forked from pool/bzip2
Accepting request 712284 from home:iznogood:branches:Archiving
- Update to version 1.0.7: * Fix undefined behavior in the macros SET_BH, CLEAR_BH, & ISSET_BH. * bzip2: Fix return value when combining --test,-t and -q. * bzip2recover: Fix buffer overflow for large argv[0]. * bzip2recover: Fix use after free issue with outFile (CVE-2016-3189). * Make sure nSelectors is not out of range (CVE-2019-12900). - Drop patches fixed upstream: * bzip2-unsafe_strcpy.patch. * bzip2-1.0.6-CVE-2016-3189.patch. - Refresh patches with quilt. OBS-URL: https://build.opensuse.org/request/show/712284 OBS-URL: https://build.opensuse.org/package/show/Archiving/bzip2?expand=0&rev=76
This commit is contained in:
parent
3713b730d5
commit
c074e654c4
@ -1,15 +0,0 @@
|
||||
Author: Jakub Martisko <jamartis@redhat.com>
|
||||
Date: Wed, 30 Mar 2016 10:22:27 +0200
|
||||
Description: bzip2recover: Fix potential use-after-free
|
||||
Origin: https://bugzilla.redhat.com/attachment.cgi?id=1169843&action=edit
|
||||
|
||||
--- a/bzip2recover.c
|
||||
+++ b/bzip2recover.c
|
||||
@@ -472,6 +472,7 @@ Int32 main ( Int32 argc, Char** argv )
|
||||
bsPutUChar ( bsWr, 0x50 ); bsPutUChar ( bsWr, 0x90 );
|
||||
bsPutUInt32 ( bsWr, blockCRC );
|
||||
bsClose ( bsWr );
|
||||
+ outFile = NULL;
|
||||
}
|
||||
if (wrBlock >= rbCtr) break;
|
||||
wrBlock++;
|
@ -1,7 +1,7 @@
|
||||
Index: bzip2-1.0.6/bzgrep
|
||||
Index: bzip2-1.0.7/bzgrep
|
||||
===================================================================
|
||||
--- bzip2-1.0.6.orig/bzgrep
|
||||
+++ bzip2-1.0.6/bzgrep
|
||||
--- bzip2-1.0.7.orig/bzgrep 2019-06-27 23:10:21.375272508 +0200
|
||||
+++ bzip2-1.0.7/bzgrep 2019-06-27 23:10:21.415272635 +0200
|
||||
@@ -65,8 +65,20 @@ for i do
|
||||
else
|
||||
j=$(echo "$i" | sed 's/\\/&&/g;s/|/\\&/g;s/&/\\&/g')
|
||||
|
@ -1,6 +1,7 @@
|
||||
diff -Ndurp bzip2-1.0.6/bzgrep bzip2-1.0.6-fix-bashisms/bzgrep
|
||||
--- bzip2-1.0.6/bzgrep 2007-01-03 04:00:55.000000000 +0200
|
||||
+++ bzip2-1.0.6-fix-bashisms/bzgrep 2014-10-19 02:07:30.036033876 +0300
|
||||
Index: bzip2-1.0.7/bzgrep
|
||||
===================================================================
|
||||
--- bzip2-1.0.7.orig/bzgrep 2019-06-27 20:15:39.000000000 +0200
|
||||
+++ bzip2-1.0.7/bzgrep 2019-06-27 23:12:37.027916706 +0200
|
||||
@@ -63,9 +63,7 @@ for i do
|
||||
bzip2 -cdfq "$i" | $grep $opt "$pat"
|
||||
r=$?
|
||||
|
@ -1,5 +1,7 @@
|
||||
--- /dev/null
|
||||
+++ autogen.sh
|
||||
Index: bzip2-1.0.7/autogen.sh
|
||||
===================================================================
|
||||
--- /dev/null 1970-01-01 00:00:00.000000000 +0000
|
||||
+++ bzip2-1.0.7/autogen.sh 2019-06-27 23:12:37.015916631 +0200
|
||||
@@ -0,0 +1,8 @@
|
||||
+mv LICENSE COPYING
|
||||
+mv CHANGES NEWS
|
||||
@ -9,8 +11,10 @@
|
||||
+aclocal
|
||||
+automake --add-missing --gnu
|
||||
+autoconf
|
||||
--- /dev/null
|
||||
+++ README.autotools
|
||||
Index: bzip2-1.0.7/README.autotools
|
||||
===================================================================
|
||||
--- /dev/null 1970-01-01 00:00:00.000000000 +0000
|
||||
+++ bzip2-1.0.7/README.autotools 2019-06-27 23:12:37.015916631 +0200
|
||||
@@ -0,0 +1,41 @@
|
||||
+bzip2 autoconfiscated
|
||||
+=====================
|
||||
@ -53,8 +57,10 @@
|
||||
+
|
||||
+To be super-safe, I incremented minor number of the library file, so
|
||||
+both instances of the shared library can live together.
|
||||
--- /dev/null
|
||||
+++ configure.ac
|
||||
Index: bzip2-1.0.7/configure.ac
|
||||
===================================================================
|
||||
--- /dev/null 1970-01-01 00:00:00.000000000 +0000
|
||||
+++ bzip2-1.0.7/configure.ac 2019-06-27 23:12:37.015916631 +0200
|
||||
@@ -0,0 +1,62 @@
|
||||
+# -*- Autoconf -*-
|
||||
+# Process this file with autoconf to produce a configure script.
|
||||
@ -118,8 +124,10 @@
|
||||
+AC_SUBST([BZIP2_LT_AGE])
|
||||
+AC_CONFIG_FILES([Makefile bzip2.pc])
|
||||
+AC_OUTPUT
|
||||
--- /dev/null
|
||||
+++ Makefile.am
|
||||
Index: bzip2-1.0.7/Makefile.am
|
||||
===================================================================
|
||||
--- /dev/null 1970-01-01 00:00:00.000000000 +0000
|
||||
+++ bzip2-1.0.7/Makefile.am 2019-06-27 23:12:37.015916631 +0200
|
||||
@@ -0,0 +1,137 @@
|
||||
+ACLOCAL_AMFLAGS = -I m4
|
||||
+lib_LTLIBRARIES = libbz2.la
|
||||
@ -258,8 +266,10 @@
|
||||
+ words2 \
|
||||
+ words3 \
|
||||
+ xmlproc.sh
|
||||
--- /dev/null
|
||||
+++ bzip2.pc.in
|
||||
Index: bzip2-1.0.7/bzip2.pc.in
|
||||
===================================================================
|
||||
--- /dev/null 1970-01-01 00:00:00.000000000 +0000
|
||||
+++ bzip2-1.0.7/bzip2.pc.in 2019-06-27 23:12:37.015916631 +0200
|
||||
@@ -0,0 +1,11 @@
|
||||
+prefix=@prefix@
|
||||
+exec_prefix=@exec_prefix@
|
||||
@ -272,8 +282,10 @@
|
||||
+Version: @VERSION@
|
||||
+Libs: -L${libdir} -lbz2
|
||||
+Cflags: -I${includedir}
|
||||
--- /dev/null
|
||||
+++ m4/visibility.m4
|
||||
Index: bzip2-1.0.7/m4/visibility.m4
|
||||
===================================================================
|
||||
--- /dev/null 1970-01-01 00:00:00.000000000 +0000
|
||||
+++ bzip2-1.0.7/m4/visibility.m4 2019-06-27 23:12:37.015916631 +0200
|
||||
@@ -0,0 +1,78 @@
|
||||
+# visibility.m4 serial 4 (gettext-0.18.2)
|
||||
+dnl Copyright (C) 2005, 2008, 2010-2011 Free Software Foundation, Inc.
|
||||
@ -353,8 +365,10 @@
|
||||
+ AC_DEFINE_UNQUOTED([HAVE_VISIBILITY], [$HAVE_VISIBILITY],
|
||||
+ [Define to 1 or 0, depending whether the compiler supports simple visibility declarations.])
|
||||
+])
|
||||
--- bzlib.h.orig
|
||||
+++ bzlib.h
|
||||
Index: bzip2-1.0.7/bzlib.h
|
||||
===================================================================
|
||||
--- bzip2-1.0.7.orig/bzlib.h 2019-06-27 20:15:39.000000000 +0200
|
||||
+++ bzip2-1.0.7/bzlib.h 2019-06-27 23:12:37.015916631 +0200
|
||||
@@ -91,9 +91,11 @@ typedef
|
||||
# endif
|
||||
#else
|
||||
|
@ -1,3 +0,0 @@
|
||||
version https://git-lfs.github.com/spec/v1
|
||||
oid sha256:a2848f34fcd5d6cf47def00461fcb528a0484d8edef8208d6d2e2909dc61d9cd
|
||||
size 782025
|
3
bzip2-1.0.7.tar.gz
Normal file
3
bzip2-1.0.7.tar.gz
Normal file
@ -0,0 +1,3 @@
|
||||
version https://git-lfs.github.com/spec/v1
|
||||
oid sha256:e768a87c5b1a79511499beb41500bcc4caf203726fff46a6f5f9ad27fe08ab2b
|
||||
size 809680
|
@ -1,5 +1,7 @@
|
||||
--- bzlib.c.orig
|
||||
+++ bzlib.c
|
||||
Index: bzip2-1.0.7/bzlib.c
|
||||
===================================================================
|
||||
--- bzip2-1.0.7.orig/bzlib.c 2019-06-27 20:15:39.000000000 +0200
|
||||
+++ bzip2-1.0.7/bzlib.c 2019-06-27 23:10:21.399272583 +0200
|
||||
@@ -1414,7 +1414,15 @@ BZFILE * bzopen_or_bzdopen
|
||||
}
|
||||
mode++;
|
||||
|
@ -1,7 +1,7 @@
|
||||
Index: bzip2-1.0.6/README
|
||||
Index: bzip2-1.0.7/README
|
||||
===================================================================
|
||||
--- bzip2-1.0.6.orig/README
|
||||
+++ bzip2-1.0.6/README
|
||||
--- bzip2-1.0.7.orig/README 2019-06-27 20:15:39.000000000 +0200
|
||||
+++ bzip2-1.0.7/README 2019-06-27 23:10:21.387272546 +0200
|
||||
@@ -17,7 +17,8 @@ in the file LICENSE.
|
||||
|
||||
Complete documentation is available in Postscript form (manual.ps),
|
||||
|
@ -1,12 +0,0 @@
|
||||
--- bzip2recover.c
|
||||
+++ bzip2recover.c
|
||||
@@ -309,7 +309,8 @@
|
||||
UInt32 buffHi, buffLo, blockCRC;
|
||||
Char* p;
|
||||
|
||||
- strcpy ( progName, argv[0] );
|
||||
+ strncpy ( progName, argv[0], BZ_MAX_FILENAME-1);
|
||||
+ progName[BZ_MAX_FILENAME-1]='\0';
|
||||
inFileName[0] = outFileName[0] = 0;
|
||||
|
||||
fprintf ( stderr,
|
@ -1,3 +1,19 @@
|
||||
-------------------------------------------------------------------
|
||||
Thu Jun 27 21:01:36 UTC 2019 - Bjørn Lie <bjorn.lie@gmail.com>
|
||||
|
||||
- Update to version 1.0.7:
|
||||
* Fix undefined behavior in the macros SET_BH, CLEAR_BH, &
|
||||
ISSET_BH.
|
||||
* bzip2: Fix return value when combining --test,-t and -q.
|
||||
* bzip2recover: Fix buffer overflow for large argv[0].
|
||||
* bzip2recover: Fix use after free issue with outFile
|
||||
(CVE-2016-3189).
|
||||
* Make sure nSelectors is not out of range (CVE-2019-12900).
|
||||
- Drop patches fixed upstream:
|
||||
* bzip2-unsafe_strcpy.patch.
|
||||
* bzip2-1.0.6-CVE-2016-3189.patch.
|
||||
- Refresh patches with quilt.
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Thu Apr 18 10:28:36 UTC 2019 - Kristýna Streitová <kstreitova@suse.com>
|
||||
|
||||
|
15
bzip2.spec
15
bzip2.spec
@ -12,13 +12,13 @@
|
||||
# license that conforms to the Open Source Definition (Version 1.9)
|
||||
# published by the Open Source Initiative.
|
||||
|
||||
# Please submit bugfixes or comments via http://bugs.opensuse.org/
|
||||
# Please submit bugfixes or comments via https://bugs.opensuse.org/
|
||||
#
|
||||
|
||||
|
||||
%define libname libbz2-1
|
||||
Name: bzip2
|
||||
Version: 1.0.6
|
||||
Version: 1.0.7
|
||||
Release: 0
|
||||
Summary: A Program for Compressing Files
|
||||
License: BSD-3-Clause
|
||||
@ -32,12 +32,10 @@ Source100: bzip2-rpmlintrc
|
||||
# PATCH-FEATURE-OPENSUSE bzip2-1.0.6-autoconfiscated.patch sbrabec@suse.cz -- Convert to a standard autoconf based package.
|
||||
Patch0: ftp://ftp.suse.com/pub/people/sbrabec/bzip2/for_downstream/bzip2-1.0.6.2-autoconfiscated.patch
|
||||
Patch1: bzip2-1.0.6-fix-bashisms.patch
|
||||
Patch2: bzip2-unsafe_strcpy.patch
|
||||
Patch3: bzip2-point-to-doc-pkg.patch
|
||||
Patch4: bzip2-ocloexec.patch
|
||||
# PATCH-FIX-UPSTREAM bnc#970260 kstreitova@suse.com -- fix a wrong exit code when grepping multiple archives
|
||||
Patch5: bzip2-1.0.6-bzgrep_return_value.patch
|
||||
Patch6: bzip2-1.0.6-CVE-2016-3189.patch
|
||||
BuildRequires: autoconf >= 2.57
|
||||
BuildRequires: libtool
|
||||
BuildRequires: pkgconfig
|
||||
@ -74,14 +72,7 @@ Requires: glibc-devel
|
||||
The bzip2 runtime library development files.
|
||||
|
||||
%prep
|
||||
%setup -q
|
||||
%patch0
|
||||
%patch1 -p1
|
||||
%patch2
|
||||
%patch3 -p1
|
||||
%patch4
|
||||
%patch5 -p1
|
||||
%patch6 -p1
|
||||
%autosetup -p1
|
||||
|
||||
%build
|
||||
autoreconf -fiv
|
||||
|
Loading…
Reference in New Issue
Block a user