SHA256
1
0
forked from pool/bzip2
OBS User unknown 2008-04-06 00:00:24 +00:00 committed by Git OBS Bridge
parent 79e1879a13
commit b45d5bde1a
8 changed files with 67 additions and 51 deletions

View File

@ -1,3 +0,0 @@
version https://git-lfs.github.com/spec/v1
oid sha256:f41c3898fbd53e68e0b052418960e538813cc98afcd72b2b604079d8de3e529c
size 841221

3
bzip2-1.0.5.tar.gz Normal file
View File

@ -0,0 +1,3 @@
version https://git-lfs.github.com/spec/v1
oid sha256:f7bf5368309d76e5daf3a89d4d1bea688dac7780742e7a0ae1af19be9316fe22
size 841402

View File

@ -1,41 +0,0 @@
--- bzip2-1.0.4/bzlib.c 2007-01-03 03:00:55.000000000 +0100
+++ bzip2-1.0.5/bzlib.c 2007-12-09 14:57:21.000000000 +0100
@@ -598,6 +598,7 @@
UInt32 c_tPos = s->tPos;
char* cs_next_out = s->strm->next_out;
unsigned int cs_avail_out = s->strm->avail_out;
+ Int32 ro_blockSize100k = s->blockSize100k;
/* end restore */
UInt32 avail_out_INIT = cs_avail_out;
--- bzip2-1.0.4/bzlib_private.h 2007-01-03 03:00:55.000000000 +0100
+++ bzip2-1.0.5/bzlib_private.h 2007-12-09 15:00:46.000000000 +0100
@@ -442,11 +442,15 @@
/*-- Macros for decompression. --*/
#define BZ_GET_FAST(cccc) \
+ /* c_tPos is unsigned, hence test < 0 is pointless. */ \
+ if (s->tPos >= (UInt32)100000 * (UInt32)s->blockSize100k) return True; \
s->tPos = s->tt[s->tPos]; \
cccc = (UChar)(s->tPos & 0xff); \
s->tPos >>= 8;
#define BZ_GET_FAST_C(cccc) \
+ /* c_tPos is unsigned, hence test < 0 is pointless. */ \
+ if (c_tPos >= (UInt32)100000 * (UInt32)ro_blockSize100k) return True; \
c_tPos = c_tt[c_tPos]; \
cccc = (UChar)(c_tPos & 0xff); \
c_tPos >>= 8;
@@ -469,8 +473,10 @@
(((UInt32)s->ll16[i]) | (GET_LL4(i) << 16))
#define BZ_GET_SMALL(cccc) \
- cccc = BZ2_indexIntoF ( s->tPos, s->cftab ); \
- s->tPos = GET_LL(s->tPos);
+ /* c_tPos is unsigned, hence test < 0 is pointless. */ \
+ if (s->tPos >= (UInt32)100000 * (UInt32)s->blockSize100k) return True; \
+ cccc = BZ2_indexIntoF ( s->tPos, s->cftab ); \
+ s->tPos = GET_LL(s->tPos);
/*-- externs for decompression. --*/

11
bzip2-cflags.patch Normal file
View File

@ -0,0 +1,11 @@
--- Makefile-libbz2_so
+++ Makefile-libbz2_so
@@ -35,7 +35,7 @@
bzlib.o
all: $(OBJS)
- $(CC) -shared -Wl,-soname -Wl,libbz2.so.1.0 -o libbz2.so.1.0.4 $(OBJS)
+ $(CC) $(CFLAGS) -shared -Wl,-soname -Wl,libbz2.so.1.0 -o libbz2.so.1.0.4 $(OBJS)
$(CC) $(CFLAGS) -o bzip2-shared bzip2.c libbz2.so.1.0.4
rm -f libbz2.so.1.0
ln -s libbz2.so.1.0.4 libbz2.so.1.0

View File

@ -24,7 +24,7 @@
}
DState;
@@ -482,8 +485,8 @@
@@ -488,8 +491,8 @@
BZ2_decompress ( DState* );
extern void

12
bzip2-unsafe_strcpy.patch Normal file
View File

@ -0,0 +1,12 @@
--- bzip2recover.c
+++ bzip2recover.c
@@ -309,7 +309,8 @@
UInt32 buffHi, buffLo, blockCRC;
Char* p;
- strcpy ( progName, argv[0] );
+ strncpy ( progName, argv[0], BZ_MAX_FILENAME-1);
+ progName[BZ_MAX_FILENAME-1]='\0';
inFileName[0] = outFileName[0] = 0;
fprintf ( stderr,

View File

@ -1,3 +1,15 @@
-------------------------------------------------------------------
Thu Apr 3 17:12:42 CEST 2008 - lmichnovic@suse.cz
- update to version 1.5
* Fixes CERT-FI 20469 as it applies to bzip2
which obsoletes bzip2-CVE-2008-1372-CERT-FI-20469.patch
- installing scripts bzdiff, bzgrep, bzmore
and symlinks bzless, bzcmp [bnc#376464]
- addded CFLAGS in Makefile-libbz2_so (cflags.patch)
- fix unsafe strcpy in bzip2recover (unsafe_strcpy.patch)
Thanks to Red Hat.
-------------------------------------------------------------------
Wed Mar 19 18:34:23 CET 2008 - nadvornik@suse.cz

View File

@ -1,5 +1,5 @@
#
# spec file for package bzip2 (Version 1.0.4)
# spec file for package bzip2 (Version 1.0.5)
#
# Copyright (c) 2008 SUSE LINUX Products GmbH, Nuernberg, Germany.
# This file and all modifications and additions to the pristine
@ -12,8 +12,8 @@
Name: bzip2
Version: 1.0.4
Release: 69
Version: 1.0.5
Release: 1
Provides: bzip
Obsoletes: bzip
# The following is a kludge to get updating bzip2 to after the split work
@ -30,7 +30,8 @@ Source100: rpmlintrc
Patch1: bzip2-shared_lib.patch
Patch2: bzip2-maxlen20.patch
Patch3: bzip2-faster.patch
Patch4: bzip2-CVE-2008-1372-CERT-FI-20469.patch
Patch4: bzip2-cflags.patch
Patch5: bzip2-unsafe_strcpy.patch
BuildRoot: %{_tmppath}/%{name}-%{version}-build
%description
@ -43,6 +44,7 @@ Authors:
Julian Seward <jseward@acm.org>
%package doc
License: BSD 3-Clause
Summary: The bzip2 program and Library Documentation
Group: Productivity/Archiving/Compression
@ -56,6 +58,7 @@ Authors:
Julian Seward <jseward@acm.org>
%package -n libbz2-1
License: BSD 3-Clause
Summary: The bzip2 runtime library
Group: Productivity/Archiving/Compression
@ -69,6 +72,7 @@ Authors:
Julian Seward <jseward@acm.org>
%package -n libbz2-devel
License: BSD 3-Clause
Summary: The bzip2 runtime library development files
Group: Development/Libraries/Other
Requires: libbz2-1 = %{version}
@ -87,7 +91,8 @@ Authors:
%patch1
%patch2
%patch3
%patch4 -p1
%patch4
%patch5
%build
profile_bzip2()
@ -120,6 +125,14 @@ install -m 755 -d $RPM_BUILD_ROOT/%{_lib}/
mv $RPM_BUILD_ROOT%{_libdir}/libbz2.so $RPM_BUILD_ROOT/%{_lib}/libbz2.so.%{version}
ln -sf libbz2.so.%{version} $RPM_BUILD_ROOT/%{_lib}/libbz2.so.1
ln -sf ../../%{_lib}/libbz2.so.%{version} $RPM_BUILD_ROOT%{_libdir}/libbz2.so
# installing bzgrep, bzdiff and bzmore scripts bnc#376464
mkdir -p $RPM_BUILD_ROOT%{_bindir}
install -m 755 bzgrep bzdiff bzmore $RPM_BUILD_ROOT%{_bindir}
install -m 644 bzgrep.1 bzdiff.1 bzmore.1 $RPM_BUILD_ROOT%{_mandir}/man1
ln -s bzdiff $RPM_BUILD_ROOT%{_bindir}/bzcmp
ln -s bzmore $RPM_BUILD_ROOT%{_bindir}/bzless
ln -s bzdiff.1 $RPM_BUILD_ROOT%{_mandir}/man1/bzcmp.1
ln -s bzmore.1 $RPM_BUILD_ROOT%{_mandir}/man1/bzless.1
%clean
rm -rf $RPM_BUILD_ROOT
@ -151,6 +164,15 @@ rm -rf $RPM_BUILD_ROOT
%{_libdir}/libbz2.so
%changelog
* Thu Apr 03 2008 lmichnovic@suse.cz
- update to version 1.5
* Fixes CERT-FI 20469 as it applies to bzip2
which obsoletes bzip2-CVE-2008-1372-CERT-FI-20469.patch
- installing scripts bzdiff, bzgrep, bzmore
and symlinks bzless, bzcmp [bnc#376464]
- addded CFLAGS in Makefile-libbz2_so (cflags.patch)
- fix unsafe strcpy in bzip2recover (unsafe_strcpy.patch)
Thanks to Red Hat.
* Wed Mar 19 2008 nadvornik@suse.cz
- fixed buffer overflows CVE-2008-1372 [bnc#372047]
* Thu Dec 06 2007 lmichnovic@suse.cz
@ -220,7 +242,7 @@ rm -rf $RPM_BUILD_ROOT
- re-added /usr/include/bzlib.h
* Thu Mar 08 2001 bk@suse.de
- Replaced the -malign options with -mcpu=pentiumpro
* Tue Mar 06 2001 bk@suse.de
* Wed Mar 07 2001 bk@suse.de
- add version info to libbz2 link to fix the library version number
- if i386, add -malign-loops=2 -malign-jumps=2 -malign-functions=2
* Thu Nov 30 2000 aj@suse.de