c074e654c4
- Update to version 1.0.7:
* Fix undefined behavior in the macros SET_BH, CLEAR_BH, &
ISSET_BH.
* bzip2: Fix return value when combining --test,-t and -q.
* bzip2recover: Fix buffer overflow for large argv[0].
* bzip2recover: Fix use after free issue with outFile
(CVE-2016-3189).
* Make sure nSelectors is not out of range (CVE-2019-12900).
- Drop patches fixed upstream:
* bzip2-unsafe_strcpy.patch.
* bzip2-1.0.6-CVE-2016-3189.patch.
- Refresh patches with quilt.
OBS-URL: https://build.opensuse.org/request/show/712284
OBS-URL: https://build.opensuse.org/package/show/Archiving/bzip2?expand=0&rev=76
22 lines
664 B
Diff
22 lines
664 B
Diff
Index: bzip2-1.0.7/bzlib.c
|
|
===================================================================
|
|
--- bzip2-1.0.7.orig/bzlib.c 2019-06-27 20:15:39.000000000 +0200
|
|
+++ bzip2-1.0.7/bzlib.c 2019-06-27 23:10:21.399272583 +0200
|
|
@@ -1414,7 +1414,15 @@ BZFILE * bzopen_or_bzdopen
|
|
}
|
|
mode++;
|
|
}
|
|
- strcat(mode2, writing ? "w" : "r" );
|
|
+
|
|
+ /* open fds with O_CLOEXEC _only_ when we are the initiator
|
|
+ * aka. bzopen() but not bzdopen() */
|
|
+ if(open_mode == 0) {
|
|
+ strcat (mode2, writing ? "we" : "re" );
|
|
+ } else {
|
|
+ strcat(mode2, writing ? "w" : "r" );
|
|
+ }
|
|
+
|
|
strcat(mode2,"b"); /* binary mode */
|
|
|
|
if (open_mode==0) {
|