From 2bb416d80b584cf0255b9594af3ce863e4a19848a6a94cc19e8a55728dc24fcf Mon Sep 17 00:00:00 2001 From: Petr Uzel Date: Tue, 21 Sep 2010 14:03:08 +0000 Subject: [PATCH] bzip2-CVE-2010-0405.patch (bnc#636978) OBS-URL: https://build.opensuse.org/package/show/Archiving/bzip2?expand=0&rev=11 --- bzip2-CVE-2010-0405.patch | 18 ++++++++++++++++++ bzip2.changes | 11 +++++++++++ bzip2.spec | 12 +++++++----- 3 files changed, 36 insertions(+), 5 deletions(-) create mode 100644 bzip2-CVE-2010-0405.patch diff --git a/bzip2-CVE-2010-0405.patch b/bzip2-CVE-2010-0405.patch new file mode 100644 index 0000000..536aedb --- /dev/null +++ b/bzip2-CVE-2010-0405.patch @@ -0,0 +1,18 @@ +Index: bzip2-1.0.5/decompress.c +=================================================================== +--- bzip2-1.0.5.orig/decompress.c ++++ bzip2-1.0.5/decompress.c +@@ -394,6 +394,13 @@ Int32 BZ2_decompress ( DState* s ) + es = -1; + N = 1; + do { ++ /* Check that N doesn't get too big, so that es doesn't ++ go negative. The maximum value that can be ++ RUNA/RUNB encoded is equal to the block size (post ++ the initial RLE), viz, 900k, so bounding N at 2 ++ million should guard against overflow without ++ rejecting any legitimate inputs. */ ++ if (N >= 2*1024*1024) RETURN(BZ_DATA_ERROR); + if (nextSym == BZ_RUNA) es = es + (0+1) * N; else + if (nextSym == BZ_RUNB) es = es + (1+1) * N; + N = N * 2; diff --git a/bzip2.changes b/bzip2.changes index 402d6d3..aab2251 100644 --- a/bzip2.changes +++ b/bzip2.changes @@ -1,3 +1,14 @@ +------------------------------------------------------------------- +Tue Sep 21 13:54:31 UTC 2010 - puzel@novell.com + +- add bzip2-CVE-2010-0405.patch (bnc#636978) +- fix copy-paste error in profile_bzip2() + +------------------------------------------------------------------- +Mon Jun 28 06:38:35 UTC 2010 - jengelh@medozas.de + +- use %_smp_mflags + ------------------------------------------------------------------- Wed Dec 16 10:53:20 CET 2009 - jengelh@medozas.de diff --git a/bzip2.spec b/bzip2.spec index ef84e9b..3789be6 100644 --- a/bzip2.spec +++ b/bzip2.spec @@ -1,7 +1,7 @@ # # spec file for package bzip2 (Version 1.0.5) # -# Copyright (c) 2009 SUSE LINUX Products GmbH, Nuernberg, Germany. +# Copyright (c) 2010 SUSE LINUX Products GmbH, Nuernberg, Germany. # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -20,7 +20,7 @@ Name: bzip2 Version: 1.0.5 -Release: 38 +Release: 39 Provides: bzip Obsoletes: bzip BuildRequires: pkg-config @@ -45,6 +45,7 @@ Patch: http://pack.suse.cz/sbrabec/bzip2/for_downstream/bzip2-1.0.5-aut Patch2: bzip2-maxlen20.patch Patch3: bzip2-faster.patch Patch5: bzip2-unsafe_strcpy.patch +Patch6: bzip2-CVE-2010-0405.patch BuildRoot: %{_tmppath}/%{name}-%{version}-build %description @@ -108,12 +109,13 @@ Authors: %patch2 %patch3 %patch5 +%patch6 -p1 %build profile_bzip2() { tmpfile=$(mktemp) - trap "rm -f $tmpfile $tmpfile.gz" EXIT + trap "rm -f $tmpfile $tmpfile.bz2" EXIT tar -cjf $tmpfile.bz2 /usr/src || true # time ./bzip2 $tmpfile time ./bzip2 -d < $tmpfile.bz2 > /dev/null @@ -126,7 +128,7 @@ export CFLAGS="$RPM_OPT_FLAGS %{cflags_profile_generate}" --libdir=/%{_lib}\ --disable-static %if %{do_profiling} -make %{?jobs:-j %jobs} +make %{?_smp_mflags} profile_bzip2 mkdir .libs.save mv .libs/*.gcda .libs.save/ @@ -137,7 +139,7 @@ export CFLAGS="$RPM_OPT_FLAGS %{cflags_profile_feedback}" --libdir=/%{_lib}\ --disable-static %endif -make %{?jobs:-j %jobs} +make %{?_smp_mflags} %install %makeinstall pkgconfigdir=%{_libdir}/pkgconfig