rpm/bzip2
SHA256
1
0
Fork 0
forked from pool/bzip2
Code Pull Requests Activity

Updating link to change in openSUSE:Factory/bzip2 revision 26.0

Browse Source 
OBS-URL: https://build.opensuse.org/package/show/Archiving/bzip2?expand=0&rev=ba843b2be98e63e6e5fb57040a8a6c10
This commit is contained in:
OBS User buildservice-autocommit 2010-09-21 16:00:48 +00:00 committed by Git OBS Bridge
parent 787e3156ae
commit 97b5de053d
3 changed files with 28 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

18
bzip2-CVE-2010-0405.patch Normal file
View File

@ -0,0 +1,18 @@
Index: bzip2-1.0.5/decompress.c
===================================================================
--- bzip2-1.0.5.orig/decompress.c
+++ bzip2-1.0.5/decompress.c
@@ -394,6 +394,13 @@ Int32 BZ2_decompress ( DState* s )
es = -1;
N = 1;
do {
+ /* Check that N doesn't get too big, so that es doesn't
+ go negative. The maximum value that can be
+ RUNA/RUNB encoded is equal to the block size (post
+ the initial RLE), viz, 900k, so bounding N at 2
+ million should guard against overflow without
+ rejecting any legitimate inputs. */
+ if (N >= 2*1024*1024) RETURN(BZ_DATA_ERROR);
if (nextSym == BZ_RUNA) es = es + (0+1) * N; else
if (nextSym == BZ_RUNB) es = es + (1+1) * N;
N = N * 2;

6
bzip2.changes
View File

@ -1,3 +1,9 @@
-------------------------------------------------------------------
Tue Sep 21 13:54:31 UTC 2010 - puzel@novell.com
- add bzip2-CVE-2010-0405.patch (bnc#636978)
- fix copy-paste error in profile_bzip2()
------------------------------------------------------------------- -------------------------------------------------------------------
Mon Jun 28 06:38:35 UTC 2010 - jengelh@medozas.de Mon Jun 28 06:38:35 UTC 2010 - jengelh@medozas.de

6
bzip2.spec
View File

@ -20,7 +20,7 @@
Name: bzip2 Name: bzip2
Version: 1.0.5 Version: 1.0.5
Release: 39 Release: 46
Provides: bzip Provides: bzip
Obsoletes: bzip Obsoletes: bzip
BuildRequires: pkg-config BuildRequires: pkg-config
@ -45,6 +45,7 @@ Patch: http://pack.suse.cz/sbrabec/bzip2/for_downstream/bzip2-1.0.5-aut
Patch2: bzip2-maxlen20.patch Patch2: bzip2-maxlen20.patch
Patch3: bzip2-faster.patch Patch3: bzip2-faster.patch
Patch5: bzip2-unsafe_strcpy.patch Patch5: bzip2-unsafe_strcpy.patch
Patch6: bzip2-CVE-2010-0405.patch
BuildRoot: %{_tmppath}/%{name}-%{version}-build BuildRoot: %{_tmppath}/%{name}-%{version}-build
%description %description
@ -108,12 +109,13 @@ Authors:
%patch2 %patch2
%patch3 %patch3
%patch5 %patch5
%patch6 -p1
%build %build
profile_bzip2() profile_bzip2()
{ {
tmpfile=$(mktemp) tmpfile=$(mktemp)
trap "rm -f $tmpfile $tmpfile.gz" EXIT trap "rm -f $tmpfile $tmpfile.bz2" EXIT
tar -cjf $tmpfile.bz2 /usr/src || true tar -cjf $tmpfile.bz2 /usr/src || true
# time ./bzip2 $tmpfile # time ./bzip2 $tmpfile
time ./bzip2 -d < $tmpfile.bz2 > /dev/null time ./bzip2 -d < $tmpfile.bz2 > /dev/null