bzip2/bzip2-ocloexec.patch
Martin Pluskal c074e654c4 Accepting request 712284 from home:iznogood:branches:Archiving
- Update to version 1.0.7:
  * Fix undefined behavior in the macros SET_BH, CLEAR_BH, &
    ISSET_BH.
  * bzip2: Fix return value when combining --test,-t and -q.
  * bzip2recover: Fix buffer overflow for large argv[0].
  * bzip2recover: Fix use after free issue with outFile
    (CVE-2016-3189).
  * Make sure nSelectors is not out of range (CVE-2019-12900).
- Drop patches fixed upstream:
  * bzip2-unsafe_strcpy.patch.
  * bzip2-1.0.6-CVE-2016-3189.patch.
- Refresh patches with quilt.

OBS-URL: https://build.opensuse.org/request/show/712284
OBS-URL: https://build.opensuse.org/package/show/Archiving/bzip2?expand=0&rev=76
2019-06-28 07:19:41 +00:00

22 lines
664 B
Diff

Index: bzip2-1.0.7/bzlib.c
===================================================================
--- bzip2-1.0.7.orig/bzlib.c 2019-06-27 20:15:39.000000000 +0200
+++ bzip2-1.0.7/bzlib.c 2019-06-27 23:10:21.399272583 +0200
@@ -1414,7 +1414,15 @@ BZFILE * bzopen_or_bzdopen
}
mode++;
}
- strcat(mode2, writing ? "w" : "r" );
+
+ /* open fds with O_CLOEXEC _only_ when we are the initiator
+ * aka. bzopen() but not bzdopen() */
+ if(open_mode == 0) {
+ strcat (mode2, writing ? "we" : "re" );
+ } else {
+ strcat(mode2, writing ? "w" : "r" );
+ }
+
strcat(mode2,"b"); /* binary mode */
if (open_mode==0) {