Accepting request 48684 from Archiving

Copy from Archiving/bzip2 based on submit request 48684 from user puzel OBS-URL: https://build.opensuse.org/request/show/48684 OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/bzip2?expand=0&rev=26
2010-09-21 16:00:48 +00:00 · 2010-09-21 16:00:48 +00:00 · f5d22fa499
commit f5d22fa499
parent 6020d97c45 97b5de053d
3 changed files with 28 additions and 2 deletions
--- a/bzip2-CVE-2010-0405.patch
+++ b/bzip2-CVE-2010-0405.patch
@ -0,0 +1,18 @@
+Index: bzip2-1.0.5/decompress.c
+===================================================================
+--- bzip2-1.0.5.orig/decompress.c
+++ bzip2-1.0.5/decompress.c
+@@ -394,6 +394,13 @@ Int32 BZ2_decompress ( DState* s )
+             es = -1;
+             N = 1;
+             do {
+               /* Check that N doesn't get too big, so that es doesn't
+                  go negative.  The maximum value that can be
+                  RUNA/RUNB encoded is equal to the block size (post
+                  the initial RLE), viz, 900k, so bounding N at 2
+                  million should guard against overflow without
+                  rejecting any legitimate inputs. */
+               if (N >= 2*1024*1024) RETURN(BZ_DATA_ERROR);
+                if (nextSym == BZ_RUNA) es = es + (0+1) * N; else
+                if (nextSym == BZ_RUNB) es = es + (1+1) * N;
+                N = N * 2;
--- a/bzip2.changes
+++ b/bzip2.changes
@ -1,3 +1,9 @@
+-------------------------------------------------------------------
+Tue Sep 21 13:54:31 UTC 2010 - puzel@novell.com
+
+- add bzip2-CVE-2010-0405.patch (bnc#636978) 
+- fix copy-paste error in profile_bzip2()
+
 -------------------------------------------------------------------
 Mon Jun 28 06:38:35 UTC 2010 - jengelh@medozas.de

--- a/bzip2.spec
+++ b/bzip2.spec
@ -20,7 +20,7 @@

 Name:           bzip2
 Version:        1.0.5
-Release:        39
+Release:        46
 Provides:       bzip
 Obsoletes:      bzip
 BuildRequires:  pkg-config
@ -45,6 +45,7 @@ Patch:          http://pack.suse.cz/sbrabec/bzip2/for_downstream/bzip2-1.0.5-aut
 Patch2:         bzip2-maxlen20.patch
 Patch3:         bzip2-faster.patch
 Patch5:         bzip2-unsafe_strcpy.patch
+Patch6:         bzip2-CVE-2010-0405.patch
 BuildRoot:      %{_tmppath}/%{name}-%{version}-build

 %description
@ -108,12 +109,13 @@ Authors:
 %patch2
 %patch3
 %patch5
+%patch6 -p1

 %build
 profile_bzip2()
 {
    tmpfile=$(mktemp)
-    trap "rm -f $tmpfile $tmpfile.gz" EXIT
+    trap "rm -f $tmpfile $tmpfile.bz2" EXIT
    tar -cjf $tmpfile.bz2 /usr/src || true
   # time ./bzip2 $tmpfile
    time ./bzip2 -d < $tmpfile.bz2 > /dev/null