This commit is contained in:
OBS User unknown
Git OBS Bridge
parent
41e178ba13
commit
79e1879a13
41
bzip2-CVE-2008-1372-CERT-FI-20469.patch
Normal file
41
bzip2-CVE-2008-1372-CERT-FI-20469.patch
Normal file
@ -0,0 +1,41 @@
|
|||||||
|
--- bzip2-1.0.4/bzlib.c 2007-01-03 03:00:55.000000000 +0100
|
||||||
|
+++ bzip2-1.0.5/bzlib.c 2007-12-09 14:57:21.000000000 +0100
|
||||||
|
@@ -598,6 +598,7 @@
|
||||||
|
UInt32 c_tPos = s->tPos;
|
||||||
|
char* cs_next_out = s->strm->next_out;
|
||||||
|
unsigned int cs_avail_out = s->strm->avail_out;
|
||||||
|
+ Int32 ro_blockSize100k = s->blockSize100k;
|
||||||
|
/* end restore */
|
||||||
|
|
||||||
|
UInt32 avail_out_INIT = cs_avail_out;
|
||||||
|
--- bzip2-1.0.4/bzlib_private.h 2007-01-03 03:00:55.000000000 +0100
|
||||||
|
+++ bzip2-1.0.5/bzlib_private.h 2007-12-09 15:00:46.000000000 +0100
|
||||||
|
@@ -442,11 +442,15 @@
|
||||||
|
/*-- Macros for decompression. --*/
|
||||||
|
|
||||||
|
#define BZ_GET_FAST(cccc) \
|
||||||
|
+ /* c_tPos is unsigned, hence test < 0 is pointless. */ \
|
||||||
|
+ if (s->tPos >= (UInt32)100000 * (UInt32)s->blockSize100k) return True; \
|
||||||
|
s->tPos = s->tt[s->tPos]; \
|
||||||
|
cccc = (UChar)(s->tPos & 0xff); \
|
||||||
|
s->tPos >>= 8;
|
||||||
|
|
||||||
|
#define BZ_GET_FAST_C(cccc) \
|
||||||
|
+ /* c_tPos is unsigned, hence test < 0 is pointless. */ \
|
||||||
|
+ if (c_tPos >= (UInt32)100000 * (UInt32)ro_blockSize100k) return True; \
|
||||||
|
c_tPos = c_tt[c_tPos]; \
|
||||||
|
cccc = (UChar)(c_tPos & 0xff); \
|
||||||
|
c_tPos >>= 8;
|
||||||
|
@@ -469,8 +473,10 @@
|
||||||
|
(((UInt32)s->ll16[i]) | (GET_LL4(i) << 16))
|
||||||
|
|
||||||
|
#define BZ_GET_SMALL(cccc) \
|
||||||
|
- cccc = BZ2_indexIntoF ( s->tPos, s->cftab ); \
|
||||||
|
- s->tPos = GET_LL(s->tPos);
|
||||||
|
+ /* c_tPos is unsigned, hence test < 0 is pointless. */ \
|
||||||
|
+ if (s->tPos >= (UInt32)100000 * (UInt32)s->blockSize100k) return True; \
|
||||||
|
+ cccc = BZ2_indexIntoF ( s->tPos, s->cftab ); \
|
||||||
|
+ s->tPos = GET_LL(s->tPos);
|
||||||
|
|
||||||
|
|
||||||
|
/*-- externs for decompression. --*/
|
||||||
@ -221,7 +221,7 @@
|
|||||||
pp = 0;
|
pp = 0;
|
||||||
for (i = minLen; i <= maxLen; i++)
|
for (i = minLen; i <= maxLen; i++)
|
||||||
for (j = 0; j < alphaSize; j++)
|
for (j = 0; j < alphaSize; j++)
|
||||||
@@ -190,16 +193,25 @@
|
@@ -190,16 +193,28 @@
|
||||||
|
|
||||||
for (i = 1; i < BZ_MAX_CODE_LEN; i++) base[i] += base[i-1];
|
for (i = 1; i < BZ_MAX_CODE_LEN; i++) base[i] += base[i-1];
|
||||||
|
|
||||||
@ -233,7 +233,10 @@
|
|||||||
+ if (i <= HUFCODE_SIZE) {
|
+ if (i <= HUFCODE_SIZE) {
|
||||||
+ for (j = base[i]; j < base[i + 1]; j++) {
|
+ for (j = base[i]; j < base[i + 1]; j++) {
|
||||||
+ vec2 = (vec + j - base[i]) << (HUFCODE_SIZE - i);
|
+ vec2 = (vec + j - base[i]) << (HUFCODE_SIZE - i);
|
||||||
+ for (k = (1 << (HUFCODE_SIZE - i)) ; --k >= 0; vec2++)
|
+ k = (1 << (HUFCODE_SIZE - i));
|
||||||
|
+ if (vec2 + k > (1 << HUFCODE_SIZE))
|
||||||
|
+ k = (1 << HUFCODE_SIZE) - vec2;
|
||||||
|
+ for (; --k >= 0; vec2++)
|
||||||
+ hufcode[vec2] = perm[j] | 512 | (HUFCODE_SIZE - i) << 10;
|
+ hufcode[vec2] = perm[j] | 512 | (HUFCODE_SIZE - i) << 10;
|
||||||
+ }
|
+ }
|
||||||
+ }
|
+ }
|
||||||
|
|||||||
@ -1,3 +1,8 @@
|
|||||||
|
-------------------------------------------------------------------
|
||||||
|
Wed Mar 19 18:34:23 CET 2008 - nadvornik@suse.cz
|
||||||
|
|
||||||
|
- fixed buffer overflows CVE-2008-1372 [bnc#372047]
|
||||||
|
|
||||||
-------------------------------------------------------------------
|
-------------------------------------------------------------------
|
||||||
Thu Dec 6 11:23:02 CET 2007 - lmichnovic@suse.cz
|
Thu Dec 6 11:23:02 CET 2007 - lmichnovic@suse.cz
|
||||||
|
|
||||||
|
|||||||
85
bzip2.spec
85
bzip2.spec
@ -1,7 +1,7 @@
|
|||||||
#
|
#
|
||||||
# spec file for package bzip2 (Version 1.0.4)
|
# spec file for package bzip2 (Version 1.0.4)
|
||||||
#
|
#
|
||||||
# Copyright (c) 2007 SUSE LINUX Products GmbH, Nuernberg, Germany.
|
# Copyright (c) 2008 SUSE LINUX Products GmbH, Nuernberg, Germany.
|
||||||
# This file and all modifications and additions to the pristine
|
# This file and all modifications and additions to the pristine
|
||||||
# package are under the same license as the package itself.
|
# package are under the same license as the package itself.
|
||||||
#
|
#
|
||||||
@ -10,9 +10,10 @@
|
|||||||
|
|
||||||
# norootforbuild
|
# norootforbuild
|
||||||
|
|
||||||
|
|
||||||
Name: bzip2
|
Name: bzip2
|
||||||
Version: 1.0.4
|
Version: 1.0.4
|
||||||
Release: 52
|
Release: 69
|
||||||
Provides: bzip
|
Provides: bzip
|
||||||
Obsoletes: bzip
|
Obsoletes: bzip
|
||||||
# The following is a kludge to get updating bzip2 to after the split work
|
# The following is a kludge to get updating bzip2 to after the split work
|
||||||
@ -29,6 +30,7 @@ Source100: rpmlintrc
|
|||||||
Patch1: bzip2-shared_lib.patch
|
Patch1: bzip2-shared_lib.patch
|
||||||
Patch2: bzip2-maxlen20.patch
|
Patch2: bzip2-maxlen20.patch
|
||||||
Patch3: bzip2-faster.patch
|
Patch3: bzip2-faster.patch
|
||||||
|
Patch4: bzip2-CVE-2008-1372-CERT-FI-20469.patch
|
||||||
BuildRoot: %{_tmppath}/%{name}-%{version}-build
|
BuildRoot: %{_tmppath}/%{name}-%{version}-build
|
||||||
|
|
||||||
%description
|
%description
|
||||||
@ -85,6 +87,7 @@ Authors:
|
|||||||
%patch1
|
%patch1
|
||||||
%patch2
|
%patch2
|
||||||
%patch3
|
%patch3
|
||||||
|
%patch4 -p1
|
||||||
|
|
||||||
%build
|
%build
|
||||||
profile_bzip2()
|
profile_bzip2()
|
||||||
@ -148,24 +151,26 @@ rm -rf $RPM_BUILD_ROOT
|
|||||||
%{_libdir}/libbz2.so
|
%{_libdir}/libbz2.so
|
||||||
|
|
||||||
%changelog
|
%changelog
|
||||||
* Thu Dec 06 2007 - lmichnovic@suse.cz
|
* Wed Mar 19 2008 nadvornik@suse.cz
|
||||||
|
- fixed buffer overflows CVE-2008-1372 [bnc#372047]
|
||||||
|
* Thu Dec 06 2007 lmichnovic@suse.cz
|
||||||
- bznew can now repack also .tar.gz files [#342612]
|
- bznew can now repack also .tar.gz files [#342612]
|
||||||
The dot in suffix is explicitly checked
|
The dot in suffix is explicitly checked
|
||||||
* Thu Nov 08 2007 - lmichnovic@suse.cz
|
* Thu Nov 08 2007 lmichnovic@suse.cz
|
||||||
- added README, LICENSE, CHANGES files to libbz2-1 package
|
- added README, LICENSE, CHANGES files to libbz2-1 package
|
||||||
* Sun Jun 03 2007 - schwab@suse.de
|
* Mon Jun 04 2007 schwab@suse.de
|
||||||
- Fix dependency.
|
- Fix dependency.
|
||||||
* Wed May 30 2007 - lmichnovic@suse.cz
|
* Wed May 30 2007 lmichnovic@suse.cz
|
||||||
- renamed lib to libbz2-1 according to Shared Library Packaging
|
- renamed lib to libbz2-1 according to Shared Library Packaging
|
||||||
Policy
|
Policy
|
||||||
- calling ldconfig for libbz2-1 package
|
- calling ldconfig for libbz2-1 package
|
||||||
* Fri May 25 2007 - dmueller@suse.de
|
* Sat May 26 2007 dmueller@suse.de
|
||||||
- build with profile feedback enabled (7-15%% speedup)
|
- build with profile feedback enabled (7-15%% speedup)
|
||||||
* Fri Mar 30 2007 - rguenther@suse.de
|
* Fri Mar 30 2007 rguenther@suse.de
|
||||||
- Add PreReq to libbz2 from bzip2 to work around update problems
|
- Add PreReq to libbz2 from bzip2 to work around update problems
|
||||||
* Fri Mar 23 2007 - rguenther@suse.de
|
* Fri Mar 23 2007 rguenther@suse.de
|
||||||
- Split off doc, libbz2 and libbz2-devel packages
|
- Split off doc, libbz2 and libbz2-devel packages
|
||||||
* Mon Jan 15 2007 - lmichnovic@suse.cz
|
* Mon Jan 15 2007 lmichnovic@suse.cz
|
||||||
- Update to version 1.0.4
|
- Update to version 1.0.4
|
||||||
* Fixes some minor bugs since the last version, 1.0.3.
|
* Fixes some minor bugs since the last version, 1.0.3.
|
||||||
* Fix file permissions race problem (CAN-2005-0953).
|
* Fix file permissions race problem (CAN-2005-0953).
|
||||||
@ -180,67 +185,67 @@ rm -rf $RPM_BUILD_ROOT
|
|||||||
* Tighten up a couple of assertions in blocksort.c following
|
* Tighten up a couple of assertions in blocksort.c following
|
||||||
automated analysis.
|
automated analysis.
|
||||||
* Fix minor doc/comment bugs.
|
* Fix minor doc/comment bugs.
|
||||||
* Mon Oct 16 2006 - dmueller@suse.de
|
* Mon Oct 16 2006 dmueller@suse.de
|
||||||
- strip .la files
|
- strip .la files
|
||||||
* Wed Jan 25 2006 - mls@suse.de
|
* Wed Jan 25 2006 mls@suse.de
|
||||||
- converted neededforbuild to BuildRequires
|
- converted neededforbuild to BuildRequires
|
||||||
* Tue Jan 17 2006 - schwab@suse.de
|
* Wed Jan 18 2006 schwab@suse.de
|
||||||
- Don't strip binaries.
|
- Don't strip binaries.
|
||||||
* Fri Aug 12 2005 - mls@suse.de
|
* Fri Aug 12 2005 mls@suse.de
|
||||||
- make decompress much faster
|
- make decompress much faster
|
||||||
- compile with -O3
|
- compile with -O3
|
||||||
- go back to maxlen=20 when compressing
|
- go back to maxlen=20 when compressing
|
||||||
* Fri Aug 05 2005 - ro@suse.de
|
* Fri Aug 05 2005 ro@suse.de
|
||||||
- next libdir: only package lib*
|
- next libdir: only package lib*
|
||||||
* Fri Aug 05 2005 - ro@suse.de
|
* Fri Aug 05 2005 ro@suse.de
|
||||||
- do not package all of libdir (debuginfo)
|
- do not package all of libdir (debuginfo)
|
||||||
* Mon Aug 01 2005 - mjancar@suse.cz
|
* Mon Aug 01 2005 mjancar@suse.cz
|
||||||
- update to 1.0.3
|
- update to 1.0.3
|
||||||
* Tue Jun 28 2005 - kukuk@suse.de
|
* Tue Jun 28 2005 kukuk@suse.de
|
||||||
- Move shared libraries to /%%{_lib}
|
- Move shared libraries to /%%{_lib}
|
||||||
* Thu Mar 24 2005 - werner@suse.de
|
* Thu Mar 24 2005 werner@suse.de
|
||||||
- Add bznew, a changeed version of the gzip znew.
|
- Add bznew, a changeed version of the gzip znew.
|
||||||
* Tue Apr 20 2004 - mmj@suse.de
|
* Tue Apr 20 2004 mmj@suse.de
|
||||||
- Fix strict aliasing
|
- Fix strict aliasing
|
||||||
* Sun Jan 11 2004 - adrian@suse.de
|
* Sun Jan 11 2004 adrian@suse.de
|
||||||
- add %%defattr and %%run_ldconfig
|
- add %%defattr and %%run_ldconfig
|
||||||
* Wed Jul 23 2003 - tcrhak@suse.cz
|
* Wed Jul 23 2003 tcrhak@suse.cz
|
||||||
- fixed URL
|
- fixed URL
|
||||||
* Tue Jul 23 2002 - tcrhak@suse.cz
|
* Tue Jul 23 2002 tcrhak@suse.cz
|
||||||
- renamed to bzip2
|
- renamed to bzip2
|
||||||
* Tue Feb 05 2002 - tcrhak@suse.cz
|
* Tue Feb 05 2002 tcrhak@suse.cz
|
||||||
- update to version 1.0.2
|
- update to version 1.0.2
|
||||||
- bziped tarball
|
- bziped tarball
|
||||||
* Thu Mar 08 2001 - nadvornik@suse.cz
|
* Thu Mar 08 2001 nadvornik@suse.cz
|
||||||
- re-added /usr/include/bzlib.h
|
- re-added /usr/include/bzlib.h
|
||||||
* Thu Mar 08 2001 - bk@suse.de
|
* Thu Mar 08 2001 bk@suse.de
|
||||||
- Replaced the -malign options with -mcpu=pentiumpro
|
- Replaced the -malign options with -mcpu=pentiumpro
|
||||||
* Tue Mar 06 2001 - bk@suse.de
|
* Tue Mar 06 2001 bk@suse.de
|
||||||
- add version info to libbz2 link to fix the library version number
|
- add version info to libbz2 link to fix the library version number
|
||||||
- if i386, add -malign-loops=2 -malign-jumps=2 -malign-functions=2
|
- if i386, add -malign-loops=2 -malign-jumps=2 -malign-functions=2
|
||||||
* Thu Nov 30 2000 - aj@suse.de
|
* Thu Nov 30 2000 aj@suse.de
|
||||||
- New version, compile with LFS support.
|
- New version, compile with LFS support.
|
||||||
* Tue Oct 03 2000 - kukuk@suse.de
|
* Tue Oct 03 2000 kukuk@suse.de
|
||||||
- Set libdir for 64bit architectures
|
- Set libdir for 64bit architectures
|
||||||
* Mon May 22 2000 - nadvornik@suse.cz
|
* Mon May 22 2000 nadvornik@suse.cz
|
||||||
- update to 1.0.0
|
- update to 1.0.0
|
||||||
* Wed Apr 26 2000 - nadvornik@suse.cz
|
* Wed Apr 26 2000 nadvornik@suse.cz
|
||||||
- changed Group
|
- changed Group
|
||||||
* Mon Apr 10 2000 - nadvornik@suse.cz
|
* Mon Apr 10 2000 nadvornik@suse.cz
|
||||||
- added URL
|
- added URL
|
||||||
* Tue Apr 04 2000 - nadvornik@suse.cz
|
* Tue Apr 04 2000 nadvornik@suse.cz
|
||||||
- fixed to compile
|
- fixed to compile
|
||||||
* Mon Apr 03 2000 - bk@suse.de
|
* Mon Apr 03 2000 bk@suse.de
|
||||||
- added libbz2 shared library support for s390
|
- added libbz2 shared library support for s390
|
||||||
* Thu Mar 02 2000 - fehr@suse.de
|
* Thu Mar 02 2000 fehr@suse.de
|
||||||
- moved man pages to /usr/share/man
|
- moved man pages to /usr/share/man
|
||||||
* Mon Sep 13 1999 - bs@suse.de
|
* Mon Sep 13 1999 bs@suse.de
|
||||||
- ran old prepare_spec on spec file to switch to new prepare_spec.
|
- ran old prepare_spec on spec file to switch to new prepare_spec.
|
||||||
* Mon Sep 13 1999 - fehr@suse.de
|
* Mon Sep 13 1999 fehr@suse.de
|
||||||
- update to 0.9.5d
|
- update to 0.9.5d
|
||||||
* Thu Jul 01 1999 - ro@suse.de
|
* Thu Jul 01 1999 ro@suse.de
|
||||||
- update to 0.9.0c
|
- update to 0.9.0c
|
||||||
* Fri Sep 18 1998 - ro@suse.de
|
* Fri Sep 18 1998 ro@suse.de
|
||||||
- update to 0.9.0b (including libbz2 and bzlib.h)
|
- update to 0.9.0b (including libbz2 and bzlib.h)
|
||||||
* Thu Oct 30 1997 - fehr@suse.de
|
* Thu Oct 30 1997 fehr@suse.de
|
||||||
- add bzip package to S.u.S.E. distribution
|
- add bzip package to S.u.S.E. distribution
|
||||||
|
|||||||
Loading…
x
Reference in New Issue
Block a user