openwrt

Author SHA1 Message Date

Author	SHA1	Message	Date
Petr Štetiar	f65edc9b99	zlib: backport security fix for a reproducible crash in compressor Tavis has just reported, that he was recently trying to track down a reproducible crash in a compressor. Believe it or not, it really was a bug in zlib-1.2.11 when compressing (not decompressing!) certain inputs. Tavis has reported it upstream, but it turns out the issue has been public since 2018, but the patch never made it into a release. As far as he knows, nobody ever assigned it a CVE. Suggested-by: Tavis Ormandy <taviso@gmail.com> References: https://www.openwall.com/lists/oss-security/2022/03/24/1 Signed-off-by: Petr Štetiar <ynezz@true.cz> (cherry picked from commit `b3aa2909a7`) (cherry picked from commit `3965dda0fa`)	2022-03-24 09:40:12 +01:00
Jo-Philipp Wich	4da832e201	tools: zlib: do not hardcode the install prefix in zlib.pc Our pkg-config wrapper relies on the ability to redefine the $prefix and $exec_prefix variables in order to construct proper search paths relative to the build environment. Patch the .pc file template to construct libdir, sharedlibdir and includedir relative to the ${prefix} variable so that it can be overridden as needed. This also fixes the libxml2/host build issue raised at https://github.com/openwrt/packages/issues/6073 - it was caused by libxml2's configure picking up a wrong host search path through zlib.pc, letting it include the wrong endian.h, causing spurious member redeclaration errors in system headers. Signed-off-by: Jo-Philipp Wich <jo@mein.io>	2018-05-24 17:07:10 +02:00

Petr Štetiar

f65edc9b99

zlib: backport security fix for a reproducible crash in compressor

Tavis has just reported, that he was recently trying to track down a
reproducible crash in a compressor. Believe it or not, it really was a
bug in zlib-1.2.11 when compressing (not decompressing!) certain inputs.

Tavis has reported it upstream, but it turns out the issue has been
public since 2018, but the patch never made it into a release. As far as
he knows, nobody ever assigned it a CVE.

Suggested-by: Tavis Ormandy <taviso@gmail.com>
References: https://www.openwall.com/lists/oss-security/2022/03/24/1
Signed-off-by: Petr Štetiar <ynezz@true.cz>
(cherry picked from commit b3aa2909a7)
(cherry picked from commit 3965dda0fa)

2022-03-24 09:40:12 +01:00

Jo-Philipp Wich

4da832e201

tools: zlib: do not hardcode the install prefix in zlib.pc

Our pkg-config wrapper relies on the ability to redefine the $prefix and
$exec_prefix variables in order to construct proper search paths relative
to the build environment.

Patch the .pc file template to construct libdir, sharedlibdir and includedir
relative to the ${prefix} variable so that it can be overridden as needed.

This also fixes the libxml2/host build issue raised at
https://github.com/openwrt/packages/issues/6073 - it was caused by libxml2's
configure picking up a wrong host search path through zlib.pc, letting it
include the wrong endian.h, causing spurious member redeclaration errors in
system headers.

Signed-off-by: Jo-Philipp Wich <jo@mein.io>

2018-05-24 17:07:10 +02:00

2 Commits