- Replace use of memmove() with a simple copy for portability
- Test for existence of strerror
- Restore gzgetc_ for backward compatibility with 1.2.6
- Fix build with non-GNU make on Solaris
- Require gcc 4.0 or later on Mac OS X to use the hidden attribute
- Include unistd.h for Watcom C
- Use __WATCOMC__ instead of __WATCOM__
- Do not use the visibility attribute if NO_VIZ defined
- Improve the detection of no hidden visibility attribute
- Avoid using __int64 for gcc or solo compilation
- Cast to char * in gzprintf to avoid warnings
- Fix make_vms.com for VAX
- Don't use library or built-in byte swaps
- Simplify test and use of gcc hidden attribute
- Fix bug in gzclose_w() when gzwrite() fails to allocate memory
- Add "x" (O_EXCL) and "e" (O_CLOEXEC) modes support to gzopen()
- Fix bug in test/minigzip.c for configure --solo
- Fix contrib/vstudio project link errors
- Add ability to choose the builder in make_vms.com
- Add DESTDIR support to mingw32 win32/Makefile.gcc
- Fix comments in win32/Makefile.gcc for proper usage
- Allow overriding the default install locations for cmake
- Generate and install the pkg-config file with cmake
- Build both a static and a shared version of zlib with cmake
- Include version symbols for cmake builds
- If using cmake with MSVC, add the source directory to the includes
- Remove unneeded EXTRA_CFLAGS from win32/Makefile.gcc
- Move obsolete emx makefile to old
- Allow the use of -Wundef when compiling or using zlib
- Avoid the use of the -u option with mktemp
- Improve inflate() documentation on the use of Z_FINISH
- Recognize clang as gcc
- Add gzopen_w() in Windows for wide character path names
- Rename zconf.h in CMakeLists.txt to move it out of the way
- Add source directory in CMakeLists.txt for building examples
- Look in build directory for zlib.pc in CMakeLists.txt
- Remove gzflags from zlibvc.def in vc9 and vc10
- Fix contrib/minizip compilation in the MinGW environment
- Update ./configure for Solaris, support --64
- Remove -R. from Solaris shared build (possible security issue)
- Avoid race condition for parallel make (-j) running example
- Fix type mismatch between get_crc_table() and crc_table
- Fix parsing of version with "-" in CMakeLists.txt
- Fix the path to zlib.map in CMakeLists.txt
- Force the native libtool in Mac OS X to avoid GNU libtool
- Add instructions to win32/Makefile.gcc for shared install
* gzread() can now read a file that is being written concurrently
* gzgetc() is now a macro for increased speed
* Added a 'T' option to gzopen() for transparent writing (no compression)
* Added deflatePending() to return the amount of pending output
* Allow deflateSetDictionary() and inflateSetDictionary() at any time in raw
mode
* deflatePrime() can now insert bits in the middle of the stream
* ./configure now creates a configure.log file with all of the results
* Added a ./configure --solo option to compile zlib with no dependency on any
libraries
* Fixed a problem with large file support macros
* Fixed a bug in contrib/puff
* Many portability improvements
developer is officially maintaining the package.
The rationale for changing this from "tech-pkg" to "pkgsrc-users" is
that it implies that any user can try to maintain the package (by
submitting patches to the mailing list). Since the folks most likely
to care about the package are the folks that want to use it or are
already using it, this would leverage the energy of users who aren't
developers.
this fixes (at least) another security problem (DoS, CAN-2005-1849)
changes:
-Eliminate a potential security vulnerability when decoding invalid
compressed data
-Eliminate a potential security vulnerability when decoding specially
crafted compressed data
-Fix a bug when decompressing dynamic blocks with no distance codes
-Fix crc check bug in gzread() after gzungetc()
-Do not return an error when using gzread() on an empty file
* Eliminate a potential security vulnerability when decoding invalid compressed data
* Fix bug when decompressing dynamic blocks with no distance codes
* Do not return error when using gzread() on an empty file
in the process. (More information on tech-pkg.)
Bump PKGREVISION and BUILDLINK_DEPENDS of all packages using libtool and
installing .la files.
Bump PKGREVISION (only) of all packages depending directly on the above
via a buildlink3 include.
The CVS security ID is CAN-2004-0797.
The fix is same as used by OpenBSD, Debian and Gentoo.
(Didn't see any reference to issue on zlib webpages.)
The OpenBSD announcement "zlib reliabilty fix" says:
"could allow an attacker to crash programs linked
with it."
And the Gentoo announcement says "zlib contains a bug in the handling
of errors in the inflate() and inflateBack() functions. ... An
attacker could exploit this vulnerability to launch a Denial of
Service attack on any application using the zlib library."
PKGREVISION is bumped and BUILDLINK_RECOMMENDED.zlib added to
buildlink3.mk file.
* inflate is about 20% faster and minimizes memory allocation
* crc32 is about 50% faster
* new functions and functionality
* more supported architectures
Buffer overflow in the gzprintf function in zlib 1.1.4, when zlib is compiled
without vsnprintf or when long inputs are truncated using vsnprintf, allows
attackers to cause a denial of service or possibly execute arbitrary code.
From OpenBSD.
Restore configure target and add check for [v]snprintf.
Bump PKGREVISION.
buildlink2.mk files back into the main trunk. This provides sufficient
buildlink2 infrastructure to start merging other packages from the
buildlink2 branch that have already been converted to use the buildlink2
framework.
Changes since 1.1.3:
- ZFREE was repeated on same allocation on some error conditions.
This creates a security problem described in
http://www.zlib.org/advisory-2002-03-11.txt
- Returned incorrect error (Z_MEM_ERROR) on some invalid data
- Avoid accesses before window for invalid distances with inflate window
less than 32K.
- force windowBits > 8 to avoid a bug in the encoder for a window size
of 256 bytes. (A complete fix will be available in 1.1.5).
(Use libtool to build this if it's installed; does not require port of
NetBSD's share/mk for bootstrapping; old BSD-mk based build is still
available as fallback if no libtool is found)
