[CVS] OpenPKG: OPENPKG_2_3_SOLID: openpkg-src/ghostscript/ ghostscript...
OpenPKG CVS Repository http://cvs.openpkg.org/ Server: cvs.openpkg.org Name: Ralf S. Engelschall Root: /v/openpkg/cvs Email: [EMAIL PROTECTED] Module: openpkg-src Date: 28-Jul-2005 08:35:13 Branch: OPENPKG_2_3_SOLIDHandle: 2005072807351300 Modified files: (Branch: OPENPKG_2_3_SOLID) openpkg-src/ghostscript ghostscript.patch ghostscript.spec Log: Security Bugfix (OpenPKG-SA-2005.014-zlib; CAN-2005-1849) Summary: RevisionChanges Path 1.10.4.2+25 -1 openpkg-src/ghostscript/ghostscript.patch 1.66.2.4+1 -1 openpkg-src/ghostscript/ghostscript.spec patch -p0 '@@ .' Index: openpkg-src/ghostscript/ghostscript.patch $ cvs diff -u -r1.10.4.1 -r1.10.4.2 ghostscript.patch --- openpkg-src/ghostscript/ghostscript.patch 6 Jul 2005 18:04:00 - 1.10.4.1 +++ openpkg-src/ghostscript/ghostscript.patch 28 Jul 2005 06:35:13 - 1.10.4.2 @@ -87,7 +87,7 @@ - -Security Bugfixes (CAN-2005-2096, OpenPKG-SA-2005.013) +Security Bugfix (OpenPKG-SA-2005.013-zlib; CAN-2005-2096) Index: zlib/inftrees.c --- zlib/inftrees.c.orig 2004-09-15 16:30:06 +0200 @@ -102,3 +102,27 @@ /* generate offsets into symbol table for each length for sorting */ +- + +Security Bugfix (OpenPKG-SA-2005.014-zlib; CAN-2005-1849) + +Index: zlib/inftrees.h +--- zlib/inftrees.h.orig 2003-08-11 00:15:50 +0200 zlib/inftrees.h 2005-07-11 08:50:37 +0200 +@@ -36,12 +36,12 @@ + */ + + /* Maximum size of dynamic tree. The maximum found in a long but non- +- exhaustive search was 1004 code structures (850 for length/literals +- and 154 for distances, the latter actually the result of an ++ exhaustive search was 1444 code structures (852 for length/literals ++ and 592 for distances, the latter actually the result of an +exhaustive search). The true maximum is not known, but the value +below is more than safe. */ +-#define ENOUGH 1440 +-#define MAXD 154 ++#define ENOUGH 2048 ++#define MAXD 592 + + /* Type of code to build for inftable() */ + typedef enum { @@ . patch -p0 '@@ .' Index: openpkg-src/ghostscript/ghostscript.spec $ cvs diff -u -r1.66.2.3 -r1.66.2.4 ghostscript.spec --- openpkg-src/ghostscript/ghostscript.spec 6 Jul 2005 18:04:03 - 1.66.2.3 +++ openpkg-src/ghostscript/ghostscript.spec 28 Jul 2005 06:35:13 - 1.66.2.4 @@ -43,7 +43,7 @@ Group:Graphics License: Aladdin Version: %{V_real} -Release: 2.3.1 +Release: 2.3.2 # package options %option with_x11 yes @@ . __ The OpenPKG Projectwww.openpkg.org CVS Repository Commit List openpkg-cvs@openpkg.org
[CVS] OpenPKG: OPENPKG_2_3_SOLID: openpkg-src/ghostscript/ ghostscript...
OpenPKG CVS Repository http://cvs.openpkg.org/ Server: cvs.openpkg.org Name: Ralf S. Engelschall Root: /v/openpkg/cvs Email: [EMAIL PROTECTED] Module: openpkg-src Date: 06-Jul-2005 20:04:03 Branch: OPENPKG_2_3_SOLIDHandle: 2005070619040003 Modified files: (Branch: OPENPKG_2_3_SOLID) openpkg-src/ghostscript ghostscript.patch ghostscript.spec Log: Fix zlib security issue (OpenPKG-SA-2005.013, CAN-2005-2096) Summary: RevisionChanges Path 1.10.4.1+17 -0 openpkg-src/ghostscript/ghostscript.patch 1.66.2.3+1 -1 openpkg-src/ghostscript/ghostscript.spec patch -p0 '@@ .' Index: openpkg-src/ghostscript/ghostscript.patch $ cvs diff -u -r1.10 -r1.10.4.1 ghostscript.patch --- openpkg-src/ghostscript/ghostscript.patch 25 Aug 2004 11:20:26 - 1.10 +++ openpkg-src/ghostscript/ghostscript.patch 6 Jul 2005 18:04:00 - 1.10.4.1 @@ -85,3 +85,20 @@ state-next = state-codes; state-lencode = (code const FAR *)(state-next); +- + +Security Bugfixes (CAN-2005-2096, OpenPKG-SA-2005.013) + +Index: zlib/inftrees.c +--- zlib/inftrees.c.orig 2004-09-15 16:30:06 +0200 zlib/inftrees.c 2005-07-06 18:31:14 +0200 +@@ -134,7 +134,7 @@ + left -= count[len]; + if (left 0) return -1;/* over-subscribed */ + } +-if (left 0 (type == CODES || (codes - count[0] != 1))) ++if (left 0 (type == CODES || max != 1)) + return -1; /* incomplete set */ + + /* generate offsets into symbol table for each length for sorting */ + @@ . patch -p0 '@@ .' Index: openpkg-src/ghostscript/ghostscript.spec $ cvs diff -u -r1.66.2.2 -r1.66.2.3 ghostscript.spec --- openpkg-src/ghostscript/ghostscript.spec 21 Feb 2005 18:57:56 - 1.66.2.2 +++ openpkg-src/ghostscript/ghostscript.spec 6 Jul 2005 18:04:03 - 1.66.2.3 @@ -43,7 +43,7 @@ Group:Graphics License: Aladdin Version: %{V_real} -Release: 2.3.0 +Release: 2.3.1 # package options %option with_x11 yes @@ . __ The OpenPKG Projectwww.openpkg.org CVS Repository Commit List openpkg-cvs@openpkg.org
[CVS] OpenPKG: OPENPKG_2_3_SOLID: openpkg-src/ghostscript/ ghostscript...
OpenPKG CVS Repository http://cvs.openpkg.org/ Server: cvs.openpkg.org Name: Ralf S. Engelschall Root: /v/openpkg/cvs Email: [EMAIL PROTECTED] Module: openpkg-src Date: 21-Feb-2005 19:57:56 Branch: OPENPKG_2_3_SOLIDHandle: 2005022118575600 Modified files: (Branch: OPENPKG_2_3_SOLID) openpkg-src/ghostscript ghostscript.spec Log: MFC: switch to URLs of zlib package Summary: RevisionChanges Path 1.66.2.2+2 -2 openpkg-src/ghostscript/ghostscript.spec patch -p0 '@@ .' Index: openpkg-src/ghostscript/ghostscript.spec $ cvs diff -u -r1.66.2.1 -r1.66.2.2 ghostscript.spec --- openpkg-src/ghostscript/ghostscript.spec 21 Feb 2005 17:06:49 - 1.66.2.1 +++ openpkg-src/ghostscript/ghostscript.spec 21 Feb 2005 18:57:56 - 1.66.2.2 @@ -53,7 +53,7 @@ Source0: ftp://mirror.cs.wisc.edu/pub/mirrors/ghost/AFPL/gs%{V_comp}/ghostscript-%{V_real}.tar.bz2 Source1: ftp://ftp.uu.net/graphics/jpeg/jpegsrc.v%{V_jpeg}.tar.gz Source2: http://osdn.dl.sourceforge.net/sourceforge/libpng/libpng-%{V_png}.tar.gz -Source3: http://www.gzip.org/zlib/zlib-%{V_zlib}.tar.gz +Source3: http://www.zlib.net/zlib-%{V_zlib}.tar.gz Source4: ftp://mirror.cs.wisc.edu/pub/mirrors/ghost/AFPL/fonts/ghostscript-fonts-std-%{V_font_std}.tar.gz Source5: ftp://mirror.cs.wisc.edu/pub/mirrors/ghost/AFPL/fonts/ghostscript-fonts-other-%{V_font_other}.tar.gz Patch0: ghostscript.patch @@ -98,7 +98,7 @@ } prog ghostscript:zlib = { version = %{V_zlib} -url = http://www.gzip.org/zlib/ +url = http://www.zlib.net/ regex = zlib-(__VER__)\.tar\.gz } @@ . __ The OpenPKG Projectwww.openpkg.org CVS Repository Commit List openpkg-cvs@openpkg.org