- Update bug reference

- Fix downloaded patches * Make sure nSelectors is not out of range (CVE-2019-12900 bsc#1139083) OBS-URL: https://build.opensuse.org/package/show/Archiving/bzip2?expand=0&rev=77
2019-06-28 07:51:07 +00:00 · 2019-06-28 07:51:07 +00:00 · 280db28620
commit 280db28620
parent c074e654c4
3 changed files with 29 additions and 31 deletions
--- a/bzip2-1.0.6.2-autoconfiscated.patch
+++ b/bzip2-1.0.6.2-autoconfiscated.patch
@ -1,7 +1,5 @@
-Index: bzip2-1.0.7/autogen.sh
-===================================================================
--- /dev/null	1970-01-01 00:00:00.000000000 +0000
-+++ bzip2-1.0.7/autogen.sh	2019-06-27 23:12:37.015916631 +0200
+--- /dev/null
+++ autogen.sh
@@ -0,0 +1,8 @@
 +mv LICENSE COPYING
 +mv CHANGES NEWS
@ -11,10 +9,8 @@ Index: bzip2-1.0.7/autogen.sh
 +aclocal
 +automake --add-missing --gnu
 +autoconf
-Index: bzip2-1.0.7/README.autotools
-===================================================================
--- /dev/null	1970-01-01 00:00:00.000000000 +0000
-+++ bzip2-1.0.7/README.autotools	2019-06-27 23:12:37.015916631 +0200
+--- /dev/null
+++ README.autotools
@@ -0,0 +1,41 @@
 +bzip2 autoconfiscated
 +=====================
@ -57,10 +53,8 @@ Index: bzip2-1.0.7/README.autotools
 +
 +To be super-safe, I incremented minor number of the library file, so
 +both instances of the shared library can live together.
-Index: bzip2-1.0.7/configure.ac
-===================================================================
--- /dev/null	1970-01-01 00:00:00.000000000 +0000
-+++ bzip2-1.0.7/configure.ac	2019-06-27 23:12:37.015916631 +0200
+--- /dev/null
+++ configure.ac
@@ -0,0 +1,62 @@
 +#                                               -*- Autoconf -*-
 +# Process this file with autoconf to produce a configure script.
@ -124,10 +118,8 @@ Index: bzip2-1.0.7/configure.ac
 +AC_SUBST([BZIP2_LT_AGE])
 +AC_CONFIG_FILES([Makefile bzip2.pc])
 +AC_OUTPUT
-Index: bzip2-1.0.7/Makefile.am
-===================================================================
--- /dev/null	1970-01-01 00:00:00.000000000 +0000
-+++ bzip2-1.0.7/Makefile.am	2019-06-27 23:12:37.015916631 +0200
+--- /dev/null
+++ Makefile.am
@@ -0,0 +1,137 @@
 +ACLOCAL_AMFLAGS = -I m4
 +lib_LTLIBRARIES = libbz2.la
@ -266,10 +258,8 @@ Index: bzip2-1.0.7/Makefile.am
 +	words2 \
 +	words3 \
 +	xmlproc.sh
-Index: bzip2-1.0.7/bzip2.pc.in
-===================================================================
--- /dev/null	1970-01-01 00:00:00.000000000 +0000
-+++ bzip2-1.0.7/bzip2.pc.in	2019-06-27 23:12:37.015916631 +0200
+--- /dev/null
+++ bzip2.pc.in
@@ -0,0 +1,11 @@
 +prefix=@prefix@
 +exec_prefix=@exec_prefix@
@ -282,10 +272,8 @@ Index: bzip2-1.0.7/bzip2.pc.in
 +Version: @VERSION@
 +Libs: -L${libdir} -lbz2
 +Cflags: -I${includedir}
-Index: bzip2-1.0.7/m4/visibility.m4
-===================================================================
--- /dev/null	1970-01-01 00:00:00.000000000 +0000
-+++ bzip2-1.0.7/m4/visibility.m4	2019-06-27 23:12:37.015916631 +0200
+--- /dev/null
+++ m4/visibility.m4
@@ -0,0 +1,78 @@
 +# visibility.m4 serial 4 (gettext-0.18.2)
 +dnl Copyright (C) 2005, 2008, 2010-2011 Free Software Foundation, Inc.
@ -365,10 +353,8 @@ Index: bzip2-1.0.7/m4/visibility.m4
 +  AC_DEFINE_UNQUOTED([HAVE_VISIBILITY], [$HAVE_VISIBILITY],
 +    [Define to 1 or 0, depending whether the compiler supports simple visibility declarations.])
 +])
-Index: bzip2-1.0.7/bzlib.h
-===================================================================
--- bzip2-1.0.7.orig/bzlib.h	2019-06-27 20:15:39.000000000 +0200
-+++ bzip2-1.0.7/bzlib.h	2019-06-27 23:12:37.015916631 +0200
+--- bzlib.h.orig
+++ bzlib.h
@@ -91,9 +91,11 @@ typedef
 #   endif
 #else
--- a/bzip2.changes
+++ b/bzip2.changes
@ -1,3 +1,9 @@
+-------------------------------------------------------------------
+Fri Jun 28 07:42:24 UTC 2019 - Martin Pluskal <mpluskal@suse.com>
+
+- Update bug reference
+- Fix downloaded patches
+
 -------------------------------------------------------------------
 Thu Jun 27 21:01:36 UTC 2019 - Bjørn Lie <bjorn.lie@gmail.com>

@ -8,7 +14,8 @@ Thu Jun 27 21:01:36 UTC 2019 - Bjørn Lie <bjorn.lie@gmail.com>
  * bzip2recover: Fix buffer overflow for large argv[0].
  * bzip2recover: Fix use after free issue with outFile
    (CVE-2016-3189).
-  * Make sure nSelectors is not out of range (CVE-2019-12900).
+  * Make sure nSelectors is not out of range (CVE-2019-12900
+    bsc#1139083)
 - Drop patches fixed upstream:
  * bzip2-unsafe_strcpy.patch.
  * bzip2-1.0.6-CVE-2016-3189.patch.
--- a/bzip2.spec
+++ b/bzip2.spec
@ -72,7 +72,12 @@ Requires:       glibc-devel
 The bzip2 runtime library development files.

 %prep
-%autosetup -p1
+%setup -q
+%patch0
+%patch1 -p1
+%patch3 -p1
+%patch4 -p1
+%patch5 -p1

 %build
 autoreconf -fiv
@ -82,7 +87,7 @@ autoreconf -fiv
 %if 0%{?do_profiling}
  make %{?_smp_mflags} CFLAGS="%{optflags} %{cflags_profile_generate}"
  make %{?_smp_mflags} CFLAGS="%{optflags} %{cflags_profile_generate}" test
-  make clean
+  make %{?_smp_mflags} clean
  make %{?_smp_mflags} CFLAGS="%{optflags} %{cflags_profile_feedback}"
 %else
  make %{?_smp_mflags} CFLAGS="%{optflags}"