OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/bzip2?expand=0&rev=11

2008-04-06 00:00:24 +00:00 · 2008-04-06 00:00:24 +00:00 · b45d5bde1a
commit b45d5bde1a
parent 79e1879a13
8 changed files with 67 additions and 51 deletions
--- a/bzip2-1.0.4.tar.gz
+++ b/bzip2-1.0.4.tar.gz
@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:f41c3898fbd53e68e0b052418960e538813cc98afcd72b2b604079d8de3e529c
-size 841221
--- a/bzip2-1.0.5.tar.gz
+++ b/bzip2-1.0.5.tar.gz
@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:f7bf5368309d76e5daf3a89d4d1bea688dac7780742e7a0ae1af19be9316fe22
+size 841402
--- a/bzip2-CVE-2008-1372-CERT-FI-20469.patch
+++ b/bzip2-CVE-2008-1372-CERT-FI-20469.patch
@ -1,41 +0,0 @@
--- bzip2-1.0.4/bzlib.c	2007-01-03 03:00:55.000000000 +0100
-+++ bzip2-1.0.5/bzlib.c	2007-12-09 14:57:21.000000000 +0100
-@@ -598,6 +598,7 @@
-       UInt32        c_tPos               = s->tPos;
-       char*         cs_next_out          = s->strm->next_out;
-       unsigned int  cs_avail_out         = s->strm->avail_out;
-+      Int32         ro_blockSize100k     = s->blockSize100k;
-       /* end restore */
- 
-       UInt32       avail_out_INIT = cs_avail_out;
--- bzip2-1.0.4/bzlib_private.h	2007-01-03 03:00:55.000000000 +0100
-+++ bzip2-1.0.5/bzlib_private.h	2007-12-09 15:00:46.000000000 +0100
-@@ -442,11 +442,15 @@
- /*-- Macros for decompression. --*/
- 
- #define BZ_GET_FAST(cccc)                     \
-+    /* c_tPos is unsigned, hence test < 0 is pointless. */ \
-+    if (s->tPos >= (UInt32)100000 * (UInt32)s->blockSize100k) return True; \
-     s->tPos = s->tt[s->tPos];                 \
-     cccc = (UChar)(s->tPos & 0xff);           \
-     s->tPos >>= 8;
- 
- #define BZ_GET_FAST_C(cccc)                   \
-+    /* c_tPos is unsigned, hence test < 0 is pointless. */ \
-+    if (c_tPos >= (UInt32)100000 * (UInt32)ro_blockSize100k) return True; \
-     c_tPos = c_tt[c_tPos];                    \
-     cccc = (UChar)(c_tPos & 0xff);            \
-     c_tPos >>= 8;
-@@ -469,8 +473,10 @@
-    (((UInt32)s->ll16[i]) | (GET_LL4(i) << 16))
- 
- #define BZ_GET_SMALL(cccc)                            \
-      cccc = BZ2_indexIntoF ( s->tPos, s->cftab );    \
-      s->tPos = GET_LL(s->tPos);
-+    /* c_tPos is unsigned, hence test < 0 is pointless. */ \
-+    if (s->tPos >= (UInt32)100000 * (UInt32)s->blockSize100k) return True; \
-+    cccc = BZ2_indexIntoF ( s->tPos, s->cftab );    \
-+    s->tPos = GET_LL(s->tPos);
- 
- 
- /*-- externs for decompression. --*/
--- a/bzip2-cflags.patch
+++ b/bzip2-cflags.patch
@ -0,0 +1,11 @@
+--- Makefile-libbz2_so
+++ Makefile-libbz2_so
+@@ -35,7 +35,7 @@
+       bzlib.o
+ 
+ all: $(OBJS)
+-	$(CC) -shared -Wl,-soname -Wl,libbz2.so.1.0 -o libbz2.so.1.0.4 $(OBJS)
+	$(CC) $(CFLAGS) -shared -Wl,-soname -Wl,libbz2.so.1.0 -o libbz2.so.1.0.4 $(OBJS)
+ 	$(CC) $(CFLAGS) -o bzip2-shared bzip2.c libbz2.so.1.0.4
+ 	rm -f libbz2.so.1.0
+ 	ln -s libbz2.so.1.0.4 libbz2.so.1.0
--- a/bzip2-faster.patch
+++ b/bzip2-faster.patch
@ -24,7 +24,7 @@
 
    }
    DState;
-@@ -482,8 +485,8 @@
+@@ -488,8 +491,8 @@
 BZ2_decompress ( DState* );
 
 extern void 
--- a/bzip2-unsafe_strcpy.patch
+++ b/bzip2-unsafe_strcpy.patch
@ -0,0 +1,12 @@
+--- bzip2recover.c
+++ bzip2recover.c
+@@ -309,7 +309,8 @@
+    UInt32      buffHi, buffLo, blockCRC;
+    Char*       p;
+ 
+-   strcpy ( progName, argv[0] );
+   strncpy ( progName, argv[0], BZ_MAX_FILENAME-1);
+   progName[BZ_MAX_FILENAME-1]='\0';
+    inFileName[0] = outFileName[0] = 0;
+ 
+    fprintf ( stderr, 
--- a/bzip2.changes
+++ b/bzip2.changes
@ -1,3 +1,15 @@
+-------------------------------------------------------------------
+Thu Apr  3 17:12:42 CEST 2008 - lmichnovic@suse.cz
+
+- update to version 1.5
+ * Fixes CERT-FI 20469 as it applies to bzip2
+ which obsoletes bzip2-CVE-2008-1372-CERT-FI-20469.patch
+- installing scripts bzdiff, bzgrep, bzmore 
+  and symlinks bzless, bzcmp [bnc#376464]
+- addded CFLAGS in Makefile-libbz2_so (cflags.patch)
+- fix unsafe strcpy in bzip2recover (unsafe_strcpy.patch) 
+  Thanks to Red Hat.
+
 -------------------------------------------------------------------
 Wed Mar 19 18:34:23 CET 2008 - nadvornik@suse.cz

--- a/bzip2.spec
+++ b/bzip2.spec
@ -1,5 +1,5 @@
 #
-# spec file for package bzip2 (Version 1.0.4)
+# spec file for package bzip2 (Version 1.0.5)
 #
 # Copyright (c) 2008 SUSE LINUX Products GmbH, Nuernberg, Germany.
 # This file and all modifications and additions to the pristine
@ -12,8 +12,8 @@


 Name:           bzip2
-Version:        1.0.4
-Release:        69
+Version:        1.0.5
+Release:        1
 Provides:       bzip 
 Obsoletes:      bzip
 # The following is a kludge to get updating bzip2 to after the split work
@ -30,7 +30,8 @@ Source100:      rpmlintrc
 Patch1:         bzip2-shared_lib.patch
 Patch2:         bzip2-maxlen20.patch
 Patch3:         bzip2-faster.patch
-Patch4:         bzip2-CVE-2008-1372-CERT-FI-20469.patch
+Patch4:         bzip2-cflags.patch
+Patch5:         bzip2-unsafe_strcpy.patch
 BuildRoot:      %{_tmppath}/%{name}-%{version}-build

 %description
@ -43,6 +44,7 @@ Authors:
    Julian Seward <jseward@acm.org>

 %package doc
+License:        BSD 3-Clause
 Summary:        The bzip2 program and Library Documentation
 Group:          Productivity/Archiving/Compression

@ -56,6 +58,7 @@ Authors:
    Julian Seward <jseward@acm.org>

 %package -n libbz2-1
+License:        BSD 3-Clause
 Summary:        The bzip2 runtime library
 Group:          Productivity/Archiving/Compression

@ -69,6 +72,7 @@ Authors:
    Julian Seward <jseward@acm.org>

 %package -n libbz2-devel
+License:        BSD 3-Clause
 Summary:        The bzip2 runtime library development files
 Group:          Development/Libraries/Other
 Requires:       libbz2-1 = %{version}
@ -87,7 +91,8 @@ Authors:
 %patch1
 %patch2
 %patch3
-%patch4 -p1
+%patch4
+%patch5

 %build
 profile_bzip2()
@ -120,6 +125,14 @@ install -m 755 -d $RPM_BUILD_ROOT/%{_lib}/
 mv $RPM_BUILD_ROOT%{_libdir}/libbz2.so $RPM_BUILD_ROOT/%{_lib}/libbz2.so.%{version}
 ln -sf libbz2.so.%{version} $RPM_BUILD_ROOT/%{_lib}/libbz2.so.1
 ln -sf ../../%{_lib}/libbz2.so.%{version} $RPM_BUILD_ROOT%{_libdir}/libbz2.so
+# installing bzgrep, bzdiff and bzmore scripts bnc#376464
+mkdir -p $RPM_BUILD_ROOT%{_bindir}
+install -m 755 bzgrep bzdiff bzmore $RPM_BUILD_ROOT%{_bindir}
+install -m 644 bzgrep.1 bzdiff.1 bzmore.1 $RPM_BUILD_ROOT%{_mandir}/man1
+ln -s bzdiff $RPM_BUILD_ROOT%{_bindir}/bzcmp
+ln -s bzmore $RPM_BUILD_ROOT%{_bindir}/bzless
+ln -s bzdiff.1 $RPM_BUILD_ROOT%{_mandir}/man1/bzcmp.1
+ln -s bzmore.1 $RPM_BUILD_ROOT%{_mandir}/man1/bzless.1

 %clean
 rm -rf $RPM_BUILD_ROOT
@ -151,6 +164,15 @@ rm -rf $RPM_BUILD_ROOT
 %{_libdir}/libbz2.so

 %changelog
+* Thu Apr 03 2008 lmichnovic@suse.cz
+- update to version 1.5
+  * Fixes CERT-FI 20469 as it applies to bzip2
+  which obsoletes bzip2-CVE-2008-1372-CERT-FI-20469.patch
+- installing scripts bzdiff, bzgrep, bzmore
+  and symlinks bzless, bzcmp [bnc#376464]
+- addded CFLAGS in Makefile-libbz2_so (cflags.patch)
+- fix unsafe strcpy in bzip2recover (unsafe_strcpy.patch)
+  Thanks to Red Hat.
 * Wed Mar 19 2008 nadvornik@suse.cz
 - fixed buffer overflows CVE-2008-1372 [bnc#372047]
 * Thu Dec 06 2007 lmichnovic@suse.cz
@ -220,7 +242,7 @@ rm -rf $RPM_BUILD_ROOT
 - re-added /usr/include/bzlib.h
 * Thu Mar 08 2001 bk@suse.de
 - Replaced the -malign options with -mcpu=pentiumpro
-* Tue Mar 06 2001 bk@suse.de
+* Wed Mar 07 2001 bk@suse.de
 - add version info to libbz2 link to fix the library version number
 - if i386, add -malign-loops=2 -malign-jumps=2 -malign-functions=2
 * Thu Nov 30 2000 aj@suse.de