linux, avoiding lots of complaints in the case that you have to replace native zlib with an upgraded version from pkgsrc (to build octave on CentOS 7.x, for example).
Reset MAINTAINER
zlib: update to 1.2.13 Replace the existing files (except files/Makefile) from upstream sources. Add LICENSE file. Clean up some pkglint. Fixes CVE-2022-37434. Changes in 1.2.13 (13 Oct 2022) - Fix configure issue that discarded provided CC definition - Correct incorrect inputs provided to the CRC functions - Repair prototypes and exporting of new CRC functions - Fix inflateBack to detect invalid input with distances too far - Have infback() deliver all of the available output up to any error - Fix a bug when getting a gzip header extra field with inflate() - Fix bug in block type selection when Z_FIXED used - Tighten deflateBound bounds - Remove deleted assembler code references - Various portability and appearance improvements
zlib: Apply upstream patch to workaround CRC issue. Should fix abuse by openjdk and others. Bump PKGREVISION. Upstream commit: From ec3df00224d4b396e2ac6586ab5d25f673caa4c2 Mon Sep 17 00:00:00 2001 From: Mark Adler <madler@alumni.caltech.edu> Date: Wed, 30 Mar 2022 11:14:53 -0700 Subject: [PATCH] Correct incorrect inputs provided to the CRC functions. The previous releases of zlib were not sensitive to incorrect CRC inputs with bits set above the low 32. This commit restores that behavior, so that applications with such bugs will continue to operate as before.
zlib: update to 1.2.12 pkgsrc change: Add unistd.h to gzguts.h to fix warning on NetBSD. Changes in 1.2.12 (27 Mar 2022) - Cygwin does not have _wopen(), so do not create gzopen_w() there - Permit a deflateParams() parameter change as soon as possible - Limit hash table inserts after switch from stored deflate - Fix bug when window full in deflate_stored() - Fix CLEAR_HASH macro to be usable as a single statement - Avoid a conversion error in gzseek when off_t type too small - Have Makefile return non-zero error code on test failure - Avoid some conversion warnings in gzread.c and gzwrite.c - Update use of errno for newer Windows CE versions - Small speedup to inflate [psumbera] - Return an error if the gzputs string length can't fit in an int - Add address checking in clang to -w option of configure - Don't compute check value for raw inflate if asked to validate - Handle case where inflateSync used when header never processed - Avoid the use of ptrdiff_t - Avoid an undefined behavior of memcpy() in gzappend() - Avoid undefined behaviors of memcpy() in gz*printf() - Avoid an undefined behavior of memcpy() in _tr_stored_block() - Make the names in functions declarations identical to definitions - Remove old assembler code in which bugs have manifested - Fix deflateEnd() to not report an error at start of raw deflate - Add legal disclaimer to README - Emphasize the need to continue decompressing gzip members - Correct the initialization requirements for deflateInit2() - Fix a bug that can crash deflate on some input when using Z_FIXED - Assure that the number of bits for deflatePrime() is valid - Use a structure to make globals in enough.c evident - Use a macro for the printf format of big_t in enough.c - Clean up code style in enough.c, update version - Use inline function instead of macro for index in enough.c - Clarify that prefix codes are counted in enough.c - Show all the codes for the maximum tables size in enough.c - Add gznorm.c example, which normalizes gzip files - Fix the zran.c example to work on a multiple-member gzip file - Add tables for crc32_combine(), to speed it up by a factor of 200 - Add crc32_combine_gen() and crc32_combine_op() for fast combines - Speed up software CRC-32 computation by a factor of 1.5 to 3 - Use atomic test and set, if available, for dynamic CRC tables - Don't bother computing check value after successful inflateSync() - Correct comment in crc32.c - Add use of the ARMv8 crc32 instructions when requested - Use ARM crc32 instructions if the ARM architecture has them - Explicitly note that the 32-bit check values are 32 bits - Avoid adding empty gzip member after gzflush with Z_FINISH - Fix memory leak on error in gzlog.c - Fix error in comment on the polynomial representation of a byte - Clarify gz* function interfaces, referring to parameter names - Change macro name in inflate.c to avoid collision in VxWorks - Correct typo in blast.c - Improve portability of contrib/minizip - Fix indentation in minizip's zip.c - Replace black/white with allow/block. (theresa-m) - minizip warning fix if MAXU32 already defined. (gvollant) - Fix unztell64() in minizip to work past 4GB. (Daniël Hörchner) - Clean up minizip to reduce warnings for testing - Add fallthrough comments for gcc - Eliminate use of ULL constants - Separate out address sanitizing from warnings in configure - Remove destructive aspects of make distclean - Check for cc masquerading as gcc or clang in configure - Fix crc32.c to compile local functions only if used
zlib: Fix a bug that can crash deflate on some input when using Z_FIXED. Using upstream patch. This bug was reported by Danilo Ramos of Eideticom, Inc. It has lain in wait 13 years before being found! The bug was introduced in zlib 1.2.2.2, with the addition of the Z_FIXED option. That option forces the use of fixed Huffman codes. For rare inputs with a large number of distant matches, the pending buffer into which the compressed data is written can overwrite the distance symbol table which it overlays. That results in corrupted output due to invalid distances, and can result in out-of-bound accesses, crashing the application. The fix here combines the distance buffer and literal/length buffers into a single symbol buffer. Now three bytes of pending buffer space are opened up for each literal or length/distance pair consumed, instead of the previous two bytes. This assures that the pending buffer cannot overwrite the symbol table, since the maximum fixed code compressed length/distance is 31 bits, and since there are four bytes of pending space for every three bytes of symbol space. Bump PKGREVISION. Fix some pkglint while here.
all: migrate homepages from http to https pkglint -r --network --only "migrate" As a side-effect of migrating the homepages, pkglint also fixed a few indentations in unrelated lines. These and the new homepages have been checked manually.
Changes in 1.2.11 (15 Jan 2017) - Fix deflate stored bug when pulling last block from window - Permit immediate deflateParams changes before any deflate input Changes in 1.2.10 (2 Jan 2017) - Avoid warnings on snprintf() return value - Fix bug in deflate_stored() for zero-length input - Fix bug in gzwrite.c that produced corrupt gzip files - Remove files to be installed before copying them in Makefile.in - Add warnings when compiling with assembler code Changes in 1.2.9 (31 Dec 2016) - Fix contrib/minizip to permit unzipping with desktop API [Zouzou] - Improve contrib/blast to return unused bytes - Assure that gzoffset() is correct when appending - Improve compress() and uncompress() to support large lengths - Fix bug in test/example.c where error code not saved - Remedy Coverity warning [Randers-Pehrson] - Improve speed of gzprintf() in transparent mode - Fix inflateInit2() bug when windowBits is 16 or 32 - Change DEBUG macro to ZLIB_DEBUG - Avoid uninitialized access by gzclose_w() - Allow building zlib outside of the source directory - Fix bug that accepted invalid zlib header when windowBits is zero - Fix gzseek() problem on MinGW due to buggy _lseeki64 there - Loop on write() calls in gzwrite.c in case of non-blocking I/O - Add --warn (-w) option to ./configure for more compiler warnings - Reject a window size of 256 bytes if not using the zlib wrapper - Fix bug when level 0 used with Z_HUFFMAN or Z_RLE - Add --debug (-d) option to ./configure to define ZLIB_DEBUG - Fix bugs in creating a very large gzip header - Add uncompress2() function, which returns the input size used - Assure that deflateParams() will not switch functions mid-block - Dramatically speed up deflation for level 0 (storing) - Add gzfread(), duplicating the interface of fread() - Add gzfwrite(), duplicating the interface of fwrite() - Add deflateGetDictionary() function - Use snprintf() for later versions of Microsoft C - Fix *Init macros to use z_ prefix when requested - Replace as400 with os400 for OS/400 support [Monnerat] - Add crc32_z() and adler32_z() functions with size_t lengths - Update Visual Studio project files [AraHaan]
Convert all occurrences (353 by my count) of MASTER_SITES= site1 \ site2 style continuation lines to be simple repeated MASTER_SITES+= site1 MASTER_SITES+= site2 lines. As previewed on tech-pkg. With thanks to rillig for fixing pkglint accordingly.
use NO_DIVIDE only on i386 SunOS; bump PKGREVISION
Remove pkgviews: don't set PKG_INSTALLATION_TYPES in Makefiles.
Remove unnecessary reference to __moddi3 on SunOS by defining NO_DIVIDE for adler32.c and adding LDFLAGS.SunOS+=-Wl,-zignore removing the dependency on libgcc_s.so. Bump PKGREVISION to take effect.
revert zlib
adding devel/py-hgnested
hgnested is a Mercurial extension to work with nested repositories.
It was inspired by the forest extension.
The extension allows to apply common Mercurial commands to all the nested
repositories at once like pull, push etc. It also allows to fetch a complete
tree of repositories through ssh or http.
To enable the "hgnested" extension, create an entry for it in your hgrc, like
this:
[extensions]
hgnested =
See `hg help hgnested` for the complete list of commands.
For more information please visit the following website:
http://code.google.com/p/hgnested/
provide zlib.pc for pkg-config to facilitate configure where possible
Version 1.2.8 fixes a very rare bug in decompression. All users are encouraged to upgrade immediately. Version 1.2.8 also has these improvements: * Add new inflateGetDictionary() function * Fix bug where gzopen() immediately followed by gzclose() would write an empty file instead of an empty gzip stream. * Fix bug in gzclose() when gzwrite() runs out of memory
-no-undefined LDFLAGS is required to be linked with Cygwin.
Drop superfluous PKG_DESTDIR_SUPPORT, "user-destdir" is default these days.
Changes in 1.2.7: - Replace use of memmove() with a simple copy for portability - Test for existence of strerror - Restore gzgetc_ for backward compatibility with 1.2.6 - Fix build with non-GNU make on Solaris - Require gcc 4.0 or later on Mac OS X to use the hidden attribute - Include unistd.h for Watcom C - Use __WATCOMC__ instead of __WATCOM__ - Do not use the visibility attribute if NO_VIZ defined - Improve the detection of no hidden visibility attribute - Avoid using __int64 for gcc or solo compilation - Cast to char * in gzprintf to avoid warnings - Fix make_vms.com for VAX - Don't use library or built-in byte swaps - Simplify test and use of gcc hidden attribute - Fix bug in gzclose_w() when gzwrite() fails to allocate memory - Add "x" (O_EXCL) and "e" (O_CLOEXEC) modes support to gzopen() - Fix bug in test/minigzip.c for configure --solo - Fix contrib/vstudio project link errors - Add ability to choose the builder in make_vms.com - Add DESTDIR support to mingw32 win32/Makefile.gcc - Fix comments in win32/Makefile.gcc for proper usage - Allow overriding the default install locations for cmake - Generate and install the pkg-config file with cmake - Build both a static and a shared version of zlib with cmake - Include version symbols for cmake builds - If using cmake with MSVC, add the source directory to the includes - Remove unneeded EXTRA_CFLAGS from win32/Makefile.gcc - Move obsolete emx makefile to old - Allow the use of -Wundef when compiling or using zlib - Avoid the use of the -u option with mktemp - Improve inflate() documentation on the use of Z_FINISH - Recognize clang as gcc - Add gzopen_w() in Windows for wide character path names - Rename zconf.h in CMakeLists.txt to move it out of the way - Add source directory in CMakeLists.txt for building examples - Look in build directory for zlib.pc in CMakeLists.txt - Remove gzflags from zlibvc.def in vc9 and vc10 - Fix contrib/minizip compilation in the MinGW environment - Update ./configure for Solaris, support --64 - Remove -R. from Solaris shared build (possible security issue) - Avoid race condition for parallel make (-j) running example - Fix type mismatch between get_crc_table() and crc_table - Fix parsing of version with "-" in CMakeLists.txt - Fix the path to zlib.map in CMakeLists.txt - Force the native libtool in Mac OS X to avoid GNU libtool - Add instructions to win32/Makefile.gcc for shared install
Changes 1.2.6: * gzread() can now read a file that is being written concurrently * gzgetc() is now a macro for increased speed * Added a 'T' option to gzopen() for transparent writing (no compression) * Added deflatePending() to return the amount of pending output * Allow deflateSetDictionary() and inflateSetDictionary() at any time in raw mode * deflatePrime() can now insert bits in the middle of the stream * ./configure now creates a configure.log file with all of the results * Added a ./configure --solo option to compile zlib with no dependency on any libraries * Fixed a problem with large file support macros * Fixed a bug in contrib/puff * Many portability improvements
Set LICENSE.
Remove redundant NO_CHECKSUM and EXTRACT_ONLY definitions.
Re-arrange lines to make this more likely to pass pkglint.
This package no longer needs a distinfo file.
Use in-tree versions. The replacement Makefile can be used for direct builds in bootstrap tools as well.
Remove dead MASTERS_SITES. From Zafer Aydogan.
- Added support for installation to DESTDIR. - Reenabled test targets in Makefile.in (previously broken by pkgsrc patches) and in the pkgsrc Makefile.
Update HOMEPAGE. (The previous redirects to this one.)
make sure that pkgsrc's LDFLAGS is used when linking
Point MAINTAINER to pkgsrc-users@NetBSD.org in the case where no developer is officially maintaining the package. The rationale for changing this from "tech-pkg" to "pkgsrc-users" is that it implies that any user can try to maintain the package (by submitting patches to the mailing list). Since the folks most likely to care about the package are the folks that want to use it or are already using it, this would leverage the energy of users who aren't developers.
Honor PKGMANDIR.
Pullup ticket 626 - requested by Matthias Drochner
security update for zlib
Revisions pulled up:
- pkgsrc/devel/zlib/Makefile 1.31
- pkgsrc/devel/zlib/buildlink3.mk 1.20
- pkgsrc/devel/zlib/distinfo 1.14
- pkgsrc/devel/zlib/patches/patch-ab removed
Module Name: pkgsrc
Committed By: drochner
Date: Fri Jul 22 16:04:44 UTC 2005
Modified Files:
pkgsrc/devel/zlib: Makefile buildlink3.mk distinfo
Removed Files:
pkgsrc/devel/zlib/patches: patch-ab
Log Message:
update to 1.2.3
this fixes (at least) another security problem (DoS, CAN-2005-1849)
changes:
-Eliminate a potential security vulnerability when decoding invalid
compressed data
-Eliminate a potential security vulnerability when decoding specially
crafted compressed data
-Fix a bug when decompressing dynamic blocks with no distance codes
-Fix crc check bug in gzread() after gzungetc()
-Do not return an error when using gzread() on an empty file
update to 1.2.3 this fixes (at least) another security problem (DoS, CAN-2005-1849) changes: -Eliminate a potential security vulnerability when decoding invalid compressed data -Eliminate a potential security vulnerability when decoding specially crafted compressed data -Fix a bug when decompressing dynamic blocks with no distance codes -Fix crc check bug in gzread() after gzungetc() -Do not return an error when using gzread() on an empty file
Pullup ticket 590 - requested by Matthias Drochner
security fix for zlib
Revisions pulled up:
- pkgsrc/devel/zlib/Makefile 1.30
- pkgsrc/devel/zlib/distinfo 1.13
- pkgsrc/devel/zlib/patches/patch-ab 1.5
- pkgsrc/devel/zlib/buildlink3.mk 1.19
Module Name: pkgsrc
Committed By: drochner
Date: Thu Jul 7 10:43:19 UTC 2005
Modified Files:
pkgsrc/devel/zlib: Makefile distinfo
Added Files:
pkgsrc/devel/zlib/patches: patch-ab
Log Message:
add a patch for CAN-2005-2096, from Debian
----
Module Name: pkgsrc
Committed By: tron
Date: Thu Jul 7 11:46:55 UTC 2005
Modified Files:
pkgsrc/devel/zlib: buildlink3.mk
Log Message:
Bump recommented version to 1.2.2nb1 because of CAN-2005-2096.
add a patch for CAN-2005-2096, from Debian
Remove USE_BUILDLINK3 and NO_BUILDLINK; these are no longer used.
Changes 1.2.2: * Eliminate a potential security vulnerability when decoding invalid compressed data * Fix bug when decompressing dynamic blocks with no distance codes * Do not return error when using gzread() on an empty file
Libtool fix for PR pkg/26633, and other issues. Update libtool to 1.5.10 in the process. (More information on tech-pkg.) Bump PKGREVISION and BUILDLINK_DEPENDS of all packages using libtool and installing .la files. Bump PKGREVISION (only) of all packages depending directly on the above via a buildlink3 include.
Added two patches for fixing possible security issue. The CVS security ID is CAN-2004-0797. The fix is same as used by OpenBSD, Debian and Gentoo. (Didn't see any reference to issue on zlib webpages.) The OpenBSD announcement "zlib reliabilty fix" says: "could allow an attacker to crash programs linked with it." And the Gentoo announcement says "zlib contains a bug in the handling of errors in the inflate() and inflateBack() functions. ... An attacker could exploit this vulnerability to launch a Denial of Service attack on any application using the zlib library." PKGREVISION is bumped and BUILDLINK_RECOMMENDED.zlib added to buildlink3.mk file.
nb1: install shlib as executable.
USE_BUILDLINK3 must be set to "yes" or "no", not defined/undefined.
Create the man/man3 directory, so that this can be installed properly with pkgviews. Closes PR pkg/24081 by Min Sik Kim.
Changes 1.2.1: * inflate is about 20% faster and minimizes memory allocation * crc32 is about 50% faster * new functions and functionality * more supported architectures
bl3ify
s/netbsd.org/NetBSD.org/
Pull up revisions 1.17-1.18 (requested by salo in ticket #1291): Darwin has no static libz, mark it incompatible. mark Linux zlib as incompatible to avoid using base zlib which can cause problems with pkgsrc libtool, eg. libtool: link: AGE `4' is greater than the current interface number `1' libtool: link: `1:1:4' is not valid version information libtool: install: `libz.la' is not a valid libtool archive Added fix for CAN-2003-0107 - Buffer overflow in the gzprintf function in zlib 1.1.4, when zlib is compiled without vsnprintf or when long inputs are truncated using vsnprintf, allows attackers to cause a denial of service or possibly execute arbitrary code. From OpenBSD. Restore configure target and add check for [v]snprintf. Bump PKGREVISION.
Use tech-pkg@ in favor of packages@ as MAINTAINER for orphaned packages. Should anybody feel like they could be the maintainer for any of thewe packages, please adjust.
Oops, restore NOT_FOR_PLATFORM (commented for my local testing).
Added fix for CAN-2003-0107 - Buffer overflow in the gzprintf function in zlib 1.1.4, when zlib is compiled without vsnprintf or when long inputs are truncated using vsnprintf, allows attackers to cause a denial of service or possibly execute arbitrary code. From OpenBSD. Restore configure target and add check for [v]snprintf. Bump PKGREVISION.
s/LIBTOOL_VERSION/LIBTOOL_REQD/ to register correct dependency.
Mirror the libtool setup in bsd.pkg.mk since we can't use USE_LIBTOOL.
Merge changes in packages from the buildlink2 branch that have buildlink2.mk files back into the main trunk. This provides sufficient buildlink2 infrastructure to start merging other packages from the buildlink2 branch that have already been converted to use the buildlink2 framework.
Merge changes from pkgsrc-current into the buildlink2 branch for the packages that have buildlink2.mk files.
Enable building this package on <1.4, and add INCOMPAT_ZLIB settings for NetBSD releases that need it. Closes pkg/14782.
Rename USE_BUILDLINK2_ONLY to USE_BUILDLINK2 for less verbosity. Also convert a few more packages to use the buildlink2 framework.
* Convert some more packages to use the buildlink2 framework. * Re-add EVAL_PREFIX lines that I shouldn't have removed from the buildlink2.mk files. * Add several more new buildlink2.mk files to facilitate converting more packages.
First pass at conversion of various packages to use the buildlink2 framework. Add many buildlink2.mk files to add to the framework. Please see buildlink2.txt for more details.
Update to 1.1.4, and update MASTER_SITES. Changes since 1.1.3: - ZFREE was repeated on same allocation on some error conditions. This creates a security problem described in http://www.zlib.org/advisory-2002-03-11.txt - Returned incorrect error (Z_MEM_ERROR) on some invalid data - Avoid accesses before window for invalid distances with inflate window less than 32K. - force windowBits > 8 to avoid a bug in the encoder for a window size of 256 bytes. (A complete fix will be available in 1.1.5).
Change ONLY_FOR_PLATFORM...SunOS to NOT_FOR_PLATFORM...NetBSD This package works fine under RedHat 5.0 (I'm still trying to work out what karma I broke in order to be in a position to know this...)
Homepage changed
Add a comment why "USE_LIBTOOL" must not be used in this package.
Use direct dependence on "libtool-base" package instead of "USE_LIBTOOL" under Solaris to avoid circular dependence.
Update to new COMMENT style: COMMENT var in Makefile instead of pkg/COMMENT.
``Why drink and drive when you can smoke and fly'' (Use libtool to build this if it's installed; does not require port of NetBSD's share/mk for bootstrapping; old BSD-mk based build is still available as fallback if no libtool is found)
Don't try to "lint" the library.
MASTER_SITE and HOMEPAGE moved to ftp.freesoftware.com. Addresses pkg/10795.
Simplify this package, and build and install shared libs, by using a version of the libz Makefile from basesrc to build this package. Mark this package as only for Solaris platforms.
Well, today this procedure works better...
A general purpose data compression library (for Solaris use).
Initial revision