Accepting request 696999 from Archiving
OBS-URL: https://build.opensuse.org/request/show/696999 OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/bzip2?expand=0&rev=63
This commit is contained in:
commit
e443cef228
15
bzip2-1.0.6-CVE-2016-3189.patch
Normal file
15
bzip2-1.0.6-CVE-2016-3189.patch
Normal file
@ -0,0 +1,15 @@
|
||||
Author: Jakub Martisko <jamartis@redhat.com>
|
||||
Date: Wed, 30 Mar 2016 10:22:27 +0200
|
||||
Description: bzip2recover: Fix potential use-after-free
|
||||
Origin: https://bugzilla.redhat.com/attachment.cgi?id=1169843&action=edit
|
||||
|
||||
--- a/bzip2recover.c
|
||||
+++ b/bzip2recover.c
|
||||
@@ -472,6 +472,7 @@ Int32 main ( Int32 argc, Char** argv )
|
||||
bsPutUChar ( bsWr, 0x50 ); bsPutUChar ( bsWr, 0x90 );
|
||||
bsPutUInt32 ( bsWr, blockCRC );
|
||||
bsClose ( bsWr );
|
||||
+ outFile = NULL;
|
||||
}
|
||||
if (wrBlock >= rbCtr) break;
|
||||
wrBlock++;
|
@ -1,3 +1,10 @@
|
||||
-------------------------------------------------------------------
|
||||
Thu Apr 18 10:28:36 UTC 2019 - Kristýna Streitová <kstreitova@suse.com>
|
||||
|
||||
- add bzip2-1.0.6-CVE-2016-3189.patch to fix a heap use after
|
||||
free vulnerability that was reported in bzip2recover [bsc#985657]
|
||||
[CVE-2016-3189]
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Tue Aug 21 11:28:34 UTC 2018 - christophe@krop.fr
|
||||
|
||||
|
@ -1,7 +1,7 @@
|
||||
#
|
||||
# spec file for package bzip2
|
||||
#
|
||||
# Copyright (c) 2018 SUSE LINUX GmbH, Nuernberg, Germany.
|
||||
# Copyright (c) 2019 SUSE LINUX GmbH, Nuernberg, Germany.
|
||||
#
|
||||
# All modifications and additions to the file contributed by third parties
|
||||
# remain the property of their copyright owners, unless otherwise agreed
|
||||
@ -37,6 +37,7 @@ Patch3: bzip2-point-to-doc-pkg.patch
|
||||
Patch4: bzip2-ocloexec.patch
|
||||
# PATCH-FIX-UPSTREAM bnc#970260 kstreitova@suse.com -- fix a wrong exit code when grepping multiple archives
|
||||
Patch5: bzip2-1.0.6-bzgrep_return_value.patch
|
||||
Patch6: bzip2-1.0.6-CVE-2016-3189.patch
|
||||
BuildRequires: autoconf >= 2.57
|
||||
BuildRequires: libtool
|
||||
BuildRequires: pkgconfig
|
||||
@ -80,6 +81,7 @@ The bzip2 runtime library development files.
|
||||
%patch3 -p1
|
||||
%patch4
|
||||
%patch5 -p1
|
||||
%patch6 -p1
|
||||
|
||||
%build
|
||||
autoreconf -fiv
|
||||
|
Loading…
Reference in New Issue
Block a user