Security Bugfixes (CAN-2004-0797, OpenPKG-SA-2004.038-zlib)

openpkg/openpkg.spec

@@ -39,7 +39,7 @@
 #   o any cc(1)
 
 #   the package version/release
-%define       V_openpkg  20040811
+%define       V_openpkg  20040825
 
 #   the used software versions
 %define       V_rpm      4.2.1
@@ -131,6 +131,7 @@ Source59:     tar.patch
 Source60:     uuid.8
 Source61:     uuid.pod
 Source62:     uuid.sh
+Source63:     zlib.patch
 
 #   build information
 Prefix:       %{l_prefix}
@@ -502,6 +503,9 @@ Provides:     OpenPKG
     set +x; VERBOSE "PREPARATION: Apply OpenPKG Patches to Distributions"; set -x
 
     #   apply OpenPKG patches to distribution trees
+    ( cd zlib-%{V_zlib}
+      ${l_patch} -p0 <`SOURCE zlib.patch`
+    ) || exit $?
     ( cd rpm-%{V_rpm}
       sed -e "s;@l_prefix@;%{l_prefix};g" <`SOURCE rpm.patch.bugfix`  | ${l_patch} -p0
       sed -e "s;@l_prefix@;%{l_prefix};g" <`SOURCE rpm.patch.feature` | ${l_patch} -p0

openpkg/zlib.patch

@@ -0,0 +1,28 @@
+Security Bugfixes (CAN-2004-0797, OpenPKG-SA-2004.038-zlib):
+
+Index: infback.c
+--- infback.c.orig	2003-08-12 01:48:06 +0200
++++ infback.c	2004-08-25 12:37:07 +0200
+@@ -434,6 +434,9 @@
+                 }
+             }
+ 
++            if (state->mode == BAD)
++                break;
++
+             /* build code tables */
+             state->next = state->codes;
+             state->lencode = (code const FAR *)(state->next);
+Index: inflate.c
+--- inflate.c.orig	2003-10-26 07:15:36 +0100
++++ inflate.c	2004-08-25 12:37:07 +0200
+@@ -861,6 +861,9 @@
+                 }
+             }
+ 
++            if (state->mode == BAD)
++                break;
++
+             /* build code tables */
+             state->next = state->codes;
+             state->lencode = (code const FAR *)(state->next);