SHA256
1
0
forked from pool/bzip2

- Update bug reference

- Fix downloaded patches
  * Make sure nSelectors is not out of range (CVE-2019-12900
    bsc#1139083)

OBS-URL: https://build.opensuse.org/package/show/Archiving/bzip2?expand=0&rev=77
This commit is contained in:
Martin Pluskal 2019-06-28 07:51:07 +00:00 committed by Git OBS Bridge
parent c074e654c4
commit 280db28620
3 changed files with 29 additions and 31 deletions

View File

@ -1,7 +1,5 @@
Index: bzip2-1.0.7/autogen.sh
===================================================================
--- /dev/null 1970-01-01 00:00:00.000000000 +0000
+++ bzip2-1.0.7/autogen.sh 2019-06-27 23:12:37.015916631 +0200
--- /dev/null
+++ autogen.sh
@@ -0,0 +1,8 @@
+mv LICENSE COPYING
+mv CHANGES NEWS
@ -11,10 +9,8 @@ Index: bzip2-1.0.7/autogen.sh
+aclocal
+automake --add-missing --gnu
+autoconf
Index: bzip2-1.0.7/README.autotools
===================================================================
--- /dev/null 1970-01-01 00:00:00.000000000 +0000
+++ bzip2-1.0.7/README.autotools 2019-06-27 23:12:37.015916631 +0200
--- /dev/null
+++ README.autotools
@@ -0,0 +1,41 @@
+bzip2 autoconfiscated
+=====================
@ -57,10 +53,8 @@ Index: bzip2-1.0.7/README.autotools
+
+To be super-safe, I incremented minor number of the library file, so
+both instances of the shared library can live together.
Index: bzip2-1.0.7/configure.ac
===================================================================
--- /dev/null 1970-01-01 00:00:00.000000000 +0000
+++ bzip2-1.0.7/configure.ac 2019-06-27 23:12:37.015916631 +0200
--- /dev/null
+++ configure.ac
@@ -0,0 +1,62 @@
+# -*- Autoconf -*-
+# Process this file with autoconf to produce a configure script.
@ -124,10 +118,8 @@ Index: bzip2-1.0.7/configure.ac
+AC_SUBST([BZIP2_LT_AGE])
+AC_CONFIG_FILES([Makefile bzip2.pc])
+AC_OUTPUT
Index: bzip2-1.0.7/Makefile.am
===================================================================
--- /dev/null 1970-01-01 00:00:00.000000000 +0000
+++ bzip2-1.0.7/Makefile.am 2019-06-27 23:12:37.015916631 +0200
--- /dev/null
+++ Makefile.am
@@ -0,0 +1,137 @@
+ACLOCAL_AMFLAGS = -I m4
+lib_LTLIBRARIES = libbz2.la
@ -266,10 +258,8 @@ Index: bzip2-1.0.7/Makefile.am
+ words2 \
+ words3 \
+ xmlproc.sh
Index: bzip2-1.0.7/bzip2.pc.in
===================================================================
--- /dev/null 1970-01-01 00:00:00.000000000 +0000
+++ bzip2-1.0.7/bzip2.pc.in 2019-06-27 23:12:37.015916631 +0200
--- /dev/null
+++ bzip2.pc.in
@@ -0,0 +1,11 @@
+prefix=@prefix@
+exec_prefix=@exec_prefix@
@ -282,10 +272,8 @@ Index: bzip2-1.0.7/bzip2.pc.in
+Version: @VERSION@
+Libs: -L${libdir} -lbz2
+Cflags: -I${includedir}
Index: bzip2-1.0.7/m4/visibility.m4
===================================================================
--- /dev/null 1970-01-01 00:00:00.000000000 +0000
+++ bzip2-1.0.7/m4/visibility.m4 2019-06-27 23:12:37.015916631 +0200
--- /dev/null
+++ m4/visibility.m4
@@ -0,0 +1,78 @@
+# visibility.m4 serial 4 (gettext-0.18.2)
+dnl Copyright (C) 2005, 2008, 2010-2011 Free Software Foundation, Inc.
@ -365,10 +353,8 @@ Index: bzip2-1.0.7/m4/visibility.m4
+ AC_DEFINE_UNQUOTED([HAVE_VISIBILITY], [$HAVE_VISIBILITY],
+ [Define to 1 or 0, depending whether the compiler supports simple visibility declarations.])
+])
Index: bzip2-1.0.7/bzlib.h
===================================================================
--- bzip2-1.0.7.orig/bzlib.h 2019-06-27 20:15:39.000000000 +0200
+++ bzip2-1.0.7/bzlib.h 2019-06-27 23:12:37.015916631 +0200
--- bzlib.h.orig
+++ bzlib.h
@@ -91,9 +91,11 @@ typedef
# endif
#else

View File

@ -1,3 +1,9 @@
-------------------------------------------------------------------
Fri Jun 28 07:42:24 UTC 2019 - Martin Pluskal <mpluskal@suse.com>
- Update bug reference
- Fix downloaded patches
-------------------------------------------------------------------
Thu Jun 27 21:01:36 UTC 2019 - Bjørn Lie <bjorn.lie@gmail.com>
@ -8,7 +14,8 @@ Thu Jun 27 21:01:36 UTC 2019 - Bjørn Lie <bjorn.lie@gmail.com>
* bzip2recover: Fix buffer overflow for large argv[0].
* bzip2recover: Fix use after free issue with outFile
(CVE-2016-3189).
* Make sure nSelectors is not out of range (CVE-2019-12900).
* Make sure nSelectors is not out of range (CVE-2019-12900
bsc#1139083)
- Drop patches fixed upstream:
* bzip2-unsafe_strcpy.patch.
* bzip2-1.0.6-CVE-2016-3189.patch.

View File

@ -72,7 +72,12 @@ Requires: glibc-devel
The bzip2 runtime library development files.
%prep
%autosetup -p1
%setup -q
%patch0
%patch1 -p1
%patch3 -p1
%patch4 -p1
%patch5 -p1
%build
autoreconf -fiv
@ -82,7 +87,7 @@ autoreconf -fiv
%if 0%{?do_profiling}
make %{?_smp_mflags} CFLAGS="%{optflags} %{cflags_profile_generate}"
make %{?_smp_mflags} CFLAGS="%{optflags} %{cflags_profile_generate}" test
make clean
make %{?_smp_mflags} clean
make %{?_smp_mflags} CFLAGS="%{optflags} %{cflags_profile_feedback}"
%else
make %{?_smp_mflags} CFLAGS="%{optflags}"