From 0e78faab46d7409b9de7af64e1a4dc843f41e69c5c836b3be686a6d7555990a0 Mon Sep 17 00:00:00 2001 From: OBS User buildservice-autocommit Date: Thu, 18 Mar 2010 14:38:59 +0000 Subject: [PATCH 1/6] Updating link to change in openSUSE:Factory/bzip2 revision 22.0 OBS-URL: https://build.opensuse.org/package/show/Archiving/bzip2?expand=0&rev=5ede095dacddc51f821f16e2098a47db --- ready | 0 1 file changed, 0 insertions(+), 0 deletions(-) delete mode 100644 ready diff --git a/ready b/ready deleted file mode 100644 index 473a0f4..0000000 From d0b8de6922a413fea6ba16c6e4648bb0a8ffae7603782191e3eaf3fbc4177d80 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Cristian=20Rodr=C3=ADguez?= Date: Fri, 2 Jul 2010 16:27:46 +0000 Subject: [PATCH 2/6] Accepting request 42398 from home:jengelh:smp Copy from home:jengelh:smp/bzip2 via accept of submit request 42398 revision 2. Request was accepted with message: Reviewed ok OBS-URL: https://build.opensuse.org/request/show/42398 OBS-URL: https://build.opensuse.org/package/show/Archiving/bzip2?expand=0&rev=9 --- bzip2.changes | 5 +++++ bzip2.spec | 4 ++-- 2 files changed, 7 insertions(+), 2 deletions(-) diff --git a/bzip2.changes b/bzip2.changes index 402d6d3..c654d86 100644 --- a/bzip2.changes +++ b/bzip2.changes @@ -1,3 +1,8 @@ +------------------------------------------------------------------- +Mon Jun 28 06:38:35 UTC 2010 - jengelh@medozas.de + +- use %_smp_mflags + ------------------------------------------------------------------- Wed Dec 16 10:53:20 CET 2009 - jengelh@medozas.de diff --git a/bzip2.spec b/bzip2.spec index ef84e9b..c79b426 100644 --- a/bzip2.spec +++ b/bzip2.spec @@ -126,7 +126,7 @@ export CFLAGS="$RPM_OPT_FLAGS %{cflags_profile_generate}" --libdir=/%{_lib}\ --disable-static %if %{do_profiling} -make %{?jobs:-j %jobs} +make %{?_smp_mflags} profile_bzip2 mkdir .libs.save mv .libs/*.gcda .libs.save/ @@ -137,7 +137,7 @@ export CFLAGS="$RPM_OPT_FLAGS %{cflags_profile_feedback}" --libdir=/%{_lib}\ --disable-static %endif -make %{?jobs:-j %jobs} +make %{?_smp_mflags} %install %makeinstall pkgconfigdir=%{_libdir}/pkgconfig From 32f3339c0cb7eb45da7d35fe2e0c5a8930427f19335b4cc51d1d340477df4bd6 Mon Sep 17 00:00:00 2001 From: OBS User autobuild Date: Fri, 2 Jul 2010 16:35:01 +0000 Subject: [PATCH 3/6] Accepting request 42422 from Archiving checked in (request 42422) OBS-URL: https://build.opensuse.org/request/show/42422 OBS-URL: https://build.opensuse.org/package/show/Archiving/bzip2?expand=0&rev=10 --- bzip2.changes | 5 ----- bzip2.spec | 4 ++-- 2 files changed, 2 insertions(+), 7 deletions(-) diff --git a/bzip2.changes b/bzip2.changes index c654d86..402d6d3 100644 --- a/bzip2.changes +++ b/bzip2.changes @@ -1,8 +1,3 @@ -------------------------------------------------------------------- -Mon Jun 28 06:38:35 UTC 2010 - jengelh@medozas.de - -- use %_smp_mflags - ------------------------------------------------------------------- Wed Dec 16 10:53:20 CET 2009 - jengelh@medozas.de diff --git a/bzip2.spec b/bzip2.spec index c79b426..ef84e9b 100644 --- a/bzip2.spec +++ b/bzip2.spec @@ -126,7 +126,7 @@ export CFLAGS="$RPM_OPT_FLAGS %{cflags_profile_generate}" --libdir=/%{_lib}\ --disable-static %if %{do_profiling} -make %{?_smp_mflags} +make %{?jobs:-j %jobs} profile_bzip2 mkdir .libs.save mv .libs/*.gcda .libs.save/ @@ -137,7 +137,7 @@ export CFLAGS="$RPM_OPT_FLAGS %{cflags_profile_feedback}" --libdir=/%{_lib}\ --disable-static %endif -make %{?_smp_mflags} +make %{?jobs:-j %jobs} %install %makeinstall pkgconfigdir=%{_libdir}/pkgconfig From 2bb416d80b584cf0255b9594af3ce863e4a19848a6a94cc19e8a55728dc24fcf Mon Sep 17 00:00:00 2001 From: Petr Uzel Date: Tue, 21 Sep 2010 14:03:08 +0000 Subject: [PATCH 4/6] bzip2-CVE-2010-0405.patch (bnc#636978) OBS-URL: https://build.opensuse.org/package/show/Archiving/bzip2?expand=0&rev=11 --- bzip2-CVE-2010-0405.patch | 18 ++++++++++++++++++ bzip2.changes | 11 +++++++++++ bzip2.spec | 12 +++++++----- 3 files changed, 36 insertions(+), 5 deletions(-) create mode 100644 bzip2-CVE-2010-0405.patch diff --git a/bzip2-CVE-2010-0405.patch b/bzip2-CVE-2010-0405.patch new file mode 100644 index 0000000..536aedb --- /dev/null +++ b/bzip2-CVE-2010-0405.patch @@ -0,0 +1,18 @@ +Index: bzip2-1.0.5/decompress.c +=================================================================== +--- bzip2-1.0.5.orig/decompress.c ++++ bzip2-1.0.5/decompress.c +@@ -394,6 +394,13 @@ Int32 BZ2_decompress ( DState* s ) + es = -1; + N = 1; + do { ++ /* Check that N doesn't get too big, so that es doesn't ++ go negative. The maximum value that can be ++ RUNA/RUNB encoded is equal to the block size (post ++ the initial RLE), viz, 900k, so bounding N at 2 ++ million should guard against overflow without ++ rejecting any legitimate inputs. */ ++ if (N >= 2*1024*1024) RETURN(BZ_DATA_ERROR); + if (nextSym == BZ_RUNA) es = es + (0+1) * N; else + if (nextSym == BZ_RUNB) es = es + (1+1) * N; + N = N * 2; diff --git a/bzip2.changes b/bzip2.changes index 402d6d3..aab2251 100644 --- a/bzip2.changes +++ b/bzip2.changes @@ -1,3 +1,14 @@ +------------------------------------------------------------------- +Tue Sep 21 13:54:31 UTC 2010 - puzel@novell.com + +- add bzip2-CVE-2010-0405.patch (bnc#636978) +- fix copy-paste error in profile_bzip2() + +------------------------------------------------------------------- +Mon Jun 28 06:38:35 UTC 2010 - jengelh@medozas.de + +- use %_smp_mflags + ------------------------------------------------------------------- Wed Dec 16 10:53:20 CET 2009 - jengelh@medozas.de diff --git a/bzip2.spec b/bzip2.spec index ef84e9b..3789be6 100644 --- a/bzip2.spec +++ b/bzip2.spec @@ -1,7 +1,7 @@ # # spec file for package bzip2 (Version 1.0.5) # -# Copyright (c) 2009 SUSE LINUX Products GmbH, Nuernberg, Germany. +# Copyright (c) 2010 SUSE LINUX Products GmbH, Nuernberg, Germany. # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -20,7 +20,7 @@ Name: bzip2 Version: 1.0.5 -Release: 38 +Release: 39 Provides: bzip Obsoletes: bzip BuildRequires: pkg-config @@ -45,6 +45,7 @@ Patch: http://pack.suse.cz/sbrabec/bzip2/for_downstream/bzip2-1.0.5-aut Patch2: bzip2-maxlen20.patch Patch3: bzip2-faster.patch Patch5: bzip2-unsafe_strcpy.patch +Patch6: bzip2-CVE-2010-0405.patch BuildRoot: %{_tmppath}/%{name}-%{version}-build %description @@ -108,12 +109,13 @@ Authors: %patch2 %patch3 %patch5 +%patch6 -p1 %build profile_bzip2() { tmpfile=$(mktemp) - trap "rm -f $tmpfile $tmpfile.gz" EXIT + trap "rm -f $tmpfile $tmpfile.bz2" EXIT tar -cjf $tmpfile.bz2 /usr/src || true # time ./bzip2 $tmpfile time ./bzip2 -d < $tmpfile.bz2 > /dev/null @@ -126,7 +128,7 @@ export CFLAGS="$RPM_OPT_FLAGS %{cflags_profile_generate}" --libdir=/%{_lib}\ --disable-static %if %{do_profiling} -make %{?jobs:-j %jobs} +make %{?_smp_mflags} profile_bzip2 mkdir .libs.save mv .libs/*.gcda .libs.save/ @@ -137,7 +139,7 @@ export CFLAGS="$RPM_OPT_FLAGS %{cflags_profile_feedback}" --libdir=/%{_lib}\ --disable-static %endif -make %{?jobs:-j %jobs} +make %{?_smp_mflags} %install %makeinstall pkgconfigdir=%{_libdir}/pkgconfig From 787e3156aebe54872a5457770ad045bdcf48c87c0819af3dafb8d260b1d5c436 Mon Sep 17 00:00:00 2001 From: OBS User autobuild Date: Tue, 21 Sep 2010 16:00:47 +0000 Subject: [PATCH 5/6] Accepting request 48684 from Archiving checked in (request 48684) OBS-URL: https://build.opensuse.org/request/show/48684 OBS-URL: https://build.opensuse.org/package/show/Archiving/bzip2?expand=0&rev=12 --- bzip2-CVE-2010-0405.patch | 18 ------------------ bzip2.changes | 6 ------ bzip2.spec | 4 +--- 3 files changed, 1 insertion(+), 27 deletions(-) delete mode 100644 bzip2-CVE-2010-0405.patch diff --git a/bzip2-CVE-2010-0405.patch b/bzip2-CVE-2010-0405.patch deleted file mode 100644 index 536aedb..0000000 --- a/bzip2-CVE-2010-0405.patch +++ /dev/null @@ -1,18 +0,0 @@ -Index: bzip2-1.0.5/decompress.c -=================================================================== ---- bzip2-1.0.5.orig/decompress.c -+++ bzip2-1.0.5/decompress.c -@@ -394,6 +394,13 @@ Int32 BZ2_decompress ( DState* s ) - es = -1; - N = 1; - do { -+ /* Check that N doesn't get too big, so that es doesn't -+ go negative. The maximum value that can be -+ RUNA/RUNB encoded is equal to the block size (post -+ the initial RLE), viz, 900k, so bounding N at 2 -+ million should guard against overflow without -+ rejecting any legitimate inputs. */ -+ if (N >= 2*1024*1024) RETURN(BZ_DATA_ERROR); - if (nextSym == BZ_RUNA) es = es + (0+1) * N; else - if (nextSym == BZ_RUNB) es = es + (1+1) * N; - N = N * 2; diff --git a/bzip2.changes b/bzip2.changes index aab2251..c654d86 100644 --- a/bzip2.changes +++ b/bzip2.changes @@ -1,9 +1,3 @@ -------------------------------------------------------------------- -Tue Sep 21 13:54:31 UTC 2010 - puzel@novell.com - -- add bzip2-CVE-2010-0405.patch (bnc#636978) -- fix copy-paste error in profile_bzip2() - ------------------------------------------------------------------- Mon Jun 28 06:38:35 UTC 2010 - jengelh@medozas.de diff --git a/bzip2.spec b/bzip2.spec index 3789be6..c7399d4 100644 --- a/bzip2.spec +++ b/bzip2.spec @@ -45,7 +45,6 @@ Patch: http://pack.suse.cz/sbrabec/bzip2/for_downstream/bzip2-1.0.5-aut Patch2: bzip2-maxlen20.patch Patch3: bzip2-faster.patch Patch5: bzip2-unsafe_strcpy.patch -Patch6: bzip2-CVE-2010-0405.patch BuildRoot: %{_tmppath}/%{name}-%{version}-build %description @@ -109,13 +108,12 @@ Authors: %patch2 %patch3 %patch5 -%patch6 -p1 %build profile_bzip2() { tmpfile=$(mktemp) - trap "rm -f $tmpfile $tmpfile.bz2" EXIT + trap "rm -f $tmpfile $tmpfile.gz" EXIT tar -cjf $tmpfile.bz2 /usr/src || true # time ./bzip2 $tmpfile time ./bzip2 -d < $tmpfile.bz2 > /dev/null From 97b5de053de341acf015fd994760bf180a3f522eccead85b4855dcaafe411e99 Mon Sep 17 00:00:00 2001 From: OBS User buildservice-autocommit Date: Tue, 21 Sep 2010 16:00:48 +0000 Subject: [PATCH 6/6] Updating link to change in openSUSE:Factory/bzip2 revision 26.0 OBS-URL: https://build.opensuse.org/package/show/Archiving/bzip2?expand=0&rev=ba843b2be98e63e6e5fb57040a8a6c10 --- bzip2-CVE-2010-0405.patch | 18 ++++++++++++++++++ bzip2.changes | 6 ++++++ bzip2.spec | 6 ++++-- 3 files changed, 28 insertions(+), 2 deletions(-) create mode 100644 bzip2-CVE-2010-0405.patch diff --git a/bzip2-CVE-2010-0405.patch b/bzip2-CVE-2010-0405.patch new file mode 100644 index 0000000..536aedb --- /dev/null +++ b/bzip2-CVE-2010-0405.patch @@ -0,0 +1,18 @@ +Index: bzip2-1.0.5/decompress.c +=================================================================== +--- bzip2-1.0.5.orig/decompress.c ++++ bzip2-1.0.5/decompress.c +@@ -394,6 +394,13 @@ Int32 BZ2_decompress ( DState* s ) + es = -1; + N = 1; + do { ++ /* Check that N doesn't get too big, so that es doesn't ++ go negative. The maximum value that can be ++ RUNA/RUNB encoded is equal to the block size (post ++ the initial RLE), viz, 900k, so bounding N at 2 ++ million should guard against overflow without ++ rejecting any legitimate inputs. */ ++ if (N >= 2*1024*1024) RETURN(BZ_DATA_ERROR); + if (nextSym == BZ_RUNA) es = es + (0+1) * N; else + if (nextSym == BZ_RUNB) es = es + (1+1) * N; + N = N * 2; diff --git a/bzip2.changes b/bzip2.changes index c654d86..aab2251 100644 --- a/bzip2.changes +++ b/bzip2.changes @@ -1,3 +1,9 @@ +------------------------------------------------------------------- +Tue Sep 21 13:54:31 UTC 2010 - puzel@novell.com + +- add bzip2-CVE-2010-0405.patch (bnc#636978) +- fix copy-paste error in profile_bzip2() + ------------------------------------------------------------------- Mon Jun 28 06:38:35 UTC 2010 - jengelh@medozas.de diff --git a/bzip2.spec b/bzip2.spec index c7399d4..881bf61 100644 --- a/bzip2.spec +++ b/bzip2.spec @@ -20,7 +20,7 @@ Name: bzip2 Version: 1.0.5 -Release: 39 +Release: 46 Provides: bzip Obsoletes: bzip BuildRequires: pkg-config @@ -45,6 +45,7 @@ Patch: http://pack.suse.cz/sbrabec/bzip2/for_downstream/bzip2-1.0.5-aut Patch2: bzip2-maxlen20.patch Patch3: bzip2-faster.patch Patch5: bzip2-unsafe_strcpy.patch +Patch6: bzip2-CVE-2010-0405.patch BuildRoot: %{_tmppath}/%{name}-%{version}-build %description @@ -108,12 +109,13 @@ Authors: %patch2 %patch3 %patch5 +%patch6 -p1 %build profile_bzip2() { tmpfile=$(mktemp) - trap "rm -f $tmpfile $tmpfile.gz" EXIT + trap "rm -f $tmpfile $tmpfile.bz2" EXIT tar -cjf $tmpfile.bz2 /usr/src || true # time ./bzip2 $tmpfile time ./bzip2 -d < $tmpfile.bz2 > /dev/null