rpm/bzip2
SHA256
1
0
Fork 0
forked from pool/bzip2
Code Pull Requests Activity

Accepting request 696999 from Archiving

Browse Source 
OBS-URL: https://build.opensuse.org/request/show/696999
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/bzip2?expand=0&rev=63
This commit is contained in:
Yuchen Lin 2019-04-26 20:41:11 +00:00 committed by Git OBS Bridge
commit e443cef228
3 changed files with 25 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

15
bzip2-1.0.6-CVE-2016-3189.patch Normal file
View File

@ -0,0 +1,15 @@
Author: Jakub Martisko <jamartis@redhat.com>
Date: Wed, 30 Mar 2016 10:22:27 +0200
Description: bzip2recover: Fix potential use-after-free
Origin: https://bugzilla.redhat.com/attachment.cgi?id=1169843&action=edit
--- a/bzip2recover.c
+++ b/bzip2recover.c
@@ -472,6 +472,7 @@ Int32 main ( Int32 argc, Char** argv )
bsPutUChar ( bsWr, 0x50 ); bsPutUChar ( bsWr, 0x90 );
bsPutUInt32 ( bsWr, blockCRC );
bsClose ( bsWr );
+ outFile = NULL;
}
if (wrBlock >= rbCtr) break;
wrBlock++;

7
bzip2.changes
View File

@ -1,3 +1,10 @@
-------------------------------------------------------------------
Thu Apr 18 10:28:36 UTC 2019 - Kristýna Streitová <kstreitova@suse.com>
- add bzip2-1.0.6-CVE-2016-3189.patch to fix a heap use after
free vulnerability that was reported in bzip2recover [bsc#985657]
[CVE-2016-3189]
------------------------------------------------------------------- -------------------------------------------------------------------
Tue Aug 21 11:28:34 UTC 2018 - christophe@krop.fr Tue Aug 21 11:28:34 UTC 2018 - christophe@krop.fr

4
bzip2.spec
View File

@ -1,7 +1,7 @@
# #
# spec file for package bzip2 # spec file for package bzip2
# #
# Copyright (c) 2018 SUSE LINUX GmbH, Nuernberg, Germany. # Copyright (c) 2019 SUSE LINUX GmbH, Nuernberg, Germany.
# #
# All modifications and additions to the file contributed by third parties # All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed # remain the property of their copyright owners, unless otherwise agreed
@ -37,6 +37,7 @@ Patch3: bzip2-point-to-doc-pkg.patch
Patch4: bzip2-ocloexec.patch Patch4: bzip2-ocloexec.patch
# PATCH-FIX-UPSTREAM bnc#970260 kstreitova@suse.com -- fix a wrong exit code when grepping multiple archives # PATCH-FIX-UPSTREAM bnc#970260 kstreitova@suse.com -- fix a wrong exit code when grepping multiple archives
Patch5: bzip2-1.0.6-bzgrep_return_value.patch Patch5: bzip2-1.0.6-bzgrep_return_value.patch
Patch6: bzip2-1.0.6-CVE-2016-3189.patch
BuildRequires: autoconf >= 2.57 BuildRequires: autoconf >= 2.57
BuildRequires: libtool BuildRequires: libtool
BuildRequires: pkgconfig BuildRequires: pkgconfig
@ -80,6 +81,7 @@ The bzip2 runtime library development files.
%patch3 -p1 %patch3 -p1
%patch4 %patch4
%patch5 -p1 %patch5 -p1
%patch6 -p1
%build %build
autoreconf -fiv autoreconf -fiv