This commit is contained in:
OBS User unknown
Git OBS Bridge
parent
41e178ba13
commit
79e1879a13
41
bzip2-CVE-2008-1372-CERT-FI-20469.patch
Normal file
41
bzip2-CVE-2008-1372-CERT-FI-20469.patch
Normal file
@ -0,0 +1,41 @@
|
||||
--- bzip2-1.0.4/bzlib.c 2007-01-03 03:00:55.000000000 +0100
|
||||
+++ bzip2-1.0.5/bzlib.c 2007-12-09 14:57:21.000000000 +0100
|
||||
@@ -598,6 +598,7 @@
|
||||
UInt32 c_tPos = s->tPos;
|
||||
char* cs_next_out = s->strm->next_out;
|
||||
unsigned int cs_avail_out = s->strm->avail_out;
|
||||
+ Int32 ro_blockSize100k = s->blockSize100k;
|
||||
/* end restore */
|
||||
|
||||
UInt32 avail_out_INIT = cs_avail_out;
|
||||
--- bzip2-1.0.4/bzlib_private.h 2007-01-03 03:00:55.000000000 +0100
|
||||
+++ bzip2-1.0.5/bzlib_private.h 2007-12-09 15:00:46.000000000 +0100
|
||||
@@ -442,11 +442,15 @@
|
||||
/*-- Macros for decompression. --*/
|
||||
|
||||
#define BZ_GET_FAST(cccc) \
|
||||
+ /* c_tPos is unsigned, hence test < 0 is pointless. */ \
|
||||
+ if (s->tPos >= (UInt32)100000 * (UInt32)s->blockSize100k) return True; \
|
||||
s->tPos = s->tt[s->tPos]; \
|
||||
cccc = (UChar)(s->tPos & 0xff); \
|
||||
s->tPos >>= 8;
|
||||
|
||||
#define BZ_GET_FAST_C(cccc) \
|
||||
+ /* c_tPos is unsigned, hence test < 0 is pointless. */ \
|
||||
+ if (c_tPos >= (UInt32)100000 * (UInt32)ro_blockSize100k) return True; \
|
||||
c_tPos = c_tt[c_tPos]; \
|
||||
cccc = (UChar)(c_tPos & 0xff); \
|
||||
c_tPos >>= 8;
|
||||
@@ -469,8 +473,10 @@
|
||||
(((UInt32)s->ll16[i]) | (GET_LL4(i) << 16))
|
||||
|
||||
#define BZ_GET_SMALL(cccc) \
|
||||
- cccc = BZ2_indexIntoF ( s->tPos, s->cftab ); \
|
||||
- s->tPos = GET_LL(s->tPos);
|
||||
+ /* c_tPos is unsigned, hence test < 0 is pointless. */ \
|
||||
+ if (s->tPos >= (UInt32)100000 * (UInt32)s->blockSize100k) return True; \
|
||||
+ cccc = BZ2_indexIntoF ( s->tPos, s->cftab ); \
|
||||
+ s->tPos = GET_LL(s->tPos);
|
||||
|
||||
|
||||
/*-- externs for decompression. --*/
|
||||
@ -221,7 +221,7 @@
|
||||
pp = 0;
|
||||
for (i = minLen; i <= maxLen; i++)
|
||||
for (j = 0; j < alphaSize; j++)
|
||||
@@ -190,16 +193,25 @@
|
||||
@@ -190,16 +193,28 @@
|
||||
|
||||
for (i = 1; i < BZ_MAX_CODE_LEN; i++) base[i] += base[i-1];
|
||||
|
||||
@ -233,7 +233,10 @@
|
||||
+ if (i <= HUFCODE_SIZE) {
|
||||
+ for (j = base[i]; j < base[i + 1]; j++) {
|
||||
+ vec2 = (vec + j - base[i]) << (HUFCODE_SIZE - i);
|
||||
+ for (k = (1 << (HUFCODE_SIZE - i)) ; --k >= 0; vec2++)
|
||||
+ k = (1 << (HUFCODE_SIZE - i));
|
||||
+ if (vec2 + k > (1 << HUFCODE_SIZE))
|
||||
+ k = (1 << HUFCODE_SIZE) - vec2;
|
||||
+ for (; --k >= 0; vec2++)
|
||||
+ hufcode[vec2] = perm[j] | 512 | (HUFCODE_SIZE - i) << 10;
|
||||
+ }
|
||||
+ }
|
||||
|
||||
@ -1,3 +1,8 @@
|
||||
-------------------------------------------------------------------
|
||||
Wed Mar 19 18:34:23 CET 2008 - nadvornik@suse.cz
|
||||
|
||||
- fixed buffer overflows CVE-2008-1372 [bnc#372047]
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Thu Dec 6 11:23:02 CET 2007 - lmichnovic@suse.cz
|
||||
|
||||
|
||||
85
bzip2.spec
85
bzip2.spec
@ -1,7 +1,7 @@
|
||||
#
|
||||
# spec file for package bzip2 (Version 1.0.4)
|
||||
#
|
||||
# Copyright (c) 2007 SUSE LINUX Products GmbH, Nuernberg, Germany.
|
||||
# Copyright (c) 2008 SUSE LINUX Products GmbH, Nuernberg, Germany.
|
||||
# This file and all modifications and additions to the pristine
|
||||
# package are under the same license as the package itself.
|
||||
#
|
||||
@ -10,9 +10,10 @@
|
||||
|
||||
# norootforbuild
|
||||
|
||||
|
||||
Name: bzip2
|
||||
Version: 1.0.4
|
||||
Release: 52
|
||||
Release: 69
|
||||
Provides: bzip
|
||||
Obsoletes: bzip
|
||||
# The following is a kludge to get updating bzip2 to after the split work
|
||||
@ -29,6 +30,7 @@ Source100: rpmlintrc
|
||||
Patch1: bzip2-shared_lib.patch
|
||||
Patch2: bzip2-maxlen20.patch
|
||||
Patch3: bzip2-faster.patch
|
||||
Patch4: bzip2-CVE-2008-1372-CERT-FI-20469.patch
|
||||
BuildRoot: %{_tmppath}/%{name}-%{version}-build
|
||||
|
||||
%description
|
||||
@ -85,6 +87,7 @@ Authors:
|
||||
%patch1
|
||||
%patch2
|
||||
%patch3
|
||||
%patch4 -p1
|
||||
|
||||
%build
|
||||
profile_bzip2()
|
||||
@ -148,24 +151,26 @@ rm -rf $RPM_BUILD_ROOT
|
||||
%{_libdir}/libbz2.so
|
||||
|
||||
%changelog
|
||||
* Thu Dec 06 2007 - lmichnovic@suse.cz
|
||||
* Wed Mar 19 2008 nadvornik@suse.cz
|
||||
- fixed buffer overflows CVE-2008-1372 [bnc#372047]
|
||||
* Thu Dec 06 2007 lmichnovic@suse.cz
|
||||
- bznew can now repack also .tar.gz files [#342612]
|
||||
The dot in suffix is explicitly checked
|
||||
* Thu Nov 08 2007 - lmichnovic@suse.cz
|
||||
* Thu Nov 08 2007 lmichnovic@suse.cz
|
||||
- added README, LICENSE, CHANGES files to libbz2-1 package
|
||||
* Sun Jun 03 2007 - schwab@suse.de
|
||||
* Mon Jun 04 2007 schwab@suse.de
|
||||
- Fix dependency.
|
||||
* Wed May 30 2007 - lmichnovic@suse.cz
|
||||
* Wed May 30 2007 lmichnovic@suse.cz
|
||||
- renamed lib to libbz2-1 according to Shared Library Packaging
|
||||
Policy
|
||||
- calling ldconfig for libbz2-1 package
|
||||
* Fri May 25 2007 - dmueller@suse.de
|
||||
* Sat May 26 2007 dmueller@suse.de
|
||||
- build with profile feedback enabled (7-15%% speedup)
|
||||
* Fri Mar 30 2007 - rguenther@suse.de
|
||||
* Fri Mar 30 2007 rguenther@suse.de
|
||||
- Add PreReq to libbz2 from bzip2 to work around update problems
|
||||
* Fri Mar 23 2007 - rguenther@suse.de
|
||||
* Fri Mar 23 2007 rguenther@suse.de
|
||||
- Split off doc, libbz2 and libbz2-devel packages
|
||||
* Mon Jan 15 2007 - lmichnovic@suse.cz
|
||||
* Mon Jan 15 2007 lmichnovic@suse.cz
|
||||
- Update to version 1.0.4
|
||||
* Fixes some minor bugs since the last version, 1.0.3.
|
||||
* Fix file permissions race problem (CAN-2005-0953).
|
||||
@ -180,67 +185,67 @@ rm -rf $RPM_BUILD_ROOT
|
||||
* Tighten up a couple of assertions in blocksort.c following
|
||||
automated analysis.
|
||||
* Fix minor doc/comment bugs.
|
||||
* Mon Oct 16 2006 - dmueller@suse.de
|
||||
* Mon Oct 16 2006 dmueller@suse.de
|
||||
- strip .la files
|
||||
* Wed Jan 25 2006 - mls@suse.de
|
||||
* Wed Jan 25 2006 mls@suse.de
|
||||
- converted neededforbuild to BuildRequires
|
||||
* Tue Jan 17 2006 - schwab@suse.de
|
||||
* Wed Jan 18 2006 schwab@suse.de
|
||||
- Don't strip binaries.
|
||||
* Fri Aug 12 2005 - mls@suse.de
|
||||
* Fri Aug 12 2005 mls@suse.de
|
||||
- make decompress much faster
|
||||
- compile with -O3
|
||||
- go back to maxlen=20 when compressing
|
||||
* Fri Aug 05 2005 - ro@suse.de
|
||||
* Fri Aug 05 2005 ro@suse.de
|
||||
- next libdir: only package lib*
|
||||
* Fri Aug 05 2005 - ro@suse.de
|
||||
* Fri Aug 05 2005 ro@suse.de
|
||||
- do not package all of libdir (debuginfo)
|
||||
* Mon Aug 01 2005 - mjancar@suse.cz
|
||||
* Mon Aug 01 2005 mjancar@suse.cz
|
||||
- update to 1.0.3
|
||||
* Tue Jun 28 2005 - kukuk@suse.de
|
||||
* Tue Jun 28 2005 kukuk@suse.de
|
||||
- Move shared libraries to /%%{_lib}
|
||||
* Thu Mar 24 2005 - werner@suse.de
|
||||
* Thu Mar 24 2005 werner@suse.de
|
||||
- Add bznew, a changeed version of the gzip znew.
|
||||
* Tue Apr 20 2004 - mmj@suse.de
|
||||
* Tue Apr 20 2004 mmj@suse.de
|
||||
- Fix strict aliasing
|
||||
* Sun Jan 11 2004 - adrian@suse.de
|
||||
* Sun Jan 11 2004 adrian@suse.de
|
||||
- add %%defattr and %%run_ldconfig
|
||||
* Wed Jul 23 2003 - tcrhak@suse.cz
|
||||
* Wed Jul 23 2003 tcrhak@suse.cz
|
||||
- fixed URL
|
||||
* Tue Jul 23 2002 - tcrhak@suse.cz
|
||||
* Tue Jul 23 2002 tcrhak@suse.cz
|
||||
- renamed to bzip2
|
||||
* Tue Feb 05 2002 - tcrhak@suse.cz
|
||||
* Tue Feb 05 2002 tcrhak@suse.cz
|
||||
- update to version 1.0.2
|
||||
- bziped tarball
|
||||
* Thu Mar 08 2001 - nadvornik@suse.cz
|
||||
* Thu Mar 08 2001 nadvornik@suse.cz
|
||||
- re-added /usr/include/bzlib.h
|
||||
* Thu Mar 08 2001 - bk@suse.de
|
||||
* Thu Mar 08 2001 bk@suse.de
|
||||
- Replaced the -malign options with -mcpu=pentiumpro
|
||||
* Tue Mar 06 2001 - bk@suse.de
|
||||
* Tue Mar 06 2001 bk@suse.de
|
||||
- add version info to libbz2 link to fix the library version number
|
||||
- if i386, add -malign-loops=2 -malign-jumps=2 -malign-functions=2
|
||||
* Thu Nov 30 2000 - aj@suse.de
|
||||
* Thu Nov 30 2000 aj@suse.de
|
||||
- New version, compile with LFS support.
|
||||
* Tue Oct 03 2000 - kukuk@suse.de
|
||||
* Tue Oct 03 2000 kukuk@suse.de
|
||||
- Set libdir for 64bit architectures
|
||||
* Mon May 22 2000 - nadvornik@suse.cz
|
||||
* Mon May 22 2000 nadvornik@suse.cz
|
||||
- update to 1.0.0
|
||||
* Wed Apr 26 2000 - nadvornik@suse.cz
|
||||
* Wed Apr 26 2000 nadvornik@suse.cz
|
||||
- changed Group
|
||||
* Mon Apr 10 2000 - nadvornik@suse.cz
|
||||
* Mon Apr 10 2000 nadvornik@suse.cz
|
||||
- added URL
|
||||
* Tue Apr 04 2000 - nadvornik@suse.cz
|
||||
* Tue Apr 04 2000 nadvornik@suse.cz
|
||||
- fixed to compile
|
||||
* Mon Apr 03 2000 - bk@suse.de
|
||||
* Mon Apr 03 2000 bk@suse.de
|
||||
- added libbz2 shared library support for s390
|
||||
* Thu Mar 02 2000 - fehr@suse.de
|
||||
* Thu Mar 02 2000 fehr@suse.de
|
||||
- moved man pages to /usr/share/man
|
||||
* Mon Sep 13 1999 - bs@suse.de
|
||||
* Mon Sep 13 1999 bs@suse.de
|
||||
- ran old prepare_spec on spec file to switch to new prepare_spec.
|
||||
* Mon Sep 13 1999 - fehr@suse.de
|
||||
* Mon Sep 13 1999 fehr@suse.de
|
||||
- update to 0.9.5d
|
||||
* Thu Jul 01 1999 - ro@suse.de
|
||||
* Thu Jul 01 1999 ro@suse.de
|
||||
- update to 0.9.0c
|
||||
* Fri Sep 18 1998 - ro@suse.de
|
||||
* Fri Sep 18 1998 ro@suse.de
|
||||
- update to 0.9.0b (including libbz2 and bzlib.h)
|
||||
* Thu Oct 30 1997 - fehr@suse.de
|
||||
* Thu Oct 30 1997 fehr@suse.de
|
||||
- add bzip package to S.u.S.E. distribution
|
||||
|
||||
Loading…
Reference in New Issue
Block a user