From d784bd33f0543127930aff8e5265adab4ca80097753d78d99383d7ecdbe65d6b Mon Sep 17 00:00:00 2001 From: Martin Pluskal Date: Wed, 24 Jul 2019 14:23:52 +0000 Subject: [PATCH] Accepting request 718277 from home:kstreitova:branches:Archiving - Update to version 1.0.8: * Accept as many selectors as the file format allows. This relaxes the fix for CVE-2019-12900 from 1.0.7 so that bzip2 allows decompression of bz2 files that use (too) many selectors again. * Fix handling of large (> 4GB) files on Windows. * Cleanup of bzdiff and bzgrep scripts so they don't use any bash extensions and handle multiple archives correctly. - remove (applied upstream) * bzip2-1.0.6-fix-bashisms.patch * bzip2-1.0.6-bzgrep_return_value.patch - use a new Source url OBS-URL: https://build.opensuse.org/request/show/718277 OBS-URL: https://build.opensuse.org/package/show/Archiving/bzip2?expand=0&rev=79 --- bzip2-1.0.6-bzgrep_return_value.patch | 27 --------------------------- bzip2-1.0.6-fix-bashisms.patch | 15 --------------- bzip2-1.0.7.tar.gz | 3 --- bzip2-1.0.8.tar.gz | 3 +++ bzip2.changes | 16 ++++++++++++++++ bzip2.spec | 9 ++------- 6 files changed, 21 insertions(+), 52 deletions(-) delete mode 100644 bzip2-1.0.6-bzgrep_return_value.patch delete mode 100644 bzip2-1.0.6-fix-bashisms.patch delete mode 100644 bzip2-1.0.7.tar.gz create mode 100644 bzip2-1.0.8.tar.gz diff --git a/bzip2-1.0.6-bzgrep_return_value.patch b/bzip2-1.0.6-bzgrep_return_value.patch deleted file mode 100644 index ac5026e..0000000 --- a/bzip2-1.0.6-bzgrep_return_value.patch +++ /dev/null @@ -1,27 +0,0 @@ -Index: bzip2-1.0.7/bzgrep -=================================================================== ---- bzip2-1.0.7.orig/bzgrep 2019-06-27 23:10:21.375272508 +0200 -+++ bzip2-1.0.7/bzgrep 2019-06-27 23:10:21.415272635 +0200 -@@ -65,8 +65,20 @@ for i do - else - j=$(echo "$i" | sed 's/\\/&&/g;s/|/\\&/g;s/&/\\&/g') - j=`printf "%s" "$j" | tr '\n' ' '` -- bzip2 -cdfq "$i" | $grep $opt "$pat" | sed "s|^|${j}:|" -- r=$? -+ # A trick adapted from -+ # https://groups.google.com/forum/#!original/comp.unix.shell/x1345iu10eg/Nn1n-1r1uU0J -+ # that has the same effect as the following bash code: -+ # bzip2 -cdfq "$i" | $grep $opt "$pat" | sed "s|^|${j}:|" -+ # r=${PIPESTATUS[1]} -+ exec 3>&1 -+ eval ` -+ exec 4>&1 >&3 3>&- -+ { -+ bzip2 -cdfq "$i" 4>&- -+ } | { -+ $grep $opt "$pat" 4>&-; echo "r=$?;" >&4 -+ } | sed "s|^|${j}:|" -+ ` - fi - test "$r" -ne 0 && res="$r" - done diff --git a/bzip2-1.0.6-fix-bashisms.patch b/bzip2-1.0.6-fix-bashisms.patch deleted file mode 100644 index 3991cb4..0000000 --- a/bzip2-1.0.6-fix-bashisms.patch +++ /dev/null @@ -1,15 +0,0 @@ -Index: bzip2-1.0.7/bzgrep -=================================================================== ---- bzip2-1.0.7.orig/bzgrep 2019-06-27 20:15:39.000000000 +0200 -+++ bzip2-1.0.7/bzgrep 2019-06-27 23:12:37.027916706 +0200 -@@ -63,9 +63,7 @@ for i do - bzip2 -cdfq "$i" | $grep $opt "$pat" - r=$? - else -- j=${i//\\/\\\\} -- j=${j//|/\\|} -- j=${j//&/\\&} -+ j=$(echo "$i" | sed 's/\\/&&/g;s/|/\\&/g;s/&/\\&/g') - j=`printf "%s" "$j" | tr '\n' ' '` - bzip2 -cdfq "$i" | $grep $opt "$pat" | sed "s|^|${j}:|" - r=$? diff --git a/bzip2-1.0.7.tar.gz b/bzip2-1.0.7.tar.gz deleted file mode 100644 index abda68b..0000000 --- a/bzip2-1.0.7.tar.gz +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:e768a87c5b1a79511499beb41500bcc4caf203726fff46a6f5f9ad27fe08ab2b -size 809680 diff --git a/bzip2-1.0.8.tar.gz b/bzip2-1.0.8.tar.gz new file mode 100644 index 0000000..1ec66cd --- /dev/null +++ b/bzip2-1.0.8.tar.gz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:ab5a03176ee106d3f0fa90e381da478ddae405918153cca248e682cd0c4a2269 +size 810029 diff --git a/bzip2.changes b/bzip2.changes index 843037b..a983920 100644 --- a/bzip2.changes +++ b/bzip2.changes @@ -1,3 +1,19 @@ +------------------------------------------------------------------- +Mon Jul 22 11:08:53 UTC 2019 - Kristyna Streitova + +- Update to version 1.0.8: + * Accept as many selectors as the file format allows. + This relaxes the fix for CVE-2019-12900 from 1.0.7 + so that bzip2 allows decompression of bz2 files that + use (too) many selectors again. + * Fix handling of large (> 4GB) files on Windows. + * Cleanup of bzdiff and bzgrep scripts so they don't use + any bash extensions and handle multiple archives correctly. +- remove (applied upstream) + * bzip2-1.0.6-fix-bashisms.patch + * bzip2-1.0.6-bzgrep_return_value.patch +- use a new Source url + ------------------------------------------------------------------- Fri Jun 28 07:42:24 UTC 2019 - Martin Pluskal diff --git a/bzip2.spec b/bzip2.spec index 9e4957f..957775b 100644 --- a/bzip2.spec +++ b/bzip2.spec @@ -18,24 +18,21 @@ %define libname libbz2-1 Name: bzip2 -Version: 1.0.7 +Version: 1.0.8 Release: 0 Summary: A Program for Compressing Files License: BSD-3-Clause Group: Productivity/Archiving/Compression URL: https://sourceware.org/bzip2 -Source: %{name}-%{version}.tar.gz +Source0: https://sourceware.org/pub/bzip2/%{name}-%{version}.tar.gz Source1: bznew.gz Source2: bznew.1.gz Source3: baselibs.conf Source100: bzip2-rpmlintrc # PATCH-FEATURE-OPENSUSE bzip2-1.0.6-autoconfiscated.patch sbrabec@suse.cz -- Convert to a standard autoconf based package. Patch0: ftp://ftp.suse.com/pub/people/sbrabec/bzip2/for_downstream/bzip2-1.0.6.2-autoconfiscated.patch -Patch1: bzip2-1.0.6-fix-bashisms.patch Patch3: bzip2-point-to-doc-pkg.patch Patch4: bzip2-ocloexec.patch -# PATCH-FIX-UPSTREAM bnc#970260 kstreitova@suse.com -- fix a wrong exit code when grepping multiple archives -Patch5: bzip2-1.0.6-bzgrep_return_value.patch BuildRequires: autoconf >= 2.57 BuildRequires: libtool BuildRequires: pkgconfig @@ -74,10 +71,8 @@ The bzip2 runtime library development files. %prep %setup -q %patch0 -%patch1 -p1 %patch3 -p1 %patch4 -p1 -%patch5 -p1 %build autoreconf -fiv