- Update bug reference

- Fix downloaded patches
  * Make sure nSelectors is not out of range (CVE-2019-12900
    bsc#1139083)

OBS-URL: https://build.opensuse.org/package/show/Archiving/bzip2?expand=0&rev=77
This commit is contained in:
Martin Pluskal 2019-06-28 07:51:07 +00:00 committed by Git OBS Bridge
parent c074e654c4
commit 280db28620
3 changed files with 29 additions and 31 deletions

View File

@ -1,7 +1,5 @@
Index: bzip2-1.0.7/autogen.sh --- /dev/null
=================================================================== +++ autogen.sh
--- /dev/null 1970-01-01 00:00:00.000000000 +0000
+++ bzip2-1.0.7/autogen.sh 2019-06-27 23:12:37.015916631 +0200
@@ -0,0 +1,8 @@ @@ -0,0 +1,8 @@
+mv LICENSE COPYING +mv LICENSE COPYING
+mv CHANGES NEWS +mv CHANGES NEWS
@ -11,10 +9,8 @@ Index: bzip2-1.0.7/autogen.sh
+aclocal +aclocal
+automake --add-missing --gnu +automake --add-missing --gnu
+autoconf +autoconf
Index: bzip2-1.0.7/README.autotools --- /dev/null
=================================================================== +++ README.autotools
--- /dev/null 1970-01-01 00:00:00.000000000 +0000
+++ bzip2-1.0.7/README.autotools 2019-06-27 23:12:37.015916631 +0200
@@ -0,0 +1,41 @@ @@ -0,0 +1,41 @@
+bzip2 autoconfiscated +bzip2 autoconfiscated
+===================== +=====================
@ -57,10 +53,8 @@ Index: bzip2-1.0.7/README.autotools
+ +
+To be super-safe, I incremented minor number of the library file, so +To be super-safe, I incremented minor number of the library file, so
+both instances of the shared library can live together. +both instances of the shared library can live together.
Index: bzip2-1.0.7/configure.ac --- /dev/null
=================================================================== +++ configure.ac
--- /dev/null 1970-01-01 00:00:00.000000000 +0000
+++ bzip2-1.0.7/configure.ac 2019-06-27 23:12:37.015916631 +0200
@@ -0,0 +1,62 @@ @@ -0,0 +1,62 @@
+# -*- Autoconf -*- +# -*- Autoconf -*-
+# Process this file with autoconf to produce a configure script. +# Process this file with autoconf to produce a configure script.
@ -124,10 +118,8 @@ Index: bzip2-1.0.7/configure.ac
+AC_SUBST([BZIP2_LT_AGE]) +AC_SUBST([BZIP2_LT_AGE])
+AC_CONFIG_FILES([Makefile bzip2.pc]) +AC_CONFIG_FILES([Makefile bzip2.pc])
+AC_OUTPUT +AC_OUTPUT
Index: bzip2-1.0.7/Makefile.am --- /dev/null
=================================================================== +++ Makefile.am
--- /dev/null 1970-01-01 00:00:00.000000000 +0000
+++ bzip2-1.0.7/Makefile.am 2019-06-27 23:12:37.015916631 +0200
@@ -0,0 +1,137 @@ @@ -0,0 +1,137 @@
+ACLOCAL_AMFLAGS = -I m4 +ACLOCAL_AMFLAGS = -I m4
+lib_LTLIBRARIES = libbz2.la +lib_LTLIBRARIES = libbz2.la
@ -266,10 +258,8 @@ Index: bzip2-1.0.7/Makefile.am
+ words2 \ + words2 \
+ words3 \ + words3 \
+ xmlproc.sh + xmlproc.sh
Index: bzip2-1.0.7/bzip2.pc.in --- /dev/null
=================================================================== +++ bzip2.pc.in
--- /dev/null 1970-01-01 00:00:00.000000000 +0000
+++ bzip2-1.0.7/bzip2.pc.in 2019-06-27 23:12:37.015916631 +0200
@@ -0,0 +1,11 @@ @@ -0,0 +1,11 @@
+prefix=@prefix@ +prefix=@prefix@
+exec_prefix=@exec_prefix@ +exec_prefix=@exec_prefix@
@ -282,10 +272,8 @@ Index: bzip2-1.0.7/bzip2.pc.in
+Version: @VERSION@ +Version: @VERSION@
+Libs: -L${libdir} -lbz2 +Libs: -L${libdir} -lbz2
+Cflags: -I${includedir} +Cflags: -I${includedir}
Index: bzip2-1.0.7/m4/visibility.m4 --- /dev/null
=================================================================== +++ m4/visibility.m4
--- /dev/null 1970-01-01 00:00:00.000000000 +0000
+++ bzip2-1.0.7/m4/visibility.m4 2019-06-27 23:12:37.015916631 +0200
@@ -0,0 +1,78 @@ @@ -0,0 +1,78 @@
+# visibility.m4 serial 4 (gettext-0.18.2) +# visibility.m4 serial 4 (gettext-0.18.2)
+dnl Copyright (C) 2005, 2008, 2010-2011 Free Software Foundation, Inc. +dnl Copyright (C) 2005, 2008, 2010-2011 Free Software Foundation, Inc.
@ -365,10 +353,8 @@ Index: bzip2-1.0.7/m4/visibility.m4
+ AC_DEFINE_UNQUOTED([HAVE_VISIBILITY], [$HAVE_VISIBILITY], + AC_DEFINE_UNQUOTED([HAVE_VISIBILITY], [$HAVE_VISIBILITY],
+ [Define to 1 or 0, depending whether the compiler supports simple visibility declarations.]) + [Define to 1 or 0, depending whether the compiler supports simple visibility declarations.])
+]) +])
Index: bzip2-1.0.7/bzlib.h --- bzlib.h.orig
=================================================================== +++ bzlib.h
--- bzip2-1.0.7.orig/bzlib.h 2019-06-27 20:15:39.000000000 +0200
+++ bzip2-1.0.7/bzlib.h 2019-06-27 23:12:37.015916631 +0200
@@ -91,9 +91,11 @@ typedef @@ -91,9 +91,11 @@ typedef
# endif # endif
#else #else

View File

@ -1,3 +1,9 @@
-------------------------------------------------------------------
Fri Jun 28 07:42:24 UTC 2019 - Martin Pluskal <mpluskal@suse.com>
- Update bug reference
- Fix downloaded patches
------------------------------------------------------------------- -------------------------------------------------------------------
Thu Jun 27 21:01:36 UTC 2019 - Bjørn Lie <bjorn.lie@gmail.com> Thu Jun 27 21:01:36 UTC 2019 - Bjørn Lie <bjorn.lie@gmail.com>
@ -8,7 +14,8 @@ Thu Jun 27 21:01:36 UTC 2019 - Bjørn Lie <bjorn.lie@gmail.com>
* bzip2recover: Fix buffer overflow for large argv[0]. * bzip2recover: Fix buffer overflow for large argv[0].
* bzip2recover: Fix use after free issue with outFile * bzip2recover: Fix use after free issue with outFile
(CVE-2016-3189). (CVE-2016-3189).
* Make sure nSelectors is not out of range (CVE-2019-12900). * Make sure nSelectors is not out of range (CVE-2019-12900
bsc#1139083)
- Drop patches fixed upstream: - Drop patches fixed upstream:
* bzip2-unsafe_strcpy.patch. * bzip2-unsafe_strcpy.patch.
* bzip2-1.0.6-CVE-2016-3189.patch. * bzip2-1.0.6-CVE-2016-3189.patch.

View File

@ -72,7 +72,12 @@ Requires: glibc-devel
The bzip2 runtime library development files. The bzip2 runtime library development files.
%prep %prep
%autosetup -p1 %setup -q
%patch0
%patch1 -p1
%patch3 -p1
%patch4 -p1
%patch5 -p1
%build %build
autoreconf -fiv autoreconf -fiv
@ -82,7 +87,7 @@ autoreconf -fiv
%if 0%{?do_profiling} %if 0%{?do_profiling}
make %{?_smp_mflags} CFLAGS="%{optflags} %{cflags_profile_generate}" make %{?_smp_mflags} CFLAGS="%{optflags} %{cflags_profile_generate}"
make %{?_smp_mflags} CFLAGS="%{optflags} %{cflags_profile_generate}" test make %{?_smp_mflags} CFLAGS="%{optflags} %{cflags_profile_generate}" test
make clean make %{?_smp_mflags} clean
make %{?_smp_mflags} CFLAGS="%{optflags} %{cflags_profile_feedback}" make %{?_smp_mflags} CFLAGS="%{optflags} %{cflags_profile_feedback}"
%else %else
make %{?_smp_mflags} CFLAGS="%{optflags}" make %{?_smp_mflags} CFLAGS="%{optflags}"