Accepting request 48876 from Archiving
checked in (request 48876) OBS-URL: https://build.opensuse.org/request/show/48876 OBS-URL: https://build.opensuse.org/package/show/Archiving/bzip2?expand=0&rev=14
This commit is contained in:
OBS User autobuild
Git OBS Bridge
parent
a142cc5e93
commit
2700231258
3
bzip2-1.0.5.tar.gz
Normal file
3
bzip2-1.0.5.tar.gz
Normal file
@ -0,0 +1,3 @@
|
|||||||
|
version https://git-lfs.github.com/spec/v1
|
||||||
|
oid sha256:f7bf5368309d76e5daf3a89d4d1bea688dac7780742e7a0ae1af19be9316fe22
|
||||||
|
size 841402
|
||||||
@ -1,3 +0,0 @@
|
|||||||
version https://git-lfs.github.com/spec/v1
|
|
||||||
oid sha256:a2848f34fcd5d6cf47def00461fcb528a0484d8edef8208d6d2e2909dc61d9cd
|
|
||||||
size 782025
|
|
||||||
18
bzip2-CVE-2010-0405.patch
Normal file
18
bzip2-CVE-2010-0405.patch
Normal file
@ -0,0 +1,18 @@
|
|||||||
|
Index: bzip2-1.0.5/decompress.c
|
||||||
|
===================================================================
|
||||||
|
--- bzip2-1.0.5.orig/decompress.c
|
||||||
|
+++ bzip2-1.0.5/decompress.c
|
||||||
|
@@ -394,6 +394,13 @@ Int32 BZ2_decompress ( DState* s )
|
||||||
|
es = -1;
|
||||||
|
N = 1;
|
||||||
|
do {
|
||||||
|
+ /* Check that N doesn't get too big, so that es doesn't
|
||||||
|
+ go negative. The maximum value that can be
|
||||||
|
+ RUNA/RUNB encoded is equal to the block size (post
|
||||||
|
+ the initial RLE), viz, 900k, so bounding N at 2
|
||||||
|
+ million should guard against overflow without
|
||||||
|
+ rejecting any legitimate inputs. */
|
||||||
|
+ if (N >= 2*1024*1024) RETURN(BZ_DATA_ERROR);
|
||||||
|
if (nextSym == BZ_RUNA) es = es + (0+1) * N; else
|
||||||
|
if (nextSym == BZ_RUNB) es = es + (1+1) * N;
|
||||||
|
N = N * 2;
|
||||||
@ -1,10 +1,3 @@
|
|||||||
-------------------------------------------------------------------
|
|
||||||
Thu Sep 23 09:27:21 UTC 2010 - puzel@novell.com
|
|
||||||
|
|
||||||
- update to bzip2-1.0.6
|
|
||||||
- fixes CVE-2010-0405
|
|
||||||
- drop bzip2-CVE-2010-0405 (upstream)
|
|
||||||
|
|
||||||
-------------------------------------------------------------------
|
-------------------------------------------------------------------
|
||||||
Tue Sep 21 13:54:31 UTC 2010 - puzel@novell.com
|
Tue Sep 21 13:54:31 UTC 2010 - puzel@novell.com
|
||||||
|
|
||||||
|
|||||||
@ -1,5 +1,5 @@
|
|||||||
#
|
#
|
||||||
# spec file for package bzip2 (Version 1.0.6)
|
# spec file for package bzip2 (Version 1.0.5)
|
||||||
#
|
#
|
||||||
# Copyright (c) 2010 SUSE LINUX Products GmbH, Nuernberg, Germany.
|
# Copyright (c) 2010 SUSE LINUX Products GmbH, Nuernberg, Germany.
|
||||||
#
|
#
|
||||||
@ -19,7 +19,7 @@
|
|||||||
|
|
||||||
|
|
||||||
Name: bzip2
|
Name: bzip2
|
||||||
Version: 1.0.6
|
Version: 1.0.5
|
||||||
Release: 46
|
Release: 46
|
||||||
Provides: bzip
|
Provides: bzip
|
||||||
Obsoletes: bzip
|
Obsoletes: bzip
|
||||||
@ -45,6 +45,7 @@ Patch: http://pack.suse.cz/sbrabec/bzip2/for_downstream/bzip2-1.0.5-aut
|
|||||||
Patch2: bzip2-maxlen20.patch
|
Patch2: bzip2-maxlen20.patch
|
||||||
Patch3: bzip2-faster.patch
|
Patch3: bzip2-faster.patch
|
||||||
Patch5: bzip2-unsafe_strcpy.patch
|
Patch5: bzip2-unsafe_strcpy.patch
|
||||||
|
Patch6: bzip2-CVE-2010-0405.patch
|
||||||
BuildRoot: %{_tmppath}/%{name}-%{version}-build
|
BuildRoot: %{_tmppath}/%{name}-%{version}-build
|
||||||
|
|
||||||
%description
|
%description
|
||||||
@ -108,6 +109,7 @@ Authors:
|
|||||||
%patch2
|
%patch2
|
||||||
%patch3
|
%patch3
|
||||||
%patch5
|
%patch5
|
||||||
|
%patch6 -p1
|
||||||
|
|
||||||
%build
|
%build
|
||||||
profile_bzip2()
|
profile_bzip2()
|
||||||
|
|||||||
Loading…
x
Reference in New Issue
Block a user